Google Secret Manager secrets do not seem to work yet I can find nothing wrong
I have created a bunch of secrets using the documented CLI method like so:
echo "ak_prod_4kj56hv24hkjcg56hj2c34k5j3hbj3k124v5h243c" | gcloud secrets versions add some-api-key --data-file=-
I have set my YAML to read them at start-up, this works because my app code will throw if no value is configured.
spec:
template:
spec:
- image:
env:
- name: Some__ApiKey
valueFrom:
secretKeyRef:
key: "1"
name: some-api-key
But my code doesn't work. It was working on Azure, so this isn't a problem with my code. When I call the API, my key is rejected. A key is configured, my code checks that and besides, Cloud Run fails if it cannot read its secrets.
The problem was due to whitespace at the end of the secret.
Somehow a single whitespace character had been introduced. Looking back over my CLI command history it could be trailing whitespace after the --data-file=-
Perhaps it's the space between the " | in Google's example.
The Google console GUI does not present the secret value in quotes and so it is almost impossible to tell this has happened.
One week just on this problem. One week. The cost of badly designed software/bad sample code.
- Container failed to start. Failed to start and then listen on the port defined by the PORT environment variable
- How to get or generate deploy URL for Google Cloud Run services?
- Google Cloud Build Error: build step 0 "gcr.io/cloud-builders/docker" failed: step exited with non-zero status: 1
- Getting random "User not found in file /etc/passwd" error on Cloud Run Job
- Deploying to Cloud Run with a custom service account failed with iam.serviceaccounts.actAs error
- Deploying a pelican site to Google Cloud Run with Dockerfile not working
- How to deploy Typescript project on Cloud Run
- How to fix CloudRun error 'The request was aborted because there was no available instance'
- Are users sessions on Google Cloud Run apps directed to the same instance?
- Connection broken: IncompleteRead in Google Cloud Run
- Python session on Google Cloud Run automatically logs out
- Cloud run: restrict traffic from firebase hosting?
- Cloud Run deployment failing for FastAPI
- how do I set up cloud run in a shared vpc with direct vpc egress?
- How can I see request count (not rate) for a Google Cloud Run application?
- Load Balancer + Cloud Run + Cloud SQL | Connection reset by peer
- A list of values (multiple values) with gcloud (GCP)
- How to create persistent docker containers on google cloud run instance?
- "gcloud run deploy" vs "gcloud run services update"
- How are Cloud Run URLs generated?
- Where is the Firebase functions container image after deployment
- Does Cloud Run supports HTTP streaming?
- ModuleNotFoundError on Google Cloud Run, not locally
- Create a dashboard graph with data points in logs
- Handling a Cloud Run container shutdown
- Specify startup probe option: gcloud beta run deploy
- How to programmatically get current project id in Google cloud run api
- Cloud Tasks cannot authenticate calls to Cloud Run Jobs
- Error with Django application on Cloud Run using Cloud SQL PostgreSQL DB - cannot connect to database
- Logs on Google App Engine / Google Cloud Run are appearing incorrectly