search

cockroachdb / docs

CockroachDB user documentation
https://cockroachlabs.com/docs
Creative Commons Attribution 4.0 International
186 stars 453 forks source link

cloud/gcp: support temporary token credentials for GCP storage and KMS #14368

Open cockroach-teamcity opened 2 years ago

cockroach-teamcity commented 2 years ago

Exalate commented:

Related PR: https://github.com/cockroachdb/cockroach/pull/83210 Commit: https://github.com/cockroachdb/cockroach/commit/97e9ecd9dd37bcf0ddb5ce4bb34c95127e0e6f73

Release note (enterprise change): Adds the ability to provide short-lived OAuth 2.0 tokens as a form of short-lived credentials to Google Cloud Storage and KMS. The token can be passed to the GCS or KMS URI via the new BEARER_TOKEN parameter for "specified" authentication mode.

Example GCS URI: gs:///?AUTH=specified&BEARER_TOKEN= Example KMS URI: gs:///?AUTH=specified&BEARER_TOKEN=

There is no refresh mechanism associated with this token, so it is up to the user to ensure that its TTL is longer than the duration of the job or query that is using the token. The job or query may irrecoverably fail if one of its tokens expire before completion.

Jira Issue: DOC-4595

exalate-issue-sync[bot] commented 1 year ago

Kathryn Hancox (kathancox) commented: Rui Hu Liv Lobo I think this docs issue can be closed, right? I believe this was preemptive work to the assume role feature, and so we don’t need to specifically document this?