I have created a RSA key (Asymmetric Key) in Google KMS. while trying to use it in GKE using Application-layer Secrets. the asymmetric keys are not getting loaded.
Asked
Active
Viewed 60 times
1 Answers
0
Google Cloud Kubernetes requires AES encryption. This is a symmetric encryption algorithm.
Encryption keys have a purpose. Common types are ASYMMETRIC_DECRYPT and ENCRYPT_DECRYPT.
KMS: Key purposes and algorithms
RSA keypairs provide asymmetric encryption which is not supported.
Encrypt secrets at the application layer
Typically RSA keys are used to exchange information (secrets, random numbers, etc) that is used to generate a symmetric encryption key. Encryption using RSA keys is expensive in CPU time, encryption using symmetric keys is very fast in comparison.
John Hanley
- 74,467
- 6
- 95
- 159
-
how can I retrieve the RSA key from google KMS ? I have deployed the springboot service to GKE. while running the application in local I'm able to get the keyring by setting 'GOOGLE_APPLICATION_CREDENTIALS' env variable. – Vikas Dec 15 '21 at 10:08
-
@Vikas Do not ask new questions in the comment section. Instead, create a new question. don't forget to accept answers that help you. That way a question does not remain open forever. – John Hanley Dec 15 '21 at 18:09