Update docs and add changelog entry: Google auth

Add documentation around using default Google application credentials,
along with a changelog extra that describes the feature and the
potential impact on existing restic uses (read: none).
This commit is contained in:
Lawrence Jones 2018-01-12 17:36:57 +00:00
parent 0dfdc11ed9
commit 492baf991f
No known key found for this signature in database
GPG key ID: 74179F6972FC3A21
2 changed files with 20 additions and 2 deletions

View file

@ -0,0 +1,12 @@
Feature: Use Google Application Default credentials
Google provide libraries to generate appropriate credentials with various
fallback sources. This change uses the library to generate our GCS client, which
allows us to make use of these extra methods.
This should be backward compatible with previous restic behaviour while adding
the additional capabilities to auth from Google's internal metadata endpoints.
For users running restic in GCP this can make authentication far easier than it
was before.
https://developers.google.com/identity/protocols/application-default-credentials

View file

@ -362,8 +362,14 @@ key file and the project ID as follows:
$ export GOOGLE_PROJECT_ID=123123123123
$ export GOOGLE_APPLICATION_CREDENTIALS=$HOME/.config/gs-secret-restic-key.json
Then you can use the ``gs:`` backend type to create a new repository in the
bucket `foo` at the root path:
We use Google's client library to generate [default authentication
material](https://developers.google.com/identity/protocols/application-default-credentials),
which means if you're running in Google Container Engine or are otherwise
located on an instance with default service accounts then these should work out
the box.
Once authenticated, you can use the ``gs:`` backend type to create a new
repository in the bucket `foo` at the root path:
.. code-block:: console