#google-cloud #key-management #kms #gcp

google-cloud-kms

Google Cloud Platform Key Management Service client library

6 releases (breaking)

0.5.1 Sep 22, 2024
0.5.0 Sep 2, 2024
0.4.0 Jul 12, 2024
0.3.0 Jun 27, 2024
0.1.0 May 7, 2024

#11 in #kms

Download history 94/week @ 2024-06-24 16/week @ 2024-07-01 95/week @ 2024-07-08 7/week @ 2024-07-15 5/week @ 2024-07-22 2/week @ 2024-07-29 36/week @ 2024-08-05 18/week @ 2024-08-12 4/week @ 2024-08-19 8/week @ 2024-08-26 165/week @ 2024-09-02 63/week @ 2024-09-09 248/week @ 2024-09-16 173/week @ 2024-09-23 130/week @ 2024-09-30 69/week @ 2024-10-07

623 downloads per month
Used in integrationos-domain

MIT license

8MB
139K SLoC

Bazel 112K SLoC // 0.1% comments Rust 27K SLoC // 0.0% comments Shell 181 SLoC // 0.3% comments Go 148 SLoC // 0.2% comments Forge Config 1 SLoC // 0.8% comments

google-cloud-kms

Google Cloud Platform Key Management Service Client library.

crates.io

Installation

[dependencies]
google-cloud-kms = "version"

Authentication

There are two ways to create a client that is authenticated against the google cloud.

Automatically

The function with_auth() will try and read the credentials from a file specified in the environment variable GOOGLE_APPLICATION_CREDENTIALS, GOOGLE_APPLICATION_CREDENTIALS_JSON or from a metadata server.

This is also described in google-cloud-auth

use google_cloud_kms::client::{Client, ClientConfig};

async fn run() {
    let config = ClientConfig::default().with_auth().await.unwrap();
    let client = Client::new(config);
}

Manually

When you can't use the gcloud authentication but you have a different way to get your credentials (e.g a different environment variable) you can parse your own version of the 'credentials-file' and use it like that:

use google_cloud_auth::credentials::CredentialsFile;
// or google_cloud_kms::client::google_cloud_auth::credentials::CredentialsFile
use google_cloud_kms::client::{Client, ClientConfig};

async fn run(cred: CredentialsFile) {
   let config = ClientConfig::default().with_credentials(cred).await.unwrap();
   let client = Client::new(config);
}

Usage

Key ring operations

use std::collections::HashMap;
use prost_types::FieldMask;
use google_cloud_googleapis::cloud::kms::v1::{CreateKeyRingRequest, GetKeyRingRequest, ListKeyRingsRequest};
use google_cloud_kms::client::{Client, ClientConfig};

async fn run(config: ClientConfig) {

    // Create client
    let client = Client::new(config).await.unwrap();

    // Key ring
    // create
    match client
        .create_key_ring(
            CreateKeyRingRequest {
                parent: "projects/qovery-gcp-tests/locations/europe-west9".to_string(),
                key_ring_id: "123-456".to_string(),
                key_ring: None,
            },
            None,
        )
        .await
    {
        Ok(mut r) => println!("Created key ring {:?}", r),
        Err(err) => panic!("err: {:?}", err),
    };

    // list
    match client
        .list_key_rings(
            ListKeyRingsRequest {
                parent: "projects/qovery-gcp-tests/locations/europe-west9".to_string(),
                page_size: 5,
                page_token: "".to_string(),
                filter: "".to_string(),
                order_by: "".to_string(),
            },
            None,
        )
        .await
    {
        Ok(response) => {
            println!("List key rings");
            for r in response.key_rings {
                println!("- {:?}", r);
            }
        }
        Err(err) => panic!("err: {:?}", err),
    };

    // get
    match client
        .get_key_ring(
            GetKeyRingRequest {
                name: "projects/qovery-gcp-tests/locations/europe-west9/keyRings/key-ring-for-documentation"
                    .to_string(),
            },
            None,
        )
        .await
    {
        Ok(response) => {
            println!("Get keyring: {:?}", response);
        }
        Err(err) => panic!("err: {:?}", err),
    }
}

Ethereum Integration

Enable 'eth' feature.

[dependencies]
google-cloud-kms = { version="version", features=["eth"] }
use ethers::prelude::SignerMiddleware;
use ethers::providers::{Http, Middleware, Provider};
use ethers_core::types::{TransactionReceipt, TransactionRequest};
use ethers_signers::Signer as EthSigner;
use google_cloud_kms::client::Client;
use google_cloud_kms::signer::ethereum::{Error, Signer};

pub async fn send_bnb(client: Client, key_name: &str, rpc_node: &str) {

    // BSC testnet
    let chain_id = 97;

    let signer = Signer::new(client, key_name, chain_id, None).await.unwrap();
    let provider = Provider::<Http>::try_from(rpc_node).unwrap();

    let signer_address = signer.address();
    let eth_client = SignerMiddleware::new_with_provider_chain(provider, signer).await.unwrap();

    let tx = TransactionRequest::new()
            .to(signer_address)
            .value(100_000_000_000_000_u128)
            .gas(1_500_000_u64)
            .gas_price(4_000_000_000_u64)
            .chain_id(chain_id); 

    let res = eth_client.send_transaction(tx, None).await.unwrap();
    let receipt: TransactionReceipt = res.confirmations(3).await.unwrap().unwrap();
}

Dependencies

~14–31MB
~568K SLoC