Google Git
Sign in
go / pkgsite-metrics / 2bdbbbb2d0dc7c8f98467160820770af64a5e3ec
commit2bdbbbb2d0dc7c8f98467160820770af64a5e3ec[log] [tgz]
authorJonathan Amsterdam <jba@google.com>Mon Apr 10 09:24:59 2023 -0400
committerGopher Robot <gobot@golang.org>Mon Apr 10 20:21:28 2023 +0000
treea5e84de88970cb3ea0ac5b2ca3a1ca8358c72481
parentfa74628bbd3e606386536383ac25f0c7d0ce52a5 [diff]
terraform: add HMAC secret key

Add a secret key to be used for computing HMACs of IP addresses
for vuln DB requests.

We use an HMAC (encrypted hash) rather than a hash alone to obfuscate
IP addresses so that no one can check a guessed IP against a hash
without knowing the secret.

Since no one ever needs to decode the result, the secret was generated
once, stored in Google Cloud Secret Manager, then discarded. It is
not stored anywhere else.

Change-Id: I9c24b2f2b8eff38ce9bbfdbcf903df665a494e88
Reviewed-on: https://go-review.googlesource.com/c/pkgsite-metrics/+/483037
Run-TryBot: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
1 file changed
tree: a5e84de88970cb3ea0ac5b2ca3a1ca8358c72481
  1. cmd/
  2. deploy/
  3. devtools/
  4. internal/
  5. terraform/
  6. .dockerignore
  7. .gitignore
  8. all_test.go
  9. checks.bash
  10. config.json.commented
  11. CONTRIBUTING.md
  12. go.mod
  13. go.sum
  14. LICENSE
  15. Makefile
  16. PATENTS
  17. README.md
  18. tools.go
README.md

pkgsite-metrics

This repository contains code that serves pkg.go.dev/metrics.

Report Issues / Send Patches

This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html.

The main issue tracker for the time repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/pkgsite-metrics:” in the subject line, so it is easy to find.