Trovella Wiki
InfrastructureCloud Resources

Secret Provisioning

How Terraform creates Secret Manager shells and how values flow to environments.

Secret provisioning is fully documented in the Secrets & Configuration topic:

  • GCP Secret Manager — Terraform module, naming conventions, IAM roles, and adding new secrets
  • VM Secret Sync — How sync-secrets-vm.sh pulls secrets from GCP and writes the .env file on the VM
  • CI Secret Access — How CI jobs read secrets via Workload Identity Federation
  • Rotation — Procedures for rotating each secret type

For the Terraform module structure and directory layout, see Terraform Structure.

Workload Identity Federation

How GitHub Actions authenticates to GCP without service account keys using OIDC-based Workload Identity Federation.

Monitoring and Budgets

Cloud Monitoring alert policies, uptime checks, notification channels, and per-project budget thresholds.