Skip to content

feat: add GCP Cloud KMS support for encryption/decryption#8

Open
gokulJuspay wants to merge 1 commit into
sinha-sahil:releasefrom
gokulJuspay:feat/gcp-kms-support
Open

feat: add GCP Cloud KMS support for encryption/decryption#8
gokulJuspay wants to merge 1 commit into
sinha-sahil:releasefrom
gokulJuspay:feat/gcp-kms-support

Conversation

@gokulJuspay
Copy link
Copy Markdown

@gokulJuspay gokulJuspay commented Mar 24, 2026

  • Add GCPKMSClient for encrypting and decrypting data using GCP Cloud KMS
  • Support authentication via GCP metadata server (OAuth2 tokens)
  • Add GCPKMSConfig with builder pattern and from_env() for configuration
  • Add encrypt() and decrypt() methods with base64 encoding support
  • Enable json feature for reqwest to support API requests
  • Add comprehensive unit tests for config builder and key resource paths

Environment variables:

  • GCP_PROJECT_ID (required)
  • GCP_KEY_RING (required)
  • GCP_KEY_NAME (required)
  • GCP_LOCATION (optional, default: global)
  • GCP_KMS_BASE_URL (optional)
  • GCP_METADATA_URL (optional)

@gokulJuspay gokulJuspay force-pushed the feat/gcp-kms-support branch from bcf1e26 to 854f54d Compare March 24, 2026 10:50
itz-Pratham
itz-Pratham reviewed Mar 24, 2026
View reviewed changes
Comment thread src/config/gcp.rs Outdated
self
}

pub fn build(self) -> Option<GcpKmsConfig> {
Copy link
Copy Markdown

@itz-Pratham itz-Pratham Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

u can make it pub fn build(self) -> Result<GcpKmsConfig, GcpConfigError>
in aws, since we have the crate, there is fallback. here there is none. So we should be strict here.

@gokulJuspay gokulJuspay force-pushed the feat/gcp-kms-support branch from 854f54d to 16c9ee6 Compare March 25, 2026 05:48
sinha-sahil
sinha-sahil reviewed Mar 25, 2026
View reviewed changes
Comment thread src/gcp/ckms.rs
@@ -0,0 +1,309 @@
use base64::{Engine, engine::general_purpose::STANDARD};
Copy link
Copy Markdown
Owner

@sinha-sahil sinha-sahil Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lets name it ckms

@gokulJuspay gokulJuspay force-pushed the feat/gcp-kms-support branch from 16c9ee6 to d376e7c Compare April 6, 2026 07:13
@gokulJuspay
feat: add GCP Cloud KMS support for encryption/decryption
f2c98cc 
- Add GCPKMSClient for encrypting and decrypting data via GCP Cloud KMS
- Support authentication via GCP metadata server (OAuth2 tokens)
@gokulJuspay gokulJuspay force-pushed the feat/gcp-kms-support branch from d376e7c to f2c98cc Compare May 15, 2026 11:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sinha-sahil sinha-sahil sinha-sahil left review comments

+1 more reviewer

@itz-Pratham itz-Pratham itz-Pratham left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gokulJuspay @sinha-sahil @itz-Pratham