How should I store secrets for use in Google Cloud Platform?

柔情痞子 提交于 2020-07-21 07:07:54

问题


If I had credentials I need to store in Google Compute Engine or Google App Engine for use at build time, how should I store them? Is there something better than storing them in code, or in a bucket?


回答1:


One option is to encrypt the secrets with a key from Cloud KMS, and store them either in a storage bucket or keep them in the binary. This lets you manage permissions and logging on the key, to indirectly manage who accesses the secret.




回答2:


As of December 2019, you should store secrets with Google Secret Manager:

$ echo "ABC1234..." | gcloud beta secrets create "my-api-key" \
  --data-file=- \
  --replication-policy "automatic"

You can use the Secret Manager REST APIs to access secrets, or a client library.



来源:https://stackoverflow.com/questions/41597874/how-should-i-store-secrets-for-use-in-google-cloud-platform

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!