How to encrypt and decrypt a secret file in the Google Cloud Platform

Let’s save our credentials in a safe way in GCP

Sometimes we need to store some credential files in the source code repository. For security issues, we should not store plaintext credential files but should encrypt them properly and store the encrypted ones instead. When the credential files are needed in some applications, we can then decrypt them to plaintext files again.

Photo by TheDigitalArtist on Pixabay.

The Google Cloud Key Management Service (KMS) can encrypt and decrypt files in the Google Cloud Platform (GCP) system. To use KMS, we need to understand some basic terminologies.

Location. A location represents the geographical region where a Cloud KMS resource is stored and can be accessed. A key’s location can impact the performance of applications using the key. It is recommended to specify the same location as the applications that require the key. If the impact on performance is minimal or if the applications span multiple regions, you can specify the global location as in this article.

Key ring. A key ring organizes keys in a specific Google Cloud location and allows you to manage access control on groups of keys. A key ring’s name does not need to be unique across a Google Cloud project but must be unique within a given location.