Activate Cloud Shell

Cloud Shell is a virtual machine that is loaded with development tools. It offers a persistent 5GB home directory and runs on the Google Cloud. Cloud Shell provides command-line access to your Google Cloud resources.

1. Click Activate Cloud Shell

   

   at the top of the Google Cloud console.

When you are connected, you are already authenticated, and the project is set to your PROJECT_ID. The output contains a line that declares the PROJECT_ID for this session:

Your Cloud Platform project in this session is set to YOUR_PROJECT_ID

gcloud is the command-line tool for Google Cloud. It comes pre-installed on Cloud Shell and supports tab-completion.

2. (Optional) You can list the active account name with this command:

gcloud auth list

3. Click Authorize.

4. Your output should now look like this:

Output:

ACTIVE: *
ACCOUNT: student-01-xxxxxxxxxxxx@qwiklabs.net

To set the active account, run:
    $ gcloud config set account `ACCOUNT`

5. (Optional) You can list the project ID with this command:

gcloud config list project

Output:

[core]
project = <project_ID>

Example output:

[core]
project = qwiklabs-gcp-44776a13dea667a6

Note: For full documentation of gcloud, in Google Cloud, refer to the gcloud CLI overview guide.

Overview

In this lab, you'll learn how to create and manage secrets using Google Cloud Secret Manager. You will create a secret, store a secret value, and retrieve the secret value. This lab assumes you have basic familiarity with Google Cloud and the command line.

Task 1. Enable the Secret Manager API

Before using Secret Manager, you need to enable the API for your project.

1. Enable the Secret Manager API using the following command.

    gcloud services enable secretmanager.googleapis.com --project=qwiklabs-gcp-03-a79ee94ac3e9
   

   Note:
   This command enables the Secret Manager API for your project, allowing you to create and manage secrets.

Task 2. Create a Secret

Create a new secret in Secret Manager.

1. Create a secret named my-secret.

    gcloud secrets create my-secret --project=qwiklabs-gcp-03-a79ee94ac3e9
   

   Note:
   This command creates a secret named my-secret in your Google Cloud project. Secrets are used to store sensitive information, such as passwords, API keys, and certificates.

Task 3. Add a Secret Version

Add a version to the secret with the actual secret value.

1. Add a new version to my-secret with the value super-secret-password.

    echo -n "super-secret-password" | gcloud secrets versions add my-secret --data-file=- --project=qwiklabs-gcp-03-a79ee94ac3e9
   

   Note:
   This command adds a new version to the my-secret secret, storing the value "super-secret-password". The -n flag in the echo command prevents adding a newline character to the secret value. The --data-file=- flag specifies that the data is read from standard input.

Task 4. Access the Secret Value

Retrieve the secret value from Secret Manager.

1. Access the latest version of my-secret and print the secret value.

    echo "$(gcloud secrets versions access latest --secret=my-secret --project=qwiklabs-gcp-03-a79ee94ac3e9)"
   

   Note:
   This command retrieves the secret value of the latest version of my-secret and prints it to the console. This allows you to verify the stored secret.

2. Alternatively, you can store the secret value into an environment variable.

    export MY_SECRET=$(gcloud secrets versions access latest --secret=my-secret --project=qwiklabs-gcp-03-a79ee94ac3e9)
   

   Note:
   This command retrieves the secret value and stores it in an environment variable named MY_SECRET. This allows you to use the secret in subsequent commands or scripts without directly exposing the secret value in your code.

3. Access the environment variable and print the secret value.

    echo "${MY_SECRET}"
   

   Note:
   This command retrieves the environment variable of my-secret. This allows you to verify the environment variable secret.

---

Solution of Lab

curl -LO raw.githubusercontent.com/ePlus-DEV/storage/refs/heads/main/labs/gem-secret-manager-create-secrets/lab.sh
sudo chmod +x lab.sh
./lab.sh

Script alternative

curl -LO raw.githubusercontent.com/gcpsolution99/GCP-solution/refs/heads/main/GSP/Abhi_Creating_Secrets.sh
sudo chmod +x Abhi_Creating_Secrets.sh
./Abhi_Creating_Secrets.sh