Terraform 中的 GCP 服务帐户密钥管理和使用
[英]GCP Service account key management and usage in Terraform
问题描述
I am creating CI/CD pipeline for Terraform so that my GCP resource creation would be automated.
我正在为 Terraform 创建 CI/CD 管道,以便我的 GCP 资源创建将自动化。 But Terraform needs Service account to do the job, I create the service account and the key is downloaded to my machine, but what should be the correct way to store it so when running Cloud build pipeline so that Terraform would pick on it and execute scripts.但是 Terraform 需要服务帐户来完成这项工作,我创建了服务帐户并将密钥下载到我的机器上,但是在运行 Cloud 构建管道时存储它的正确方法应该是什么,以便 Terraform 可以选择它并执行脚本.
provider "google" {
credentials = file(var.cred_file)
project = var.project_name
region = var.region
}
Is it okay to store this file in Cloud storage bucket ?可以将此文件存储在云存储桶中吗? Or there are some better alternatives ?或者有一些更好的选择?
1 个解决方案
解决方案1
0 已采纳 2020-02-25 18:53:55
On GCP you have the bucket option to keep sensitive information and you can use access control lists (ACLs) to define who has access on your buckets and objects.在 GCP 上,您可以使用存储桶选项来保留敏感信息,并且您可以使用访问控制列表(ACL)来定义谁可以访问您的存储桶和对象。 GCP offers the next options to storage and I think that the better is according with your needs, just ensure that the option provides you the security tools to keep your files safe. GCP 提供了下一个存储选项,我认为最好是满足您的需求,只需确保该选项为您提供安全工具来保证您的文件安全。 I think that once you are Granting permissions to your Cloud Build service account , you can pass the path to the service account key in code我认为一旦您授予Cloud Build 服务帐户的权限,您就可以在代码中传递服务帐户密钥的路径
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.