use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.
the class GetPublicKey method getPublicKey.
// Get the public key associated with an asymmetric key.
public void getPublicKey(String projectId, String locationId, String keyRingId, String keyId, String keyVersionId) throws IOException, GeneralSecurityException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the key version name from the project, location, key ring, key,
// and key version.
CryptoKeyVersionName keyVersionName = CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
// Get the public key.
PublicKey publicKey = client.getPublicKey(keyVersionName);
System.out.printf("Public key: %s%n", publicKey.getPem());
}
}
use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.
the class IamGetPolicy method iamGetPolicy.
// Get the IAM policy for the given key.
public void iamGetPolicy(String projectId, String locationId, String keyRingId, String keyId) throws IOException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the key version name from the project, location, key ring, key,
// and key version.
CryptoKeyName resourceName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId);
// The resource name could also be a key ring.
// KeyRingName resourceName = KeyRingName.of(projectId, locationId, keyRingId);
// Get the current policy.
Policy policy = client.getIamPolicy(resourceName);
// Print the policy.
System.out.printf("IAM policy:%n");
for (Binding binding : policy.getBindingsList()) {
System.out.printf("%s%n", binding.getRole());
for (String member : binding.getMembersList()) {
System.out.printf("- %s%n", member);
}
}
}
}
use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.
the class IamRemoveMember method iamRemoveMember.
// Remove the given IAM membership on the resource, if it exists.
public void iamRemoveMember(String projectId, String locationId, String keyRingId, String keyId, String member) throws IOException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the key version name from the project, location, key ring, key,
// and key version.
CryptoKeyName resourceName = CryptoKeyName.of(projectId, locationId, keyRingId, keyId);
// The resource name could also be a key ring.
// KeyRingName resourceName = KeyRingName.of(projectId, locationId, keyRingId);
// Get the current policy.
Policy policy = client.getIamPolicy(resourceName);
// Search through the bindings and remove matches.
String roleToFind = "roles/cloudkms.cryptoKeyEncrypterDecrypter";
for (Binding binding : policy.getBindingsList()) {
if (binding.getRole().equals(roleToFind) && binding.getMembersList().contains(member)) {
binding.getMembersList().remove(member);
}
}
client.setIamPolicy(resourceName, policy);
System.out.printf("Updated IAM policy for %s%n", resourceName.toString());
}
}
use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.
the class CreateKeyRing method createKeyRing.
// Create a new key ring.
public void createKeyRing(String projectId, String locationId, String id) throws IOException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the parent name from the project and location.
LocationName locationName = LocationName.of(projectId, locationId);
// Build the key ring to create.
KeyRing keyRing = KeyRing.newBuilder().build();
// Create the key ring.
KeyRing createdKeyRing = client.createKeyRing(locationName, id, keyRing);
System.out.printf("Created key ring %s%n", createdKeyRing.getName());
}
}
use of com.google.cloud.kms.v1.KeyManagementServiceClient in project java-kms by googleapis.
the class CreateKeyRotationSchedule method createKeyRotationSchedule.
// Create a new key that automatically rotates on a schedule.
public void createKeyRotationSchedule(String projectId, String locationId, String keyRingId, String id) throws IOException {
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the parent name from the project, location, and key ring.
KeyRingName keyRingName = KeyRingName.of(projectId, locationId, keyRingId);
// Calculate the date 24 hours from now (this is used below).
long tomorrow = java.time.Instant.now().plus(24, ChronoUnit.HOURS).getEpochSecond();
// Build the key to create with a rotation schedule.
CryptoKey key = CryptoKey.newBuilder().setPurpose(CryptoKeyPurpose.ENCRYPT_DECRYPT).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setAlgorithm(CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION)).setRotationPeriod(Duration.newBuilder().setSeconds(java.time.Duration.ofDays(30).getSeconds())).setNextRotationTime(Timestamp.newBuilder().setSeconds(tomorrow)).build();
// Create the key.
CryptoKey createdKey = client.createCryptoKey(keyRingName, id, key);
System.out.printf("Created key with rotation schedule %s%n", createdKey.getName());
}
}
Aggregations