shh. This value can be encrypted using either the Google KMS (reccommended for productio usage) or a Java Keystore loaded from the runtime's filesystem (most useful for development purposes).
shh) will be encrypted with a particular secret-key with a particular version of that key. The CLI will encode this value so that it can be parsed properly by the connector in order to determine the correct manner to locate keys for decryption.
enc), was encrypted using a Java Keystore (i.e., the
JKSkeystore type) using a filename called
crypto.p12, and using the key with an alias of
aes_gcmencryption algorithm (which is a particular variant supported by the Connector). Next, a cipher_message encodes
cipher_textas well as other meta-data used to decrypt the secret value (see here for more details).
helpcommand inside the crypto cli.
/keystores/mykeystore.p12you would run the container using:
/gcp/my-service-account.jsonthen I would provide my key file via the following docker command: