{"id":6906,"date":"2022-05-25T11:15:34","date_gmt":"2022-05-25T02:15:34","guid":{"rendered":"https:\/\/gri.jp\/media\/?p=6906"},"modified":"2023-04-04T17:24:45","modified_gmt":"2023-04-04T08:24:45","slug":"gcp%e3%81%ae%e3%80%8ccloud-kms%e3%80%8d%e3%82%92python%e3%81%a7%e8%a9%a6%e3%81%97%e3%81%a6%e3%81%bf%e3%82%8b","status":"publish","type":"post","link":"https:\/\/gri.jp\/media\/entry\/6906","title":{"rendered":"GCP\u306e\u300cCloud KMS\u300d\u3092Python\u3067\u8a66\u3057\u3066\u307f\u308b"},"content":{"rendered":"

Cloud KMS\u3063\u3066\u3069\u3093\u306a\u30b5\u30fc\u30d3\u30b9\uff1f<\/h2>\n

\u30af\u30e9\u30a6\u30c9\u4e0a\u3067\u7ba1\u7406\u3055\u308c\u308b\u6697\u53f7\u9375\u3092\u4f7f\u3063\u3066\u6697\u53f7\u5316\/\u5fa9\u53f7\/\u7f72\u540d\u3068\u3044\u3063\u305f\u64cd\u4f5c\u3092\u884c\u3048\u308b\u30b5\u30fc\u30d3\u30b9\u3067\u3059\u3002
\n\u4eca\u56de\u306fPython\u3068google-cloud-kms<\/a>\uff08\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30e9\u30a4\u30d6\u30e9\u30ea\uff09\u3067\u306e\u6697\u53f7\u5316\u3068\u5fa9\u53f7\u3092\u8a66\u3057\u307e\u3059\u3002<\/p>\n

\u4f7f\u7528\u74b0\u5883<\/h2>\n\n\n\n\n
Python<\/th>\n3.8.13<\/td>\n<\/tr>\n
google-cloud-kms<\/th>\n2.11.1<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

API\u306e\u6709\u52b9\u5316<\/h2>\n

\u4ee5\u964d\u3067\u4f7f\u7528\u3059\u308bGCP\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u306b\u304a\u3044\u3066\u4e8b\u524d\u306bAPI\u3092\u6709\u52b9\u5316\u3057\u3066\u304a\u304f\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002
\n\u3053\u3061\u3089<\/a>\u304b\u3089\u30b3\u30f3\u30bd\u30fc\u30eb\u3078\u79fb\u52d5\u3057\u3001API\u3092\u6709\u52b9\u5316\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n

\u30ad\u30fc\u30ea\u30f3\u30b0\u306e\u4f5c\u6210<\/h2>\n

\u30ad\u30fc\u30ea\u30f3\u30b0\u3068\u3044\u3046\u306e\u306f\u30ad\u30fc\u3092\u307e\u3068\u3081\u308b\u305f\u3081\u306e\u3082\u306e\u3067\u3059\u3002
\n\u73fe\u5b9f\u4e16\u754c\u3067\u3082\u30ad\u30fc\u3092\u30ea\u30f3\u30b0\u3067\u307e\u3068\u3081\u305f\u308a\u3057\u307e\u3059\u306d\u3002GCP\u4e16\u754c\u306e\u30ad\u30fc\u306f\u30ad\u30fc\u30ea\u30f3\u30b0\u306b\u8ffd\u52a0\u3059\u308b\u5f62\u3067\u4f5c\u6210\u3067\u304d\u308b\u305f\u3081\u3001\u307e\u305a\u306f\u30ad\u30fc\u30ea\u30f3\u30b0\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/p>\n

\u3053\u3061\u3089<\/a>\u306e\u30ad\u30fc\u30ea\u30f3\u30b0\u3092\u4f5c\u6210\u3059\u308b\u95a2\u6570\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n

