GCP Secret Manager
You are connecting to a GCP Secret Manager from your DevBox.
Architecture Diagram
Here, you will connect to a GCP Secret Manager from your DevBox. This can be done using any programming language API, but for the scope of this document, we will use Python.
Existing Key Vault
To connect to an existing Secret Manager, Follow the below steps:
Step 1: Creating a Service Account
To make the connection, you need to set up the IAM service account.
- Go to IAM & Admin > Service Accounts* and click on Create Service Account.
- Enter the Service Account Name and click on Create and Continue.
- Click on Select a role, select
Secret Manager Admin
, and click on Continue. - Select the new service account and go to the Keys tab.
- Click on Add Key > Create a new key and click on Create.
Step 2: Connecting to Secret Manager through Python API
Now, to retrieve the value from the secrets using the API, you need to authenticate the gcloud
CLI and verify the process with the access key we just downloaded by following the below steps:
- Go to DevBox and store the Google Authentication Credentials on the workspace.
- Install Python and PIP:
- Install Secret Manager API:
- Set the GOOGLE_APPLICATION_CREDENTIALS environment variable by using the following command:
- Write a Python script to test the Secret Manager API Connection:
- Run the Python Script:
If the connection is successful, you should see Secret printed in the terminal output.
New GCP Secret Manager
If you need to make a new Secret Manager and access it through DevBox, then follow the below steps:
Step 1: Creating a new Secret Manager
- Go to Security > Secret Manager and click on Create Secret.
- Enter the Name of the secret and then either upload your Secret or enter it within the box provided.
- If you are storing an API Key secret, then it is advisable to check the box for Set rotation period under the Rotation section.
Step 2: Creating a Service Account
To make the connection, you need to set up the IAM service account.
- Go to IAM & Admin > Service Accounts* and click on Create Service Account.
- enter the Service Account Name and click on Create and Continue.
- Click on Select a role, select
Secret Manager Admin
, and click on Continue. - Select the new service account and go to the Keys tab.
- Click on Add Key > Create a new key and click on Create.
Step 3: Connecting to Secret Manager through Python API
Now, to retrieve the value from the secrets using the API, you need to authenticate the gcloud
CLI and verify the process with the access key we just downloaded by the below steps:
- Go to DevBox and store the Google Authentication Credentials in the workspace.
- Install Python and Pip:
- Install Secret Manager package:
- Set the GOOGLE_APPLICATION_CREDENTIALS environment variable by using the following command:
- Write a Python script to test the Secret Manager API Connection:
- Run the Python Script:
If the connection is successful, you should see Secret printed in the terminal output.