https://prefect.io logo
Join Slack
Powered by
Prefect + GCP cloud run users - how are you managi...
# prefect-gcp
j
Prefect + GCP cloud run users - how are you managing adding sensitive environment variables to your container jobs? Ideally I'd like to retrieve them from the GCP secret manager when the cloud run job is created and bind them into the container runtime as environment variables. I'd prefer to access them as generic environment variables and not heavily couple my application code to the prefect secret manager. Something I could add to the 
prefect.yaml
configuration to call the GCP secret manager and add env variables when starting jobs would be ideal.
c
I use a service account that I give the “Service Account Token Creator” and “Service Account User” permissions and then deploy with a cloud run agent that is configured with this service account. The 
prefect_gcp
GcpCredentials
block can then authenticate using application default credentials by calling 
GcpCredentials()
without any arguments. These credentials can then be used with the 
read_secret
task without storing any credentials in the Prefect secret manager.
I also had to add the service account to the job config:
Copy code
```json
...
  "variabes": {
    "service_account_name": {
        "type": "string",
        "title": "Service Account Name",
        "example": "<mailto:service-account@example.iam.gserviceaccount.com|service-account@example.iam.gserviceaccount.com>",
        "description": "The name of the service account to use for the task execution of Cloud Run Job. By default Cloud Run jobs run as the default Compute Engine Service Account. "
      }
      ...
  },
  "job_configuration": {
    ...
    "job_body": {
      ...
      "template": {
        "template": {
          ...
          "maxRetries": "{{ max_retries }}",
          "serviceAccount": "{{ service_account_name }}"  # <-- added to job template
        }
      },
      "launchStage": "{{ launch_stage }}"
    }
    ...
  }
  
```
7 Views
Open in Slack
PreviousNext
Powered by