1

I have deployed my Django Project to Google App Engine and I need to add environment variables.

The docs say to add them to app.yaml but that seems like bad practice because app.yaml should be in your git repository.

Is there any way to add environment variables to App Engine the same way you can add them in Cloud Run > Services > Variables & Secrets ?

Improve this question
0

2 Answers 2

Reset to default
3

Google Secret Manager is available, since this spring:

enter image description here

def create_secret(project_id, secret_id): """ Create a new secret with the given name. A secret is a logical wrapper around a collection of secret versions. Secret versions hold the actual secret material. """ # Import the Secret Manager client library. from google.cloud import secretmanager # Create the Secret Manager client. client = secretmanager.SecretManagerServiceClient() # Build the resource name of the parent project. parent = client.project_path(project_id) # Create the secret. response = client.create_secret(parent, secret_id, { 'replication': { 'automatic': {}, }, }) # Print the new secret name. print('Created secret: {}'.format(response.name))

  • Consume the secrets from the app instead of the environment variables:
def access_secret_version(project_id, secret_id, version_id): """ Access the payload for the given secret version if one exists. The version can be a version number as a string (e.g. "5") or an alias (e.g. "latest"). """ # Import the Secret Manager client library. from google.cloud import secretmanager # Create the Secret Manager client. client = secretmanager.SecretManagerServiceClient() # Build the resource name of the secret version. name = client.secret_version_path(project_id, secret_id, version_id) # Access the secret version. response = client.access_secret_version(name) # Print the secret payload. # # WARNING: Do not print the secret in a production environment - this # snippet is showing how to access the secret material. payload = response.payload.data.decode('UTF-8') print('Plaintext: {}'.format(payload))
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

If you are using a continuous deployment process you could rewrite (or created) the app.yaml to include variables relevant to each deployment target within the CD build system.

We rewrite several files as part of our deployment process to App engine using Bitbucket pipelines. Variables can be defined at a workspace level (across multiple repositories), within a repository, and also for each deployment target defined. These variables can be secured so they are not readable. Bitbucket deployment variables

build: &build - step: name: Update configuration for deployment script: - find . -type f -name "*.yaml" -exec sed -i "s/\[secret-key-placeholder\]/$SECRET_KEY/g" {} +

Refer to https://support.atlassian.com/bitbucket-cloud/docs/variables-in-pipelines/#Deployment-variables

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.