Google cloud have 2 products that I sometimes get confused.
1) Secure Manager :
- This is secure and access based alternative of ENVIRONMENT VARIABLE. Google don't recommend using environment variables to store critical data.
1) Secure Manager :
- This is secure and access based alternative of ENVIRONMENT VARIABLE. Google don't recommend using environment variables to store critical data.
- Let say you want to Store "private keys" for an Cloud API service, or password then you can use Secure manager.
- you are charged on every read.
< https://beranger.medium.com/native-implementation-of-google-secret-manager-in-cloud-functions-93a1732dd175 >
A working example of how to use secure manager is provided here :
< https://firebase.google.com/docs/functions/config-env >
- you are charged on every read.
< https://beranger.medium.com/native-implementation-of-google-secret-manager-in-cloud-functions-93a1732dd175 >
A working example of how to use secure manager is provided here :
< https://firebase.google.com/docs/functions/config-env >
Make sure you create secret and allow access to it :
< https://cloud.google.com/functions/docs/configuring/secrets >
2) Key Management :
- This is full fledged key managment service. It allows to generate key pairs ( symatric / asymatric ) and then you can manage those keys on hardware or with software.
- your private keys are never exposed to anyone including you.
- you can send your message and get encrypted message, similarly you can send your cipher and get decrepted message.
- you are charged for every key pair.
I haven't tried this yet, but this answer can be helpful :
< https://stackoverflow.com/questions/69746503/how-do-i-store-a-private-key-using-google-clouds-cloud-kms/69862736 >
< https://cloud.google.com/functions/docs/configuring/secrets >
2) Key Management :
- This is full fledged key managment service. It allows to generate key pairs ( symatric / asymatric ) and then you can manage those keys on hardware or with software.
- your private keys are never exposed to anyone including you.
- you can send your message and get encrypted message, similarly you can send your cipher and get decrepted message.
- you are charged for every key pair.
I haven't tried this yet, but this answer can be helpful :
< https://stackoverflow.com/questions/69746503/how-do-i-store-a-private-key-using-google-clouds-cloud-kms/69862736 >
Some key terms to know :
1) MAC :
MAC stands for message authentication.
< https://en.wikipedia.org/wiki/Message_authentication_code >
2) Message Intigrity :
3) Message Authenticity :
4) Message confidentiality :
No comments:
Post a Comment