Here is the *TEST TASK*:
1. Using https://github.com/getsops/sops encrypt and decrypt example file.
test.enc.yaml
database:
login: test
password: 123
cache:
conn_str: [email protected]:123/qwerty
2. Use encryption with GCP KMS and Application Default Credentials.
3. Setup a gcloud account with trial mode or use an existing one.
4. Write a short documentation file .md with instructions on how to set up a gcloud account to use it with sops tool.
If you have any questions, please let me know.
Prerequisites
- Google account (and also credit or debit card)
- sops CLI, follow installation instructions
- gcloud CLI, follow installation instructions
Steps
- Setup Google Cloud account:
- Go to https://cloud.google.com/?hl=en and click on Start Free button
- Fill out all the required forms
- After confirming payment method you are ready to go
- Configure gcloud CLI:
- Run in terminal:
gcloud auth login. Browser will open login page from where you have to choose Google account. - Get project ID:
gcloud projects list --format "value(projectId)" - Set project ID for CLI:
gcloud config set project <PROJECT_ID> - Configure Application Default Credentials:
gcloud auth application-default login. The process is the same as with default gcloud login. - Enable Cloud KMS service:
gcloud services enable cloudkms.googleapis.com - Wait a few minutes for actions to propagate.
- Run in terminal:
- Configure sops CLI:
- Create keyring:
gcloud kms keyrings create sops --location global - Create a key:
gcloud kms keys create sops-key --location global --keyring sops --purpose encryption - Get KMS ResourceID:
gcloud kms keys list --location global --keyring sops --format "value(name)"
- Create keyring:
- Work with files:
- Encrypt:
sops -e --gcp-kms <KMS ResourceID> test.yaml > test.enc.yaml - Edit encrypted file:
sops test.enc.yaml - Decrypt file:
sops -d test.enc.yaml
- Encrypt: