Stack Overflow
Stack Overflow

Questions tagged [google-cloud-kms]

This tag is for questions about Google Cloud KMS, a Google Cloud Platform service which allows developers to store and make use of encryption keys to secure data.

Google Cloud KMS home page

230 questions
0
votes
1 answer

Create and Manage Keys in KMS and provide it to third party client to manage our data

We want to create and manage keys in KMS and provide those keys to a third party to encrypt our data at rest. Third party uses GCS to store data. How do we go about it? Trying to understand the steps and flow. Per my understanding we will create a…
Dee
  • 1
0
votes
1 answer

Is there a GCP service that could be used as EKM for MS SQL Server?

I have an SQL Server on Google Compute's VM. I would like to use Extensible Key Management. The requirement is to have everything in GCP. Ideally I would like Google Cloud Platform to be the provider of EKM. Otherwise I will have to install a third…
Marcin Kulik
  • 845
  • 1
  • 12
  • 28
0
votes
0 answers

Import and use a Tink AEAD KMS key in BigQuery

I've gone with the approach of using a kms_aead_key template to generate a DEK with the key in KMS acting as the KEK and then writing the encrypted key out for use in BigQuery as a variable. I can’t seem to decrypt the DEK in BigQuery. It always…
James Anderson
  • 420
  • 5
  • 13
0
votes
1 answer

GCP KMS - Elliptic curve Signature

I am using google cloud KMS to manage my keys. Using JAVA client libs to interact with KMS. I receive byte array as a signature of a message as below byte[] plaintext = message.getBytes(StandardCharsets.UTF_8); // Calculate the…
neo007
  • 27
  • 7
0
votes
1 answer

How to use Tink's envelope encription with Deterministic AEAD on GCP with python?

I would like to use Tink's envelope encription with Deterministic AEAD on GCP. I want to use it in python. I want to store a KEK key in GCP KMS and and encrypt the DEK key with it. There is an example how to use Deterministic AEAD, but it doesn't…
Balázs Tóth
  • 1
  • 1
0
votes
1 answer

Permission 'cloudkms.cryptoKeyVersions.viewPublicKey' denied on resource or it may not exist

I am building an http endpoint with Google Cloud Functions to authorize Flow Blockchain transactions with Google Cloud Key. I have my resource name. I'm having this error anytime I'm compiling my code or initiate a transaction. The code that uses…
RxGoodness
  • 1
  • 1
0
votes
1 answer

How to derive ethereum address from Elliptic Curve secp256k1 - SHA256 Digest

I am using google cloud key management service to generate and manage keys. I have generated the HSM key for Asymmetric signing using Elliptic Curve secp256k1 - SHA256 Digest. The public key is something as below - { pem: '-----BEGIN PUBLIC…
DIGVJSS
  • 463
  • 1
  • 10
  • 21
0
votes
1 answer

GCP - Storage Service Account Access Issue

I am trying to grant access to serviceAccount:service-${data.google_project.infrastructure.number}@gs-project-accounts.iam.gserviceaccount.com on roles/cloudkms.cryptoKeyEncrypterDecrypter and creating storage buckets using below code: resource…
Raju
  • 65
  • 6
0
votes
2 answers

How is decryption done in NGINX when SSL is offloaded to GCP Cloud KMS?

I'm investigating possibility to offload SSL to GCP Cloud KMS. If we look at a guide https://cloud.google.com/kms/docs/reference/pkcs11-nginx we can see that asymmetric-signing key is created in KMS. gcloud kms keys create nginx-key --keyring…
Sergey Mikitko
  • 103
  • 2
  • 8
0
votes
1 answer

PKCS11Exception: CKR_MECHANISM_INVALID How to integrate Java and PKCS11 and GCP Cloud KMS?

I'm trying to use GCP Cloud KMS for establishing mTLS. For this purpose I'm preparing PoC of integration Java + JCE + PKCS11 + Cloud KMS integration lib + GCP Cloud KMS. Stack: OpenJDK 1.8 SunPKCS11…
Sergey Mikitko
  • 103
  • 2
  • 8
0
votes
1 answer

Getting an error when trying to use set iam policy method in gcp to update cloud storage policy using python?

Getting an error when trying to add encrypter decrypter role to the bucket service account. Below is the code.. Any idea what's missing? storage_client = storage.Client(credentials=credentials) sa_name =…
gcp_user
  • 25
  • 4
0
votes
1 answer

generated asymmetric key in google KMS: Private or Public?

Pretty basic question. When I create a key using google KMS, is that key public or private? I need to develop an asymmetric key pair using HSM for a project, someone asked me, and I'm not crystal clear on that. Any help?
DennisM
  • 1
  • 1
0
votes
1 answer

Google Cloud KMS interoperability with libsodium

My application requires secure messaging between a server and client devices. The devices are not directly internet connected so it is not possible to use standard HTTPS or MQTT connections. My preferred approach is to use asymmetric authenticated…
Mike Neufeld
  • 3
  • 2
0
votes
1 answer

Can we import PGP encryption key in Google could KMS and use that key decrypt the files in google storage?

Can we import PGP encryption key in Google could KMS and use that key decrypt the files in google storage ?
Amod Acharya
  • 11
  • 1
0
votes
1 answer

Autounseal Vault with GCP KMS

I would like to use auto unseal vault mechanism using the GCP KMS. I have been following this tutorial (section: 'Google KMS Auto Unseal') and applying the official hashicorp helm chart with the following values: global: enabled: true server: …
Paul Barrié
  • 320
  • 3
  • 12
1 2 3
15 16