forked from TrueCloudLab/restic
Update docs and add changelog entry: Google auth
Add documentation around using default Google application credentials, along with a changelog extra that describes the feature and the potential impact on existing restic uses (read: none).
This commit is contained in:
parent
0dfdc11ed9
commit
492baf991f
2 changed files with 20 additions and 2 deletions
12
changelog/unreleased/pull-1552
Normal file
12
changelog/unreleased/pull-1552
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
Feature: Use Google Application Default credentials
|
||||||
|
|
||||||
|
Google provide libraries to generate appropriate credentials with various
|
||||||
|
fallback sources. This change uses the library to generate our GCS client, which
|
||||||
|
allows us to make use of these extra methods.
|
||||||
|
|
||||||
|
This should be backward compatible with previous restic behaviour while adding
|
||||||
|
the additional capabilities to auth from Google's internal metadata endpoints.
|
||||||
|
For users running restic in GCP this can make authentication far easier than it
|
||||||
|
was before.
|
||||||
|
|
||||||
|
https://developers.google.com/identity/protocols/application-default-credentials
|
|
@ -362,8 +362,14 @@ key file and the project ID as follows:
|
||||||
$ export GOOGLE_PROJECT_ID=123123123123
|
$ export GOOGLE_PROJECT_ID=123123123123
|
||||||
$ export GOOGLE_APPLICATION_CREDENTIALS=$HOME/.config/gs-secret-restic-key.json
|
$ export GOOGLE_APPLICATION_CREDENTIALS=$HOME/.config/gs-secret-restic-key.json
|
||||||
|
|
||||||
Then you can use the ``gs:`` backend type to create a new repository in the
|
We use Google's client library to generate [default authentication
|
||||||
bucket `foo` at the root path:
|
material](https://developers.google.com/identity/protocols/application-default-credentials),
|
||||||
|
which means if you're running in Google Container Engine or are otherwise
|
||||||
|
located on an instance with default service accounts then these should work out
|
||||||
|
the box.
|
||||||
|
|
||||||
|
Once authenticated, you can use the ``gs:`` backend type to create a new
|
||||||
|
repository in the bucket `foo` at the root path:
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue