replace references in Cloud SQL samples to Key Management Service to Secret Manager

Saketram Durbha · Saketram Durbha · commit cf283cf7d905 · 2020-06-05T15:28:35.000-04:00
diff --git a/cloud-sql/mysql/sqlalchemy/README.md b/cloud-sql/mysql/sqlalchemy/README.md
@@ -42,7 +42,8 @@ export DB_PASS='<DB_PASSWORD>'
 export DB_NAME='<DB_NAME>'
 ```
 Note: Saving credentials in environment variables is convenient, but not secure - consider a more
-secure solution such as [Cloud KMS](https://cloud.google.com/kms/) to help keep secrets safe.
+secure solution such as [Secret Manager](https://cloud.google.com/secret-manager/docs/overview) to
+help keep secrets safe.
 
 Then use this command to launch the proxy in the background:
 ```bash
@@ -59,7 +60,8 @@ $env:DB_PASS="<DB_PASSWORD>"
 $env:DB_NAME="<DB_NAME>"
 ```
 Note: Saving credentials in environment variables is convenient, but not secure - consider a more
-secure solution such as [Cloud KMS](https://cloud.google.com/kms/) to help keep secrets safe.
+secure solution such as [Secret Manager](https://cloud.google.com/secret-manager/docs/overview) to
+help keep secrets safe.
 
 Then use this command to launch the proxy in a separate PowerShell session:
 ```powershell
@@ -92,7 +94,8 @@ export DB_PASS='<DB_PASSWORD>'
 export DB_NAME='<DB_NAME>'
 ```
 Note: Saving credentials in environment variables is convenient, but not secure - consider a more
-secure solution such as [Cloud KMS](https://cloud.google.com/kms/) to help keep secrets safe.
+secure solution such as [Secret Manager](https://cloud.google.com/secret-manager/docs/overview) to
+help keep secrets safe.
 
 Then use this command to launch the proxy in the background:
 ```bash
diff --git a/cloud-sql/mysql/sqlalchemy/app.flexible.yaml b/cloud-sql/mysql/sqlalchemy/app.flexible.yaml
@@ -29,7 +29,8 @@ beta_settings:
   cloud_sql_instances: <MY-PROJECT>:<INSTANCE-REGION>:<MY-DATABASE>=tcp:<PORT>
 
 # Remember - storing secrets in plaintext is potentially unsafe. Consider using
-# something like https://cloud.google.com/kms/ to help keep secrets secret.
+# something like https://cloud.google.com/secret-manager/docs/overview to help keep
+# secrets secret.
 env_variables:
   CLOUD_SQL_CONNECTION_NAME: <MY-PROJECT>:<INSTANCE-REGION>:<MY-DATABASE>
   DB_USER: my-db-user
diff --git a/cloud-sql/mysql/sqlalchemy/app.standard.yaml b/cloud-sql/mysql/sqlalchemy/app.standard.yaml
@@ -15,7 +15,8 @@
 runtime: python37
 
 # Remember - storing secrets in plaintext is potentially unsafe. Consider using
-# something like https://cloud.google.com/kms/ to help keep secrets secret.
+# something like https://cloud.google.com/secret-manager/docs/overview to help keep
+# secrets secret.
 env_variables:
   CLOUD_SQL_CONNECTION_NAME: <MY-PROJECT>:<INSTANCE-REGION>:<MY-DATABASE>
   DB_USER: my-db-user
diff --git a/cloud-sql/mysql/sqlalchemy/main.py b/cloud-sql/mysql/sqlalchemy/main.py
@@ -62,7 +62,8 @@ def init_connection_engine():
 def init_tcp_connection_engine(db_config):
     # [START cloud_sql_mysql_sqlalchemy_create_tcp]
     # Remember - storing secrets in plaintext is potentially unsafe. Consider using
-    # something like https://cloud.google.com/kms/ to help keep secrets secret.
+    # something like https://cloud.google.com/secret-manager/docs/overview to help keep
+    # secrets secret.
     db_user = os.environ["DB_USER"]
     db_pass = os.environ["DB_PASS"]
     db_name = os.environ["DB_NAME"]
@@ -96,7 +97,8 @@ def init_tcp_connection_engine(db_config):
 def init_unix_connection_engine(db_config):
     # [START cloud_sql_mysql_sqlalchemy_create_socket]
     # Remember - storing secrets in plaintext is potentially unsafe. Consider using
-    # something like https://cloud.google.com/kms/ to help keep secrets secret.
+    # something like https://cloud.google.com/secret-manager/docs/overview to help keep
+    # secrets secret.
     db_user = os.environ["DB_USER"]
     db_pass = os.environ["DB_PASS"]
     db_name = os.environ["DB_NAME"]
diff --git a/cloud-sql/postgres/sqlalchemy/README.md b/cloud-sql/postgres/sqlalchemy/README.md
@@ -41,7 +41,8 @@ export DB_PASS='<DB_PASSWORD>'
 export DB_NAME='<DB_NAME>'
 ```
 Note: Saving credentials in environment variables is convenient, but not secure - consider a more
-secure solution such as [Cloud KMS](https://cloud.google.com/kms/) to help keep secrets safe.
+secure solution such as [Secret Manager](https://cloud.google.com/secret-manager/docs/overview) to
+help keep secrets safe.
 
 Then use this command to launch the proxy in the background:
 ```bash
@@ -58,7 +59,8 @@ $env:DB_PASS="<DB_PASSWORD>"
 $env:DB_NAME="<DB_NAME>"
 ```
 Note: Saving credentials in environment variables is convenient, but not secure - consider a more
-secure solution such as [Cloud KMS](https://cloud.google.com/kms/) to help keep secrets safe.
+secure solution such as [Secret Manager](https://cloud.google.com/secret-manager/docs/overview) to
+help keep secrets safe.
 
 Then use this command to launch the proxy in a separate PowerShell session:
 ```powershell
@@ -90,7 +92,8 @@ export DB_PASS='<DB_PASSWORD>'
 export DB_NAME='<DB_NAME>'
 ```
 Note: Saving credentials in environment variables is convenient, but not secure - consider a more
-secure solution such as [Cloud KMS](https://cloud.google.com/kms/) to help keep secrets safe.
+secure solution such as [Secret Manager](https://cloud.google.com/secret-manager/docs/overview) to
+help keep secrets safe.
 
 Then use this command to launch the proxy in the background:
 ```bash
diff --git a/cloud-sql/postgres/sqlalchemy/app.flexible.yaml b/cloud-sql/postgres/sqlalchemy/app.flexible.yaml
@@ -29,7 +29,8 @@ beta_settings:
   cloud_sql_instances: <MY-PROJECT>:<INSTANCE-REGION>:<MY-DATABASE>=tcp:<PORT>
 
 # Remember - storing secrets in plaintext is potentially unsafe. Consider using
-# something like https://cloud.google.com/kms/ to help keep secrets secret.
+# something like https://cloud.google.com/secret-manager/docs/overview to help keep
+# secrets secret.
 env_variables:
   CLOUD_SQL_CONNECTION_NAME: <MY-PROJECT>:<INSTANCE-REGION>:<MY-DATABASE>
   DB_USER: my-db-user
diff --git a/cloud-sql/postgres/sqlalchemy/app.standard.yaml b/cloud-sql/postgres/sqlalchemy/app.standard.yaml
@@ -15,7 +15,8 @@
 runtime: python37
 
 # Remember - storing secrets in plaintext is potentially unsafe. Consider using
-# something like https://cloud.google.com/kms/ to help keep secrets secret.
+# something like https://cloud.google.com/secret-manager/docs/overview to help keep
+# secrets secret.
 env_variables:
   CLOUD_SQL_CONNECTION_NAME: <MY-PROJECT>:<INSTANCE-REGION>:<MY-DATABASE>
   DB_USER: my-db-user
diff --git a/cloud-sql/postgres/sqlalchemy/main.py b/cloud-sql/postgres/sqlalchemy/main.py
@@ -65,7 +65,8 @@ def init_connection_engine():
 def init_tcp_connection_engine(db_config):
     # [START cloud_sql_postgres_sqlalchemy_create_tcp]
     # Remember - storing secrets in plaintext is potentially unsafe. Consider using
-    # something like https://cloud.google.com/kms/ to help keep secrets secret.
+    # something like https://cloud.google.com/secret-manager/docs/overview to help keep
+    # secrets secret.
     db_user = os.environ["DB_USER"]
     db_pass = os.environ["DB_PASS"]
     db_name = os.environ["DB_NAME"]
@@ -99,7 +100,8 @@ def init_tcp_connection_engine(db_config):
 def init_unix_connection_engine(db_config):
     # [START cloud_sql_postgres_sqlalchemy_create_socket]
     # Remember - storing secrets in plaintext is potentially unsafe. Consider using
-    # something like https://cloud.google.com/kms/ to help keep secrets secret.
+    # something like https://cloud.google.com/secret-manager/docs/overview to help keep
+    # secrets secret.
     db_user = os.environ["DB_USER"]
     db_pass = os.environ["DB_PASS"]
     db_name = os.environ["DB_NAME"]
diff --git a/cloud-sql/sql-server/sqlalchemy/README.md b/cloud-sql/sql-server/sqlalchemy/README.md
@@ -46,7 +46,8 @@ export DB_NAME='my_db'
 export DB_HOST='127.0.0.1:1433'
 ```
 Note: Saving credentials in environment variables is convenient, but not secure - consider a more
-secure solution such as [Cloud KMS](https://cloud.google.com/kms/) to help keep secrets safe.
+secure solution such as [Secret Manager](https://cloud.google.com/secret-manager/docs/overview) to
+help keep secrets safe.
 
 Then, use the following command to start the proxy in the background using TCP:
 ```bash
@@ -64,7 +65,8 @@ $env:DB_NAME="my_db"
 $env:DB_HOST="127.0.0.1:1433"
 ```
 Note: Saving credentials in environment variables is convenient, but not secure - consider a more
-secure solution such as [Cloud KMS](https://cloud.google.com/kms/) to help keep secrets safe.
+secure solution such as [Secret Manager](https://cloud.google.com/secret-manager/docs/overview) to
+help keep secrets safe.
 
 Then use this command to launch the proxy in a separate PowerShell session:
 ```powershell
diff --git a/cloud-sql/sql-server/sqlalchemy/main.py b/cloud-sql/sql-server/sqlalchemy/main.py
@@ -33,7 +33,8 @@
 def init_tcp_connection_engine():
     # [START cloud_sql_server_sqlalchemy_create_tcp]
     # Remember - storing secrets in plaintext is potentially unsafe. Consider using
-    # something like https://cloud.google.com/kms/ to help keep secrets secret.
+    # something like https://cloud.google.com/secret-manager/docs/overview to help keep
+    # secrets secret.
     db_user = os.environ["DB_USER"]
     db_pass = os.environ["DB_PASS"]
     db_name = os.environ["DB_NAME"]
