0

I’m trying to deploy a Laravel application on GAE. As mentioned in the docs, the environment variables are supposed to be added on app.yaml file. But as the source code is in GitHub and few people are collaborating on the project, it’s not definitely a good practice to put the database password and other app secrets in the app.yaml file. Also I'm not interested in deploying the app from my machine. How should I provide those informations to the app as .env file isn’t supported, or not possible to put there with any other means. Also, I would use push to deploy feature to deploy the code in GAE from GitHub. So how should I go about this?

Tareq
  • 103
  • 4

2 Answers2

1

To answer your question about app secrets, you could use Cloud Datastore. If you're not already using Datastore, you can set up a new Kind (like a schema) by visiting the console and doing the following:

  • Go to the Datastore page
  • Make a database in Datastore Mode
  • Go the Entities page
  • Create an entity. Choose a location if required.
  • Type an arbitrary name like Sekrit for the Kind
  • Make the key identifier be a custom name
  • For this first one, make that name be "dbpass" -- you'll use this name to look it up later
  • Add a String property named "payload" with a value of your DB password
    • you'll use the name of that property to get your actual value out of the Datastore object
    • even objects with a single property have to treated like named arrays
  • Create the entity.
  • Repeat for other Sekrits giving each a unique name

Then in your Laravel app, you can access Datastore by saying:

require 'vendor/autoload.php';
use Google\Cloud\Datastore\DatastoreClient;
$datastore = new DatastoreClient();

And for each thing you need to retrieve, do something like:

$db_pass_datastore_key = $datastore->key('Sekrit', 'dbpass');
$db_pass_object = $datastore->lookup($db_pass_datastore_key);
$db_pass = $db_pass_object['payload'];
Jesse Scherer
  • 281
  • 2
  • 8
  • Thanks a lot. How much overhead do you think it'll add? – Tareq May 08 '19 at 03:52
  • The datastore docs _do_ advise caching if you need low latency. If you fetch your secrets at startup and just keep them in memory it shoudn't be an issue. Or did you mean some other sort of overhead? – Jesse Scherer May 09 '19 at 17:56
1

This composer package is a potential solution. It handles getting the variables from Google Datastore and the relevant caching: https://github.com/tommerrett/laravel-GAE-secret-manager

mertom
  • 11
  • 2