Secrets with Google Cloud Storage
This example uses a bucket (
mybucket
) to store GitHub credentials and a kubeconfig file.
Authorize Spinnaker to access the GCS bucket
Since you’re storing sensitive information, make sure to protect the bucket by restricting access and enabling encryption.
Remember to run the Operator deployment (or Halyard’s daemon) and Spinnaker services with permissions to read that content.
Storing secrets
Store your GitHub credentials in mybucket/spinnaker-secrets.yml
:
github:
password: <PASSWORD>
token: <TOKEN>
Note: You can store the password under different keys than github.password
and github.token
. To do so, change how you reference the secret.
Referencing secrets
Now that secrets are securely stored in the bucket, you reference them in your config files with the following format:
encrypted:gcs!b:<bucket>!f:<path to file>!k:<optional yaml key>
For example, to reference github.password
from the file above, use:
encrypted:gcs!b:mybucket!f:spinnaker-secrets.yml!k:github.password
To reference the content of our kubeconfig file:
encrypted:gcs!f:mykubeconfig!b:mybucket
Feedback
Was this page helpful?
Thank you for letting us know!
Sorry to hear that. Please tell us how we can improve.
Last modified January 25, 2021: (1b76da5)