I am trying to deploy a python script via Dockerfile on Google Cloud Run. The script takes Service account key as one of the variable. What is the best practice to mount the service key as environment variable in order to deploy on Google Cloud Run. To deploy the same thing on Google Kubernetes engine I tried using Configmap to store the key and called it while deploying. Is there any such provisions for Google Cloud Run?
0
votes
You should use the service account assigned to the Cloud Run service and not try to pass a service account JSON key file data as an environment variable. If you really want to pass service accounts around, use Google Cloud Secret Manager to store the service account material. cloud.google.com/solutions/secrets-management
– John Hanley
Agree with @JohnHanley. If you are on google Cloud environment, avoid to use secret key file. It's hard to keep them secret, you have to rotate them regularly,... Use default credential when you instantiate Google libraries.
– guillaume blaquiere
1 Answers
1
votes
As it was already advised by John Hanley and Guillaume Blaquiere, it's not a good practice to pass a key file as an environment variable. Nevertheless, in response to your question I will explain how to use the environment variables in Cloud Run.
Defining environment variables for a Cloud Run service
You can specify the environment variables for your Cloud Run service upon its creation in the Cloud Console or you can set them for an existing service using specific flags in the Command line.
Alternatively, the environment variables can be set in the container using the ENV statement.
Using environment variables in Cloud Run
In order to retrieve the values of the environment variables in Python, you can use the os.environ parameter of the OS module:
import os
os.environ['<name-of-the-env-variable>']
Example
If you set an environment variable called ‘testENV’ in your Dockerfile:
ENV testENV="my variable"
you will be able to retrieve it like this:
import os
sample = os.environ['testENV']