project_id = 'my-project-123'  # GCP\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u306eID\r\nlocation_id = 'asia-northeast1'  # \u30ad\u30fc\u30ea\u30f3\u30b0\u3092\u4f5c\u6210\u3059\u308b\u30ed\u30b1\u30fc\u30b7\u30e7\u30f3\r\nkey_ring_id = 'test-key-ring'  # \u30ad\u30fc\u30ea\u30f3\u30b0\u3092\u8b58\u5225\u3059\u308b\u305f\u3081\u306eID\r\n\r\ncreate_key_ring(project_id, location_id, key_ring_id)<\/code><\/pre>\n
\u5b9f\u884c\u3059\u308b\u3068…<\/p>\n
\n
Created key ring: projects\/my-project-123\/locations\/asia-northeast1\/keyRings\/test-key-ring<\/p>\n<\/div>\n
\u3068\u8868\u793a\u3055\u308c\u3001KMS\u306e\u30b3\u30f3\u30bd\u30fc\u30eb\u304b\u3089\u30ad\u30fc\u30ea\u30f3\u30b0\u3092\u78ba\u8a8d\u3067\u304d\u307e\u3057\u305f\u3002<\/p>\n
\"\"
\n\u30ed\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u3064\u3044\u3066\u306e\u8a73\u7d30\u306f\u3053\u3061\u3089<\/a>\u3092\u3054\u53c2\u7167\u304f\u3060\u3055\u3044\u3002<\/p>\n
\u30ad\u30fc\u306e\u4f5c\u6210<\/h2>\n
\u809d\u5fc3\u306e\u6697\u53f7\u9375\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u3053\u3061\u3089<\/a>\u306e\u95a2\u6570\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002\u3053\u306e\u95a2\u6570\u3067\u4f5c\u6210\u3059\u308b\u6697\u53f7\u9375\u306f\u5bfe\u79f0\u9375\uff08\u5171\u901a\u9375\uff09\u3067\u3059\u3002\u5bfe\u79f0\u9375\u306f\u516c\u958b\u9375\u6697\u53f7\u306e\u3088\u3046\u306a\u975e\u5bfe\u79f0\u6697\u53f7\u3088\u308a\u3082\u9ad8\u901f\u3067\u3059\u304c\u3001\u6697\u53f7\u5316\u3068\u5fa9\u53f7\u306e\u305f\u3081\u306e\u9375\u304c\u7570\u306a\u308b\u4ed5\u7d44\u307f\u3067\u306f\u306a\u3044\u3053\u3068\u306b\u6ce8\u610f\u3057\u307e\u3059\u3002<\/p>\n
key_id = 'test-key'  # \u30ad\u30fc\u3092\u8b58\u5225\u3059\u308b\u305f\u3081\u306eID\r\n\r\ncreate_key_symmetric_encrypt_decrypt(project_id, location_id, key_ring_id, key_id)\r\n<\/code><\/pre>\n
\u5b9f\u884c\u3059\u308b\u3068…<\/p>\n
\n
Created symmetric key: projects\/my-project-123\/locations\/asia-northeast1\/keyRings\/test-key-ring\/cryptoKeys\/test-key<\/p>\n<\/div>\n
\u3068\u8868\u793a\u3055\u308c\u3001KMS\u306e\u30b3\u30f3\u30bd\u30fc\u30eb\u304b\u3089\u30ad\u30fc\u3092\u78ba\u8a8d\u3067\u304d\u307e\u3057\u305f\u3002<\/p>\n\"\"\n
\u6697\u53f7\u5316<\/h2>\n
\u3053\u3061\u3089<\/a>\u306e\u95a2\u6570\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3067\u6587\u5b57\u5217\u3092utf-8\u3067\u30a8\u30f3\u30b3\u30fc\u30c9\u3057\u3066\u304b\u3089\u6697\u53f7\u5316\u3067\u304d\u307e\u3059\u3002\u30ea\u30f3\u30af\u5148\u3067\u306f\u901a\u4fe1\u8def\u4e0a\u3067\u30c6\u30ad\u30b9\u30c8\u304c\u7834\u640d\u3057\u3066\u3044\u306a\u3044\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b\u305f\u3081\u306bCRC32\uff08\u30c1\u30a7\u30c3\u30af\u30b5\u30e0\uff09\u306e\u8a08\u7b97\u3092\u3057\u3066\u3044\u307e\u3059\u3002\u4eca\u56de\u306fCRC32\u3092\u5229\u7528\u3057\u306a\u3044\u3088\u3046\u306b\u5909\u66f4\u3057\u305f\u4ee5\u4e0b\u306e\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3057\u3066\u300cHello, KMS!\u300d\u306e\u6587\u5b57\u5217\u3092\u6697\u53f7\u5316\u3057\u307e\u3057\u305f\u3002<\/p>\n
