0

I have stored a key in the Secret manager of GCP and I'm trying to use that secret in the cloudbuild.yaml but every time I have this error:

ERROR: (gcloud.functions.deploy) argument --set-secrets: Secrets value configuration must match the pattern 'SECRET:VERSION' or 'projects/{PROJECT}/secrets/{SECRET}:{VERSION}' or 'projects/{PROJECT}/secrets/{SECRET}/versions/{VERSION}' where VERSION is a number or the label 'latest' [ 'projects/gcp-project/secrets/SECRETKEY/versions/latest' ]]

My cloud build file looks like this:

steps:
  - id: installing-dependencies
    name: 'python'
    entrypoint: pip
    args: ["install", "-r", "src/requirements.txt", "--user"]

  - id: deploy-function
    name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
    args:
    - gcloud
    - functions
    - deploy
    - name_of_my_function
    - --region=us-central1
    - --source=./src
    - --trigger-topic=name_of_my_topic
    - --runtime=python37
    - --set-secrets=[ SECRETKEY = 'projects/gcp-project/secrets/SECRETKEY/versions/latest' ]
    waitFor: [ "installing-dependencies" ]

I was reading the documentation, but I don't have any other clue that could help me.

Pin90
  • 91
  • 1
  • 10
  • to start with - can you check that there is no spaces in the `--set-secrets=...` line? – al-dann Feb 24 '22 at 10:13
  • Remove the space? – guillaume blaquiere Feb 24 '22 at 12:47
  • Yes, I have removed the spaces. In fact, those are the different combinations that I've tried: **1st try** `--set-secrets=[SECRETKEY = 'projects/gcp-project/secrets/SECRETKEY/versions/latest']` **2nd try** `--set-secrets=[SECRETKEY ='projects/gcp-project/secrets/SECRETKEY/versions/latest']` **3rd try** `--set-secrets=[SECRETKEY =projects/gcp-project/secrets/SECRETKEY/versions/latest]` – Pin90 Feb 24 '22 at 14:59
  • I still see spaces in all three examples you provided – al-dann Feb 24 '22 at 17:03
  • @Pin90 Posted an answer, Is it helpful? – Divyani Yadav Mar 08 '22 at 13:37
  • @Pin90 if this or any answer has solved your question please consider accepting it by clicking the check-mark. This indicates to the wider community that you've found a solution and gives some reputation to both the answerer and yourself. There is no obligation to do this https://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work – Divyani Yadav Apr 08 '22 at 11:38
  • @DivyaniYadav, the answer does not work for me, the space in my question was a typo. In my project, I do not have any space. BTW thanks you for your help. – Pin90 Apr 09 '22 at 23:19

1 Answers1

0

As mentioned by al-dann, there should not be any space in set-secret line as you can see the documentation Final correction in code :

 --set-secrets=[SECRETKEY='projects/gcp-project/secrets/SECRETKEY/versions/latest']

For more information, you can refer to the stackoverflow thread and blog where brief information about secret manager has been well explained.

Divyani Yadav
  • 1,030
  • 4
  • 9