Google Secret Manager secrets do not seem to work yet I can find nothing wrong

Question

I have created a bunch of secrets using the documented CLI method like so:

echo "ak_prod_4kj56hv24hkjcg56hj2c34k5j3hbj3k124v5h243c" | gcloud secrets versions add some-api-key --data-file=-     

I have set my YAML to read them at start-up, this works because my app code will throw if no value is configured.

  spec:
    template:
      spec:
      - image:
        env:
        - name: Some__ApiKey
          valueFrom:
            secretKeyRef:
              key: "1"
              name: some-api-key

But my code doesn't work. It was working on Azure, so this isn't a problem with my code. When I call the API, my key is rejected. A key is configured, my code checks that and besides, Cloud Run fails if it cannot read its secrets.

Answer 1

It's actually the echo . You need echo -n .

echo -n "ak_prod_4kj56hv24hkjcg56hj2c34k5j3hbj3k124v5h243c" | gcloud secrets versions add some-api-key --data-file=-     

Answer 2

The problem was due to whitespace at the end of the secret.

Somehow a single whitespace character had been introduced. Looking back over my CLI command history it could be trailing whitespace after the --data-file=-

Perhaps it's the space between the " | in Google's example.

The Google console GUI does not present the secret value in quotes and so it is almost impossible to tell this has happened.

One week just on this problem. One week. The cost of badly designed software/bad sample code.