Idiomatic PHP client for Cloud KMS.
NOTE: This repository is part of Google Cloud PHP. Any support requests, bug reports, or development contributions should be directed to that project.
To begin, install the preferred dependency manager for PHP, Composer.
Now to install just this component:
$ composer require google/cloud-kms
Or to install the entire suite of components at once:
$ composer require google/cloud
This component supports both REST over HTTP/1.1 and gRPC. In order to take advantage of the benefits offered by gRPC (such as streaming methods) please see our gRPC installation guide.
Please see our Authentication guide for more information on authenticating your client. Once authenticated, you'll be ready to start making requests.
require __DIR__ . '/vendor/autoload.php';
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\CryptoKey;
use Google\Cloud\Kms\V1\CryptoKey\CryptoKeyPurpose;
use Google\Cloud\Kms\V1\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\KeyRing;
$client = new KeyManagementServiceClient();
$projectId = 'example-project';
$location = 'global';
// Create a keyring
$keyRingId = 'example-keyring';
$locationName = $client::locationName($projectId, $location);
$keyRingName = $client::keyRingName($projectId, $location, $keyRingId);
try {
$keyRing = $client->getKeyRing($keyRingName);
} catch (ApiException $e) {
if ($e->getStatus() === 'NOT_FOUND') {
$keyRing = new KeyRing();
$keyRing->setName($keyRingName);
$client->createKeyRing($locationName, $keyRingId, $keyRing);
}
}
// Create a cryptokey
$keyId = 'example-key';
$keyName = $client::cryptoKeyName($projectId, $location, $keyRingId, $keyId);
try {
$cryptoKey = $client->getCryptoKey($keyName);
} catch (ApiException $e) {
if ($e->getStatus() === 'NOT_FOUND') {
$cryptoKey = new CryptoKey();
$cryptoKey->setPurpose(CryptoKeyPurpose::ENCRYPT_DECRYPT);
$cryptoKey = $client->createCryptoKey($keyRingName, $keyId, $cryptoKey);
}
}
// Encrypt and decrypt
$secret = 'My secret text';
$response = $client->encrypt($keyName, $secret);
$cipherText = $response->getCiphertext();
$response = $client->decrypt($keyName, $cipherText);
$plainText = $response->getPlaintext();
assert($secret === $plainText);
This component is considered GA (generally available). As such, it will not introduce backwards-incompatible changes in any minor or patch releases. We will address issues and requests with the highest priority.
- Understand the official documentation.