org.apache.beam.it.gcp.kms

Class KMSResourceManager

java.lang.Object

org.apache.beam.it.gcp.kms.KMSResourceManager

All Implemented Interfaces:

org.apache.beam.it.common.ResourceManager

public class KMSResourceManager
extends java.lang.Object
implements org.apache.beam.it.common.ResourceManager

Client for managing Cloud KMS resources.

The class supports one keyring and multiple crypto keys per keyring object.

The class is thread-safe.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	KMSResourceManager.Builder Builder for KMSResourceManager.

Method Summary

Modifier and Type	Method and Description
static KMSResourceManager.Builder	builder(java.lang.String projectId, com.google.api.gax.core.CredentialsProvider credentialsProvider)
void	cleanupAll()
java.lang.String	decrypt(java.lang.String keyRingId, java.lang.String keyId, java.lang.String ciphertext) Decrypt the given ciphertext using the crypto key specified.
java.lang.String	encrypt(java.lang.String keyRingId, java.lang.String keyId, java.lang.String message) Encrypt the given message using the crypto key specified.
com.google.cloud.kms.v1.CryptoKey	getOrCreateCryptoKey(java.lang.String keyRingId, java.lang.String keyName) Retrieves a KMS crypto key, creating it if it does not exist.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

builder

public static KMSResourceManager.Builder builder(java.lang.String projectId,
                                                 com.google.api.gax.core.CredentialsProvider credentialsProvider)

getOrCreateCryptoKey

public com.google.cloud.kms.v1.CryptoKey getOrCreateCryptoKey(java.lang.String keyRingId,
                                                              java.lang.String keyName)

Retrieves a KMS crypto key, creating it if it does not exist. If the given keyring also does not already exist, it will be created.

Parameters:

keyRingId - The name of the keyring to insert the key to.

keyName - The name of the KMS crypto key to retrieve.

Returns:

the created CryptoKey.

encrypt

public java.lang.String encrypt(java.lang.String keyRingId,
                                java.lang.String keyId,
                                java.lang.String message)

Encrypt the given message using the crypto key specified. The given crypto key should exist within the given keyring.

The given message should be in UTF-8 String format.

The resulting ciphertext is encoded in Base64 String format.

Parameters:

keyRingId - The name of the keyring that contains the given key.

keyId - The name of the key to use for encryption.

message - The message to encrypt.

Returns:

The ciphertext of the encrypted message.

decrypt

public java.lang.String decrypt(java.lang.String keyRingId,
                                java.lang.String keyId,
                                java.lang.String ciphertext)

Decrypt the given ciphertext using the crypto key specified. The given crypto key should exist within the given keyring.

The given ciphertext should be in Base64 String format.

The resulting decrypted message is encoded in UTF-8 String format.

Parameters:

keyRingId - The name of the keyring that contains the given key.

keyId - The name of the key to use for decryption.

ciphertext - The ciphertext to decrypt.

Returns:

The decrypted message.

cleanupAll

public void cleanupAll()

Specified by:

cleanupAll in interface org.apache.beam.it.common.ResourceManager