diff --git a/spartan/scripts/setup_gcp_secrets.sh b/spartan/scripts/setup_gcp_secrets.sh index e363f3026824..6acfaad9331b 100755 --- a/spartan/scripts/setup_gcp_secrets.sh +++ b/spartan/scripts/setup_gcp_secrets.sh @@ -65,8 +65,6 @@ mask_secret_value() { echo "::add-mask::$element" done fi - - echo "$secret_value" } # Map of environment variables to GCP secret names @@ -102,14 +100,14 @@ for env_var in "${!SECRET_MAPPINGS[@]}"; do if grep -q "^${env_var}=REPLACE_WITH_GCP_SECRET" "$ENV_FILE"; then # Export the secret value secret_file=$(get_secret "$secret_name") - secret_value=$(mask_secret_value "$env_var" "$secret_file") - export $env_var="${secret_value}" + mask_secret_value "$env_var" "$secret_file" + export $env_var="$(cat "$secret_file")" elif grep -q "^${env_var}=REPLACE_WITH_GCP_SECRET/" "$ENV_FILE"; then # Handle cases like STORE_SNAPSHOT_URL=REPLACE_WITH_GCP_SECRET/network/ suffix=$(grep "^${env_var}=REPLACE_WITH_GCP_SECRET/" "$ENV_FILE" | cut -d'/' -f2-) secret_file=$(get_secret "$secret_name") - secret_value=$(mask_secret_value "$env_var" "$secret_file") - export $env_var='${secret_value}/'$suffix + mask_secret_value "$env_var" "$secret_file" + export $env_var="$(cat $secret_file)/$suffix" elif grep -q "^${env_var}=.*REPLACE_WITH_GCP_SECRET" "$ENV_FILE"; then # Replace inline occurrences within the value, preserving surrounding content full_value=$(grep "^${env_var}=" "$ENV_FILE" | cut -d'=' -f2-) @@ -118,7 +116,8 @@ for env_var in "${!SECRET_MAPPINGS[@]}"; do full_value="${full_value:1:-1}" fi secret_file=$(get_secret "$secret_name") - secret_value=$(mask_secret_value "$env_var" "$secret_file") + mask_secret_value "$env_var" "$secret_file" + secret_value="$(cat "$secret_file")" replaced_value="${full_value//REPLACE_WITH_GCP_SECRET/$secret_value}" export $env_var="$replaced_value" fi