From 66b5038c6e6ba565d26bbef8065e173da8e7344d Mon Sep 17 00:00:00 2001
From: Anthonios Partheniou <partheniou@google.com>
Date: Wed, 12 Jan 2022 16:27:08 +0000
Subject: [PATCH] chore(python): switch release.sh to use keystore

---
 .../gcp/templates/python_library/.kokoro/release.sh  |  2 +-
 .../python_library/.kokoro/release/common.cfg        | 12 +++++++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/synthtool/gcp/templates/python_library/.kokoro/release.sh b/synthtool/gcp/templates/python_library/.kokoro/release.sh
index 230b26fff..8d06fc9e3 100755
--- a/synthtool/gcp/templates/python_library/.kokoro/release.sh
+++ b/synthtool/gcp/templates/python_library/.kokoro/release.sh
@@ -26,7 +26,7 @@ python3 -m pip install --upgrade twine wheel setuptools
 export PYTHONUNBUFFERED=1
 
 # Move into the package, build the distribution and upload.
-TWINE_PASSWORD=$(cat "${KOKORO_GFILE_DIR}/secret_manager/google-cloud-pypi-token")
+TWINE_PASSWORD=$(cat "${KOKORO_KEYSTORE_DIR}/73713_google-cloud-pypi-token-keystore-1")
 cd github/{{ metadata['repo']['repo'].split('/')[1] }}
 python3 setup.py sdist bdist_wheel
 twine upload --username __token__ --password "${TWINE_PASSWORD}" dist/*
diff --git a/synthtool/gcp/templates/python_library/.kokoro/release/common.cfg b/synthtool/gcp/templates/python_library/.kokoro/release/common.cfg
index edca9fe73..5519cf515 100644
--- a/synthtool/gcp/templates/python_library/.kokoro/release/common.cfg
+++ b/synthtool/gcp/templates/python_library/.kokoro/release/common.cfg
@@ -23,8 +23,18 @@ env_vars: {
     value: "github/{{ metadata['repo']['repo'].split('/')[1] }}/.kokoro/release.sh"
 }
 
+# Fetch PyPI password
+before_action {
+  fetch_keystore {
+    keystore_resource {
+      keystore_config_id: 73713
+      keyname: "google-cloud-pypi-token-keystore-1"
+    }
+  }
+}
+
 # Tokens needed to report release status back to GitHub
 env_vars: {
   key: "SECRET_MANAGER_KEYS"
-  value: "releasetool-publish-reporter-app,releasetool-publish-reporter-googleapis-installation,releasetool-publish-reporter-pem,google-cloud-pypi-token"
+  value: "releasetool-publish-reporter-app,releasetool-publish-reporter-googleapis-installation,releasetool-publish-reporter-pem,google-cloud-pypi-token-keystore-1"
 }