diff --git a/sidebars.js b/sidebars.js index 85417d715..2a9549d68 100644 --- a/sidebars.js +++ b/sidebars.js @@ -161,6 +161,7 @@ module.exports = { 'admin/cloud-credentials/gcp-cloud-credentials', ], }, + 'admin/integrations/gcp-secrets-manager', 'admin/integrations/okta-user-deprovisioning', { type: 'category', diff --git a/src/content/admin/integrations/gcp-secrets-manager.mdx b/src/content/admin/integrations/gcp-secrets-manager.mdx new file mode 100644 index 000000000..90702af21 --- /dev/null +++ b/src/content/admin/integrations/gcp-secrets-manager.mdx @@ -0,0 +1,84 @@ +--- +title: Using GCP Secrets Manager with Okteto +description: Learn how to securely access secrets stored in Google Cloud Secrets Manager from an Okteto Development Environment +sidebar_label: GCP Secrets Manager +id: gcp-secrets-manager +--- + +# Using GCP Secrets Manager with Okteto + +## Overview +This guide explains how to securely access secrets stored in **Google Cloud Secrets Manager** from an Okteto Development Environment. The recommended authentication method uses **Workload Identity Federation**, allowing developers to authenticate without storing long-lived service account keys. + +For a complete working example, refer to the [Okteto Community GCP Secrets Manager repository](https://github.com/okteto-community/gcp-secret-manager). + +--- + +## Prerequisites +Before proceeding, ensure you have the following: + +- **Google Cloud Project** with **Secrets Manager API enabled** +- **Workload Identity Federation** configured as per [Okteto’s GCP Cloud Credentials Guide](admin/cloud-credentials/gcp.mdx) +- **Okteto CLI** installed and configured +- **kubectl** and **gcloud CLI** installed + +--- + +## Step 1: Configure Workload Identity Federation +To authenticate your Okteto workloads with Google Cloud, follow the steps in the [Okteto GCP Cloud Credentials Guide](admin/cloud-credentials/gcp.mdx). This method ensures secure access to GCP services without using long-lived credentials. + +--- + +## Step 2: Store and Retrieve Secrets in GCP Secrets Manager +### 2.1 Store a Secret +To store a secret file in **Google Cloud Secrets Manager**, follow these steps: + +#### **Create a local secret file** +Here we'll create a secret file `top-secret-information.txt` with the content: +``` +MY_NAME=cindy +MY_COLOR=valencia green +``` +```sh +echo -e "MY_NAME=cindy\nMY_COLOR=valencia green" > top-secret-information.txt +``` + +#### **Create a new secret in GCP** +```sh +gcloud secrets create top-secret-information --replication-policy="automatic" +``` + +#### **Upload the file as a new version of the secret** +```sh +gcloud secrets versions add top-secret-information --data-file=top-secret-information.txt +``` + +### 2.2 Verify this saved by retrieving the Secret Manually +To retrieve the secret manually from your local environment: + +```sh +gcloud secrets versions access latest --secret=top-secret-information +``` + +--- + +## Step 3: Access GCP Secrets from an Okteto Development Environment +### 3.1 Deploy the Example Application +Ensure your development environment is running in Okteto and has access to the necessary **GCP credentials**. + +Clone the example repository and deploy the sample application: + +```sh +git clone https://github.com/okteto-community/gcp-secret-manager.git +cd gcp-secret-manager +okteto up +``` + +This will start a development container with the necessary permissions. + +### 3.2 Retrieve and Use Secrets in the example Go Application +Once the environment is deployed, go to the **Okteto UI** and click on the **endpoint** that Okteto created for you. The logic in `main.go` from the sample repository retrieves values from the secret file we created in **Google Cloud Secrets Manager**. The output will be similar to this: + +``` +Hi, my name is cindy, and my favorite color is valencia green. +``` \ No newline at end of file