gcp-secret-env
v2.0.2
Published
A simple tool to convert a google secret manager to an environment variable (in .env file)
Downloads
24
Maintainers
Readme
gcp-secret-env
Description
This is a simple cli utility to load secrets from GCP Secret Manager and set them as environment variables (.env file) in your local development environment. You can also use it to load secrets from GCP Secret Manager and set them as environment variables in your CI/CD pipeline.
Usage
First you need google credentials to access the secret manager, with google cloud sdk installed you can run the following command to get the default credentials:
$ gcloud auth application-default login
By default the cli will look for the credentials in the GOOGLE_APPLICATION_CREDENTIALS environment variable, or get them from the default location (usually ~/.config/gcloud/application_default_credentials.json), and get your attention if it can't find them.
If you have multiple credentials for different projects, you can use the "-spc" flag (Set Project Credentials) for set or change the credentials for a specific project.
$ npx gcp-secret-env -spc <name-of-your-project>
or
$ npx gcp-secret-env -spc=<name-of-your-project>
( All the flags with value can be used with or without the "=" sign, and the order of the flags doesn't matter, but the value must be directly after the flag )
For using a specific credentials, you can use the "-upc" flag (Use Project Credentials) followed by name of your project. if specified name doesn't exist, the cli will get your attention.
$ npx gcp-secret-env -upc <name-of-your-project>
Get the latest version
you need you project id and the secret name to get the latest version of the secret (projects//secrets/)
$ npx gcp-secret-env -id <project-id> -name <secret-name>
and with a specific project credentials
$ npx gcp-secret-env -id <project-id> -name <secret-name> -upc <name-of-your-project>
Get a specific version
$ npx gcp-secret-env -id <project-id> -name <secret-name> -version <version>
Create a new version based on your .env file
$ npx gcp-secret-env -id <project-id> -name <secret-name> -save
Disable a secret
you can disable a secret by using the -disable flag followed by the secret version. if entered a negative number, you will decriment the version number by that number, otherwise you will disable the version number entered. Attention: if you want to disable the latest version, but you don't know the version number, you must use the -disable flag fowllowed by "latest".
example:
// this will disable the latest version
$ npx gcp-secret-env -id <project-id> -name <secret-name> -disable latest
// this will disable previous version
$ npx gcp-secret-env -id <project-id> -name <secret-name> -disable -1
// this will disable version 3
$ npx gcp-secret-env -id <project-id> -name <secret-name> -disable 3
Destroy a secret
you can destroy a secret by using the -destroy flag followed by the secret version. works the same as the -disable flag.
example:
// this will destroy the latest version
$ npx gcp-secret-env -id <project-id> -name <secret-name> -destroy latest
// this will destroy previous version
$ npx gcp-secret-env -id <project-id> -name <secret-name> -destroy -1
// this will destroy version 3
$ npx gcp-secret-env -id <project-id> -name <secret-name> -destroy 3
you can use -destroy, -disable and -save flags together.
example:
// this will create a new version based on your .env file, disable the previous version and destroy the version before that.
$ npx gcp-secret-env -id <project-id> -name <secret-name> -save -disable -1 -destroy -2