Use local env variables instead of fetching secrets from GCP - Githubissues

mento-protocol / governance-watchdog

A system that monitors Mento Governance events on-chain and sends notifications about them to Discord and Telegram

0 stars 0 forks source link

Use local env variables instead of fetching secrets from GCP #12

Open nvtaveras opened 1 month ago

nvtaveras commented 1 month ago

In places like https://github.com/mento-protocol/governance-watchdog/blob/main/src/send-discord-notification.ts#L34, to avoid paying for unnecessary reads from the secret manager

chapati23 commented 1 month ago

hmm, what do you mean exactly? transferring the secrets out into ENV vars accessible by the function? i guess they're no longer as secret then as they're no longer encrypted at rest, no?

i do think we can discuss which things really need to be secret, tho, to be fair. was just erring on the side of secrecy during development but maybe a webhook URL is also ok in an unencrypted env var

pricing wise I don't think we're paying much atm: https://cloud.google.com/secret-manager/pricing

$0.03 per 10,000 operations (which I guess means accesses)
24h 60m 2 (calls per minute) * 30 days = 86,400 operations per month
86,400 / 10,000 * $0.03 = ~$0.26 per month per secret
3 secrets * $0.26 = $0.78 per month in total if my math is right