google-cloud-secret_manager 1.1.3 → 1.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e94612e756a2b3fa967c42932f57310d774822e525fb42f63865112028bb0117
4
- data.tar.gz: 25572e429321d133fe7f6cd8164f34933bf557fbe761d9c3d837072fd7d73a32
3
+ metadata.gz: 2345fe7a5c5950e717df5f869b20256261d68b7c8022a3ed92a76683890c34f7
4
+ data.tar.gz: 3cb8415fd07c924bc31b14a0f5ce3e00ca10ca2f4d8fceae32b827a54ad30402
5
5
  SHA512:
6
- metadata.gz: fbd7a03e22b8261acdead9d97d00373d11bf76044bab55d3d240d65b1186e66bef54bf980b9ea430ad1b68d91ad82b6adc5d9c21ac26bcec1ab3d9a3ab22350f
7
- data.tar.gz: 9c351457c0af9981f3a4a5b2d5f76080ab35e07a673a7e4cae340e2e9ad02b5b5fa06bf3ed645e2423daa185ca35676395b6e9a5e32bb44645f7c5525926a871
6
+ metadata.gz: bb5b75134e3d8c7e6200cd89b9e5ca07153beb9eeb5ccb54223d4004c144a2b0161a090f87268c071472a991eb99423f15f45a8493fb2470b3da43ee450093fb
7
+ data.tar.gz: 679a1e7fc5fe84fcc4539252e13ba7ae3414c3c1e0f8d37d4a56356f98eda2c1de6a99ce770f407216e85e7a3fe678aa81f6e6fafb7f5fb15e2f6a7b7d4429f7
data/AUTHENTICATION.md CHANGED
@@ -1,151 +1,122 @@
1
1
  # Authentication
2
2
 
3
- In general, the google-cloud-secret_manager library uses
4
- [Service Account](https://cloud.google.com/iam/docs/creating-managing-service-accounts)
5
- credentials to connect to Google Cloud services. When running within
6
- [Google Cloud Platform environments](#google-cloud-platform-environments) the
7
- credentials will be discovered automatically. When running on other
8
- environments, the Service Account credentials can be specified by providing the
9
- path to the
10
- [JSON keyfile](https://cloud.google.com/iam/docs/managing-service-account-keys)
11
- for the account (or the JSON itself) in
12
- [environment variables](#environment-variables). Additionally, Cloud SDK
13
- credentials can also be discovered automatically, but this is only recommended
14
- during development.
3
+ The recommended way to authenticate to the google-cloud-secret_manager library is to use
4
+ [Application Default Credentials (ADC)](https://cloud.google.com/docs/authentication/application-default-credentials).
5
+ To review all of your authentication options, see [Credentials lookup](#credential-lookup).
15
6
 
16
7
  ## Quickstart
17
8
 
18
- 1. [Create a service account and credentials](#creating-a-service-account).
19
- 2. Set the [environment variable](#environment-variables).
9
+ The following example shows how to set up authentication for a local development
10
+ environment with your user credentials.
20
11
 
21
- ```sh
22
- export SECRET_MANAGER_CREDENTIALS=path/to/keyfile.json
23
- ```
24
-
25
- 3. Initialize the client.
12
+ **NOTE:** This method is _not_ recommended for running in production. User credentials
13
+ should be used only during development.
26
14
 
