Skip to content
managing secrets on GCP using Cloud KMS
Go
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
create
docs
read
write
.gitignore
readme.md

readme.md

gcp-enc-dec

This is a demo application to demonstrates how to use GCP Cloud KMS to easily manage secrets.

setup

Create 3 service accounts with the below permissions

  1. Save Cloud KMS Admin service account key as kms-admin.json in the project root.
  2. Save Cloud KMS CryptoKey Encrypter/Decrypter service account key as kms-enc-dec.json in the project root.
  3. Save Cloud Datastore User service account key as datastore-user.json in the project root.

Replace the below constants in all the files with your gcp-project settings

Location        string = "global"              // replace this as per your project.
KeyRingID       string = "my-key-ring"         // replace this as per your project.
CryptoKeyName   string = "my-key"              // replace this as per your project.
ProjectName     string = "my-gcp-project-name" // replace this as per your project.

running

  • create the key and the key-ring by running create/main.go
  • encrypt password and save to datastore by running write/main.go
  • read from datastore and decrypt the password by running read/main.go

Note:

  • Make sure to enable Cloud KMS API and DataStore API for your project.
  • Make sure to cleanup Google Cloud Project after you run the demo.
You can’t perform that action at this time.