Sha256: 018d9dc94ef987a1a9ec48e98ec8a9424d42cc9dc46c247602cd5f6465c3e946
Contents?: true
Size: 1.54 KB
Versions: 1
Compression:
Stored size: 1.54 KB
Contents
---
title: Google Secrets
nav_text: Secrets
categories: helpers-google
---
The `google_secret` helper fetches secret data from Google Secrets.
## Example
.kubes/resources/shared/secret.yaml
```yaml
apiVersion: v1
kind: Secret
metadata:
name: demo
labels:
app: demo
data:
PASS: <%= google_secret("demo-#{Kubes.env}-PASS") %>
USER: <%= google_secret("demo-#{Kubes.env}-USER") %>
```
The values are automatically base64 encoded.
For example if you have these secret values:
$ gcloud secrets versions access latest --secret demo-dev-USER
test1
$ gcloud secrets versions access latest --secret demo-dev-PASS
test2
$
.kubes/output/shared/secret.yaml
```yaml
metadata:
namespace: demo
name: demo-2a78a13682
labels:
app: demo
apiVersion: v1
kind: Secret
data:
PASS: dGVzdDEK
USER: dGVzdDIK
```
## Variables
These environment variables can be set:
Name | Description
---|---
GOOGLE_PROJECT | Google project id. This is required.
## Base64 Option
By default, the values are automatically base64 encoded. You can change the default behavior with a config option.
.kubes/config.rb
```ruby
KubesGoogle.configure do |config|
config.base64_secrets = true
end
```
Note: The use of `KubesGoogle.configure` instead of `Kubes.configure` here.
You can also set the `base64` option to turn on and off the automated base64 encoding on a per secret basis.
```ruby
google_secret("demo-#{Kubes.env}-USER", base64: true) # default is base64=true
google_secret("demo-#{Kubes.env}-PASS", base64: false)
```
{% include helpers/base64.md %}
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| kubes-0.6.4 | docs/_docs/helpers/google/secrets.md |