Class SqlCredentialStore
- java.lang.Object
-
- google.registry.privileges.secretmanager.SqlCredentialStore
-
public class SqlCredentialStore extends java.lang.Object
Storage of SQL users' login credentials, backed by Cloud Secret Manager.A user's credential is stored with one level of indirection using two secret IDs: Each version of the credential data is stored as follows: its secret ID is determined by
getCredentialDataSecretId(SqlUser, String dbInstance)
, and the value of each version is aSqlCredential
, serialized usingSqlCredential.toFormattedString()
. The 'live' version of the credential is saved under the 'live pointer' secret explained below.The pointer to the 'live' version of the credential data is stored as follows: its secret ID is determined by
getLiveLabelSecretId(SqlUser, String dbInstance)
; and the value of each version is aSecretVersionName
in String form, pointing to a version of the credential data. Only the 'latest' version of this secret should be used. It is guaranteed to be valid.The indirection in credential storage makes it easy to handle failures in the credential change process.
-
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
createOrUpdateCredential(SqlUser user, java.lang.String password)
void
deleteCredential(SqlUser user)
SqlCredential
getCredential(SqlUser user)
-
-
-
Method Detail
-
getCredential
public SqlCredential getCredential(SqlUser user)
-
createOrUpdateCredential
public void createOrUpdateCredential(SqlUser user, java.lang.String password)
-
deleteCredential
public void deleteCredential(SqlUser user)
-
-