Stack Overflow
Stack Overflow

Questions tagged [google-cloud-kms]

This tag is for questions about Google Cloud KMS, a Google Cloud Platform service which allows developers to store and make use of encryption keys to secure data.

Google Cloud KMS home page

230 questions
0
votes
1 answer

Google Cloud Build: pip install from JFrog private repository using Cloud KMS as secretEnv

I am trying do pip install private packages in jfrog repository through Google Cloud Build. I can access jfrog repository via https::@ and can also do pip install
Onkar
  • 297
  • 5
  • 9
0
votes
1 answer

Is it possible have client side encryptions while exporting cloudsql data to cloud storage

I am trying to export data to cloud storage buckets. I am trying to understand: If I can leverage the client side encryption either using Customer Managed or Customer Supplied encryption keys. I don't see any option in gcloud sql export sql command…
Ram
  • 655
  • 2
  • 7
  • 27
0
votes
0 answers

Is it possible to refer KMS Key Name without leaking project id in Google Cloud?

I'm exploring Customer Managed Encryption Keys and my use case is: Create a signed URL to upload to storage along with KMS key name query parameter Pass it to a client of my service Client uses signed URL to upload the data directly Cloud…
pinkpanther
  • 4,770
  • 2
  • 38
  • 62
0
votes
1 answer

How to retain private control over the encryption keys while using Cloud services?

All cloud service providers have their own Key management systems and customer keys can be imported when desired. However i want to have private control over keys such that keys are provided externally and never imported into the KMS.So the cloud…
devcloud
  • 391
  • 5
  • 18
0
votes
0 answers

GCP KMS createKey function never resolve

I am using NodeJS v10 (AngularJS MeanStack) with GCP KMS (@google-cloud/kms) to create key, encrypt & decrypt strings using those keys. I am in a very strange issue, where createKeys function doesn't return to its callback (but timeout after a very…
Umer
  • 149
  • 1
  • 1
  • 8
0
votes
0 answers

Getting error "message" : "The KMS key does not contain a location." while using withKmsKey() option in dataflow job

I have dataflow job that is written using apache beam.Here I am loading the data from one table to another table the mode of table is write truncate and the table contains sensitive data so table configured with kms key. I am following this code and…
user_a27
  • 91
  • 1
  • 9
0
votes
2 answers

Google cloud KMS rest api to retrieve keyriings

Is there a rest endpoint to retrieve keyrings at a project level directly in KMS rest appi. As of now, current API needs keyrings on a per-location basis, I would like to get all keyRings on a specified project id, is there an endpoint. on Google…
shrM
  • 11
  • 1
  • 4
0
votes
2 answers

Storing Application Default Credentials securely in KMS

We have a Java app which uses Google Auth to allow uses in. The app needs to connect to a Google Cloud SQL database which is locked down behind IP restrictions. We need to use Cloud SQL Socket Factory with Cloud SQL Proxy to get access to the…
Timm
  • 12,553
  • 4
  • 31
  • 43
0
votes
1 answer

gcloud kms decrypt without --ciphertext-file

am able to encrypt without --ciphertext-file file path using the below command echo -n mytext | gcloud kms encrypt --plaintext-file=- \ --ciphertext-file=- --location=xxxx --keyring=xxx \ --key=xxxx | base64 the above command returns a response…
adjoke
  • 149
  • 2
  • 11
0
votes
1 answer

Error message while deleting google_kms_crypto_key resource

I am managing kms keys and key rings with gcp terraform provider resource "google_kms_key_ring" "vault" { name = "vault" location = "global" } resource "google_kms_crypto_key" "vault_init" { name = "vault" key_ring =…
Jason Stanley
  • 386
  • 1
  • 3
  • 20
0
votes
1 answer

Google Cloud KMS App Engine Encrypt not working

I want to encrypt/decrypt some sensitive data in a Google Cloud project with several AppEngine services. I enabled the Cloud KMS API and, via IAM, added the role "Cloud KMS CryptoKey Encrypter/Decrypter" to the App Engine service…
Daní
  • 355
  • 1
  • 17
0
votes
0 answers

Where are certificates from Certificate Authorities stored in Google Cloud KMS?

I'm looking into Google KMS and the possibility of signing documents digitally and verifying them with Google Cloud. Keys are stored in a HSM (Hardware Security Module) in a managed Google Cloud. I have been able to successfully do the above but…
Pedro Franco
  • 53
  • 6
0
votes
1 answer

Google KMS giving error when decrypting data

When i try to decrypt my data using the Google KMS i am getting this error. Below is my code for the decryption. The error is hitting on the line where there is string plaintext. Thanks in advance Code public static string Encrypt(string…
Mark
  • 15
  • 6
0
votes
1 answer

How to keep imports at top of file while loading env vars in imported libraries?

Here is a very simple cloud function: lib.py import os TOKEN = os.environ['TOKEN'] some_func(token=TOKEN): return token main.py - runs when function invoked and main() is entrypoint. import os from lib import some_func # This is a…
ProGirlXOXO
  • 2,170
  • 6
  • 25
  • 47
0
votes
3 answers

Restricting encrypt/decrypt permissions for a Cloud KMS key with CMEK and Cloud Storage

I have two storage buckets in one Google cloud project, say storage-project. One bucket with default encryption, and another bucket encrypted with a Customer Managed Key (CMEK) created in another project called security-project. I have granted the…
Gayathri K S
  • 13
  • 4
1 2 3
15 16