Skip to content
/ gcp-kms-csr-generator Public

A small utility library that creates CSR's where the private key is stored in GCP KMS.

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Fungrim/gcp-kms-csr-generator

BranchesTags

Repository files navigation

GCP KMS CSR Generation

A small utility library that creates CSR's where the private key is stored in GCP KMS.

TL;DR

try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {

  // create builder factory that will cache key meta data
  CsrBuilderFactory factory = CsrBuilderFactory.builder(client)
    .withKeyCacheDuration(Duration.ofMinutes(20))
    .build();
    
  // you need a key for the csr
  String resourceId = "projects/your-project/locations/your-location/keyRings/your-keyring/cryptoKeys/your-key/cryptoKeyVersions/version"
  CryptoKeyVersionName keyName = CryptoKeyVersionName.parse(resourceId);
            
  // create a csr using a builder
  String csrPem = factory.builder()
    .forPrincipal(new X500Principal("CN=io.github.fungrim, O=Fungrim Consulting AB, OU=, C=SE, L=Stockholm"))
    .withKey(keyName)
    .build()
    .asPem();

  // profit!!
  System.out.println(csrPem);
          
}

About

A small utility library that creates CSR's where the private key is stored in GCP KMS.

Topics

java cryptography kms gcp java-8 csr bouncy-castle digital-signatures gcp-kms

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Languages