shh
. This value can be encrypted using either the Google KMS (reccommended for productio usage) or a Java Keystore loaded from the runtime's filesystem (most useful for development purposes).shh
) will be encrypted with a particular secret-key with a particular version of that key. The CLI will encode this value so that it can be parsed properly by the connector in order to determine the correct manner to locate keys for decryption.enc
), was encrypted using a Java Keystore (i.e., the JKS
keystore type) using a filename called crypto.p12
, and using the key with an alias of secret0
and the aes_gcm
encryption algorithm (which is a particular variant supported by the Connector). Next, a cipher_message encodes cipher_text
as well as other meta-data used to decrypt the secret value (see here for more details).myEncryptionSecret
:help
command inside the crypto cli./keystores/mykeystore.p12
you would run the container using: mykeystore.p12
:/gcp/my-service-account.json
then I would provide my key file via the following docker command: