GCP SecretManager utility
This utility can be used to quickly access secret data from GCP SecretManager ("sema").
It can output Secrets in environment/property-file format or Kubernetes format.
The utility is build in Golang, but can be downloaded as binary from this repo
so you don't to have Golang installed.
Usage:
# Add new secrets
echo secure | sema add my-project APP2_CLIENT_ID
echo secure | sema add my-project APP2_CLIENT_SECRET
# Render
sema render my-project --format=env \
--from-sema-literal=CLIENT_ID=APP1_CLIENT_ID \
--from-sema-literal=CLIENT_SECRET=APP1_CLIENT_SECRET
# output:
CLIENT_ID=...
CLIENT_SECRET=...
# Render options (advanced):
sema render \
# format:
--format=yaml \
# multiple ways to specify a secret source:
--secrets [handler]=[key]=[source] \
# literals just like kubectl create secret --from-literal=myfile.txt=foo-bar
--secrets literal=myfile.txt=foo-bar \
# plain files just like kubectl create secret --from-file=myfile.txt=./myfile.txt
--secrets file=myfile.txt=./myfile.txt \
# extract according to schema into a single property 'config-env.json'
--secrets sema-schema-to-file=config-env.json=config-schema.json \
# extract according to schema into environment variable literals
--secrets sema-schema-to-literals=config-schema.json \
# extract key value from SeMa into literals
--secrets sema-literal=MY_APP_SECRET=MY_APP_SECRET_NEW \
my-project
$ sema add [project] [secret_name] \
# optionally add zero or more labels
--label key:value --label foo:bar
config-schema.json
You may wonder what config-schema.json
is. We have a convention to store a
JSON structure with all configuration options of our application in the
repository. We use the Mozilla convict format.
Running a migration:
See WORKFLOW.md
Developing & debugging
Use this for a quick test:
$ make build-local && ./bin/sema render dummy --secrets literal=test.txt=value --secrets literal=foo.txt=bar