From 35fc52c29fcc225f47967d6a83b2025f3f892693 Mon Sep 17 00:00:00 2001 From: TzeYiing Date: Sat, 14 Oct 2023 02:10:44 +0800 Subject: [PATCH 1/8] fix: recipes for encrypt/decrypt --- .gitignore | 6 ++++++ Makefile | 31 ++++++++++++++++++++----------- 2 files changed, 26 insertions(+), 11 deletions(-) diff --git a/.gitignore b/.gitignore index 64893de14..b18bbe1e3 100644 --- a/.gitignore +++ b/.gitignore @@ -67,3 +67,9 @@ gcloud_prod.json .*.req.* !.*.cacert.*.enc !.*.cert.*.enc + +# DB ssl certs +.*.*.pem + +# google keys +.*.gcloud.json \ No newline at end of file diff --git a/Makefile b/Makefile index 72a569e03..3d8a1635b 100644 --- a/Makefile +++ b/Makefile @@ -48,19 +48,23 @@ __start__: decrypt.${ENV} # make decrypt.{dev,staging,prod} # Decrypt secrets for given environment # make encrypt.{dev,staging,prod} # Encrypt secrets for given environment -%: %.enc - @gcloud kms decrypt --ciphertext-file=$< --plaintext-file=$@ \ +$(addprefix .%, .json .key .pem .env): FORCE + @gcloud kms decrypt --ciphertext-file=cloudbuild/$@.enc --plaintext-file=$@ \ --location=${GCLOUD_LOCATION} \ --keyring=${GCLOUD_KEYRING} \ --key=${GCLOUD_KEY} \ --project=${GCLOUD_PROJECT} + @echo "$@ has been decrypted" -%.enc: - @gcloud kms encrypt --ciphertext-file=$@ --plaintext-file=$(@:.enc=) \ +%.enc: FORCE + @gcloud kms encrypt --ciphertext-file=cloudbuild/$@ --plaintext-file=$(@:.enc=) \ --location=${GCLOUD_LOCATION} \ --keyring=${GCLOUD_KEYRING} \ --key=${GCLOUD_KEY} \ --project=${GCLOUD_PROJECT} + @echo "$@ has been encrypted" + +FORCE: .PRECIOUS: %.enc @@ -73,26 +77,31 @@ envs = staging prod .SECONDEXPANSION: $(addprefix decrypt.,${envs}): decrypt.%: \ - @gcloud_$$*.json \ + .$$*.gcloud.json \ .$$*.env \ .$$*.cacert.key \ .$$*.cacert.pem \ .$$*.cert.key \ - .$$*.cert.pem - -.PHONY: $(addprefix decrypt.,${envs}) + .$$*.cert.pem \ + .$$*.db-client-cert.pem \ + .$$*.db-client-key.pem \ + .$$*.db-server-ca.pem $(addprefix encrypt.,${envs}): encrypt.%: \ - @gcloud_$$*.json.enc \ + .$$*.gcloud.json.enc \ .$$*.env.enc \ .$$*.cacert.key.enc \ .$$*.cacert.pem.enc \ .$$*.cert.key.enc \ - .$$*.cert.pem.enc + .$$*.cert.pem.enc \ + .$$*.db-client-cert.pem.enc \ + .$$*.db-client-key.pem.enc \ + .$$*.db-server-ca.pem.enc .PHONY: $(addprefix encrypt.,${envs}) +.PHONY: $(addprefix decrypt.,${envs}) -# OpenTelemetry Protobufs +# OpenTelemetry Protobufse grpc.protoc: dir=$$(mktemp -d); \ From d5fd1df1550ea9e6c9ac274cc6dccd8fdd0e47a0 Mon Sep 17 00:00:00 2001 From: TzeYiing Date: Sat, 14 Oct 2023 02:11:32 +0800 Subject: [PATCH 2/8] chore: rename of gcloud files --- ...cloud_prod.json.enc => .prod.gcloud.json.enc} | Bin cloudbuild/.staging.gcloud.json.enc | Bin 0 -> 2418 bytes cloudbuild/gcloud_staging.json.enc | Bin 2418 -> 0 bytes 3 files changed, 0 insertions(+), 0 deletions(-) rename cloudbuild/{gcloud_prod.json.enc => .prod.gcloud.json.enc} (100%) create mode 100644 cloudbuild/.staging.gcloud.json.enc delete mode 100644 cloudbuild/gcloud_staging.json.enc diff --git a/cloudbuild/gcloud_prod.json.enc b/cloudbuild/.prod.gcloud.json.enc similarity index 100% rename from cloudbuild/gcloud_prod.json.enc rename to cloudbuild/.prod.gcloud.json.enc diff --git a/cloudbuild/.staging.gcloud.json.enc b/cloudbuild/.staging.gcloud.json.enc new file mode 100644 index 0000000000000000000000000000000000000000..87956690522478f65b5e6308bcf3f83505a5c53e GIT binary patch literal 2418 zcmV-&361s&BmjAS{PR_Anr2WecookxftVMYWq8E`n2VUH}&iDkk5k66}*)8ZQ601$IQ@S zNf&<@8h`9V`y-W^ET4IvRa&giyG34F)culSGT-iHnNn`0dTEq59Jw4LWl3Kr-hUwD zv8xPz+FpAFW8&~7mVgE^Qt?3F(h68`;Jk3%;dXLeCyG)3k4DuvfB?_T&~Oa3!r-Th zRbU9n1GrV5A<|CkNVos?+;~dLr$Ac%@VYp|7Sjqpi6W?K`?1SxSm9UFtRm$t&(}?X z7+yM{T~NTT0)H)@`xa(OVfH6@kkgy_M{JByq_=L$05D!4Vf5zeM<|txN(t|Gm6?M{ z+PUph{TN}1VSAoE8g=4Xg6qM9Rx>dV$aRFgv|J9P+TQ2`^ zbQK=fj>v;@q+(pm1$AZu6)x>(x^3axA(B_>mSYNR5U8Qnf|;b7;kAG_nA>~uk}2B+ z^zr_@(p&Wbvf^C-`klZWNi^SVUb9vi6vY^2T8}1nZWY)w!OCRp%LcXZY25S@nJUYy zCp1isZcIcg7;(+NCZ1ey;m79%f8h5&i1vm6%i|TJ7`*%qDOm-zWoPfn1~OQm-w@Hl z@J{FF%XuHUQR}@M5a-`1dyC2$Fwt6|iVu?yXeK<@`jF*4JJ_|2%Q~z&_P-0D-{LbL zv4hMr6k1NwR&%uZgXaqKB#{2B?J)#V)VKQxZ{HbBFW6q%SbF|icU0K79YH`KB%@bF zJYJRVcGa)~aFtF3#+;VgFfXtbelyY>ecFq$7u>u4gPU=82iA87vU#cWs+@7fqt2d;ULN6~uPKkwaNnJc_imAw0W*i}BulZLP&{Kw z^2$iuNC6uwN=dosHE1I%eH#4oQG_`o*@k!lpe1%4qR8Aor>sv)3XR060B-~Cb0cX# z6$E+5(}j9VmySNUR^$gs9<|pT8>SB zd3;*YB9Q0SYpl2|xv9tzO+(w6pCrdaU?$WFi+9-+HaCG+>vN(H;A9fNkI-?(Tt>7; zL9I#>|0QVht4t-AxJ$f2Qai~`Vc#AB8`HXiCbz+YOKfeil0aJcDG2Kn!md0a+xp;u z2ikH4!s);j0VRP?b56ap=#<@|h_Co-+nq&v9;^)C$pEZlo{S98eWtYIUf{hCD7UR5 zu$n2bfXVfB-Fq!pV+EnI&FT)8AQXRyfBj8DInB}+Rs1DgohR@0FJKEXgExEVz<9&D zb1Op{P?!(h=}maW(Q&7|VDr*I+lgR|bF`XX?mdEbePJDy7MYIyciBy#5QhU=BFf4Q zeI}{mQ^v%87*1Y;CX4u z4(7@-)(v$A7u8LuX8-;|#omT5-1Dv~6QWkBO9dkkY30Y}TO3-{OGI;~{;YWeR&J8& z*KHamDIeYt08u!7Lhwz=R8(nUv%Vr8{9@C$SjW_VXAi0~-Gu$TSf{3HT3#pH-BSG2nz+!Im@gxtPsmi)Ai*|0;@4a{(YrlM03HhGWx<~ zz3V_47oaQu3%rg?a$QDv&E1@H{o#Ym3HWt9Hn_|V3Afx8%U*H#kFWD2qi|XkO{j|G zb4j@{4xW$XUEF&i1xP5Z2$-}pgDcg@Mt$Z`#e;qZ(b1=Q;E8no**S;YCHdpoNTz2m z0@+!QeAZVayp$u~@Mus`*fH0#t$ z0JTb28PmZaS5O#Iuga+C)8KadkRAhhID0CF+5je}+0fSG52D}Yroe~$MVah$NgEV( z>lj+X1xyi^XF3;TH=hZS%byhUd4AH=R}#!$(&kySYs;F{u|A~rP#5byn<~Xf21gGF zJYJNu1@zvh-<%N+4wlG2eN`xF3PNTW&_j`APcuaW7f)Uj^*RSP5&-!)DTs;F7cf~W~{kf;r8eKBM=PbvztB;w4`?e%pL=+0&NJpC%^RpYpA=` z=xWn3cTaQOaqsHtfSxgzSN74ubGp5l|pK zJ6DA*Jt-Yi#kOKRw|sZ_KE`s|I@hKnE4_OuB61AC%wU)embt|HN&>)GRZ~y=R literal 0 HcmV?d00001 diff --git a/cloudbuild/gcloud_staging.json.enc b/cloudbuild/gcloud_staging.json.enc deleted file mode 100644 index 451070a775d579501fb2103275596f56a0b902fa..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2418 zcmV-&361s&Bmjs?ggGuE>Dr-f|ZnskW25hQ_S4pi4w^Y0O*)K z@Lyj?m5-G5;N^59m|j@9<$0~=@9xZFtWWOiptQ$@5ad_Q$aVvY_sY5Y**cJN=l{U1 z@L%;=1hH`IZzaE;4=^-5!k0v2Ydp0X!pN9bFPO{7{AXOaH{9qq)f2~!bUpyNQUMKuWaKX+PiQ9v*cjFA3_jw97Mi$wYw!UBjnqP2e>c&t(q@n z{qsQwb1xZH{L)9NSReyNsOjZ0AtR1f4;zCkiW-KdrNb{ed_*-zOBQh`GkE+7!KKFE zp`TR0Ik5n;A+0tltDHLnwdmhADF3PN_#p<$Je?~wV1ptPu{D`k1I&4^K0_0xOY&J~ zACP+rF*nQCb!;c9d-hF6|3Fbp8;|(v!R@Qk(v9toF9(Oe;)hLrtN?_hZJX66`R!i@ z``W(f0&-O@sfN;&dwCv3d*ON?`Y6mW@AD-Au@cjZm18SB{E0-!@88}VJ<3Uva(vdiE<%)8)HNLEj8a1 ziazYg#M|&oHvCW7zy<8au#oL!dC;l?T(c^=g$?UXq*QL>g6BK43PMpAlNqdbMM1;0 zBOv>@2hOJPKf#d99O$vvLh~g7KtJWFE(Bu(g8$E-Jrc0u4>!izRMpV81`3BPbiUvFq86S!- zV-$jRlZ1Eqdw!0V4l+Eo3R)KKn@wIfVW<+yZb@z)M3@RePBX&~MHn@L%s8mGFTz}W zw!PrL4AGsWs~^Vuxh#5boj!r9AH;j_SW?)zr)Qe$R3XD);#sHVBhp);rK);Cfqc%- z6>6*AD;q&s*xF6fLaYi3s@EZCmL2-H@Er^WVHJ%fs5KyU zXDumTp*Qo^eubxJORjIfM1AbQS5RQ(KV`ZO+fav=({XO1koi1plv)bUz!PcsZpkuBEs*`Y&4p{+__g`iz`e|v$vN(korv%8g|;K~?qe5z?!29Q9i!^m{=0h$~#wG0_jH0g+| zXkQd>^--!6Y$4oQSPV~aHc^npCU{_XId$bWi) z0btm4AraHvu{F7Ns1NNrDh%C}_UBXt5w)ibFI=H5eOc>;cPO3mnC zkau!KD~3fap9Wwuzm5)Tpvv8bXQ~1}G=nq(OUP{TjT@K~8$xZ`SVw>*aF=6*l%xP2R>TwR zh3)&FuToukqEBif#neuv_S((ZS{UUmOts&6E(&>e9nkFpUGVu`bfpHE8}vtP~B^kt>|sTu!HS(6U3bwyFSMgYrp}L->qZ=aJb* zjS_pi06ko;u-; zH6Oap*}D125VJ{Y7OVqMkEhrxRsuFsj;egDx7cnR`|{ArH3!t#>d(rEyk9$21mt3q znl$-5^D!qYf1?b}COv9MH+i^2OvcuVmG`0UUM5Y7Q`2P6Fn!ssP4@@#noeoE-??IE zU`z(0xp;~31Y%C@jmX9VE$+u#bg}$RFuK~K-KEhTQ^#;gYKP3?#D0f`*P?a)Hji2C z9pLNbsQ>ndPEB?0HXRVA<3b&!vIzI?JNuF(m%4-9ii0=g)oWZ%x7)x;uQJ>VaT6XH z@bota>2N%MEKwGW?)@__Sj^d87?)%$kQrLBbcc|IxX6pkYKK*^2tL+hNvz@-l@T3e z@{CuKtAj+m9eRrJQeYlF&`<4{`@U-3VSFTQv~*?IYlm`CS2#nP__3+AGzfu#!$v6) zU{ThhdZC@tn1Cva8R9_yGhg*x=bU!VJ3-Uja+-on&`BRjnTv^)is{>#E|Y_BMUWTk zw;u|k{45)L6=*~>nOYtNqPKK(*-!N_6gQYfZ8X*I*Z7_^n_+BmR~e+Y?0cw!Uk=9` zMAuz!>$B*?&&-U$*e)BskN7)7LjJaTi1$19iii7LY1D!jzW!ME5tQ~HjF?+nz8iHT z3QEJ=CTzM!tTy45P-z7KN6(Bnn^mn}`A^&zP30U%*4t2sO-YT`S4TR-ZPe*ILW{Q&SY5P34S~#d~8yRDS8sk2HYI$K{OnlyDR$?P7-53}WFj z*LbO5DrZRVwClts!2f$ZMa6bgwAw(5Ey8}S@NEG6VH)c~r;6&U^9}qwxQ_e}Ydj-A kL)|iUw~OctRz7}qDY5;wRLWF=HOuY48#Uw2IG`M7UfB1v4FCWD From 010b1e13d872ae9e843ee14069dc1b865b550fed Mon Sep 17 00:00:00 2001 From: TzeYiing Date: Sat, 14 Oct 2023 02:45:51 +0800 Subject: [PATCH 3/8] chore: add prod ecryption variables --- Makefile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 3d8a1635b..2715aad32 100644 --- a/Makefile +++ b/Makefile @@ -48,7 +48,7 @@ __start__: decrypt.${ENV} # make decrypt.{dev,staging,prod} # Decrypt secrets for given environment # make encrypt.{dev,staging,prod} # Encrypt secrets for given environment -$(addprefix .%, .json .key .pem .env): FORCE +.%.env .%.json %.pem .%.key: FORCE @gcloud kms decrypt --ciphertext-file=cloudbuild/$@.enc --plaintext-file=$@ \ --location=${GCLOUD_LOCATION} \ --keyring=${GCLOUD_KEYRING} \ @@ -75,6 +75,10 @@ encrypt.dev: .dev.env.enc envs = staging prod +%crypt.prod: GCLOUD_KEYRING = logflare-prod-keyring-us-central1 +%crypt.prod: GCLOUD_KEY = logflare-prod-secrets-key +%crypt.prod: GCLOUD_PROJECT = logflare-232118 + .SECONDEXPANSION: $(addprefix decrypt.,${envs}): decrypt.%: \ .$$*.gcloud.json \ From 7fdc7581822e077b8374d78a7c0d24ada881599d Mon Sep 17 00:00:00 2001 From: TzeYiing Date: Sat, 14 Oct 2023 02:46:19 +0800 Subject: [PATCH 4/8] chore: update all encrypted files --- cloudbuild/.prod.cacert.key.enc | Bin 1792 -> 1792 bytes cloudbuild/.prod.cacert.pem.enc | Bin 1755 -> 1755 bytes cloudbuild/.prod.cert.key.enc | Bin 1788 -> 1788 bytes cloudbuild/.prod.cert.pem.enc | Bin 1170 -> 1170 bytes cloudbuild/.prod.db-client-cert.pem.enc | Bin 0 -> 1344 bytes cloudbuild/.prod.db-client-key.pem.enc | Bin 0 -> 1762 bytes cloudbuild/.prod.db-server-ca.pem.enc | Bin 0 -> 1356 bytes cloudbuild/.prod.env.enc | Bin 2898 -> 2898 bytes cloudbuild/.prod.gcloud.json.enc | Bin 2399 -> 2399 bytes cloudbuild/.staging.cacert.key.enc | Bin 1787 -> 1787 bytes cloudbuild/.staging.cacert.pem.enc | Bin 1771 -> 1771 bytes cloudbuild/.staging.cert.key.enc | Bin 1786 -> 1786 bytes cloudbuild/.staging.cert.pem.enc | Bin 1177 -> 1177 bytes cloudbuild/.staging.db-client-cert.pem.enc | Bin 0 -> 1351 bytes cloudbuild/.staging.db-client-key.pem.enc | Bin 0 -> 1761 bytes cloudbuild/.staging.db-server-ca.pem.enc | Bin 0 -> 1354 bytes cloudbuild/.staging.env.enc | Bin 2458 -> 2457 bytes cloudbuild/.staging.gcloud.json.enc | Bin 2418 -> 2418 bytes 18 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 cloudbuild/.prod.db-client-cert.pem.enc create mode 100644 cloudbuild/.prod.db-client-key.pem.enc create mode 100644 cloudbuild/.prod.db-server-ca.pem.enc create mode 100644 cloudbuild/.staging.db-client-cert.pem.enc create mode 100644 cloudbuild/.staging.db-client-key.pem.enc create mode 100644 cloudbuild/.staging.db-server-ca.pem.enc diff --git a/cloudbuild/.prod.cacert.key.enc b/cloudbuild/.prod.cacert.key.enc index 71219616e5b4cdd29f99fdab264f5f5e9bb79ff8..308ceceeeffbc72e6de66da77cc9339c591d6720 100644 GIT binary patch literal 1792 zcmV+b2mkmAB>{NyN#?4@P0nmM-vh?!`U!8E&nLy^deRl*Y14FKPC zb48rw%co7m3V4(zA?iB7Bp~=<07-T_+25548zTbiAkr(cPqNoD|3vk(=h*1A;v`uO z_|Ra{#%tlA_PL5x!=Y+_S^J9DFB+z;Aj@HUhb`T0%h;TDR@0Xh*Go^6Po_BuNhf&$ zjsp8F2u6rNw5SB|8fLAtd3O(nT{gZkCh%F<_R62vF;zz1ik0~?Wbzg%TNZ{KfJZW3 zTvrkp7wq&(kC(tU!M&&%3PPDIKh)FW`kv2h#3DiDr;x@LFJ8{g(nj?|RTHW=u{GPy zib3*B$5Z4prf_(!iTt!L_iugi--OD0tT>cLmb5cX|Ak{m)9Q!DpQYZTU3gr5lULA7 zjqWQyB3`$YNK0Sj=z_tEJpH#$CjttZh=0ZZ%`Qw_VRpL=Bp^+$x%_wPCshiHy**Y8 zA+ts7AL5;Dq8Qi#hQntxzZYs0L#&(7_}%eJs8USzjGY0HF5d>NtQLD`(i9bsLA%ZH zY3sst6@K^$o6>q~f7hW*ZGj;uDZp8-$8;3T7tiU>jcY_N8rhUT61&x|v1_7-0m7vI zjnw^NYh}!0Rs~1EKBCGi{;MWD{K!9gXlll48LNdvrSpUqBf8n7<~iY{Inb^}{o;dm zZ|Y5rU@T!W59dP%a9aGj4R%*{1$a*l6B6(ug^STOe+a%PTmWQ=bBJ?&dr&}vH4b6Y z`UbFbky@X5P(b~)&{Ji^X#Dckqj3o(u!}Kh^)$&nR0DOcgw<&8957gckGSNdc7nYj z@nvMRN_C)cCzV!y$MKIu1^q5YZDp_#%qf>}0VDvdy?xvxY{uzb@aA;E$P zep`5VlWv??xF}Z3H&8W|uj6^hm;{pjgB;74)uuycg;JlLWyaveLq5^m6-2tyTJ5f3g{iz}SfoK~V=2+DckMVuO z3dJ0;$H}F$928ZY#?1C~60NW1KfYFxw>hjVr{ivd{Yv`V3#d{e|Ra zsw|$fKUQOTAMtWC5WXzo!dimjJ=C>Z3Qiv)*NAHjW6%Rwcy3R3;me~`q*nHw?)@@V zhVb6@9!uyCq6h8dg4q#DB~iBj=R4O<+hwF%O02d~f z8<(*~7T>*?p$bdsAi&$`VZaNW(Wl1r4)0{MWi}t{Xsq)qb)`y?4y9Z^IsMlNd2=cS zXlbleD^Un>uNL%dn^3*@xCo$C^n%Yw$_?=jc~nX`SKZ#p+4V!R7)5`9;oQ9wA!JPn zJr`Z4q{dGCp&mu|s7_-i$_MPi0Ku{wAgRtqg5Jg!j;o*EqjW#?2g0Psg~4YFD&!vk z2xe-XjxBq^fk^sUL{z43MzgW5-ie)SiK?&`)%5ym^9_B=2V>yW3>oX_lne(Igw_S32^3&YA+w-d2TQ# i(}%nF@TpLbki}g(1RRFatSE&n1&k}2UiNs-+M$9G=ZCfc literal 1792 zcmV+b2mkmAB>Rj7-UD_OHg681Q+&d>URDXwa=g|*u>F6OSk-|BeDiwWO!M@u(V)7I`u=^s7K&P*^tT{kgQOW+*^k|73Wk#eR2tuGCm zu&r_q^OiZLkz$>U!P%2PDJKYvkUwLx&O60k8|8PiF$-O`aj!SCs*P$pc#qafmnhtJm|oJg=GD&NNt=4d=M zmxPcHF!9U^$SPPei*`FX;oa4dNc~q-4R5isa25hsomCGS`z)iT@^OkQE3l0Z4v1O|eL|8JVOC>%ro264YWX)LOxb}& zV9sa3HoY-iHxIt0Jz_7H3b$4P!iohtNZ;emwTgWF$*ws1{MzSu1Q{jZt1k*2lMbpt zL(Mwd*7Kennwn!0?-MK9Y`&JsUb%kbT*C$p>2pfc2^!O^$Aw7EN%y{4OdbaZZm(aZD1}+pz*m!7tF{)iKyf6zKdHds*+aBPpr=#= ztwY^ueGkgWIgo+Z4eqtoje4d5K!*QUj;o%ARR&+0#Mynz8qRr z87CU=VxDI72CT9jfKzCcGAwU%%Gw<>(`a$0Bc>J!lVS@Sy5Cf+^HW*B@KL6g)jJEf zwiB6k;7(2`)yA!}q-7p8eYoDMe7EnzVLR{XVJm?3shorMNR{p9loiFo2Z%V)+uS;h zK(r16ctJ8@LfvA}=buqF+|(3#>r1q5H#u)3mJNUlpv0%0=qQsq__wHg`EGV20fbe6#Vr~V%2Preh}w*Z4SZal9{cwu%7+o z-dG47m&G}gHPU8zpC)XYE!m}wqTsorGCSm@tckfEIaC9{LE+Xt6wEJjuG_ZDbuhi; zew79lIw&#j1NKEN0<9hn}*)SjQDmmwqUq??S!J1hp6k*Bo);me9$sPhVwRp zo8hTvzBfQH0}_o(`YyJXd5O*e11EDSZ<0JaQA($1DT@ZOMs;C=rF6F4+|ho}z}Q-` z^h=)_lb0v}%O2=`k%=AP9dY6^M>Is)*ZA|Zaw9s;6gINXHQ(-FRY`HnBV-vmzQpBg zXh}2!&p^T;H+)D#)X1?8LJhwv_c?nnw0F%j*$V7A;CeSSII@t6 zM7xCY>7tFU95umNYN*Ma#KKyv2wmBXa7sMS{<=E^G+@5b7Yhf-#{v$04e(v00xhs{ zX-4>K3n{zJNdIUh63Qdwx$Iw{K!f(3y9*frQ|QWlSpUYSH0f3T^quRY7PSCiH&WLf3*k+Wz*f z`65XO4V~z;*?7b3h)R1ROoS`cOniZjRN^ZH6H6DX5BCoG;zg;M;|PlpP@Em2!i`4X zqF8=)CTj;|3RUW0H-|-{N)w3wC~2!4iM6SyTmR;LFcvPAT_SZ~*Q?u0tJHby42;@P(=Ogp;utJXys7-g0ID diff --git a/cloudbuild/.prod.cacert.pem.enc b/cloudbuild/.prod.cacert.pem.enc index 1e6bd8d7d75b17c417128acbe33837af179f9194..7f412e823e40ee00d40f3ae54f23de8167d35bab 100644 GIT binary patch literal 1755 zcmV<11|<0kB>0jNGgAnK)sv2gc>6?AyahK=ky(`xo!6R`(LI4FKPC zb49(T7e|@2Y2VAoM62nme_GMQTe@yh8Bp88UcpF;;QTek*Gd;1S$;{9FQqcZ7Ny*= zhf_F;c43&fi#dyf`$F%}eZx}433}GN%{TI^PWk}Jor!)_7XAsQ!x5$$oi{eKAtIHS zig_ee>*>P~2MrDm!}OI95|QnIl%aQYz)s}ZAs%4x|B=WvyfFJpz=Fv}@Qi&%E3TRl zD43(-RM5OK6(#C`dEvfSWSWZ4EBaSmNBW2YOQa8YfjHZjHZ(9^u3|)M6W%M3SiP!8 z_5O<&YfNX@GK3@e7A9^jxd`qyUmGwvO`y(jToDY=!^u06xRgc2GxL{$^F&HDkxw4`Qo^K@N(ex{75g?M)1iaNdgK|JxR+1Qj@zI z1ik)YDYOrUlT8r1_?Smjy2lOJ{r6F9bzv_-8KY$v>mp0|!c&3*NlXV1-Z3U=i4~_c z6=p5#Ps2x2hSECv-b$RFRsT{D74~|l|6ev9U_2s$jmlGbeM$}p=FncZwDVkn!{xkk z`1T=$J^&V%PYyr3>#n-mI9m_cRnP9olJP=By91n#)&C9Lt#xJP4|E7-UEit6; z9||~ySaGJ~vGlE^*wj)-Td`L{PP5Tq@YCgg&$F5uRcU@-p z`f&V9lPeOV_+jf63U(SPc6Y$5UQ);BLJJi?%$R5*I)v=hp0@ zC^W(Y&yQu5t5?lIkR8{>%dd@LM@eVF3DS+zWGd`jcyo2IHo}&UyDPZ& zX>PwbFJX?Sc(-QQXStrq3Af+4U?=Xdz6W+w(+BMA#8|a!{D!PJAKNGoYM<2`uc;(RrX{Xs01di46`5(SjI;DIfLXx_8>+B zRVZxM20Nx0F7@I$f^&s5>U@C}ei%GBjwL2>UNn&&X298);@xYzv+2mYZ@Sa4i~?t3 z_~1NMoKDl~5{VbDq!SpaeWW7nZvtcxvUm(tl90eKRkkBo*I8&~tkrfBR~)cK*a`>i z`9cdmD@{e464P|`iL<$(?nQjRRydHWOW=~Y-?eMh(R`y`-217yLYWmEP-WwPKWu-v zoWU}!(5bJ~6zX%JG;rLBKG;T_KEFaPeew|Tx5*1t8^|lbp2QfQvhkek{&)GPThcxHkM0U=m-due=8v*^MY` zpyN<$dkvO%UdOx?k`!N}s>@0{(9{QQz}VuI7mk&DP0Tw1fzewN`Cux~V=viVhu5@- x4XOdI6`>l_u;j(62@B$lma1g$1cO1J$C3)Eu`@wgJP4FFYZ zC>VzUHeLvK?V`f_Y+b?w$=fl>(xU|RFU^=>G}oU*9ZcD_nw3ObLfQf%lw81t8a16I zNEK>%YOsbaZ?s}ry(r(~x|rXNUkPzG&&{;7aa7bsW@HzFeQ4N6`ngxj=9b=>eh+`c z!V!Tj)@47*C%@vd{2FfK<`2==&%f)_e2Y_eV4H+N*BT&-Y(2@KC5mC5tFr!Y&qy@? zZusud!XtxASDu7XkRy%)7%sT;(XJ(sxrG`<9dbt<$S39WR-qaQoy;nZo$NO#D;r1{(YD}*K9c?X~++e9_@ zh`T{8yB3?J8?%Q%7$S#TVL&d0RIMO-nKRB2@J-^q$xj{8)|5LB-mxWj}B$W zf8wJ4YP}sn*X4vn{RhK24@`K{X$00a}>j^D7n zg$1pB_c?s(eS^;Om*2EZWM|P)7VgGW3Hk+b?)cOKB0?rc*8f9qh*i#~p8b1xSqP$u z(+Q|lXGls8Oz`fs)tZlLt{_SsxdN6}@Ze1ZK&N|*(I2sN_X-gjQyaZgvpPox?pY49 zfw-$hpAb4CcHH|CY9&Zu7q^@O7fQKB8+xNiS`q=JMHakQN6#^Mo)!<~Ehb?)joxS^ z$qyr9crP!;^_v(OY^#6_)crtM8c3gvRYZ4o>!3^b^W4y?<^PGC_el$qJVDM@*%YiMG$;s zz4+EcW{*!J_(P5G=~@)CQQ5sif6#{wDt%h>`eVi9(jCQ9EjK8~vawFDH~3oe(#gRC z-eWe3F{r?(XJgT!tfWoBjxk+GZkI29((}FgZI|-@FBGGZXV9fI6R)T67Otk%BniO^ zKh5(TI==wTm>AM_2s1E;L9g{&NiK$VIsc1h_F2P)QW$>I><0HhX&YzJf& z$Fs@InJQ*u>8yCzrNxk=`4xKQw7M}SaDA6kXl2A#1r$b2G9SB`xm;nT#_E#67p(tb zQRG5Fb1P&rgVUq+gR>zr4HcLB49}2Nr?M<^LZW~!1u$@NK!>s1;Z)qj{;v2hmttvI zkYmU*FY>K{42xunSa&`=yITWz@S$?XZ{4IT9GzH5;HrR3G~IQ;)BEdEHMGPLFx*0r zlo!w%H4~+Cev89148hTR-@Nhb`NJk=U;7iy9XpSSKa` z6_bVEZdt)2F8hr|+{2rHXWhaS;)MTWysfJ)H|&@NCAf#)t{ad(^M_e;$AUIE2M-Kw zX1fO6C~=IBxs=pC9xFZ;cb1fGA(RdAu#l};=2+yu616O=9LlZa7zzAR!(ogOM=0o6 z{X}+@LBtQfzEt+rA2RZHY79>nRNq0~oM0V`ya61vrQv+VUK7W%gO~&7-GOBC?MC{j6 z3Q6lYx)}BsWsn>nz{fa>h>P_q@kZJnUB)k#ym_nkz|l5`+mczJ&2b?a=bopjDoZv-Ub@`8AD=u9sigw+ zgYl*^*N8XuK_CV_^Q5-V_pZM8uBX$iGVRq&y4xpO4z&q4fCKWB3PaI5%Y4)Auv z4lxpdd0YOug#m!I7I$3lE`WMJOVLSOZ%y?SbL7QkMGb)zN~T6^X@`eT-uEQbX)H-1 zDH9)=N<|AY8Pw~S+*NEbwIM~h&7%ou{6?dHT-S2|JO>~* zBODp!0A()&lZI3uOxzq{bpu}{x70UddqJw~LLX0J{r3OMnS-|K*iWMDoBlqS^?Brc zGacFU5(Vp{j2l3RK6E;>Q@n#pj|LX!JeY$@1oqJh4IudszM%eN-Y}fDtL=_M*pY`< zBBfrf&{OIQq?;Te@(+NZ?g>uQ&WZo3c zIER-ts6MY&NJIVymj%3CWj)xaoLwb~=>pkRHEru_^xwI0l(N%V2pb!?1~)GF@Y7go zH?>1a@_})>=cj|4EI!ffs__ON=qj6m`pDHlKLdtP2RgJ-0gGdl5WNwt<^ydrUS4#k4RcEig&aP)^Qw&<-97<#pQnW2EDe?D5 z&GwXZ9WJv!N7A>*(6c|_%2LZ5H=nhwcDgJ(2HbF=S&HdQ6z*4I4~WL3j=I~e9Kc5M zfRAP64PQ08g@;bJs((1Cmy(o0pi;_si1w3Zv|kI8AfhZ)*N}N}_Xqit@tQ}IJt*nt zC-!Yx+iN{cY*f%z@18^4sCzWCaz)v2M0Q2ps_i^!UST8F5*Ljt?P%zf%mYaRGDxDi?a@9^F#T$Y1<4=kGHijVQ>+Qd!r3}lS zA9$%ve)SQeYZg_p;>tvG!yCbkE*cEbUlml3GAx_B&SGN3Coz*=3B+MOLZoNnlmp0H z5VcqJZiYu8cCqcyv>_7!hbq<<<4wjIOy?bYp``ku4F0GH)sz~;#U5kS~}!w?+5 zK%v1HFj4zftPtNFVN8#UAfweE8p6iPlS}*udD1nvU5}To?1<1PSN|BpWmC_OLxVJ#650Z=@w6o_3O(h7B?CRmLWwtnuDCIJt@V|=Izb$xakH6_1ee$PCUI(AOL2n1{D zWl@ToDlQaNZ45>~#gWhfR$9!jg0KMKIRrv*+;%#z5-ti2D`yek4;%P+xPC`G} z26RLw&TZK)!i(7}&)K^*+O>%q2Gox4d&W@`5wqjFsYxdQ=d;ZYaIKWEK$AtdVR>7Uy8&P<^(ME})`;LvvD^6{$i=%? z9HM4Dg`Qe5ArBjLvxz$}2NA>4It2yh?i{5kwwu^D;n(FM!p0a>&8||s^>>Y~>+ujn eQ#Iq+(w|4{!3)+sueX!uwDe%B)Gm%0jGgY75^Z?^ literal 1788 zcmVY-mVn*{v#iAj&zR)RLSTv}DJ}%{E*_r!es_kWL@qLdPz^k7Mko+C}JoMQ{OX)v+ z>Q+z5-L}+wa|*;(`c#qE+~;qA;-qdP!W&bv9-IRHT~pF+4Qea&b^qG#bz&Y{65AV)=!kB5szst9e|HUrGLF5>U#BV``hJTlO?MwB#Vdz zUn`W`3<_}q8jejttXcrpxc38?5UCl=*>R{`x5N11Apyj6l-QvA=v--Z?yd0#{#Jni z_rjG)*~oA%Udg~^Db+|q-n2<%DH(OyE2EjkYA~uHUXYHy!lP+zB7`k&5>CxWI`AXs+1P1 z(%Qm3xH~zbRZvCU^aL-y}bugUkU>eno&{U3=k>5mYk`6 zGEpN)3-gJEW{eFsG*vm2D+`EW1yaQ|$!_3C+|tXMlB*$5hLY{1VT5weNzlBq&xXwfMq?u{jQwvE?XG%SCyx@MVW25bR-L4F`-HJN!#(|vcv4d{ z@Nyd1L$w+307V4Q{AXmUX(d^KBKkDh+=2+k;tHOl5~)1;!|xq#_5*tD)`rPX2Tow6 zF?9*=zFu`F0sMk4xn5KTT!YyhPVoaXC+M&%;a!7UEzpww>tOL){Lu;wT)fMMTMtGF zpKeDRHJpb5Mi}lViYu#fw{=g!rNk8k8pA<<9tThywJ$JomLbAm%!z?WG$yWHuJbi~ zeT$3)ac4>-UgS8_6#*v;d72jKEvQgCc!~2zQ?r`8+gIonWpf{oOeqA@U87#GM0~*# zky=0rX_}sM8IJ!2%41__;_L-W`97=dr{oILC%!_{PQ3kr?@P|2E!eocabhh`>Z!G&hCl}R^PmeK=(gsU{|R(0m06Uu;NVB> ziWmrH?g}^Y6XFR22o{y8*#Is>`UBrgT{&LSG=Ah|LTH`KTMp$6ZM9rN0S*kcxhkf4 zm1X7NAG{b24WJO3e|wvtj@|a3CF+>tPtZE%;(fqItw}x0f8>7O-5sOrw;!Y2z~!Hq zbzy`^@x!EGreEd#B>#r%P0g6@ZUAW>xH26;4b28*rZ94fa=oT?`}#QXpEbkVZ1L$26U7Iq3F?T0V{~xv)498oo3YT(E59ln1rw zL_~f;(J!=-?0zXLB7DsHiwx^*@>xUq2Pfsr_HW~6t;S4}y4tjAIvK+cz)XZ5Mse&l z+N+8;`>47gP^-`l2-&xR(?DqQ!fL4-(I-zzQonFhYza(?Iq30Y9a>!qubw=0Tva@4 z4oWuyIpWZVWiJg+5Y+?PPC=!r4Ov4~-`~howcNII{--cX8x9uXeYFW;uXKkeizj1c z9C>b3Kx)}bd?aEr!5^@t;D%oHWXQE0dA1TdXfkc~)kIbalI4N;y~D3^Jb65pG_Khi z9fr;#z2n`lsA&W|KU-3QH=gr!mcPY)S}Jj~aXKe)LBWQS)nS_iY3{2c|pAEnzPLqbI$AobzpvJ2rB3F0n6v-(Om z9#hEi=N+5Nv8!K#^bL&-ocK^dH1`hod0uId*R6fbo3CAN-P&8N<#p3B%uWU)snK$- zu5p%7914bN$GrE4rN7j(t!36Oaq_OhM|NLGTi66=^7lM6ufN_VG2*+16QB z;gUhcbUm&Q;vX>3it<-=^ia>eWlJ$XSHctwlLiAkG+5px_)$|-lL$7vN1qneE3Khn z8-*XAUyC#U;q?ZCQ)Vzn0&dqHx@Jq+k{#RKADL1h-FV|hJsc-^t_8K8Gvr7@kJiLl zR~UM-fz?7+LQp)4S0Z)9=+ diff --git a/cloudbuild/.prod.cert.pem.enc b/cloudbuild/.prod.cert.pem.enc index 65b5c70cde44ae3583e0df2affedab8b933e6b10..7b831a4c1988f8a6b780617b27a45f12c1c0e129 100644 GIT binary patch literal 1170 zcmV;D1a12YB>!qYmA_^A%(X3%sS3Csc~0LK|KCHNBP2ms%7 zb48CScB1JGdN5bx>ZUdkZ95Hd&zkC&&cTsQOj8||8Zsq)N21`9E68G4+PBGk(NOB8^R-1Icf zpP0dbuS=kY;po$GYK~H-Qb`E^3G2O+N9`-?iM~Hu!@h1*T}Xgh6kee)S?Yr3faPik zpB7FGy-=f6`(_pmD96gdOcl@pb&2Ng8K{$0h`PKNksaP5MP)DX73kdOb@CHO$Ay12%bH?}RqU(R2 z0NQSR`XlZS*h8uec>e@ec0?BBR z2-{vvoU!uFDI!zat}>KBK~U9oaZl*fO+Qe?4PdG(_zR*j%56Wy2Mo%2`$Ddib&jYh zMu443NDGU*HdL2oic?w_yzm{CHHUsTf7?*+4-U>7&geodihSuUVKVrG&pN3Lf(RSc zLo?XeZRe>rb=C;i? zEb43!c0>XA`SdW5A8}|_ghF|4a+RD=s$lam;nE4ezG4xxX&|DG3X>jUDiB_oThY;f z<3a5X^=I8ZF7413nISXNXj=Y%@i+`RO5W!FWegki1A6LyLZs2V8_^aKPL|?`#4SX#j2CesR!O*`!C zWU5jw@Q5=6sjD4gEp7M0uS?0Rd%n<@7Y4#rs(I84nWvWbEzRZje1xmOSPhrJ`+zi?lCv-eubtzEVaCSb#m;jI2-fu>(c z`an-@0-y_K{AZn@0a52wVMyTHc6;)Qc2vgOpk;O*{3?GtU>m7?n0B~X-Few7#3E%~ kl{Z1gcZ2^Mwp%?hQhFKkjn#xW-zb>IfKg6CM<@Nr9Jbs+RsaA1 literal 1170 zcmV;D1a12YB>Ru<9~hGKHT`915z3B#WAaymb0?VJq)Y-D48Vqkh(xTS)0PkvG)F|mqaS6+jMCP# znHpfGaNh#VKk~rc2;J8oWgc9@iVRUd zHQ7P`uLH-p()xum#_tPkZbP4YFJVuuTK=7D7o9O;`V~b4E@H~sjQk~9p$U!$b!5?9 zJNsWI1&uq?1VMJl;{2(n%~y@xkHM&Krm z)oX=`xij_c6NV}}Of>cAdQs$m2O35I5|e5B`}YqvDAa0kORzSC{Fwr3WWuJO!8biI zri79^_GD%5ui8?kxhi|%qf%vR+ogO%zHakIz-nWG>^N6|K;9t?yD}Cd7K34CFhmLw z{4Mh!;F}1jq4Q=mK97Il!Czt|d*9ha1g~R+C&*Jb6~wXu>~Y z|C{ZO_>pIr{TJwXJ8}MUSnS;$iBX#g_QRx#G_jS-h!PweFz|*Wn!3N``MuF^y71Yr z+k}N3-s_#e8!4>bFj_RUSh+!ojGkzQH@~^$yZmBuPn;fyjey5k4%C_b<{v+z8y6b(jftx$y0OrA11}&V&Ct1| zK?C|Ei?lZ(L}@$}7LCbW{odX_fm(~;xPuO0jU~DqRPZVeZ&l?w2oXxw>bQW=V)b{g zB&#H1iWz89Gu;oRQ{a4oHTr6$Ic{m7^^2QV&x9q5-`>5HxCwKlU?r=-6K6;CK-Izi zkh4eliM&z6mM`Di_lYB*F1s-!aHjMNfNb6}-ikd}GMeK&HkB_(@rlBH)WfV$cZR1-EO5{Igbc!NT9ogW$6wrz^M^4a!{H+5+d>MyQt9 z$Z3+1p>#4<(1zS>#AO>CMM99b#B9dG7e(Q45LOa!{o#)xjL@}NPoR++u&1CLuwZ(8 ze`H6k&X$N(be}_q%P@HN@zGp!?3b)3x7#dPS^7IHK=gNLgq%jHVK#CYJA=meOFt^6!ehpCt9jN@I z+3{gKcC*WrG_F90vg*^{k0e6F|pY^;t3yJ3)Xh4-hdQ9US+3Pg)X ztgM1nqgpia`)7DpC5>YuNIJjOi)1+hvtLT!P>}xKyQke|!$9=S-ewg5{uQG)m!5IS zBx0v|$LW+8l$zOafMjn8zJC(dNhWFdFqJ6oyqzaM1$2G zo0M7Mcue!dLowgLL?qMOMNrh%T9PBM2CANc?Y_-K9*{rbXzQLb%^RqH1)YIWF|1Ff zDcs`Hx*a+dbZJvhKVkky-TmtnkX2_mfpZ@y>Bg=80|>@ORLo>l=>zY>g#fKV>jfOi zh6AT)qU45kR!@_kj$~Yu%??W)%p=W=dM`z#k__R?tX$S)D#wG@1Wgj=6)}z&PHZQc ztP4ve^GTxGnMHrZ%NFs+k!ag9`uiO)`0gH<2dW$MD}8<@AEVxfK!>HG@4|nr5?fg$ zAcI8_A9B-e^_Qt2D_bR~Jtc2Z*c#2oXFY07Wlra5Ohc;of25w!QIMH11yZmnkH z)kRA-Y@yNx*@=l6&>J?wfM(+SgHOYK9 zGF;*_7KPjgqh1?j1j;g{P7#mD%B?BNXYY%ZoL!4n$w_AV#kOj|x;p56LpbktLSCx+ zu1H{MdUwVFL!4ktS@ZsxGFuse>FwG;8N{xc5>0Jg8+4^AaQV7d ztyjdl3wC?rXKodgsml&PDYH3CJr)@7;YEiT4B6Q^QqJhl-_;Zmxhpvt+^}@0 zq+|UH*o;nT5EL|`iSK?Y>AZX#4wgus2@)&cJyRNeVJ~8eoJ0zVu@v)F8mU>4FKPC zb464Y09e@`pvZ9;AKQQl6iC^M$L$)=3$0vi8i&Eb?`7*@C1SqPP1-=cd(9DX&SFwlT#-O%$YW9R5hcVNV)-)E$zJ)jY zH#sB$66C4L-;){e48l7M$ng8lVN;WMo1%F}r-()}(XA@jD`;*Cr`fl&X}2Bw9a%FT za5R$yi{~HpDtFfucz?mAbW}E2poRMYI@|I|-l<&ZEfer>9~E!IPg)eHd#2q0?7`DT zZEX4+lU1I$vXz17xzIb9ru|I{iN0rlZ067Qr$6{Lk(Y^jjxKavX&s3yEHSv!2s>pZX?5&~=f!z=8q<8Ha*FZ=Y7C^)DF;eov`q(5kJNX*Co~SUD$lawZDN4#)uxM-v)_L9^VtKW971+VQ^(dR53jbCCv%WA3I0$PqxG+2Lu6wfXwvVAz=;nV z9MGjAF&*Yfsk-^~tG8clkFTS2E=@X}gIXY5=dy9Q@8`Uj-q&@y524Z!64B*%3d@kP zi2v@;2gQY3YLlVxnC<#9U{T-0`$U}>yZ~fz=HL;*NuyzsiSr+}l z#jZK5)t{F1m)u(Hi4*Plwi0RD^8}K!ag5W6wx}KmiK6EiHHw2hc}A+9TohUZ?ODzO zXuBG2Gy&pGQ(O+1HbC8rm1H|Y>V zj(e665!}Jb&mx?@K&Bns-~Cl8ES*X)j(8gVv{mZgE zR~Q_p_i3vSFrYWWQBORzVW!dYMOR!KyeqHYjQIj#vZeopR*|8sWXikG(HvRp28<-G E^E+O7t^fc4 literal 0 HcmV?d00001 diff --git a/cloudbuild/.prod.db-server-ca.pem.enc b/cloudbuild/.prod.db-server-ca.pem.enc new file mode 100644 index 0000000000000000000000000000000000000000..75e5d44ca72edff4241d7cc85fcf7add7d629270 GIT binary patch literal 1356 zcmV-S1+)4JB>4FQZ$gBC2k8B`aaZ{*rEvH75Slv=#7Eh!6Yy__<+QQkzo6qDBMf*TIDFMYD7sQ@e>!KGTw8HF0V@gZuU;mWreIw+HQMch{Pmv z0Mjew$Fouy`kF2c6DKXCZ|sRe05Gs$mTBr5u4 zutt0ztAo(y4tsYpdKdEhBy=dVJw7+B%wh4I)SsjxkvC-$!&91c{wmK)y=X*`AOp_{ z4^&$g41v;0TPoiu9tyOQ!WErA58hzcugvK zFzv6n$mkQH)Fh1+Ns5A;qORya76FCN&)2CdoTI4z*uJc`v+^YE38;tXt%d{@mE*;U z;?Uh-|7jA&h&oDyc6MnD(z~W4$bcAX(%~Jed{^6*3ON>_eq?mkG=#3lh@O5sW5DBs z`LL=4W_xS8e^cCdT1W|NFJ&9H2|lwMOhb~32z#ju4nSs%5E6LF1qF-}UX;Sn6@ju0 zgqhm;)(#>Q!(=&spcp6w-F{h_KL_IwSe-7%4YOB1BbQK~n`AUy8Eq|xx-U>ufg8&W zi{sVo6Mc?P%J-*zlZg-L8Dn6dWOz=*XstyY?oD7_v@NoKon>KWdN}1I?qqg^LE_`T zjw-!m2N^m9xr2fVFj9I63!8wYl{XY8`PPr&&zyGqpob3^jHa@|H=wDz;f z?KynATwJ;D4z2AAHn|=_rr%Am%0l!I?D+>}PqNI9f@Yn~3=?etU|M zwUk@v4BA58`Bbg#E+Ed{?5QPVihO0`Tr4k2!Z_-*xYd3u+n$Z+8MHZDZhp z$#y+_wg+G1+*$ZOrJAi1g!f)`5C2VqfmhYXE1j2H+;e6mSZw$M0wHUVoycQz&{fLn OGE7W)$V`8z{(u!CLYlw; literal 0 HcmV?d00001 diff --git a/cloudbuild/.prod.env.enc b/cloudbuild/.prod.env.enc index 571523f299647bc5efbfc1d179a4e88581b84f07..ae03575f4a8be62a1d69d77cb4edb69573e53b18 100644 GIT binary patch literal 2898 zcmV-Y3$64DB>zSlS^7(;eO zWAm3RK}v=0fU!HRYbAZK66>;*q}SJjNYo(|Tci~U4xSZRJxQ+t^725cM&jm2XVtRQ zze1#F@q&mFm|C&guW@6ug~F91+Hya0+i;m%KJGZh$rjHk z;uBX^OKV9x{(=+iCyM0)ndD^Md&@F9ITQZ>nZzEG_M~Io zz~d7aNIM?yz&781%CJ-xS*#Qrk;zVI-Fek&`{`*4u@=pg%d&<+b7Fi{oI|5%51Fg5TxWJH_-ct)++rS8jobrING^Fm%xp? zl|765h~&zMrsxe^ZnFGrcgpUni;Rf%FmB$GYZ|=r)im8NjkQrEELUh5F%2_szXk~< zQp0Pm;8li}{Ij{$m36yns9}!#VdUMp#Y-QcQ&FdK;1OgfB-kp{rJA%Tti>v1@y;G+8PV7KZ>jK$hl#P zv=8`?E)4X@KNhVcJFw`LNfxWgl{QdovaF2{VWA`D2IRS!k$LT0Wztcid#vBt3J;E_^G~x6}RtbaX zaHrheO!M>DxbVd)_OvMEe4pI#%$lnd#?%xJm&XgV7He=79P)o{cbZ;R=pGeS!065rnQc8)=9zqSEMLjuSj|G-c2LcKq}4i zo(b!k)isk34y?tJiousGS;zN(;#u9;|K#R!)2q>v+ZYW&@pW+ZW%$JgOH$2McC~F~ zR~@<3a0|5z4uT(c)cT1stWFt$T#bM!Y%{CsF%97n=w8IxCZJ1*(|f@@VA!MlqTFS> zZn|ZKqmN%a^#x#M424ojK9e$?kMjlq6u|3k=Mi#RoTd7|h|0RxcZL_n)dK9RNQ7Oq1?F&S*gnMeE^U!eRty(uLeR z*todd*%6m3*aA=lopwj*x972PKJtwZNq&U>3CN66I=#xOEkxd+ zz2~scbhb#97)@r^2kECveK>v70Q=GWG;BRIY4Pw3q2FN#w!RCQL3K~07M0j7mpn@w z;IA?q@tHJ`bfcznwh9(MFHuWqsL|)PD@g!4{c7ULI+GqTiT^*+N96G?HpQD5#ku-4 z!0mck?w*77i^9?(T=|1DLiTvbBY*3$7ABt0pz8t~4VMtq@QAxc@~=os+*1qiWgP)d z7hFE=$j8-(Tth?{$KT}L&w^kbKL^e18*?@7)G@Hra0%$vp2f-dA`J=cb&k^59U4k5 zj;Q;t1Up;8Z$-AQwlWX}(%a3rjmKzjUy}$D&fK}wujT$?(@K3@vW9Vd@GGcX#IVF7 z+X%ofh?i_gXQZ2cJP{MN)`NbCl6q#>rbBrp?1|gSNg9RCV%R^($T>mr%{002GaKT< zEe&H1AwYC2JeEO|qkEw8np}d=hs+5S2R=upl8QS)#&1ZdRI7s4%L;>En)?|GTtyJ) zK#fki17Xs66yQ5y3ZrC!+JK3)pqvz@gW3}&x)>4pC8oOZ@&4oW7RIR)=snw1ldCpf!_H%AJFQCN@Wq zCo*C6t&s}i(CDobURDiYJT-z|lnZEa09~dzc1G@3eoA#fgDtVwb8Bk|Es$>Thd#kgc$n}nlb;)+UgDI ziVwr#92OV&$h$?J>xlZ_uB51ZKJ?Dtp+TA>xo8|d${z<_&2{)ZUZn)5oX-h!MRyGw*3ZiEB( zOlMw=b(50^^3J?~mrXHOk+#(UTXhlIup@dGkDIrFsO=wNTgupH*{hv>3C|jDTr>;GD%ws>8upTk?=M6SZk&MD9M%IVoXQe=wn>e7})qrL5JiKh(=k}gp!f(*YBqCC|rp9lp}C zpw0I-K?N>@?nxP7_=H>_i?AP;jskFTP?`t4C)a2`$r1PGfPOTI%w)YVS1%6ia<1-tRha{A9`PIA<7LB5{mI2@5>O z{;$)n`Ca$a4sx2pPR#Gq_RKEXE2kD}0V}C1BU(10!Z^aYf+qeB362m5sP|9s-{M{O zs*V2Z0}`OZ@HG#iaWW>Q0vbZMlI7<3Dai8G!8rmgRR@h0Gj4Tid3G9fiy)|XJj`21 w#D#fI8}Z-c1l`li_4D0n@)A7`ldL(3@I?UX!LwsQT#?4ZzI-EpvoCePlccYFt|6*z~>{`Os{N|kn}GOo0cu)!@=~kS6TFHug?^_;GvmRw^vwZYhJOS?FltS z*-keM&w)Ue=OI#V2CzapvujthSIqg>pW#C&Cu0{m>hpYQfx;KP=c1Z;QL%Am#yz4< zKo5pTcSIJO#pRB8f!i#xlA|D4!KXZB)@06Oo8(_@3dduKJz-v&F=7>TLD9d^IVF80 z=r2xEoUNCqM(~SqGIr66a@prSfovROrxiyELv~eh=v%6-To_E9|lzvNV)QQ)_ zR4I54Cr7A&^-S`GDp76Qw^Y%aC`U$Ho;llfdLW1aMX>fZoO3$Yzf7ze27(1G8)Opz zA>Q+i;-z5QZ65fnjoi~j%uM1rMUkR>PY!7g#)6AgnsWjOi%;TB+;v_T0 zcQKZR>*B?y6}LS3cWbw?k3AQxB(JcN5L6`szMwSQy`-N?6lp}qzVWnYDi;9svuLXu zX-mMZ0Q>yQHk9G9l|*Rz!z(tPyR#^==AjENsG=HL0Ni+=~t{fJ>bzb z_B+p<&;%u_{T5Oa84&Y`41)gy5i)8TTT*~^Y*d!uO?4G@;E}21_pPp@VOol528#Gj)B+z#f(J;;&m2FMoONfUP zQ}*svA$}Ci99frWruyjAT9)1X?%q8F+UhtEu5!LutM>u%tmwj%q|~EDwL!`cSf$1! zFN?||+^q#{HD!N_%x-nTQ~yc$ows(UWCGWR$`POMU2{r?_Z74vg)usGz1Mq?muxPI zH3Da=1Y@uhR1I+gM0-m6+f3^7{tZFqtTbBwQG$D@>jJ9shKtVr`^uc!d$dg zv5vWxGO(w>Nl2ZJ@e4ToISXQG>X8$MwynQ0bK}cZ zNIuWd!xW)SsjZW{z-rx2!U>a@aIzI5km^B7Ea5UFF1A#EtgXsd*t=axW-j1w!08S~ zU`?l5JcFAyAgbkvumdX^jo8-+;n$qT z1t`%nf)`#8>z@SvE<$MAc+~Paz*GF^ChV8z7N6_nvOilhZ35j0s8}gp92C*vSwWFj z2x<)uFcH`QuPT_}H;>U@JSKJm7WUpMp#d#j4d`vTeU$L+gxK;<=D3_A6x%v(!l5u1 zXSC`H6RW^O$DwiiH+|&s3jv!Zv;#U09HZ6II1KQK`EbShDh&$T2((>+(a}ohT{p&M zve%-w-zHa_dF@9(L-q}GkNNm*X?Nj>6hQHbAR3_VjLX8r_Sib}(fDTMv5baCi`<6f z<&(vamJc}K8NpAaGqGm@zQHGc-G#n{DnRfe_nnQ|M+y>1%ViJ>L0Mb<%I2_{SQxe9 zPDFL8G8+RA!e3Qd@iCy!1USn~9#akbKSOqk`h1&BT9=pH8@~@>S+(Awjp4+}Z^8WT z#!k3x22e-Inb_knC?r;53js1^Mtj?r@}&goAucs@j|SrNs>D}JX6 z*mu1={kEtnJdxpteOr7x8OIbVYJ5IUL<~+$Ns3KUtmg_0N=Nrs>Q1%$cnp)v8N_T2?kxH5G*GlJ+%!kM?P&Y~z z-`X#k{YIWcVbJbl^%tQ3nL7X(mh>KjSY($A&2j8(seC|0lF5v)JoZc*+k1}J zM~2d|7o{b$)QqoV9WCZt*8}g#Qi;av<_jMJZsh!0yi&fNjdL7EqUACC{F_z$^N-?M zQbPXdG7bp2^MDnYV~gQ|{eM`lQ)|9RoHI#?tL|iaj5d;msmcHO_RoWJ4!}WtOWG^9 zEb!f!h#Owzf!4+JNx83!Zo?TG-<;#LIde-_Ur^ zRkzjnkDdJH))>5nS6CH7J65Lf0Gbfy56MFD!(=OJe4Us(OP{VXx2HyR_Ud^1P}-rr z&E~T54~3WC&k~IjAtqKsp*s{S_j_HwpECPOFE^nfViEtAQ;>_IKIBz8?G;YuwmEKQ zOS`QQX|ko}8sg$}{uGaTn}uW@O~~;0p$U0zRBbCYuj)J+;7YU*y(8eC8mb)5`sx;2 zm6Ndn6`k)T_h}p-ZwB>5@W??>6@%iSkHo+Ua9>%QB5xy+Tg=#>P)C{keEsi3e2`lf z&Dwh!Nl;TAi=-eDl&Ii5!W@k)FsT_v)ZgC1Edl_?oB$OmDoGqICQy$P@Ui=A0#>bi zVV8Vsr7}%zl%}qaQ-ALoW?If@v}91z^m3I4F2lH#oofw{u~i0w9;aQOdsE&R6WVz6 zU8LkMIeE=+IV~&XO<8sK*Kos3qs;mxnVB2<92GWhL-!l$R;}w|xMs>s;raCQ^b2cR zhDZ`mCV=@yJY)h782lC$T<$^GnImhI1tr`JFU&uqMjBXBaT4su8GZ||jVfvwSwI~Z!DWvk9Id~@j8Y!0~`dU7p0LRq0ny;GLG%_nlaqgmmP32WH w6I_(Z*`8owWK+hKboe*sFvnsRGkNvZcxkRF=!@I6m=lf(B5>fQuJh|?EnA( diff --git a/cloudbuild/.prod.gcloud.json.enc b/cloudbuild/.prod.gcloud.json.enc index 86f0a3b2cc6843ef3d0f820e6d89ac186d47a441..dafe1a5a0ab1cab8d4d0d0341f191a3e485be10c 100644 GIT binary patch literal 2399 zcmV-l383~0B><}n?wH&#^M8n{><@)K%LOc)mF^}>}nFV5&++H zb49?(Nq>yGW0-;l$ zP&_&MHHo{!3-ffrP%{F*{@(%${upt+b(g1>xT_SpjU2hO(&dq)b_NwkfIm%YtBtIV z8n)P;Y(m|>%1=AySco5PB-fQR2u2ALsyf93MW~@J?A{s87c<6HF6~s<2SVJHN!Wf4 zi2U0Z+Z3vZS}kR*Nc++d)a|hmcFkwaa8syy@91=skGC(62n+Q^Un^^7Y^AN<^XOTk zfC(sYP9K@syhnzZ;sAm^!du1ed`y-RWLu%OHx7m9xshX5V=8-z=5Tp@BDYb_{g6smEZsar;kHT$KTtumP#mfxKCTTtj`!?_)}>p zMS`-qxBxY!eI@S;4XC`?l;ri<3@daxM^3{29@qdZFX;d3?>*g1n61DhyEZ19Mr;8V zqkLKGH`m-8iTyt5^Ds;dG6W`ZtK$ZLBl}r=C3mZlSVX(LK18VkCbsh9_n7x8irfTOwQ$}%OU6!ajtWBRTaUh_tIy5t>w zLh%7N)Nkxiy!|>F;^ph{?SUCB==@>FTKXRq_rS^F zLzLfn&io^5)BJRidvp1W^L+Dft)%r9Y2r5Daa*UGDbZ=rdWQazUP-V|@Pxb+CZh)z zPFuUgLP?}fRc~t`J;J11H7{|?W?3_z1p=PB%;*nJ;u$FtA)jcvu$E?B0#Pr4dKUqV zG1fLGDlKZEA^lm&t*8~U|8t<8jsY{g+}*kkdk-N!N}MwT`#_K8b&5bPh)0Fde~84D z+fbWg>H|r<*2G!_1^Gv z*wV-o|M1gx6J3_PP#Iv1CX#24R5$f9!r6}od$isn)~fWs9Jj?XmqI|QCtkF9FsgI0 zKGxcs54{AJo-8f}9j|!8u4(mtp1rHJe7ACl((#GVOps7wnXcM0IlG9qEEM1UQ174> z%%_5-;Dzb`hwGzkYiVptNinsFjv1(}`AV|hYuXQ3EU@W^lAZtx0+7kNVE-6nPx2fc=N27ao5;;wc!DP7iH5%AX?l!-upxaqWkW5#$4@YgBRLl=wRjk zs}74TB}0KI_B|P*vJI<``ae!L={z;8qZ0TEF2G)cd^j(;EEm9}i&hxl^)<3cz__zd zHzfj!QLhJyHbglF+yHQ(v5&~@kvr+7J?zBH+0X`}_b}htKH2Rz-1N$Qa%SrIHJ7#C zdU%IoPopm>mf|seK08#19q=&N6_0@bL!1||Bi-L)BGr9xRf+Fy>NRN3<@6x zSAYd#2!LXN+qE~sS)c(oSKGfwy_pgjS_}PAb zXnv+L{h_`avT)!oS#!nV7@&o}cNJO6O#fDKnrlcn9 z1=Z$fG8!BiO38+AyBe1Y^zNK5?s|m|AE02hxLRy`i(n)ZjYqOC;=$r{n|d_vvb_C7 R%nk0_dQ3!U?|fy5sW@#jsP_N> literal 2399 zcmV-l383~0B>ZZzJsqNhB13lT%hL=_hk~nTbmQtf8Suct_})pD)eVXLDrhlRwuzUBqp`b<%A@J= zqIk}*`h+5<777|B9$SL;61vq4+wTA7MujqOlkP{exYjsHQJ*}hI9gJ-pTN34k^R0` zC!la_f;^vwiNc!Y8s~{)aM1eHV#+<3RexpqKHz1_R6T+MV+p?1nasR$DH`^E^@aYUN;+7CYaQUMRiJlba)I&H|jPP{8LM_*BSWO=>i*q?BHUNn3htDgHUd zpQejh@{({J5t&jW%Ox)r#bsV9#Nu1a8dl_($K`Z!c#h{%N|Ya&*(F}~Ax>Yl7Fz?zx$IjMBAP!j zJ@>YvMm)o3@acX|kZ@c)T3a1tr}n~n)sPa?bk$JImCT-9=Lq|ahfn33bbUh6&s)gq zOWfA2h6;UT6RCdq<F(F*kO(jkb;|o;{7IU1 z`=5Xj$YwsIESwt`hyxbOoo5A(2K2DMm*saCcuvoTVh{TX2{txr2FzobNcjZ?leOId zBk@F4Ai#qM@6YI6+|KMvUC7t;9aB<;_`3gkWbAs%k?d9p_Qf`~L)YG<*cpJ&f~^l~ z6NGsFqj0hPC*$=ID(iIf8;aEp!%w4d+Ng1a!!n>x5Xf^+EK#uzP&JL1XSp z9S3N@L18hhb#;lA>Y9Y<5u?CBMoKAWQ3-)0@zu(JxwQ?_OIlP&2w~bRrH7Vk zLIz9p=I{Fbeyhz|6~||2u}85kiP+ z89M8b2lAZzRl;*o9nRgM)gQ2ZlVeQUHyFbj>sLy;>G&Kr8gz(E(khY&bw$Xjn2>*~ zef<#Z=eqi={oU0ZTu6zfd-m`m9$NMC`Z>@S08W@GTdq?e#>Ow|{-2UY`XFHy+ zX*kT6_7Z6V#}_SWaQbbFo_8Hr*s{~k&B?E37C-Jm^7T}D+6ZKA;bT==Sy!la2bYAD zs_=UHJ3``Ft85HVSnlF`HsV#n&IPsRc4hZ(cHK}eGq*!^_q6eNs9>viX?X|T!L=sj7 z%EgpZf)Bm#W=4xx3L=r6sFMUVg^aa&NI~B}h)WX_tl>N=Wi2IYOld2)6U{ba(>mCU`INbrsb%+@(zZ_zH_bfo9zL^E)U7rQ+^``eB)s-Yt<(lL>rJY6O}}QhD_U_4;3lUQy#>^Nw-~;8CIAVgc?ZQ8|7^f| z(%W+wnSJcKl4G~dd#qKRSHNnnBNIsG(BS}hl*T^{>>4USJ=Q@RoG26qgj6-ZKnGFk zPRV-vYn}7By5_O`+V&Q<2r8mNU%fs#z6%2}#bVuY#hS&%*ywzB%R)w*;8qwO3Q=dRDsPJM^E z5mTX)HXE4P4noCf9-Y>_L2%W!ebBv7wGNU6n)3}L4$PzEgO*pM>pIV=fBFZ!<)Q0h zv#T-u0AqwUNVX=tlb^Y8z+H6jeV#XatCJdExB#?MXO`5L=(Sy-6Ug4;u4lFj2xJUU z_a*qHC8iDwQZvG}&G8Q(@2cwV5wIZEVsg@Ltvt^P2i;4*=7jlyUCx`E^3t|fK0qHV z%ZFOC>FU%=I`^Q|Nx%yjvW-E{^n0*mWrsEs#Og!*>=1pcDSz2sPrNmbE9j=dc4~ee z+x|97lGQ;|As0bO+R*j6eoZP{1YYEl7!fJn~2M-9GZy7wn!5#e}BSIDlfgc}MRH-4}>( z5IwlEVIryLEs;k?St5h`lLBK=+JCe?Gj2$jP>xRi-d$J_^+b(tr6GQ%3_grSs-fID zuPu0(&6#BtzftJn*tVzL-yaY!)vA6qawO_fh49F^U-I~4M7mDbKz16|n&L?Z$BJcl zpVAu0ra_&D5%82@l}N{#T?EAY!laXYnV>#-yTUe;pfuz%Dvk|~kp_Y2x}aLI^2otc R%i!0I*|`vgGUl{)BmieawYmTR diff --git a/cloudbuild/.staging.cacert.key.enc b/cloudbuild/.staging.cacert.key.enc index 4fa8ac2a0e233145da73ae9b45f03998de1a987f..bb134948ef96e9b3b379eb1b0166e93379e9dc86 100644 GIT binary patch literal 1787 zcmVo9pGPnnJ!lu%D0sJWtGVU|1KoZgo0O*)K z@NaqZG>aYNHQlJ$d~D)+t%QJ!E5Z1?p|9#neh4S@1K?JbzrUmCQ%v3wR%_%sQWC*r zLB@QW{0qU2?pVtb zGkIQ<$d|mZ$r#Md&rn(~ScAR~#G92?x@yukk@cHe8~zw=MJnooj$;A6*K9+leop&A z#3(1jR`_^MKMuXB3$1kP-FuHFMO;jz?xKOxfUwU_Iucs&u%+`3aKC^&;|*d7NH6{m zno)pd5pts7?1h#WR0hlg+l12@pw0}*r#0!#2l2e#GL9IyxWqQEBf#}r*`*}o>Hhx@ z@Q}ETCZ9D5Tw27J^l)@&u2Oj0UONNg(+h5#&a>C5Uwyn$G`7=5d~xp&6HLqg#@w1p zb#WtCF}ovLMv0T6Se+xx5Ti(~CX{xVT!Nw?w)YEixZRg$ndwEC@P*2qcuS@uso2Mc zkimwWg$W$k^NmD|UJ3m#SE-#fKQehP@)Iff{FgZ&Y=#!&b0EDr5034coZ7;~LHTH7 z0dEyXSbj5;<0(>)K`l5;li$E~BQiS*e5l5x ziea{_>hFPM zDYcUt)t%)dM#lF4{(GdIC^BbX z&&xeAK{VoQN&Tl~_NgNFOWr@Kg4j&pcl2FnCa3X}ZW3mF`Wz(BCb`QqqK8{z$VNPl z>p<YvVTsk_z%#Cp-3O!h|+_QxhB(m+ZOTQ8?vwTJz z0A`Yll~@6#^5}EiEYEwgNB@fe8r(aLo7Dq|G4mu~8hiQD}PV^eQcn^jsfST7Dc zMEoz9Df2BqpQw>ayxE&MVL5P)ZPyL}IQ%_MSI%n?veqC9t%=*L*OH>FPU zj2KLv8dR>(v|uGAk@P=xWB)V4hw~!={_sKA13aGv!```*9xp$=ttqMi>XM7bIT=~h zAw0q_O%)Z(jYJ%#%{ENZ?3lsC&XXTOhJ%_q3Vy5}U>>ei5Fu<@;%KIWZIjwmfD;C_ zEp3}i>;c1DPX$hOXl9`;sSCE-fKebr3>86^Gdht*DH=FnF`9~d{`rqBmza94wfM6(-j?DvsUZk*%p*JLQnH` z^WbfCfYT71K4U`QjC(Se1a*DbfMJkSD1h_<{!HE{m@=ABgwtaR^Jks8Ct5A4bbq|O z1hp|%1v4Dn_SpN#&mP|%X<2ETzw(}O6Cb$)RVqB{=&BLKB;czncu>#vq zvsjl$bLLUz)u|x(=_82MIW~aRKli-+OV9VNKfe(+w3Dj`(rSpB;t2a~(gRC&=jWde z=6Gr`L2I*AwG8_AD=Om%B)jB$3{w3xatZ$=XvKgXxpY+W+ zhk7|K9Wi@~9wVNwD%vDf)$p&u6VY2P<|WxkIPu5ef^{;py>ddoekEd|_;v>|Wy~yT zqySP}0%GV8Pa6Ir)<%re?$=sQEq3b2PD7n+^T|@GQ;Hb5EjI9A+dt`|gyO$mN0^zN zfs5edH)E=D7W4mh&Bfzz)a7@3cJJMHeejP3#Ne|ehAk;EZZG5L8;SU`CfkZ>z)mf6 zP~l!t<+=$(f|j+M^hWrh3b)u>_<3L|cf2?a{X_hf`k`_1zF@@z^B;@5CchWANpJ6M z-h6hRf6n#qheZC-RlsgE|8n20v~JVf$JP3f+Wiu~k9+vM zU<%NFl7OD5WG9m!uUHl&Z{n-2N+Cg)2rPt!4L#o4XJ(;YGh_p{yHI+k1DFC3wV^he zj&}-w0b^(jPRsbMUeV^Dl9+uwP-?gVFUTaGa^&PmD{#`mM4NVmTlG0p&*OrgSdUo4 d_TE7Ft1|-Mt_2?S&NT}eed!bIIyu8u6D|YDeZ&9& literal 1787 zcmV@JVM)glZ$zYdD`V!I&0O*)K z@YxG4>HD#|gE+hYmDGf|%QvO$bKyz71AwqGs_^O0?|(}zy+FVL`&v;*WF^a#X40zR zRNFfCR6_$KggTct_0D=Lp@@DcNp`)mo1;WVu(LjSXr(yHkXn4MVDv+AlAWm%ciMfq1b0BXD&o|OIxiI@c=pAqPfrpcs3Pys>#H?Pz&Ct*TCoFI12z_(q%~ zx=VWB(o7gx<|S=#-ObxZo6t55ayhOpkG-%FzuDm(g00IDS5XX*pY!D)jigpQGX3Ia zop!{!(sd_rS>c$#&=sIC+xo9j--9x$EHyu3SQ&%ar;6alu|lOm8Cnqsdey)Jr9>cI z50bWt#W3k_+#Ce|oon>`<>{>s7)i^nbP22+bA4Rt7c{5{iwP8i%64c5k_!qNMxua} ztAr+QMh|Nv3%_b&_I{QaQ#e^y%!PwSWQ@%exYpOEse)PwVlrz0l)# zw__u_AO$uj1jl}flI)_P=WWtp`EFA5h6D194V3r5r_>j)8s9m%v`2Z|hOSH+ zV{Je}q$}83zs67r$&0)qJ?jEGqf4Cys0gnoaxEYIBltB#_y2J~En3drwMgF*V-z|5 z=g7zmIE~I@baHoP$ioOM>`xqG@?re4AS2+}^om41H*`r9HJ2!Xnq$$*s1^ zjO|LuHYTLks!B$Cd;P99x|u129N`(pBjhYf+~*+0!K4H3`EX`xByx+b|3g0mz|E%P z3(H&kiP$E`P1E5`&d6Q+iUevTpI<~gCc*ll+a)*zOZdp77I}SkpnIvicuod23HP0| zMMgW&Gm1C5KyUWv$@0J4Go7xZ9%fD&)bkybC3+|$Ba!gyIpOw2^1`6SLVor8*qU4| zNeU8zBH;{*rquReJrD$-SeloV%*YmJ^JrScT%dGj?#GGH4E{uOzwMD6TSf;lic*Mi ztC$};Aq8SlLMN$>D6CQ-1TM$*Z+qY3VMY*?->fFh<_B#e)|eNps^0_LXItp?ZcH{S zlI1DjLJcWS9`)jBSS&&)=p}JH_p_j&MU=?p2F$;<0N9xgjR^yS$rUxGU2Re9OEmpE zY`MUy=ey2%fq3Hr<9_?u{mM}ukPb; z&2;W)wvE-F!npV{5Y%V?URhD@8FGzQp5??&ZDO)-Ryi`g=wLdUPJf8xFs*In4vpxk dZ$-&N3#3)}FXKNCA{pGhfcy&Cnk>H3vk@MteboQ} diff --git a/cloudbuild/.staging.cacert.pem.enc b/cloudbuild/.staging.cacert.pem.enc index 539f69b595227c1cbecbb72df3ccbb752fb48687..c09caff415931da5bc07aea8d96694bc5e386eda 100644 GIT binary patch literal 1771 zcmVEXd!YFf$8)91_9}0O*)K z@c)e+w6yU_$HBCkj*n1&d?-rdU?c@^ubqu*1ai}{kw`AJk35l5hTv5;rz`>>HCM6e z{(Y#+F2(Pl?ffbnvC0-t3yDKeE_?`86to$lzH!0J@`-}p^V>c+gU;n2OyP^DV0iB> ztNFM`7M{ptD8XTgucd8AF=4kVBXl%q4X86=h`{S{4mn=I?LCl+=2hkUg>8rQND3S; zi(_rBnb=HtG4%LQ((eTRI~NAXFRrfSbdYV_tY11nW{u_plTgf} z1HX@DU{mMOJC<<=K@=74r!uOn--pUnfEWrQjSDWM50Wmx;x(>Z>e9d)^i z0b}ptUIuV&RDlRJF1G$;x2|IB@4~6frRkb?+;0RF8;cpl4L=8kZ5RvhA}yO3YOp0e z-9XZndYESFSpz&@b6FbSagBrr&LhOFCwWKogcoeoEW(+uAVlsl&$4Jx@?UinIHgGJ zfiF=XVe^X3@mbds+j$_VUCWY4->Aw$dYR&2l$RhsKq4bJ>D^FO(CA?1DK=FKzZmc} z_o&6_i1GVNHLDszHFUV`em}zV9ne7{39@!j1Yiq+nz)T7AGnqByLjT=LEd&?Ew#vi zgNdPBjb>__gKniq+bS1(b+IQ?9^ex_`IpxU73}Tb>Q>z8dY@2iY_Gdctt{%-Y=U2- zPhK%ad|EL$>X8ClToH;ub7R5KFf$zY3&)(O0^=u!Qf*zf(>&WB4fSS3Y$ila?8q~#xgNqMv^J#KFg z71Y7bbdn7)HZJfEcNrUxSdkFUD;#R^|Spurw&Zs zUf+8kx{Y8Wi&0D&I=HkSvUhK{L()gqqEA-BtT7NB&*7>FpoDhmcNUHX_mt^wudis# zbhKjmao&C*6OTpSftj>zEp!dRvvfXFmmr5yrnl|>!5TZ$(AK96g4FpC4nZOKx0+1~| zsPSYU5@tQndWk1`gPe^?1fgCrCCBXunlgjMdY>7RI!zO5Oez*?4R9qclXCw%(2auP zdMAZFEZdno0gliLOni$l?|7A~lj+_?KB7^}EA=EB5Flh#GsLj)5>`^+8xZRZdo+cD zIry~@Z*@4AXW;R9=v9qAf8Z{a?V5+}ENs~>Zz;4ydfjowBhKtYMU7&Yks3?X#Az20 zf>}^patOx$?mzb{CA1R7kHi%>6va>S^Yl^T)KmG>&N>n)zO*pmu%W}?oM-2{-BsN8FKXC5ZPDrdFr zbL%0H6}IN;P7VwNTVlNA6m8VC!-*5SU7gu>bWI`9govuWI9%lNwCNQY(#)L{=U$GiV+DhSui3) z5S)F}cX6z>7A|J-xLweCd{Pk6@iDeLZzd(XGE@LQs^mx$-jkDi55cTc5_!K)R7UB^ z1`6jA16E?)e_`Vur8H1OXP+Fs9f&J-se(9rvGfAaRTden=mbNmw>2+%Fq>1^HZDX}7cSIQE2kYo+5`hNVb2Tt`^D|Le=`?Gu0 z13-ISDC>s6^ycj?B-ahMztgSn(hR*+dA`}^){sk^y4+DKAV&i%-P9pW2*_YJ$iILs zO@v|{_6QTZm^*hhXyGH0V=t!sUGtF{aOl{UmYIvSi5gz>5S$WCIKFv8llNKJ^=lK) zQ)jPWOgp%e8xgxG?+<^_@5xH!6>#IHh+7Uh8%DcBnQG?cI7jTnr^n4kugx+e&jC?z z2s!41jaH(gpV8F5=(3O{W*NQC25Kxb@9#~0f06i4>|85Qpi3*aJ!iwqdf!`M!{=5> zGOLZ?FnM?mn5)L6)dzEYm9dTkolXvD`ou(RAdtHF_zG7*J_3&aO$Si5?#ZRrXZ8iE z?}g~;=9{w~=tWIHkD*mG<28}JL$k;X40%k|-h70+teW}uBcxIWb`{%J3I*deN71~p z5L2iYioHdv;=TC|!f}lh$h{+qzl)g&6-I~>{Y%R_aTro*!R(`tR>`8nb%(9&fE&pS zP~#coD24#V0K;&xXM%4|dJxbZMO>mB+fsJ1y?+!cC*z{-n%Y1`)zE)dBy+a2;9(&k zmQu}{;ft9|Fz3f5hRlLx#;434X| zCb{E~o&ANF7(G!wu)`+#Y#3}Q$W9S)d#W+WIi=DhBSbzvzp_hy@(PJc6s-D%K1}C> z^aLNu>PgC4ieU+mGnPKeHa>#Sof>S&Mycrw)vgDNYI!<7hF|fvBK5w1pWhnC4i;+= zM1bp(1k$*}C$=H8`cOz1-uQuGzhl-iY(NIgOTcNc6mN9jh0Wywn>TK75Nwp$fPStM zL?}fmM8jyTC1?Tl8?CgS^M_g$I=?fXN<1iQq%2--N9Y@|eKAG3-yfLY3-ONI<1Prz@Y}+hWGY*ts0F)KZ4?I*b z!bZInFM)cvrs^T=+h=ogyf9YW+ zzr9SF`>SypnXHf}Fe@$LOU0k**E2(&k-f<>*Bb3((-ZqbN21)1twIioJPTjCQ0#Y1 zji~Z~R&h&|BJr+3CglKt&Q~OoSeVlo&#quJ5Jcb6>dJ}H`FO1a;(VL)$J(*YrnV-G zX?4QDg-<>siJG|HfhDC&05%G|`4$p3sV*Qb4@$bjaekW;X@y38S4kohF~egt(UeVX zL5tqk4?-4lh(8E_6>@?JjVD~t(bc8gBJ{=O+- zc=#B?Y!k|688#V9RoF_fH-CtwO3pZnT^0s*!*i2HV9 zzM)4mV8BMSZ+xg5J2wEin^eN!%6{St?GJ%r z9+EHWBDOUZ7-|$N)^z;PF?z_@=_@bRES_2I0@q$RNJciYhMcX&1i2oqK?3O3kJ9W} zTVcwg_#z}n^Q+poXbIl-ntTq1e<+_A0aG!WsxR6&jzV0eF%d!~8L()NdAi_4n3zLua596WCrLC3lF9as z{aZ>mMQVrADVWe1`-Sz&cGm!ct#c5OG5A&d5|K@{&*Vrif2=5mSQjhY8VS9ALy{RE z(!}^{Mk4D%@Pb3FwT|`v%?V5zDeslHo(v1o0do`_1Ag1-#<1ts319l~73X8md|~9E zE^&s>+`y;dWg?Oe5xJFQ2Q>^81km2A){vxCUxRQalPpxl#Jr|a*uK^#Nr<@J>~M(v zOG5ybx|)`_0)r1Xd!aHI>6iXnbnu*1ib%scz{UOJ?T$So0B?Y7>>7zE35v?!mY^oN z7ziWwsAVFHMn?iV@ZOepH;=OmH0J@r#8A7yHL08M6?I7EsJ21P{r!hC`z;mcE)y&% zzc(H3&X~L2* zX{K<-DP&KX<1@tX`YJK#j$?WWr^!TgoVBmIYmij_`a&2y@HaRuk?E;cU8~cRs_P5PfmaA`PxLvCU<>2gL z#Z)8X)@iq8t>iW!wB>CEH&r|P*1F|e*;$CTt$Iq@U0JJ!8N-cA`u|mEkD^TP;H?ia z<-b6eNR=WXb2cuZ0hl8@&JL_5ZE0vJWxkqKPmp}mzI!8yx#mkXb}6`(a^P+ZiE;o2 zk!8#DX-H^GKU@xQJ^(tvWwwCQY3;)J7oUf9WSvYHDj1OI)gRD72<}q<2)mTqkllAp z$PRH68eIRcl|6kmM#FxBD*t@NYKUlk^L#rF2X=TbRUENgm0g$UsFY73ai+3bv;*Mk z?=dT@GSQZ+Sl9k0_^)&$g%v+D*%B*LNFxFU+q-Rhbp04;dwgW;cZ-AW!``Kxr2Dy^ z)C{fCGQ9kn0?V3`w)ht?IX~2MN3X?trg5<~vzuh|#LBC!_olN>#bqbcRy|+=`6|!| zG8b*|NKQuq&c?n#Ka5sr+VVTBISPk2?b%hepa#a4%#EE;&2RU5JSl_4+VeZ z&N{)cmGQsA<9H|X7Q#J1g-ub>m1${31gY1PUvSNKS#(05LmtK%_V$t3s3F<}dEf<~ zPKMn&X%{rIIa=#hE-8h+p2jBu4n;1aOuY0x!2zD9R}2T7?MB|0!J1u`Cte6ris zm~11EFp=n&SVHmYyOCJjI^Gw~y90!NUd}Gk+DEBG3SfYyF}cJU#IJ}Qx0OVeO0M)R zP94oV-<1Y73FKYl{C{2N5}lKSEzY^mO~X}T;ZBDU_u&AFV#y0nHHRU&(JKKmyA!j! z&0|GQZBeQfyzNFIZy{<5Gj-=n0E|#vS;|rh`S*$tbe-|#+GnxWQ(0T;)Urcw2||CJ zlKrv#26LIzz$a8vd^h{Lu{?Z97JsW-yw5EG{8FGH>gkqzdwNios|i%MaDD6c#vZGH z89phB5gg>T!Y-P=J(qJ22AZ#k|L`wYDO(6U(vZ^1|QT7&5iSk(wc09KMd{ta?xO;hlD$45} zra|2-Ok^E9#ELUwNeDFxgP)ydLQraW(!9c%j}n)YB0QJ1GswcGcVFN^aHVXyS1OUs zE&IH+&yJrdCk0O*)K z@V;5<%)e6nzg1fF73m1@s@yx|6WQFiI=lIn%4dYENSfvUoSlrp>cfD50!ETXm2D=a z?O=xTqjsi@GvG2SuocYGU%{==uEsJT%) zmula4ksj-bhGJ}BQUVe$)V4SM@WfZk5LgCjQX-82z-4izZ$*k1;dt8(M9S=~_O|pZ zii}W+GkN~*B+lAB*TI|GD{G+NyU`SdkrYA)Gn!xHcN9K|(*!`J&u1bQ5DW-M?Gh_` zrc74P8nM;`ZeN$0`9S9lQ?Vk0SB~GG+Kg*e45_q7%TEkLTrQV+l02Uo_J) z*u={mP*!(Z_SWgv4*rfD8y(1{{zX98T6M5r@I4H44hh=D6Y}$Ok??w}6y(X7x2kQO zw+S=7BF#*bgZ|^2%YMtxGR7e`1|R7}c!#zC@R(N+5-I&9=a(lm+X#voad8^AuE6bF zt~JSh)Df%H1_=Off+h#h!NUk*cn7w+KxYh{&m=G9dn#JfDf%&g$K8oHwlAVSOxJU) zfF}Ty!yS^=ZOPuRjL#LadwY-#74^uysNUw^?(}g`*uW&>2mo+G6gckUx*9!QYYlt1 zekW-KtH;A)n{Pml(11h+KdzJ~a(Qs|JIL14#Wg^%JmGY{e+2Z=K z_IBlwW83Fk)+s23w|KYk#}Ycft7OM!0M!5y&iKbGY3lK=V|Dq7U%wLhUISFHy7&Od z+mxtpP$lK2H-9Aq1;Hu3>E*u&N&x&2hJan27goZIs*;NtJuYQ&AU^h?eqkLKHP;K3 zhsJiN%9LzXN;5?g=?^B|TL5B^2^VKSouq~@dw=Ym9$A(RH13Ba2UP8`+yp8jjd}B2 zGbV6%#ESM;{~MjjNwQ4zaiqZ31X_K*GgxyEdl8E{e*3Yt*&tb})PZylE#}0402{r| zE*SPC&LO%PX3e(o*^QO`C4^qo8an9xy2djOA;5Ze#akN|#h%2-!;k2SNMl52`z+qQ z#K%`fvAC$G02`66wRm7BCDS*&#|H5enG`9+?c6F`Rwv)O>fzCv32``fj=%5QWD_h7 z43h`(yyVcxdEgdynIHs{c(1DNVczU!Dg*Z!^~`7l4GvXZfE_M|Jbp;T9hCN`+V=}p zWy0w~##E$C%53;o=?q(r^oQ-T3rI_yb!%n~W_(+_qavD85`~|^($e_4bLFKt_im4jCO4N_VN~AU%~PE65){PG>_y-W+E6IDo3f&Cq4bqw0BzjP z2FaOQ4P0(kf-_n_alh8v18e;-Hy`K68IX3rXDXflsAcy~Ip9F^n@{*-WR}4!yAuPV zQ$5|Y$rA`c>vB)pZ;Nr&5vdQ8_tP!mcm-S&E44 zvkk?{nW?R?VM!*8NRJzmqbwqA_D4s!UPtRc*;L!_QbD)Oyu(`7|4){dIcLuIoJd_4 z(6A6e1P>Uuucv_*>2}eQ&!q`Ts2Ylp40Rv!H}3-aE<|7?dYy{vmdb*mS~ztB*dzEc z#vj$_NpP2EKXQ2pop73ihB?YpTsX^BtY)f*w3Z?>;&7VI^kj4}U3553LrXSpvN|7@ z6=6FCT7ocM=7oQgk1ky95F|3j(0$K@{H9)fxb5)(?aEm25Rm+_BM+`&a|-&J_%i$ cnlwBeTZ&xAUZ~X({s+x)dW~zaNJ2^1(~t#z5dZ)H diff --git a/cloudbuild/.staging.cert.pem.enc b/cloudbuild/.staging.cert.pem.enc index 0e8a14897c7ec49dc3f26ee9f5d66e96dda94f93..5bcbd1259d706aae659e3b30193dab1fb25b9b26 100644 GIT binary patch literal 1177 zcmV;K1ZMjRBmjicMV>a@ppg*gV->w_;IQ{I9swxDWuhPM^~ z_i^!@qAgUka8zpDtV>=!0vRi08}w8Iz+O)Vo-Dp#s0pHzt%ngG%1pSYvkV;fy6d9K z_Nt-a@-v$_0J%!E7J0bREjx^2v|x-*`M~%$YOIa69u7OYQmac23w3Z4)`iV!x+r`( z`8qPT-d){GhB!gnkAn9z+gr=%dmpr|>D#F6x;pfQf)WxdawU$J5qV0sY-Mr}jC(H# ztbK5K`|e#bnwjXFq!EFTCC2jc28WejDzX_}_#2>?ZV_h|Thp7R8B4kBMqNt}>&TR} z9)*PPfbVhqal6NL36x!3H8+SI>`Ho`> zj(dZIn(dtBjKsJfSd1!e9Ym1mF#d?{5Ed-0s-YkNypQX{Xs0vlmG+y!5D5l(hvpBF zFE7w5d?sQ^j)qUpv1sUdu(_(iW7q-%+8a|#1Vr2$?yfCoBh5Ap&ftjvz)2Y-Sk>gh zr4Uc|@W!}^R%D3H^BRuoR{ddbce%e_jD!R5d=xan51)I8yjQFbA8pD>n;skHmIE0I9BTUS|zn&(CwjJrw!RK$PSB|L9{KTqi zaJC_!A8UNTr?_5*3-|W7kQ^>8K-^imJdB!2988TAf^;}{dP~}e*N}6R_Wb3Yqqbve zIVp)R+>fg{UZ98|T*Lo$WApov$zpytND%@?qDOFx(-Z*s^jvhc%A8n6P8t{Br_t#~ zElCM1VFvm6#`h7Vehy7e#@@!8T+?H><7_`NVFjf^7Gpz7_c?s9Q*)4f6Yp*VXTU0f-rCWqqC^-hZ22et;EW;d{>*7;#(LFa*J8H&qwtX<;{VDOMK^$FRpC)a1!tc0O*)K z@bQoWaS-~~h8^o)VT@lw)nd-Hk<}kDgMh4Ag$xk&7kQ%?I z%Y;V?xQg16LLrr-#Vlnwzfa3{Hh`3#8Ptt4W^An!jmsO>zK28;Diz(;Mx>*g<^J%Z zq$Wc}+S0c&qlw1(Lijb3=9&jb=|i!1iP5Q~YwH0c_-LTJ#<2g5XmL82Rs}#WMVI!T zJCis-q$pca*q_068SK zq=a_V8E}?(4k1@$LmMCk@9+#KGD)+)GiOddLh8o@5fGDrX;EW;;_^94vj$BuZz92s z6N#)VQ=!z)o5G$p%1DH!ABw8iTuS|XUkBYV2|)WH=A}{(V}leVr0u==Q_BXhF5;@! z?dLPP6319Kcf!QR2}K`W_E~|L%-Z*vP{MBR+-@yxadeao_r0!Q)xmP=uyB^SG1|2| zIZXK>z4h*tgqJP&npw$HoLTOGDDw_M_B>N7V4m3sbo1KN;zMAew^q%*Tsztr+;b{8 zeS4Tmt|IPoD{RUQ)XgEdjQlJ5@nYu{NzaeV0tiq?+jv#NL|n*T?LzVJ25vN7)0D7+ z=;N`%kOL#BSj)yMJXPo}QIL#VtNu+YGCG4CQjzICgi6cX_tBmDvf<@<*#Fv-gd73D zn3NVxgx^K0i8WLQ5w!9br(U@6LeohjJgG%A6Vz#z9pj=RqfZ69IxzmUu06ZE>je?7r&22U+}`+l0CMmrju%tGS?_btBbqw`K|horuTYm4AUGIA5VPor0| z$6-llt=$#m@gQ-nUY}9;p#A*k^C{V9>fo~6WG~qkNe2jbwXA+*DN$#AZh&jUK7KQzLkE`6R)Mv%REFV{Hd3-!h~(d=G> zMZUc?vy(4L9^R&r0Q*o3!&IT9lEP-Lf_&386u4&Y-PpB4gg8GqUc;!5>x9oDK~GlO z64=~3KPZ1bz`c(o8jGr#n44SN&=l#FzNONMLpZOtlwf>-<%=#rHUjB@oweov)6#LL zg6o_rjU`nC2+5}}0+1vvBgB2}=KmzIMO$r1pG?Cf8ZJSqr(Qg6gHFa}vYcAeg;auI zUcP7}rm5UdR_Le|^C*hu;vcf&0pzN?h6OtRZjcWKyt-;ii98(7U6zzv+U7&E?_9IO-T~Zh;G}6OUN=3RRDd&=j(-IIPD1EgLyPH;^~Z9TXjv#Y(>I8zs#c|H|0N&Yk!of z9>~FIMV#v1GCa-R7ruG19 ztuyw*Jmd7$5A52Yy3(LFhQ7rmoLnKN=|l7@5*K{VcL+xI#nJAY0bpe7{d99vH(c%R z0(?|&%&_pOS@uS)05%+ex3^ha8E1RLH}%nZ`$CgjujXStN3rmy;WGijRShECT^Vj_lj0*}uiC12xW{T4Q zY-7%`w(i`2*+eC|MJ9w9crWym9=boqt@F~O7)aac4E3*Og({;2*&Yz889gF6)k zx>m_$J;BDf3S9ni|I8GmG#_uIFR_=*Rp?5bD#maJtLj$GSP-m!>kq8LBu6Cn}_P&nFg%v&U}3KAr&k%F2(_I5&x@^b@DWE(ds zQl<^iMZ8@?Hjk{M;l|x z5;^CE7sY1KKXDat$}E)?=PX=J0r)sQLt!=MgBTkxbb+sw2&EZ+==eIw(=kI2yIH1Y z`NOL1k5!l#(?+b`rP^0O*)K z@Z#Q+Ohq!Ww>!?Jx^lOwq_Qm!wyKH^a4Im(9db!GPJuJhFB0(Z=)&{QhO9^sW%N&t zu1_{08AH&x^+y?Xt--78F)y>mZz7s*M#sJ}I2?d@z=UFqM=PqL=k3N#i>e`;J?Ps` zShu?BbRFkUUOVPKyEvWGqQQG`?JB{pE>r#-{6#52^^Z=^DYiT+M=R;1X-bbhw9FBr zPC+|uIi2Pwyu-&^A^uU@fvBGNIaLx7+Kuc*O;jluV+*oQ`B5tV-0UGBdU%!uKe(`u z6Hpa%@M#e_@#z@|9;P;g?gCtyt$m>i-)h994MwwcQ%sk;A@WnNrk1h9@!*19$2Yd1 zBY6%`vndl4ef8W1*A&-I*dZwR)O{=9S*yx3$863;*l#{-o+UT?P(j);Y)s&fi-es< z!vY){4$l<(u?yLD$Y&?SY5SsxOR2GKA#U|whedts#o(Dz_b9r6bHB2-gx6aPG%vf| zF74RhI~~&Fa%y&X3An&490dw;g=G|CE$AYpsR6_v4n8_|fp!FS8;c)cz$ zMx8VxOA6hYMQ?oQY7Qlju|uXRQ6azl9irQsv8HTTgZfg)7!nx$2*1YsnV@fYpKnI4 zHBZVgA_VU_(`K1kFs$|N`CuiR=V66^8un+W;)_xhg5~5sa60*?thU3A;Ho8Z(=9y8 z+mb8$C()=G zXq9uv|FeHoV2cginu0cvV~TB3Gn_9VB4?JhYaBjzzoAN=fqoh4kouQ;EJMl*rI?T! z@HqL30A`UAnn#Eg(tU-kMr*Rhy}FTi0;t2A_D)#)+WS)FuG?s&FnNa+1p@K5Crz(P z=7QJ<6Bb8|ggn)zJB(RRYc>M8$BT^a-4FR;#n6r>U{8F#n+4|iN5qeG2&J@zWxZ$1 zn>n2gJLAt|2Vk;3;4DSL^oIKSdiWS}hL;xp)s~CBpfRb#@&4@ZP%#eOI7!9@Uvg+j zCw^SUrQuqZ!U*cuoMp&4Cgh|;2ir#p^1I0qB4Z<~dWT1pTvN8$j^hC5E8(f;2E52n zG(NhyV8$f#>b&zyb$havSGZIk$oIkbhB$5ch>B>2R9B|LWu10uiyj39w4Z;${uE~;vk;8iwQ za5>*?*M5u{NFA=-*553TSKjqjuK_~(euUYj_!z1JZ$;U*4-!Blqz)m zioQ%MY%VQp+wFvx@}k}*W`Q`E*PPisN#X(!O`t0#>e%l=!@zEtUwbnq&E{$lXWnVn zPwaV7t&Y0eyz3vLYia0z7u?`k%h+aZ;tTNvVfwBThyjyr&aEEg1!4Mt;b<=4E+{Z`I4cy*j$CX}Y!MREv~4G7h9 z>|w$kdYNfNjYX32HvC1Yq7*4w)G>ZMC<}M*w71f>B%T0 De8hZg literal 0 HcmV?d00001 diff --git a/cloudbuild/.staging.db-server-ca.pem.enc b/cloudbuild/.staging.db-server-ca.pem.enc new file mode 100644 index 0000000000000000000000000000000000000000..56a8f6c02d4e21c79b19f402143cca4bcf95e593 GIT binary patch literal 1354 zcmV-Q1-1GLBmjCx3UYc_4-Mnw2did)tos2_{Y|W;}W3?0O*)K z@KsuTr={s5&k-HZ;uy*Qd!y?s?HQ`{bk`V9g zkEKEZ6%)Zji1n)#MQ6O)=1NeM)mubyXNzdPRcF?|RY`*u1__)ViSx5$UH)VUp^*x_ z6mhBomESy+P#Go;B)Y0gn?olN!gfRLO$x{##7=xFvWcBUytgjJwNw90^kJ{_a>B7% z-7%Vt-}^-tmsG9SBDwrT753Xqg7&&VbKlq`_p`WA4+hMoqvb~nhQv9REUS7ZUt2GV)L+(i`DY zC;^fN8gJr-gIw%{c-f!RNXx!YU0(EilD-JMgdN{=wbUD3n9bqc60)NyX&c!!G2l(V zgV%i#=q#@Fgi=!854%CJKr8@niFd!K0Hw zL?4hM^#*#9dxk^?!qzSAU&l#?w^`V=_|_@%&7{0tM8)uK8My7lU%mk$FYBG~B&J&< zMQ14|i8S8xPDN)yLj-aRAP)&Yz&kG}Y^Er$#bYdpAtogy{ks7(c`hd#(&M0mov}r?T$AM&;e_zRwXW(;I4MO*)<}TWa0c!Yxl|&Ex&;)sq#-#&5LGk<1Y7;Wg*POWF4ZyD}HVR{_aGd{0_}e zcD1%hDwQA(GnU3@HjT*qIk#?(<*&q$vKrUN10XV^U|4s8D!>BQKX)fH1OqtAj2?Kp z7I3T;d0VAHG0Ii$$qkyMv9@=XNVCs>{L)!|&ar2-)N6ix=_ZDNF|~7y(@63v7`mGQ zUTz2`S=s%rsRQyGr~&LNiwB!sM853o>QP~itdos`R>|E{(TU~{1iS?(7!{3HD%!za z>^#hN<^4`$1lpm7hdCeUpepoA?;zn zn+7=u#z!cWM^u`&1adpDtUbZhFcJD>!olUq38i3?^;5!_A1B zn-nH#K-RBmjma)wth)CK>dz@eTyXi;OXFBQ9m7*GBIhH9!DyJ%5t*JRgIG_^VOh1eG4x z?7Lb05u2NI&%zSRFd$YdLpO@KW_gxg#-Qyu{#g+5lWB)JSsVglYf}Df# z8@^KCV3bACkpTBz2A^tA6j3QWib@UD51K&ta@Ye~68!LPr!`eub2JH;Np3cjRyf(u zxYkEhu6#1aN|mT(yf>Wln7P8*7GM-37(IR`bY|eZ?pNKPRB}BYl}L+;Fqc=tkT1$A zWg@rLd^-zlNTkSkl#C&6n@G&BUB}p=$0M5oQHgG7X(Zf1J>+5Mb_*8_@1I+@R&9n7`vC-7Jx1L++vm$`lw1@R=hrbNBdEVx!t80b%`;U*`!7QYXHKUrA1?9 zXcYXXL1S&GrWoeQn6K+4#Gpu{K~IAg!rwb0N$>TmYpgP9wlUI+R+S9M4kTl z@hiU~Hx~6VX>(Hf@;9>V%FrEKONi`^|&f>rH4wig5i$5Iu@2@nWeuhF?sVbBCtq>lbB)x`sGAt@uqWB}06K8<>0bcA=2wy1PFBh(=%E z@+x%ocWz)W&#c^pG7I!Da3_KB8TOAgJHd`cD2afXutx*vBa5;$@TV8hYJhkMDui65 z&YJL)>&etAJSmuv>n>)Rh281WjdOX*hxJ$oa;+yteF)PzjY=ykxY(#?jS8~J9sh0t znZ?0G#D;y8eK|RD%G1_sxB`{ar_(&*wWfl9c6DY;Xr0ZIk8|!L`ine z-igg^w8V#JDU2n92>IX|g*S5ev_Q{mXaPjU^6}e%o&Vzv?SnYBrjQ*)Nfe+IuTn&) zcQWgJdRyhs^^Q5_`#iKxAK6dio1y-DCY$jPVJ2p>EiF*%rHR2wo{_eNP%-!50HwFx z_gyd@^`5liipj_2?njQw^;57kD)_6?8IY1DdeI_5Dt_?>+8Ex~cV6vY@gcGxfFbrP8jaB0p%`$LHrO(Y(50|a? zy?+rWF8ec6xC6R>?<)G{JmerHXY@dl^*p8hzag_?E~{az;30q3Y*uWMN&$j4Y9lx6 zPo5=zF|-xqNgb1nJ-Bu`w6HI>6OzU;yMA&++4SCFS+bTC}%MCLR&VYH5x( z8y1mCIOky~zG{eu{3upYEJ_}rW^xFZc*g{!J<%AwKx!(fe7~iOyf3;?H0P?$m6C4c zd7XcRIbr2J-l>pqbgv*c^1KDO5I9Y1?xl-~tH3mbzHiyi7Xj&R`&&84mvpFECvC>dz+3jSS<2*SErY!?ff1K{;87N#CM?3XWc z91%5IDp=Jk;ARldnG<}Pz%^iDQ7)PZPn0j!h0g_z*^JIVpeezw?^JSV>+&MV*xR!O z9z*j?JlEsZmZ?lZg4(X@i}%(>aS_2#X7<^J?)&c#w`}Q2oVOp1W zS6y%@DVXhU z5C6^$a{}NpM_*+C(o>)zilGGCP_kRydt}*R=9vwJPa6V&4Pq?8H4C!t%1Bsd)(A)p zV#okV=yyIqx@Q~j?nv?LOlzton<6KCzE}maXqLMcRv~1FbA;+t+jZ#Q88HIbq3$)b zT};sMVO`v46&&VF5@B_qkVadEvAwA!vZfu0(jV>LV~L2xt8B$Gk^5#0;co_b5~XCflH*c8J`3;Ayy%IXO>(q zBEuIRM_)0b;Tq*JIOxZ!PCn&ljN||>HpecT_9~*r#;g)O6XGIm@R~oUPiep{=fJvu zHEcsw7%n?G4r>D*Wp*i0q|Z_n1cmh6LM{V(>{B-_z@?Dm0UzQODqjEXENZOObT)jv z5<@y)@3u>`?Tpj;HMv4;fUuDy8`r`Y^BrLDb^%TnI-uY;Tqjv@_N0FnTVws31^4Vx z>}SArsKms02F;Y;!o7g**;{_uQBiyaYwEHvr1&Gq;RfZ3TxQO&De4S8BZT4QjLgW5di}~y03vO_Yw4noFO^-&IXE9R5w-&7$YIzddm`{hSCC> zkfleNVpC)s?tHV9sYs0D=dE|Gk!c+U$%ib(X?zDuK7|DwG=tDOc7`|s7iIiYXMtcr z9$fRUd`G2-aMa2MZz;D@zPg$b|6{rUkB{>E|+K*;1BTtrD6{GI2V#22WgsU>6qU|RQ4?82EoS5+k@QziuM+VR0O*)K z@Z(Dri5%11#n@qnXkbyk{`3&CW0z1Q7UubYw|m2?ccD#>8@>59qp|HrTGr!|Mt=9FYF5g_10Zf}o!G(yIa5M=xoKEKun zIuv}U#u?g45|nt_f_1y1SvVioa;G1rq}#dg^WlhR{Rf?yN!^BxozowVkn)*282{?6 zOVuh4ZY$1d~S9jIwUdl{my34gbKK!AFXe!V&YTbV_S}g6N>g{UU>6@npsMX-q3=`_? zB=vti!`f5UZY0+oRdw~Na1CjVOipWOXmT(pO*yY|sGAMpniZ)~U>2kg^dcO&hRoSl58vqc^Z-j`&WkiZy} zdrm_81okF(Gh<{*K*oq=rGB$z z5g91{C7~6JA>XZ<2iYmL`4)P1Q>Ws=prMc}ipyi+o194@6}D))juqVy11u@q9-(+L zy)1@N_ZTJ~EbY7}#u0Gs9X?le;>y1xQQ!Iy_N-%(BkrE`9L~O+-^o-!1Qk|&f=`(u z@NX-}oE~G&r(i$49HAczF^)T`w&vX@6Ajxk!KyorIWa+V*XYTA@FY)LG!k`QQH$}Ncnb7 zMR~32b&J0pv(hu$Poa+os>g#Xn)2nPd6)@g3UTpZ`%FkA|{(*oy>fvQU`YB zF?c@*l0GXo_QZ z|8_s*4mY+;7`m5N8OIgX|+#WTORLyvM z8!!N&_$wSiN7G~YzXDJ|s8}+9=TZv$pRb!iVjf}D^U5pkzkH=5%G1BF|IZ5Y0erL(0~jW23A~ zyU4du{_m5dWY|>yHibpX)=Oj|R1}D|^a+mFiMW)|uJyk&BF^_q6L3hX`)CxvJSfW3 z%SImQ4xv`D!e%6Wa(PF}I7P{u;L4BM*RyR~M{M*E$em7N$#LuCE7f|6Gz6%`eOlK> z_6Iy~ZVtpF7k;33s$xnY-bCKkj>UC>o}^k$9GEGH1bXD1MNR7yI`@J*m5bJT&R1OG zbc}17(>7cX57;Jj?P2KA<`zOODgWYs-Hqa^SOHpO`c@oEjl!^S>@(D2 z#MuXrgz;!k?OEFjQXACJ^ERlal{BRLt#!YR3%i2kYxC$?53<39KC!>#vewU3*MP$t zZ96X99~9O5!SRZGn7o7Mq!JnT#GGmjUats%2)#O+P{2L32BfV%XkLu!pszfvb-qf6 zFuoRMmNR=@^0kGjLty|%byhiNrmY&Z?pMVrq;NZ*{Qr5L?N-NK0Dx`mp?Xwmdli4$DMN3XMJx3?og_Q&ye=JmXz>ZUY^dEz| zMRN|g-WJIm6S43>`9>a^;EHJUDD2&vbr($ZXbF1vKs^D+sU&uSsQ8kliy5mMv7H18 zsnYKP21nReCLxxsky^ElU1%FGM^6(;RTYQ^S)aPi5O`-cc_JbT4J*Pf&hOL8nhvJ9 zBae2ddrl+u-G#(Xju6zfRy@yTtdZMPQYQ-eG-+gXSF6ZCsG=oo+8() z*jtNhw!5HqBK3w{;^Ts?s1|a+apymTO4EypImcBfzRuQ>R4D2pU(5Z%4!D|A%^zIB z3+ony{@J&c%t%eDo)$OfBw#>!u$34f6cEufpnDbQ15FbAI$y;(y;k4lGT<~H@`x{z zwm4{K28PL&q5iz~OGa}0(T{|cOpd;(iV7VUPb>7g3cLZw=_aWn_ z$)tn%-6*sqn%wMO>HaT+>?y`d1WV|-7xywR0tka4{=)x!GEG{?+d%6aGXS`&I!-DO zZ_q?std$ICe1M8BoPPNik|v2AlyqH| Y`x2k*3!V%rD!6{ZEotSjsf!zbfF8}}l diff --git a/cloudbuild/.staging.gcloud.json.enc b/cloudbuild/.staging.gcloud.json.enc index 87956690522478f65b5e6308bcf3f83505a5c53e..f85d929739e6bace5cf4f1931544fbe3d5277693 100644 GIT binary patch literal 2418 zcmV-&361s&Bmj8Y~fq!P&z0O*)K z@H0K|P7s+DtA6}L>>MQ+h~4sah}mxA1)ti7TTLI(Q7N?&6nR5^3)68_h=h9HkUYdS zz{hg>`U1>tAT9~&f5En07HF5g0@+Zs%!b@1NV zPq`jv1#J>93rM%1P_eBuANC33R(@(`Ev*~j&v8-pV`k5 zmp_%F4oV!<{9lPAsiW7HiCz^J{*$9|TKxg1kJAr;gq)D^m(iE#z_}C{A%g;^Z~|wQ zJ>q}@D^OmfAASg8mvwj)m@+P;Wf|nR5I#==mT$2>9041(G|7C}o*Z-`)u>|rv3jI{ zO#&KiS*Kg+z7ngwlIpSUW)J`$}xuzQP za_B!Nwsn-QbdT!l3iZiwt6jYz_jRfIYJACyL{zQ4g7~BJ#mCv1OWLox%o$e$Gk=HU z^neOzFW`cPM1Ca|ha%m;OHZt}Y$7SELzTfarQZyo{kHGb=jDWId0GU~w@*W^uNs)U zVUGd&-7CM?WeQaKRZ+DNsa&$TOr03jgx=T`XDCs1n^=Rv!BY>CO@Gb z)O@yR%%(2VKX6gsSAQwlmWlCw)b4NSuR;kf6|!KL|5kb4rJ}KLR-Yc+8|Ot zyKec3W?Ttn2P3&oCmX)ouR`QJI@LOc$+0zHEMA)p-dXhKHMylJ9i4>>T?3oM;X8%< z!#Z{zc7(v}al&9*A%T<>E8p&O1m`SdNo~!0PC_qY`FR@Xk9_1n7KHNo4m1>^ddf7C3V$DOeutoo@h$MW;W=OK>n&txUjP=`mdGHu{lNu!`yXoI+P!k6=ABu<+lUgMV<qWYlu%k^m|P(DB_zK6^cGGURxY8 znGcc5Z;DFaIYx!%&hn_8TSY2-f+VmC@<3uV%L`vx7&DBXD@L$SR7;Z*HY&l}s8R1G z`oUjxTeMloiGOvL5!S2TS2T|6u+Z!)?bTFMoh@u3aIW(7#Xq(Z{ZzucMsa)aA3d7# zAjU7GvW?QrwH1qMk8bgf5AA9DTRqMt!yqT^WdEVLrL(H`AEqsLnSf)Ia z{M3iXpnfZm6@Qi6-Cpplp0K5L71EUy1Txo zGvx?gcmCi$f7kM$Fp!lY$fw-SV=_X*Ot88Da9SwvJ05L#*5Nl9j>bm$D#%jnqBXVl z!tf{00nUpmXhzp{+hCTuzL~%yRC3x5qkP13$JmFVjJ{Hb60&8~efyA7Ehth2{7aOj z&mR3&sQWkCcy;YE%1q+7s!M1~<13USy^juHKXwi9;J;~XD6YAp436MynO>wsIg*YB z@%6_>U7~NvvHz@J_QMk9DuzZzYv>gJ=+D~yhiY>U4QL9k47uPD?Kvj-_D=GV&18i_hB8G`A7xB~goEDgWLD{+EvT7(#IOCJ9j$jN9R`;y`hm zzh}V=2OqeWEvIGvx>$2O@D~8|kK`BvawdWpu^A1eaSBCTHuH!J4^8C0b?z|U7|hCV zDDS=tnLaN$!z)V_hkn2nT|1zol1!&ZTW~EO zfiXrjxfRnZd^&UDe5_X^Yvw(2q%N;{aABx9z_=uES)rv7IeX$SGp89(S8~KXH?+}b z|M}KG4@hf&cn+`Rm}wT{=~1d{6%rzs#+bS?od-9=P5FPLOE1P1)dirdz(@h{FoqCSQ5ykG(zfG7HC54C-oVcXCTHu5?YaZ*VIKzlxp8z7Z z(${7Dy1V!W7wI_TOMl5mjxUeYsa}K-ubn{=gszH^g=pdx)RPQ3B&U`rOG9N!HV9M< z(`57agb4N#)#8#7+fTx2K_c!p8GK*m+})kEKX4FPSSKA?t)fT53+a#_h@>glXwA)n zZDaGCyKP7oMtT=1;>+>|&}at93-e15-t<8IkF%hpMX59Fh`eAubL+{ikt>S)_;;=b!8yoFPmaZIAND z-(UjVc*7MU0&)Xt#wce#gFHnOpOiw|%p)T>t<8 literal 2418 zcmV-&361s&BmjAS{PR_Anr2WecookxftVMYWq8E`n2VUH}&iDkk5k66}*)8ZQ601$IQ@S zNf&<@8h`9V`y-W^ET4IvRa&giyG34F)culSGT-iHnNn`0dTEq59Jw4LWl3Kr-hUwD zv8xPz+FpAFW8&~7mVgE^Qt?3F(h68`;Jk3%;dXLeCyG)3k4DuvfB?_T&~Oa3!r-Th zRbU9n1GrV5A<|CkNVos?+;~dLr$Ac%@VYp|7Sjqpi6W?K`?1SxSm9UFtRm$t&(}?X z7+yM{T~NTT0)H)@`xa(OVfH6@kkgy_M{JByq_=L$05D!4Vf5zeM<|txN(t|Gm6?M{ z+PUph{TN}1VSAoE8g=4Xg6qM9Rx>dV$aRFgv|J9P+TQ2`^ zbQK=fj>v;@q+(pm1$AZu6)x>(x^3axA(B_>mSYNR5U8Qnf|;b7;kAG_nA>~uk}2B+ z^zr_@(p&Wbvf^C-`klZWNi^SVUb9vi6vY^2T8}1nZWY)w!OCRp%LcXZY25S@nJUYy zCp1isZcIcg7;(+NCZ1ey;m79%f8h5&i1vm6%i|TJ7`*%qDOm-zWoPfn1~OQm-w@Hl z@J{FF%XuHUQR}@M5a-`1dyC2$Fwt6|iVu?yXeK<@`jF*4JJ_|2%Q~z&_P-0D-{LbL zv4hMr6k1NwR&%uZgXaqKB#{2B?J)#V)VKQxZ{HbBFW6q%SbF|icU0K79YH`KB%@bF zJYJRVcGa)~aFtF3#+;VgFfXtbelyY>ecFq$7u>u4gPU=82iA87vU#cWs+@7fqt2d;ULN6~uPKkwaNnJc_imAw0W*i}BulZLP&{Kw z^2$iuNC6uwN=dosHE1I%eH#4oQG_`o*@k!lpe1%4qR8Aor>sv)3XR060B-~Cb0cX# z6$E+5(}j9VmySNUR^$gs9<|pT8>SB zd3;*YB9Q0SYpl2|xv9tzO+(w6pCrdaU?$WFi+9-+HaCG+>vN(H;A9fNkI-?(Tt>7; zL9I#>|0QVht4t-AxJ$f2Qai~`Vc#AB8`HXiCbz+YOKfeil0aJcDG2Kn!md0a+xp;u z2ikH4!s);j0VRP?b56ap=#<@|h_Co-+nq&v9;^)C$pEZlo{S98eWtYIUf{hCD7UR5 zu$n2bfXVfB-Fq!pV+EnI&FT)8AQXRyfBj8DInB}+Rs1DgohR@0FJKEXgExEVz<9&D zb1Op{P?!(h=}maW(Q&7|VDr*I+lgR|bF`XX?mdEbePJDy7MYIyciBy#5QhU=BFf4Q zeI}{mQ^v%87*1Y;CX4u z4(7@-)(v$A7u8LuX8-;|#omT5-1Dv~6QWkBO9dkkY30Y}TO3-{OGI;~{;YWeR&J8& z*KHamDIeYt08u!7Lhwz=R8(nUv%Vr8{9@C$SjW_VXAi0~-Gu$TSf{3HT3#pH-BSG2nz+!Im@gxtPsmi)Ai*|0;@4a{(YrlM03HhGWx<~ zz3V_47oaQu3%rg?a$QDv&E1@H{o#Ym3HWt9Hn_|V3Afx8%U*H#kFWD2qi|XkO{j|G zb4j@{4xW$XUEF&i1xP5Z2$-}pgDcg@Mt$Z`#e;qZ(b1=Q;E8no**S;YCHdpoNTz2m z0@+!QeAZVayp$u~@Mus`*fH0#t$ z0JTb28PmZaS5O#Iuga+C)8KadkRAhhID0CF+5je}+0fSG52D}Yroe~$MVah$NgEV( z>lj+X1xyi^XF3;TH=hZS%byhUd4AH=R}#!$(&kySYs;F{u|A~rP#5byn<~Xf21gGF zJYJNu1@zvh-<%N+4wlG2eN`xF3PNTW&_j`APcuaW7f)Uj^*RSP5&-!)DTs;F7cf~W~{kf;r8eKBM=PbvztB;w4`?e%pL=+0&NJpC%^RpYpA=` z=xWn3cTaQOaqsHtfSxgzSN74ubGp5l|pK zJ6DA*Jt-Yi#kOKRw|sZ_KE`s|I@hKnE4_OuB61AC%wU)embt|HN&>)GRZ~y=R From 5dd9efc1f48cf7ea87a77bd746d32569d198f4e1 Mon Sep 17 00:00:00 2001 From: TzeYiing Date: Sat, 14 Oct 2023 02:52:10 +0800 Subject: [PATCH 5/8] chore: update cloudbuild decryption of ssl files for db --- cloudbuild/prod/build-image.yaml | 27 +++++++++++++++++++++++++++ cloudbuild/staging/build-image.yaml | 27 +++++++++++++++++++++++++++ 2 files changed, 54 insertions(+) diff --git a/cloudbuild/prod/build-image.yaml b/cloudbuild/prod/build-image.yaml index 962598606..5d32f3fa2 100644 --- a/cloudbuild/prod/build-image.yaml +++ b/cloudbuild/prod/build-image.yaml @@ -44,6 +44,33 @@ steps: - "--location=us-central1" - "--keyring=logflare-prod-keyring-us-central1" - "--key=logflare-prod-secrets-key" + - name: gcr.io/cloud-builders/gcloud + args: + - kms + - decrypt + - --ciphertext-file=./cloudbuild/.prod.db-client-cert.pem.enc + - --plaintext-file=./db-client-cert.pem + - "--location=us-central1" + - "--keyring=logflare-prod-keyring-us-central1" + - "--key=logflare-prod-secrets-key" + - name: gcr.io/cloud-builders/gcloud + args: + - kms + - decrypt + - --ciphertext-file=./cloudbuild/.prod.db-client-key.pem.enc + - --plaintext-file=./db-client-key.pem + - "--location=us-central1" + - "--keyring=logflare-prod-keyring-us-central1" + - "--key=logflare-prod-secrets-key" + - name: gcr.io/cloud-builders/gcloud + args: + - kms + - decrypt + - --ciphertext-file=./cloudbuild/.prod.db-server-ca.pem.enc + - --plaintext-file=./db-server-ca.pem + - "--location=us-central1" + - "--keyring=logflare-prod-keyring-us-central1" + - "--key=logflare-prod-secrets-key" - name: "gcr.io/cloud-builders/docker" args: [ diff --git a/cloudbuild/staging/build-image.yaml b/cloudbuild/staging/build-image.yaml index 4ffef1f60..a45bd78b2 100644 --- a/cloudbuild/staging/build-image.yaml +++ b/cloudbuild/staging/build-image.yaml @@ -44,6 +44,33 @@ steps: - --location=us-central1 - --keyring=logflare-keyring-us-central1 - --key=logflare-secrets-key + - name: gcr.io/cloud-builders/gcloud + args: + - kms + - decrypt + - --ciphertext-file=./cloudbuild/.staging.db-client-cert.pem.enc + - --plaintext-file=./db-client-cert.pem + - --location=us-central1 + - --keyring=logflare-keyring-us-central1 + - --key=logflare-secrets-key + - name: gcr.io/cloud-builders/gcloud + args: + - kms + - decrypt + - --ciphertext-file=./cloudbuild/.staging.db-client-key.pem.enc + - --plaintext-file=./db-client-key.pem + - --location=us-central1 + - --keyring=logflare-keyring-us-central1 + - --key=logflare-secrets-key + - name: gcr.io/cloud-builders/gcloud + args: + - kms + - decrypt + - --ciphertext-file=./cloudbuild/.staging.db-server-ca.pem.enc + - --plaintext-file=./db-server-ca.pem + - --location=us-central1 + - --keyring=logflare-keyring-us-central1 + - --key=logflare-secrets-key - name: "gcr.io/cloud-builders/docker" args: [ From a6f9013d79a60ba0aef1485add3ca9a93e03d738 Mon Sep 17 00:00:00 2001 From: TzeYiing Date: Sat, 14 Oct 2023 03:02:43 +0800 Subject: [PATCH 6/8] feat: add db ssl file loading --- config/runtime.exs | 50 ++++++++++++++++++++++++---------------------- 1 file changed, 26 insertions(+), 24 deletions(-) diff --git a/config/runtime.exs b/config/runtime.exs index a3b0ce276..3bd2c159b 100644 --- a/config/runtime.exs +++ b/config/runtime.exs @@ -46,23 +46,6 @@ config :logflare, do: String.to_integer(System.get_env("DB_POOL_SIZE")), else: nil ), - ssl: System.get_env("DB_SSL") == "true", - # ssl_opts: - # if(System.get_env("DB_SSL") == "true", - # do: [ - # # ssl opts follow recs here: https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/ssl - # verify: :verify_peer, - # cacerts: :public_key.cacerts_get(), - # # allow intermediate CA - # depth: 3, - # versions: [:"tlsv1.2"], - # # support wildcard - # customize_hostname_check: [ - # match_fun: :public_key.pkix_verify_hostname_match_fun(:https) - # ] - # ], - # else: nil - # ), database: System.get_env("DB_DATABASE"), hostname: System.get_env("DB_HOSTNAME"), password: System.get_env("DB_PASSWORD"), @@ -227,14 +210,33 @@ cond do end if(File.exists?("cacert.pem") && File.exists?("cert.pem") && File.exists?("cert.key")) do - ssl_opts = [ - cacertfile: "cacert.pem", - certfile: "cert.pem", - keyfile: "cert.key", - verify: :verify_peer - ] + config :logflare, + ssl: [ + cacertfile: "cacert.pem", + certfile: "cert.pem", + keyfile: "cert.key", + verify: :verify_peer + ] +end - config :logflare, ssl: ssl_opts +if( + System.get_env("DB_SSL") == "true" && File.exists?("db-server-ca.pem") && + File.exists?("db-client-ca.pem") && File.exists?("db-client-key.pem") +) do + config :logflare, Logflare.Repo, + ssl: true, + ssl_opts: [ + # ssl opts follow recs here: https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/ssl + verify: :verify_peer, + cacertfile: "db-server-ca.pem", + certfile: "db-client-cert.pem", + keyfile: "db-client-key.pem", + versions: [:"tlsv1.2"], + # support wildcard + customize_hostname_check: [ + match_fun: :public_key.pkix_verify_hostname_match_fun(:https) + ] + ] end case System.get_env("LOGFLARE_FEATURE_FLAG_OVERRIDE") do From 6d2ad2e01d276e014e0a3800b03d68ba663c29c9 Mon Sep 17 00:00:00 2001 From: TzeYiing Date: Mon, 16 Oct 2023 14:05:46 +0800 Subject: [PATCH 7/8] chore: fix typo --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 2715aad32..b1b94788d 100644 --- a/Makefile +++ b/Makefile @@ -105,7 +105,7 @@ $(addprefix encrypt.,${envs}): encrypt.%: \ .PHONY: $(addprefix encrypt.,${envs}) .PHONY: $(addprefix decrypt.,${envs}) -# OpenTelemetry Protobufse +# OpenTelemetry Protobufs grpc.protoc: dir=$$(mktemp -d); \ From da9bd67137801e2a930ee17fc6c1692acd270753 Mon Sep 17 00:00:00 2001 From: TzeYiing Date: Mon, 16 Oct 2023 14:12:50 +0800 Subject: [PATCH 8/8] chore: update encrypt/decrypt scripts --- Makefile | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index b1b94788d..3ac7f03dd 100644 --- a/Makefile +++ b/Makefile @@ -48,15 +48,15 @@ __start__: decrypt.${ENV} # make decrypt.{dev,staging,prod} # Decrypt secrets for given environment # make encrypt.{dev,staging,prod} # Encrypt secrets for given environment -.%.env .%.json %.pem .%.key: FORCE - @gcloud kms decrypt --ciphertext-file=cloudbuild/$@.enc --plaintext-file=$@ \ +%: cloudbuild/%.enc + @gcloud kms decrypt --ciphertext-file=$< --plaintext-file=$@ \ --location=${GCLOUD_LOCATION} \ --keyring=${GCLOUD_KEYRING} \ --key=${GCLOUD_KEY} \ --project=${GCLOUD_PROJECT} @echo "$@ has been decrypted" -%.enc: FORCE +%.enc: @gcloud kms encrypt --ciphertext-file=cloudbuild/$@ --plaintext-file=$(@:.enc=) \ --location=${GCLOUD_LOCATION} \ --keyring=${GCLOUD_KEYRING} \ @@ -64,8 +64,6 @@ __start__: decrypt.${ENV} --project=${GCLOUD_PROJECT} @echo "$@ has been encrypted" -FORCE: - .PRECIOUS: %.enc decrypt.dev: .dev.env