Google Cloud: Encrypting and Decrypting data using Cloud KMS

Share At:

Deep Dive Into Google Cloud Key Management Services

What is Cloud KMS?

  • Cloud KMS is designed as a cryptographic system.
  • You can’t get the keys out which means keys are locked inside the system and you need not worry about them leaking.
  • The only thing you can do with these keys is encryption, decryption, and any other cryptographic operation.
  • These keys are useful for protecting data, or even for encrypting secrets,
  • For e.g. if you want to keep a database password as a secret so that you should be able to use or send elsewhere, you can store an encrypted version, then use Cloud KMS to decrypt it.

Lab Details:

  1. This lab walks you through Cloud KMS.
  2. You will encrypt and decrypt a file.

Lab Tasks:

  1. Creating a KeyRing and Key.
  2. Encrypting the file.
  3. Decrypting the file.

Creating a Keyring and Key

  1. Click on the Security option under the products section 
  1. In the left sidebar, click on Key Management  
  1. Click on create key ring, You might find create key ring option at the top, there might be existing keyrings in the project.
  1. Enter the keyring name like admin-keyring. The name can be different. Make a note of it.
  2. Choose the keyring location as us-central1
  1. Click on Create
  2. Enter the Key name like admin-key-1.The name can be different. Make a note of it.
  1. Keep the other options as is and click on Create.
  1. Click on the Cloud Shell icon on the top right corner. If prompted click on Continue.
  1. Enter the below command to create a file with “Welcome to Cloudblogg” text.

echo “Welcome to Cloudblogg” > ./file.txt

11. Enter the below command to encrypt the file and store the encrypted file in file.txt.enc (Replace the keyring and key name that you created above). If prompted click on Authorise.        

gcloud kms encrypt \
    –location “us-central1” \
    –keyring “admin-keyring” \
    –key “admin-key-1” \
    –plaintext-file ./file.txt \
    –ciphertext-file ./file.txt.enc                   

  1. Enter the below command to decrypt the file and display the message on the screen.(Replace the keyring and key name that you created above)

gcloud kms decrypt \
    –location “us-central1” \
    –keyring “admin-keyring” \
    –key “admin-key-1” \
    –plaintext-file – \
    –ciphertext-file ./file.txt.enc

You will See below output:

Completion and Conclusion:

  1. In this lab, you have created a Keyring and Key.
  2. You have encrypted and decrypted a file.

Happy Learning !!!

Share At:
0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments
Back To Top

Contact Us