about summary refs log tree commit diff
path: root/nix
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2022-08-08 17:51:49 -0700
committerFranck Cuny <franck@fcuny.net>2022-08-10 17:42:14 -0700
commitaff01ebd0ecb546d248823b6de21aabc19a0ac19 (patch)
tree840e622d77f07aa21433e45371403e747b06e978 /nix
parentfix(tahoe/secrets): configuration for rclone-sync to GCP (diff)
downloadworld-aff01ebd0ecb546d248823b6de21aabc19a0ac19.tar.gz
ref(ops/buildkite): use service account impersonation for GCP
Instead of using a key for the terraform service account, use
delegation. This simplifies a bit the setup:
- no need to have a local key
- principle of least privilege
- no need to setup some environment variables

Update the documentation in case something goes wrong in the future.

Change-Id: I430bdf6816419da35ae8a36cec55ce56491b985c
Reviewed-on: https://cl.fcuny.net/c/world/+/710
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
Diffstat (limited to 'nix')
0 files changed, 0 insertions, 0 deletions