https://github.com/bramus/gcloud-kms-scripts
A collection of scripts here to help interact with Google's Cloud Key Management Service (KMS)
https://github.com/bramus/gcloud-kms-scripts
google-cloud-platform key-management-service kms secrets secrets-management
Last synced: 4 months ago
JSON representation
A collection of scripts here to help interact with Google's Cloud Key Management Service (KMS)
- Host: GitHub
- URL: https://github.com/bramus/gcloud-kms-scripts
- Owner: bramus
- License: mit
- Created: 2019-09-11T13:51:25.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2021-08-30T20:44:36.000Z (almost 4 years ago)
- Last Synced: 2024-12-31T05:25:57.260Z (5 months ago)
- Topics: google-cloud-platform, key-management-service, kms, secrets, secrets-management
- Language: Shell
- Size: 2.93 KB
- Stars: 2
- Watchers: 5
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Google Cloud Platform KMS encryption utilities
A collection of scripts here to help interact with [Google's Cloud Key Management Service](https://cloud.google.com/kms/), without too many layers of indirection.
## The utilities
* `kms-encrypt` - Encrypt a plaintext string to a secret
* `kms-decrypt` - Decrypt a secret to a plaintext stringEach script can be invoked with `-h` to see it's usage.
## Examples
### Encrypt
```bash
kms-encrypt -r "projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[keyring_name]/cryptoKeys/[key_name]"
````kms-encrypt` will ask for a plaintext string to encrypt and yield the encrypted result:
```
Please enter a plaintext string to encrypt
> test
CiQAUqQA4o9w4O3ovBCcj…
```Alternatively, you can pass plaintext string to encrypt into `kms-encrypt`:
```bash
kms-encrypt -r "projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[keyring_name]/cryptoKeys/[key_name]" -p test
# "CiQAUqQA4o9w4O3ovBCcj…"
``````bash
echo -n test | kms-encrypt -r "projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[keyring_name]/cryptoKeys/[key_name]"
# "CiQAUqQA4o9w4O3ovBCcj…"
```### Decrypt
```bash
kms-decrypt -r "projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[keyring_name]/cryptoKeys/[key_name]"
````kms-decrypt` will ask for a secret to decrypt and yield the plaintext result:
```
Please enter a secret to decrypt
> CiQAUqQA4o9w4O3ovBCcj…
test
```Alternatively, you can pass secret to decrypt into `kms-decrypt`:
```bash
kms-decrypt -r "projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[keyring_name]/cryptoKeys/[key_name]" -s "CiQAUqQA4o9w4O3ovBCcj…"
# test
``````bash
echo -n "CiQAUqQA4o9w4O3ovBCcj…" | kms-decrypt -r "projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[keyring_name]/cryptoKeys/[key_name]"
# test
```## License
`glcoud-kms-scripts` is released under the MIT License. See the enclosed [`LICENSE` file](LICENSE) for details.
## Acknowledgements
This code is inspired upon the [KMS encryption utilities for AWS by James Gregory](https://github.com/jagregory/kms-scripts/)