Java Code Examples for com.google.cloud.kms.v1.KeyManagementServiceClient#create()
The following examples show how to use
com.google.cloud.kms.v1.KeyManagementServiceClient#create() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: CreateKeySymmetricEncryptDecrypt.java From java-docs-samples with Apache License 2.0 | 6 votes |
public void createKeySymmetricEncryptDecrypt( String projectId, String locationId, String keyRingId, String id) throws IOException { // Initialize client that will be used to send requests. This client only // needs to be created once, and can be reused for multiple requests. After // completing all of your requests, call the "close" method on the client to // safely clean up any remaining background resources. try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { // Build the parent name from the project, location, and key ring. KeyRingName keyRingName = KeyRingName.of(projectId, locationId, keyRingId); // Build the symmetric key to create. CryptoKey key = CryptoKey.newBuilder() .setPurpose(CryptoKeyPurpose.ENCRYPT_DECRYPT) .setVersionTemplate( CryptoKeyVersionTemplate.newBuilder() .setAlgorithm(CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION)) .build(); // Create the key. CryptoKey createdKey = client.createCryptoKey(keyRingName, id, key); System.out.printf("Created symmetric key %s%n", createdKey.getName()); } }
Example 2
Source File: SnippetsIT.java From java-docs-samples with Apache License 2.0 | 6 votes |
private static CryptoKey createHsmKey(String keyId) throws IOException { try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { CryptoKey key = CryptoKey.newBuilder() .setPurpose(CryptoKeyPurpose.ENCRYPT_DECRYPT) .setVersionTemplate( CryptoKeyVersionTemplate.newBuilder() .setAlgorithm(CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION) .setProtectionLevel(ProtectionLevel.HSM) .build()) .putLabels("foo", "bar") .putLabels("zip", "zap") .build(); CryptoKey createdKey = client.createCryptoKey(getKeyRingName(), keyId, key); return createdKey; } }
Example 3
Source File: SnippetsIT.java From java-docs-samples with Apache License 2.0 | 6 votes |
private static CryptoKey createAsymmetricSignEcKey(String keyId) throws IOException { try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { CryptoKey key = CryptoKey.newBuilder() .setPurpose(CryptoKeyPurpose.ASYMMETRIC_SIGN) .setVersionTemplate( CryptoKeyVersionTemplate.newBuilder() .setAlgorithm(CryptoKeyVersionAlgorithm.EC_SIGN_P256_SHA256) .build()) .putLabels("foo", "bar") .putLabels("zip", "zap") .build(); CryptoKey createdKey = client.createCryptoKey(getKeyRingName(), keyId, key); return createdKey; } }
Example 4
Source File: SnippetsIT.java From java-docs-samples with Apache License 2.0 | 6 votes |
private static CryptoKey createAsymmetricSignRsaKey(String keyId) throws IOException { try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { CryptoKey key = CryptoKey.newBuilder() .setPurpose(CryptoKeyPurpose.ASYMMETRIC_SIGN) .setVersionTemplate( CryptoKeyVersionTemplate.newBuilder() .setAlgorithm(CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256) .build()) .putLabels("foo", "bar") .putLabels("zip", "zap") .build(); CryptoKey createdKey = client.createCryptoKey(getKeyRingName(), keyId, key); return createdKey; } }
Example 5
Source File: SnippetsIT.java From java-docs-samples with Apache License 2.0 | 6 votes |
private static CryptoKeyVersion createKeyVersion(String keyId) throws IOException, InterruptedException, TimeoutException { try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { CryptoKeyName keyName = CryptoKeyName.of(PROJECT_ID, LOCATION_ID, KEY_RING_ID, keyId); CryptoKeyVersion keyVersion = CryptoKeyVersion.newBuilder().build(); CryptoKeyVersion createdVersion = client.createCryptoKeyVersion(keyName, keyVersion); for (int i = 1; i <= 5; i++) { CryptoKeyVersion gotVersion = client.getCryptoKeyVersion(createdVersion.getName()); if (gotVersion.getState() == CryptoKeyVersionState.ENABLED) { return gotVersion; } Thread.sleep(500 * i); } throw new TimeoutException("key version not ready in timeout"); } }
Example 6
Source File: CreateKeyVersion.java From java-docs-samples with Apache License 2.0 | 6 votes |
public void createKeyVersion(String projectId, String locationId, String keyRingId, String keyId) throws IOException { // Initialize client that will be used to send requests. This client only // needs to be created once, and can be reused for multiple requests. After // completing all of your requests, call the "close" method on the client to // safely clean up any remaining background resources. try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { // Build the parent name from the project, location, and key ring. CryptoKeyName cryptoKeyName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId); // Build the key version to create. CryptoKeyVersion keyVersion = CryptoKeyVersion.newBuilder().build(); // Create the key. CryptoKeyVersion createdVersion = client.createCryptoKeyVersion(cryptoKeyName, keyVersion); System.out.printf("Created key version %s%n", createdVersion.getName()); } }
Example 7
Source File: CreateKeyAsymmetricDecrypt.java From java-docs-samples with Apache License 2.0 | 6 votes |
public void createKeyAsymmetricDecrypt( String projectId, String locationId, String keyRingId, String id) throws IOException { // Initialize client that will be used to send requests. This client only // needs to be created once, and can be reused for multiple requests. After // completing all of your requests, call the "close" method on the client to // safely clean up any remaining background resources. try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { // Build the parent name from the project, location, and key ring. KeyRingName keyRingName = KeyRingName.of(projectId, locationId, keyRingId); // Build the asymmetric key to create. CryptoKey key = CryptoKey.newBuilder() .setPurpose(CryptoKeyPurpose.ASYMMETRIC_DECRYPT) .setVersionTemplate( CryptoKeyVersionTemplate.newBuilder() .setAlgorithm(CryptoKeyVersionAlgorithm.RSA_DECRYPT_OAEP_2048_SHA256)) .build(); // Create the key. CryptoKey createdKey = client.createCryptoKey(keyRingName, id, key); System.out.printf("Created asymmetric key %s%n", createdKey.getName()); } }
Example 8
Source File: Quickstart.java From java-docs-samples with Apache License 2.0 | 6 votes |
public void quickstart(String projectId, String locationId) throws IOException { // Initialize client that will be used to send requests. This client only // needs to be created once, and can be reused for multiple requests. After // completing all of your requests, call the "close" method on the client to // safely clean up any remaining background resources. try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { // Build the parent from the project and location. LocationName parent = LocationName.of(projectId, locationId); // Call the API. ListKeyRingsPagedResponse response = client.listKeyRings(parent); // Iterate over each key ring and print its name. System.out.println("key rings:"); for (KeyRing keyRing : response.iterateAll()) { System.out.printf("%s%n", keyRing.getName()); } } }
Example 9
Source File: RestoreKeyVersion.java From java-docs-samples with Apache License 2.0 | 6 votes |
public void restoreKeyVersion( String projectId, String locationId, String keyRingId, String keyId, String keyVersionId) throws IOException { // Initialize client that will be used to send requests. This client only // needs to be created once, and can be reused for multiple requests. After // completing all of your requests, call the "close" method on the client to // safely clean up any remaining background resources. try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { // Build the key version name from the project, location, key ring, key, // and key version. CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId); // Restore the key version. CryptoKeyVersion response = client.restoreCryptoKeyVersion(keyVersionName); System.out.printf("Restored key version: %s%n", response.getName()); } }
Example 10
Source File: GetKeyLabels.java From java-docs-samples with Apache License 2.0 | 6 votes |
public void getKeyLabels(String projectId, String locationId, String keyRingId, String keyId) throws IOException { // Initialize client that will be used to send requests. This client only // needs to be created once, and can be reused for multiple requests. After // completing all of your requests, call the "close" method on the client to // safely clean up any remaining background resources. try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { // Build the name from the project, location, key ring, and keyId. CryptoKeyName keyName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId); // Get the key. CryptoKey key = client.getCryptoKey(keyName); // Print out each label. key.getLabelsMap().forEach((k, v) -> System.out.printf("%s=%s%n", k, v)); } }
Example 11
Source File: DecryptSymmetric.java From java-docs-samples with Apache License 2.0 | 6 votes |
public void decryptSymmetric( String projectId, String locationId, String keyRingId, String keyId, byte[] ciphertext) throws IOException { // Initialize client that will be used to send requests. This client only // needs to be created once, and can be reused for multiple requests. After // completing all of your requests, call the "close" method on the client to // safely clean up any remaining background resources. try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { // Build the key version name from the project, location, key ring, and // key. CryptoKeyName keyName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId); // Decrypt the response. DecryptResponse response = client.decrypt(keyName, ByteString.copyFrom(ciphertext)); System.out.printf("Plaintext: %s%n", response.getPlaintext().toStringUtf8()); } }
Example 12
Source File: KMSEncryptedNestedValueProvider.java From DataflowTemplates with Apache License 2.0 | 6 votes |
/** Uses the GCP KMS client to decrypt an encrypted value using a KMS key of the form * projects/{gcp_project}/locations/{key_region}/keyRings/{key_ring}/cryptoKeys/{kms_key_name} * The encrypted value should be a base64 encrypted string which has been encrypted using * the KMS encrypt API call. * See <a href="https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys/encrypt"> * this KMS API Encrypt Link</a>. */ private static String decryptWithKMS(String encryptedValue, String kmsKey) throws IOException { /* kmsKey should be in the following format: projects/{gcp_project}/locations/{key_region}/keyRings/{key_ring}/cryptoKeys/{kms_key_name} */ byte[] cipherText = Base64.getDecoder().decode(encryptedValue.getBytes("UTF-8")); try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { // Decrypt the ciphertext with Cloud KMS. DecryptResponse response = client.decrypt(kmsKey, ByteString.copyFrom(cipherText)); // Extract the plaintext from the response. return new String(response.getPlaintext().toByteArray()); } }
