Where to store GCP Credentials for terraform

Deployments
1

Hello folks,

Where should I store json credentials file generated for my service account as it is suggested in Terraform Registry ?

Locally it is quite easy:

terraform {
required_providers {
google = {
source = “hashicorp/google”
}
}
}

provider “google” {
version = “3.5.0”
credentials = file(“gcp-credentials.json”)
project = “my project”
zone = “us-central1-a”
}

But where can I put gcp-credentials.json on Circle CI service? I have only found ssh keys section, but no storage…

For obvious reasons I don’t want to store service account json in git.

Please advise

2

Hi @tillias,

If you don’t want to store your json file on git. I would recommend saving it on your own server and then download it using wget or curl command.

Regards,
Pawan Bahuguna

1 Like
3

Hi Pawan, many thanks for the fast reply. Yeah, I’m more interested if Circle CI supports something out of the box, without introducing external vault or downloading from external server. That is why I asked if I can save this json somewhere in project configuration.

There is one workaround to serialize json into base64 and then store it inside env. variable -> these we can define in Circle CI. But this is more hack for me :slight_smile:

1 Like
4

@tillias Have you looked at Contexts which are then presented as masked environmental variables ?

1 Like
5

That idea is great!

We also have a few more ideas that are listed in the below article:

6

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.