Difference between revisions of "KMS PATH"

0) Obtain KMS_PATH

gcloud kms keys list --location global --keyring sops
NAME                                                                                           PURPOSE          ALGORITHM                   
PROTECTION_LEVEL  LABELS  PRIMARY_ID  PRIMARY_STATE
projects/your-project/locations/global/keyRings/sops/cryptoKeys/sops-encryption-key            ENCRYPT_DECRYPT  GOOGLE_SYMMETRIC_ENCRYPTION  HSM                       
1           ENABLED
projects/your-project/locations/global/keyRings/sops/cryptoKeys/sops-encryption-key-data-lake  ENCRYPT_DECRYPT  GOOGLE_SYMMETRIC_ENCRYPTION  HSM                       
1           ENABLED
projects/your-project/locations/global/keyRings/sops/cryptoKeys/sops-key                       ENCRYPT_DECRYPT  GOOGLE_SYMMETRIC_ENCRYPTION  
SOFTWARE                  1           DESTROYED 

1) Encrypt using KMS_PATH

• sops --encrypt --gcp-kms $KMS_PATH secret.yaml > secret.yaml.sops

Related[edit]

• SOPS_GCP_KMS environment variable

See also[edit]

• GCP KMS, EKM: gcloud kms [ keys | encrypt | keyrings ]
• SOPS, sops | sops -d | sops -e | sops exec-env | sops exec-file | sops publish | sops keyservice | sops groups | sops updatekeys | sops --help
• KMS, Customer Master Key (CMK), GCP KMS, AWS Key Management Service (KMS) (aws kms), Google Cloud KMS (gcloud kms), Azure Key Vault, KMS v2 API, Kubernetes Key Management Service