def encrypt_symmetric(project_id, location_id, key_ring_id, key_id, plaintext):\r\n    import base64\r\n    from google.cloud import kms\r\n\r\n    # Convert the plaintext to bytes.\r\n    plaintext_bytes = plaintext.encode('utf-8')\r\n\r\n    # Create the client.\r\n    client = kms.KeyManagementServiceClient()\r\n\r\n    # Build the key name.\r\n    key_name = client.crypto_key_path(project_id, location_id, key_ring_id, key_id)\r\n\r\n    # Call the API.\r\n    encrypt_response = client.encrypt(\r\n        request={'name': key_name, 'plaintext': plaintext_bytes}\r\n    )\r\n\r\n    print('Ciphertext: {}'.format(base64.b64encode(encrypt_response.ciphertext)))\r\n    return encrypt_response\r\n\r\n\r\nplaintext = 'Hello, KMS!'\r\n\r\nencrypt_symmetric(project_id, location_id, key_ring_id, key_id, plaintext)\r\n<\/code><\/pre>\n
\u3059\u308b\u3068…<\/p>\n
\n
Ciphertext: b’CiQAqIjds4dcBCs0E+Y5yM1APBiab9adFZ0fxsedQQfGtXSBcMQSNABmBwTQt\/dVuVcLboQ60tb8bX\/BiwmlAS0wnX6i1nfyp9REPkR2lo6dcoeuvs7ADBJc0Jw=’<\/p>\n<\/div>\n
\u3068\u8868\u793a\u3055\u308c\u307e\u3057\u305f\u3002\u8868\u793a\u3055\u308c\u3066\u3044\u308b\u306e\u306f\u6697\u53f7\u5316\u5f8c\u306e\u30d0\u30a4\u30ca\u30ea\u3092BASE64\u306b\u3088\u308a\u6587\u5b57\u5217\u306b\u30a8\u30f3\u30b3\u30fc\u30c9\u3057\u305f\u3082\u306e\u3067\u3042\u308b\u3053\u3068\u306b\u6ce8\u610f\u3057\u307e\u3059\u3002<\/p>\n
\u5fa9\u53f7<\/h2>\n
\u6700\u5f8c\u306b\u3001\u5148\u7a0b\u306e\u6697\u53f7\u3092\u5fa9\u53f7\u3057\u3066\u307f\u307e\u3059\u3002\u3053\u3061\u3089<\/a>\u306e\u95a2\u6570\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u3067\u5fa9\u53f7\u3067\u304d\u307e\u3059\u3002\u6697\u53f7\u5316\u3068\u540c\u3058\u3088\u3046\u306b\u30ea\u30f3\u30af\u5148\u3067\u306fCRC32\u304c\u5229\u7528\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u4eca\u56de\u306f\u4ee5\u4e0b\u306eCRC32\u3092\u5229\u7528\u3057\u306a\u3044\u3088\u3046\u306b\u5909\u66f4\u3057\u305f\u3082\u306e\u3092\u4f7f\u7528\u3057\u307e\u3059\u3002<\/p>\n
def decrypt_symmetric(project_id, location_id, key_ring_id, key_id, ciphertext):\r\n    from google.cloud import kms\r\n\r\n    # Create the client.\r\n    client = kms.KeyManagementServiceClient()\r\n\r\n    # Build the key name.\r\n    key_name = client.crypto_key_path(project_id, location_id, key_ring_id, key_id)\r\n\r\n    # Call the API.\r\n    decrypt_response = client.decrypt(\r\n        request={'name': key_name, 'ciphertext': ciphertext}\r\n    )\r\n\r\n    print('Plaintext: {}'.format(decrypt_response.plaintext))\r\n    return decrypt_response\r\n\r\n\r\nencrypt_response = encrypt_symmetric(\r\n    project_id, location_id, key_ring_id, key_id, plaintext\r\n)\r\ndecrypt_symmetric(\r\n    project_id, location_id, key_ring_id, key_id, encrypt_response.ciphertext\r\n)\r\n<\/code><\/pre>\n
\u3053\u308c\u3092\u5b9f\u884c\u3059\u308b\u3068…<\/p>\n
\n
Ciphertext: b’CiQAqIjds3mxYHcDBly1\/OO632EuSHYF3TXmawibmxUd9EDpCEUSNABmBwTQBG3QlWTMjT+0xbLvSzS9fpiuhatBzKKi1nr8ZxvwETJ+wsiLyh1V+vPQUG+vvbU=’
\nPlaintext: b’Hello, KMS!’<\/p>\n<\/div>\n
\u3068\u8868\u793a\u3055\u308c\u307e\u3057\u305f\u3002\u6b63\u3057\u304f\u5fa9\u53f7\u3057\u3066\u300cHello, KMS!\u300d\u3092\u8868\u793a\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002<\/p>\n
\u304a\u308f\u308a\u306b<\/h2>\n
