[feature] allow profile to have GCP Secret Manager as backend

kramphub / kiya

manage secrets for development and infrastructure deployment using Google Cloud Platform

Other

16 stars 7 forks source link

[feature] allow profile to have GCP Secret Manager as backend #23

Closed emicklei closed 3 years ago

emicklei commented 3 years ago

Currently, kiya is using KMS + GCS to manage secrets. It was created in a time before GCP had released the Secret Manager in GA. To support the migration and/or adoption of this new product, kiya should support profiles that use SM instead.

  "gateway": {
    "projectID": "company-gateway-dev",
    "use-secret-manager": true
  }

Secrets could be stored under /gateway in the project

May want to use a different organisation.

soheily98 commented 3 years ago

@emicklei We can ask for each Profile's backend type instead of using a boolean to be more future-proof. The current solution (KMS + GCS) will be used as the fallback value. Ideas?

"gateway": {
  "projectID": "company-gateway-dev",
  "backend": "gms"
}

amohabir commented 3 years ago

I like the idea for having the backend be a type, which we could validate in the executable. Do you also want to have some way of moving or migrating secrets from KMS + GCS to Secret Manager?

soheily98 commented 3 years ago

@amohabir that can be a nice addition!