This is a demo application to support this blog post. It demonstrates how to use GCP Cloud KMS to easily manage secrets.
Create 3 service accounts with the below permissions
Cloud KMS Adminservice account key as kms-admin.json in the project root.
Cloud KMS CryptoKey Encrypter/Decrypterservice account key as kms-enc-dec.json in the project root.
Cloud Datastore Userservice account key as datastore-user.json in the project root.
Replace the below constants in all the files with your gcp-project settings
Location string = "global" // replace this as per your project. KeyRingID string = "my-key-ring" // replace this as per your project. CryptoKeyName string = "my-key" // replace this as per your project. ProjectName string = "my-gcp-project-name" // replace this as per your project.
- create the key and the key-ring by running
- encrypt password and save to datastore by running
- read from datastore and decrypt the password by running
- Make sure to enable Cloud KMS API and DataStore API for your project.
- Make sure to cleanup Google Cloud Project after you run the demo.