I have variables in my gitlab CI that I want to pass to GCP secret manager through my CI/CD piepeline.
I found this command that allows me to create a single secret :
gcloud secrets create secret-id --data-file="/path/to/file.txt"
But when it comes to multiple variables it becomes very complicated.
Is there a way to create multiple secrets in the same time through gcloud command ?
Solution 1 :
You can add a custom shell script to do that.
For example, for your your GCP Secret env vars, you can add a naming convention and the same prefix :
# Your Gitlab env vars
export GCP_SECRET_ENV_NAME=secret_name
export GCP_SECRET_ENV_VALUE=secret_value
Then you can add this kind of script and add a foreach on all your secret variables :
#!/usr/bin/env bash
set -e
set -o pipefail
set -u
# Simulate your Gitlab secrets
export GCP_SECRET_ENV_NAME=secret_name
export GCP_SECRET_ENV_VALUE=secret_value
for var_name in "${!GCP_SECRET@}"; do
echo "##### var name"
echo $var_name
echo "##### var value"
echo "${!var_name}"
gcloud secrets create $var_name --data-file="${!var_name}"
done
GCP_SECRETgcloud command on each secret varSolution 2 :
You can also think about File type variable in Gitlab : https://docs.gitlab.com/ee/ci/variables/#cicd-variable-types
From the documentation :
Use File type CI/CD variables for tools that need a file as input.
File type variables:
Consist of a key, value and file.
Are made available in jobs as environment variables, with
The CI/CD variable key as the environment variable name.
The CI/CD variable value saved to a temporary file.
The path to the temporary file as the environment variable value.
Solution 3 :
Secret manager with an infra as code tool like TerraformSecret managerThis solution is less automatic for secret versions but more secure, because we don't set secrets and sensitive values in Gitlab, Terraform tfstate or other places.