This page shows how to get started with the Cloud Client Libraries for the Cloud Key Management Service API. Read more about the client libraries for Cloud APIs in Client Libraries Explained.
Installing the client library
C#
For more information, see Setting Up a C# Development Environment.
Using PowerShell or the Visual Studio Package Manager Console:
Install-Package "Google.Cloud.Kms.V1" -Version "2.0.0-beta03"
Using the dotnet CLI:
dotnet add package "Google.Cloud.Kms.V1" -Version "2.0.0-beta03"
Go
For more information, see Setting Up a Go Development Environment.
go get -u "cloud.google.com/go/kms/apiv1"
Java
For more information, see Setting Up a Java Development Environment.
如果您使用的是 Maven,请将以下代码添加到您的 pom.xml
文件中。如需详细了解 BOM,请参阅 Google Cloud Platform 库 BOM。
如果您使用的是 Gradle,请将以下代码添加到您的依赖项中:
如果您使用的是 sbt,请将以下代码添加到您的依赖项中:
如果您使用的是 IntelliJ 或 Eclipse,请通过以下 IDE 插件将客户端库添加到您的项目中:
上述插件还提供其他功能,例如服务帐号密钥管理。如需了解详情,请参阅各个插件相应的文档。
Node.js
For more information, see Setting Up a Node.js Development Environment.
npm install --save "@google-cloud/kms"
PHP
For more information, see Using PHP on Google Cloud.
composer require "google/cloud-kms"
Python
For more information, see Setting Up a Python Development Environment.
pip install --upgrade "google-cloud-kms"
Ruby
For more information, see Setting Up a Ruby Development Environment.
gem install "google-cloud-kms"
Setting up authentication
To run the client library, you must first set up authentication by creating a service account and setting an environment variable. Complete the following steps to set up authentication. For other ways to authenticate, see the GCP authentication documentation.
Cloud Console
-
在 Cloud Console 中,转到创建服务帐号密钥页面。
转到“创建服务帐号密钥”页面 - 从服务帐号列表中,选择新的服务帐号。
- 在服务帐号名称字段中,输入一个名称。
从角色列表中,选择 Project > Owner。
- 点击创建。包含密钥的 JSON 文件就会下载到计算机。
命令行
您可以使用本地机器上的 Cloud SDK 或在 Cloud Shell 中运行以下命令。
-
创建服务帐号。将 NAME 替换为服务帐号的名称。
gcloud iam service-accounts create NAME
-
向服务帐号授予权限。将 PROJECT_ID 替换为您的项目 ID。
gcloud projects add-iam-policy-binding PROJECT_ID --member="serviceAccount:NAME@PROJECT_ID.iam.gserviceaccount.com" --role="roles/owner"
-
生成密钥文件。将 FILE_NAME 替换为密钥文件的名称。
gcloud iam service-accounts keys create FILE_NAME.json --iam-account=NAME@PROJECT_ID.iam.gserviceaccount.com
通过设置环境变量 GOOGLE_APPLICATION_CREDENTIALS
向应用代码提供身份验证凭据。
将 [PATH] 替换为包含您的服务帐号密钥的 JSON 文件的路径。此变量仅适用于当前的 Shell 会话,因此,如果您打开新的会话,请重新设置该变量。
Linux 或 macOS
export GOOGLE_APPLICATION_CREDENTIALS="[PATH]"
例如:
export GOOGLE_APPLICATION_CREDENTIALS="/home/user/Downloads/my-key.json"
Windows
使用 PowerShell:
$env:GOOGLE_APPLICATION_CREDENTIALS="[PATH]"
例如:
$env:GOOGLE_APPLICATION_CREDENTIALS="C:\Users\username\Downloads\my-key.json"
使用命令提示符:
set GOOGLE_APPLICATION_CREDENTIALS=[PATH]
Using the client library
The following example shows how to use the client library.
C#
To learn how to install and use the client library for Cloud KMS, see the Cloud KMS Client Libraries. For more information, see the Cloud KMS C# API reference documentation.
Go
To learn how to install and use the client library for Cloud KMS, see the Cloud KMS Client Libraries. For more information, see the Cloud KMS Go API reference documentation.
Java
To learn how to install and use the client library for Cloud KMS, see the Cloud KMS Client Libraries. For more information, see the Cloud KMS Java API reference documentation.
Node.js
To learn how to install and use the client library for Cloud KMS, see the Cloud KMS Client Libraries. For more information, see the Cloud KMS Node.js API reference documentation.
PHP
To learn how to install and use the client library for Cloud KMS, see the Cloud KMS Client Libraries. For more information, see the Cloud KMS PHP API reference documentation.
Python
To learn how to install and use the client library for Cloud KMS, see the Cloud KMS Client Libraries. For more information, see the Cloud KMS Python API reference documentation.
Ruby
To learn how to install and use the client library for Cloud KMS, see the Cloud KMS Client Libraries. For more information, see the Cloud KMS Ruby API reference documentation.
Next steps
Learn how to programmatically encrypt and decrypt data.
- Encrypting and decrypting data with a symmetric key
- Encrypting and decrypting data with an asymmetric key