Skip to content

Fungrim/gcp-kms-csr-generator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

docs

docs

 
 

gradle/wrapper

gradle/wrapper

 
 

lib

lib

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

CHANGELOG.md

CHANGELOG.md

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

build.gradle

build.gradle

 
 

gradle.properties

gradle.properties

 
 

gradlew

gradlew

 
 

gradlew.bat

gradlew.bat

 
 

settings.gradle

settings.gradle

 
 

Repository files navigation

GCP KMS CSR Generation

A small utility library that creates CSR's where the private key is stored in GCP KMS.

TL;DR

try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {

  // create builder factory that will cache key meta data
  CsrBuilderFactory factory = CsrBuilderFactory.builder(client)
    .withKeyCacheDuration(Duration.ofMinutes(20))
    .build();
    
  // you need a key for the csr
  String resourceId = "projects/your-project/locations/your-location/keyRings/your-keyring/cryptoKeys/your-key/cryptoKeyVersions/version"
  CryptoKeyVersionName keyName = CryptoKeyVersionName.parse(resourceId);
            
  // create a csr using a builder
  String csrPem = factory.builder()
    .forPrincipal(new X500Principal("CN=io.github.fungrim, O=Fungrim Consulting AB, OU=, C=SE, L=Stockholm"))
    .withKey(keyName)
    .build()
    .asPem();

  // profit!!
  System.out.println(csrPem);
          
}

About

A small utility library that creates CSR's where the private key is stored in GCP KMS.

Topics

java cryptography kms gcp java-8 csr bouncy-castle digital-signatures gcp-kms

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Languages