Example 13
Source File: UpdateKeyRemoveRotation.java From java-docs-samples with Apache License 2.0 | 6 votes |
public void updateKeyRemoveRotation( String projectId, String locationId, String keyRingId, String keyId) throws IOException { // Initialize client that will be used to send requests. This client only // needs to be created once, and can be reused for multiple requests. After // completing all of your requests, call the "close" method on the client to // safely clean up any remaining background resources. try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { // Build the name from the project, location, key ring, and keyId. CryptoKeyName cryptoKeyName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId); // Build an empty key with no labels. CryptoKey key = CryptoKey.newBuilder() .setName(cryptoKeyName.toString()) .clearRotationPeriod() .clearNextRotationTime() .build(); // Construct the field mask. FieldMask fieldMask = FieldMaskUtil.fromString("rotation_period,next_rotation_time"); // Create the key. CryptoKey createdKey = client.updateCryptoKey(key, fieldMask); System.out.printf("Updated key %s%n", createdKey.getName()); } }
Example 14
Source File: SnippetsIT.java From java-docs-samples with Apache License 2.0 | 5 votes |
private static KeyRing createKeyRing(String keyRingId) throws IOException { try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { KeyRing keyRing = KeyRing.newBuilder().build(); KeyRing createdKeyRing = client.createKeyRing(getLocationName(), keyRingId, keyRing); return createdKeyRing; } }
Example 15
Source File: UpdateKeyAddRotation.java From java-docs-samples with Apache License 2.0 | 5 votes |
public void updateKeyAddRotation( String projectId, String locationId, String keyRingId, String keyId) throws IOException { // Initialize client that will be used to send requests. This client only // needs to be created once, and can be reused for multiple requests. After // completing all of your requests, call the "close" method on the client to // safely clean up any remaining background resources. try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { // Build the name from the project, location, and key ring. CryptoKeyName cryptoKeyName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId); // Calculate the date 24 hours from now (this is used below). long tomorrow = java.time.Instant.now().plus(24, ChronoUnit.HOURS).getEpochSecond(); // Build the key to update with a rotation schedule. CryptoKey key = CryptoKey.newBuilder() .setName(cryptoKeyName.toString()) .setPurpose(CryptoKeyPurpose.ENCRYPT_DECRYPT) .setVersionTemplate( CryptoKeyVersionTemplate.newBuilder() .setAlgorithm(CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION)) // Rotate every 30 days. .setRotationPeriod( Duration.newBuilder().setSeconds(java.time.Duration.ofDays(30).getSeconds())) // Start the first rotation in 24 hours. .setNextRotationTime(Timestamp.newBuilder().setSeconds(tomorrow)) .build(); // Construct the field mask. FieldMask fieldMask = FieldMaskUtil.fromString("rotation_period,next_rotation_time"); // Update the key. CryptoKey updatedKey = client.updateCryptoKey(key, fieldMask); System.out.printf("Updated key %s%n", updatedKey.getName()); } }
Example 16
Source File: CreateKeyRotationSchedule.java From java-docs-samples with Apache License 2.0 | 5 votes |
public void createKeyRotationSchedule( String projectId, String locationId, String keyRingId, String id) throws IOException { // Initialize client that will be used to send requests. This client only // needs to be created once, and can be reused for multiple requests. After // completing all of your requests, call the "close" method on the client to // safely clean up any remaining background resources. try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { // Build the parent name from the project, location, and key ring. KeyRingName keyRingName = KeyRingName.of(projectId, locationId, keyRingId); // Calculate the date 24 hours from now (this is used below). long tomorrow = java.time.Instant.now().plus(24, ChronoUnit.HOURS).getEpochSecond(); // Build the key to create with a rotation schedule. CryptoKey key = CryptoKey.newBuilder() .setPurpose(CryptoKeyPurpose.ENCRYPT_DECRYPT) .setVersionTemplate( CryptoKeyVersionTemplate.newBuilder() .setAlgorithm(CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION)) // Rotate every 30 days. .setRotationPeriod( Duration.newBuilder().setSeconds(java.time.Duration.ofDays(30).getSeconds())) // Start the first rotation in 24 hours. .setNextRotationTime(Timestamp.newBuilder().setSeconds(tomorrow)) .build(); // Create the key. CryptoKey createdKey = client.createCryptoKey(keyRingName, id, key); System.out.printf("Created key with rotation schedule %s%n", createdKey.getName()); } }
Example 17
Source File: IamGetPolicy.java From java-docs-samples with Apache License 2.0 | 5 votes |
