Skip to content

Migrates from KMS to Secret Manager

Choose a tag to compare

View all tags
@nkinkade nkinkade released this 19 Oct 19:00
v0.8.0
a896eda
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

The major change in the release is migration from using the Cloud Key Management Service (KMS) to use the Cloud Secret Manager (SM). KMS required us to store the private JWS singer keys in this repository, although encrypted. The SM allows us to remove any key material, encrypted or not, from this repository. The SM also allow us to store old versions of keys. That is, keys are versioned, which provides us an easier path for key rotation.

Additionally this PR includes:

  • Reinstalling the ca-certificates package before the Travis build to prevent server certificate errors.
  • Increasing the max instances to 20 for GAE auto-scaling of this app.
Assets 2
Loading