Using an Azure App Service
I can edit Configuration
and read a value from a Key vault
and set it to my ConnectionStrings:DefaultConnection
from appsettings.json
like this:
@Microsoft.KeyVault(VaultName=My-KeyVault;SecretName=Db-Connection)
This works really well and the database connection string and other secrets are kept secure.
I would like to do something similar with GCP Cloud Run
.
I followed this guide to get an application up and running and it works:
https://cloud.google.com/blog/topics/developers-practitioners/net-50-google-cloud
Then it gets a bit trickier though. I have been reading up on the Preview — Support for Secret Manager secrets in Cloud Run
https://cloud.google.com/run/docs/configuring/secrets
My initial thought has been to simply replace appsettings.json
with a secret file. Is this the best way to go or is there another better alternative?
Yes as of the moment, Secret Manager
through Google Cloud Console and client library are the best options for you to manage secrets. You can access Secret Manager secrets and expose them as environment variables or via the filesystem from Cloud Run services.
Make sure that you Configure Secret Manager first before you can create, access and manage secrets.