\u4eca\u56de\u306fCloud KMS\u306b\u3088\u308b\u6697\u53f7\u5316\/\u5fa9\u53f7\u3092\u8a66\u3057\u307e\u3057\u305f\u3002\u6a5f\u5bc6\u60c5\u5831\u306f\u751f\u306e\u72b6\u614b\u3067\u4fdd\u5b58\u3059\u308b\u306e\u3067\u306f\u306a\u304f\u6697\u53f7\u5316\u3059\u308b\u3068\u3088\u308a\u5b89\u5168\u3067\u3059\u3002Cloud KMS\u3067\u306f\u9375\u3092\u30af\u30e9\u30a6\u30c9\u7ba1\u7406\u3067\u304d\u308b\u306e\u3067\u9069\u5207\u306b\u7528\u3044\u308c\u3070\u4eba\u70ba\u7684\u306a\u6d41\u51fa\u7d4c\u8def\u3092\u6e1b\u3089\u3059\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u307e\u305f\u3001\u30ed\u30fc\u30c6\u30fc\u30b7\u30e7\u30f3\u3092\u5229\u7528\u3059\u308b\u3053\u3068\u3067\u6d41\u51fa\u3057\u305f\u5834\u5408\u306e\u88ab\u5bb3\u3092\u6291\u3048\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u5b89\u5fc3\u3057\u3066\u60c5\u5831\u3092\u4fdd\u5b58\u30fb\u5229\u7528\u3059\u308b\u305f\u3081\u306b\u4f7f\u3063\u3066\u307f\u3066\u306f\u3044\u304b\u304c\u3067\u3057\u3087\u3046\u304b\uff1f<\/p>\n","protected":false},"excerpt":{"rendered":"
Cloud KMS\u3063\u3066\u3069\u3093\u306a\u30b5\u30fc\u30d3\u30b9\uff1f \u30af\u30e9\u30a6\u30c9\u4e0a\u3067\u7ba1\u7406\u3055\u308c\u308b\u6697\u53f7\u9375\u3092\u4f7f\u3063\u3066\u6697\u53f7\u5316\/\u5fa9\u53f7\/\u7f72\u540d\u3068\u3044\u3063\u305f\u64cd\u4f5c\u3092\u884c\u3048\u308b\u30b5\u30fc\u30d3\u30b9\u3067\u3059\u3002 \u4eca\u56de\u306fPython\u3068google-cloud-kms\uff08\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30e9\u30a4\u30d6\u30e9\u30ea\uff09\u3067\u306e\u6697\u53f7\u5316\u3068<\/p>\n","protected":false},"author":12,"featured_media":25434,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[119],"tags":[],"class_list":["post-6906","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-business"],"acf":[],"meta_field":{"_edit_lock":["1680596546:12"],"_edit_last":["12"],"_oembed_6f8ceb9ec860674e13819c88c4f85f4e":["{{unknown}}"],"hidden_toppage":["0"],"_hidden_toppage":["field_61933136630d2"],"note_url":[""],"_note_url":["field_61243c8278b90"],"_wp_old_date":["2022-05-10"],"_pv_count":["a:24:{i:11;i:119;i:12;i:72;i:16;i:114;i:20;i:75;i:2;i:145;i:13;i:110;i:14;i:119;i:17;i:137;i:18;i:78;i:5;i:31;i:10;i:111;i:15;i:131;i:23;i:29;i:7;i:28;i:19;i:65;i:3;i:112;i:0;i:51;i:1;i:96;i:21;i:43;i:9;i:80;i:8;i:29;i:4;i:74;i:22;i:52;i:6;i:25;}"],"pv_count":["1926"],"_thumbnail_id":["25434"]},"_links":{"self":[{"href":"https:\/\/gri.jp\/media\/wp-json\/wp\/v2\/posts\/6906","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gri.jp\/media\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gri.jp\/media\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gri.jp\/media\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/gri.jp\/media\/wp-json\/wp\/v2\/comments?post=6906"}],"version-history":[{"count":13,"href":"https:\/\/gri.jp\/media\/wp-json\/wp\/v2\/posts\/6906\/revisions"}],"predecessor-version":[{"id":7069,"href":"https:\/\/gri.jp\/media\/wp-json\/wp\/v2\/posts\/6906\/revisions\/7069"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gri.jp\/media\/wp-json\/wp\/v2\/media\/25434"}],"wp:attachment":[{"href":"https:\/\/gri.jp\/media\/wp-json\/wp\/v2\/media?parent=6906"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gri.jp\/media\/wp-json\/wp\/v2\/categories?post=6906"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gri.jp\/media\/wp-json\/wp\/v2\/tags?post=6906"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}