javaspring-bootgoogle-cloud-platformgoogle-cloud-kms

How to pass the key version when creating key ( Symmetric/ Asymmetric) in GCP KMS


When creating a key in GCP KMS through GCP Console , we can enter the key version. Ex. 1, 2, .. v20 etc.


When programmatically creating a key in Java , I am unable to find how to pass the key version of my choice.

Create Asymmetric Key in GCP KMS doc

public void createKeyAsymmetricDecrypt(
      String projectId, String locationId, String keyRingId, String id) throws IOException {
    // Initialize client that will be used to send requests. This client only
    // needs to be created once, and can be reused for multiple requests. After
    // completing all of your requests, call the "close" method on the client to
    // safely clean up any remaining background resources.
    try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
      // Build the parent name from the project, location, and key ring.
      KeyRingName keyRingName = KeyRingName.of(projectId, locationId, keyRingId);

      // Build the asymmetric key to create.
      CryptoKey key =
          CryptoKey.newBuilder()
              .setPurpose(CryptoKeyPurpose.ASYMMETRIC_DECRYPT)
              .setVersionTemplate(
                  CryptoKeyVersionTemplate.newBuilder()
                      .setAlgorithm(CryptoKeyVersionAlgorithm.RSA_DECRYPT_OAEP_2048_SHA256))

              // Optional: customize how long key versions should be kept before destroying.
              .setDestroyScheduledDuration(Duration.newBuilder().setSeconds(24 * 60 * 60))
              .build();

      // Create the key.
      CryptoKey createdKey = client.createCryptoKey(keyRingName, id, key);
      System.out.printf("Created asymmetric key %s%n", createdKey.getName());
    }
  }

So, can we pass the key version of our choice , when creating key in KMS through above code?

I think , there are some parameters that we can pass when creating the key through GCP terminal but I am not sure. I am interested in knowing how to pass version info when creating key in java.


Solution

  • You don't have custom version in KMS. When you create a key, the version is 1. The next version will increment this value, and so forth.