1. Resources
  2. /
  3. Plugins
  4. /
  5. gcp-secret-manager-buildkite-plugin

GCP Secret Manager Buildkite Plugin

GitHub Release Build status

A Buildkite plugin to read secrets from GCP Secret Manager.

This plugin requires either a Google Cloud credentials file or application default credentials to be available on your Buildkite Agent machines.

Other preinstalled requirements:

Example

Add the following to your pipeline.yml:

steps:
  - command: 'echo \$SECRET_VAR'
    plugins:
      - avaly/gcp-secret-manager#v1.4.0:
          credentials_file: /etc/gcloud-credentials.json
          env:
            SECRET_VAR: my-secret-name
            OTHER_SECRET_VAR: my-other-secret-name

Configuration

credentials_file (optional, string)

The file path of a Google Cloud credentials file which is used to access the secrets. If not specified, the application default credential will be searched for and used if available. The account credential must have the Secret Accessor role for the secret being accessed (roles/secretmanager.secretAccessor).

env (object)

An object defining the export variables names and the secret names which will populate the values.

The secret names can be expressed:

  • using only the secret name: {secret-name}
  • using a fully qualified name: projects/{project-id-or-number}/secrets/{secret-name}/versions/{version} (if the /versions/{version} is not included, the latest version will be used)

Developing

To run the tests:

docker-compose run --rm shellcheck
docker-compose run --rm tests

Contributing

  1. Fork the repo
  2. Make the changes
  3. Run the tests
  4. Commit and push your changes
  5. Send a pull request

The plugins listed on this webpage are provided for informational purposes only. They have not undergone any formal security review or assessment. While we strive to provide useful resources, we cannot guarantee the safety, reliability, or integrity of these plugins. Users are strongly advised to conduct their own security evaluations before downloading, installing, or using any plugin. By using these plugins, you acknowledge and accept any risks associated with their use. We disclaim any liability for any harm or damages arising from the use of the plugins listed.

Start turning complexity into an advantage

Create an account to get started with a 30-day free trial. No credit card required.

Buildkite Pipelines

Platform

  1. Pipelines
  2. Pipeline templates
  3. Public pipelines
  4. Test Engine
  5. Package Registries
  6. Mobile Delivery Cloud
  7. Pricing

Hosting options

  1. Self-hosted agents
  2. Mac hosted agents
  3. Linux hosted agents

Resources

  1. Docs
  2. Blog
  3. Changelog
  4. Webinars
  5. Plugins
  6. Case studies
  7. Events
  8. Migration Services
  9. Comparisons

Company

  1. About
  2. Careers
  3. Press
  4. Brand assets
  5. Contact

Solutions

  1. Replace Jenkins
  2. Workflows for AI/ML
  3. Testing at scale
  4. Monorepo mojo
  5. Bazel orchestration

Legal

  1. Terms of Service
  2. Acceptable Use Policy
  3. Privacy Policy
  4. Subprocessors
  5. Service Level Agreement

Support

  1. System status
  2. Forum
© Buildkite Pty Ltd 2025