use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-docs-samples by GoogleCloudPlatform.
the class CreateKeyHsm method createKeyHsm.
// Create a new key that is stored in an HSM.
public void createKeyHsm(String projectId, String locationId, String keyRingId, String id) throws IOException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the parent name from the project, location, and key ring.
KeyRingName keyRingName = KeyRingName.of(projectId, locationId, keyRingId);
// Build the hsm key to create.
CryptoKey key = CryptoKey.newBuilder().setPurpose(CryptoKeyPurpose.ENCRYPT_DECRYPT).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setProtectionLevel(ProtectionLevel.HSM).setAlgorithm(CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION)).build();
// Create the key.
CryptoKey createdKey = client.createCryptoKey(keyRingName, id, key);
System.out.printf("Created hsm key %s%n", createdKey.getName());
}
}
use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-docs-samples by GoogleCloudPlatform.
the class DestroyKeyVersion method destroyKeyVersion.
// Schedule destruction of the given key version.
public void destroyKeyVersion(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId) throws IOException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the key version name from the project, location, key ring, key,
// and key version.
CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
// Destroy the key version.
CryptoKeyVersion response = client.destroyCryptoKeyVersion(keyVersionName);
System.out.printf("Destroyed key version: %s%n", response.getName());
}
}
use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-docs-samples by GoogleCloudPlatform.
the class EnableKeyVersion method enableKeyVersion.
// Enable a disabled key version to be used again.
public void enableKeyVersion(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId) throws IOException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the key version name from the project, location, key ring, key,
// and key version.
CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
// Build the updated key version, setting it to enabled.
CryptoKeyVersion keyVersion = CryptoKeyVersion.newBuilder().setName(keyVersionName.toString()).setState(CryptoKeyVersionState.ENABLED).build();
// Create a field mask of updated values.
FieldMask fieldMask = FieldMaskUtil.fromString("state");
// Destroy the key version.
CryptoKeyVersion response = client.updateCryptoKeyVersion(keyVersion, fieldMask);
System.out.printf("Enabled key version: %s%n", response.getName());
}
}
use of com.google.cloud.kms.v1.KeyManagementServiceClient in project spring-cloud-gcp by GoogleCloudPlatform.
the class KmsAutoConfigurationTests method testKeyManagementClientCreated.
@Test
void testKeyManagementClientCreated() {
try (ConfigurableApplicationContext c = applicationBuilder.run()) {
KeyManagementServiceClient client = c.getBean(KeyManagementServiceClient.class);
assertThat(client).isNotNull();
}
}
use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.
the class VerifyMac method verifyMac.
// Sign data with a given mac key.
public void verifyMac(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId, String data, byte[] signature) throws IOException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the key version name from the project, location, key ring, key,
// and key version.
CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
// Verify the signature
MacVerifyResponse response = client.macVerify(keyVersionName, ByteString.copyFromUtf8(data), ByteString.copyFrom(signature));
// The data comes back as raw bytes, which may include non-printable
// characters. This base64-encodes the result so it can be printed below.
System.out.printf("Success: %s%n", response.getSuccess());
}
}
Aggregations