forked from GoogleChrome/web.dev
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcloud-secrets.js
52 lines (42 loc) · 1.5 KB
/
cloud-secrets.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
/**
* @fileoverview This file generates a `.env` file from the lastest active secrets stored
* in the Google Cloud Secret Manager. This is ran from the Cloud Build Deploy script.
*/
const {SecretManagerServiceClient} = require('@google-cloud/secret-manager');
const client = new SecretManagerServiceClient();
const cloudSecrets = async () => {
if (!process.env.PROJECT_ID) {
return console.warn(
'No Google Cloud Project ID found, no .env file is being generated.',
);
}
console.log('Generating .env file.');
const project = `projects/${process.env.PROJECT_ID}`;
let dotenv = '';
const fetchedSecrets = [];
const [secretsList] = await client.listSecrets({parent: project});
for (const secretItem of secretsList) {
const key = secretItem.name.split('/').pop();
const [versions] = await client.listSecretVersions({
parent: secretItem.name,
});
const version = versions.find((v) => v.state === 'ENABLED');
if (version) {
const [accessedSecret] = await client.accessSecretVersion({
name: version.name,
});
const value = accessedSecret.payload.data.toString();
dotenv += `${key}=${value}\n`;
fetchedSecrets.push(key);
}
}
require('fs').writeFileSync('.env', dotenv);
console.log(
`The following environment variables have been added to the generated .env file: ${fetchedSecrets.join(
', ',
)}`,
);
};
cloudSecrets().catch((e) => {
console.warn('Ooops, there was an error in generating the .env file.', e);
});