Google Cloud Secret Manager is a secure and convenient method for storing API keys, passwords, certificates, and other sensitive data. Apereo CAS is also able to use Google Cloud Secret Manager to locate properties and settings. In this tutorial, we will briefly look at the configuration options required to connect CAS with Google Cloud Secret Manager.
Our starting position is as follows:
7.1.x
21
You will need to instruct Spring Cloud GCP to connect to Google Cloud. For a deployment that is not running in a GGP environment, this requires that you set up the following environment variable:
export GOOGLE_APPLICATION_CREDENTIALS=/path/to/gcp.json
You can use the GOOGLE_APPLICATION_CREDENTIALS
environment variable to provide the location of a credential JSON file. This JSON file can be a credential configuration file.
You can provide user credentials by running the gcloud auth application-default login
command. This command places a JSON file containing the credentials you provide (usually from your own Google Account) in a well-known location on your file system. The location depends on your operating system:
$HOME/.config/gcloud/application_default_credentials.json
%APPDATA%\gcloud\application_default_credentials.json
Once you have the right module in place, you may then instruct your CAS deployment to fetch secrets from Google Cloud Secret Manager and assign them to CAS settings. For example:
cas.tgc.crypto.encryption.key=${sm://my-encryption-key}
Note that the name of the secret can be of your choosing. The above format is the shortest form; we specify secret ID and use the default project and latest version of the secret.
If you have questions about the contents and the topic of this blog post, or if you need additional guidance and support, feel free to send us a note and ask about consulting and support services.
I hope this review was of some help to you and I am sure that both this post as well as the functionality it attempts to explain can be improved in any number of ways. Please feel free to engage and contribute as best as you can.
Happy Coding,
Monday-Friday
9am-6pm, Central European Time
7am-1pm, U.S. Eastern Time
Monday-Friday
9am-6pm, Central European Time