Using secrets with cloud functions

Hello Everybody,

I am looking for the way of configuring Google Cloud Functions to access secrets stored in Google Secret Manager - I am referring to this GCP doc. Unfortunately I do not find any reference to neither the “mount as volume” way nor the “use environmental variable” that you can find in the GCP consolle - check in the bottom part of the picture.

I have noticed, by the way, that there is an analogous for Google Cloud Run - see GCP doc and correspondingly Terraform doc. Since I do not see any volume or env options listed in google_cloudfunctions_function resource doc, I’m wondering whether there is an alternative way of doing it.

Thanks for any help!
Best Regards,

I could not find an analogous way as you linked to, however you can still always reference the secret and use it in the cloudfunction

data "google_secret_manager_secret_version" "my_secret" {
  secret = "my_secret_in_secret_manager"
resource "google_cloudfunctions_function" "function" {
  name              =
  description    = var.description
  runtime          = "nodejs16"
  environment_variables = {
    "SECRET_ENV_VAR" = data.google_secret_manager_secret_version.my_secret.secret_data

  build_environment_variables = {
    "NODE_ENV" = "production"

That is a quick example of what worked for me, note that you will need to ensure the service account has access to the secrets.

UPDATE : there is a rest api within GCP, however upon testing this has not been implemented within terraform as of yet as the validation seems to fail.