1

我需要在 Cloudrun 应用程序中从 Google Secret Manager 获取密码。我的代码:

const {SecretManagerServiceClient} = require('@google-cloud/secret-manager');
const smClient = new SecretManagerServiceClient();
const pgpwd = 'projects/xxxxxxxx/secrets/pgpwd'; 
async function getSecret() { 
    const [version] = await smClient.accessSecretVersion({
        pgpwd: pgpwd
    });
    const pwd = version.payload.data.toString();
    return pwd;
}

const pwd = getSecret();
console.log(`out secret ${pwd}`);

在部署期间接收...

020-09-18 11:55:12.421 IDT> node index.js
2020-09-18 11:55:12.421 IDT
2020-09-18 11:55:14.061 IDTout secret [object Promise]
2020-09-18 11:55:14.062 IDTServer running on port 8080
2020-09-18 11:55:15.451 IDT(node:14) UnhandledPromiseRejectionWarning: Error: 3 INVALID_ARGUMENT: Invalid resource field value in the request.
2020-09-18 11:55:15.451 IDT at Object.callErrorFromStatus (/usr/src/app/node_modules/@grpc/grpc-js/build/src/call.js:31:26)
2020-09-18 11:55:15.451 IDT at Object.onReceiveStatus (/usr/src/app/node_modules/@grpc/grpc-js/build/src/client.js:176:52)
2020-09-18 11:55:15.451 IDT at Object.onReceiveStatus (/usr/src/app/node_modules/@grpc/grpc-js/build/src/client-interceptors.js:342:141)
2020-09-18 11:55:15.451 IDT at Object.onReceiveStatus (/usr/src/app/node_modules/@grpc/grpc-js/build/src/client-interceptors.js:305:181)
2020-09-18 11:55:15.451 IDT at /usr/src/app/node_modules/@grpc/grpc-js/build/src/call-stream.js:124:78
2020-09-18 11:55:15.451 IDT at processTicksAndRejections (internal/process/task_queues.js:79:11)
2020-09-18 11:55:15.451 IDT(node:14) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1)
2020-09-18 11:55:15.551 IDT(node:14) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
4

1 回答 1

4 
const [version] = await smClient.accessSecretVersion({
  pgpwd: pgpwd
});

应该:

const [version] = await smClient.accessSecretVersion({
  name: pgpwd
});

并且pgpwd应该是以下格式:

projects/PROJECT/secrets/NAME/versions/VERSION

您可以使用版本号或魔术别名“latest”来获取最新的。

于 2020-09-18T11:55:32.093 回答