43 lines
1.1 KiB
Go
43 lines
1.1 KiB
Go
package smartconfig
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"strings"
|
|
|
|
secretmanager "cloud.google.com/go/secretmanager/apiv1"
|
|
secretmanagerpb "cloud.google.com/go/secretmanager/apiv1/secretmanagerpb"
|
|
)
|
|
|
|
// GCPSecretManagerResolver retrieves secrets from Google Cloud Secret Manager.
|
|
// Usage: ${GCPSM:projects/PROJECT_ID/secrets/SECRET_NAME}
|
|
type GCPSecretManagerResolver struct{}
|
|
|
|
// Resolve retrieves the secret value from GCP Secret Manager.
|
|
func (r *GCPSecretManagerResolver) Resolve(value string) (string, error) {
|
|
ctx := context.Background()
|
|
client, err := secretmanager.NewClient(ctx)
|
|
if err != nil {
|
|
return "", fmt.Errorf("failed to create GCP Secret Manager client: %w", err)
|
|
}
|
|
defer func() {
|
|
_ = client.Close()
|
|
}()
|
|
|
|
// If value doesn't contain a version, append /versions/latest
|
|
if !strings.Contains(value, "/versions/") {
|
|
value = value + "/versions/latest"
|
|
}
|
|
|
|
req := &secretmanagerpb.AccessSecretVersionRequest{
|
|
Name: value,
|
|
}
|
|
|
|
result, err := client.AccessSecretVersion(ctx, req)
|
|
if err != nil {
|
|
return "", fmt.Errorf("failed to access secret %s: %w", value, err)
|
|
}
|
|
|
|
return string(result.Payload.Data), nil
|
|
}
|