How to avoid plain text environment variables in a Google Cloud Function and instead pass them secretly?

security parameter-passing environment-variables google-cloud-functions

The recommended way to manage secrets in Cloud Function is mounting the secrets from Secret Manager. This documentation explains very well how to set it up: https://cloud.google.com/functions/docs/configuring/secrets

In a nutshell:

  1. Create your secrets under Secret Manager;

enter image description here

  1. Edit your Cloud Function -> Advanced Options -> Security;
  2. Map the secrets you would like to be available during runtime;
  3. Grant the role roles/secretmanager.secretAccessor to the service account binded to the Cloud Function;
  4. Once done, you can use the secrets as environment variable (like you are used to and mentioned in your description);

enter image description here

Related

Unable to verify a public cert's modules with openssl (Unable to verify rsa public key came from a private key)
org.hibernate.QueryException: could not resolve property: filename
duplicates in array with condition of value
copying a vector in 2 different ways doesn't give the same result [duplicate]
Embed custom font in PDF file
How to enable Pages Collaboration on Mac?
iMac mid 2011 reboots when connecting an external display
How do I add a custom-built theme to Keynote for iCloud?
MacBook 7,1 internal optical drive not doing anything
syntax error near unexpected token `('
How to enable the iPad QuickType "Floating Keyboard" mini keyboard?
2015 MacBook Pro battery replacement at Apple store