Transferring metadata to VM instances
You can provide metadata to a VM when creating or updating it. Data for connection to a VM can only be provided when creating the VM; moreover, in a VM running Linux, a public SSH key must be provided for each user.
You can only update VM metadata in the user-data folder and in the instance/attributes/* path of the computeMetadata folder. To learn more about updating VM metadata, see Changing VM metadata.
Warning
All metadata, including user-defined metadata, is unencrypted. If the metadata contains sensitive information, make sure to protect it, e.g., through encryption.
Specifics of providing environment variables in metadata via the CLI
With the Yandex Cloud CLI, you can provide both the names of environment variables and the values of local environment variables to the VM metadata. They will be substituted into the new VM's metadata when running the CLI command:
To provide the values of local variables to the VM metadata, specify them in the user-data key in $<variable_name> format. When executing a CLI command, the values of these variables will be substituted into the cloud-init configuration from the environment the command is executed in.
For example:
...
users:
- name: $USER_NAME
...
In this case, when executing the CLI command, the value of the USER_NAME variable will be substituted from the environment running that command. For example, if the environment features a variable named USER_NAME set to my-user, the string supplied to VM metadata will appear as - name: my-user instead of - name: $USER_NAME.
Note
If the variable has no value set in the environment, an empty value will be supplied to the metadata without any error message.
To provide the names of variables instead of values to the metadata in $<variable_name> format, use the two-dollar syntax.
For example:
...
# Save YC params
echo "Saving YC params to the ~/.bashrc"
cat << EOF >> $$HOME/.bashrc
...
In which case the HOME variable value will not be substituted from the environment the CLI command is executed in. Instead, the cat << EOF >> $HOME/.bashrc string will be written to the VM metadata.
For an example of using variables when supplying metadata to a VM via the Yandex Cloud CLI, see Creating a VM with metadata from environment variables.
See also
- Updating VM metadata
- Creating a VM with a custom configuration script
- Creating a VM with metadata from environment variables
- Transferring a Yandex Lockbox secret to a VM through metadata
- VM metadata
- Metadata folders
- Keys processed in public images Yandex Cloud
- Access to VM instance metadata
- Identity document