class GoogleSslCert::Secret
Public Instance Methods
create_secret(name, value)
click to toggle source
# File lib/google_ssl_cert/secret.rb, line 26 def create_secret(name, value) secret = get_secret(name) return if secret secret_manager_service.create_secret( parent: parent, secret_id: name, secret: { replication: { automatic: {} } } ) end
get(name)
click to toggle source
CLI
commands:
gcloud secrets list gcloud secrets versions access latest --secret testsecret
Secret
access version API docs
https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets.versions/access https://cloud.google.com/secret-manager/docs/reference/rest/v1/SecretPayload
# File lib/google_ssl_cert/secret.rb, line 58 def get(name) version = @options[:version] || "latest" url_path = "#{parent}/secrets/#{name}/versions/#{version}" version = secret_manager_service.access_secret_version(name: url_path) version.payload.data rescue Google::Cloud::NotFoundError => e logger.error "WARN: secret #{name.color(:yellow)} not found" logger.error e.message "NOT FOUND #{name}" # simple string so Kubernetes YAML is valid end
get_secret(name)
click to toggle source
# File lib/google_ssl_cert/secret.rb, line 40 def get_secret(name) url_path = "#{parent}/secrets/#{name}" secret_manager_service.get_secret(name: url_path) rescue Google::Cloud::NotFoundError nil rescue Google::Cloud::InvalidArgumentError => e logger.fatal("ERROR: #{e.class}: #{e.message}\n") logger.fatal("Expected format: [[a-zA-Z_0-9]+]") exit 1 end
save(name, value)
click to toggle source
CLI
commands:
gcloud secrets create testsecret gcloud secrets versions add testsecret --data-file="/tmp/testsecret.txt"
Secret
create API docs
https://cloud.google.com/secret-manager/docs/creating-and-accessing-secrets#secretmanager-create-secret-ruby https://github.com/googleapis/google-cloud-ruby/blob/af60d07b8f134ebc35bee795d127be614abea353/google-cloud-secret_manager-v1/lib/google/cloud/secret_manager/v1/secret_manager_service/client.rb#L307 https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets/create
Secret
Versions add API docs
https://github.com/googleapis/google-cloud-ruby/blob/af60d07b8f134ebc35bee795d127be614abea353/google-cloud-secret_manager-v1/lib/google/cloud/secret_manager/v1/secret_manager_service/client.rb#L379 https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets/addVersion https://cloud.google.com/secret-manager/docs/reference/rest/v1/SecretPayload
# File lib/google_ssl_cert/secret.rb, line 17 def save(name, value) create_secret(name, value) url_path = "#{parent}/secrets/#{name}" secret_manager_service.add_secret_version(parent: url_path, payload: {data: value}) logger.info "Secret saved: name: #{name} value: #{value}" rescue Google::Cloud::AlreadyExistsError => e logger.error("#{e.class}: #{e.message}") end