0
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

GCP KMSで文字暗号化/複合化

Posted at

公式のドキュメントはファイルを暗号化/複合化する方法しかありませんので、短い文字列(パスワードなど)の暗号化/複合化方法を記載します。

Linux環境が必要ですが、Cloud Shellで実行しても問題ありません。

暗号化

五つ変数値を適切な値に変更し、コピペで実行する

export TARGET_VALUE=1234567890
export PROJECT_ID=project-xxxx
export KEYRING_LOCATION=global
export KEYRING_NAME=keyring-name
export KEY_NAME=api-key

echo -n ${TARGET_VALUE} \
| gcloud kms encrypt \
  --project ${PROJECT_ID} \
  --plaintext-file=- \
  --ciphertext-file=- \
  --location=${KEYRING_LOCATION} \
  --keyring=${KEYRING_NAME} \
  --key=${KEY_NAME} \
| base64 -w 0
実行結果:
CiQA+lBo1CitnyMsruff02M8vtkYj8hNeqvlrWUb6+tv6RIaFXYSMwAWnQXqyTD+IF10De7/w8vUcvHQKnAxF8yTeoJr/OB25ps4DIi2Ou9BF6nh4a7kL9cw+A==

複合化

五つ変数値を適切な値に変更し、コピペで実行する

export TARGET_VALUE=XXXXXXXXXXXXXXXXXXXXX
export PROJECT_ID=virtual-assistant-xxxxxxx
export KEYRING_LOCATION=asia-northeast1
export KEYRING_NAME=keyring-envs
export KEY_NAME=api-key

echo -n ${TARGET_VALUE} \
| base64 -d \
| gcloud kms decrypt \
--project ${PROJECT_ID} \
--plaintext-file=- \
--ciphertext-file=- \
--location=${KEYRING_LOCATION} \
--keyring=${KEYRING_NAME} \
--key=${KEY_NAME}
実行結果:
1234567890
0
1
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
0
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?