This directory contains samples for Google Cloud KMS API. The Google Cloud KMS API is a service that allows you to keep encryption keys centrally in the cloud, for direct use by cloud services.
Authentication is typically done through Application Default Credentials, which means you do not have to change the code to authenticate as long as your environment has credentials. You have a few options for setting up authentication:
When running locally, use the Google Cloud SDK
gcloud auth application-default login
When running on App Engine or Compute Engine, credentials are already set-up. However, you may need to configure your Compute Engine instance with additional scopes.
You can create a Service Account key file. This file can be used to authenticate to Google Cloud Platform services from any environment. To use the file, set the
GOOGLE_APPLICATION_CREDENTIALS
environment variable to the path to the key file, for example:export GOOGLE_APPLICATION_CREDENTIALS=/path/to/service_account.json
Install pip and virtualenv if you do not already have them.
Create a virtualenv. Samples are compatible with Python 2.7 and 3.4+.
$ virtualenv env $ source env/bin/activate
Install the dependencies needed to run the samples.
$ pip install -r requirements.txt
To run this sample:
$ python quickstart.py
To run this sample:
$ python snippets.py
usage: snippets.py [-h]
{create_keyring,create_cryptokey,encrypt,decrypt,disable_cryptokey_version,destroy_cryptokey_version,add_member_to_cryptokey_policy,get_keyring_policy}
...
positional arguments:
{create_keyring,create_cryptokey,encrypt,decrypt,disable_cryptokey_version,destroy_cryptokey_version,add_member_to_cryptokey_policy,get_keyring_policy}
optional arguments:
-h, --help show this help message and exit