public async Task <string> Encrypt(string data, string serviceAccountId, bool createKeyIfMissing = true)
{
var safeId = KeyIdCreator.Create(serviceAccountId);
var keyring = new KeyRingName(mProjectName, mKeyringLocation, mKeyringName);
var cryptoKeyName =
new CryptoKeyName(mProjectName, mKeyringLocation, mKeyringName, safeId);
try
{
await mKmsService.GetCryptoKeyAsync(cryptoKeyName);
} catch (RpcException e) when(e.StatusCode == StatusCode.NotFound && createKeyIfMissing)
{
var key = new CryptoKey
{
Purpose = CryptoKey.Types.CryptoKeyPurpose.EncryptDecrypt,
VersionTemplate = new CryptoKeyVersionTemplate
{
ProtectionLevel = ProtectionLevel.Software
}
};
if (mRotationPeriod.HasValue)
{
key.NextRotationTime = (DateTime.UtcNow + mRotationPeriod.Value).ToTimestamp();
key.RotationPeriod = Duration.FromTimeSpan(mRotationPeriod.Value);
}
var request = await mKmsService.CreateCryptoKeyAsync(keyring, safeId, key);
}
var cryptoKeyPathName = new CryptoKeyPathName(mProjectName, mKeyringLocation, mKeyringName, safeId);
var encryted = await mKmsService.EncryptAsync(cryptoKeyPathName, ByteString.FromBase64(data));
return(encryted.Ciphertext.ToBase64());
}
