-
Dr Rich Wareham authoredThe Google Cloud KMS is an API driven service with a Python client. Mostly for historical reasons stemming from the days when logan was a shell script, we use the gcloud command to decrypt secrets. Move to using the Python client libraries instead. Update the README to note that we now use application default credentials which may require re-authenticating using gcloud. The Google client libraries require the grpcio Python libraries which, in turn, require installing some extra packages in the alpine-based container used to run CI tests. This is a precursor to using the Secret Manager API to add on-demand fetching of secrets to logan.
Dr Rich Wareham authoredThe Google Cloud KMS is an API driven service with a Python client. Mostly for historical reasons stemming from the days when logan was a shell script, we use the gcloud command to decrypt secrets. Move to using the Python client libraries instead. Update the README to note that we now use application default credentials which may require re-authenticating using gcloud. The Google client libraries require the grpcio Python libraries which, in turn, require installing some extra packages in the alpine-based container used to run CI tests. This is a precursor to using the Secret Manager API to add on-demand fetching of secrets to logan.
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
Dockerfile 583 B