public void iamGetPolicy(String projectId, String locationId, String keyRingId, String keyId) throws IOException { // Initialize client that will be used to send requests. This client only // needs to be created once, and can be reused for multiple requests. After // completing all of your requests, call the "close" method on the client to // safely clean up any remaining background resources. try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { // Build the key version name from the project, location, key ring, key, // and key version. CryptoKeyName resourceName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId); // The resource name could also be a key ring. // KeyRingName resourceName = KeyRingName.of(projectId, locationId, keyRingId); // Get the current policy. Policy policy = client.getIamPolicy(resourceName); // Print the policy. System.out.printf("IAM policy:%n"); for (Binding binding : policy.getBindingsList()) { System.out.printf("%s%n", binding.getRole()); for (String member : binding.getMembersList()) { System.out.printf("- %s%n", member); } } } }
Example 18
Source File: UpdateKeyUpdateLabels.java From java-docs-samples with Apache License 2.0 | 5 votes |
public void updateKeyUpdateLabels( String projectId, String locationId, String keyRingId, String keyId) throws IOException { // Initialize client that will be used to send requests. This client only // needs to be created once, and can be reused for multiple requests. After // completing all of your requests, call the "close" method on the client to // safely clean up any remaining background resources. try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { // Build the parent name from the project, location, and key ring. CryptoKeyName cryptoKeyName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId); // // Step 1 - get the current set of labels on the key // // Get the current key. CryptoKey key = client.getCryptoKey(cryptoKeyName); // // Step 2 - add a label to the list of labels // // Add a new label. key = key.toBuilder().putLabels("new_label", "new_value").build(); // Construct the field mask. FieldMask fieldMask = FieldMaskUtil.fromString("labels"); // Update the key. CryptoKey updatedKey = client.updateCryptoKey(key, fieldMask); System.out.printf("Updated key %s%n", updatedKey.getName()); } }
Example 19
Source File: IamRemoveMember.java From java-docs-samples with Apache License 2.0 | 5 votes |
public void iamRemoveMember( String projectId, String locationId, String keyRingId, String keyId, String member) throws IOException { // Initialize client that will be used to send requests. This client only // needs to be created once, and can be reused for multiple requests. After // completing all of your requests, call the "close" method on the client to // safely clean up any remaining background resources. try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { // Build the key version name from the project, location, key ring, key, // and key version. CryptoKeyName resourceName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId); // The resource name could also be a key ring. // KeyRingName resourceName = KeyRingName.of(projectId, locationId, keyRingId); // Get the current policy. Policy policy = client.getIamPolicy(resourceName); // Search through the bindings and remove matches. String roleToFind = "roles/cloudkms.cryptoKeyEncrypterDecrypter"; for (Binding binding : policy.getBindingsList()) { if (binding.getRole().equals(roleToFind) && binding.getMembersList().contains(member)) { binding.getMembersList().remove(member); } } client.setIamPolicy(resourceName, policy); System.out.printf("Updated IAM policy for %s%n", resourceName.toString()); } }
Example 20
Source File: EncryptAsymmetric.java From java-docs-samples with Apache License 2.0 | 5 votes |
public void encryptAsymmetric( String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, String plaintext) throws IOException, GeneralSecurityException { // Initialize client that will be used to send requests. This client only // needs to be created once, and can be reused for multiple requests. After // completing all of your requests, call the "close" method on the client to // safely clean up any remaining background resources. try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { // Build the key version name from the project, location, key ring, key, // and key version. CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId); // Get the public key. PublicKey publicKey = client.getPublicKey(keyVersionName); // Convert the public PEM key to a DER key (see helper below). byte[] derKey = convertPemToDer(publicKey.getPem()); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(derKey); java.security.PublicKey rsaKey = KeyFactory.getInstance("RSA").generatePublic(keySpec); // Encrypt plaintext for the 'RSA_DECRYPT_OAEP_2048_SHA256' key. // For other key algorithms: // https://docs.oracle.com/javase/7/docs/api/javax/crypto/Cipher.html Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding"); OAEPParameterSpec oaepParams = new OAEPParameterSpec( "SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT); cipher.init(Cipher.ENCRYPT_MODE, rsaKey, oaepParams); byte[] ciphertext = cipher.doFinal(plaintext.getBytes(StandardCharsets.UTF_8)); System.out.printf("Ciphertext: %s%n", ciphertext); } }