27
- ```ruby
28
- require "google/cloud/secret_manager"
15
+ 1. [Download and install the Google Cloud CLI](https://cloud.google.com/sdk).
16
+ 2. Set up a local ADC file with your user credentials:
29
17
 
30
- client = Google::Cloud::SecretManager.secret_manager_service
18
+ ```sh
19
+ gcloud auth application-default login
31
20
  ```
32
21
 
33
- ## Credential Lookup
34
-
35
- The google-cloud-secret_manager library aims to make authentication
36
- as simple as possible, and provides several mechanisms to configure your system
37
- without requiring **Service Account Credentials** directly in code.
38
-
39
- **Credentials** are discovered in the following order:
40
-
41
- 1. Specify credentials in method arguments
42
- 2. Specify credentials in configuration
43
- 3. Discover credentials path in environment variables
44
- 4. Discover credentials JSON in environment variables
45
- 5. Discover credentials file in the Cloud SDK's path
46
- 6. Discover GCP credentials
47
-
48
- ### Google Cloud Platform environments
22
+ 3. Write code as if already authenticated.
49
23
 
50
- When running on Google Cloud Platform (GCP), including Google Compute Engine
51
- (GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud
52
- Functions (GCF) and Cloud Run, **Credentials** are discovered automatically.
53
- Code should be written as if already authenticated.
24
+ For more information about setting up authentication for a local development environment, see
25
+ [Set up Application Default Credentials](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-dev).
54
26
 
55
- ### Environment Variables
27
+ ## Credential Lookup
56
28
 
57
- The **Credentials JSON** can be placed in environment variables instead of
58
- declaring them directly in code. Each service has its own environment variable,
59
- allowing for different service accounts to be used for different services. (See
60
- the READMEs for the individual service gems for details.) The path to the
61
- **Credentials JSON** file can be stored in the environment variable, or the
62
- **Credentials JSON** itself can be stored for environments such as Docker
63
- containers where writing files is difficult or not encouraged.
29
+ The google-cloud-secret_manager library provides several mechanisms to configure your system.
30
+ Generally, using Application Default Credentials to facilitate automatic
31
+ credentials discovery is the easist method. But if you need to explicitly specify
32
+ credentials, there are several methods available to you.
64
33
 
65
- The environment variables that google-cloud-secret_manager
66
- checks for credentials are configured on the service Credentials class (such as
67
- `::Google::Cloud::SecretManager::V1::SecretManagerService::Credentials`):
34
+ Credentials are accepted in the following ways, in the following order or precedence:
68
35
 
69
- * `SECRET_MANAGER_CREDENTIALS` - Path to JSON file, or JSON contents
70
- * `SECRET_MANAGER_KEYFILE` - Path to JSON file, or JSON contents
71
- * `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents
72
- * `GOOGLE_CLOUD_KEYFILE` - Path to JSON file, or JSON contents
73
- * `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file
36
+ 1. Credentials specified in method arguments
37
+ 2. Credentials specified in configuration
38
+ 3. Credentials pointed to or included in environment variables
39
+ 4. Credentials found in local ADC file
40
+ 5. Credentials returned by the metadata server for the attached service account (GCP)
74
41
 
75
- ```ruby
76
- require "google/cloud/secret_manager"
77
-
78
- ENV["SECRET_MANAGER_CREDENTIALS"] = "path/to/keyfile.json"
42
+ ### Configuration
79
43
 
80
- client = Google::Cloud::SecretManager.secret_manager_service
81
- ```
44
+ You can configure a path to a JSON credentials file, either for an individual client object or
45
+ globally, for all client objects. The JSON file can contain credentials created for
46
+ [workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation),
47
+ [workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a
48
+ [service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key).
82
49
 
83
- ### Configuration
50
+ Note: Service account keys are a security risk if not managed correctly. You should
51
+ [choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree)
52
+ whenever possible.
84
53
 
85
- The path to the **Credentials JSON** file can be configured instead of storing
86
- it in an environment variable. Either on an individual client initialization:
54
+ To configure a credentials file for an individual client initialization:
87
55
 
88
56
  ```ruby
89
57
  require "google/cloud/secret_manager"
90
58
 
91
59
  client = Google::Cloud::SecretManager.secret_manager_service do |config|
92
- config.credentials = "path/to/keyfile.json"
60
+ config.credentials = "path/to/credentialfile.json"
93
61
  end
94
62
  ```
95
63
 
96
- Or globally for all clients:
64
+ To configure a credentials file globally for all clients:
97
65
 
98
66
  ```ruby
99
67
  require "google/cloud/secret_manager"
100
68
 
