This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Batch - How to get secret manage

Posted on 06-21-2023 02:53 AM
JonYu
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi,I saw the batch documentation, by setting secretVariables you can get the value on secret manage and map it to the environment variable,
1. So the key is the name of the environment variable, and the value is the name of the secret manage?
2. Should the name of secret manage be filled in projects/647012610224/secrets/secrets_name or secrets_name?
3. If there are multiple versions of Secrets, how are they mapped? Map only the latest version or all?
4. Should the document be written in more detail?

JonYu_0-1687341217819.png

 

Solved Solved
1 3 1,294
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
Shamel
Staff
Reply posted on --/--/---- --:-- AM

Below is an example of how Secret Manager to pass variables to Batch jobs. In this example, the key is called SECRET_MESSAGE and the value is the path to the project and version of the secret "projects/PROJECT_ID/secrets/SECRET_NAME/versions/VERSION". Documentation updates are underway to capture this.

{
  "taskGroups": [
    {
      "taskSpec": {
        "runnables": [
          {
            "script": {
              "text": "echo $GREETING The secret message is: $SECRET_MESSAGE"
            }
          }
        ],
        "environment": {
          "variables": {
            "GREETING": "Welcome!"
          },
          "secret_variables": {
            "SECRET_MESSAGE": "projects/cottontail-dev/secrets/secret_message/versions/1"
          }
        }
      }
    }
  ],
  "logs_policy": {
    "destination": "CLOUD_LOGGING"
  }
}

In addition, if the secret is a username or password for a container. Details can be found here on how to leverage the credentials from Secret Manager https://cloud.google.com/batch/docs/reference/rest/v1/projects.locations.jobs#container

 

View solution in original post

Jump to Solution
3 REPLIES 3

Posted on --/--/---- --:-- AM
Shamel
Staff
Reply posted on --/--/---- --:-- AM

Below is an example of how Secret Manager to pass variables to Batch jobs. In this example, the key is called SECRET_MESSAGE and the value is the path to the project and version of the secret "projects/PROJECT_ID/secrets/SECRET_NAME/versions/VERSION". Documentation updates are underway to capture this.

{
  "taskGroups": [
    {
      "taskSpec": {
        "runnables": [
          {
            "script": {
              "text": "echo $GREETING The secret message is: $SECRET_MESSAGE"
            }
          }
        ],
        "environment": {
          "variables": {
            "GREETING": "Welcome!"
          },
          "secret_variables": {
            "SECRET_MESSAGE": "projects/cottontail-dev/secrets/secret_message/versions/1"
          }
        }
      }
    }
  ],
  "logs_policy": {
    "destination": "CLOUD_LOGGING"
  }
}

In addition, if the secret is a username or password for a container. Details can be found here on how to leverage the credentials from Secret Manager https://cloud.google.com/batch/docs/reference/rest/v1/projects.locations.jobs#container

 

Jump to Solution

Posted on --/--/---- --:-- AM
Shamel
Staff
Reply posted on --/--/---- --:-- AM

Public documentation on using Secret Manager with Batch is now published: https://cloud.google.com/batch/docs/create-run-job-secret-manager

Jump to Solution

Posted on --/--/---- --:-- AM
rsy
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

How to view these env vars in the GCP console?

How to access these env vars of a batch job?

Jump to Solution