如何在Google App Engine中设置环境变量/应用程序机密 [英] How to set environment variables/app secrets in Google App Engine
问题描述
问题是我应该如何设置应用程序机密以使它们在 application.yml 中可用?
$
在heroku上,我只是简单地通过设置dyno的环境变量来访问它,服务器:
端口:$ {PORT}
安全性:
用户:
密码:$ {USERPASSWORD}
eureka:
客户端:
register-with-eureka:false
fetch-registry:false
实例:
hostname:localhost
securePortEnabled:true
密码:$ {EUREKAPASSWORD}
如何在Google App Engine中实现该功能?我正在尝试使用数据存储:
Unfornately我不知道如何将这些值注入到我的* .yml文件中。
编辑:
还有一件更重要的事情要补充。我使用 maven appengine 插件通过CI管道部署我的应用程序,因此我不可能推送 app.yaml 文件到App Engine
Google还有一个关于如何存储加密机密的教程。
https://cloud.google.com/kms/docs/store-秘密
TLDR:一个独立的存储区,存储加密的秘密,实例在需要时下载,使用Google KMS解密( https://cloud.google.com/kms/ ),然后移除。
The question is how can I set application secrets to make them available in application.yml?
On heroku I was doing it simply, by setting environment variable for dyno, and acces it as:
server:
port: ${PORT}
security:
user:
password: ${USERPASSWORD}
eureka:
client:
register-with-eureka: false
fetch-registry: false
instance:
hostname: localhost
securePortEnabled: true
password: ${EUREKAPASSWORD}
How to achieve that in Google App Engine? I was trying with datastore:
Unfornately I don't know how to inject those values into my *.yml file.
EDIT:
One more important thing to add. I am using maven appengine plugin to deploy my app via CI pipeline, so there is no possibility for me to push app.yaml file to App Engine
Google has also a tutorial on how to store encrypted secrets. https://cloud.google.com/kms/docs/store-secrets
TLDR: a separate bucket to store the encrypted secrets, instances download it when needed, decrypt using Google KMS (https://cloud.google.com/kms/) and remove afterwards.
这篇关于如何在Google App Engine中设置环境变量/应用程序机密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
