🐛 fix: Secret Manager 값을 읽지 못하는 문제 해결

leeseojun34 · leeseojun34 · commit d329072dddd2 · 2025-08-14T20:28:13.000+09:00
배포 시점의 Secret Manager 값을 .env 파일에 저장하여 배포하도록 수정
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -81,7 +81,6 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-
       - name: Deploy to GCP Instance
         uses: appleboy/ssh-action@v1.1.0
         with:
@@ -92,29 +91,91 @@ jobs:
           script: |
             cd $HOME/project
             
+            echo "Updating .env file with latest Secret Manager values..."
+            
+            # .env 파일 백업
+            cp .env .env.backup.$(date +%Y%m%d_%H%M%S)
+            
+            # Secret Manager 관련 라인들 제거
+            sed -i '/^DB_URL=/d' .env
+            sed -i '/^JWT_SECRET=/d' .env
+            sed -i '/^GOOGLE_CLIENT_ID=/d' .env
+            sed -i '/^GOOGLE_CLIENT_SECRET=/d' .env
+            sed -i '/^GOOGLE_API_KEY=/d' .env
+            sed -i '/^GOOGLE_CALENDAR_REDIRECT_URI=/d' .env
+            sed -i '/^OAUTH_REDIRECT_URI=/d' .env
+            sed -i '/^KAKAO_CLIENT_ID=/d' .env
+            sed -i '/^KAKAO_CLIENT_SECRET=/d' .env
+            sed -i '/^KAKAO_API_KEY=/d' .env
+            sed -i '/^ZOOM_ACCOUNT_ID=/d' .env
+            sed -i '/^ZOOM_CLIENT_ID=/d' .env
+            sed -i '/^ZOOM_CLIENT_SECRET=/d' .env
+            sed -i '/^GCP_IP=/d' .env
+            sed -i '/^FRONT_DOMAIN_A=/d' .env
+            sed -i '/^FRONT_DOMAIN_B=/d' .env
+            sed -i '/^FRONT_CALLBACK=/d' .env
+            sed -i '/^REDIS_HOST=/d' .env
+            sed -i '/^REDIS_PORT=/d' .env
+            
+            # Secret Manager에서 최신 값들을 가져와서 .env에 추가
+            echo "" >> .env
+            echo "DB_URL=$(gcloud secrets versions access latest --secret='db-url')" >> .env
+            echo "JWT_SECRET=$(gcloud secrets versions access latest --secret='jwt-secret')" >> .env
+            echo "GOOGLE_CLIENT_ID=$(gcloud secrets versions access latest --secret='google-client-id')" >> .env
+            echo "GOOGLE_CLIENT_SECRET=$(gcloud secrets versions access latest --secret='google-client-secret')" >> .env
+            echo "GOOGLE_API_KEY=$(gcloud secrets versions access latest --secret='google-api-key')" >> .env
+            echo "GOOGLE_CALENDAR_REDIRECT_URI=$(gcloud secrets versions access latest --secret='google-calendar-redirect-uri')" >> .env
+            echo "OAUTH_REDIRECT_URI=$(gcloud secrets versions access latest --secret='oauth-redirect-uri')" >> .env
+            echo "KAKAO_CLIENT_ID=$(gcloud secrets versions access latest --secret='kakao-client-id')" >> .env
+            echo "KAKAO_CLIENT_SECRET=$(gcloud secrets versions access latest --secret='kakao-client-secret')" >> .env
+            echo "KAKAO_API_KEY=$(gcloud secrets versions access latest --secret='kakao-api-key')" >> .env
+            echo "ZOOM_ACCOUNT_ID=$(gcloud secrets versions access latest --secret='zoom-account-id')" >> .env
+            echo "ZOOM_CLIENT_ID=$(gcloud secrets versions access latest --secret='zoom-client-id')" >> .env
+            echo "ZOOM_CLIENT_SECRET=$(gcloud secrets versions access latest --secret='zoom-client-secret')" >> .env
+            echo "GCP_IP=$(gcloud secrets versions access latest --secret='gcp-ip')" >> .env
+            echo "FRONT_DOMAIN_A=$(gcloud secrets versions access latest --secret='front-domain-A')" >> .env
+            echo "FRONT_DOMAIN_B=$(gcloud secrets versions access latest --secret='front-domain-B')" >> .env
+            echo "FRONT_CALLBACK=$(gcloud secrets versions access latest --secret='front-callback')" >> .env
+            echo "REDIS_HOST=$(gcloud secrets versions access latest --secret='redis-host')" >> .env
+            echo "REDIS_PORT=$(gcloud secrets versions access latest --secret='redis-port')" >> .env
+            
+            echo "Updated Secret Manager Values"
+            
+            echo "Stopping existing containers..."
             sudo docker-compose down || true
             
