- Google OAuth creds avaialble
- Gemini API Key available
Warning
You're storing sensitve data available to everything running in your terminal session!
export GEMINI_API_KEY=123
export GOOGLE_OAUTH_CLIENT_ID=xyz
export GOOGLE_OAUTH_CLIENT_SECRET=987abc
go run . With Pulumi ESC, a secrets manager 🔐😎✅
-
Store your secrets in a new ESC Environment
ESC_ENV=buzz/app esc login esc env init $ESC_ENV esc env set $ESC_ENV --secret environmentVariables.GEMINI_API_KEY 123abc esc env set $ESC_ENV environmentVariables.GOOGLE_OAUTH_CLIENT_ID 123abc esc env set $ESC_ENV --secret environmentVariables.GOOGLE_OAUTH_CLIENT_SECRET 123abc
-
Run the Buzz app
esc run buzz-app-env go run .
With ✨🔐 1Password-stored secrets, accessed via Pulumi ESC 🚀🦾😎✅
-
Store your enviornment variables in a 1Password Vault
-
Create a 1Password service account with read access to your vault
-
Configure a Pulumi ESC Environment to reference the 1Password-stored secrets:
ESC_ENV=buzz/app-1p esc login esc env init $ESC_ENV esc env edit $ESC_ENV
-
Paste the yaml contents below then save the changes
values: 1password: secrets: fn::open::1password-secrets: login: serviceAccountToken: fn::secret: ABC123 get: google_oauth_client_id: ref: "op://dev-vault/google-oauth/username" google_oauth_client_secret: ref: "op://dev-vault/google-oauth/credential" gemini: ref: "op://dev-vault/google-gemini/credential" environmentVariables: GOOGLE_OAUTH_CLIENT_ID: ${1password.secrets.google_oauth_client_id} GOOGLE_OAUTH_CLIENT_SECRET: ${1password.secrets.google_oauth_client_secret} GEMINI_API_KEY: ${1password.secrets.gemini}
Important
Update the secret ref syntax placeholders to match your 1Password Vault and items configuration
Update the serviceAccountToken value
-
Run the Buzz app
ESC_ENV=buzz/app-1p esc run $ESC_ENV go run .