Update docs and add changelog entry: Google auth
Add documentation around using default Google application credentials, along with a changelog extra that describes the feature and the potential impact on existing restic uses (read: none).
This commit is contained in:
parent
0dfdc11ed9
commit
492baf991f
2 changed files with 20 additions and 2 deletions
12
changelog/unreleased/pull-1552
Normal file
12
changelog/unreleased/pull-1552
Normal file
|
@ -0,0 +1,12 @@
|
|||
Feature: Use Google Application Default credentials
|
||||
|
||||
Google provide libraries to generate appropriate credentials with various
|
||||
fallback sources. This change uses the library to generate our GCS client, which
|
||||
allows us to make use of these extra methods.
|
||||
|
||||
This should be backward compatible with previous restic behaviour while adding
|
||||
the additional capabilities to auth from Google's internal metadata endpoints.
|
||||
For users running restic in GCP this can make authentication far easier than it
|
||||
was before.
|
||||
|
||||
https://developers.google.com/identity/protocols/application-default-credentials
|
|
@ -362,8 +362,14 @@ key file and the project ID as follows:
|
|||
$ export GOOGLE_PROJECT_ID=123123123123
|
||||
$ export GOOGLE_APPLICATION_CREDENTIALS=$HOME/.config/gs-secret-restic-key.json
|
||||
|
||||
Then you can use the ``gs:`` backend type to create a new repository in the
|
||||
bucket `foo` at the root path:
|
||||
We use Google's client library to generate [default authentication
|
||||
material](https://developers.google.com/identity/protocols/application-default-credentials),
|
||||
which means if you're running in Google Container Engine or are otherwise
|
||||
located on an instance with default service accounts then these should work out
|
||||
the box.
|
||||
|
||||
Once authenticated, you can use the ``gs:`` backend type to create a new
|
||||
repository in the bucket `foo` at the root path:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
|
|
Loading…
Reference in a new issue