Stack Overflow
Stack Overflow

Questions tagged [google-cloud-kms]

This tag is for questions about Google Cloud KMS, a Google Cloud Platform service which allows developers to store and make use of encryption keys to secure data.

Google Cloud KMS home page

230 questions
3
votes
2 answers

unable to use @google-cloud/kms nodejs module to decrypt secret

Code: contents = encryptedWebhookSecret[0].toString(); console.log(typeof contents); console.log(contents); const formattedName = kmsClient.cryptoKeyPath(PROJECT, 'global', KEYRING, KEY); const kmsDecryptRequest = { name: formattedName, …
Brian Barnes
  • 367
  • 2
  • 11
3
votes
0 answers

How to implement a KMS client as server-agnostic as possible?

Given an application that has to acquire private keys (mainly RSA ones) from a Key Management System (KMS), which could be a Hardware Security Module (HSM), what could be the best way to implement that kind of client if there's no way to know in…
Vrakfall
  • 966
  • 7
  • 13
3
votes
0 answers

Google Cloud KMS Best Practice with BigQuery

I need to Encrypt the Sensitive fields in the Bq Table but my Loading Is Done through the Dataflow. I thought of 3 Different way to Use it. Encrypt the whole Table using Customer Managed Key and Make 3 Views on Different Classifications and provide…
BackBenChers
  • 304
  • 2
  • 15
3
votes
1 answer

How does CloudKMS encryption/decryption work securely when being called from a non-Google system?

I need to know that the plaintext/ciphertext being sent to Google CloudKMS, and the public/private key used to authenticate, are secure in transit, but I don't know how to prove that. As per KMS docs, I created a service account, downloaded the JSON…
Henry Blyth
  • 1,700
  • 1
  • 15
  • 23
3
votes
1 answer

"Invalid value at 'ciphertext' (TYPE_BYTES)"

SITUATION: I am trying to download and decrypt some data from my google cloud bucket. For encryption and decryption, I use: https://cloud.google.com/kms/docs/quickstart#decrypt_data Sadly, I get an error : "Invalid value at 'ciphertext'…
TheProgrammer
  • 1,409
  • 4
  • 24
  • 53
3
votes
2 answers

Google Cloud KMS: Unable to decrypt

I'm trying to decrypt a kms encrypted file and running in to the following error: UnicodeDecodeError: 'utf8' codec can't decode byte 0x80 in position 3: invalid start byte I'm using the sample decrypt code. I'm able to decrypt the file using the…
Fayaz Ahmed
  • 953
  • 1
  • 9
  • 23
3
votes
2 answers

CircleCI 2.0 private environment keys for public repos

I have a repo that is currently private. My Firebase deployment token is stored as an Env Var in the CircleCI GUI. The CircleCI 2.0 documentation clearly states Do not add keys or secrets to a public CircleCI project Also, from what I can find in…
jthegedus
  • 705
  • 1
  • 7
  • 16
3
votes
3 answers

Google KMS on AppEngine Dev Server - logging clutter

This is a known issue: https://issuetracker.google.com/issues/63253097 Further to my question about getting Google KMS working with App Engine, I'm opening a new question about a related but problematic side effect. Namely, the Google Cloud API…
Brian M. Hunt
  • 81,008
  • 74
  • 230
  • 343
2
votes
0 answers

BigQuery "KEYS.KEYSET_CHAIN must be a literal or query parameter" when try to create a view

I have a table which some fields are encrypted using Tink which normally worked well with BigQuery's AEAD function (https://cloud.google.com/bigquery/docs/reference/standard-sql/aead_encryption_functions#aeaddecrypt_string) When I ran a normal query…
emp
  • 602
  • 3
  • 11
  • 22
2
votes
1 answer

How to mock @google-cloud/kms using jest

I'm trying to write unit test cases for decrypt. I've my own implementation of decrypting an encrypted file. While trying to import the decrypt.mjs facing the following error. Must use import to load ES Module:…
Udhaya
  • 291
  • 1
  • 3
  • 10
2
votes
0 answers

How to use GCP KMS with Firebase and Firebase Cloud Functions

I need some advice on how to properly set up a solid security structure for my app. What my app does The goal of this app is to provide a data aggregation service. To do this, the user needs to provide login data for a variety of his accounts. The…
Christian
  • 834
  • 7
  • 18
2
votes
1 answer

Managing key rotations with GCP_KMS with BYOK solution

We have RSA key pairs generated on on-prem and plan to sync them to GCP-KMS. There is an yearly key rotation policy which would be done on on-prem and new key_versions would be synced to KMS. My concern is with the KMS API. Problem: The API always…
Abhinav Mishra
  • 57
  • 6
2
votes
2 answers

Question about signature verification using Cloud KMS

I'm trying to verify a signature generated with Google's cloud KMS, but I keep getting invalid responses. Here's how I'm testing it: const versionName = client.cryptoKeyVersionPath( projectId, locationId, keyRingId, keyId, …
AFMeirelles
  • 409
  • 3
  • 8
  • 25
2
votes
2 answers

NoClassDefFoundError: com/google/cloud/kms/v1/KeyManagementServiceClient

I am writing for the first time here so I apologize if I should be adding more to the question. I am creating an application with java, and attempting to create a KeyManagementServiceClient connection on Google Cloud. The program builds correctly,…
rdickens286
  • 21
  • 2
2
votes
1 answer

Is it possible to provide asymmetric keys as your own keys (BYOK) to a cloud KMS (key management service) for any cloud providers?

I want to encrypt storage/volumes using customer supplied keys. I have seen examples where symmetric customer keys can be imported and used to encrypt volumes for example in case of EBS volumes in AWS. But no examples where customers can supply…
devcloud
  • 391
  • 5
  • 18
1 2
3
15 16