よく書くkms関連スクリプトのスニペット

./scripts/encrypt.sh

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
cd `dirname $0`

cd ../

for file_name in ".env"; do
  gcloud kms encrypt \
    --project projectId \
    --location asia-northeast1 \
    --keyring commmon \
    --key common \
    --plaintext-file $file_name \
    --ciphertext-file $file_name.enc
done

./scripts/decrypt.sh

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
cd `dirname $0`

cd ../

for file_name in ".env"; do
  gcloud kms decrypt \
    --project projectId \
    --location asia-northeast1 \
    --keyring common \
    --key common \
    --ciphertext-file $file_name.enc \
    --plaintext-file $file_name
done

k8s yamlの暗号化

1
sops --encrypt --encrypted-regex '^(data|stringData)$' --gcp-kms projects/$projectId/locations/$location/keyRings/$keyringName/cryptoKeys/$cryptKeyName $path > $enc_path

k8s yamlの復号化

1
sops -d $enc_path > $path