I have a few Google Functions with some private NPM packages, that I need to install during the build phase.
Credentials to NPM registries are set via .npmrc file. Token is expected to be ENV variable, as someUrlToRegistry:/_authToken=${NPM_REGISTRY_TOKEN}
I have this token saved in Secret Manager.
How can I pass this secret as a build environment variable?
I am able to do so as runtime variable, no problem there, but build does not see this secret and registry returns unauthorized response.
As per official document you can add a secretEnv field specifying the environment variable in a build.
Add an availableSecrets field to specify the secret version and environment variables to use for your secret. You can include substitution variables in the value of the secretVersion field. You can specify more than one secret in a build.
Example from doc:
steps:
- name: 'gcr.io/cloud-builders/docker'
entrypoint: 'bash'
args: ['-c', 'docker login --username=$$USERNAME --password=$$PASSWORD']
secretEnv: ['PASSWORD']
availableSecrets:
secretManager:
- versionName: projects/PROJECT_ID/secrets/DOCKER_PASSWORD_SECRET_NAME/versions/DOCKER_PASSWORD_SECRET_VERSIO
env: 'PASSWORD'
Attaching a similar blog and stack link for your reference.