Commit 914b85ea authored by Preksha Beohar-Slb's avatar Preksha Beohar-Slb
Browse files

Merge branch 'master' into audit-log

parents 3389130b d4b68844
Pipeline #48723 failed with stages
in 16 seconds
......@@ -10,4 +10,5 @@ data:
PARTITION_ADMIN_ACCOUNT: "{{ .Values.data.partition_admin_account }}"
GOOGLE_AUDIENCES: "{{ .Values.data.google_audiences }}"
KEY_RING: "{{ .Values.data.key_ring }}"
KMS_KEY: "{{ .Values.data.kms_key }}"
LOG_LEVEL: "{{ .Values.data.log_level }}"
......@@ -3,6 +3,7 @@ data:
partition_admin_account: ""
google_audiences: ""
key_ring: ""
kms_key: ""
log_level: ""
conf:
......
......@@ -24,6 +24,9 @@ In order to run the service locally or remotely, you will need to have the follo
| `GOOGLE_AUDIENCES` | ex `*****.apps.googleusercontent.com` | Client ID for getting access to cloud resources | yes | https://console.cloud.google.com/apis/credentials |
| `PARTITION_ADMIN_ACCOUNT` | ex `admin@domen.iam.gserviceaccount.com` | Partition Admin account email | no | - |
| `GOOGLE_APPLICATION_CREDENTIALS` | ex `/path/to/directory/service-key.json` | Service account credentials, you only need this if running locally | yes | https://console.cloud.google.com/iam-admin/serviceaccounts |
| `KEY_RING` | ex `csqp` | A key ring holds keys in a specific Google Cloud location and permit us to manage access control on groups of keys | yes | https://cloud.google.com/kms/docs/resource-hierarchy#key_rings |
| `KMS_KEY` | ex `partitionService` | A key exists on one key ring linked to a specific location. | yes | https://cloud.google.com/kms/docs/resource-hierarchy#key_rings |
### Run Locally
Check that maven is installed:
......@@ -140,23 +143,23 @@ Partition Service is compatible with App Engine Flexible Environment and Cloud R
#### Cloud KMS Setup
Enable cloud KMS on master project
Enable cloud KMS on master project.
Create king ring and key in the ***master project***
```bash
gcloud services enable cloudkms.googleapis.com
export KEYRING_NAME="csqp"
export CRYPTOKEY_NAME="searchService"
export CRYPTOKEY_NAME="partionService"
gcloud kms keyrings create $KEYRING_NAME --location global
gcloud kms keys create $CRYPTOKEY_NAME --location global \
--keyring $KEYRING_NAME \
--purpose encryption
```
Add **Cloud KMS CryptoKey Encrypter/Decrypter** role to the **App Engine default service account** of the master project through IAM - Role tab
Add **Cloud KMS CryptoKey Encrypter/Decrypter** role to the used **service account** by Partition Service of the ***master project*** through IAM - Role tab.
Add "Cloud KMS Encrypt/Decrypt" role to the "App Engine default service account" of ***master project***
Add "Cloud KMS Encrypt/Decrypt" role to the used **service account** by Partition Service of the ***master project*** through IAM - Role tab.
## Licence
Copyright © Google LLC
......@@ -172,4 +175,4 @@ Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
\ No newline at end of file
limitations under the License.
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment