Configuring Secrets and Environment Variables
Overview
Now that the foundational setup is complete, this guide will walk you through configuring secrets and environment variables within both Google Cloud Platform (GCP) and Terraform Cloud.
Terraform Cloud Configuration
-
Log in to Terraform Cloud and select the DSB organization.
-
On the left-hand menu, click Settings > Variable Sets. You should see a screen similar to this:
-
Click Create Organization Variable Set, and fill in the following details:
- Name: Provide a meaningful name for the variable set.
- Description: Add a brief description for clarity.
- Variable Set Scope: Select Apply to all projects and workspaces. (You can modify this later if needed.)
-
Scroll down to the Variables section and click Add Variable. Add the following keys, marking them as Sensitive except for
TFC_GCP_PROVIDER_AUTH
:Variable Name Description TFC_GCP_RUN_SERVICE_ACCOUNT_EMAIL
The email of the GCP service account that Terraform Cloud will impersonate. TFC_GCP_PROJECT_NUMBER
The numeric project ID of your GCP project. TFC_GCP_PROVIDER_AUTH
Set to true
to enable Workload Identity Federation for authentication.TFC_GCP_WORKLOAD_POOL_ID
The ID of the Workload Identity Pool created in GCP. TFC_GCP_WORKLOAD_PROVIDER_ID
The ID of the OIDC Provider associated with the identity pool. -
Navigate to the workspace, and click on Variables, and create a Workspace variable named
SNYK_TOKEN
, making it sensitive. Paste the value of the API Key or token in it and save it. -
After adding the variables, your variable set should look similar to this:
GitHub Configuration
After forking the repositories, you need to configure the necessary secrets for GitHub Actions in the gcp-devsecops-pipeline
repository. These secrets will enable automated deployments when updates are pushed to the main branch.
- Log in to GitHub and open the
gcp-devsecops-pipeline
repository. - Navigate to Settings > Secrets and Variables under the Security section.
- Click Actions, then select New Repository Secret.
- Add the following secrets:
GOOGLE_CREDENTIALS
: Paste the contents of your GCP service account JSON key file.TF_API_TOKEN
: Your Terraform Cloud API token.
With these steps completed, your secrets and environment variables are fully configured for GCP and Terraform Cloud.