Documentation ¶
Overview ¶
Package gcpkms provides integration with the GCP Cloud KMS. Tink APIs work with GCP and AWS KMS.
Example ¶
package main import ( "context" "log" "github.com/tink-crypto/tink-go-gcpkms/v2/integration/gcpkms" "github.com/tink-crypto/tink-go/v2/aead" "google.golang.org/api/option" ) func main() { const keyURI = "gcp-kms://......" ctx := context.Background() gcpclient, err := gcpkms.NewClientWithOptions(ctx, keyURI, option.WithCredentialsFile("/mysecurestorage/credentials.json")) if err != nil { log.Fatal(err) } kekAEAD, err := gcpclient.GetAEAD(keyURI) if err != nil { log.Fatal(err) } // Get the KMS envelope AEAD primitive. dekTemplate := aead.AES128CTRHMACSHA256KeyTemplate() primitive := aead.NewKMSEnvelopeAEAD2(dekTemplate, kekAEAD) if err != nil { log.Fatal(err) } // Use the primitive. plaintext := []byte("message") associatedData := []byte("example KMS envelope AEAD encryption") ciphertext, err := primitive.Encrypt(plaintext, associatedData) if err != nil { log.Fatal(err) } _, err = primitive.Decrypt(ciphertext, associatedData) if err != nil { log.Fatal(err) } }
Output:
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewClientWithOptions ¶
func NewClientWithOptions(ctx context.Context, uriPrefix string, opts ...option.ClientOption) (registry.KMSClient, error)
NewClientWithOptions returns a new GCP KMS client with provided Google API options to handle keys with uriPrefix prefix. uriPrefix must have the following format: 'gcp-kms://[:path]'.
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.