GitHunt
AI

airman604/gcp-env

gcp-env

This is a small utility to help populate environment variables using secrets stored
in Google Secret Manager. Inspired by similar tools for AWS:
telia-oss/aws-env,
remind101/ssm-env,
sendgrid/aws-env.

How it works

gcp-env will loop through the environment and replace any variables prefixed
with sm:// with their secret value from Secret Manager. Google Application
Default Credentials
have to be configured and have access to the referenced secrets.

Secrets can be referenced using either full version resource ID, i.e.
projects/PROJECT_ID/secrets/SECRET_NAME/versions/VERSION_ID, or just
projects/PROJECT_ID/secrets/SECRET_NAME, in which case gcp-env will retrieve
"latest" version of the secret.

If the environment variable ends in #some-key, then the value of the secret
will be parsed as JSON and the value of the referenced key (some-key) from JSON
will be substituted.

Usage

  1. Grab gcp-env binary for your platform from the
    releases page. Place it in a
    directory that's in the PATH and make it executable.

  2. Start your application with gcp-env:

export MY_SECRET=sm://projects/1234567890123/secrets/my-secret
export MY_JSON_SECRET="sm://projects/1234567890123/secrets/my-secret#key"
gcp-env COMMAND [PARAMETERS]

This will populate all the secrets in the environment, and start specified
COMMAND with the provided PARAMETERS. The populated secrets are only made
available to the command and do not persist once the process exits.

More examples

Run multiple commands with one secrets lookup:

gcp-env sh -c "command1; command2; command3"

Substitute references to secrets in a configuration file:

cat input.cfg.template | gcp-env envsubst > output.cfg

Store whole configuration file in Secret Manager:

export MY_SECRET_CONFIG=sm://...
# using single quotes is important here!
gcp-env sh -c 'echo "$MY_SECRET_CONFIG" > secret.cfg'

Inject secrets into a container:

export MY_SECRET=sm://projects/1234567890123/secrets/my-secret
gcp-env docker run -d -e MY_SECRET alpine

Use gcp-env within the container (Dockerfile):

FROM alpine

RUN wget https://github.com/airman604/gcp-env/releases/download/v0.0.3/gcp-env_0.0.3_linux_amd64 -O /usr/local/bin/gcp-env && \
  chmod +x /usr/local/bin/gcp-env

ENTRYPOINT ["gcp-env"]

Languages

Go91.5%Shell8.5%

Contributors

AIDE
MIT License
Created February 22, 2024
Updated November 27, 2025
airman604/gcp-env | GitHunt