+            echo "Cleaning up old images..."
             sudo docker image prune -f
-            sudo docker rmi ${{ secrets.DOCKER_USERNAME }}/ittaeok-gcp:latest || true
+            sudo docker rmi ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE_NAME }}:latest || true
             sudo docker system prune -f || true
             
-            sudo docker pull ${{ secrets.DOCKER_USERNAME }}/ittaeok-gcp:latest --disable-content-trust
+            echo "Pulling latest image..."
+            sudo docker pull ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE_NAME }}:latest --disable-content-trust
             
+            echo "Starting containers with updated configuration..."
             sudo docker-compose up -d
             
+            echo "Container status:"
             sudo docker-compose ps
             
-            sleep 10
-            sudo docker-compose logs --tail=20
+            echo "Waiting for application to start..."
+            sleep 15
+            
+            echo "Recent logs:"
+            sudo docker-compose logs --tail=30
             
             echo "=== Deployed Image Info ==="
-            sudo docker images | grep ittaeok-gcp
+            sudo docker images | grep ${{ secrets.DOCKER_IMAGE_NAME }}
             
             echo "=== Container Info ==="
             sudo docker ps | grep ittaeok
+            
+            echo "=== Environment Variables Verification ==="
+            sudo docker exec ittaeok env | grep -E "(DB_URL|JWT_SECRET|REDIS_HOST)" | head -3
 
       - name: Deployment completed
         run: |
           echo "Deployment completed successfully"
           echo "Deployed commit: ${{ github.sha }}"
-          echo "Repository: ${{ github.repository }}"
+          echo "Repository: ${{ github.repository }}"
+          echo "Secret Manager values automatically updated"
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -40,7 +40,7 @@ services:
       start_period: 30s
 
   ittaeok-container:
-    image: ${DOCKER_IMAGES_NAME} # ex: leeseojun/ittaeok:latest
+    image: ${DOCKER_IMAGES_NAME}
     container_name: ittaeok
     restart: always
     depends_on:
@@ -52,20 +52,41 @@ services:
       - "80:80"
       - "443:443"
     environment:
-      - SPRING_DATASOURCE_URL=jdbc:mysql://mysql-container:3306/ittaeok?useSSL=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Seoul
-      - SPRING_DATASOURCE_USERNAME=ittaeok_user
-      - SPRING_DATASOURCE_PASSWORD=1234
-      
-      - SPRING_DATA_REDIS_HOST=redis-container
-      - SPRING_DATA_REDIS_PORT=6379
-      - SPRING_DATA_REDIS_PASSWORD=${REDIS_PASSWORD}
-      - SPRING_DATA_REDIS_SSL_ENABLED=false
-      
-      - GOOGLE_APPLICATION_CREDENTIALS=${GOOGLE_APPLICATION_CREDENTIALS}
-      - GOOGLE_CLOUD_PROJECT=${GOOGLE_CLOUD_PROJECT}
-      
-      - SPRING_CLOUD_GCP_SECRETMANAGER_ENABLED="true"
-      - SPRING_CLOUD_GCP_PROJECT_ID=${GOOGLE_CLOUD_PROJECT}
+      # Database
+      - DB_URL=${DB_URL}
+      - MYSQL_USER=${MYSQL_USER}
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
+
+      # Redis
+      - REDIS_HOST=${REDIS_HOST}
+      - REDIS_PORT=${REDIS_PORT}
+      - REDIS_PASSWORD=${REDIS_PASSWORD}
+
+      # JWT
+      - JWT_SECRET=${JWT_SECRET}
+
+      # Google
+      - GOOGLE_CLIENT_ID=${GOOGLE_CLIENT_ID}
+      - GOOGLE_CLIENT_SECRET=${GOOGLE_CLIENT_SECRET}
+      - GOOGLE_API_KEY=${GOOGLE_API_KEY}
+      - OAUTH_REDIRECT_URI=${OAUTH_REDIRECT_URI}
+      - GOOGLE_CALENDAR_REDIRECT_URI=${GOOGLE_CALENDAR_REDIRECT_URI}
+
+      # Kakao
+      - KAKAO_CLIENT_ID=${KAKAO_CLIENT_ID}
+      - KAKAO_CLIENT_SECRET=${KAKAO_CLIENT_SECRET}
+      - KAKAO_API_KEY=${KAKAO_API_KEY}
+
+      # Zoom
+      - ZOOM_ACCOUNT_ID=${ZOOM_ACCOUNT_ID}
+      - ZOOM_CLIENT_ID=${ZOOM_CLIENT_ID}
+      - ZOOM_CLIENT_SECRET=${ZOOM_CLIENT_SECRET}
+
+      # URL
+      - GCP_IP=${GCP_IP}
+      - FRONT_DOMAIN_A=${FRONT_DOMAIN_A}
+      - FRONT_DOMAIN_B=${FRONT_DOMAIN_B}
+      - FRONT_CALLBACK=${FRONT_CALLBACK}
     volumes:
       - ./gcp-key.json:/app/gcp-key.json:ro
     networks:
diff --git a/src/main/resources-env/prod/application.yml b/src/main/resources-env/prod/application.yml
@@ -3,9 +3,9 @@ server:
 
