OpenSkillIndex← back to search
claude-codesecurity

Claude-skill-registry gcloud-secrets

Manage Google Cloud Secret Manager for storing and fetching environment secrets. Use when working with deployment, secrets, or gcloud commands.

install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/gcloud-secrets" ~/.claude/skills/majiayu000-claude-skill-registry-gcloud-secrets && rm -rf "$T"
manifest: skills/data/gcloud-secrets/SKILL.md
tags
#gcloud#secret-manager#environment-secrets#deployment#security
source content

Google Cloud Secret Manager

Project Configuration

  • Project ID: 
    myimageupscaler-auth
  • Account: 
    jfurtado141@gmail.com
  • Secrets: 
    • myimageupscaler-api-prod
      .env.api.prod
    • myimageupscaler-client-prod
      .env.client.prod

Setup Commands

# Set correct account and project
gcloud config set account jfurtado141@gmail.com
gcloud config set project myimageupscaler-auth

# Verify access
gcloud secrets list

Common Issues

"Failed to fetch secret" Error

  1. Check current project: 
    gcloud config get-value project
  2. Check current account: 
    gcloud config get-value account
  3. Switch to correct account/project (see above)

Wrong Project

The CLI might default to 

definya-447700
. Always ensure you're on 
myimageupscaler-auth
.

Service Account vs Personal Account

  • Service account 
    cloudstartlabs-service-acc@coldstartlabs-auth.iam.gserviceaccount.com
    does NOT have access to myimageupscaler-auth
  • Use personal account 
    jfurtado141@gmail.com
    for secret access
  • Or use the service account key at 
    ./cloud/keys/myimageupscaler-auth-6348371fe8c6.json
    : 
    gcloud auth activate-service-account --key-file=./cloud/keys/myimageupscaler-auth-6348371fe8c6.json

Deploy Flow

The deploy script (

scripts/deploy/deploy.sh
) fetches secrets in step 0:

  1. Fetches 
    myimageupscaler-api-prod
    .env.api.prod
  2. Fetches 
    myimageupscaler-client-prod
    .env.client.prod
  3. Cleans up these files after deploy (success or failure)

Updating Secrets

# Update API secrets
gcloud secrets versions add myimageupscaler-api-prod --data-file=.env.api

# Update client secrets
gcloud secrets versions add myimageupscaler-client-prod --data-file=.env.client

Important: Always destroy older versions after adding a new one to avoid secret sprawl and reduce security risk:

# List versions to find the old one
gcloud secrets versions list myimageupscaler-api-prod

# Destroy the previous version (replace N with version number)
gcloud secrets versions destroy N --secret=myimageupscaler-api-prod --quiet

Service Account Key Location

Local keys available at:

  • ./cloud/keys/coldstart-labs-service-account-key.json
    (Note: Does not have access to myimageupscaler-auth project)
  • ./cloud/keys/myimageupscaler-auth-6348371fe8c6.json
    (myimageupscaler-auth project)

Important: The 

cloud/keys/
directory is gitignored. Never commit service account keys.