I'm trying to fetch the encryption key from the KMS for encrypting or decrypting data from a database. And the error suggests that the key purpose is wrong. What should be the actual key purpose for my use case?
FAILED_PRECONDITION: Operation requested for Key projects/myproject67567/locations/global/keyRings/test/cryptoKeys/test/cryptoKeyVersions/1 has incorrect key purpose: ENCRYPT_DECRYPT
Please help
public PublicKey fetchKey() {
try {
KeyManagementServiceSettings keyManagementServiceSettings =
KeyManagementServiceSettings.newBuilder()
.setCredentialsProvider(FixedCredentialsProvider.create(GoogleCredentials.getApplicationDefault()
.createScoped(Collections.singleton("https://www.googleapis.com/auth/cloudkms"))))
.build();
KeyManagementServiceClient client =
KeyManagementServiceClient.create(keyManagementServiceSettings);
CryptoKeyVersionName keyVersionName =
CryptoKeyVersionName.of("myproject67567", "global", "test",
"test", "1");
// Get the public key.
PublicKey publicKey = client.getPublicKey(keyVersionName);
return publicKey;
}catch (Exception e){
throw new Exception(e);
}
}
Symmetric keys are internal to KMS and can't be exported. The reason you see this error is that you are trying to export a public key (asymmetric) from a symmetric key (with purpose ENCRYPT_DECRYPT).