Using Google Cloud Secret as environment variables in Google Cloud Build

1
votes

I'm deploying my Node apps to Google Cloud Run using Cloud Build and I want to run some tests during the build. My tests require some environment variables, so I have been following this guide to achieve this.

The guide makes the following note:

Note: To use the secret in an environment variable, you need to prefix the variable name with an underscore "_" and escape the value using '('. For example: _VARIABLE_NAME=$(cat password.txt) && echo -n \)_VARIABLE_NAME.

However, I am not quite sure how to implement this. I have attempted the following in my cloudbuild.yaml.

  - id: Execute tests
    name: node
    args: ['_VAR_ONE=$(cat var-one.txt)', '_VAR_TWO=$(cat var-two.txt)', 'jest -V']

Which returns the following: Error: Cannot find module '/workspace/_VAR_ONE=$(cat var-one.txt)'. I also tried a few variations of the escape that the above note mentions, but they result in the same error.

What's the best way to get the secrets into my code as environment variables? Also, if I need to use multiple environment variables, is it better to use Cloud KMS with an .env file?

Thanks!

1
google-cloud-platformcontinuous-integrationgoogle-cloud-build
Hello. I think by your description, you may find some good information here (stackoverflow.com/questions/52840187/…).MrTech

1 Answers

2
votes

It looks like you are incorrectly using the entrypoint provided by the node image. You are effectively running the command:

node _VAR_ONE=$(cat var-one.txt) _VAR_TWO=$(cat var-two.txt) jest -V

I want to digress for a moment and say this pattern does not work in Node, you need to specify the environment variables first before calling node, for example VAR_ONE=$(cat foo.txt) VAR_TWO=bar node run test

Anyway, I think what you want to run is:

_VAR_ONE=$(cat var-one.txt) _VAR_TWO=$(cat var-two.txt) jest -V

This is how we will do that - Assuming you have a previous step where you write out the contents of the secret into the files var-one.txt and var-two.txt in a previous step - here is how you would use it in the node step, it's just the standard way you use environment variables when running a command from the command line:

- id: Execute tests
  name: node
  entrypoint: '/bin/bash'
  args:
     '-c', 
     '_VAR_ONE=$(cat var-one.txt) _VAR_TWO=$(cat var-two.txt) jest -V'
  ]

You need to ensure in the node environment you are using the variables as specified (ie. process.env._VAR_ONE or process.env._VAR_TWO). I don't think you need to have the _ character prefixed here but I haven't tested it to confirm that. You can try the above and it should get you much further I think.