This image extends the formio/formio-enterprise default image by
fetching environment variables from the GCP Secrets Manager.
This ensures that sensitive environment variables such as MONGO and LICENSE
are fetched dynamically when the container starts rather than set from the host.
The SECRET_ID environment variable needs to be set to the GCP secret ressource id.
All environment variables to be fetched from GCP Secret Manager need to have a value of fromSecret.
-
Dockerfile: Simple docker file that extends the base image. -
secrets.js: Fetches the environment variables from GCP Secrets Manager and then runs the main image.
Prerequisites : Install and start docker.
-
Create a service account and download its credentials file. (DO NOT use an existing service account, it's easy to mistakenly push the credentials to GitHub)
-
Give the service account read permissions on the secret.
-
Place the credentials file in this working directory and uncomment the
COPYcommand inDockerfile. -
Build the image:
docker build -t custom-formio . -
Run the image:
docker container run \ -d --rm -e GOOGLE_APPLICATION_CREDENTIALS=/src/credentials.json -p 80:80 custom-formio -
Visit
localhostto access the website. -
Delete service account, remove permissions from secrets manager.
-
Add the environment variable to cloud run and set the value to
fromSecret. -
Update the secret in GCP Secret Manager by adding your environment variable to the JSON.