Create a build step to decrypt files using CryptoKey from Cloud Key Management Service. Usually you will prefer to use cr_buildstep_secret

cr_buildstep_decrypt(cipher, plain, keyring, key, location = "global", ...)

Arguments

cipher

The file that has been encrypted

plain

The file location to decrypt to

keyring

The KMS keyring to use

key

The KMS key to use

location

The KMS location

...

Further arguments passed in to cr_buildstep

Details

Key Management Store can encrypt secret files for use within your later buildsteps.

Setup

You will need to set up the encrypted key using gcloud following the link from Google

Examples

cr_project_set("my-project")
#>  2022-03-26 19:55:48 > ProjectId set to my-project
#> [1] "my-project"
cr_bucket_set("my-bucket")
#>  2022-03-26 19:55:48 > Bucket set to my-bucket
#> [1] "my-bucket"
cr_buildstep_decrypt("secret.json.enc",
  plain = "secret.json",
  keyring = "my_keyring",
  key = "my_key"
)
#> [[1]]
#> ==cloudRunnerBuildStep==
#> name: gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
#> args:
#> - gcloud
#> - kms
#> - decrypt
#> - --ciphertext-file
#> - secret.json.enc
#> - --plaintext-file
#> - secret.json
#> - --location
#> - global
#> - --keyring
#> - my_keyring
#> - --key
#> - my_key
#>