fix(corp/ops): let service account use encryption key
Change-Id: Idd68e849457ecf600b1d9a318846557adfce8575 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8737 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
This commit is contained in:
parent
75ffea3fe6
commit
e3778ff6bc
1 changed files with 10 additions and 1 deletions
|
@ -94,7 +94,7 @@ resource "yandex_serverless_container" "rih_backend" {
|
|||
service_account_id = yandex_iam_service_account.rih_backend.id
|
||||
|
||||
image {
|
||||
url = "cr.yandex/crpkcq65tn6bhq6puq2o/rih-backend:9cwnx8jvwjw2ckpqg970p4y7cf74z28j"
|
||||
url = "cr.yandex/crpkcq65tn6bhq6puq2o/rih-backend:dhgw6c4afancx1a3gac6day0bdgd9qhf"
|
||||
}
|
||||
|
||||
secrets {
|
||||
|
@ -197,6 +197,15 @@ resource "yandex_kms_symmetric_key" "backend_data_key" {
|
|||
}
|
||||
}
|
||||
|
||||
resource "yandex_kms_symmetric_key_iam_binding" "rih_encryption_access" {
|
||||
symmetric_key_id = yandex_kms_symmetric_key.backend_data_key.id
|
||||
role = "kms.keys.encrypter"
|
||||
|
||||
members = [
|
||||
"serviceAccount:${yandex_iam_service_account.rih_backend.id}"
|
||||
]
|
||||
}
|
||||
|
||||
resource "yandex_storage_bucket" "rih_backend_data" {
|
||||
access_key = yandex_iam_service_account_static_access_key.rih_sa_static_key.access_key
|
||||
secret_key = yandex_iam_service_account_static_access_key.rih_sa_static_key.secret_key
|
||||
|
|
Loading…
Reference in a new issue