cloudkey
- This is a program that encrypts and decrypts using the cloud's key management service such as GCP and AWS.
- With this program, encryption and decryption can be done securely without managing the encryption key locally.
Usage
Overview
- Create GCP or AWS account.
- Start using Key Management Service.
- Install cloudkey
- Create cloudkey configuration.
- Encrypt and decrypt your files.
Create GCP or AWS account
Start using Key Management Service
GCP
- Document
- Please note this item as you will need it later.
- Project name
- Location (e.g. "global")
- Keyring name (e.g. "test")
- Key name (e.g. quickstart)
AWS
- Document
- Please note this item as you will need it later.
- Region (e.g. "us-west-2")
- Key ID (e.g. "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab")
Install
go install github.com/nirasan/cloudkey
Create cloudkey configuration
GCP
Login with account authenticated with gcloud command.
gcloud auth application-default login
cloudkey config gcp gcloud-account --project PROJECT_NAME --location LOCATION --keyring KEYRING_NAME --key KEY_NAME CONFIG_FILE
Login with service account
cloudkey config gcp service-account --project PROJECT_NAME --location LOCATION --keyring KEYRING_NAME --key KEY_NAME --service-account-key SERVICE_ACCOUNT_JSON_KEY_FILE CONFIG_FILE
AWS
Login with credentials file
cloudkey config aws shared-creds --cred-file CREDENTIAL_FILE(default: ~/.aws/credentials) --profile PROFILE(default: default) --region REGION --key KEY_ID CONFIG_FILE
Login with static credentials
cloudkey config aws static-creds --access-key-id ACCESS_KEY_ID --secret-access-key SECRET_ACCESS_KEY --access-token ACCESS_TOKEN --region REGION --key KEY_ID CONFIG_FILE
Encrypt and decrypt your files
# GCP
cloudkey encrypt gcp --config CONFIG_FILE --extension EXTENSION(default: .crypted) TARGET_FILE
# AWS
cloudkey encrypt aws --config CONFIG_FILE --extension EXTENSION(default: .crypted) TARGET_FILE
# GCP
cloudkey decrypt gcp --config CONFIG_FILE --extension EXTENSION(default: .crypted) TARGET_FILE
# AWS
cloudkey decrypt aws --config CONFIG_FILE --extension EXTENSION(default: .crypted) TARGET_FILE
- Re-encrypt files. Encrypt if there is already encrypted file under specified directory.
# GCP
cloudkey re-encrypt gcp --config CONFIG_FILE --extension EXTENSION(default: .crypted) TARGET_DIR
# AWS
cloudkey re-encrypt aws --config CONFIG_FILE --extension EXTENSION(default: .crypted) TARGET_DIR
- Re-decrypt files. Decrypt if there is already encrypted file under specified directory.
# GCP
cloudkey re-decrypt gcp --config CONFIG_FILE --extension EXTENSION(default: .crypted) TARGET_DIR
# AWS
cloudkey re-decrypt aws --config CONFIG_FILE --extension EXTENSION(default: .crypted) TARGET_DIR