Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document How To Use GCP Secret Manager #2148

Open
ichandan16 opened this issue Sep 15, 2022 · 5 comments
Open

Document How To Use GCP Secret Manager #2148

ichandan16 opened this issue Sep 15, 2022 · 5 comments
Labels
documentation help wanted

Comments

@ichandan16
Copy link

Hi all, I appreciate the time and effort this team is taking to provide the support for this fantastic product. However, in one of my recent attempt to use spring-config-server with GCP Secret Manager is yielding no success. To get some much needed help, I am opening this discussion around it.

As per the Spring Cloud announcement here, I was expecting the GCP Secret Manager is supported. There are no docs around how to use the gcp-secret-manager backend (if there is any support). The official doc doesn't say much either.

I am running a simple config-server in GCP Cloud Run. I have to read some sensitive properties from a secret store like GCP Secret Manager (I am running apps in GCP Cloud Run) and some generic properties from a git backend. After multiple attempts, I am not able to get any success to read the configs from the secret manager using config-server. here is the application.yaml file for config server.

server:
  port: ${PORT:8080}
spring:
  application:
    name: config-server
  profiles:
    active: git, gcp-secret-manager
  cloud:
    config:
      server:
        gcp-secret-manager:
          application-label: application
          profile-label: profile
          token-mandatory: false
          order: 1
        git:
          uri: https://github.com/ichandan16/test-config-server.git
          order: 2

I have labeled my secrets as application: app1 and profile: dev. Trying to access cloud run config-server service with:
https://config-server-gcp-xxxxx-uw.a.run.app/app1/dev. I can read git backend data but not GCP secret manager.

Is there any document that you can help me with that gives a clear direction on how to use it.

/r,
Chandan Patra
@ryanjbaxter
Copy link
Contributor

Here is the original PR
https://github.com/spring-cloud/spring-cloud-config/pull/1628/files

Is there anything in the logs indicating what might be wrong?

@ichandan16
Copy link
Author

Here is the original PR https://github.com/spring-cloud/spring-cloud-config/pull/1628/files

Is there anything in the logs indicating what might be wrong?

Hi Ryan, Thank you for responding.

I was checking if there are documentation around GCP Secret Manager Backend implementation? I did not find from the official doc: https://cloud.spring.io/spring-cloud-config/reference/html/#_environment_repository

@ryanjbaxter
Copy link
Contributor

Yes I dont see any either, that is an issue in itself for sure, but to me it sounded like you could not get it to work, is it working ok but its just the lack of documentation?

@ichandan16
Copy link
Author

ichandan16 commented Sep 15, 2022
edited
Loading

Yes I dont see any either, that is an issue in itself for sure, but to me it sounded like you could not get it to work, is it working ok but its just the lack of documentation?

Hi Ryan, I got this thing working, thank you for sending the code piece. I set up my profile as secret-manager instead of gcp-secret-manager and it worked. The new application.yml file looks as below:

server:
  port: ${PORT:8080}
spring:
  application:
    name: config-server
  profiles:
    active: git,secret-manager
  cloud:
    config:
      server:
        gcp-secret-manager:
          application-label: application
          profile-label: profile
          token-mandatory: false
          order: 1
        git:
          uri: https://github.com/ichandan16/test-config-server.git
          order: 2

Check this line out. I feel it is bit misleading.

One more important thing that need to be done (never miss this one) is providing the labels to the secrets. For my secrets, I have provided
application : app1 and profile : dev labels.

I am accessing the service using https://config-server-gcp-xxxxx-uw.a.run.app/app1/dev. It fetches data from both the places ( in git - https://github.com/ichandan16/test-config-server.git/app1-dev.yml and from the secret manager with labels as mentioned above).

@ichandan16 ichandan16 mentioned this issue Sep 15, 2022
Closed
@ryanjbaxter
Copy link
Contributor

Check this line out. I feel it is bit misleading.

I dont think its misleasing, that is the prefix for the properties. The profile to be enabled is specified here
https://github.com/spring-cloud/spring-cloud-config/pull/1628/files#diff-60ae02b60426f263517ade4aaf8fca7cb352aa909b2da71768bf224feb249633R466

I agree though that some documentation would be nice. Would you be interested in creating a PR with some documentation?

@ryanjbaxter ryanjbaxter changed the title Spring Cloud Config Integration with GCP Secrets Manager not working Document How To Use GCP Secret Manager Sep 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ryanjbaxter @ichandan16 @spring-cloud-issues