DEV Community 👩‍💻👨‍💻

Discussion on: Using Secrets in Google Cloud Functions

guysegal profile image

Hi Dustin, Great article!

There's one thing I didn't understand - why can't I commit the .env.yaml file to the repository?
The secret is encrypted and the only if you have access to the encryption key you can decrypt it.

Assuming you don't have access to the encryption key, what is the risk here?
Because the benefit of committing to the repo is that you have a full and ready to deploy code on your master at any given point.

I understand that exposing the encrypted secret is some kind of a threat, but I guess that if your encryption key was compromised you have bigger problems...

di profile image
Dustin Ingram Author

You're right, it can be included, as long as you're sure all secrets are properly encrypted. (This is also what CI services like Travis do: