Cloud KMS for PHP
Idiomatic PHP client for Cloud KMS.
NOTE: This repository is part of Google Cloud PHP. Any support requests, bug reports, or development contributions should be directed to that project.
Installation
To begin, install the preferred dependency manager for PHP, Composer.
Now install this component:
$ composer require google/cloud-kms
This component supports both REST over HTTP/1.1 and gRPC. In order to take advantage of the benefits offered by gRPC (such as streaming methods) please see our gRPC installation guide.
Authentication
Please see our Authentication guide for more information on authenticating your client. Once authenticated, you'll be ready to start making requests.
Sample
require __DIR__ . '/vendor/autoload.php';
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\CryptoKey;
use Google\Cloud\Kms\V1\CryptoKey\CryptoKeyPurpose;
use Google\Cloud\Kms\V1\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\KeyRing;
$client = new KeyManagementServiceClient();
$projectId = 'example-project';
$location = 'global';
// Create a keyring
$keyRingId = 'example-keyring';
$locationName = $client::locationName($projectId, $location);
$keyRingName = $client::keyRingName($projectId, $location, $keyRingId);
try {
$keyRing = $client->getKeyRing($keyRingName);
} catch (ApiException $e) {
if ($e->getStatus() === 'NOT_FOUND') {
$keyRing = new KeyRing();
$keyRing->setName($keyRingName);
$client->createKeyRing($locationName, $keyRingId, $keyRing);
}
}
// Create a cryptokey
$keyId = 'example-key';
$keyName = $client::cryptoKeyName($projectId, $location, $keyRingId, $keyId);
try {
$cryptoKey = $client->getCryptoKey($keyName);
} catch (ApiException $e) {
if ($e->getStatus() === 'NOT_FOUND') {
$cryptoKey = new CryptoKey();
$cryptoKey->setPurpose(CryptoKeyPurpose::ENCRYPT_DECRYPT);
$cryptoKey = $client->createCryptoKey($keyRingName, $keyId, $cryptoKey);
}
}
// Encrypt and decrypt
$secret = 'My secret text';
$response = $client->encrypt($keyName, $secret);
$cipherText = $response->getCiphertext();
$response = $client->decrypt($keyName, $cipherText);
$plainText = $response->getPlaintext();
assert($secret === $plainText);
Debugging
Please see our Debugging guide for more information about the debugging tools.
Version
This component is considered GA (generally available). As such, it will not introduce backwards-incompatible changes in any minor or patch releases. We will address issues and requests with the highest priority.
Next Steps
- Understand the official documentation.