Rewording, fix typos
This commit is contained in:
parent
52878c1564
commit
39b7756958
|
@ -49,6 +49,6 @@ The example's feed tracks changes to Google Compute instances, and the Cloud Fun
|
||||||
## On-prem Service Account key management
|
## On-prem Service Account key management
|
||||||
|
|
||||||
|
|
||||||
This [example](./onprem-sa-key-management) shows how to manage IAM Service Account Keys by generating a key pair and uploading the public part of the key to GCP.
|
This [example](./onprem-sa-key-management) shows how to manage IAM Service Account Keys by manually generating a key pair and uploading the public part of the key to GCP.
|
||||||
|
s
|
||||||
<br clear="left">
|
<br clear="left">
|
|
@ -2,10 +2,10 @@
|
||||||
|
|
||||||
When managing GCP Service Accounts with terraform, it's often a question on **how to avoid Service Account Key in the terraform state?**
|
When managing GCP Service Accounts with terraform, it's often a question on **how to avoid Service Account Key in the terraform state?**
|
||||||
|
|
||||||
This example shows how to manage IAM Service Account Keys by generating a key pair and uploading the public part of the key to GCP, it has the following benefits:
|
This example shows how to manage IAM Service Account Keys by manually generating a key pair and uploading the public part of the key to GCP. It has the following benefits:
|
||||||
|
|
||||||
- no [passing keys between users](https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys#pass-between-users) or systems
|
- no [passing keys between users](https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys#pass-between-users) or systems
|
||||||
- no SA key stored in the terraform state (only public part of the key in the state)
|
- no private keys stored in the terraform state (only public part of the key is in the state)
|
||||||
- let keys [expire automatically](https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys#key-expiryhaving)
|
- let keys [expire automatically](https://cloud.google.com/iam/docs/best-practices-for-managing-service-account-keys#key-expiryhaving)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -71,7 +71,7 @@ locals {
|
||||||
type : "service_account",
|
type : "service_account",
|
||||||
project_id : var.project_id,
|
project_id : var.project_id,
|
||||||
private_key_id : split("/", google_service_account_key.upload_key[file].id)[5]
|
private_key_id : split("/", google_service_account_key.upload_key[file].id)[5]
|
||||||
private_key : "REPLASE_ME_WITH_PRIVATE_KEY_DATA"
|
private_key : "REPLACE_ME_WITH_PRIVATE_KEY_DATA"
|
||||||
client_email : local.resource_email_static
|
client_email : local.resource_email_static
|
||||||
client_id : local.service_account.unique_id,
|
client_id : local.service_account.unique_id,
|
||||||
auth_uri : "https://accounts.google.com/o/oauth2/auth",
|
auth_uri : "https://accounts.google.com/o/oauth2/auth",
|
||||||
|
|
Loading…
Reference in New Issue