Google Cloud C++ Client  1.42.0
C++ Client Library for Google Cloud Platform
Public Types | List of all members
google::cloud::CARootsFilePathOption Struct Reference

Configures a custom CA (Certificates Authority) certificates file. More...

#include <google/cloud/credentials.h>

Public Types

using Type = std::string
 

Detailed Description

Configures a custom CA (Certificates Authority) certificates file.

Most applications should use the system's root certificates and should avoid setting this option unnecessarily. A common exception to this recommendation are containerized applications. These often deploy without system's root certificates and need to explicitly configure a root of trust.

The value of this option should be the name of a file in PEM format. Consult your security team and/or system administrator for the contents of this file. Be aware of the security implications of adding new CA certificates to this file. Only use trustworthy sources for the CA certificates.

For REST-based libraries this configures the CAINFO option in libcurl. These are used for all credentials that require authentication, including the default credentials.

For gRPC-based libraries this configures the pem_roots_cert parameter in grpc::SslCredentialsOptions.

Warning
gRPC does not have a programmatic mechanism to set the CA certificates for the default credentials. This option only has no effect with MakeGoogleDefaultCredentials(), or MakeServiceAccountCredentials(). Consider using the GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable in these cases.
Note
CA certificates can be revoked or expire, plan for updates in your deployment.
See also
https://en.wikipedia.org/wiki/Certificate_authority for a general introduction to SSL certificate authorities.

Definition at line 245 of file credentials.h.

Member Typedef Documentation

◆ Type

Definition at line 246 of file credentials.h.