 spring:
   datasource:
-    url: ${sm://db-url}
-    username: ${sm://db-username}
-    password: ${sm://db-password}
+    url: ${DB_URL}
+    username: ${MYSQL_USER}
+    password: ${MYSQL_PASSWORD}
     hikari:
       connection-timeout: 30000
       maximum-pool-size: 10
@@ -26,10 +26,10 @@ spring:
       lifecycle-management: start-only
   data:
     redis:
-      host: ${sm://redis-host}
-      port: ${sm://redis-port}
+      host: ${REDIS_HOST}
+      port: ${REDIS_PORT}
+      password: ${REDIS_PASSWORD}
       username: default
-      password: ${sm://redis-password}
       ssl:
         enabled: true
   security:
@@ -38,19 +38,19 @@ spring:
         registration:
           google:
             client-name: google
-            client-id: ${sm://google-client-id}
-            client-secret: ${sm://google-client-secret}
-            redirect-uri: "https://api.ittaeok.com/login/oauth2/code/{registrationId}" # SM 붙이기
+            client-id: ${GOOGLE_CLIENT_ID}
+            client-secret: ${GOOGLE_CLIENT_SECRET}
+            redirect-uri: ${OAUTH_REDIRECT_URI}
             authorization-grant-type: authorization_code
             scope:
               - openid
               - email
               - profile
           kakao:
             client-name: kakao
-            client-id: ${sm://kakao-client-id}
-            client-secret: ${sm://kakao-client-secret}
-            redirect-uri: "https://api.ittaeok.com/login/oauth2/code/{registrationId}" # SM 붙이기
+            client-id: ${KAKAO_CLIENT_ID}
+            client-secret: ${KAKAO_CLIENT_SECRET}
+            redirect-uri: ${OAUTH_REDIRECT_URI}
             authorization-grant-type: authorization_code
             client-authentication-method: client_secret_post
             scope:
@@ -67,22 +67,21 @@ springdoc:
 jwt:
   expiration: 604800000
   refresh-expiration: 704800000
-  secret: ${sm://jwt-secret}
+  secret: ${JWT_SECRET}
 google:
   calendar:
-    client-id: ${sm://google-client-id}
-    client-secret: ${sm://google-client-secret}
-    redirect-uri: "https://api.ittaeok.com/oauth2/callback/google-calendar" # SM 붙이기
+    client-id: ${google-client-id}
+    client-secret: ${google-client-secret}
+    redirect-uri: ${google-calendar_redirect_uri}
   api:
-    key: ${sm://google-api-key}
+    key: ${GOOGLE_API_KEY}
 zoom:
-  client-id: ${sm://zoom-client-id}
-  client-secret: ${sm://zoom-client-secret}
-  redirect-uri: ${sm://zoom-redirect-uri}
-  refresh-token: ${sm://zoom-refresh-token}
+  account-id: ${ZOOM_ACCOUNT_ID}
+  client-id: ${ZOOM_CLIENT_ID}
+  client-secret: ${ZOOM_CLIENT_SECRET}
 kakao:
   middle-location:
-    api-key: ${sm://kakao-api-key}
+    api-key: ${KAKAO_API_KEY}
 logging:
   level:
     org.springframework.cloud.gcp.secretmanager: DEBUG
@@ -95,8 +94,8 @@ logging:
             sql: info
 
 url:
-  backend: https://api.ittaeok.com # SM 붙이기
+  backend: ${GCP_IP}
 front-server:
-  domain-A: https://ittaeok.com # SM 붙이기
-  domain-B: https://www.ittaeok.com # SM 붙이기
-  redirect-url: https://ittaeok.com/auth/callback # SM 붙이기
+  domain-A: ${FRONT_DOMAIN_A}
+  domain-B: ${FRONT_DOMAIN_B}
+  redirect-url: ${FRONT_CALLBACK}
