This utility automates fetching secrets from Google Secret Manager and generates a .env file with those secrets, formatted as KEY=value pairs. It's designed to streamline the process of managing secrets for development and production environments in Node.js applications.
- Fetches secrets directly from Google Secret Manager.
- Generates a
.envfile with fetched secrets. - Simplifies secret management in development and production.
- Node.js (version 12 or higher recommended)
- Google Cloud SDK installed and configured
- Access to Google Cloud Secret Manager with appropriate permissions
- Create a Google Cloud Project if you haven't already.
- Enable the Secret Manager API for your project via the Cloud Console.
- Create a Service Account with the necessary permissions to access Secret Manager.
- Download a JSON key file for your service account and keep it secure.
Set the GOOGLE_APPLICATION_CREDENTIALS environment variable to the path of your service account JSON key file.
export GOOGLE_APPLICATION_CREDENTIALS="/path/to/your/service-account-file.json"For Command Prompt:
set GOOGLE_APPLICATION_CREDENTIALS=C:\path\to\your\service-account-file.jsonFor PowerShell:
$env:GOOGLE_APPLICATION_CREDENTIALS="C:\path\to\your\service-account-file.json"git clone <repository-url>
cd google-secrets-to-env
npm installReplace <repository-url> with the URL of this project's repository.
To run the utility and generate the .env file:
npx ts-node --transpile-only src/index.tsAlternatively, if you've set up a start script in your package.json:
npm startThis will fetch all secrets from your Google Secret Manager and write them to a .env file in the root of the project directory.
- Never commit the
.envfile or the service account JSON key file to source control. - Always follow the principle of least privilege when assigning roles to your service account.
- Regularly rotate your service account keys.
Contributions are welcome! If you have suggestions for improving this utility, feel free to submit a pull request or open an issue. When contributing, please keep in mind that this project was initially generated using ChatGPT. While the project aims to be fully functional and well-documented, there may be areas that benefit from human insight and refinement.
This project was generated using ChatGPT, an AI developed by OpenAI. It serves as a starting point for working with Google Secret Manager to automate the creation of .env files. Users and contributors should review the codebase and documentation for any inaccuracies or improvements that could be made.
This project is released under the MIT License. By using or contributing to this project, you acknowledge and agree that the project was generated by ChatGPT and that the responsibility for any modifications or usage of the project lies with the individuals choosing to use or modify it.