FAQ | This is a LIVE service | Changelog

Skip to content
Snippets Groups Projects
  • Dr Rich Wareham's avatar
    038ae9f2
    stop using gcloud command to decrypt secrets · 038ae9f2
    Dr Rich Wareham authored
    The Google Cloud KMS is an API driven service with a Python client.
    Mostly for historical reasons stemming from the days when logan was a
    shell script, we use the gcloud command to decrypt secrets.
    
    Move to using the Python client libraries instead. Update the README to
    note that we now use application default credentials which may require
    re-authenticating using gcloud.
    
    The Google client libraries require the grpcio Python libraries which,
    in turn, require installing some extra packages in the alpine-based
    container used to run CI tests.
    
    This is a precursor to using the Secret Manager API to add on-demand
    fetching of secrets to logan.
    038ae9f2
    History
    stop using gcloud command to decrypt secrets
    Dr Rich Wareham authored
    The Google Cloud KMS is an API driven service with a Python client.
    Mostly for historical reasons stemming from the days when logan was a
    shell script, we use the gcloud command to decrypt secrets.
    
    Move to using the Python client libraries instead. Update the README to
    note that we now use application default credentials which may require
    re-authenticating using gcloud.
    
    The Google client libraries require the grpcio Python libraries which,
    in turn, require installing some extra packages in the alpine-based
    container used to run CI tests.
    
    This is a precursor to using the Secret Manager API to add on-demand
    fetching of secrets to logan.
Code owners