Connecting Google App Engine with Secret Manager to PostgreSQL

Learn how to securely connect Google App Engine with Secret Manager to your managed PostgreSQL database in Google Cloud. Follow this comprehensive guide to resolve common issues and smoothly implement your connection.
---
This video is based on the question https://stackoverflow.com/q/70435880/ asked by the user 'Micah' ( https://stackoverflow.com/u/94958/ ) and on the answer https://stackoverflow.com/a/70435881/ provided by the user 'Micah' ( https://stackoverflow.com/u/94958/ ) at 'Stack Overflow' website. Thanks to these great users and Stackexchange community for their contributions.

Visit these links for original content and any more details, such as alternate solutions, latest updates/developments on topic, comments, revision history etc. For example, the original title of the Question was: How to connect google app engine with secret manager to Postgres?

Also, Content (except music) licensed under CC BY-SA https://meta.stackexchange.com/help/l...
The original Question post is licensed under the 'CC BY-SA 4.0' ( https://creativecommons.org/licenses/... ) license, and the original Answer post is licensed under the 'CC BY-SA 4.0' ( https://creativecommons.org/licenses/... ) license.

If anything seems off to you, please feel free to write me at vlogize [AT] gmail [DOT] com.
---
How to Connect Google App Engine with Secret Manager to PostgreSQL

Are you facing difficulty connecting Google App Engine (GAE) with the Google Cloud Secret Manager to access a managed PostgreSQL database? The error message "7 PERMISSION_DENIED: Permission denied on resource project DATABASE_USER" can be a headache, but fear not! In this post, we will break down the solution step-by-step, ensuring you can securely connect your applications to your database with ease.

Understanding the Issue

In many cases, when developing applications on Google Cloud, it’s essential to manage sensitive information like database credentials securely. The Google Secret Manager allows you to achieve this. However, the connection from GAE to your PostgreSQL database may falter if proper access permissions aren't configured correctly.

In this guide, we’ll walk you through the steps required to connect GAE with Secret Manager and resolve authorization errors like the one mentioned above.

Steps to Connect GAE with Secret Manager to PostgreSQL

1. Grant Secrets Access to the GAE Service Account

Before diving into code, ensure that your GAE service account has the necessary permissions to access secrets stored in the Secret Manager. Here’s how you can do this:

Navigate to the IAM & Admin section of your Google Cloud Platform.

Locate the service account associated with your Google App Engine project.

Assign the Secret Manager Secret Accessor role to this account.

2. Using the Code to Retrieve ENV Variables

Once the permissions are correctly set, use the following code snippet in your Node.js/TypeScript application to retrieve environment variables from the Secret Manager:

[[See Video to Reveal this Text or Code Snippet]]

Key Points to Note

The value for DATABASE_HOST must follow the Connection Name format found in the SQL tab of your Google Cloud Console. Ensure you use something like project-id:us-central1:db-name.

Use deasync to handle asynchronous calls synchronously, allowing for immediate access to your secrets within a synchronous coding structure.

Conclusion

By following these structured steps, you should be able to connect your Google App Engine application with Secret Manager to your Google Cloud PostgreSQL database seamlessly. Remember to always secure your credentials using the Secret Manager and grant the right permissions to ensure smooth access.

If you continue to face issues, check the service account's permissions and ensure that all required secrets are created in the Secret Manager.

With this guide, you are now equipped to tackle permission-related issues and enhance the security of your application by properly managing your sensitive data.