How to add environmental variables to Google App Engine (node.js) using Cloud Build
There has been several discussions from the community on how to securely store and use environmental variables on Google App Engine, and most of which are related to utilizing Google Cloud Storage.
**This tutorial will not be using Google Cloud Storage, but instead leveraging the option to store environmental variables (“env vars” for short) in Build Triggers in Google Cloud Build.
The high-level walk-through of this tutorial would be:
- Store env vars in Google Cloud’s Build Trigger
- Read in env vars from the Build Trigger in one of its build steps
- Write env vars to a local .env file
- Import env vars from .env to your Node.js app using dotenv package
Cool! We can use a simple express-generator app in this tutorial. If you do not have an App Engine for Node.js on Google Cloud please set one up first.
Now let’s begin!
Step 1. Create a Cloud Build Trigger in your Google project
The steps to set up a Could Build Trigger is rather intuitive and straightforward. It provides the option to link your build trigger with remote git repository such as Github, Bitbucket, or Google Cloud Repository.
See how to set up a build trigger.
Just like other continuous integration tools such as Travis CI, Cloud Build will build and deploy your app using a set of instructions defined in cloudbuild.yaml. Therefore, the configuration in cloudbuild.yaml is important, which is what we will look at in step 3.
Step 2. Store env vars in Cloud Build Trigger
As part of the configuration for our Build Trigger, we have the option to add variables.
*Note: Variable names set in the build trigger must begin with an underscore ( _ ), according to some convention set by Google. This, however, does not affect how we name and use env vars in our app, which we will see next.
Step 3. Add cloudbuild.yaml to your project root directory
Add cloudbuild.yaml
steps:
- name: node:10.15.1
entrypoint: npm
args: ["install"]
- name: node:10.15.1
entrypoint: npm
args: ["run", "create-env"]
env:
- 'MY_SECRET_KEY=${_MY_SECRET_KEY}'
- name: "gcr.io/cloud-builders/gcloud"
args: ["app", "deploy"]
timeout: "1600s"Cloudbuild.yaml is the configuration file that Google Build Trigger uses to define the build steps for your app.
Note the second step, which tells Cloud Build to run npm run create-env, a script that we will later define in package.json to write all our env vars to a local .env file. Also, we are reading the variable _MY_SECRET_KEY from our build trigger by wrapping it with${} in cloudbuild.yaml and setting the value as a MY_SECRET_KEY env var.
Next, we will define our create-env script.
Step 4. Add create-env script to package.json
Add create-env script to package.json
"scripts": {
"create-env": "printenv > .env"
},printenv basically prints all env vars in our system and we write them into .env file.
Final step. Import env vars from .env using dotenv package
a. Run npm i dotenv -S to add dotenv package
b. Add a config.js to store the env vars we need in our app
// Import all env vars from .env file
require('dotenv').config()export const MY_SECRET_KEY = process.env.MY_SECRET_KEYconsole.log(MY_SECRET_KEY) // => Hello
Done!! :)
Now push your project to your repo and cloud build will build the project with our env vars imported to our app!
Note: In development mode, simply add a .env file manually to your project root directory with your development env vars and your config.js will be ready to use!
Also: Whenever we add a new env var in Cloud Build Trigger, remember to update them incloudbuild.yaml
cloudbuid.yaml
steps:
- name: node:10.15.1
entrypoint: npm
args: ["install"]
- name: node:10.15.1
entrypoint: npm
args: ["run", "create-env"]
env:
- 'MY_SECRET_KEY=${_MY_SECRET_KEY}'
- 'MY_SECOND_SECRET_KEY=${_MY_SECOND_SECRET_KEY}'
- name: "gcr.io/cloud-builders/gcloud"
args: ["app", "deploy"]
timeout: "1600s"