101
69
  Google::Cloud::SecretManager.configure do |config|
102
- config.credentials = "path/to/keyfile.json"
70
+ config.credentials = "path/to/credentialfile.json"
103
71
  end
104
72
 
105
73
  client = Google::Cloud::SecretManager.secret_manager_service
106
74
  ```
107
75
 
108
- ### Cloud SDK
76
+ ### Environment Variables
109
77
 
110
- This option allows for an easy way to authenticate during development. If
111
- credentials are not provided in code or in environment variables, then Cloud SDK
112
- credentials are discovered.
78
+ You can also use an environment variable to provide a JSON credentials file.
79
+ The environment variable can contain a path to the credentials file or, for
80
+ environments such as Docker containers where writing files is not encouraged,
81
+ you can include the credentials file itself.
113
82
 
114
- To configure your system for this, simply:
83
+ The JSON file can contain credentials created for
84
+ [workload identity federation](https://cloud.google.com/iam/docs/workload-identity-federation),
85
+ [workforce identity federation](https://cloud.google.com/iam/docs/workforce-identity-federation), or a
86
+ [service account key](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key).
115
87
 
116
- 1. [Download and install the Cloud SDK](https://cloud.google.com/sdk)
117
- 2. Authenticate using OAuth 2.0 `$ gcloud auth login`
118
- 3. Write code as if already authenticated.
88
+ Note: Service account keys are a security risk if not managed correctly. You should
89
+ [choose a more secure alternative to service account keys](https://cloud.google.com/docs/authentication#auth-decision-tree)
90
+ whenever possible.
91
+
92
+ The environment variables that google-cloud-secret_manager
93
+ checks for credentials are:
119
94
 
120
- **NOTE:** This is _not_ recommended for running in production. The Cloud SDK
121
- *should* only be used during development.
95
+ * `GOOGLE_CLOUD_CREDENTIALS` - Path to JSON file, or JSON contents
96
+ * `GOOGLE_APPLICATION_CREDENTIALS` - Path to JSON file
122
97
 
123
- ## Creating a Service Account
98
+ ```ruby
99
+ require "google/cloud/secret_manager"
124
100
 
125
- Google Cloud requires **Service Account Credentials** to
126
- connect to the APIs. You will use the **JSON key file** to
127
- connect to most services with google-cloud-secret_manager.
101
+ ENV["GOOGLE_APPLICATION_CREDENTIALS"] = "path/to/credentialfile.json"
128
102
 
