Skip to main content

Configuring a GCP Secret Manager

Blink enables seamless integration with a vault established within a customer's personalized environment, guaranteeing secure management of connections within their controlled setting. It's important to note that Blink refrains from storing any confidential data, as it is exclusively maintained within the designated secret manager.

To configure a GCP Secret Manager you need to start a Self-Hosted runner with additional configuration, including the CREDENTIALS and PROJECT_ID.

  1. Navigate your "Google Cloud Platform" account.

  2. Create a GCP IAM Service Account.

Thumbnail
  1. Assign the "Secret Manager Admin" role to the service account.
Thumbnail
  1. Obtain and securely save the Service Account credentials.
Thumbnail
  1. Proceed to the Blink Platform and create a new Runner in your Workspace.
Thumbnail
  1. Set new runner group as default for workspace. On the Runners page, click ThreeDots> Set as default. OR Select the checkbox Set as default in Add new runner group.
Thumbnail
  1. To proceed, click on the Continue button located in the bottom-right corner. This will prompt the opening of a dialogue box where you can access the command required to install the Runner in your environment. Simply copy this command to your clipboard by clicking on the icon positioned in the top-right corner.

  2. Edit the command to add the environment variables you obtained when creating a Service Account: GCP_SECRET_MANAGER_AUTH_TYPE, GCP_SECRET_MANAGER_CREDENTIALS, GCP_SECRET_MANAGER_PROJECT_ID and SECRET_MANAGER_TYPE

  • Docker example command:
docker run -d --name blink-runner -e GCP_SECRET_MANAGER_AUTH_TYPE=<credentials> -e GCP_SECRET_MANAGER_CREDENTIALS=<credentials-json> -e SECRET_MANAGER_TYPE=gcp -e GCP_SECRET_MANAGER_PROJECT_ID=<project_id> -e CTRL_URL="https://app.blinkops.com"
  • Kubernetes command example:
helm install -n blink --create-namespace --set image.tag=<version> --set env.GCP_SECRET_MANAGER_AUTH_TYPE=credentials --set env.SECRET_MANAGER_TYPE=gcp --set-file env.GCP_SECRET_MANAGER_CREDENTIALS=<path-to-credentials-file> --set env.GCP_SECRET_MANAGER_PROJECT_ID=<project_id> --set config.runner.ctrl_url=https://app.blinkops.com
  1. Start the Runner, and it will begin accessing the GCP Secret Manager.