Search in sources :

Example 76 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class GetPublicKey method getPublicKey.

// Get the public key associated with an asymmetric key.
public void getPublicKey(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId) throws IOException, GeneralSecurityException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the key version name from the project, location, key ring, key,
        // and key version.
        CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
        // Get the public key.
        PublicKey publicKey = client.getPublicKey(keyVersionName);
        System.out.printf("Public key: %s%n", publicKey.getPem());
    }
}
Also used : CryptoKeyVersionName(com.google.cloud.kms.v1.CryptoKeyVersionName) PublicKey(com.google.cloud.kms.v1.PublicKey) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 77 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class IamGetPolicy method iamGetPolicy.

// Get the IAM policy for the given key.
public void iamGetPolicy(String projectId, String locationId, String keyRingId, String keyId) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the key version name from the project, location, key ring, key,
        // and key version.
        CryptoKeyName resourceName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId);
        // The resource name could also be a key ring.
        // KeyRingName resourceName = KeyRingName.of(projectId, locationId, keyRingId);
        // Get the current policy.
        Policy policy = client.getIamPolicy(resourceName);
        // Print the policy.
        System.out.printf("IAM policy:%n");
        for (Binding binding : policy.getBindingsList()) {
            System.out.printf("%s%n", binding.getRole());
            for (String member : binding.getMembersList()) {
                System.out.printf("- %s%n", member);
            }
        }
    }
}
Also used : Policy(com.google.iam.v1.Policy) Binding(com.google.iam.v1.Binding) CryptoKeyName(com.google.cloud.kms.v1.CryptoKeyName) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 78 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class IamRemoveMember method iamRemoveMember.

// Remove the given IAM membership on the resource, if it exists.
public void iamRemoveMember(String projectId, String locationId, String keyRingId, String keyId, String member) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the key version name from the project, location, key ring, key,
        // and key version.
        CryptoKeyName resourceName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId);
        // The resource name could also be a key ring.
        // KeyRingName resourceName = KeyRingName.of(projectId, locationId, keyRingId);
        // Get the current policy.
        Policy policy = client.getIamPolicy(resourceName);
        // Search through the bindings and remove matches.
        String roleToFind = "roles/cloudkms.cryptoKeyEncrypterDecrypter";
        for (Binding binding : policy.getBindingsList()) {
            if (binding.getRole().equals(roleToFind) && binding.getMembersList().contains(member)) {
                binding.getMembersList().remove(member);
            }
        }
        client.setIamPolicy(resourceName, policy);
        System.out.printf("Updated IAM policy for %s%n", resourceName.toString());
    }
}
Also used : Policy(com.google.iam.v1.Policy) Binding(com.google.iam.v1.Binding) CryptoKeyName(com.google.cloud.kms.v1.CryptoKeyName) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Example 79 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class CreateKeyRing method createKeyRing.

// Create a new key ring.
public void createKeyRing(String projectId, String locationId, String id) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the parent name from the project and location.
        LocationName locationName = LocationName.of(projectId, locationId);
        // Build the key ring to create.
        KeyRing keyRing = KeyRing.newBuilder().build();
        // Create the key ring.
        KeyRing createdKeyRing = client.createKeyRing(locationName, id, keyRing);
        System.out.printf("Created key ring %s%n", createdKeyRing.getName());
    }
}
Also used : KeyRing(com.google.cloud.kms.v1.KeyRing) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient) LocationName(com.google.cloud.kms.v1.LocationName)

Example 80 with KeyManagementServiceClient

use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.

the class CreateKeyRotationSchedule method createKeyRotationSchedule.

// Create a new key that automatically rotates on a schedule.
public void createKeyRotationSchedule(String projectId, String locationId, String keyRingId, String id) throws IOException {
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
        // Build the parent name from the project, location, and key ring.
        KeyRingName keyRingName = KeyRingName.of(projectId, locationId, keyRingId);
        // Calculate the date 24 hours from now (this is used below).
        long tomorrow = java.time.Instant.now().plus(24, ChronoUnit.HOURS).getEpochSecond();
        // Build the key to create with a rotation schedule.
        CryptoKey key = CryptoKey.newBuilder().setPurpose(CryptoKeyPurpose.ENCRYPT_DECRYPT).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setAlgorithm(CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION)).setRotationPeriod(Duration.newBuilder().setSeconds(java.time.Duration.ofDays(30).getSeconds())).setNextRotationTime(Timestamp.newBuilder().setSeconds(tomorrow)).build();
        // Create the key.
        CryptoKey createdKey = client.createCryptoKey(keyRingName, id, key);
        System.out.printf("Created key with rotation schedule %s%n", createdKey.getName());
    }
}
Also used : CryptoKey(com.google.cloud.kms.v1.CryptoKey) KeyRingName(com.google.cloud.kms.v1.KeyRingName) KeyManagementServiceClient(com.google.cloud.kms.v1.KeyManagementServiceClient)

Aggregations

KeyManagementServiceClient (com.google.cloud.kms.v1.KeyManagementServiceClient)185 CryptoKey (com.google.cloud.kms.v1.CryptoKey)56 CryptoKeyVersion (com.google.cloud.kms.v1.CryptoKeyVersion)39 CryptoKeyVersionName (com.google.cloud.kms.v1.CryptoKeyVersionName)37 CryptoKeyName (com.google.cloud.kms.v1.CryptoKeyName)33 ByteString (com.google.protobuf.ByteString)20 KeyRingName (com.google.cloud.kms.v1.KeyRingName)17 KeyRing (com.google.cloud.kms.v1.KeyRing)16 FieldMask (com.google.protobuf.FieldMask)16 PublicKey (com.google.cloud.kms.v1.PublicKey)14 ImportJob (com.google.cloud.kms.v1.ImportJob)10 Test (org.junit.Test)10 Digest (com.google.cloud.kms.v1.Digest)8 EncryptResponse (com.google.cloud.kms.v1.EncryptResponse)8 Policy (com.google.iam.v1.Policy)8 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)8 DecryptResponse (com.google.cloud.kms.v1.DecryptResponse)7 AsymmetricDecryptResponse (com.google.cloud.kms.v1.AsymmetricDecryptResponse)6 AsymmetricSignResponse (com.google.cloud.kms.v1.AsymmetricSignResponse)6 LocationName (com.google.cloud.kms.v1.LocationName)6