129
- If you are not running this client within
130
- [Google Cloud Platform environments](#google-cloud-platform-environments), you
131
- need a Google Developers service account.
103
+ client = Google::Cloud::SecretManager.secret_manager_service
104
+ ```
132
105
 
133
- 1. Visit the [Google Cloud Console](https://console.cloud.google.com/project).
134
- 2. Create a new project or click on an existing project.
135
- 3. Activate the menu in the upper left and select **APIs & Services**. From
136
- here, you will enable the APIs that your application requires.
106
+ ### Local ADC file
137
107
 
138
- *Note: You may need to enable billing in order to use these services.*
108
+ You can set up a local ADC file with your user credentials for authentication during
109
+ development. If credentials are not provided in code or in environment variables,
110
+ then the local ADC credentials are discovered.
139
111
 
140
- 4. Select **Credentials** from the side navigation.
112
+ Follow the steps in [Quickstart](#quickstart) to set up a local ADC file.
141
113
 
142
- Find the "Create credentials" drop down near the top of the page, and select
143
- "Service account" to be guided through downloading a new JSON key file.
114
+ ### Google Cloud Platform environments
144
115
 
145
- If you want to re-use an existing service account, you can easily generate a
146
- new key file. Just select the account you wish to re-use, click the pencil
147
- tool on the right side to edit the service account, select the **Keys** tab,
148
- and then select **Add Key**.
116
+ When running on Google Cloud Platform (GCP), including Google Compute Engine
117
+ (GCE), Google Kubernetes Engine (GKE), Google App Engine (GAE), Google Cloud
118
+ Functions (GCF) and Cloud Run, credentials are retrieved from the attached
119
+ service account automatically. Code should be written as if already authenticated.
149
120
 
150
- The key file you download will be used by this library to authenticate API
151
- requests and should be stored in a secure location.
121
+ For more information, see
122
+ [Set up ADC for Google Cloud services](https://cloud.google.com/docs/authentication/provide-credentials-adc#attached-sa).
data/README.md CHANGED
@@ -11,13 +11,13 @@ verisoned gems in as dependencies, and provides high-level methods for
11
11
  constructing clients. More information on versioned clients can be found below
12
12
  in the section titled *Which client should I use?*.
13
13
 
14
- View the [Client Library Documentation](https://googleapis.dev/ruby/google-cloud-secret_manager/latest)
14
+ View the [Client Library Documentation](https://cloud.google.com/ruby/docs/reference/google-cloud-secret_manager/latest)
15
15
  for this library, google-cloud-secret_manager, to see the convenience methods for
16
16
  constructing client objects. Reference documentation for the client objects
17
17
  themselves can be found in the client library documentation for the versioned
18
18
  client gems:
19
- [google-cloud-secret_manager-v1](https://googleapis.dev/ruby/google-cloud-secret_manager-v1/latest),
20
- [google-cloud-secret_manager-v1beta1](https://googleapis.dev/ruby/google-cloud-secret_manager-v1beta1/latest).
19
+ [google-cloud-secret_manager-v1](https://cloud.google.com/ruby/docs/reference/google-cloud-secret_manager-v1/latest),
20
+ [google-cloud-secret_manager-v1beta1](https://cloud.google.com/ruby/docs/reference/google-cloud-secret_manager-v1beta1/latest).
21
21
 
22
22
  See also the [Product Documentation](https://cloud.google.com/secret-manager)
23
23
  for more usage information.
@@ -38,8 +38,8 @@ In order to use this library, you first need to go through the following steps:
38
38
  ## Enabling Logging
39
39
 
40
40
  To enable logging for this library, set the logger for the underlying [gRPC](https://github.com/grpc/grpc/tree/master/src/ruby) library.
41
- The logger that you set may be a Ruby stdlib [`Logger`](https://ruby-doc.org/stdlib/libdoc/logger/rdoc/Logger.html) as shown below,
