Package org.forgerock.secrets.gcpkms

Class GoogleKmsEncryptedPropertyFormat

java.lang.Object

org.forgerock.secrets.gcpkms.GoogleKmsEncryptedPropertyFormat

All Implemented Interfaces:

SecretPropertyFormat, SecretDecoder

public class GoogleKmsEncryptedPropertyFormat
extends Object
implements SecretPropertyFormat

A SecretPropertyFormat for the PropertyResolverSecretStore that can decrypt secrets using a Google KMS decryption key. Supports either symmetric or asymmetric decryption algorithms.

Note: the output of gcloud kms encrypt is a binary file. As Commons Config properties must be strings, this property format class assumes that the data is base64-encoded. To create a compatible file you should therefore use a two step process:

      gcloud kms encrypt --plaintext-file=plaintext.txt --ciphertext-file=ciphertext.enc
      base64 < ciphertext.enc > ciphertext.txt
 

Field Summary

Fields inherited from interface org.forgerock.secrets.SecretDecoder

RAW

Fields inherited from interface org.forgerock.secrets.propertyresolver.SecretPropertyFormat

PLAIN

Constructor Summary

Constructors

Constructor	Description
GoogleKmsEncryptedPropertyFormat(GoogleKmsSecretStore secretStore, Purpose<DataDecryptionKey> purpose)	Initializes the property format with the given secret store and purpose.

Method Summary

Modifier and Type	Method	Description
SecretBuilder	decode(String propertyValue)	Decodes the input property value, setting relevant properties on a SecretBuilder object.
Promise<SecretBuilder,NoSuchSecretException>	decodeToPromise(String propertyValue)	Decodes the input property value, setting relevant properties on a SecretBuilder object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.forgerock.secrets.propertyresolver.SecretPropertyFormat

decodeToPromise

Constructor Details

GoogleKmsEncryptedPropertyFormat

public GoogleKmsEncryptedPropertyFormat(GoogleKmsSecretStore secretStore,
 Purpose<DataDecryptionKey> purpose)

Initializes the property format with the given secret store and purpose. All valid keys for the given purpose will be tried for decryption.

Parameters:

secretStore - the secret store.

purpose - the purpose for decryption.

Method Details

decode

public SecretBuilder decode(String propertyValue)
                     throws NoSuchSecretException

Description copied from interface: SecretPropertyFormat

Decodes the input property value, setting relevant properties on a SecretBuilder object.

Specified by:

decode in interface SecretPropertyFormat

Parameters:

propertyValue - the value of the secret property.

Returns:

the decoded secret information.

Throws:

NoSuchSecretException - If the property value does not contain a value that can be decoded.

decodeToPromise

public Promise<SecretBuilder,NoSuchSecretException> decodeToPromise(String propertyValue)

Description copied from interface: SecretPropertyFormat

Decodes the input property value, setting relevant properties on a SecretBuilder object.

Specified by:

decodeToPromise in interface SecretPropertyFormat

Parameters:

propertyValue - the value of the secret property.

Returns:

a promise of the decoded secret information.