Cloud KMS for PHP
Idiomatic PHP client for Cloud KMS .
NOTE:This repository is part of Google Cloud PHP . Any support requests, bug reports, or development contributions should be directed to that project.
Installation
To begin, install the preferred dependency manager for PHP, Composer .
Now install this component:
$ composer require google/cloud-kms
This component supports both REST over HTTP/1.1 and gRPC. In order to take advantage of the benefits offered by gRPC (such as streaming methods) please see our gRPC installation guide .
Authentication
Please see our Authentication guide for more information on authenticating your client. Once authenticated, you'll be ready to start making requests.
Sample
require __DIR__ . '/vendor/autoload.php';
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\CryptoKey;
use Google\Cloud\Kms\V1\CryptoKey\CryptoKeyPurpose;
use Google\Cloud\Kms\V1\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\KeyRing;
$client = new KeyManagementServiceClient();
$projectId = 'example-project';
$location = 'global';
// Create a keyring
$keyRingId = 'example-keyring';
$locationName = $client::locationName($projectId, $location);
$keyRingName = $client::keyRingName($projectId, $location, $keyRingId);
try {
$keyRing = $client->getKeyRing($keyRingName);
} catch (ApiException $e) {
if ($e->getStatus() === 'NOT_FOUND') {
$keyRing = new KeyRing();
$keyRing->setName($keyRingName);
$client->createKeyRing($locationName, $keyRingId, $keyRing);
}
}
// Create a cryptokey
$keyId = 'example-key';
$keyName = $client::cryptoKeyName($projectId, $location, $keyRingId, $keyId);
try {
$cryptoKey = $client->getCryptoKey($keyName);
} catch (ApiException $e) {
if ($e->getStatus() === 'NOT_FOUND') {
$cryptoKey = new CryptoKey();
$cryptoKey->setPurpose(CryptoKeyPurpose::ENCRYPT_DECRYPT);
$cryptoKey = $client->createCryptoKey($keyRingName, $keyId, $cryptoKey);
}
}
// Encrypt and decrypt
$secret = 'My secret text';
$response = $client->encrypt($keyName, $secret);
$cipherText = $response->getCiphertext();
$response = $client->decrypt($keyName, $cipherText);
$plainText = $response->getPlaintext();
assert($secret === $plainText);
Version
This component is considered GA (generally available). As such, it will not introduce backwards-incompatible changes in any minor or patch releases. We will address issues and requests with the highest priority.
Next Steps
- Understand the official documentation .