Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 

gcp-enc-dec

This is a demo application to support this blog post. It demonstrates how to use GCP Cloud KMS to easily manage secrets.

setup

Create 3 service accounts with the below permissions

  1. Save Cloud KMS Admin service account key as kms-admin.json in the project root.
  2. Save Cloud KMS CryptoKey Encrypter/Decrypter service account key as kms-enc-dec.json in the project root.
  3. Save Cloud Datastore User service account key as datastore-user.json in the project root.

Replace the below constants in all the files with your gcp-project settings

Location        string = "global"              // replace this as per your project.
KeyRingID       string = "my-key-ring"         // replace this as per your project.
CryptoKeyName   string = "my-key"              // replace this as per your project.
ProjectName     string = "my-gcp-project-name" // replace this as per your project.

running

  • create the key and the key-ring by running create/main.go
  • encrypt password and save to datastore by running write/main.go
  • read from datastore and decrypt the password by running read/main.go

Note:

  • Make sure to enable Cloud KMS API and DataStore API for your project.
  • Make sure to cleanup Google Cloud Project after you run the demo.

About

Encode-Decode secrets using Google Cloud KMS

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages