How to use @google-cloud/kms - 9 common examples
To help you get started, we’ve selected a few @google-cloud/kms examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
forseti-security / forseti-visualizer / forseti-api / server / services / crypto-service.js View on Github 
async encrypt(
plaintextFileName = '/Users/garrettwong/Git/forseti-visualizer/forseti-api/dockersource.env',
ciphertextFileName = 'dockersource.env.enc'
) {
const fs = require('fs');
const {
promisify
} = require('util');
// Import the library and create a client
const kms = require('@google-cloud/kms');
const client = new kms.KeyManagementServiceClient();
// The location of the crypto key's key ring, e.g. "global"
const locationId = 'global';
// Reads the file to be encrypted
const readFile = promisify(fs.readFile);
const contentsBuffer = await readFile(plaintextFileName);
console.log(contentsBuffer);
const plaintext = contentsBuffer.toString('base64');
console.log(plaintext);
const name = client.cryptoKeyPath(
this.projectId,
locationId,// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
'use strict';
const cryptoKeyID = process.env.KMS_CRYPTO_KEY_ID;
const kms = require('@google-cloud/kms');
const client = new kms.v1.KeyManagementServiceClient();
let username;
client.decrypt({
name: cryptoKeyID,
ciphertext: process.env.DB_USER,
}).then(res => {
username = res[0].plaintext.toString().trim();
}).catch(err => {
console.error(err);
});
let password;
client.decrypt({
name: cryptoKeyID,
ciphertext: process.env.DB_PASS,
}).then(res => {async function disableCryptoKeyVersion(
projectId = 'your-project-id', // Your GCP Project ID
keyRingId = 'my-key-ring', // Name of the crypto key version's key ring
cryptoKeyId = 'my-key', // Name of the version's crypto key
version = 1234 // The version's id
) {
// Import the library and create a client
const kms = require('@google-cloud/kms');
const client = new kms.KeyManagementServiceClient();
// The location of the crypto key versions's key ring, e.g. "global"
const locationId = 'global';
// Get the full path to the crypto key
const name = client.cryptoKeyVersionPath(
projectId,
locationId,
keyRingId,
cryptoKeyId,
version
);
// Gets a crypto key version
const [cryptoKeyVersion] = await client.getCryptoKeyVersion({name});async function decrypt(
projectId = 'your-project-id', // Your GCP projectId
keyRingId = 'my-key-ring', // Name of the crypto key's key ring
cryptoKeyId = 'my-key', // Name of the crypto key, e.g. "my-key"
ciphertextFileName = './path/to/plaintext.txt.encrypted',
plaintextFileName = './path/to/plaintext.txt.decrypted'
) {
const fs = require('fs');
const {promisify} = require('util');
// Import the library and create a client
const kms = require('@google-cloud/kms');
const client = new kms.KeyManagementServiceClient();
// The location of the crypto key's key ring, e.g. "global"
const locationId = 'global';
// Reads the file to be decrypted
const readFile = promisify(fs.readFile);
const ciphertext = await readFile(ciphertextFileName);
const name = client.cryptoKeyPath(
projectId,
locationId,
keyRingId,
cryptoKeyId
);
// Decrypts the file using the specified crypto key
const [result] = await client.decrypt({name, ciphertext});async function enableCryptoKeyVersion(
projectId = 'your-project-id', // Your GCP projectId
keyRingId = 'my-key-ring', // Name of the crypto key version's key ring
cryptoKeyId = 'my-key', // Name of the version's crypto key
version = 1234 // The version's id
) {
// Import the library and create a client
const kms = require('@google-cloud/kms');
const client = new kms.KeyManagementServiceClient();
// The location of the crypto key versions's key ring, e.g. "global"
const locationId = 'global';
// Get the full path to the crypto key
const name = client.cryptoKeyVersionPath(
projectId,
locationId,
keyRingId,
cryptoKeyId,
version
);
// Gets a crypto key version
const [cryptoKeyVersion] = await client.getCryptoKeyVersion({name});async decrypt(
ciphertextFileName = 'dockersource.env.enc',
plaintextFileName = 'dockersource.env.decrypted'
) {
const fs = require('fs');
const {
promisify
} = require('util');
// Import the library and create a client
const kms = require('@google-cloud/kms');
const client = new kms.KeyManagementServiceClient();
// The location of the crypto key's key ring, e.g. "global"
const locationId = 'global';
// Reads the file to be decrypted
const readFile = promisify(fs.readFile);
const contentsBuffer = await readFile(ciphertextFileName);
const name = client.cryptoKeyPath(
this.projectId,
locationId,
this.keyRingId,
this.cryptoKeyId
);
const ciphertext = contentsBuffer.toString('base64');
// Decrypts the file using the specified crypto keyasync function encrypt(
projectId = 'your-project-id', // Your GCP projectId
keyRingId = 'my-key-ring', // Name of the crypto key's key ring
cryptoKeyId = 'my-key', // Name of the crypto key, e.g. "my-key"
plaintextFileName = './path/to/plaintext.txt',
ciphertextFileName = './path/to/plaintext.txt.encrypted'
) {
const fs = require('fs');
const {promisify} = require('util');
// Import the library and create a client
const kms = require('@google-cloud/kms');
const client = new kms.KeyManagementServiceClient();
// The location of the crypto key's key ring, e.g. "global"
const locationId = 'global';
// Reads the file to be encrypted
const readFile = promisify(fs.readFile);
const plaintext = await readFile(plaintextFileName);
const name = client.cryptoKeyPath(
projectId,
locationId,
keyRingId,
cryptoKeyId
);
// Encrypts the file using the specified crypto key
const [result] = await client.encrypt({name, plaintext});async function run() {
let encblob: Buffer = Buffer.from('');
const opts = project
? ({
projectId: project,
} as KMS.v1.KeyManagementServiceClient.ConfigurationObject)
: undefined;
const kmsclient = new KMS.KeyManagementServiceClient(opts);
const name = kmsclient.cryptoKeyPath(project, location, keyring, botname);
const plaintext = Buffer.from(JSON.stringify(blob), 'utf-8');
const [kmsresult] = await kmsclient.encrypt({ name, plaintext });
encblob = kmsresult.ciphertext;
const options = project ? ({ project } as StorageOptions) : undefined;
const storage = new Storage(options);
const tmpobj = tmp.dirSync();
console.log('Dir: ', tmpobj.name);
const fileName = path.join(tmpobj.name, botname);
fs.writeFileSync(fileName, encblob);url='https://console.cloud.google.com/cloud-build/builds/'+buildId+'?project='+gcloudProject
githubStatus = {
state: states.get(status),
context: context,
description: context,
sha: commitSha,
token: "",
repo: githubRepo,
owner: githubUser,
url: url
};
const kms = require('@google-cloud/kms');
const client = new kms.KeyManagementServiceClient();
const locationId = 'global';
const name = client.cryptoKeyPath(
gcloudProject,
locationId,
keyRingName,
keyName
);
const ciphertext = githubToken;//Buffer.from(githubToken, 'base64').toString();
client.decrypt({name, ciphertext})
.then(responses => {
const response = responses[0];
const commitStatus = require('commit-status');
console.log("Send status");
console.log(githubStatus);
githubStatus.token=response.plaintext;@google-cloud/kms
Google Cloud Key Management Service (KMS) API client for Node.js
