1
0
mirror of https://github.com/google/nomulus synced 2026-04-19 15:55:21 +00:00

Add Cloud KMS based secret storage

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=147791972
This commit is contained in:
shikhman
2017-02-16 17:55:19 -08:00
committed by Ben McIlwain
parent ab6e7b177a
commit be30ecdf66
24 changed files with 2255 additions and 0 deletions

View File

@@ -867,6 +867,24 @@ public final class RegistryConfig {
return config.registryPolicy.greetingServerId;
}
/**
* The name to use for the Cloud KMS KeyRing containing encryption keys for Nomulus secrets.
*
* @see <a
* href="https://cloud.google.com/kms/docs/reference/rest/v1beta1/projects.locations.keyRings#KeyRing">projects.locations.keyRings</a>
*/
@Provides
@Config("cloudKmsKeyRing")
public static String provideCloudKmsKeyRing(RegistryConfigSettings config) {
return config.kms.keyringName;
}
@Provides
@Config("cloudKmsProjectId")
public static String provideCloudKmsProjectId(RegistryConfigSettings config) {
return config.kms.projectId;
}
@Provides
@Config("customLogicFactoryClass")
public static String provideCustomLogicFactoryClass(RegistryConfigSettings config) {

View File

@@ -31,6 +31,7 @@ public class RegistryConfigSettings {
public Misc misc;
public Rdap rdap;
public Braintree braintree;
public Kms kms;
/** Configuration options that apply to the entire App Engine project. */
public static class AppEngine {
@@ -78,6 +79,12 @@ public class RegistryConfigSettings {
public int baseOfyRetryMillis;
}
/** Configuration for Cloud KMS. */
public static class Kms {
public String keyringName;
public String projectId;
}
/** Configuration for caching. */
public static class Caching {
public int singletonCacheRefreshSeconds;

View File

@@ -182,3 +182,11 @@ braintree:
# currency). For example, one entry might be:
# USD: accountIdUsingUSD
merchantAccountIdsMap: {}
kms:
# GCP project containing the KMS keyring. Should only be used for KMS in
# order to keep a simple locked down IAM configuration.
projectId: registry-kms-project-id
# The name to use for the Cloud KMS KeyRing which will store encryption keys
# for Nomulus secrets.
keyringName: nomulus