Compatibility with Google Secret Manager
I would like to use Google Secret Manager secrets in my pipeline. Unfortunately I have realized that this does not work with this job template.
It looks like the secret provider requires exact variable names, although the token itself must be referenced at then end. I can only use secrets with the following definition.
Shouldn't the provider not care what the variables and id_tokens are called or should the variables in the template be renamed?
my-job:
id_tokens:
GCP_ID_TOKEN:
aud: https://iam.googleapis.com/projects/${GCP_PROJECT_NUMBER}/locations/global/workloadIdentityPools/${GCP_WORKLOAD_IDENTITY_FEDERATION_POOL_ID}/providers/${GCP_WORKLOAD_IDENTITY_FEDERATION_PROVIDER_ID}
variables:
GCP_PROJECT_NUMBER: 123
GCP_WORKLOAD_IDENTITY_FEDERATION_POOL_ID: abc
GCP_WORKLOAD_IDENTITY_FEDERATION_PROVIDER_ID: abc
secrets:
DATABASE_PASSWORD:
gcp_secret_manager:
name: test
token: $GCP_ID_TOKEN