在 Google Cloud Build 中使用 Google Cloud Secret 作为环境变量
[英]Using Google Cloud Secret as environment variables in Google Cloud Build
问题描述
I'm deploying my Node apps to Google Cloud Run using Cloud Build and I want to run some tests during the build.
我正在使用 Cloud Build 将我的 Node 应用程序部署到 Google Cloud Run,并且我想在构建过程中运行一些测试。 My tests require some environment variables, so I have been following this guide to achieve this.我的测试需要一些环境变量,所以我一直在遵循本指南来实现这一点。
The guide makes the following note:该指南作出以下说明:
Note: To use the secret in an environment variable, you need to prefix the variable name with an underscore "_" and escape the value using '('. For example: _VARIABLE_NAME=$(cat password.txt) && echo -n \\)_VARIABLE_NAME.
However, I am not quite sure how to implement this.但是,我不太确定如何实现这一点。 I have attempted the following in my cloudbuild.yaml .我在cloudbuild.yaml尝试了以下cloudbuild.yaml 。
- id: Execute tests
name: node
args: ['_VAR_ONE=$(cat var-one.txt)', '_VAR_TWO=$(cat var-two.txt)', 'jest -V']
Which returns the following: Error: Cannot find module '/workspace/_VAR_ONE=$(cat var-one.txt)' .返回以下内容: Error: Cannot find module '/workspace/_VAR_ONE=$(cat var-one.txt)' 。 I also tried a few variations of the escape that the above note mentions, but they result in the same error.我还尝试了上面注释中提到的转义的一些变体,但它们导致了相同的错误。
What's the best way to get the secrets into my code as environment variables?将秘密作为环境变量放入我的代码中的最佳方法是什么? Also, if I need to use multiple environment variables, is it better to use Cloud KMS with an .env file?另外,如果我需要使用多个环境变量,将 Cloud KMS 与.env文件一起使用是否更好?
Thanks!谢谢!
1 个解决方案
解决方案1
2 已采纳 2020-11-08 02:54:55
It looks like you are incorrectly using the entrypoint provided by the node image.看起来您错误地使用了node图像提供的entrypoint node 。 You are effectively running the command:您正在有效地运行命令:
node _VAR_ONE=$(cat var-one.txt) _VAR_TWO=$(cat var-two.txt) jest -V
I want to digress for a moment and say this pattern does not work in Node, you need to specify the environment variables first before calling node , for example VAR_ONE=$(cat foo.txt) VAR_TWO=bar node run test我想跑题一下,说这个模式在 Node 中不起作用,你需要在调用node之前先指定环境变量,例如VAR_ONE=$(cat foo.txt) VAR_TWO=bar node run test
Anyway, I think what you want to run is:无论如何,我认为您要运行的是:
_VAR_ONE=$(cat var-one.txt) _VAR_TWO=$(cat var-two.txt) jest -V
This is how we will do that - Assuming you have a previous step where you write out the contents of the secret into the files var-one.txt and var-two.txt in a previous step - here is how you would use it in the node step, it's just the standard way you use environment variables when running a command from the command line:这就是我们将如何做到这一点 - 假设您在上一步中将机密的内容写入文件var-one.txt和var-two.txt中 - 以下是您将如何使用它node步骤,这只是从命令行运行命令时使用环境变量的标准方式:
- id: Execute tests
name: node
entrypoint: '/bin/bash'
args:
'-c',
'_VAR_ONE=$(cat var-one.txt) _VAR_TWO=$(cat var-two.txt) jest -V'
]
You need to ensure in the node environment you are using the variables as specified (ie. process.env._VAR_ONE or process.env._VAR_TWO ).您需要确保在节点环境中使用指定的变量(即process.env._VAR_ONE或process.env._VAR_TWO )。 I don't think you need to have the _ character prefixed here but I haven't tested it to confirm that.我认为您不需要在此处添加_字符前缀,但我尚未对其进行测试以确认这一点。 You can try the above and it should get you much further I think.你可以试试上面的方法,我认为它应该会让你走得更远。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.