// Google Cloud Secret Manager package secretmanager import ( "alpha.dagger.io/dagger" "alpha.dagger.io/dagger/op" "alpha.dagger.io/gcp" "alpha.dagger.io/os" ) #Secrets: { // GCP Config config: gcp.#Config // Map of secrets secrets: [name=string]: dagger.#Secret // Deploy encrypted secrets deployment: os.#Container & { image: gcp.#GCloud & {"config": config} shell: path: "/bin/bash" always: true for name, s in secrets { secret: "/tmp/secrets/\(name)": s } command: #""" # Loop on all files, including hidden files shopt -s dotglob echo "{}" > /tmp/output.json for FILE in /tmp/secrets/*; do BOOL=0 # Boolean gcloud secrets describe "${FILE##*/}" 2>/dev/null > /dev/null status=$? # If secret not found if [[ ! "${status}" -eq 0 ]]; then (\ RES="$(gcloud secrets create "${FILE##*/}" --replication-policy automatic --data-file "${FILE}" --format='value(name)' 2>&1 | sed -n '1!p')" \ && cat <<< $(cat /tmp/output.json | jq ".|.\"${FILE##*/}\"=\"$RES\"") > /tmp/output.json \ ) || (echo "Error while creating secret ${FILE##*/}" >&2 && exit 1) BOOL=1 else (\ RES="$(gcloud secrets versions add "${FILE##*/}" --data-file "${FILE}" --format='value(name)' 2>&1 | sed -n '1!p')" \ && cat <<< $(cat /tmp/output.json | jq ".|.\"${FILE##*/}\"=\"$RES\"") > /tmp/output.json \ ) || (echo "Error while updating secret ${FILE##*/}" >&2 && exit 1) BOOL=1 fi if [ $BOOL -eq 0 ]; then (\ RES="$(gcloud secrets describe "${FILE##*/}" --format='value(name)' 2>&1)" \ && cat <<< $(cat /tmp/output.json | jq ".|.\"${FILE##*/}\"=\"$RES\"") > /tmp/output.json \ ) || (echo "Error while retrieving secret ${FILE##*/}" >&2 && exit 1) fi done """# } // dynamic references references: { [string]: string } references: #up: [ op.#Load & { from: deployment }, op.#Export & { source: "/tmp/output.json" format: "json" }, ] }