42
- or a [`Google::Cloud::Logging::Logger`](https://googleapis.dev/ruby/google-cloud-logging/latest)
41
+ The logger that you set may be a Ruby stdlib [`Logger`](https://ruby-doc.org/current/stdlibs/logger/Logger.html) as shown below,
42
+ or a [`Google::Cloud::Logging::Logger`](https://cloud.google.com/ruby/docs/reference/google-cloud-logging/latest)
43
43
  that will write logs to [Cloud Logging](https://cloud.google.com/logging/). See [grpc/logconfig.rb](https://github.com/grpc/grpc/blob/master/src/ruby/lib/grpc/logconfig.rb)
44
44
  and the gRPC [spec_helper.rb](https://github.com/grpc/grpc/blob/master/src/ruby/spec/spec_helper.rb) for additional information.
45
45
 
@@ -63,14 +63,14 @@ end
63
63
 
64
64
  ## Supported Ruby Versions
65
65
 
66
- This library is supported on Ruby 2.5+.
66
+ This library is supported on Ruby 2.6+.
67
67
 
68
68
  Google provides official support for Ruby versions that are actively supported
69
69
  by Ruby Core—that is, Ruby versions that are either in normal maintenance or
70
- in security maintenance, and not end of life. Currently, this means Ruby 2.5
71
- and later. Older versions of Ruby _may_ still work, but are unsupported and not
72
- recommended. See https://www.ruby-lang.org/en/downloads/branches/ for details
73
- about the Ruby support schedule.
70
+ in security maintenance, and not end of life. Older versions of Ruby _may_
71
+ still work, but are unsupported and not recommended. See
72
+ https://www.ruby-lang.org/en/downloads/branches/ for details about the Ruby
73
+ support schedule.
74
74
 
75
75
  ## Which client should I use?
76
76
 
@@ -16,7 +16,7 @@
16
16
  module Google
17
17
  module Cloud
18
18
  module SecretManager
19
- VERSION = "1.1.3".freeze
19
+ VERSION = "1.3.0".freeze
20
20
  end
21
21
  end
22
22
  end
@@ -29,7 +29,7 @@ require "google/cloud/config"
29
29
 
30
30
  # Set the default configuration
31
31
  ::Google::Cloud.configure.add_config! :secret_manager do |config|
32
- config.add_field! :endpoint, "secretmanager.googleapis.com", match: ::String
32
+ config.add_field! :endpoint, nil, match: ::String
33
33
  config.add_field! :credentials, nil, match: [::String, ::Hash, ::Google::Auth::Credentials]
34
34
  config.add_field! :scope, nil, match: [::Array, ::String]
35
35
  config.add_field! :lib_name, nil, match: ::String
@@ -39,6 +39,7 @@ require "google/cloud/config"
39
39
  config.add_field! :metadata, nil, match: ::Hash
40
40
  config.add_field! :retry_policy, nil, match: [::Hash, ::Proc]
41
41
  config.add_field! :quota_project, nil, match: ::String
42
+ config.add_field! :universe_domain, nil, match: ::String
42
43
  end
43
44
 
44
45
  module Google
@@ -48,9 +49,9 @@ module Google
48
49
  # Create a new client object for SecretManagerService.
49
50
  #
50
51
  # By default, this returns an instance of
51
- # [Google::Cloud::SecretManager::V1::SecretManagerService::Client](https://googleapis.dev/ruby/google-cloud-secret_manager-v1/latest/Google/Cloud/SecretManager/V1/SecretManagerService/Client.html)
52
- # for version V1 of the API.
53
- # However, you can specify specify a different API version by passing it in the
52
+ # [Google::Cloud::SecretManager::V1::SecretManagerService::Client](https://cloud.google.com/ruby/docs/reference/google-cloud-secret_manager-v1/latest/Google-Cloud-SecretManager-V1-SecretManagerService-Client)
53
+ # for a gRPC client for version V1 of the API.
54
+ # However, you can specify a different API version by passing it in the
54
55
  # `version` parameter. If the SecretManagerService service is
55
56
  # supported by that API version, and the corresponding gem is available, the
56
57
  # appropriate versioned client will be returned.
@@ -67,7 +68,7 @@ module Google
67
68
  #
68
69
  # @param version [::String, ::Symbol] The API version to connect to. Optional.
69
70
  # Defaults to `:v1`.
70
- # @return [SecretManagerService::Client] A client object for the specified version.
71
+ # @return [::Object] A client object for the specified version.
71
72
  #
72
73
  def self.secret_manager_service version: :v1, &block
73
74
  require "google/cloud/secret_manager/#{version.to_s.downcase}"
@@ -76,8 +77,8 @@ module Google
76
77
  .constants
77
78
  .select { |sym| sym.to_s.downcase == version.to_s.downcase.tr("_", "") }
78
79
  .first
79
- package_module = Google::Cloud::SecretManager.const_get package_name
80
- package_module.const_get(:SecretManagerService).const_get(:Client).new(&block)
80
+ service_module = Google::Cloud::SecretManager.const_get(package_name).const_get(:SecretManagerService)
81
+ service_module.const_get(:Client).new(&block)
81
82
  end
82
83
 
83
84
  ##
@@ -97,7 +98,7 @@ module Google
97
98
  # * `timeout` (*type:* `Numeric`) -
98
99
  # Default timeout in seconds.
99
100
  # * `metadata` (*type:* `Hash{Symbol=>String}`) -
100
- # Additional gRPC headers to be sent with the call.
101
+ # Additional headers to be sent with the call.
101
102
  # * `retry_policy` (*type:* `Hash`) -
102
103
  # The retry policy. The value is a hash with the following keys:
103
104
  # * `:initial_delay` (*type:* `Numeric`) - The initial delay in seconds.
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-cloud-secret_manager
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.3
4
+ version: 1.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-01-11 00:00:00.000000000 Z
11
+ date: 2024-01-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: google-cloud-core
@@ -30,7 +30,7 @@ dependencies:
30
30
  requirements:
31
31
  - - ">="
32
32
  - !ruby/object:Gem::Version
33
- version: '0.1'
33
+ version: '0.19'
34
34
  - - "<"
35
35
  - !ruby/object:Gem::Version
36
36
  version: 2.a
@@ -40,7 +40,7 @@ dependencies:
40
40
  requirements:
41
41
  - - ">="
42
42
  - !ruby/object:Gem::Version
43
- version: '0.1'
43
+ version: '0.19'
44
44
  - - "<"
45
45
  - !ruby/object:Gem::Version
46
46
  version: 2.a
@@ -70,28 +70,28 @@ dependencies:
70
70
  requirements:
71
71
  - - "~>"
72
72
  - !ruby/object:Gem::Version
73
- version: 1.25.1
73
+ version: 1.26.1
74
74
  type: :development
75
75
  prerelease: false
76
76
  version_requirements: !ruby/object:Gem::Requirement
77
77
  requirements:
78
78
  - - "~>"
79
79
  - !ruby/object:Gem::Version
80
- version: 1.25.1
80
+ version: 1.26.1
81
81
  - !ruby/object:Gem::Dependency
82
82
  name: minitest
83
83
  requirement: !ruby/object:Gem::Requirement
84
84
  requirements:
85
85
  - - "~>"
86
86
  - !ruby/object:Gem::Version
87
- version: '5.14'
87
+ version: '5.16'
88
88
  type: :development
89
89
  prerelease: false
90
90
  version_requirements: !ruby/object:Gem::Requirement
91
91
  requirements:
92
92
  - - "~>"
93
93
  - !ruby/object:Gem::Version
94
- version: '5.14'
94
+ version: '5.16'
95
95
  - !ruby/object:Gem::Dependency
96
96
  name: minitest-focus
97
97
  requirement: !ruby/object:Gem::Requirement
@@ -126,14 +126,14 @@ dependencies:
126
126
  requirements:
127
127
  - - ">="
128
128
  - !ruby/object:Gem::Version
129
- version: '12.0'
129
+ version: '13.0'
130
130
  type: :development
131
131
  prerelease: false
132
132
  version_requirements: !ruby/object:Gem::Requirement
133
133
  requirements:
134
134
  - - ">="
135
135
  - !ruby/object:Gem::Version
136
- version: '12.0'
136
+ version: '13.0'
137
137
  - !ruby/object:Gem::Dependency
138
138
  name: redcarpet
139
139
  requirement: !ruby/object:Gem::Requirement
@@ -204,14 +204,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
204
204
  requirements:
205
205
  - - ">="
206
206
  - !ruby/object:Gem::Version
207
- version: '2.5'
207
+ version: '2.6'
208
208
  required_rubygems_version: !ruby/object:Gem::Requirement
209
209
  requirements:
210
210
  - - ">="
211
211
  - !ruby/object:Gem::Version
212
212
  version: '0'
213
213
  requirements: []
214
- rubygems_version: 3.3.4
214
+ rubygems_version: 3.5.3
215
215
  signing_key:
216
216
  specification_version: 4
217
217
  summary: API Client library for the Secret Manager API