如何在Google App Engine和gitlab CI中传递环境秘密变量

我正在使用gitlab并将其部署到我的nodejs应用程序的google app引擎中.

I am using gitlab and deploying it to google app engine for my nodejs application.

Google Service访问权限已添加为gitlab设置中的变量

Google Service access is added as variable in gitlab settings

SERVICE_ACCOUNT_KEY: 
   {
      "type": "service_account",
      "project_id": "node-us",
      "private_key_id": "",
      "private_key": "",
      "client_email": "gitlab-demo-service-account@node-us.iam.gserviceaccount.com",
      "client_id": "",
      "auth_uri": "",
      "token_uri": "",
      "auth_provider_x509_cert_url": "",
      "client_x509_cert_url": ""
    }

.gitlab-ci.yml

image: node:latest
cache:
  paths:
    - node_modules/
    
before_script:
  - echo "deb http://packages.cloud.google.com/apt cloud-sdk-jessie main" | tee /etc/apt/sources.list.d/google-cloud-sdk.list
  - curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
  - apt-get update
  - apt-get -qq -y install google-cloud-sdk

deploy_production:
  stage: deploy
  environment: Production
  only:
    - master
  script:
    - echo $SERVICE_ACCOUNT_KEY > /tmp/$CI_PIPELINE_ID.json
    - gcloud auth activate-service-account --key-file /tmp/$CI_PIPELINE_ID.json
    - gcloud --quiet --project node-us app deploy app.yaml

after_script:
  - rm /tmp/$CI_PIPELINE_ID.json

我的根文件夹有 app.yaml 文件和 .env 文件

my root folder has app.yaml file and .env file

截至目前，我正在测试流程，该流程运行良好并且已成功部署到google app引擎.(它不包含任何秘密密钥)

As of now I was testing the flow which worked fine and deployed successfully to google app engine. (it does not contain any secret keys)

但是我希望我的env变量(包含秘密密钥)需要在 .gitignore 中忽略，也不要成为 app.yaml 文件的一部分.

However I want the my env variables (containing secret keys) need to be ignored in .gitignore also not to be part of app.yaml file.

如何传递我的环境秘密密钥?

How can I pass my env secret keys?