Javascript Unavailable
Your browser has turned off or does not support Javascript. If you disable Javascript, you may be unable to use the content and features of this website. Please check your browser settings again, and make sure Javascript is enabled.

Content Unavailable
Your browser is blocking content on this website. Please check your browser settings and try again.

Google Cloud Secret Manager is a secure and convenient method for storing API keys, passwords, certificates, and other sensitive data. Apereo CAS is also able to use Google Cloud Secret Manager to locate properties and settings. In this tutorial, we will briefly look at the configuration options required to connect CAS with Google Cloud Secret Manager.

Our starting position is as follows:

CAS 7.1.x
Java 21

Google Application Credentials

You will need to instruct Spring Cloud GCP to connect to Google Cloud. For a deployment that is not running in a GGP environment, this requires that you set up the following environment variable:

export GOOGLE_APPLICATION_CREDENTIALS=/path/to/gcp.json

You can use the GOOGLE_APPLICATION_CREDENTIALS environment variable to provide the location of a credential JSON file. This JSON file can be a credential configuration file.

You can provide user credentials by running the gcloud auth application-default login command. This command places a JSON file containing the credentials you provide (usually from your own Google Account) in a well-known location on your file system. The location depends on your operating system:

Linux, macOS: $HOME/.config/gcloud/application_default_credentials.json
Windows: %APPDATA%\gcloud\application_default_credentials.json

CAS Configuration

Once you have the right module in place, you may then instruct your CAS deployment to fetch secrets from Google Cloud Secret Manager and assign them to CAS settings. For example:

cas.tgc.crypto.encryption.key=${sm://my-encryption-key}

Note that the name of the secret can be of your choosing. The above format is the shortest form; we specify secret ID and use the default project and latest version of the secret.

Need Help?

If you have questions about the contents and the topic of this blog post, or if you need additional guidance and support, feel free to send us a note and ask about consulting and support services.

So…

I hope this review was of some help to you and I am sure that both this post as well as the functionality it attempts to explain can be improved in any number of ways. Please feel free to engage and contribute as best as you can.

Happy Coding,

Misagh Moayyed

info@fawnoos.com

Monday-Friday

9am-6pm, Central European Time

7am-1pm, U.S. Eastern Time
+1 347 746 4665

Monday-Friday

9am-6pm, Central European Time

← Previous Post Next Post →

Google Application Credentials

CAS Configuration

Need Help?

So…

info@fawnoos.com

+1 347 746 4665