-2

I am trying to access secret manager from a small script I built on app script. I need to access and API with with a key but do not want to hardcode it.

I have already assigned the app to a project. I am just not sure how to query the token.

ls168
  • 27
  • 1
  • 7

1 Answers1

2

To access the cloud Secrets manager, you'll need

  • Change your project from the default apps Script one to a cloud platform project

  • Turn on the secrets manager API in the cloud console

  • Add oauth scopes in your manifest

    "oauthScopes": [
  "https://www.googleapis.com/auth/cloud-platform",
  "https://www.googleapis.com/auth/script.external_request"
]

  • IAM roles authorized with permission to access the Secrets manager. Here's how.

    https://cloud.google.com/secret-manager/docs/configuring-secret-manager

  • Use the Apps Script auth token as Bearer in UrlFetchApp access to the secret manager endpoint.

Here's a write up on accessing secret manager from Apps Script, as well as a library you can use to do it for you. https://ramblings.mcpher.com/apps-script/superfetch-proxy/superfetch-plugin-cloud-manager-secrets-and-apps-script/

Rubén
  • 34,714
  • 9
  • 70
  • 166
bruce
  • 1,408
  • 11
  • 33