ContextQMD
Back to Lego

Google Cloud

docs/content/dns/zz_gen_gcloud.md

4.35.23.1 KB
Original Source
<!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. --> <!-- providers/dns/gcloud/gcloud.toml --> <!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->

Configuration for Google Cloud.

<!--more-->
  • Code: gcloud
  • Since: v0.3.0

Here is an example bash command using the Google Cloud provider:

bash
# Using a service account file
GCE_PROJECT="gc-project-id" \
GCE_SERVICE_ACCOUNT_FILE="/path/to/svc/account/file.json" \
lego --dns gcloud -d '*.example.com' -d example.com run

# Using default credentials with impersonation
GCE_PROJECT="gc-project-id" \
GCE_IMPERSONATE_SERVICE_ACCOUNT="[email protected]" \
lego --dns gcloud -d '*.example.com' -d example.com run

# Using service account key with impersonation
GCE_PROJECT="gc-project-id" \
GCE_SERVICE_ACCOUNT_FILE="/path/to/svc/account/file.json" \
GCE_IMPERSONATE_SERVICE_ACCOUNT="[email protected]" \
lego --dns gcloud -d '*.example.com' -d example.com run

Credentials

Environment Variable NameDescription
Application Default CredentialsDocumentation
GCE_PROJECTProject name (by default, the project name is auto-detected by using the metadata service)
GCE_SERVICE_ACCOUNTAccount
GCE_SERVICE_ACCOUNT_FILEAccount file path

The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information [here]({{% ref "dns#configuration-and-credentials" %}}).

Additional Configuration

Environment Variable NameDescription
GCE_ALLOW_PRIVATE_ZONEAllows requested domain to be in private DNS zone, works only with a private ACME server (by default: false)
GCE_IMPERSONATE_SERVICE_ACCOUNTService account email to impersonate
GCE_POLLING_INTERVALTime between DNS propagation check in seconds (Default: 5)
GCE_PROPAGATION_TIMEOUTMaximum waiting time for DNS propagation in seconds (Default: 180)
GCE_TTLThe TTL of the TXT record used for the DNS challenge in seconds (Default: 120)
GCE_ZONE_IDAllows to skip the automatic detection of the zone

The environment variable names can be suffixed by _FILE to reference a file instead of a value. More information [here]({{% ref "dns#configuration-and-credentials" %}}).

Supports service account impersonation to access Google Cloud DNS resources across different projects or with restricted permissions.

When using impersonation, the source service account must have:

  1. The "Service Account Token Creator" role on the source service account
  2. The "https://www.googleapis.com/auth/cloud-platform" scope

More information

<!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. --> <!-- providers/dns/gcloud/gcloud.toml --> <!-- THIS DOCUMENTATION IS AUTO-GENERATED. PLEASE DO NOT EDIT. -->