googleapis · busunkim96 · Jun 4, 2020 · Feb 7, 2017 · Feb 8, 2017 · Feb 9, 2017
diff --git a/samples/snippets/README.rst b/samples/snippets/README.rst
@@ -0,0 +1,82 @@
+.. This file is automatically generated. Do not edit this file directly.
+
+Google Cloud KMS API Python Samples
+===============================================================================
+
+.. image:: https://gstatic.com/cloudssh/images/open-btn.png
+   :target: https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/GoogleCloudPlatform/python-docs-samples&page=editor&open_in_editor=kms/api-client/README.rst
+
+
+This directory contains samples for Google Cloud KMS API. The `Google Cloud KMS API`_ is a service that allows you to keep encryption keys centrally in the cloud, for direct use by cloud services.
+
+
+
+
+.. _Google Cloud KMS API: https://cloud.google.com/kms/docs/
+
+Setup
+-------------------------------------------------------------------------------
+
+
+Authentication
+++++++++++++++
+
+This sample requires you to have authentication setup. Refer to the
+`Authentication Getting Started Guide`_ for instructions on setting up
+credentials for applications.
+
+.. _Authentication Getting Started Guide:
+    https://cloud.google.com/docs/authentication/getting-started
+
+Install Dependencies
+++++++++++++++++++++
+
+#. Clone python-docs-samples and change directory to the sample directory you want to use.
+
+    .. code-block:: bash
+
+        $ git clone https://github.com/GoogleCloudPlatform/python-docs-samples.git
+
+#. Install `pip`_ and `virtualenv`_ if you do not already have them. You may want to refer to the `Python Development Environment Setup Guide`_ for Google Cloud Platform for instructions.
+
+   .. _Python Development Environment Setup Guide:
+       https://cloud.google.com/python/setup
+
+#. Create a virtualenv. Samples are compatible with Python 2.7 and 3.4+.
+
+    .. code-block:: bash
+
+        $ virtualenv env
+        $ source env/bin/activate
+
+#. Install the dependencies needed to run the samples.
+
+    .. code-block:: bash
+
+        $ pip install -r requirements.txt
+
+.. _pip: https://pip.pypa.io/
+.. _virtualenv: https://virtualenv.pypa.io/
+
+Samples
+-------------------------------------------------------------------------------
+
+Quickstart
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+.. image:: https://gstatic.com/cloudssh/images/open-btn.png
+   :target: https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/GoogleCloudPlatform/python-docs-samples&page=editor&open_in_editor=kms/api-client/quickstart.py,kms/api-client/README.rst
+
+
+
+
+To run this sample:
+
+.. code-block:: bash
+
+    $ python quickstart.py
+
+
+
+
+.. _Google Cloud SDK: https://cloud.google.com/sdk/
diff --git a/samples/snippets/README.rst.in b/samples/snippets/README.rst.in
@@ -0,0 +1,19 @@
+# This file is used to generate README.rst
+
+product:
+  name: Google Cloud KMS API
+  short_name: Cloud KMS API
+  url: https://cloud.google.com/kms/docs/
+  description: >
+    The `Google Cloud KMS API`_ is a service that allows you to keep encryption
+    keys centrally in the cloud, for direct use by cloud services.
+
+setup:
+- auth
+- install_deps
+
+samples:
+- name: Quickstart
+  file: quickstart.py
+
+folder: kms/api-client
diff --git a/samples/snippets/create_key_asymmetric_decrypt.py b/samples/snippets/create_key_asymmetric_decrypt.py
@@ -0,0 +1,54 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+
+
+# [START kms_create_key_asymmetric_decrypt]
+def create_key_asymmetric_decrypt(project_id, location_id, key_ring_id, id):
+    """
+    Creates a new asymmetric decryption key in Cloud KMS.
+
+    Args:
+        project_id (string): Google Cloud project ID (e.g. 'my-project').
+        location_id (string): Cloud KMS location (e.g. 'us-east1').
+        key_ring_id (string): ID of the Cloud KMS key ring (e.g. 'my-key-ring').
+        id (string): ID of the key to create (e.g. 'my-asymmetric-decrypt-key').
+
+    Returns:
+        CryptoKey: Cloud KMS key.
+
+    """
+
+    # Import the client library.
+    from google.cloud import kms
+
+    # Create the client.
+    client = kms.KeyManagementServiceClient()
+
+    # Build the parent key ring name.
+    key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id)
+
+    # Build the key.
+    purpose = kms.enums.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT
+    algorithm = kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_DECRYPT_OAEP_2048_SHA256
+    key = {
+        'purpose': purpose,
+        'version_template': {
+            'algorithm': algorithm,
+        }
+    }
+
+    # Call the API.
+    created_key = client.create_crypto_key(key_ring_name, id, key)
+    print('Created asymmetric decrypt key: {}'.format(created_key.name))
+    return created_key
+# [END kms_create_key_asymmetric_decrypt]
diff --git a/samples/snippets/create_key_asymmetric_sign.py b/samples/snippets/create_key_asymmetric_sign.py
@@ -0,0 +1,54 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+
+
+# [START kms_create_key_asymmetric_sign]
+def create_key_asymmetric_sign(project_id, location_id, key_ring_id, id):
+    """
+    Creates a new asymmetric signing key in Cloud KMS.
