Cloud Build Configuration Tips[GCP]

Tips for setting up GCP Cloud Build.

Set Secret Env Variable for Cloud Build

This is an introduction to using environment variables that you don’t want to leak in Cloud Build.

# Create KeyRing
gcloud kms keyrings create [KEYRING NAME] \
    --location=global \
    --project=[PROJECT NAME]

# Create KEY (e.g. PASSWORD)
gcloud kms keys create PASSWORD \
  --location=global \
  --keyring=[KEYRING NAME] \
  --purpose=encryption \
  --project=[PROJECT NAME]

# Grant permission to Cloud Build service
gcloud kms keys add-iam-policy-binding \
    DOCKER_USER_NAME --location=global --keyring=[KEYRING NAME] \
    --member=serviceAccount:[ACCOUNT ID]@cloudbuild.gserviceaccount.com \
    --project=[PROJECT NAME] \
    --role=roles/cloudkms.cryptoKeyDecrypter
  
# Encript value
echo -n $PASSWORD | gcloud kms encrypt \
  --plaintext-file=- \
  --ciphertext-file=- \
  --location=global \
  --keyring=[KEYRING NAME] \
  --project=[PROJECT NAME] \
  --key=PASSWORD | base64
# return encripted value

steps:
  - name: 'gcr.io/cloud-builders/docker'
    entrypoint: 'bash'
    secretEnv: ['PASSWORD']
    args:
    - '-c'
    - |
      echo "Do something"

secrets:
  - kmsKeyName: projects/[PROJECT NAME]/locations/global/keyRings/[KEYRING NAME]/cryptoKeys/PASSWORD
    secretEnv:
      PASSWORD: [ENCRIPTED TEXT]

😼 References

https://cloud.google.com/cloud-build/docs/securing-builds/use-encrypted-secrets-credentials

🖥 Recommended VPS Service

VULTR provides high performance cloud compute environment for you. Vultr has 15 data-centers strategically placed around the globe, you can use a VPS with 512 MB memory for just $ 2.5 / month ($ 0.004 / hour). In addition, Vultr is up to 4 times faster than the competition, so please check it => Check Benchmark Results!!