GCP Secret Management
Creating secrets
- Go to Google Secret Manager UI.
- Click the button at the top labeled
+ CREATE SECRET
. - Fill in the name of your secret; e.g.
bigquery_credentials
. - Under Secret value, upload your service account credentials JSON file or paste the JSON into the text area labeled Secret value.
- Scroll all the way down and click the button
CREATE SECRET
.
You can mount secrets from Google Secret Manager through Terraform configurations or through the Google Console UI.
Using secrets locally
Download credentials from GCP UI
-
Download the credentials JSON file from GCP.
-
Run Mage and mount the secrets as a volume in Docker. Follow these instructions to learn how to do this.
-
Here are example code snippets to read from that credentials JSON file:
Note
This code example assumes your credentials JSON file downloaded from GCP is named
gcp_credentials.json
and that the mount path (e.g.-v
) you used when running Docker is/home/secrets
.
Download credentials using gcloud
CLI
-
Authenticate locally by running this command in your local terminal:
-
Create a new
.env
file in your Mage project folder with the following values: -
Run Mage using Docker and set the environment variable
GOOGLE_APPLICATION_CREDENTIALS
. Follow these instructions to learn how to do this. For example, set the environment variable to: -
Run Mage and mount the secrets as a volume in Docker. Follow these instructions to learn how to do this. For example:
-
Here is an example code snippet:
Was this page helpful?