zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-12 22:38:16 +02:00
Code Issues Projects Releases Packages Wiki Activity

Read GCP proxy EPP SSL secret from GCS

Browse source 
This allows us to not ship the proxy with certificates/private keys. The secret is still encrypted by KMS. Reading the secret only happens once when the first EPP request comes in, which should not incur any tangible performance penalty.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=191771680
This commit is contained in:
jianglai 2018-04-05 11:28:58 -07:00 committed by Ben McIlwain
parent 18a145eef1
commit 983bd27ee0
7 changed files with 55 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

8
java/google/registry/proxy/ProxyConfig.java
View file

@ -37,7 +37,7 @@ public class ProxyConfig {
public List<String> gcpScopes;
public int accessTokenValidPeriodSeconds;
public int accessTokenRefreshBeforeExpirySeconds;
public String sslPemFilename;
public Gcs gcs;
public Kms kms;
public Epp epp;
public Whois whois;
@ -45,6 +45,12 @@ public class ProxyConfig {
public HttpsRelay httpsRelay;
public Metrics metrics;
/** Configuration options that apply to GCS. */
public static class Gcs {
public String bucket;
public String sslPemFilename;
}
/** Configuration options that apply to Cloud KMS. */
public static class Kms {
public String location;