Google Cloud Key Management Service is a cloud-hosted key management service that lets you manage encryption for your cloud services the same way you do on-premise. You can generate, use, rotate and destroy AES-256 encryption keys. These sample Java applications demonstrate how to access the KMS API using the Google Java API Client Libraries.

You must enable the Google Cloud KMS API for your project in order to use these samples

You must set your project ID in order to run the tests

$export GOOGLE_CLOUD_PROJECT=<your-project-id-here>

You must ensure that the user account or service account you used to authorize your gcloud session has the proper permissions to edit KMS resources for your project. In the Cloud Console under IAM, add the following roles to the project whose service account you're using to test:

• Cloud KMS Admin
• Cloud KMS CryptoKey Encrypter/Decrypter
• Cloud KMS Importer
• Cloud KMS CryptoKey Public Key Viewer
• Cloud KMS CryptoKey Signer/Verifier

More information can be found in the Google KMS Docs

Install Maven.

Build your project with:

mvn clean compile assembly:single

You can run the quickstart with:

java -cp target/kms-samples-1.0.11-jar-with-dependencies.jar \
    com.example.Quickstart [your-project-id] [your-location]

and can see the available snippet commands with:

java -cp target/kms-samples-1.0.11-jar-with-dependencies.jar \
    com.example.Snippets

For example:

java -cp target/kms-samples-1.0.11-jar-with-dependencies.jar \
    com.example.Snippets createKeyRing -p [your-project-id] [your-location] myFirstKeyRing