Use Cloud KMS To Encrypt Passphrase Part 1
Scenario: User requiring application to encrypt “passphrase” before it is stored in database
Tech stack: Firestore, Cloud KMS, Cloud Run, Cloud Code , Flask, Python, Visual Studio Code (VS Code)
Requirements:
(1) Create API service to (a) Retrieve all user profiles (b) Retrieve user profile by Id (c) Add user profile
(2) Encrypt the “passphrase” attribute using Cloud KMS (Key Management Service) before saving to Firestore document database
(3) Develop and test locally using VS Code and then deploy to Google cloud using Cloud Code and Cloud Run
Outcome:
Step 1: Prerequisites
- Setup Google Cloud (GCP) account
- Download VS Code. Install extensions for Python and Cloud Code
Step 2: Create new GCP Project and enable API for Firestore database
- Project Name — KMSTESTPROJ; Project ID — kmstestproj
- From Navigation Menu select “Firestore”
Step 4: Create Cloud KMS Credentials
- Enable Access to APIs for your Google Project (KMSTESTPROJ)
- Create symmetric encryption keys using console or gcloud option
- Note the following information: region = us-east1
- key ring name = kmstestprojkeyring
- key name = kmstestkeyname
Step 5: Setup local development environment
- Install Cloud SDK to your local (skip if already installed)
- Create new folder “kmstest”. Open folder in VS Code
- In new terminal type command “gcloud init” and on prompt select google email/region/project
- Authorize access by typing “gcloud auth login”
- Screen after successful login
Lets Code => Continue to Part 2