Forked from ljulliar/encryt_secrets_with_cloud_kms.sh
Created
March 27, 2020 11:09
-
-
Save kevinmcalear/5909e12266eb69ba6ce245a138c1d36a to your computer and use it in GitHub Desktop.
Encrypt secrets with Cloud KMS (Photo Album on Google Cloud Run)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create a key ring where to hook your encrypted keys | |
| gcloud kms keyrings create photo-album --location=us-central1 | |
| # Encrypt the credentials of the cloud runner service account | |
| gcloud kms keys create photo_album_runner_key --location us-central1 \ | |
| --keyring photo-album --purpose encryption | |
| gcloud kms encrypt - location us-central1 --keyring photo-album \ | |
| --key photo_album_runner_key --plaintext-file ./config/photo_album_runner.key \ | |
| --ciphertext-file ./config/photo_album_runner.key.enc | |
| # Do the same with the Rails master key file | |
| gcloud kms keys create rails_master_key --location us-central1 \ | |
| --keyring photo-album --purpose encryption | |
| gcloud kms encrypt --location us-central1 --keyring photo-album \ | |
| --key rails_master_key --plaintext-file ./config/master.key \ | |
| --ciphertext-file ./config/master.key.enc | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment