0

Trying to create cloudbuild config for App Engine on Google cloud.
There are some encrypted environment variables that app needs. I did everything as this documentation says. When new Git commit has been pushed I'm always getting this error in cloudbuild log:

invalid build: failed to check access to "projects/$PROJECT_ID/locations/global/keyRings/my-key-ring/cryptoKeys/my-key"



Also, there is one more question. If I execute gcloud app deploy command from my laptop app is being deployed and then fails to run because of absent environment variables. Is that correct that I need to define these variables along with command like

> MY_VAR1=a MY_VAR2=b gcloud app deploy

? And if that's correct why it's not working?

WeekendMan
  • 561
  • 1
  • 10
  • 25
  • Can you please provide exact command that produces this error? Also check necessary permissions as per documentation you provided. As for the second question [here](https://cloud.google.com/appengine/docs/standard/python/config/appref#handlers_environment_variables) you can find how to provide env variables in app.yaml file. – Emil Gi Feb 04 '20 at 10:22
  • First problem is a cloudbuild, it's triggered by push in dev branch. All permissions have been granted as documentation says. Second problem - just like in example, for example, there is STATIC_SECRET env variable that should be given to the app. If I run gcloud app deploy how am I supposed to set it? Because STATIC_SECRET=qwerty gcloud app deploy doesn't work. Sorry if that's weird question, docs cover simple use cases and it's completely unclear what to do with something complicated – WeekendMan Feb 04 '20 at 13:13
  • Provide your env variables in `app.yaml` file following the link i posted before. Then just use `gcloud app deploy`, the env variables will automatically propagate to the instance and be accessible by the app. as for the first question can you please post your `cloudbuild.yaml` file as well as full error message. Don't forget to remove sensible information from them first. – Emil Gi Feb 04 '20 at 15:54

1 Answers1

0

I think the error is that the $PROJECT_ID variable is not supported in the kmsKeyName field. I had the same error and replacing $PROJECT_ID with my literal project-name was the fix.

See https://stackoverflow.com/a/56984975/771768 for a related problem.

Carl Walsh
  • 6,100
  • 2
  • 46
  • 50