Documentation
¶
Overview ¶
Package gcpkms provides integration with the GCP Cloud KMS. Tink APIs work with GCP and AWS KMS. GCP Example below:
package main
import (
"github.com/google/tink/go/aead" "github.com/google/tink/go/core/registry" "github.com/google/tink/go/integration/gcpkms" "github.com/google/tink/go/keyset"
)
const (
keyURI = "gcp-kms://......"
)
func main() {
gcpclient, err := gcpkms.NewClientWithCredentials(keyURI, "/mysecurestorage/credentials.json")
if err != nil {
//handle error
}
registry.RegisterKMSClient(gcpclient)
dek := aead.AES128CTRHMACSHA256KeyTemplate()
kh, err := keyset.NewHandle(aead.KMSEnvelopeAEADKeyTemplate(keyURI, dek))
if err != nil {
// handle error
}
a, err := aead.New(kh)
if err != nil {
// handle error
}
ct, err = a.Encrypt([]byte("secret message"), []byte("associated data"))
if err != nil {
// handle error
}
pt, err = a.Decrypt(ct, []byte("associated data"))
if err != nil {
// handle error
}
}
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewClient ¶
NewClient returns a new GCP KMS client which will use default credentials to handle keys with uriPrefix prefix. uriPrefix must have the following format: 'gcp-kms://[:path]'.
func NewClientWithCredentials ¶
NewClientWithCredentials returns a new GCP KMS client which will use given credentials to handle keys with uriPrefix prefix. uriPrefix must have the following format: 'gcp-kms://[:path]'.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.