Menu
Google Cloud Platform doesn't describe how to deal with environmental variables in your app.yaml.
Starting up with GCP and Google App Engine, I read about setting my config variables in app.yaml which makes sense in a way, but I don't want to put my password/secrets/keys/etc in my GIT repository.
Presuming that @Google's engineers are smart enough to not want this either, I'd guess that the best practise would be to put app.yaml in .gitignore.
Executing gcloud app deploy results in a perfectly working app. But it still it remains an unfinished issue to me and I strongly believe there should be a article somewhere that describes what the best practise is.
Can someone confirm that:
app.yaml in .gitignore, and then,app.yaml, and then,gcloud app deploy
is the way to go?
665
You should use rails environment variables.
Before Rails 5.2
You can use dotenv
With Rails 5.2
You can use both dotenv and rails credentials.
With rails credentials:
secret_key_base variable to the credentials file.Use secret_key_base variable in the app.yaml file:
env_variables:
SECRET_KEY_BASE: <% = Rails.application.credentials[:secret_key_base] %>
Google's configuration document
Rails credentials
EDIT
Adding and updating environment variables for Google Cloud Platform
83
I would suggest you rather than put your config to app.yaml file to use something like config server spring boot example, that you'll easy setup to fetch you config parameters from git, or database or vault(for sensitive data). Also you could consider store you parameters in appengine memcache on in some storage like datastore.
For now in our project we're just appending app.yaml with env_variables section in one of our pipeline's steps before deploying. Using Teamcity for build, Vault for storing secrets. Teamcity has build in Vault integration. But I'd like to change it to use config server in nearest future.
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
