# @nx-extend/gcp-secrets
**Nx plugin to deploy your secrets to [Secret Manager](https://cloud.google.com/secret-manager)**.
## Features
- Encrypt and decrypt secrets locally
- Deploy secrets to Google Cloud Secret Manager
- Label management for secrets
- Configurable update behavior (destroy, delete, or disable)
- Integration with Nx workspace
## Setup
### Prerequisites
- `GCP_SECRETS_ENCRYPTION_KEY` environment variable set with your encryption key
### Install
```sh
npm install -D @nx-extend/gcp-secrets
nx g @nx-extend/gcp-secrets:init
```
## Usage
Add an environment variable named `GCP_SECRETS_ENCRYPTION_KEY` that holds your key to encrypt and decrypt your secrets:
```sh
export GCP_SECRETS_ENCRYPTION_KEY="your-encryption-key"
```
### Decrypt
Decrypt secrets locally:
```sh
nx decrypt
```
#### Available Options
| Name | Type | Default | Description |
|----------------|----------|---------|----------------------------------------|
| **`secret`** | `string` | - | Only decrypt the secret with this name |
### Deploy
Deploy secrets to Google Cloud Secret Manager:
```sh
nx deploy
```
#### Available Options
| Name | Type | Default | Description |
|-----------------|----------|---------|----------------------------------------|
| **`project`** | `string` | - | GCP project to deploy to |
| **`secret`** | `string` | - | Only deploy the secret with this name |
### Encrypt
Encrypt secrets locally:
```sh
nx encrypt
```
#### Available Options
| Name | Type | Default | Description |
|----------------|----------|---------|----------------------------------------|
| **`secret`** | `string` | - | Only encrypt the secret with this name |
## Meta Data Explained
When configuring secrets, you can use the following metadata attributes:
| Attribute | Default | Description |
|------------------|-----------|-------------------------------------------------------------|
| **`status`** | - | Status of the file: `encrypted` or `decrypted` |
| **`labels`** | `[]` | Array of labels to add to the secrets |
| **`onUpdateBehavior`** | `destroy` | What to do when updating: `destroy`, `delete`, or `disable` |