Closed mmb closed 7 years ago
cf-gitbot
commented
7 years ago We have created an issue in Pivotal Tracker to manage this:
https://www.pivotaltracker.com/story/show/142062913
The labels on this github issue will be updated when the story is started.
dsabeti
commented
7 years ago Hey @mmb. This would actually require a change to bbl -- it currently expects that your credentials are stored in a file. @evanfarrar, do you have any thoughts on this? Would it make sense for bbl to allow a string input instead of a file input for GCP credentials?
mmb
commented
7 years ago Could the task write the credentials to a file before passing it to bbl? This is what it currently does with the certs.
Our workaround for this is to have a Concourse task that writes a param to a file.
evanfarrar
commented
7 years ago We had discussed this awkwardness on the Infrastructure team when we recently started using the cf-deployment-concourse tasks ourselves. We will change the flag to take the contents of the credential file (while preserving file path for backwards compatibility).
evanfarrar
commented
7 years ago Tracking this in https://www.pivotaltracker.com/story/show/142097551
dsabeti
commented
7 years ago Hey @mmb. Since we've upgrade to bbl 3.0.4, this should probably work. Want to give it a try and report back?
mmb
commented
7 years ago This works now. Thanks @dsabeti and @evanfarrar.
If the task only accepts a file, that leads me to check it into GitHub or put it in an S3 bucket. I would prefer to provide the credentials in the pipeline directly (like the AWS credentials) so I can store them in a more secure way with my other pipeline secrets.