Hi,I saw the batch documentation, by setting secretVariables you can get the value on secret manage and map it to the environment variable,
1. So the key is the name of the environment variable, and the value is the name of the secret manage?
2. Should the name of secret manage be filled in projects/647012610224/secrets/secrets_name or secrets_name?
3. If there are multiple versions of Secrets, how are they mapped? Map only the latest version or all?
4. Should the document be written in more detail?
Solved! Go to Solution.
Below is an example of how Secret Manager to pass variables to Batch jobs. In this example, the key is called SECRET_MESSAGE and the value is the path to the project and version of the secret "projects/PROJECT_ID/secrets/SECRET_NAME/versions/VERSION". Documentation updates are underway to capture this.
{
"taskGroups": [
{
"taskSpec": {
"runnables": [
{
"script": {
"text": "echo $GREETING The secret message is: $SECRET_MESSAGE"
}
}
],
"environment": {
"variables": {
"GREETING": "Welcome!"
},
"secret_variables": {
"SECRET_MESSAGE": "projects/cottontail-dev/secrets/secret_message/versions/1"
}
}
}
}
],
"logs_policy": {
"destination": "CLOUD_LOGGING"
}
}
In addition, if the secret is a username or password for a container. Details can be found here on how to leverage the credentials from Secret Manager https://cloud.google.com/batch/docs/reference/rest/v1/projects.locations.jobs#container
Below is an example of how Secret Manager to pass variables to Batch jobs. In this example, the key is called SECRET_MESSAGE and the value is the path to the project and version of the secret "projects/PROJECT_ID/secrets/SECRET_NAME/versions/VERSION". Documentation updates are underway to capture this.
{
"taskGroups": [
{
"taskSpec": {
"runnables": [
{
"script": {
"text": "echo $GREETING The secret message is: $SECRET_MESSAGE"
}
}
],
"environment": {
"variables": {
"GREETING": "Welcome!"
},
"secret_variables": {
"SECRET_MESSAGE": "projects/cottontail-dev/secrets/secret_message/versions/1"
}
}
}
}
],
"logs_policy": {
"destination": "CLOUD_LOGGING"
}
}
In addition, if the secret is a username or password for a container. Details can be found here on how to leverage the credentials from Secret Manager https://cloud.google.com/batch/docs/reference/rest/v1/projects.locations.jobs#container
Public documentation on using Secret Manager with Batch is now published: https://cloud.google.com/batch/docs/create-run-job-secret-manager
How to view these env vars in the GCP console?
How to access these env vars of a batch job?
User | Count |
---|---|
8 | |
2 | |
1 | |
1 | |
1 |