How do i handle secrets in Google Cloud Functions?

前端 未结 3 2045
没有蜡笔的小新
没有蜡笔的小新 2021-02-13 23:44

What is the common practice here? There seems to be no tools provided by gcloud. I\'m deploying functions from local machine for now, so I can hardcode secrets, but

3条回答
  •  悲哀的现实
    2021-02-14 00:01

    Since making my comment, I've found a relatively simple way to do this - provide a config .json file. Here's an example I hacked together based on their Slack function example:

    config.json file in the same directory as index.js:

    {
      "foo": "bar"
    }
    

    index.js

    const config = require('./config.json');
    
    exports.envTest = (req, res) => {
      res.status(200).send(config.foo);
    };
    

    When you deploy the function and go to the URL, you should get the response bar.

    Pros and cons:

    Pros:

    1. Easy to set up and configure right in your IDE
    2. Config file can be put into .gitignore to ensure your secrets don't end up the repo
    3. File itself can be stored in a secure location and only given to individual responsible for deploying the functions

    Cons:

    1. Clunky in comparison to proper secret management
    2. Requires attention to ensure the file doesn't fall into the wrong hands
    3. File can be read in plaintext in the Google Cloud console by looking at the function source

    On the whole, it's a far cry from a real secrets management system, but it's workable enough to hold me over until this feature eventually makes it into the Cloud Functions core.

提交回复
热议问题