This creates the availabelSecrets entry for Builds so they can use Secret Manager environment arguments in the builds.
cr_build_yaml_secrets(
secretEnv,
secret,
version = "latest",
projectId = cr_project_get()
)The name of the secretEnv that will be referred to in the build steps e.g. 'GH_TOKEN'
The secret data name in Secret Manager
The version of the secret
The project to get the Secret from
To download from Secret Manager to a file in a dedicated buildstep see cr_buildstep_secret.
Using secrets from Secret Manager
Other Cloud Build functions:
Build(),
RepoSource(),
Source(),
StorageSource(),
cr_build_artifacts(),
cr_build_list(),
cr_build_logs(),
cr_build_make(),
cr_build_status(),
cr_build_targets(),
cr_build_upload_gcs(),
cr_build_wait(),
cr_build_write(),
cr_build_yaml_artifact(),
cr_build_yaml(),
cr_build()
cr_build_yaml_secrets("GH_TOKEN", "github_token")
#> $versionName
#> [1] "projects/my-project/secrets/github_token/versions/latest"
#>
#> $env
#> [1] "GH_TOKEN"
#>
#> attr(,"class")
#> [1] "cr_yaml_secret" "list"
s1 <- cr_build_yaml_secrets("USERNAME", "my_username")
s2 <- cr_build_yaml_secrets("PASSWORD", "my_password")
# use one $ in scripts to use the secretEnv (will be replaced by $$)
cr_build_yaml(
steps = cr_buildstep(
"docker",
entrypoint = "bash",
args = c(
"-c",
"docker login --username=$USERNAME --password=$PASSWORD"
),
secretEnv = c("USERNAME", "PASSWORD")
),
availableSecrets = list(s1, s2)
)
#> ==cloudRunnerYaml==
#> steps:
#> - name: gcr.io/cloud-builders/docker
#> entrypoint: bash
#> args:
#> - -c
#> - docker login --username=$USERNAME --password=$PASSWORD
#> secretEnv:
#> - USERNAME
#> - PASSWORD
#> availableSecrets:
#> secretManager:
#> - versionName: projects/my-project/secrets/my_username/versions/latest
#> env: USERNAME
#> - versionName: projects/my-project/secrets/my_password/versions/latest
#> env: PASSWORD