autotelic / envelope-encryptor

MIT License
1 stars 0 forks source link

Key service with KEK as config arg to support GCP secrets manager #55

Closed eadmundo closed 6 months ago

eadmundo commented 6 months ago

Summary

In order to support GCP secrets manager on Cloud Run, this adds a key service option which takes a key encryption key (KEK) as a base64 encoded string. This is to support storing the KEK in GCP secrets manager and then attaching it to the cloud run service as an env var at runtime.

Test Plan