This document describes how to set up Spinnaker secrets in an encrypted GCS bucket. This example uses a bucket (
mybucket) to store GitHub credentials and a kubeconfig file.
Since you’re storing sensitive information, make sure to protect the bucket by restricting access and enabling encryption.
Remember to run Halyard’s daemon and Spinnaker services with permissions to read that content.
Store your GitHub credentials in
github: password: <PASSWORD> token: <TOKEN>
Note: You can store the password under different keys than
github.token. To do so, change how you reference the secret.
Now that secrets are securely stored in the bucket, you reference them in your config files with the following format:
encrypted:gcs!b:<bucket>!f:<path to file>!k:<optional yaml key>
For example, to reference
github.password from the file above, use:
To reference the content of our kubeconfig file: