FAQ | This is a LIVE service | Changelog

Skip to content
Snippets Groups Projects
Select Git revision
0 results
Blame Permalink
  • Dr Rich Wareham's avatar
    038ae9f2
    stop using gcloud command to decrypt secrets · 038ae9f2
    Dr Rich Wareham authored 
    The Google Cloud KMS is an API driven service with a Python client.
Mostly for historical reasons stemming from the days when logan was a
shell script, we use the gcloud command to decrypt secrets.

Move to using the Python client libraries instead. Update the README to
note that we now use application default credentials which may require
re-authenticating using gcloud.

The Google client libraries require the grpcio Python libraries which,
in turn, require installing some extra packages in the alpine-based
container used to run CI tests.

This is a precursor to using the Secret Manager API to add on-demand
fetching of secrets to logan.
    038ae9f2
    History
    stop using gcloud command to decrypt secrets
    Dr Rich Wareham authored 
    The Google Cloud KMS is an API driven service with a Python client.
Mostly for historical reasons stemming from the days when logan was a
shell script, we use the gcloud command to decrypt secrets.

Move to using the Python client libraries instead. Update the README to
note that we now use application default credentials which may require
re-authenticating using gcloud.

The Google client libraries require the grpcio Python libraries which,
in turn, require installing some extra packages in the alpine-based
container used to run CI tests.

This is a precursor to using the Secret Manager API to add on-demand
fetching of secrets to logan.
Code owners