Read GCP proxy EPP SSL secret from GCS

This allows us to not ship the proxy with certificates/private keys. The secret is still encrypted by KMS. Reading the secret only happens once when the first EPP request comes in, which should not incur any tangible performance penalty. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=191771680
2025-06-27 14:54:51 +02:00 · 2018-04-05 11:28:58 -07:00 · 2018-04-05 11:28:58 -07:00 · 983bd27ee0
commit 983bd27ee0
parent 18a145eef1
7 changed files with 55 additions and 12 deletions
--- a/java/google/registry/proxy/terraform/example_config.tf
+++ b/java/google/registry/proxy/terraform/example_config.tf
@ -7,11 +7,12 @@ terraform {
 }

 module "proxy" {
-  source               = "../../modules"
-  proxy_project_name   = "YOUR_PROXY_PROJECT"
-  nomulus_project_name = "YOUR_NOMULUS_GPROJECT"
-  gcr_project_name     = "YOUR_GCR_PROJECT"
-  proxy_domain_name    = "YOUR_PROXY_DOMAIN"
+  source                   = "../../modules"
+  proxy_project_name       = "YOUR_PROXY_PROJECT"
+  nomulus_project_name     = "YOUR_NOMULUS_GPROJECT"
+  gcr_project_name         = "YOUR_GCR_PROJECT"
+  proxy_domain_name        = "YOUR_PROXY_DOMAIN"
+  proxy_certificate_bucket = "YOU_CERTIFICATE_BUCKET"
 }

 output "proxy_service_account_client_id" {