Class GoogleKmsEncryptedPropertyFormat

  • All Implemented Interfaces:
    SecretPropertyFormat, SecretDecoder

    public class GoogleKmsEncryptedPropertyFormat
    extends Object
    implements SecretPropertyFormat
    A SecretPropertyFormat for the PropertyResolverSecretStore that can decrypt secrets using a Google KMS decryption key. Supports either symmetric or asymmetric decryption algorithms.

    Note: the output of gcloud kms encrypt is a binary file. As Commons Config properties must be strings, this property format class assumes that the data is base64-encoded. To create a compatible file you should therefore use a two step process:

    
          gcloud kms encrypt --plaintext-file=plaintext.txt --ciphertext-file=ciphertext.enc
          base64 < ciphertext.enc > ciphertext.txt