shaamilahmed/Htmx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bcdd54391645d468f69eca9cdd3904081b97c58c
Htmx/GCR/scripts/03-create-secrets.ps1
T

58 lines
2.8 KiB
PowerShell
Raw Blame History

#Requires -Version 5.1
param()
Set-StrictMode -Version Latest
$ErrorActionPreference = 'Continue'
$ScriptDir = Split-Path -Parent $MyInvocation.MyCommand.Path
$EnvFile = Join-Path $ScriptDir "..\\.env"
if (-not (Test-Path $EnvFile)) { Write-Error "ERROR: $EnvFile not found."; exit 1 }
$config = @{}
foreach ($line in Get-Content $EnvFile) {
if ($line -match '^\s*$' -or $line -match '^\s*#') { continue }
if ($line -match '^([^=]+)=(.*)$') { $config[$Matches[1].Trim()] = $Matches[2].Trim() }
}
$GCP_PROJECT_ID = if ($config['GCP_PROJECT_ID']) { $config['GCP_PROJECT_ID'] } else { '' }
if (-not $GCP_PROJECT_ID) { Write-Error "GCP_PROJECT_ID not set"; exit 1 }
Write-Host "================================================================"
Write-Host " Google Cloud Secret Manager setup - Project: $GCP_PROJECT_ID"
Write-Host "================================================================"
Write-Host ""
$SecretName = "mongodb-connection-string"
Write-Host ">>> Secret: $SecretName"
Write-Host " MongoDB connection URI (e.g. mongodb+srv://user:pass@cluster.mongodb.net)"
$val = Read-Host " Enter value" -AsSecureString
$plain = [System.Net.NetworkCredential]::new("", $val).Password
$tmp = [System.IO.Path]::GetTempFileName()
try {
[System.IO.File]::WriteAllText($tmp, $plain, [System.Text.Encoding]::UTF8)
gcloud secrets describe $SecretName --project=$GCP_PROJECT_ID 2>$null | Out-Null
if ($LASTEXITCODE -eq 0) {
gcloud secrets versions add $SecretName --data-file=$tmp --project=$GCP_PROJECT_ID 2>$null | Out-Null
} else {
gcloud secrets create $SecretName --data-file=$tmp --replication-policy=automatic --project=$GCP_PROJECT_ID 2>$null | Out-Null
}
if ($LASTEXITCODE -ne 0) { Write-Error "Failed to save secret."; exit 1 }
} finally {
Remove-Item $tmp -Force -ErrorAction SilentlyContinue
}
Write-Host " Secret saved."
Write-Host ""
Write-Host ">>> Granting Cloud Run service account access to secrets..."
$PROJECT_NUMBER = (gcloud projects describe $GCP_PROJECT_ID --format='value(projectNumber)' 2>$null).Trim()
$APPENGINE_SA = "$GCP_PROJECT_ID@appspot.gserviceaccount.com"
$COMPUTE_SA = "$PROJECT_NUMBER-compute@developer.gserviceaccount.com"
gcloud iam service-accounts describe $APPENGINE_SA --project=$GCP_PROJECT_ID 2>$null | Out-Null
$SA = if ($LASTEXITCODE -eq 0) { $APPENGINE_SA } else { $COMPUTE_SA }
Write-Host " Granting secretAccessor on '$SecretName' to: $SA"
gcloud secrets add-iam-policy-binding $SecretName --member="serviceAccount:$SA" --role=roles/secretmanager.secretAccessor --project=$GCP_PROJECT_ID --quiet 2>$null | Out-Null
if ($LASTEXITCODE -ne 0) { Write-Error "Failed to grant access."; exit 1 }
Write-Host ""
Write-Host ">>> Secrets setup complete."
Write-Host ">>> Next step: run GCR\scripts\04-deploy.ps1"
Reference in New Issue View Git Blame Copy Permalink