I have uploaded a GCP service account key to Vault from a JSON file.
$ vault kv get kv/store/gcp
====== Metadata ======
Key Value
--- -----
created_time 2020-09-14T16:13:34.5395125Z
deletion_time n/a
destroyed false
version 1
=============== Data ===============
Key Value
--- -----
auth_provider_x509_cert_url https://www.googleapis.com/oauth2/v1/certs
auth_uri https://accounts.google.com/o/oauth2/auth
client_email xxxxxxx@developer.gserviceaccount.com
client_id 00000000000
client_x509_cert_url https://www.googleapis.com/robot/v1/metadata/x509/0000000-compute%40developer.gserviceaccount.com
private_key -----BEGIN PRIVATE KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
yyyyyyy==
-----END PRIVATE KEY-----
private_key_id 00000000000000000000
project_id myproject_id
token_uri https://oauth2.googleapis.com/token
type service_account
Ideally I want to pull the whole entry out. But I will settle for fields.
So on the TC side I have a variable GCP_CREDS: %vault:/kv/data/store/gcp!/private_key%
Added this in a build step at I can't debug the creds in TC! đź‘Ž
echo "${GCP_CREDS}" > ./gcp_creds
On the agent host
$ cat gcp_creds
-----BEGIN
$
It seems to chop at the first white space?
With agent debug set to max on the agent, I can see the whole GCP key arriving intact . I then see _[2021-03-04 12:42:32,310] DEBUG - ath.internal.path.CompiledPath - Evaluating path: $['privatekey']
I tried a few ideas on here: https://github.com/json-path/JsonPath as theis seems to be what the code is based on. No joy.
Any ideas? Is it just my iffy BASH in the build step? :)
The vault plugin works fine for simple key value pairs. I can extract any other field from the GCP data correctly, just not "private_key" !
TeamCity Enterprise 2019.2.2 (build 71923) Plugin 2021 0.1.98
Hi,
I have uploaded a GCP service account key to Vault from a JSON file.
Ideally I want to pull the whole entry out. But I will settle for fields. So on the TC side I have a variable GCP_CREDS: %vault:/kv/data/store/gcp!/private_key% Added this in a build step at I can't debug the creds in TC! đź‘Ž echo "${GCP_CREDS}" > ./gcp_creds On the agent host
It seems to chop at the first white space? With agent debug set to max on the agent, I can see the whole GCP key arriving intact . I then see _[2021-03-04 12:42:32,310] DEBUG - ath.internal.path.CompiledPath - Evaluating path: $['privatekey'] I tried a few ideas on here: https://github.com/json-path/JsonPath as theis seems to be what the code is based on. No joy.
Any ideas? Is it just my iffy BASH in the build step? :) The vault plugin works fine for simple key value pairs. I can extract any other field from the GCP data correctly, just not "private_key" !