0

I'm using gcp secret manager to store sensitive information; for example to know the password of the database I use ${sm.database.password}. I'd to know whether there is a way to have an alternative value using from a env variable as well as default value; somethings like: ${sm.database.password:ENV_VAR:myPassword}
meaning:

  • sm.database.password = secret manager variable
  • ENV_VAR = environment variable
  • myPassword = my local db password
jics
  • 1,897
  • 3
  • 15
  • 24

2 Answers2

1

When using Micronaut and GCP Secret Manager, you will typically have a bootstrap.yml that may look like this

micronaut:
  config-client:
    enabled: true

gcp:
  project-id: my-gcp-project-id
  secret-manager:
    keys:
      - db_password

Now db_password is available as sm.db.password in the context, and you will have something like this in application.yml

datasources:
  default:
    url: jdbc:postgresql:my-db
    username: my-db-user
    password: ${sm.db.password}
    driverClassName: org.postgresql.Driver

When running with a different profile where you don't want to connect to GCP Secret Manager, define an env=localhost and add a bootstrap-localhost.yml like this

micronaut:
  config-client:
    enabled: false

Now you can do this in application-localhost.yml

datasources:
  default:
    password: ${ENV_VAR:myPassword}

Documentation: https://micronaut-projects.github.io/micronaut-gcp/latest/guide/#secretManager

Roar S.
  • 8,103
  • 1
  • 15
  • 37
0

I dont know much about google secret manager. But i guess, the secret ist available within a environment variable. So just name your ENV_VAR after the micronaut property should work. (keep a keen eye on the micronaut rules for naming ;-) For the default value you could use that approach

https://docs.micronaut.io/latest/guide/#valueAnnotation

So in your case ${sm.database.password:myPassword} should be enough. An alternative i use many times, is writing the default (local) values into the application.yml .. So if you run the app locally within your IDE and with some local docker container, than you could use the default values.

But for the deployment i overwrite the settings with the container environment variables or with the kubernetes config map and secret (depending on your environment) So you have no secrets (besides some dev stuff) within your source code and your config files, and you could manage the secrets within a save place.

IEE1394
  • 1,181
  • 13
  • 33