Secret Manager용 커넥터

워크플로 내에서 Secret Manager에 액세스하는 데 사용되는 기본 제공 함수를 정의하는 Workflows 커넥터입니다.

이 코드 샘플이 포함된 문서 페이지

컨텍스트에서 사용된 코드 샘플을 보려면 다음 문서를 참조하세요.

코드 샘플


# This workflow demonstrates how to use the Cloud Secret Manager connector to.
# retrieve a secret.
# Expected successful output: the secret data.

- init:
    - project_id: ${sys.get_env("GOOGLE_CLOUD_PROJECT_ID")}
    - secret_id: "test-secret"  # Make sure you have this secret and it has a version of 1.
    - version: "1"
# We provide a helper method to add a secret data to an existing secret without base-64 encoding.
- add_version_string:
    call: googleapis.secretmanager.v1.projects.secrets.addVersionString
      secret_id: ${secret_id}
      project_id: ${project_id}
      data: "a new secret"
# We provide a helper method to access the secret in string format without base-64 decoding.
# To compare the usage between accessRaw() and access(), we list two demo steps to retrieve
# the same secret below.
# accessString assumes the secret data is a valid UTF-8 string and if it detects non-UTF-8
# bytes, an error will be raised.
- access_string_secret:
    call: googleapis.secretmanager.v1.projects.secrets.versions.accessString
      secret_id: ${secret_id}
      version: ${version}  # If not set, "latest" will be used.
      project_id: ${project_id}
    result: str_secret
- access_secret:
    call: googleapis.secretmanager.v1.projects.secrets.versions.access
      name: ${"projects/" + project_id + "/secrets/" + secret_id + "/versions/" + version}
    result: base64_encoded_secret_data
# Secret can also be retrieved by using positional arguments in an expression.
- expression:
    - secret_str_from_exp: ${googleapis.secretmanager.v1.projects.secrets.versions.accessString(secret_id, version, project_id)}
- the_end:
    return: [${str_secret}, ${secret_str_from_exp}, ${text.decode(base64.decode(}]

다음 단계

다른 Google Cloud 제품의 코드 샘플을 검색하고 필터링하려면 Google Cloud 샘플 브라우저를 참조하세요.