GCP Google Cloud Platform - Cloud Run - .NET 5.0 - Application settings from secrets or transform appsettings.json
Using an Azure App Service I can edit Configuration and read a value from a Key vault and set it to my ConnectionStrings:DefaultConnection from appsettings.json like this:
@Microsoft.KeyVault(VaultName=My-KeyVault;SecretName=Db-Connection)
This works really well and the database connection string and other secrets are kept secure.
I would like to do something similar with GCP Cloud Run.
I followed this guide to get an application up and running and it works:
https://cloud.google.com/blog/topics/developers-practitioners/net-50-google-cloud
Then it gets a bit trickier though. I have been reading up on the Preview — Support for Secret Manager secrets in Cloud Run
https://cloud.google.com/run/docs/configuring/secrets
My initial thought has been to simply replace appsettings.json with a secret file. Is this the best way to go or is there another better alternative?
Yes as of the moment, Secret Manager through Google Cloud Console and client library are the best options for you to manage secrets. You can access Secret Manager secrets and expose them as environment variables or via the filesystem from Cloud Run services.
Make sure that you Configure Secret Manager first before you can create, access and manage secrets.