Skip to content

Instantly share code, notes, and snippets.

@k-kurikuri

k-kurikuri/gcp_kms_enc_dec_sample.sh

Created June 20, 2018 01:44
Show Gist options
  • Save k-kurikuri/769a5da105b815083b7c3f074cb6b8cb to your computer and use it in GitHub Desktop.
Save k-kurikuri/769a5da105b815083b7c3f074cb6b8cb to your computer and use it in GitHub Desktop.
Download ZIP
GCPのKMSを通したencrypt, decryptのサンプル
Raw
gcp_kms_enc_dec_sample.sh
#!/bin/bash
#
# base64コマンドはMac, Linuxでオプションが異なるので注意
#
# encrypt
curl -v "https://cloudkms.googleapis.com/v1/projects/{PROJECT_ID}/locations/{REGION}/keyRings/{KEY_RINGS_NAME}/cryptoKeys/{CRYPT_KEY_NAME}:encrypt" \
-d "{\"plaintext\":\"base64-data\"}" \
-H "Authorization:Bearer $(gcloud auth application-default print-access-token)"\
-H "Content-Type: application/json" | jq .ciphertext -r > 1.encrypted
# decrypt
curl -v "https://cloudkms.googleapis.com/v1/projects/{PROJECT_ID}/locations/{REGION}/keyRings/{KEY_RINGS_NAME}/cryptoKeys/{CRYPT_KEY_NAME}:decrypt" \
-d "{\"ciphertext\":\"$(cat 1.encrypted)\"}" \
-H "Authorization:Bearer $(gcloud auth application-default print-access-token)"\
-H "Content-Type:application/json" \
| jq .plaintext -r | base64 -d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment