To use this function, create a Google Cloud Function that uses the encrypt_json()
function in Google Cloud Console or the gcloud command-line tool.
import json
import base64
from google.cloud import kms
def encrypt_json(event, context):
"""Encrypts a JSON document with an ECC key.
Args:
event: The event object.
context: The context object.
Returns:
The encrypted JSON document.
"""
# Get the JSON document from the event.
json_data = json.loads(event['body'])
# Get the KMS key.
kms_client = kms.Client()
key_name = 'my-key-name'
key = kms_client.get_key(key_name)
# Encrypt the JSON document.
cipher = key.encrypt_asymmetric(json_data)
encrypted_data = base64.b64encode(cipher.plaintext)
# Return the encrypted JSON document.
return encrypted_data
Once created the function, invoke it by sending a POST request to the function’s URL. The request body should contain the JSON document to encrypt. The response body will contain the encrypted JSON document. For example, to encrypt the JSON document my_data.json
, you would use the following command:
curl -X POST -H 'Content-Type: application/json' -d @my_data.json <function-url>
The response body will contain the encrypted JSON document. This function uses the Google Cloud KMS service to encrypt the JSON document. So make sure there’s a KMS key enabled in a project before using the function.