Where to store GCP Credentials for terraform

tillias · November 14, 2020, 8:25pm

Hello folks,

Where should I store json credentials file generated for my service account as it is suggested in https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/getting_started ?

Locally it is quite easy:

terraform {
required_providers {
google = {
source = “hashicorp/google”
}
}
}

provider “google” {
version = “3.5.0”
credentials = file(“gcp-credentials.json”)
project = “my project”
zone = “us-central1-a”
}

But where can I put gcp-credentials.json on Circle CI service? I have only found ssh keys section, but no storage…

For obvious reasons I don’t want to store service account json in git.

Please advise

Pawan · November 16, 2020, 1:34pm

Hi @tillias,

If you don’t want to store your json file on git. I would recommend saving it on your own server and then download it using wget or curl command.

Regards,
Pawan Bahuguna

tillias · November 16, 2020, 3:15pm

Hi Pawan, many thanks for the fast reply. Yeah, I’m more interested if Circle CI supports something out of the box, without introducing external vault or downloading from external server. That is why I asked if I can save this json somewhere in project configuration.

There is one workaround to serialize json into base64 and then store it inside env. variable -> these we can define in Circle CI. But this is more hack for me

timothyclarke · November 17, 2020, 10:12am

@tillias Have you looked at Contexts which are then presented as masked environmental variables ?

Pawan · November 17, 2020, 9:14pm

That idea is great!

We also have a few more ideas that are listed in the below article: