Hello Everybody,
I am looking for the way of configuring Google Cloud Functions to access secrets stored in Google Secret Manager - I am referring to this GCP doc. Unfortunately I do not find any reference to neither the “mount as volume” way nor the “use environmental variable” that you can find in the GCP consolle - check in the bottom part of the picture.
I have noticed, by the way, that there is an analogous for Google Cloud Run - see GCP doc and correspondingly Terraform doc. Since I do not see any volume or env options listed in google_cloudfunctions_function resource doc, I’m wondering whether there is an alternative way of doing it.
Thanks for any help!
Best Regards,
Gabriele
I could not find an analogous way as you linked to, however you can still always reference the secret and use it in the cloudfunction
data "google_secret_manager_secret_version" "my_secret" {
secret = "my_secret_in_secret_manager"
}
resource "google_cloudfunctions_function" "function" {
name = var.name
description = var.description
runtime = "nodejs16"
environment_variables = {
"SECRET_ENV_VAR" = data.google_secret_manager_secret_version.my_secret.secret_data
}
build_environment_variables = {
"NODE_ENV" = "production"
}
}
That is a quick example of what worked for me, note that you will need to ensure the service account has access to the secrets.
UPDATE : there is a rest api within GCP, however upon testing this has not been implemented within terraform as of yet as the validation seems to fail.
