sops icon indicating copy to clipboard operation
sops copied to clipboard
verified publisher icon getsops

Draft: feat(gcp-kms): impersonate service account

Open eraac opened this issue 3 years ago • 1 comments

Implementation of the possibility of impersonate service account to call the GCP KMS api.

I'm not 100% familiar with the project yet, I'm not sure I've done the work correctly, feel free to point my errors if any

For the unit tests, I guess I can probably add test for the sops metadata to ensure the gcp_impersonate_service_account is correctly set, but I need to be guide a bit here. Otherwise concerning the feature itself, I've no idea how to test it (except manually)

~I still have to update the README, I'll do this tomorrow~ done

Thanks for the review ❤️

eraac avatar Dec 04 '22 00:12 eraac

I got the same kind of issue from aws-profile https://github.com/mozilla/sops/issues/634

I want to use default application credential for encrypt (developpers credentials), and another one via impersonate for decrypt (CI). The current workaround is to edit encrypted file metadata, but isn't very conveniant ...

But unfortunately, this change seems to be more complicated and I guess isn't related to this PR

eraac avatar Dec 04 '22 13:12 eraac