Skip to content

A Buidkite plugin to read secrets from GCP Secret Manager into environment variables

License

Notifications You must be signed in to change notification settings

avaly/gcp-secret-manager-buildkite-plugin

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

GCP Secret Manager Buildkite Plugin

GitHub Release Build status

A Buildkite plugin to read secrets from GCP Secret Manager.

This plugin requires either a Google Cloud credentials file or application default credentials to be available on your Buildkite Agent machines.

Other preinstalled requirements:

Example

Add the following to your pipeline.yml:

steps:
  - command: 'echo \$SECRET_VAR'
    plugins:
      - avaly/gcp-secret-manager#v1.2.0:
          credentials_file: /etc/gcloud-credentials.json
          env:
            SECRET_VAR: my-secret-name
            OTHER_SECRET_VAR: my-other-secret-name

Configuration

credentials_file (optional, string)

The file path of a Google Cloud credentials file which is used to access the secrets. If not specified, the application default credential will be searched for and used if available. The account credential must have the Secret Accessor role for the secret being accessed (roles/secretmanager.secretAccessor).

env (object)

An object defining the export variables names and the secret names which will populate the values.

Developing

To run the tests:

docker-compose run --rm shellcheck
docker-compose run --rm tests

Contributing

  1. Fork the repo
  2. Make the changes
  3. Run the tests
  4. Commit and push your changes
  5. Send a pull request