如何将环境变量添加到 Google App Engine
How to Add Environment Variables to Google App Engine
我已经将我的 Django 项目部署到 Google App Engine,我需要添加环境变量。
文档说将它们添加到 app.yaml 但这似乎是不好的做法,因为 app.yaml 应该在您的 git 存储库中。
有没有什么方法可以像在 Cloud 运行 > Services > Variables & Secrets 中添加环境变量一样向 App Engine 添加环境变量?
Google Secret Manager 可用,因为 spring:
-
Add the Secret Manager Secret Accessor role to the App Engine SA
从 GCP Web UI 或以编程方式创建秘密(代码示例来自官方文档):
def create_secret(project_id, secret_id):
"""
Create a new secret with the given name. A secret is a logical wrapper
around a collection of secret versions. Secret versions hold the actual
secret material.
"""
# Import the Secret Manager client library.
from google.cloud import secretmanager
# Create the Secret Manager client.
client = secretmanager.SecretManagerServiceClient()
# Build the resource name of the parent project.
parent = client.project_path(project_id)
# Create the secret.
response = client.create_secret(parent, secret_id, {
'replication': {
'automatic': {},
},
})
# Print the new secret name.
print('Created secret: {}'.format(response.name))
- 使用应用中的机密而不是环境变量:
def access_secret_version(project_id, secret_id, version_id):
"""
Access the payload for the given secret version if one exists. The version
can be a version number as a string (e.g. "5") or an alias (e.g. "latest").
"""
# Import the Secret Manager client library.
from google.cloud import secretmanager
# Create the Secret Manager client.
client = secretmanager.SecretManagerServiceClient()
# Build the resource name of the secret version.
name = client.secret_version_path(project_id, secret_id, version_id)
# Access the secret version.
response = client.access_secret_version(name)
# Print the secret payload.
#
# WARNING: Do not print the secret in a production environment - this
# snippet is showing how to access the secret material.
payload = response.payload.data.decode('UTF-8')
print('Plaintext: {}'.format(payload))
如果您正在使用持续部署过程,您可以重写(或创建)app.yaml 以包含与 CD 构建系统中的每个部署目标相关的变量。
我们使用 Bitbucket 管道重写了几个文件,作为我们部署到 App Engine 的过程的一部分。变量可以在工作区级别(跨多个存储库)、存储库内定义,也可以为定义的每个部署目标定义。这些变量可以被保护起来,因此它们不可读。
build: &build
- step:
name: Update configuration for deployment
script:
- find . -type f -name "*.yaml" -exec sed -i "s/\[secret-key-placeholder\]/$SECRET_KEY/g" {} +
参考https://support.atlassian.com/bitbucket-cloud/docs/variables-in-pipelines/#Deployment-variables
我已经将我的 Django 项目部署到 Google App Engine,我需要添加环境变量。
文档说将它们添加到 app.yaml 但这似乎是不好的做法,因为 app.yaml 应该在您的 git 存储库中。
有没有什么方法可以像在 Cloud 运行 > Services > Variables & Secrets 中添加环境变量一样向 App Engine 添加环境变量?
Google Secret Manager 可用,因为 spring:
Add the Secret Manager Secret Accessor role to the App Engine SA
从 GCP Web UI 或以编程方式创建秘密(代码示例来自官方文档):
def create_secret(project_id, secret_id):
"""
Create a new secret with the given name. A secret is a logical wrapper
around a collection of secret versions. Secret versions hold the actual
secret material.
"""
# Import the Secret Manager client library.
from google.cloud import secretmanager
# Create the Secret Manager client.
client = secretmanager.SecretManagerServiceClient()
# Build the resource name of the parent project.
parent = client.project_path(project_id)
# Create the secret.
response = client.create_secret(parent, secret_id, {
'replication': {
'automatic': {},
},
})
# Print the new secret name.
print('Created secret: {}'.format(response.name))
- 使用应用中的机密而不是环境变量:
def access_secret_version(project_id, secret_id, version_id):
"""
Access the payload for the given secret version if one exists. The version
can be a version number as a string (e.g. "5") or an alias (e.g. "latest").
"""
# Import the Secret Manager client library.
from google.cloud import secretmanager
# Create the Secret Manager client.
client = secretmanager.SecretManagerServiceClient()
# Build the resource name of the secret version.
name = client.secret_version_path(project_id, secret_id, version_id)
# Access the secret version.
response = client.access_secret_version(name)
# Print the secret payload.
#
# WARNING: Do not print the secret in a production environment - this
# snippet is showing how to access the secret material.
payload = response.payload.data.decode('UTF-8')
print('Plaintext: {}'.format(payload))
如果您正在使用持续部署过程,您可以重写(或创建)app.yaml 以包含与 CD 构建系统中的每个部署目标相关的变量。
我们使用 Bitbucket 管道重写了几个文件,作为我们部署到 App Engine 的过程的一部分。变量可以在工作区级别(跨多个存储库)、存储库内定义,也可以为定义的每个部署目标定义。这些变量可以被保护起来,因此它们不可读。
build: &build
- step:
name: Update configuration for deployment
script:
- find . -type f -name "*.yaml" -exec sed -i "s/\[secret-key-placeholder\]/$SECRET_KEY/g" {} +
参考https://support.atlassian.com/bitbucket-cloud/docs/variables-in-pipelines/#Deployment-variables