Documentation
¶
Overview ¶
Package gcpkms provides integration with the GCP Cloud KMS. Tink APIs work with GCP and AWS KMS.
Example ¶
package main
import (
"context"
"log"
"github.com/tink-crypto/tink-go-gcpkms/v2/integration/gcpkms"
"github.com/tink-crypto/tink-go/v2/aead"
"github.com/tink-crypto/tink-go/v2/core/registry"
"github.com/tink-crypto/tink-go/v2/keyset"
"google.golang.org/api/option"
)
func main() {
const keyURI = "gcp-kms://......"
ctx := context.Background()
gcpclient, err := gcpkms.NewClientWithOptions(ctx, keyURI, option.WithCredentialsFile("/mysecurestorage/credentials.json"))
if err != nil {
log.Fatal(err)
}
registry.RegisterKMSClient(gcpclient)
dek := aead.AES128CTRHMACSHA256KeyTemplate()
template, err := aead.CreateKMSEnvelopeAEADKeyTemplate(keyURI, dek)
if err != nil {
log.Fatal(err)
}
handle, err := keyset.NewHandle(template)
if err != nil {
log.Fatal(err)
}
a, err := aead.New(handle)
if err != nil {
log.Fatal(err)
}
ct, err := a.Encrypt([]byte("this data needs to be encrypted"), []byte("this data needs to be authenticated, but not encrypted"))
if err != nil {
log.Fatal(err)
}
_, err = a.Decrypt(ct, []byte("this data needs to be authenticated, but not encrypted"))
if err != nil {
log.Fatal(err)
}
}
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewClientWithOptions ¶
func NewClientWithOptions(ctx context.Context, uriPrefix string, opts ...option.ClientOption) (registry.KMSClient, error)
NewClientWithOptions returns a new GCP KMS client with provided Google API options to handle keys with uriPrefix prefix. uriPrefix must have the following format: 'gcp-kms://[:path]'.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.