@google-cloud/kms
Advanced tools
@google-cloud/kms is a Node.js client library for Google Cloud Key Management Service (KMS). It allows you to manage cryptographic keys for your cloud services the same way you do on-premises. You can create, use, rotate, and destroy cryptographic keys, and it supports both symmetric and asymmetric keys.
Create a Key Ring
This code sample demonstrates how to create a new key ring in Google Cloud KMS. A key ring is a grouping of keys that allows you to manage them together.
const { KeyManagementServiceClient } = require('@google-cloud/kms');
const client = new KeyManagementServiceClient();
async function createKeyRing() {
const locationId = 'global';
const keyRingId = 'my-key-ring';
const parent = client.locationPath('my-project', locationId);
const [keyRing] = await client.createKeyRing({
parent: parent,
keyRingId: keyRingId,
keyRing: {}
});
console.log(`Created key ring: ${keyRing.name}`);
}
createKeyRing();Create a Crypto Key
This code sample demonstrates how to create a new cryptographic key within a key ring. The key can be used for encryption and decryption.
const { KeyManagementServiceClient } = require('@google-cloud/kms');
const client = new KeyManagementServiceClient();
async function createCryptoKey() {
const locationId = 'global';
const keyRingId = 'my-key-ring';
const cryptoKeyId = 'my-crypto-key';
const parent = client.keyRingPath('my-project', locationId, keyRingId);
const [cryptoKey] = await client.createCryptoKey({
parent: parent,
cryptoKeyId: cryptoKeyId,
cryptoKey: {
purpose: 'ENCRYPT_DECRYPT',
versionTemplate: {
algorithm: 'GOOGLE_SYMMETRIC_ENCRYPTION'
}
}
});
console.log(`Created crypto key: ${cryptoKey.name}`);
}
createCryptoKey();Encrypt Data
This code sample demonstrates how to encrypt data using a cryptographic key. The plaintext data is encrypted and the ciphertext is returned.
const { KeyManagementServiceClient } = require('@google-cloud/kms');
const client = new KeyManagementServiceClient();
async function encryptData() {
const locationId = 'global';
const keyRingId = 'my-key-ring';
const cryptoKeyId = 'my-crypto-key';
const name = client.cryptoKeyPath('my-project', locationId, keyRingId, cryptoKeyId);
const plaintext = Buffer.from('my sensitive data').toString('base64');
const [result] = await client.encrypt({
name: name,
plaintext: plaintext
});
console.log(`Encrypted data: ${result.ciphertext}`);
}
encryptData();Decrypt Data
This code sample demonstrates how to decrypt data that was previously encrypted using a cryptographic key. The ciphertext is decrypted and the original plaintext is returned.
const { KeyManagementServiceClient } = require('@google-cloud/kms');
const client = new KeyManagementServiceClient();
async function decryptData() {
const locationId = 'global';
const keyRingId = 'my-key-ring';
const cryptoKeyId = 'my-crypto-key';
const name = client.cryptoKeyPath('my-project', locationId, keyRingId, cryptoKeyId);
const ciphertext = '...'; // The encrypted data
const [result] = await client.decrypt({
name: name,
ciphertext: ciphertext
});
console.log(`Decrypted data: ${Buffer.from(result.plaintext, 'base64').toString()}`);
}
decryptData();The aws-sdk package for Node.js provides a comprehensive set of tools for interacting with AWS services, including AWS Key Management Service (KMS). It allows you to create, manage, and use cryptographic keys in a similar way to @google-cloud/kms, but within the AWS ecosystem.
The azure-keyvault-keys package for Node.js provides functionality for managing cryptographic keys in Azure Key Vault. It offers similar capabilities to @google-cloud/kms, such as creating, using, and managing keys, but is designed for use with Microsoft Azure services.
The node-jose package is a JavaScript library for JSON Object Signing and Encryption (JOSE). It provides tools for working with JSON Web Tokens (JWT), JSON Web Encryption (JWE), and JSON Web Keys (JWK). While it is not a cloud-specific service, it offers similar cryptographic functionalities for key management and data encryption/decryption.
Google Cloud Key Management Service (KMS) API client for Node.js
Read more about the client libraries for Cloud APIs, including the older Google APIs Client Libraries, in Client Libraries Explained.
Table of contents:
npm install @google-cloud/kms
async function quickstart(
projectId = 'your-project-id' // Your GCP projectId
) {
// Imports the @google-cloud/kms client library
const kms = require('@google-cloud/kms');
// Instantiates an authorized client
const client = new kms.KeyManagementServiceClient();
// Lists keys in the "global" location.
const locationId = 'global';
// Lists key rings
const parent = client.locationPath(projectId, locationId);
const [keyRings] = await client.listKeyRings({parent});
// Display the results
if (keyRings.length) {
console.log('Key rings:');
keyRings.forEach(keyRing => console.log(keyRing.name));
} else {
console.log(`No key rings found.`);
}
}
Samples are in the samples/ directory. The samples' README.md
has instructions for running the samples.
| Sample | Source Code | Try it |
|---|---|---|
| Add Member To Crypto Key Policy | source code |  |
| Add Member To Key Ring Policy | source code | |
| Create Crypto Key | source code | |
| Create Crypto Key Version | source code | |
| Create Keyring | source code | |
| Decrypt | source code | |
| Destroy Crypto Key Version | source code | |
| Disable Crypto Key Version | source code | |
| Enable Crypto Key Version | source code | |
| Encrypt | source code | |
| Get Crypto Key | source code | |
| Get Crypto Key Iam Policy | source code | |
| Get Keyring | source code | |
| Get Keyring Iam Policy | source code | |
| List Crypto Key Versions | source code | |
| List Crypto Keys | source code | |
| List Keyrings | source code | |
| Quickstart | source code | |
| Remove Member Crypto Key Policy | source code | |
| Remove Member From Key Ring Policy | source code | |
| Restore Crypto Key Version | source code | |
| Set Primary Crypto Key Version | source code | |
The Google Cloud Key Management Service Node.js Client API Reference documentation also contains samples.
This library follows Semantic Versioning.
This library is considered to be in beta. This means it is expected to be mostly stable while we work toward a general availability release; however, complete stability is not guaranteed. We will address issues and requests against beta libraries with a high priority.
More Information: Google Cloud Platform Launch Stages
Contributions welcome! See the Contributing Guide.
Apache Version 2.0
See LICENSE
FAQs
Google Cloud Key Management Service (KMS) API client for Node.js
The npm package @google-cloud/kms receives a total of 51,987 weekly downloads. As such, @google-cloud/kms popularity was classified as popular.
We found that @google-cloud/kms demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.