Make it clear what to do if encryption/decryption fails #14

shyiko · 2018-07-31T17:37:27Z

e.g. gcloud auth application-default login or GOOGLE_APPLICATION_CREDENTIALS=/path/to/credentials.json might be needed in case of Google Cloud KMS backend.

The text was updated successfully, but these errors were encountered:

philicious · 2018-08-10T12:27:13Z

its also handy to check the permissions someone has on a certain keyring/key. to ensure someone has or doesnt have access

export TOKEN=$(gcloud beta auth application-default print-access-token)
# fill in PROJECT_ID, LOCATION_OF_KEYRING, KEYRING_NAME, KEY_NAME
curl -X POST -H "Content-Type: application/json" -d '{"permissions": ["cloudkms.cryptoKeyVersions.useToDecrypt","cloudkms.cryptoKeyVersions.useToEncrypt"]}' -H "Authorization: Bearer $TOKEN" https://cloudkms.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION_OF_KEYRING/keyRings/KEYRING_NAME/cryptoKeys/KEY_NAME:testIamPermissions

if the user HAS permissions, it will respond with

{
  "permissions": [
    "cloudkms.cryptoKeyVersions.useToDecrypt",
    "cloudkms.cryptoKeyVersions.useToEncrypt"
  ]
}

oherwise the array is empty

shyiko added a commit that referenced this issue Aug 10, 2018

Improved error message printed in case of missing ADC (#14)

98197f7

shyiko closed this as completed Aug 10, 2018

ShyykoSerhiy mentioned this issue Nov 27, 2018

kubesec doesn't show any errors when there is no default 'gcloud auth application-default login' #17

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Make it clear what to do if encryption/decryption fails #14

Make it clear what to do if encryption/decryption fails #14

shyiko commented Jul 31, 2018

philicious commented Aug 10, 2018

Make it clear what to do if encryption/decryption fails #14

Make it clear what to do if encryption/decryption fails #14

Comments

shyiko commented Jul 31, 2018

philicious commented Aug 10, 2018