gomplate icon indicating copy to clipboard operation
gomplate copied to clipboard

Published 20 hours ago verified publisher icon hairyhenderson

Support for GCP secret manager

Open jbialy opened this issue 5 years ago • 3 comments

Gomplate supports reading from the AWS parameter store using theaws+smp datasource. It would be great to also support the GCP secret manager, https://cloud.google.com/secret-manager/docs/managing-secrets.

jbialy avatar Feb 24 '20 18:02 jbialy

I had to implement a version of this that only fetches the latest version of a secret. I don't have time to pick this up, but I'll leave this here in case it helps anyone.

package secret

import (
	"context"
	"fmt"

	secretmanager "cloud.google.com/go/secretmanager/apiv1"
	secretmanagerpb "google.golang.org/genproto/googleapis/cloud/secretmanager/v1"
)

// Get ...
func Get(ctx context.Context, projectID, secretName string) ([]byte, error) {

	// Create the client.
	client, err := secretmanager.NewClient(ctx)
	if err != nil {
		return nil, err
	}

	vreq := secretmanagerpb.GetSecretVersionRequest{
		Name: fmt.Sprintf("projects/%s/secrets/%s/versions/latest", projectID, secretName),
	}
	v, err := client.GetSecretVersion(ctx, &vreq)
	if err != nil {
		return nil, err
	}

	req := secretmanagerpb.AccessSecretVersionRequest{
		Name: v.Name,
	}

	s, err := client.AccessSecretVersion(ctx, &req)
	if err != nil {
		return nil, err
	}

	return s.Payload.Data, nil
}

I think you have to get version metadata first. versions/latest is an alias to the latest version. With that fully-qualified name you can use AccessSecretVersion get the secret's contents as bytes.

dontlaugh avatar Apr 18 '20 00:04 dontlaugh

Thanks @dontlaugh, that looks super helpful! 😁

hairyhenderson avatar Apr 18 '20 16:04 hairyhenderson

@dontlaugh thank you for the snippet! Waiting for Secret Manager to be added in the upcoming releases:)

vtatarin avatar Jul 20 '20 13:07 vtatarin

I'm going to take a crack at adding this, if that's OK

sthomson-wyn avatar Feb 15 '23 16:02 sthomson-wyn

This issue is stale because it has been open for 60 days with no activity. Remove stale label or comment or this will be automatically closed in a few days.

github-actions[bot] avatar Apr 17 '23 04:04 github-actions[bot]

Relevant: https://github.com/hairyhenderson/gomplate/pull/1633#issuecomment-1432704047 - in short, I think GCP secret manager support should be added to https://github.com/hairyhenderson/go-fsimpl instead

hairyhenderson avatar Apr 19 '23 12:04 hairyhenderson

This issue is stale because it has been open for 60 days with no activity. If it is no longer relevant or necessary, please close it. Given no action, it will be closed in 14 days.

If it's still relevant, one of the following will remove the stale marking:

  • A maintainer can add this issue to a milestone to indicate that it's been accepted and will be worked on
  • A maintainer can remove the stale label
  • Anyone can post an update or other comment

github-actions[bot] avatar Jun 26 '23 04:06 github-actions[bot]

I've filed https://github.com/hairyhenderson/go-fsimpl/issues/364, and when that's implemented (contributions accepted!) support will be available in gomplate. As no further action is necessary in gomplate, I'll close this issue.

hairyhenderson avatar Jun 26 '23 12:06 hairyhenderson