commit | 2bdbbbb2d0dc7c8f98467160820770af64a5e3ec | [log] [tgz] |
---|---|---|
author | Jonathan Amsterdam <jba@google.com> | Mon Apr 10 09:24:59 2023 -0400 |
committer | Gopher Robot <gobot@golang.org> | Mon Apr 10 20:21:28 2023 +0000 |
tree | a5e84de88970cb3ea0ac5b2ca3a1ca8358c72481 | |
parent | fa74628bbd3e606386536383ac25f0c7d0ce52a5 [diff] |
terraform: add HMAC secret key Add a secret key to be used for computing HMACs of IP addresses for vuln DB requests. We use an HMAC (encrypted hash) rather than a hash alone to obfuscate IP addresses so that no one can check a guessed IP against a hash without knowing the secret. Since no one ever needs to decode the result, the secret was generated once, stored in Google Cloud Secret Manager, then discarded. It is not stored anywhere else. Change-Id: I9c24b2f2b8eff38ce9bbfdbcf903df665a494e88 Reviewed-on: https://go-review.googlesource.com/c/pkgsite-metrics/+/483037 Run-TryBot: Jonathan Amsterdam <jba@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Jonathan Amsterdam <jba@google.com> Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
This repository contains code that serves pkg.go.dev/metrics.
This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html.
The main issue tracker for the time repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/pkgsite-metrics:” in the subject line, so it is easy to find.