GCP Secret Manager Buildkite Plugin
A Buildkite plugin to read secrets from GCP Secret Manager.
This plugin requires either a Google Cloud credentials file or application default credentials to be available on your Buildkite Agent machines.
Other preinstalled requirements:
Example
Add the following to your pipeline.yml
:
steps:
- command: 'echo \$SECRET_VAR'
plugins:
- avaly/gcp-secret-manager#v1.4.0:
credentials_file: /etc/gcloud-credentials.json
env:
SECRET_VAR: my-secret-name
OTHER_SECRET_VAR: my-other-secret-name
Configuration
credentials_file
(optional, string)
The file path of a Google Cloud credentials file which is used to access the secrets. If not specified, the
application default credential will be searched for and used if available. The account credential must have the
Secret Accessor role for the secret being accessed (roles/secretmanager.secretAccessor
).
env
(object)
An object defining the export variables names and the secret names which will populate the values.
The secret names can be expressed:
- using only the secret name:
{secret-name}
- using a fully qualified name:
projects/{project-id-or-number}/secrets/{secret-name}/versions/{version}
(if the/versions/{version}
is not included, thelatest
version will be used)
Developing
To run the tests:
docker-compose run --rm shellcheck
docker-compose run --rm tests
Contributing
- Fork the repo
- Make the changes
- Run the tests
- Commit and push your changes
- Send a pull request