hashicorp/boundary-plugin-gcp
1
0
Fork 0
mirror of https://github.com/hashicorp/boundary-plugin-gcp synced 2026-04-05 19:09:40 +00:00
Code Issues Projects Releases Packages Wiki Activity
No description
37 commits 13 branches 1 tag 379 KiB
  • Go 100%
Find a file
Exact
dependabot[bot] 5677905e16
 chore(deps): bump golang.org/x/crypto from 0.36.0 to 0.45.0 (#33) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.36.0 to 0.45.0.
- [Commits](https://github.com/golang/crypto/compare/v0.36.0...v0.45.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-25 22:07:59 -08:00
.github [COMPLIANCE] Update Copyright and License Headers (#34) 2026-01-16 15:54:58 -08:00
internal [COMPLIANCE] Update Copyright and License Headers (#34) 2026-01-16 15:54:58 -08:00
plugin [COMPLIANCE] Update Copyright and License Headers (#34) 2026-01-16 15:54:58 -08:00
testing [COMPLIANCE] Update Copyright and License Headers (#34) 2026-01-16 15:54:58 -08:00
.gitignore test: Run unit tests on push 2024-07-23 19:37:46 -07:00
CODEOWNERS Update CODEOWNERS (#22) 2024-11-18 16:36:43 -08:00
go.mod chore(deps): bump golang.org/x/crypto from 0.36.0 to 0.45.0 (#33) 2026-01-25 22:07:59 -08:00
go.sum chore(deps): bump golang.org/x/crypto from 0.36.0 to 0.45.0 (#33) 2026-01-25 22:07:59 -08:00
LICENSE [COMPLIANCE] Update Copyright and License Headers (#34) 2026-01-16 15:54:58 -08:00
README.md feat: Docs (#15) 2024-10-29 12:52:56 -04:00

README.md

GCP Plugin for HashiCorp Boundary

This repo contains the GCP plugin for HashiCorp Boundary.

Credentials

Service Account Credentials

The plugin will authenticate using service account credential when the secrets object is set. By default, the plugin will attempt to rotate the credentials. The given credentials will be used to create a new credential, and then the given credential will be revoked. In this way, after rotation, only Boundary knows the client secret in use by this plugin.

Credential rotation can be turned off by setting the disable_credential_rotation attribute to true.

Service Account Impersonation

The plugin will attempt to impersonate a service account when the target_service_account_id field is supplied through the attributes object. The base service account will be used to assume the identity and permissions of the target service account. A temporary credential will be generated for authentication. The base service account requires the service account token creator role to assume the role of the target service account.

By default, the credentials of the base service account will be rotated if
credential rotation is not disabled by setting the disable_credential_rotation attribute.

Application Default Credentials

The plugin uses Application Default Credentials (ADC) for authentication when no secrets object is set. The plugin will attempt to retrieve the credentials based on the environment.

Dynamic Hosts

This plugin supports dynamically sourcing instances from GCP Google Compute Engine.

Host sets created with this plugin define filters which select and group like instances within GCP; these host sets can in turn be added to targets within Boundary as host sources.

At creation, update or deletion of a host catalog of this type, configuration of the plugin is performed via the attribute/secret values passed to the create, update, or delete calls actions. The values passed in to the plugin here are the attributes set on a host catalog in Boundary.

The plugin fetches hosts through the Instances.List call.

Getting Started