Functionality
This variable resolver can retrieve secrets from Google Secret Manager.
Here are the options to use:
-
Project ID: The project ID to reference.
-
Location ID: The location ID (Optional)
The variable expression you can resolve with this plugin type is (as always) in the following format:
#{name:secret-id:value-key}
-
name: the name of the variable resolver metadata element to use
-
path-key: the ID of the secret to retrieve.
-
value-key: the key of the value to retrieve in case the value is JSON.
In case we don’t specify a value-key, you will give back the complete string of the secret.
Example
Suppose we have a secret defined in JSON format in Secret Manager:
image:metadata-types/variable-resolver/gcp-secret-manager-server.png
We can define a connection called google-secret and retrieve values with expressions:
-
#{google-secret:json-secret:hostname}: localhost -
#{google-secret:json-secret:username}: john -
#{google-secret:json-secret}:{"db":"test","hostname":"localhost","password":"some-password","port":"3306","username":"john"}