Provisioning service account keys for CI/CD pipelines
TypeScriptCreating and managing service account keys is an essential task for CI/CD pipelines because these keys allow your automation systems to authenticate and interact with cloud services on behalf of your application or infrastructure. For example, a service account key might be used by a CI/CD pipeline to deploy resources to a cloud provider.
In this context, we'll write a program using Pulumi and the Google Cloud Platform (GCP) provider since the Pulumi Registry Results include
gcp.serviceAccount.Key
, which is directly relevant for provisioning service account keys for CI/CD pipelines on Google Cloud.Below is a detailed explanation and a TypeScript program that demonstrates how you can use Pulumi to create a GCP service account and then create a key for that service account.
This program does the following:
- Defines a new service account using
gcp.serviceAccount.Account
. - Generates a new key for the service account using
gcp.serviceAccount.Key
. - Exports the key's details for use in your CI/CD pipeline.
Here's the complete program:
import * as pulumi from "@pulumi/pulumi"; import * as gcp from "@pulumi/gcp"; // Create a new GCP Service Account const serviceAccount = new gcp.serviceAccount.Account("my-service-account", { accountId: "my-service-account-id", displayName: "My Service Account", }); // Create a new key for the Service Account const serviceAccountKey = new gcp.serviceAccount.Key("my-service-account-key", { serviceAccountId: serviceAccount.name, publicKeyType: "TYPE_X509_PEM_FILE", }); // Export the Service Account email and private key export const serviceAccountEmail = serviceAccount.email; export const privateKey = serviceAccountKey.privateKey.apply(key => Buffer.from(key,
- Defines a new service account using