Connector for Secret Manager

  # This workflow demonstrates how to use the Secret Manager connector: 
 # Retrieve a secret using three different methods 
 # Expected output: the secret data (thrice) 
 - 
  
 init 
 : 
  
 assign 
 : 
  
 - 
  
 project_id 
 : 
  
 ${sys.get_env("GOOGLE_CLOUD_PROJECT_ID")} 
  
 - 
  
 secret_id 
 : 
  
 "test-secret" 
  
 # Make sure you have this secret and it has a version of 1. 
  
 - 
  
 version 
 : 
  
 "1" 
 # Add data to an existing secret without base-64 encoding 
 - 
  
 add_version_string 
 : 
  
 call 
 : 
  
 googleapis.secretmanager.v1.projects.secrets.addVersionString 
  
 args 
 : 
  
 secret_id 
 : 
  
 ${secret_id} 
  
 project_id 
 : 
  
 ${project_id} 
  
 data 
 : 
  
 "a 
  
 new 
  
 secret" 
 # Retrieve the secret in string format without base-64 decoding and assume 
 # that the secret data is a valid UTF-8 string; if not, raise an error 
 - 
  
 access_string_secret 
 : 
  
 call 
 : 
  
 googleapis.secretmanager.v1.projects.secrets.versions.accessString 
  
 args 
 : 
  
 secret_id 
 : 
  
 ${secret_id} 
  
 version 
 : 
  
 ${version} 
  
 # if not set, "latest" is used 
  
 project_id 
 : 
  
 ${project_id} 
  
 result 
 : 
  
 str_secret 
 # Retrieve the secret in string format without base-64 decoding 
 - 
  
 access_secret 
 : 
  
 call 
 : 
  
 googleapis.secretmanager.v1.projects.secrets.versions.access 
  
 args 
 : 
  
 name 
 : 
  
 ${"projects/" + project_id + "/secrets/" + secret_id + "/versions/" + version} 
  
 result 
 : 
  
 base64_encoded_secret 
 # Retrieve the secret using positional arguments in an expression 
 - 
  
 expression 
 : 
  
 assign 
 : 
  
 - 
  
 secret_str_from_exp 
 : 
  
 ${googleapis.secretmanager.v1.projects.secrets.versions.accessString(secret_id, version, project_id)} 
 - 
  
 the_end 
 : 
  
 return 
 : 
  
 - 
  
 ${str_secret} 
  
 - 
  
 ${text.decode(base64.decode(base64_encoded_secret.payload.data))} 
  
 - 
  
 ${secret_str_from_exp}