如何在Google App Engine标准环境中使用Google Cloud Build或其他方法设置环境变量?
是否有将Cloud Build中的环境变量注入App Engine Standard环境中的方法?
Is there anyway to inject environment variables from Cloud Build into the App Engine Standard environment?
我不想在 app.yaml 或 .env 中将环境变量推送到GitHub.因此,当Cloud Build拉动并部署时,它会丢失 .env 文件,并且服务器无法完成某些请求.
I do not want to push my environment variables to GitHub inside the app.yaml or .env. Thus, when Cloud Build pulls and deploys it is missing the .env file and the server is unable to complete some requests.
我试图避免使用数据存储,因为数据存储的异步特性会使代码更加混乱.我尝试使用此处找到的加密机密,但这似乎不起作用,因为我将这些秘密添加到应用程序部署中,而且它们也没有进入部署过程,因此,我认为这不是Cloud Build的用例.
I am trying to avoid using Datastore as the async nature of Datastore will make the code a lot more messy. I tried to use encrypted secrets found here, but that doesn't seem to work as I added the secrets to app deploy and they do not make their way into the deployment, so I assume this is not the use case for Cloud Build.
我还尝试了此处教程,以导入 .env 代码>文件从存储设备存储到App Engine Standard中,但是由于Standard没有本地存储,因此我认为它进入了空白.
I also tried the tutorial here, to import the .env file into App Engine Standard from storage, but since Standard does not have local storage I assume it goes into the void.
因此,无论如何,都可以将 .env 注入App Engine标准环境,而无需使用数据存储区,也无需提交 app.yaml 或 .env 改变控制权?可能使用Cloud Build,KMS或某种类型的存储?
So is there anyway to inject the .env into App Engine Standard environment without using Datastore, or committing app.yaml or .env to change control? Potentially using Cloud Build, KMS, or some type of storage?
这是我尝试的 cloudbuild.yaml :
steps:
- name: "gcr.io/cloud-builders/gcloud"
args: ["app", "deploy"]
secretEnv: ['SECRET1', 'SECRET2', 'SECRET3', 'SECRET4', 'SECRET5']
timeout: "1600s"
secrets:
- kmsKeyName: projects/<Project-Name>/locations/global/keyRings/<Key-Ring-Name>/cryptoKeys/<Key-Name>
secretEnv:
SECRET1: <encrypted-key-base64 here>
SECRET2: <encrypted-key-base64 here>
SECRET3: <encrypted-key-base64 here>
SECRET4: <encrypted-key-base64 here>
SECRET5: <encrypted-key-base64 here>
Here is a tutorial on how to securely store env vars in your cloud build (triggers) settings and import them into your app.
基本上有三个步骤:
-
将环境变量添加到构建触发器设置之一的变量"部分
Add your env vars to the 'variables' section in one of your build trigger settings
在构建触发器中设置的常规变量必须以下划线(_)开头
By convention variables set in the build trigger must begin with an underscore (_)
配置 cloudbuild.yaml (在代码示例的第二步)从构建触发器中读取变量,将其设置为env vars,并将所有env vars写入本地.env文件
Configure cloudbuild.yaml (on the second step in the code example) to read in variables from your build trigger, set them as env vars, and write all env vars in a local .env file
将 couldbuild.yaml (如下)添加到您的项目根目录
Add couldbuild.yaml (below) to your project root directory
steps:
- name: node:10.15.1
entrypoint: npm
args: ["install"]
- name: node:10.15.1
entrypoint: npm
args: ["run", "create-env"]
env:
- 'MY_SECRET_KEY=${_MY_SECRET_KEY}'
- name: "gcr.io/cloud-builders/gcloud"
args: ["app", "deploy"]
timeout: "1600s"将 create-env 脚本添加到 package.json
"scripts": {
"create-env": "printenv > .env"
},-
从.env读取环境变量到您的应用程序(config.js)
Read env vars from .env to your app (config.js)
安装dotenv软件包
Install dotenv package
npm i dotenv -S
向您的应用添加 config.js
// Import all env vars from .env file
require('dotenv').config()
export const MY_SECRET_KEY = process.env.MY_SECRET_KEY
console.log(MY_SECRET_KEY) // => Hello完成!现在,您可以通过触发云构建来部署应用程序,并且您的应用程序将可以访问env vars.
Done! Now you may deploy your app by triggering the cloud build and your app will have access to the env vars.