// [END kms_list_cryptokeys] // [START kms_create_keyring] public static object CreateKeyRing(string projectId, string location, string keyRing) { var cloudKms = CreateAuthorizedClient(); // Generate the full path of the parent to use for creating key rings. var parent = $"projects/{projectId}/locations/{location}"; KeyRing keyRingToCreate = new KeyRing(); var request = new ProjectsResource.LocationsResource.KeyRingsResource.CreateRequest( cloudKms, keyRingToCreate, parent); request.KeyRingId = keyRing; var result = request.Execute(); Console.Write($"Created Key Ring: {result.Name}"); return(0); }
public KmsDataProtectionProvider( IOptions <KmsDataProtectionProviderOptions> options) { _options = options; // Create a KMS service client with credentials. GoogleCredential credential = GoogleCredential.GetApplicationDefaultAsync().Result; // Inject the Cloud Key Management Service scope if (credential.IsCreateScopedRequired) { credential = credential.CreateScoped(new[] { CloudKMSService.Scope.CloudPlatform }); } _kms = new CloudKMSService(new BaseClientService.Initializer { HttpClientInitializer = credential, GZipEnabled = false }); // Create the key ring. var parent = string.Format("projects/{0}/locations/{1}", options.Value.ProjectId, options.Value.Location); KeyRing keyRingToCreate = new KeyRing(); var request = new ProjectsResource.LocationsResource .KeyRingsResource.CreateRequest(_kms, keyRingToCreate, parent); request.KeyRingId = options.Value.KeyRing; try { request.Execute(); } catch (Google.GoogleApiException e) when(e.HttpStatusCode == System.Net.HttpStatusCode.Conflict) { // Already exists. Ok. } }
public KmsDataProtectionProvider(IOptions <KmsDataProtectionProviderOptions> options) { _options = options; GoogleCredential credential = GoogleCredential.GetApplicationDefaultAsync().Result; if (credential.IsCreateScopedRequired) { credential = credential.CreateScoped(new[] { CloudKMSService.Scope.CloudPlatform }); } _kms = new CloudKMSService(new BaseClientService.Initializer { HttpClientInitializer = credential, GZipEnabled = false }); var parent = string.Format("projects/{0}/locations/{1}", options.Value.ProjectId, options.Value.Location); KeyRing keyRingToCreate = new KeyRing(); var request = new ProjectsResource.LocationsResource.KeyRingsResource.CreateRequest(_kms, keyRingToCreate, parent); request.KeyRingId = options.Value.KeyRing; try { request.Execute(); } catch (Google.GoogleApiException e) when(e.HttpStatusCode == System.Net.HttpStatusCode.Conflict) /* Already exists. Ok.*/ } { } IDataProtector IDataProtectionProvider.CreateProtector(string purpose) { IDataProtector cached; if (_dataProtectorCache.TryGetValue(purpose, out cached)) { return(cached); } var keyRingName = string.Format( "projects/{0}/locations/{1}/keyRings/{2}", _options.Value.ProjectId, _options.Value.Location, _options.Value.KeyRing); string rotationPeriod = string.Format("{0}s", TimeSpan.FromDays(7).TotalSeconds); CryptoKey cryptoKeyToCreate = new CryptoKey() { Purpose = "ENCRYPT_DECRYPT", NextRotationTime = DateTime.UtcNow.AddDays(7), RotationPeriod = rotationPeriod }; var request = new ProjectsResource.LocationsResource.KeyRingsResource.CryptoKeysResource.CreateRequest(_kms, cryptoKeyToCreate, keyRingName); string keyId = EscapeKeyId(purpose); request.CryptoKeyId = keyId; string keyName; try { keyName = request.Execute().Name; } catch (Google.GoogleApiException e) when(e.HttpStatusCode == System.Net.HttpStatusCode.Conflict) { // Already exists. Ok. keyName = string.Format("{0}/cryptoKeys/{1}", keyRingName, keyId); } var newProtector = new KmsDataProtector(_kms, keyName, (string innerPurpose) => this.CreateProtector($"{purpose}.{innerPurpose}")); _dataProtectorCache.TryAdd(purpose, newProtector); return(newProtector); }
public static int Main(string[] args) { // Your Google Cloud Platform project ID. string projectId = "YOUR-PROJECT-ID"; if (projectId == "YOUR-" + "PROJECT-ID") { Console.Error.WriteLine("Modify Program.cs and replace YOUR-" + "PROJECT-ID with your google project id."); return(-1); } // Authorize the client using Application Default Credentials. // See: https://developers.google.com/identity/protocols/application-default-credentials GoogleCredential credential = GoogleCredential.GetApplicationDefaultAsync().Result; // Specify the Cloud Key Management Service scope. if (credential.IsCreateScopedRequired) { credential = credential.CreateScoped(new[] { CloudKMSService.Scope.CloudPlatform }); } var cloudKms = new CloudKMSService(new BaseClientService.Initializer { HttpClientInitializer = credential, GZipEnabled = false }); // Create the key ring. string location = "global"; // The resource name of the location associated with the key rings. string parent = $"projects/{projectId}/locations/{location}"; KeyRing keyRingToCreate = new KeyRing(); var request = new ProjectsResource.LocationsResource .KeyRingsResource.CreateRequest(cloudKms, keyRingToCreate, parent); string keyRingId = request.KeyRingId = "QuickStartCore"; try { request.Execute(); } catch (Google.GoogleApiException e) when(e.HttpStatusCode == System.Net.HttpStatusCode.Conflict) { // Already exists. Ok. } // Create the crypto key: var keyRingName = string.Format( "projects/{0}/locations/{1}/keyRings/{2}", projectId, location, keyRingId); string rotationPeriod = string.Format("{0}s", TimeSpan.FromDays(7).TotalSeconds); CryptoKey cryptoKeyToCreate = new CryptoKey() { Purpose = "ENCRYPT_DECRYPT", NextRotationTime = DateTime.UtcNow.AddDays(7), RotationPeriod = rotationPeriod }; string keyId = "Key1"; string keyName; try { keyName = new ProjectsResource.LocationsResource .KeyRingsResource.CryptoKeysResource.CreateRequest( cloudKms, cryptoKeyToCreate, keyRingName) { CryptoKeyId = keyId }.Execute().Name; } catch (Google.GoogleApiException e) when(e.HttpStatusCode == System.Net.HttpStatusCode.Conflict) { // Already exists. Ok. keyName = string.Format("{0}/cryptoKeys/{1}", keyRingName, keyId); } // Encrypt a string. var encryptResult = cloudKms.Projects.Locations.KeyRings.CryptoKeys .Encrypt(new EncryptRequest() { Plaintext = Convert.ToBase64String(Encoding.UTF8.GetBytes("Hello World.")) }, keyName).Execute(); var cipherText = Convert.FromBase64String(encryptResult.Ciphertext); // Decrypt the string. var result = cloudKms.Projects.Locations.KeyRings.CryptoKeys .Decrypt(new DecryptRequest() { Ciphertext = Convert.ToBase64String(cipherText) }, keyName).Execute(); Console.WriteLine(Encoding.UTF8.GetString(Convert.FromBase64String(result.Plaintext))); return(0); }