# GCP Database and Secrets

Working with secret manager in Terraform is cumbersome so we will create secrets for our SQL services manually using the GCP CLI.

Note that database information is hard-coded. If project_vars["databases"] changes (more databases were added) you need to reflect the changes in the following script.

Setup local variables.

Do NOT FORGET to change the values of the variables below.

In [1]:
from project_vars import project_variables

db_auth_user_secret_id = project_variables["databases"]["auth"]["user_secret_id"]
db_auth_password_secret_id = project_variables["databases"]["auth"]["password_secret_id"]

db_events_user_secret_id = project_variables["databases"]["events"]["user_secret_id"]
db_events_password_secret_id = project_variables["databases"]["events"]["password_secret_id"]

## !!
## !! CHANGE THESE TO YOUR OWN VALUES AND DO NOT COMMIT CHANGES
## !! 
auth_db_user = "auth_user"
auth_db_password = "auth-db-password"

events_db_user = "events_user"
events_db_password = "auth-db-password"

Set the database secrets in GCP.

In [2]:
# auth
!gcloud secrets create {db_auth_user_secret_id} --replication-policy="automatic"
!echo -n {auth_db_user} | gcloud secrets versions add {db_auth_user_secret_id} --data-file=-

!gcloud secrets create {db_auth_password_secret_id} --replication-policy="automatic"
!echo -n {auth_db_password} | gcloud secrets versions add {db_auth_password_secret_id} --data-file=-

# events
!gcloud secrets create {db_events_user_secret_id} --replication-policy="automatic"
!echo -n {events_db_user} | gcloud secrets versions add {db_events_user_secret_id} --data-file=-

!gcloud secrets create {db_events_password_secret_id} --replication-policy="automatic"
!echo -n {events_db_password} | gcloud secrets versions add {db_events_password_secret_id} --data-file=-

Created secret [dev-auth-db-user].
Created version [1] of the secret [dev-auth-db-user].
Created secret [dev-auth-db-password].
Created version [1] of the secret [dev-auth-db-password].
Created secret [dev-events-db-user].
Created version [1] of the secret [dev-events-db-user].
Created secret [dev-events-db-password].
Created version [1] of the secret [dev-events-db-password].
