This creates the availabelSecrets entry for Builds so they can use Secret Manager environment arguments in the builds.
cr_build_yaml_secrets( secretEnv, secret, version = "latest", projectId = cr_project_get() )
| secretEnv | The name of the secretEnv that will be referred to in the build steps e.g. |
|---|---|
| secret | The secret data name in Secret Manager |
| version | The version of the secret |
| projectId | The project to get the Secret from |
To download from Secret Manager to a file in a dedicated buildstep see cr_buildstep_secret.
https://cloud.google.com/cloud-build/docs/securing-builds/use-secrets
Other Cloud Build functions:
Build(),
RepoSource(),
Source(),
StorageSource(),
cr_build_artifacts(),
cr_build_list(),
cr_build_logs(),
cr_build_make(),
cr_build_status(),
cr_build_upload_gcs(),
cr_build_wait(),
cr_build_write(),
cr_build_yaml_artifact(),
cr_build_yaml(),
cr_build()
cr_build_yaml_secrets("GH_TOKEN", "github_token")#> $versionName #> [1] "projects/my-project/secrets/github_token/versions/latest" #> #> $env #> [1] "GH_TOKEN" #> #> attr(,"class") #> [1] "cr_yaml_secret" "list"s1 <- cr_build_yaml_secrets("USERNAME", "my_username") s2 <- cr_build_yaml_secrets("PASSWORD", "my_password") # use one $ in scripts to use the secretEnv (will be replaced by $$) cr_build_yaml( steps = cr_buildstep( "docker", entrypoint = "bash", args = c( "-c", "docker login --username=$USERNAME --password=$PASSWORD"), secretEnv = c("USERNAME","PASSWORD") ), availableSecrets = list(s1, s2) )#> ==cloudRunnerYaml== #> steps: #> - name: gcr.io/cloud-builders/docker #> entrypoint: bash #> args: #> - -c #> - docker login --username=$USERNAME --password=$PASSWORD #> secretEnv: #> - USERNAME #> - PASSWORD #> availableSecrets: #> secretManager: #> - versionName: projects/my-project/secrets/my_username/versions/latest #> env: USERNAME #> - versionName: projects/my-project/secrets/my_password/versions/latest #> env: PASSWORD