-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
0f947d0
commit de61ae6
Showing
4 changed files
with
109 additions
and
109 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| docs/actions/gcp-gsm-load-secrets/README.md |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| docs/actions/gcp-gsm-parse-secrets/README.md |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| # gcp-gsm-load-secrets | ||
|
|
||
| This action is set to replace GitHub actions integrated secret management. | ||
|
|
||
| ## Usage | ||
|
|
||
| To load a secret from GSM figure out the following: | ||
|
|
||
| - check if the repository has access to the secret | ||
| - repository is owned by bakdata | ||
| - repository is private | ||
| - even if the labels are correctly set, you will need to run Terraform to set the proper roles | ||
| - use this template: | ||
|
|
||
| ```yaml | ||
| - name: Load secrets | ||
| id: load-secrets | ||
| uses: bakdata/ci-templates/actions/gcp-gsm-load-secrets | ||
| with: | ||
| gke-project-name: <can be found from gcp console> | ||
| gke-project-id: <can be found from gcp console> | ||
| secrets-to-inject: |- | ||
| <secret_name>/<optional version, if not set the latest version is loaded> | ||
| <other_secret>/<optional version, if not set the latest version is loaded> | ||
| ``` | ||
| - it is possible to load multiple secrets in the same call | ||
| - loaded secrets will be injected as environment variables and the name will be cannonicalized to SCREAMING_SNAKE_CASE. Example: `i-like_trains__why_this?` -> `I_LIKE_TRAINS_WHY_THIS` | ||
|
|
||
| ## References | ||
|
|
||
| ### Inputs | ||
|
|
||
| <!-- AUTO-DOC-INPUT:START - Do not remove or modify this section --> | ||
|
|
||
| | INPUT | TYPE | REQUIRED | DEFAULT | DESCRIPTION | | ||
| | -------------------------- | ------ | -------- | -------- | --------------------------------------------- | | ||
| | export-to-environment | string | false | `"true"` | Export secrets to environment | | ||
| | gke-project-name | string | true | | GKE project name for authentication | | ||
| | gke-service-account | string | true | | GKE service account for authentication | | ||
| | secrets-to-inject | string | true | | Secrets to inject into the environment | | ||
| | workload-identity-provider | string | true | | Workload identity provider for authentication | | ||
|
|
||
| <!-- AUTO-DOC-INPUT:END --> | ||
|
|
||
| ### Outputs | ||
|
|
||
| <!-- AUTO-DOC-OUTPUT:START - Do not remove or modify this section --> | ||
|
|
||
| | OUTPUT | TYPE | DESCRIPTION | | ||
| | ------- | ------ | ---------------------------------- | | ||
| | secrets | string | Secrets loaded from Secret Manager | | ||
|
|
||
| <!-- AUTO-DOC-OUTPUT:END --> | ||
|
|
||
| ### Secrets |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| # gcp-gsm-parse-secrets | ||
|
|
||
| Converts a lists of strings of secrets references into screaming snake case. Look at the tests.py for furhter details. | ||
|
|
||
| ### Inputs | ||
|
|
||
| <!-- AUTO-DOC-INPUT:START - Do not remove or modify this section --> | ||
|
|
||
| | INPUT | TYPE | REQUIRED | DEFAULT | DESCRIPTION | | ||
| | ------------ | ------ | -------- | ------- | --------------------------------------------- | | ||
| | project-name | string | true | | GKE project name where the secrets are stored | | ||
| | secrets-list | string | true | | Secrets to inject into the environment | | ||
|
|
||
| <!-- AUTO-DOC-INPUT:END --> | ||
|
|
||
| ### Outputs | ||
|
|
||
| <!-- AUTO-DOC-OUTPUT:START - Do not remove or modify this section --> | ||
|
|
||
| | OUTPUT | TYPE | DESCRIPTION | | ||
| | ------------ | ------ | ------------------------------- | | ||
| | secrets-list | string | secret list with correct format | | ||
|
|
||
| <!-- AUTO-DOC-OUTPUT:END --> | ||
|
|
||
| ### Secrets | ||
|
|
||
| ## References | ||
|
|
||
| ### Inputs | ||
|
|
||
| <!-- AUTO-DOC-INPUT:START - Do not remove or modify this section --> | ||
|
|
||
| | INPUT | TYPE | REQUIRED | DEFAULT | DESCRIPTION | | ||
| | ------------ | ------ | -------- | ------- | --------------------------------------------- | | ||
| | project-name | string | true | | GKE project name where the secrets are stored | | ||
| | secrets-list | string | true | | Secrets to inject into the environment | | ||
|
|
||
| <!-- AUTO-DOC-INPUT:END --> | ||
|
|
||
| ### Outputs | ||
|
|
||
| <!-- AUTO-DOC-OUTPUT:START - Do not remove or modify this section --> | ||
|
|
||
| | OUTPUT | TYPE | DESCRIPTION | | ||
| | ------------ | ------ | ------------------------------- | | ||
| | secrets-list | string | secret list with correct format | | ||
|
|
||
| <!-- AUTO-DOC-OUTPUT:END --> | ||
|
|
||
| ### Secrets |