zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-04-30 12:07:51 +02:00
Code Issues Projects Releases Packages Wiki Activity

Use base64-encoded SQL credentials (#314)

Browse source 
* Use base64-encoded SQL credentials

Encode Cloud SQL credential files on gcs with base64,
to be consistent with our Cloud Build practices.

Also renamed a property that specifies where to publish
the schema jar. New name is schema_publish_repo.
This commit is contained in:
Weimin Yu 2019-10-18 11:48:40 -04:00 committed by GitHub
parent d66b3b3d57
commit cd1bbc5501
2 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
db/build.gradle
View file

@ -94,6 +94,7 @@ ext {
def command = def command =
"""gsutil cp \ """gsutil cp \
gs://domain-registry${env}-cloudsql-credentials/${role}_credential.enc - | \ gs://domain-registry${env}-cloudsql-credentials/${role}_credential.enc - | \
base64 -d | \
gcloud kms decrypt --location global --keyring nomulus \ gcloud kms decrypt --location global --keyring nomulus \
--key sql-credentials-on-gcs-key --plaintext-file=- \ --key sql-credentials-on-gcs-key --plaintext-file=- \
--ciphertext-file=- \ --ciphertext-file=- \
@ -118,11 +119,11 @@ artifacts {
publishing { publishing {
repositories { repositories {
maven { maven {
url project.schema_jar_repo url project.schema_publish_repo
} }
} }
publications { publications {
schemaOrmPublication(MavenPublication) { sqlSchemaPublication(MavenPublication) {
groupId 'google.registry' groupId 'google.registry'
artifactId 'schema' artifactId 'schema'
version project.schema_version version project.schema_version

2
gradle.properties
View file

@ -24,5 +24,5 @@ dbPassword=
# Maven repository of the Cloud SQL schema jar, which contains the # Maven repository of the Cloud SQL schema jar, which contains the
# SQL DDL scripts. # SQL DDL scripts.
schema_jar_repo= schema_publish_repo=
schema_version= schema_version=