@rollinginfra/secret-encryption-google-kms

Secret Encryption - Google KMS

Encrypt and decrypt secret strings using the Google KMS service.

Set Up Google KMS

• Open Google KMS in the Google Cloud Console
• Enable the API (if not already enabled) by clicking "Enable API"
• Go to "Security" -> "Key Management" in the Google Cloud Console
• Create a key ring, noting down the key ring name and key ring location for later.
• Create a key in your new key ring, noting down the key name for later. The "Purpose" must be set to "Symmetric encrypt/decrypt". All other settings can have any value.
• (Optional) Use "+ Add Member" on the permissions tab to give the "Cloud KMS CryptoKey Encrypter/Decrypter" role to anyone account that needs to use this secret store.

Set up your local environment

You can set up your local environment by running gcloud init and following the prompts to authenticate.

import SecretEncryptionGoogleKms from '@rollinginfra/secret-encryption-google-kms';

const encryption = new SecretEncryptionGoogleKms({
  googleProjectID: `YOUR_GOOGLE_PROJECT_NAME`,
  keyRingName: `YOUR_KEY_RING_NAME`,
  keyName: `YOUR_KEY_NAME`,
  location: `YOUR_KEY_RING_LOCATION`,
});