This detailed information explains the way you entry your passwords, API keys and different delicate information saved within the Google Secret Supervisor with Google Apps Script.
Google Secret Supervisor is a cloud service the place you may retailer delicate information equivalent to passwords, database credentials, encryption keys or another confidential info that you just don’t wish to hardcode in your utility’s supply code. You can too arrange an expiration time for the key and the Google Secret Supervisor will mechanically delete the key after the required time.
The next information explains how you should use Google Apps Script to entry secrets and techniques saved within the Google Secret Supervisor. However earlier than we proceed, let’s first create a secret within the Google Secret Supervisor.
Allow Google Secret Supervisor
1. Open the Google Cloud Console and create a brand new venture.
2. Go to the Library section of your Google Cloud venture and allow the Secret Supervisor API.
3. Go to the IAM & Admin > IAM part of your Google Cloud. Click on on Grant Entry and add the Secret Supervisor Secret Accessor position to the Google account from which you wish to entry the secrets and techniques saved within the Google Secret Supervisor.
Create a Secret in Google Secret Supervisor
Now that you’ve enabled the Secret Supervisor API and granted entry to your Google account, let’s create a brand new secret within the Google Secret Supervisor.
Go to the Secret Manager and click on on the Create Secret button to create a brand new secret.
Give your secret a reputation and add the key worth – this could possibly be a plain textual content string, or you may add a binary file as much as 64KB in measurement. If you want the key to run out after a sure time, you may set an expiration time for the key.
Within the above instance, I’ve created a secret named MyBankPassword with the worth MySuperSecretPassword. Google Secret Supervisor will mechanically assign a model quantity (1) to the key. You can’t change the key worth as soon as it has been saved however you may create a brand new model of the key with a distinct worth.
Entry Google Secret Supervisor from Google Apps Script
Now that you’ve created a secret within the Google Secret Supervisor, let’s write a Google Apps Script that may fetch the key worth from the Google Secret Supervisor.
Go to script.new to create a brand new Google Apps Script venture. Go to the Mission Settings and allow the Present appsscript.json manifest file in editor choice. Change to the appsscript.json tab and add the next OAuth scopes to the manifest file:
{
"oauthScopes": [
"https://www.googleapis.com/auth/script.external_request",
"https://www.googleapis.com/auth/cloud-platform"
]
}Subsequent, add the next operate to your Google Apps Script venture. Exchange the project_id, secret_id, and version_id variables with the precise values of your secret.
The project_id is the venture variety of your Google Cloud venture and will be discovered within the Google Cloud Console here.
After you’ve got added the operate to your Google Apps Script venture, run the most important operate to fetch the key worth from the Google Secret Supervisor and log it to the Google Apps Script Logger.
const most important = () => {
const project_id = '<>' ;
const secret_id = '<>' ;
const secret_value = getSecretValue_({ project_id, secret_id });
Logger.log('The key worth for %s is %s', secret_id, secret_value);
};
const getSecretValue_ = ({ project_id, secret_id, version_id = 1 }) => {
const endpoint = `tasks/${project_id}/secrets and techniques/${secret_id}/variations/${version_id}:entry`;
const api = `https://secretmanager.googleapis.com/v1/${endpoint}`;
const response = UrlFetchApp.fetch(api, {
methodology: 'GET',
headers: {
Authorization: `Bearer ${ScriptApp.getOAuthToken()}`,
'Content material-Sort': 'utility/json',
},
muteHttpExceptions: true,
});
const { error, payload } = JSON.parse(response.getContentText());
if (error) {
throw new Error(error.message);
}
const bytes = Utilities.base64Decode(payload.information);
const base64 = bytes.map((byte) => `%${byte.toString(16).padStart(2, '0')}`).be part of('');
const secretValue = decodeURIComponent(base64);
return secretValue;
};
