Read GCP proxy EPP SSL secret from GCS

This allows us to not ship the proxy with certificates/private keys. The secret is still encrypted by KMS. Reading the secret only happens once when the first EPP request comes in, which should not incur any tangible performance penalty. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=191771680
2025-05-15 00:47:11 +02:00 · 2018-04-05 11:28:58 -07:00 · 2018-04-05 11:28:58 -07:00 · 983bd27ee0
commit 983bd27ee0
parent 18a145eef1
7 changed files with 55 additions and 12 deletions
--- a/java/google/registry/proxy/terraform/modules/input.tf
+++ b/java/google/registry/proxy/terraform/modules/input.tf
@ -10,6 +10,9 @@ variable "gcr_project_name" {}
 # The base domain name of the proxy, without the whois. or epp. part.
 variable "proxy_domain_name" {}

+# The GCS bucket that stores the encrypted SSL certificate.
+variable "proxy_certificate_bucket" {}
+
 # Cloud KMS keyring name
 variable "proxy_key_ring" {
  default = "proxy-key-ring"