Google Cloud Function : support for Google Cloud KMS

I am using a Google Cloud Function (GCF) with a Pubsub trigger which sends a HTTP request to a third party API. The GCF receives notifications from a Pubsub topic used by a service which should...

Editing or deleting a key ring from the console

This a newbie security/console question...I created a key ring in my project in a specific (wrong) location, Europe. I can't see any way in the console to edit or even delete a key ring. The key...

issue with importing dependencies while running Dataflow from google cloud composer

I'm running Dataflow from google cloud composer, the dataflow script contains some non-standard dependencies like zeep, googleads. which are required to be installed on dataflow worker nodes, so I...

Permission denied on Cloud KMS key when using cloud storage

I am using cloud storage upload a file with kms key. Here is my code: await storage.bucket(config.bucket).upload(file, { kmsKeyName:...

Google Cloud Build doesn't substitute values in secrets section of cloudbuild.yaml

I'm trying to create a Cloud Build trigger where secret environment variables are encrypted with cloud KMS and stored as a substitution variable in Cloud Build. This way my cloud build yaml is...

Google Cloud KMS java.lang.NoSuchMethodError: com.google.common.base.Preconditions.checkArgument(ZLjava/lang/String;CLjava/lang/Object;)V

I am using the java client library for KMS. The KeyManagementServiceClient.create() method shown here is throwing the above exception. Guava dependencies look okay - 27.1-jre public String...

Gooble Cloud KMS: code freezes on calling kms client

I want to encrypt and decrypt son values by using google cloud kms and I am using this code as example...

How to handle secrets in Google App Engine?

My application needs a bunch of secrets to run: database credentials, API credentials, etc. It's running in Google App Engine Standard Java 11. I need these secrets as environment variables or as...

NPM authentication for private module with Google App Engine

I am trying to deploy a node application which imports a private npm module to Google App Engine. I'm still stuck at npm install failing due to Unable to authenticate, need: Basic realm="GitHub...

How to authenticate to GCP from a containerized Dockerfile

I am trying to build a new Docker image dynamically using a Cloud Build trigger job, however I fail to see how to safely retrieve my credentials to authenticate against GCP with a service...

What are the difference between the KMS and secret manager in GCP?

I am wondering if you please help me out with the following question. What are the differences between the KMS and the secret manager in GCP? Thank you in advance....

Can't update cryptokey in us-central1

For some reason I can't seem to be able to update keys in the us-central1 region. My IAM have both the update and list roles and I use this code: import google.cloud.kms as kms self.client =...

How to specify secretEnv to cloudbuild.yaml via gcloud cli args or environment variables

If I follow the cloud build document, I have to specify encrypted secret on cloudbuild.yaml. secrets: - kmsKeyName:...

Access environment variables stored in Google Secret Manager from Google Cloud Build

How can I access the variables I define in Google Secret Manager from my Google Cloud Build Pipeline ?

For the deidentify_with_fpe() Python API wrapper for google DLP what are the arguments needed to pass through?

I am working through the google cloud dlp api documentation available here specifically this question is about deidentify_with_fpe(). My question is what is the format of the arguments needing the...

Spring boot with KMS

My Spring boot microservice is running in a docker container. It requires an encryption key for encrypting the incoming payload. I thought of using AWS KMS for storing the keys. Reading them at...

Digital signatures in pdf

I'm trying to digitally sign a pdf file using a PKCS#7 formatted signature in NodeJS. The setup: Node-forge does a great job at generating PKCS#7 format. I've already validated that the end output...

NoClassDefFoundError: com/google/cloud/kms/v1/KeyManagementServiceClient

I am writing for the first time here so I apologize if I should be adding more to the question. I am creating an application with java, and attempting to create a KeyManagementServiceClient...

Unexpected Error on Google Cloud Build Deploy to Firebase Hosting

I have previously managed to deploy small projects to firebase hosting with google cloud build. My current project includes functions, but my deploy script is --only:hosting I understand this is...

IllegalAccessError: tried to access field com.google.protobuf.AbstractMessage.memoizedSize while using KMS decrypt

Am facing the following error while trying to decrpyt a cipher string using Google KSM SDK version 1.40.0. Code used: try (KeyManagementServiceClient keyManagementServiceClient =...

Using Google Cloud Secret as environment variables in Google Cloud Build

I'm deploying my Node apps to Google Cloud Run using Cloud Build and I want to run some tests during the build. My tests require some environment variables, so I have been following this guide to...

Tri-Secret benefits

I am wondering what the functional benefits are of applying Tri-Secret Managed Key security in Snowflake warehouses? From what I understand: the Tri-Secret method let's you define your own...

fastlane gym `Could not find rake-13.0.3 in any of the sources`

When I run the gym command I get this weird error. [16:20:23]: ▸ Could not find rake-13.0.3 in any of the sources [16:20:23]: ▸ Run `bundle install` to install missing gems. Here is the full...

spark gcp dataproc dependency error with guava

Our project uses gradle and scala to build spark app, but I've added gcp kms library and now when this runs on dataproc it errors with missing guava method: java.lang.noSuchMethodError:...

Using apache-airflow-providers-snowflake on airflow (no module named Snowflake)

I have installed package apache-airflow-providers-snowflake on airflow on docker and i am getting error No module named Snowflake Please refer attachment (check the error mentioned for the...

How to store a CloudSQL client SSL certificate in GCP Keychain

I am not sure what options to use when storing a CloudSQL ssl certificate in the Google Cloud key chain, my import job fails. Which are the correct encryption options for a client SSL...

Could not find rake-12.3.3 in any of the sources when using fastlane

when I execute this command to compile my project: sudo bundle exec fastlane beta shows this error: Could not find rake-12.3.3 in any of the sources Run `bundle install` to install missing...

import error after upgrade to airflow2.0.2

Received an import error after upgrading to airflow2.0.2-python3.7 image. Package seems to be installed, not sure what is causing the issue and how to fix it. Tried to uninstalling and...

Question about signature verification using Cloud KMS

I'm trying to verify a signature generated with Google's cloud KMS, but I keep getting invalid responses. Here's how I'm testing it: const versionName = client.cryptoKeyVersionPath( ...

Hashicorp Vault - Database Secrets Engine Not Visible in UI

I created a new user in Hashicorp Vault so as to prevent the usage of the root token. The following policy was applied: # Manage auth methods broadly across Vault path "auth/*" { capabilities =...