{"id":21820620,"url":"https://github.com/sue445/gcp-kmsenv","last_synced_at":"2025-04-14T03:01:31.990Z","repository":{"id":37608225,"uuid":"289465697","full_name":"sue445/gcp-kmsenv","owner":"sue445","description":"Detect variable from environment variable or GCP Cloud KMS","archived":false,"fork":false,"pushed_at":"2024-10-23T20:24:11.000Z","size":911,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-10-24T08:01:55.523Z","etag":null,"topics":["cloudkms","gcp","golang"],"latest_commit_sha":null,"homepage":"https://pkg.go.dev/github.com/sue445/gcp-kmsenv","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sue445.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-08-22T10:19:40.000Z","updated_at":"2024-10-23T20:24:15.000Z","dependencies_parsed_at":"2023-10-13T13:36:46.857Z","dependency_job_id":"13d9e531-9623-4e65-a6f6-8e7270d4aba0","html_url":"https://github.com/sue445/gcp-kmsenv","commit_stats":null,"previous_names":["sue445/kmsenv"],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sue445%2Fgcp-kmsenv","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sue445%2Fgcp-kmsenv/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sue445%2Fgcp-kmsenv/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sue445%2Fgcp-kmsenv/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sue445","download_url":"https://codeload.github.com/sue445/gcp-kmsenv/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248813789,"owners_count":21165633,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloudkms","gcp","golang"],"created_at":"2024-11-27T16:38:02.192Z","updated_at":"2025-04-14T03:01:31.974Z","avatar_url":"https://github.com/sue445.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# gcp-kmsenv\nDetect variable from environment variable or [GCP Cloud KMS](https://cloud.google.com/security-key-management).\n\nYou can access KMS with a syntax similar to `os.Getenv`\n\n[![Latest Version](https://img.shields.io/github/v/tag/sue445/gcp-kmsenv)](https://github.com/sue445/gcp-kmsenv/tags)\n[![test](https://github.com/sue445/gcp-kmsenv/actions/workflows/test.yml/badge.svg)](https://github.com/sue445/gcp-kmsenv/actions/workflows/test.yml)\n[![Coverage Status](https://coveralls.io/repos/github/sue445/gcp-kmsenv/badge.svg)](https://coveralls.io/github/sue445/gcp-kmsenv)\n[![Maintainability](https://api.codeclimate.com/v1/badges/1493a487051cc9c65e2e/maintainability)](https://codeclimate.com/github/sue445/gcp-kmsenv/maintainability)\n[![GoDoc](https://godoc.org/github.com/sue445/gcp-kmsenv?status.svg)](https://godoc.org/github.com/sue445/gcp-kmsenv)\n[![Go Report Card](https://goreportcard.com/badge/github.com/sue445/gcp-kmsenv)](https://goreportcard.com/report/github.com/sue445/gcp-kmsenv)\n\n## Requirements\n### Base64 encoded ciphertext\nEncrypt credential with `gcloud kms encrypt` and convert with base64.\n\ne.g. \n\n```bash\necho -n SECRET_ACCESS_TOKEN | gcloud --project PROJECT_NAME kms encrypt --plaintext-file=- --ciphertext-file=- --location=global --keyring=KEY_RING_NAME --key=KEY_NAME | base64\n```\n\nAfter that, register with the environment variable starting with `KMS_`. (e.g. `KMS_ACCESS_TOKEN` )\n\n### Service account\nAdd IAM role `roles/cloudkms.cryptoKeyDecrypter` to service account if necessary.\n\n## Example\n```bash\nexport SOME_KEY=\"env_value\"\nexport KMS_ACCESS_TOKEN=\"base64_encoded_ciphertext\"\n```\n\n```go\npackage main\n\nimport \"github.com/sue445/gcp-kmsenv\"\n\nfunc main() {\n    keyringKeyName := \"projects/PROJECT_NAME/locations/global/keyRings/KEY_RING_NAME/cryptoKeys/KEY_NAME\"\n    k, err := kmsenv.NewKmsEnv(keyringKeyName)\n    if err != nil {\n        panic(err)\n    }\n\n    // get from environment variable\n    value, err := k.GetFromEnvOrKms(\"SOME_KEY\", false)\n    // =\u003e \"env_value\"\n\n    // get and decrypt from KMS\n    // NOTE. prefix `KMS_` is needless\n    access_token, err := k.GetFromEnvOrKms(\"ACCESS_TOKEN\", false)\n    // =\u003e \"SECRET_ACCESS_TOKEN\"\n\n    // When key is not found in both environment variable and KMS, returned empty string (not error)\n    value, err := k.GetFromEnvOrKms(\"INVALID_KEY\", false)\n    // =\u003e \"\"\n\n    // When key is not found in both environment variable and KMS, returned error\n    value, err := k.GetFromEnvOrKms(\"INVALID_KEY\", true)\n    // =\u003e error\n}\n```\n\n## ProTip\n### Securely embed secret values in `app.yaml` for Google App Engine\n```yaml\n# app.yaml\nruntime: go113\n\nenv_variables:\n  KMS_ACCESS_TOKEN: \"THIS_IS_BASE64_ENCODED_CIPHER_TEXT\"\n```\n\n## Development\n```\ncp .envrc .envrc.example\nvi .envrc\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsue445%2Fgcp-kmsenv","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsue445%2Fgcp-kmsenv","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsue445%2Fgcp-kmsenv/lists"}