Configuring Secrets and Environment Variables in GCP
Overview
Now that the foundational setup is complete, this guide will walk you through configuring secrets and environment variables within both Google Cloud Platform (GCP) and Terraform Cloud.
Terraform Cloud Configuration
-
Log in to Terraform Cloud and select the DSB organization.
-
On the left-hand menu, click Settings > Variable Sets. You should see a screen similar to this:
-
Click Create Organization Variable Set, and fill in the following details:
- Name: Provide a meaningful name for the variable set.
- Description: Add a brief description for clarity.
- Variable Set Scope: Select Apply to all projects and workspaces. (You can modify this later if needed.)
-
Scroll down to the Variables section and click Add Variable. Add the following keys, marking them as Sensitive:
GOOGLE_CREDENTIALS: Paste the contents of your GCP service account JSON key file.
-
Navigate to the workspace, and click on Variables, and create a Workspace variable named
SNYK_TOKEN, making it sensitive. Paste the value of the API Key or token in it and save it.
-
After adding the variables, your variable set should look similar to this:
GitHub Configuration
After forking the repositories, you need to configure the necessary secrets for GitHub Actions in the gcp-devsecops-pipeline repository. These secrets will enable automated deployments when updates are pushed to the main branch.
- Log in to GitHub and open the
gcp-devsecops-pipelinerepository. - Navigate to Settings > Secrets and Variables under the Security section.
- Click Actions, then select New Repository Secret.
- Add the following secrets:
GOOGLE_CREDENTIALS: Paste the contents of your GCP service account JSON key file.TF_API_TOKEN: Your Terraform Cloud API token.
With these steps completed, your secrets and environment variables are fully configured for GCP and Terraform Cloud.