Gooble Cloud KMS: code freezes on calling kms client

Question

I want to encrypt and decrypt son values by using google cloud kms and I am using this code as example https://github.com/GoogleCloudPlatform/java-docs-samples/blob/master/kms/src/main/java/com/example/CryptFile.java

try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {

  // The resource name of the cryptoKey
  String resourceName = CryptoKeyName.format(projectId, locationId, keyRingId, cryptoKeyId);

  // Encrypt the plaintext with Cloud KMS.
  EncryptResponse response = client.encrypt(resourceName, ByteString.copyFrom(plaintext));

  // Extract the ciphertext from the response.
  return response.getCiphertext().toByteArray();
}

When the code executes the line client.encrypt(resourceName, ByteString.copyFrom(plaintext)); it freezes and I do not get any response.

If I use gcloud command to encrypt/decrypt it works.

I run my application on App Engine standard (runtime java8) and the dependency I am using is

   <dependency>
        <groupId>com.google.cloud</groupId>
        <artifactId>google-cloud-kms</artifactId>
        <version>1.29.0</version>
    </dependency>

I made some changes in my code to get credentials:

    AppIdentityService appIdentityService = AppIdentityServiceFactory.getAppIdentityService();
    GoogleCredentials credentials = AppEngineCredentials.newBuilder().setScopes(Arrays.asList("https://www.googleapis.com/auth/cloudkms")).
            setAppIdentityService(appIdentityService).build();

    FixedCredentialsProvider credentialsProvider = FixedCredentialsProvider.create(credentials);
    KeyManagementServiceSettings kmsSettings = KeyManagementServiceSettings.newBuilder().setCredentialsProvider(credentialsProvider).build();

    try (KeyManagementServiceClient client = KeyManagementServiceClient.create(kmsSettings)) {

But I always get "UNAUTHENTICATED: Failed computing credential metadata".

Any help? Please let me know if I'm missing something here.

Regards

What version of the KMS client library are you using? Is this app engine standard or flex? What version of Java? — sethvargo, Oct 02 '19 at 12:32
I edited the post to add Appengine standard - runtime8 and google-cloud-kms (1.29.0) — althor, Oct 02 '19 at 12:49
And you’ve given the app engine service account the right permissions? https://cloud.google.com/kms/docs/accessing-the-api — sethvargo, Oct 02 '19 at 19:17

score 0 · Answer 1 · answered Nov 11 '20 at 23:48

Same thing, running the code from example hags on the call to encrypt

Json auth file is set to the environment export GOOGLE_APPLICATION_CREDENTIALS="../my.json"

User is granted the correct permission as per documentation Cloud KMS CryptoKey Encrypter/Decrypter

Verified in debugger all 4 parameters are correct: projectId, locationId, keyRingId, cryptoKeyId

This code hangs

try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {

            final String resourceName = CryptoKeyName.format(projectId, locationId, keyRingId, cryptoKeyId);

            // Always Hangs here!!!!
            final EncryptResponse response = client.encrypt(resourceName, ByteString.copyFromUtf8(data));

            return response.getCiphertext().toString();
        }

Did you find out the reason for this issue – Balaji May 17 '22 at 13:11 — Balaji, May 17 '22 at 13:11

Gooble Cloud KMS: code freezes on calling kms client

1 Answers1