Where to store GCP Credentials for terraform

Hello folks,

Where should I store json credentials file generated for my service account as it is suggested in https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/getting_started ?

Locally it is quite easy:

terraform {
required_providers {
google = {
source = “hashicorp/google”
}
}
}

provider “google” {
version = “3.5.0”
credentials = file(“gcp-credentials.json”)
project = “my project”
zone = “us-central1-a”
}

But where can I put gcp-credentials.json on Circle CI service? I have only found ssh keys section, but no storage…

For obvious reasons I don’t want to store service account json in git.

Please advise

Hi @tillias,

If you don’t want to store your json file on git. I would recommend saving it on your own server and then download it using wget or curl command.

Regards,
Pawan Bahuguna

1 Like

Hi Pawan, many thanks for the fast reply. Yeah, I’m more interested if Circle CI supports something out of the box, without introducing external vault or downloading from external server. That is why I asked if I can save this json somewhere in project configuration.

There is one workaround to serialize json into base64 and then store it inside env. variable -> these we can define in Circle CI. But this is more hack for me :slight_smile:

1 Like

@tillias Have you looked at Contexts which are then presented as masked environmental variables ?

1 Like

That idea is great!

We also have a few more ideas that are listed in the below article: