Skip to content

Commit

Permalink
Add extra replacement variables and GCP's role identifier (#597)
Browse files Browse the repository at this point in the history 
Signed-off-by: Ben Walding <bwalding@cloudbees.com>
  • Loading branch information
@bwalding
bwalding authored Aug 31, 2021
1 parent c875b79 commit c79ba73
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions KMS.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,14 +102,14 @@ The URI format for GCP KMS is:

`gcpkms://projects/$PROJECT/locations/$LOCATION/keyRings/$KEYRING/cryptoKeys/$KEY/versions/$KEY_VERSION`

where PROJECT, LOCATION, KEYRUNG and KEY are replaced with the correct values.
where PROJECT, LOCATION, KEYRING, KEY and KEY_VERSION are replaced with the correct values.

Cosign automatically uses GCP Application Default Credentials for authentication.
See the GCP [API documentation](https://cloud.google.com/docs/authentication/production) for information on how to authenticate in different environments.

The user must have the following IAM roles:
* Safer KMS Viewer Role
* Cloud KMS CryptoKey Signer/Verifier
* Cloud KMS CryptoKey Signer/Verifier (`roles/cloudkms.signerVerifier`)

### Hashicorp Vault

Expand Down

0 comments on commit c79ba73

Please sign in to comment.