https://github.com/eigerco/rustls-gcp-kms

Rustls Google Cloud Platform TLS CryptoProvider
https://github.com/eigerco/rustls-gcp-kms

google-cloud-platform rustls

Last synced: 5 months ago
JSON representation

Rustls Google Cloud Platform TLS CryptoProvider

• Host: GitHub
• URL: https://github.com/eigerco/rustls-gcp-kms
• Owner: eigerco
• License: apache-2.0
• Created: 2025-05-01T19:03:24.000Z (about 1 year ago)
• Default Branch: main
• Last Pushed: 2025-06-07T09:01:48.000Z (about 1 year ago)
• Last Synced: 2025-06-07T10:17:54.342Z (about 1 year ago)
• Topics: google-cloud-platform, rustls
• Language: Rust
• Homepage:
• Size: 55.7 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

README

          
# Rustls KMS Provider

A Rust library that enables TLS client authentication via rustls using private keys stored in Google Cloud KMS (Key Management Service).

[![Build Status](https://github.com/eigerco/rustls-gcp-kms/actions/workflows/ci.yaml/badge.svg?branch=main)](https://github.com/eigerco/rustls-gcp-kms/actions/workflows/ci.yaml?query=branch%3Amain)

## Installation

Add the library to your Cargo.toml:

```toml

[dependencies]

rustls-gcp-kms = { git = "https://github.com/eigerco/rustls-gcp-kms.git" }

```

## Features

- serde: adds Serialize/Deserialize for `KmsConfig`

## Example

```rust

use std::sync::Arc;

use google_cloud_kms::client::{Client, ClientConfig};

use rustls::pki_types::CertificateDer;

use rustls::RootCertStore;

use rustls_gcp_kms::{dummy_key, provider, KmsConfig};

async fn send_request() -> Result<(), Box> {

    // Configure KMS

    let kms_config = KmsConfig::new(

        "my-project-id",

        "global",

        "my-keyring",

        "my-signing-key",

        "1",

    );

    let client_config = ClientConfig::default()

        .with_auth()

        .await?;

    let client = Client::new(client_config)

        .await

        .unwrap();

    // Create the crypto provider with KMS

    let crypto_provider = provider(client, kms_config).await?;

    // Load your client certificate

    let cert = std::fs::read("path/to/client.crt")?;

    let cert = CertificateDer::from_slice(&cert).into_owned();

    let client_config = rustls::ClientConfig::builder_with_provider(Arc::new(crypto_provider))

        .with_safe_default_protocol_versions()

        .unwrap()

        .with_root_certificates(RootCertStore::empty())

        .with_client_auth_cert(vec![cert], dummy_key());

    // Configure reqwest with KMS-backed TLS

    let client = reqwest::Client::builder()

        .use_rustls_tls()

        .use_preconfigured_tls(client_config)

        .build()?;

    // Make a request with client certificate authentication

    let response = client

        .get("https://api.example.com/secure-endpoint")

        .send()

        .await?;

    println!("Response: {}", response.status());

    Ok(())

}

```

## About Eiger

We are engineers. We contribute to various ecosystems by building low level implementations and core components. Contact us at hello@eiger.co