Is anyone deploying their application to GCP Compute Engine? I wonder a bit about how you are managing secrets.
Are you fetching from GCP Secrets Manager somehow? If yes, where? In some startup script?
1 Like
We run on GCP.
As an organization, we use Doppler for shared secrets. During instance boot (cloud-init.yml) we instruct our instances to download Doppler, install it, and authenticate with a token that is stored in GCP Secrets Manager. We start (and run) our mix release generated Elixir applications with systemd, and use Doppler to inject secrets at run time.
That looks something like this…
ExecStartPre=/usr/bin/doppler run -- /home/ubuntu/bin/app eval App.Release.migrate
ExecStart=/usr/bin/doppler run -- /home/ubuntu/bin/app start
ExecStop=/home/ubuntu/bin/app stop
This injects the environment variables and runtime.exs just picks them up as you would expect.
Happy to explain further if you need.
1 Like