+
+    Args:
+        project_id (string): Google Cloud project ID (e.g. 'my-project').
+        location_id (string): Cloud KMS location (e.g. 'us-east1').
+        key_ring_id (string): ID of the Cloud KMS key ring (e.g. 'my-key-ring').
+        id (string): ID of the key to create (e.g. 'my-asymmetric-signing-key').
+
+    Returns:
+        CryptoKey: Cloud KMS key.
+
+    """
+
+    # Import the client library.
+    from google.cloud import kms
+
+    # Create the client.
+    client = kms.KeyManagementServiceClient()
+
+    # Build the parent key ring name.
+    key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id)
+
+    # Build the key.
+    purpose = kms.enums.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN
+    algorithm = kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PKCS1_2048_SHA256
+    key = {
+        'purpose': purpose,
+        'version_template': {
+            'algorithm': algorithm,
+        }
+    }
+
+    # Call the API.
+    created_key = client.create_crypto_key(key_ring_name, id, key)
+    print('Created asymmetric signing key: {}'.format(created_key.name))
+    return created_key
+# [END kms_create_key_asymmetric_sign]
diff --git a/samples/snippets/create_key_hsm.py b/samples/snippets/create_key_hsm.py
@@ -0,0 +1,56 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+
+
+# [START kms_create_key_hsm]
+def create_key_hsm(project_id, location_id, key_ring_id, id):
+    """
+    Creates a new key in Cloud KMS backed by Cloud HSM.
+
+    Args:
+        project_id (string): Google Cloud project ID (e.g. 'my-project').
+        location_id (string): Cloud KMS location (e.g. 'us-east1').
+        key_ring_id (string): ID of the Cloud KMS key ring (e.g. 'my-key-ring').
+        id (string): ID of the key to create (e.g. 'my-hsm-key').
+
+    Returns:
+        CryptoKey: Cloud KMS key.
+
+    """
+
+    # Import the client library.
+    from google.cloud import kms
+
+    # Create the client.
+    client = kms.KeyManagementServiceClient()
+
+    # Build the parent key ring name.
+    key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id)
+
+    # Build the key.
+    purpose = kms.enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT
+    algorithm = kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION
+    protection_level = kms.enums.ProtectionLevel.HSM
+    key = {
+        'purpose': purpose,
+        'version_template': {
+            'algorithm': algorithm,
+            'protection_level': protection_level
+        }
+    }
+
+    # Call the API.
+    created_key = client.create_crypto_key(key_ring_name, id, key)
+    print('Created hsm key: {}'.format(created_key.name))
+    return created_key
+# [END kms_create_key_hsm]
diff --git a/samples/snippets/create_key_labels.py b/samples/snippets/create_key_labels.py
@@ -0,0 +1,58 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+
+
+# [START kms_create_key_labels]
+def create_key_labels(project_id, location_id, key_ring_id, id):
+    """
+    Creates a new key in Cloud KMS with labels.
+
+    Args:
+        project_id (string): Google Cloud project ID (e.g. 'my-project').
+        location_id (string): Cloud KMS location (e.g. 'us-east1').
+        key_ring_id (string): ID of the Cloud KMS key ring (e.g. 'my-key-ring').
+        id (string): ID of the key to create (e.g. 'my-labeled-key').
+
+    Returns:
+        CryptoKey: Cloud KMS key.
+
+    """
+
+    # Import the client library.
+    from google.cloud import kms
+
+    # Create the client.
+    client = kms.KeyManagementServiceClient()
+
+    # Build the parent key ring name.
+    key_ring_name = client.key_ring_path(project_id, location_id, key_ring_id)
+
+    # Build the key.
+    purpose = kms.enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT
+    algorithm = kms.enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION
+    key = {
+        'purpose': purpose,
+        'version_template': {
+            'algorithm': algorithm,
+        },
+        'labels': {
+            'team': 'alpha',
+            'cost_center': 'cc1234'
+        }
+    }
+
+    # Call the API.
+    created_key = client.create_crypto_key(key_ring_name, id, key)
+    print('Created labeled key: {}'.format(created_key.name))
+    return created_key
+# [END kms_create_key_labels]
diff --git a/samples/snippets/create_key_ring.py b/samples/snippets/create_key_ring.py
@@ -0,0 +1,46 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+
+
+# [START kms_create_key_ring]
+def create_key_ring(project_id, location_id, id):
+    """
+    Creates a new key ring in Cloud KMS
+
+    Args:
+        project_id (string): Google Cloud project ID (e.g. 'my-project').
+        location_id (string): Cloud KMS location (e.g. 'us-east1').
+        id (string): ID of the key ring to create (e.g. 'my-key-ring').
+
+    Returns:
+        KeyRing: Cloud KMS key ring.
+
+    """
+
+    # Import the client library.
+    from google.cloud import kms
+
+    # Create the client.
+    client = kms.KeyManagementServiceClient()
+
+    # Build the parent location name.
+    location_name = client.location_path(project_id, location_id)
+
+    # Build the key ring.
+    key_ring = {}
+
+    # Call the API.
+    created_key_ring = client.create_key_ring(location_name, id, key_ring)
+    print('Created key ring: {}'.format(created_key_ring.name))
+    return created_key_ring
+# [END kms_create_key_ring]