/** * Retrieves the IAM policy for the given crypto key. */ public static Policy getKeyRingPolicy(String projectId, String locationId, String keyRingId) throws IOException { // Create the Cloud KMS client. try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { // The resource name of the cryptoKey version String keyRingName = KeyRingName.format(projectId, locationId, keyRingId); // Get the current IAM policy and add the new account to it. Policy iamPolicy = client.getIamPolicy(keyRingName); return iamPolicy; } } // [END kms_get_keyring_policy]
/** * Lists all crypto keys in the given key ring. */ public static List<CryptoKey> listCryptoKeys( String projectId, String locationId, String keyRingId) throws IOException { // Create the Cloud KMS client. try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { // The resource name of the KeyRing to search. String parent = KeyRingName.format(projectId, locationId, keyRingId); // Retrieve a paginated list of CryptoKeys ListCryptoKeysPagedResponse response = client.listCryptoKeys(parent); ArrayList<CryptoKey> keys = new ArrayList<>(); // Iterate over all CryptoKeys (subsequent pages are retrieved automatically) for (CryptoKey cryptoKey : response.iterateAll()) { keys.add(cryptoKey); } return keys; } }
/** * Creates a new crypto key with the given id. */ public static CryptoKey createCryptoKey(String projectId, String locationId, String keyRingId, String cryptoKeyId) throws IOException { // Create the Cloud KMS client. try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { // The resource name of the location associated with the KeyRing. String parent = KeyRingName.format(projectId, locationId, keyRingId); // This will allow the API access to the key for encryption and decryption. CryptoKey cryptoKey = CryptoKey.newBuilder() .setPurpose(CryptoKeyPurpose.ENCRYPT_DECRYPT) .build(); // Create the CryptoKey for your project. CryptoKey createdKey = client.createCryptoKey(parent, cryptoKeyId, cryptoKey); return createdKey; } } // [END kms_create_cryptokey]
String keyRingName = KeyRingName.format(projectId, locationId, keyRingId);
/** * Creates an RSA encrypt/decrypt key pair with the given id. */ public static CryptoKey createAsymmetricKey(String projectId, String locationId, String keyRingId, String cryptoKeyId) throws IOException { try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { String parent = KeyRingName.format(projectId, locationId, keyRingId); CryptoKeyPurpose purpose = CryptoKeyPurpose.ASYMMETRIC_DECRYPT; CryptoKeyVersionAlgorithm algorithm = CryptoKeyVersionAlgorithm.RSA_DECRYPT_OAEP_2048_SHA256; CryptoKeyVersionTemplate version = CryptoKeyVersionTemplate.newBuilder() .setAlgorithm(algorithm) .build(); CryptoKey cryptoKey = CryptoKey.newBuilder() .setPurpose(purpose) .setVersionTemplate(version) .build(); CryptoKey createdKey = client.createCryptoKey(parent, cryptoKeyId, cryptoKey); return createdKey; } } // [END kms_create_asymmetric_key]
String keyRingName = KeyRingName.format(projectId, locationId, keyRingId);