Getting Started with Cloud KMS

 How to use some advanced features of Google Cloud Security and Privacy APIs, including:

Setting up a secure Cloud Storage bucket
Managing keys and encrypted data using Key Management Service
Viewing Cloud Storage audit logs

Take abridged data from the Enron Corpus, encrypt it, and load it into Cloud Storage.


How to encrypt data and manage encryption keys using Key Management Service (KMS).




















Welcome to Cloud Shell! Type "help" to get started.
Your Cloud Platform project in this session is set to qwiklabs-gcp-03-6ca5b3b7ee09.
Use “gcloud config set project [PROJECT_ID]” to change to a different project.
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ gcloud auth list
Credentialed Accounts

ACTIVE: *
ACCOUNT: student-04-140dad0d0d33@qwiklabs.net

To set the active account, run:
    $ gcloud config set account `ACCOUNT`

student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ gcloud config list project
[core]
project = qwiklabs-gcp-03-6ca5b3b7ee09

Your active configuration is: [cloudshell-29066]
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ BUCKET_NAME="qwiklabs-gcp-03-6ca5b3b7ee09-enron_corpus"
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ echo $BUCKET_NAME
qwiklabs-gcp-03-6ca5b3b7ee09-enron_corpus
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ 
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ gsutil mb gs://${BUCKET_NAME}
Creating gs://qwiklabs-gcp-03-6ca5b3b7ee09-enron_corpus/...
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ 
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ gsutil cp gs://enron_emails/allen-p/inbox/1. .
Copying gs://enron_emails/allen-p/inbox/1....
/ [1 files][  1.7 KiB/  1.7 KiB]                                                
Operation completed over 1 objects/1.7 KiB.                                      
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ tail 1
tail: cannot open '1' for reading: No such file or directory
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ ls
1.  README-cloudshell.txt
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ ls -l
total 8
-rw-r--r-- 1 student_04_140dad0d0d33 student_04_140dad0d0d33 1775 Aug  3 19:48 1.
-rw-r--r-- 1 student_04_140dad0d0d33 student_04_140dad0d0d33  913 Aug  3 19:44 README-cloudshell.txt
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ tail 1.
Attached is the Delta position for 1/18, 1/31, 6/20, 7/16, 9/24



 << File: west_delta_pos.xls >> 

Let me know if you have any questions.



tudent_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ 
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ 
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ 
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ history
    1  gcloud auth list
    2  gcloud config list project
    3  BUCKET_NAME="qwiklabs-gcp-03-6ca5b3b7ee09-enron_corpus"
    4  echo $BUCKET_NAME
    5  gsutil mb gs://${BUCKET_NAME}
    6  gsutil cp gs://enron_emails/allen-p/inbox/1. .
    7  tail 1
    8  ls
    9  ls -l
   10  tail 1.
   11  gcloud services enable cloudkms.googleapis.com
   12  gcloud services list
   13  \
   14  KEYRING_NAME=test CRYPTOKEY_NAME=qwiklab
   15  gcloud kms keyrings create $KEYRING_NAME --location global
   16  gcloud kms keys create $CRYPTOKEY_NAME --location global --keyring $KEYRING_NAME --purpose encryption
   17  tail 1.
   18  PLAINTEXT=$(cat 1. | base64 -w0)
   19  curl -v "https://cloudkms.googleapis.com/v1/projects/$DEVSHELL_PROJECT_ID/locations/global/keyRings/$KEYRING_NAME/cryptoKeys/$CRYPTOKEY_NAME:encrypt"   -d "{\"plaintext\":\"$PLAINTEXT\"}"   -H "Authorization:Bearer $(gcloud auth application-default print-access-token)"  -H "Content-Type: application/json"
   20  curl -v "https://cloudkms.googleapis.com/v1/projects/$DEVSHELL_PROJECT_ID/locations/global/keyRings/$KEYRING_NAME/cryptoKeys/$CRYPTOKEY_NAME:encrypt"   -d "{\"plaintext\":\"$PLAINTEXT\"}"   -H "Authorization:Bearer $(gcloud auth application-default print-access-token)"  -H "Content-Type:application/json" | jq .ciphertext -r > 1.encrypted
   21  curl -v "https://cloudkms.googleapis.com/v1/projects/$DEVSHELL_PROJECT_ID/locations/global/keyRings/$KEYRING_NAME/cryptoKeys/$CRYPTOKEY_NAME:decrypt"   -d "{\"ciphertext\":\"$(cat 1.encrypted)\"}"   -H "Authorization:Bearer $(gcloud auth application-default print-access-token)"  -H "Content-Type:application/json" | jq .plaintext -r | base64 -d




student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ gcloud services enable cloudkms.googleapis.com
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ 
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ 
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ gcloud services list
NAME: actions.googleapis.com
TITLE: Actions API

NAME: androiddeviceprovisioning.googleapis.com
TITLE: Android Device Provisioning Partner API

NAME: appengine.googleapis.com
TITLE: App Engine Admin API

NAME: appengineflex.googleapis.com
TITLE: Google App Engine Flexible Environment

NAME: artifactregistry.googleapis.com
TITLE: Artifact Registry API

NAME: autoscaling.googleapis.com
TITLE: Cloud Autoscaling API

NAME: bigquery.googleapis.com
TITLE: BigQuery API

NAME: bigquerydatatransfer.googleapis.com
TITLE: BigQuery Data Transfer API

NAME: bigquerymigration.googleapis.com
TITLE: BigQuery Migration API

NAME: bigquerystorage.googleapis.com
TITLE: BigQuery Storage API

NAME: bigtable.googleapis.com
TITLE: Cloud Bigtable API

NAME: bigtableadmin.googleapis.com
TITLE: Cloud Bigtable Admin API

NAME: bigtabletableadmin.googleapis.com
TITLE: Cloud Bigtable Table Admin API

NAME: calendar-json.googleapis.com
TITLE: Google Calendar API

NAME: chat.googleapis.com
TITLE: Google Chat API

NAME: cloudapis.googleapis.com
TITLE: Google Cloud APIs

NAME: cloudbilling.googleapis.com
TITLE: Cloud Billing API

NAME: cloudbuild.googleapis.com
TITLE: Cloud Build API

NAME: clouderrorreporting.googleapis.com
TITLE: Error Reporting API

NAME: cloudfunctions.googleapis.com
TITLE: Cloud Functions API

NAME: cloudkms.googleapis.com
TITLE: Cloud Key Management Service (KMS) API

NAME: cloudlatencytest.googleapis.com
TITLE: Cloud Network Performance Monitoring API

NAME: cloudresourcemanager.googleapis.com
TITLE: Cloud Resource Manager API

NAME: cloudtasks.googleapis.com
TITLE: Cloud Tasks API

NAME: cloudtrace.googleapis.com
TITLE: Cloud Trace API

NAME: composer.googleapis.com
TITLE: Cloud Composer API

NAME: compute.googleapis.com
TITLE: Compute Engine API

NAME: container.googleapis.com
TITLE: Kubernetes Engine API

NAME: containeranalysis.googleapis.com
TITLE: Container Analysis API

NAME: containerfilesystem.googleapis.com
TITLE: Container File System API

NAME: containerregistry.googleapis.com
TITLE: Container Registry API

NAME: containerscanning.googleapis.com
TITLE: Container Scanning API

NAME: dataflow.googleapis.com
TITLE: Dataflow API

NAME: dataproc-control.googleapis.com
TITLE: Cloud Dataproc Control API

NAME: dataproc.googleapis.com
TITLE: Cloud Dataproc API

NAME: datastore.googleapis.com
TITLE: Cloud Datastore API

NAME: deploymentmanager.googleapis.com
TITLE: Cloud Deployment Manager V2 API

NAME: dlp.googleapis.com
TITLE: Cloud Data Loss Prevention (DLP)

NAME: dns.googleapis.com
TITLE: Cloud DNS API

NAME: drive.googleapis.com
TITLE: Google Drive API

NAME: endpoints.googleapis.com
TITLE: Google Cloud Endpoints

NAME: firebasedynamiclinks.googleapis.com
TITLE: Firebase Dynamic Links API

NAME: firebaseinstallations.googleapis.com
TITLE: Firebase Installations API

NAME: firebaseremoteconfig.googleapis.com
TITLE: Firebase Remote Config API

NAME: firebaserules.googleapis.com
TITLE: Firebase Rules API

NAME: firestore.googleapis.com
TITLE: Cloud Firestore API

NAME: gmail.googleapis.com
TITLE: Gmail API

NAME: googlecloudmessaging.googleapis.com
TITLE: Cloud Messaging

NAME: groupsmigration.googleapis.com
TITLE: Groups Migration API

NAME: groupssettings.googleapis.com
TITLE: Groups Settings API

NAME: iam.googleapis.com
TITLE: Identity and Access Management (IAM) API

NAME: iamcredentials.googleapis.com
TITLE: IAM Service Account Credentials API

NAME: language.googleapis.com
TITLE: Cloud Natural Language API

NAME: logging.googleapis.com
TITLE: Cloud Logging API

NAME: maps-android-backend.googleapis.com
TITLE: Maps SDK for Android

NAME: maps-embed-backend.googleapis.com
TITLE: Maps Embed API

NAME: maps-ios-backend.googleapis.com
TITLE: Maps SDK for iOS

NAME: monitoring.googleapis.com
TITLE: Cloud Monitoring API

NAME: networkconnectivity.googleapis.com
TITLE: Network Connectivity API

NAME: oslogin.googleapis.com
TITLE: Cloud OS Login API

NAME: people.googleapis.com
TITLE: People API

NAME: pubsub.googleapis.com
TITLE: Cloud Pub/Sub API

NAME: resourceviews.googleapis.com
TITLE: Compute Engine Instance Groups API

NAME: runtimeconfig.googleapis.com
TITLE: Cloud Runtime Configuration API

NAME: script.googleapis.com
TITLE: Apps Script API

NAME: servicecontrol.googleapis.com
TITLE: Service Control API

NAME: servicemanagement.googleapis.com
TITLE: Service Management API

NAME: serviceusage.googleapis.com
TITLE: Service Usage API

NAME: sheets.googleapis.com
TITLE: Google Sheets API

NAME: source.googleapis.com
TITLE: Legacy Cloud Source Repositories API

NAME: sourcerepo.googleapis.com
TITLE: Cloud Source Repositories API

NAME: spanner.googleapis.com
TITLE: Cloud Spanner API

NAME: speech.googleapis.com
TITLE: Cloud Speech-to-Text API

NAME: sql-component.googleapis.com
TITLE: Cloud SQL

NAME: sqladmin.googleapis.com
TITLE: Cloud SQL Admin API

NAME: storage-api.googleapis.com
TITLE: Google Cloud Storage JSON API

NAME: storage-component.googleapis.com
TITLE: Cloud Storage

NAME: storage.googleapis.com
TITLE: Cloud Storage API

NAME: storagetransfer.googleapis.com
TITLE: Storage Transfer API

NAME: tasks.googleapis.com
TITLE: Google Tasks API

NAME: testing.googleapis.com
TITLE: Cloud Testing API

NAME: toolresults.googleapis.com
TITLE: Cloud Tool Results API

NAME: translate.googleapis.com
TITLE: Cloud Translation API

NAME: videointelligence.googleapis.com
TITLE: Cloud Video Intelligence API

NAME: vision.googleapis.com
TITLE: Cloud Vision API

NAME: youtubeanalytics.googleapis.com
TITLE: YouTube Analytics API

NAME: youtubereporting.googleapis.com
TITLE: YouTube Reporting API
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ \
> ^C
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ 
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ 
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ KEYRING_NAME=test CRYPTOKEY_NAME=qwiklab
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ 
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ gcloud kms keyrings create $KEYRING_NAME --location global
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ 
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ 
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ gcloud kms keys create $CRYPTOKEY_NAME --location global --keyring $KEYRING_NAME --purpose encryption
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ 
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ tail 1.
Attached is the Delta position for 1/18, 1/31, 6/20, 7/16, 9/24



 << File: west_delta_pos.xls >> 

Let me know if you have any questions.


Heatherstudent_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ PLAINTEXT=$(cat 1. | base64 -w0)
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ 
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ 
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ curl -v "https://cloudkms.googleapis.com/v1/projects/$DEVSHELL_PROJECT_ID/locations/global/keyRings/$KEYRING_NAME/cryptoKeys/$CRYPTOKEY_NAME:encrypt" \
  -d "{\"plaintext\":\"$PLAINTEXT\"}" \
  -H "Authorization:Bearer $(gcloud auth application-default print-access-token)"\
  -H "Content-Type: application/json"
*   Trying 74.125.199.95:443...
* Connected to cloudkms.googleapis.com (74.125.199.95) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=upload.video.google.com
*  start date: Jul 10 08:21:11 2023 GMT
*  expire date: Oct  2 08:21:10 2023 GMT
*  subjectAltName: host "cloudkms.googleapis.com" matched cert's "*.googleapis.com"
*  issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x563729bf12c0)
> POST /v1/projects/qwiklabs-gcp-03-6ca5b3b7ee09/locations/global/keyRings/test/cryptoKeys/qwiklab:encrypt HTTP/2
> Host: cloudkms.googleapis.com
> user-agent: curl/7.74.0
> accept: */*
> authorization:Bearer ya29.a0AfB_byDUBAjp3mNQlPpUwo-8prfNw2B5Whr1BOTjxB8cHToNma0uw19cqx8gyAzeYbdm1OXrxcnIw-uxMhLSzEWyskBb79xRWVFl36fLQftPOx-5Bz6tm20LW1vi1sjkDKDEiXqP3h8MLWI1ph6dcYiFKePQTvEJVks8iho1keNNHA8bblksK9tFCTyTVFv7awSvRQzaDQykCV6frYMIDFX3ZvEAATEfKO_nj-X1yqjYimD3mb5T8kVxdqv2PGcJuuSkQihbeqWEFAjUR41V9EpZeyURUFSesIZxzGpauo5Jl_W9CN5r7wr8Q7Od4ikd1LowzibUOXQSNnmyC-aEWoRxydcx3W__Jd3zb8oTFia0J4wD3QKlShVBnt1bkbs-EKth6l13LldabAu0aDc--Pn7-waCgYKAW0SARESFQHsvYlsO1dMZZbKTiWIv-YB4Ze79Q0417
> content-type: application/json
> content-length: 2384
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
* We are completely uploaded and fine
< HTTP/2 200 
< content-type: application/json; charset=UTF-8
< vary: X-Origin
< vary: Referer
< vary: Origin,Accept-Encoding
< date: Thu, 03 Aug 2023 19:58:48 GMT
< server: ESF
< cache-control: private
< x-xss-protection: 0
< x-frame-options: SAMEORIGIN
< x-content-type-options: nosniff
< accept-ranges: none
{
  "name": "projects/qwiklabs-gcp-03-6ca5b3b7ee09/locations/global/keyRings/test/cryptoKeys/qwiklab/cryptoKeyVersions/1",
  "ciphertext": "CiQAx02+IixgOeGH8rPNGoMjlcAWFJ4DWW0QpBRkgeuFolk+zbsSmQ4Ah4jJY65je9WTEQq7AuTYBCPOARIGcw9i4kjKNhilIPFcN5J+bTWpoobP9OChA53XMpvVzEhnsdm/1sEBkT6qIhUXCwCMWRNPp86sUZooVAoCU9t9BOVOAM8M0mdJDvhdeohyn2ghsWDVZnqt9N0OkzAzL+G8/qIVkM5GQcwlG5WPrMjumXm3JQGIB6O7lqUcbYAkYViqFVNY37zkq57B24KZOGJxuBczGvdIVqzwszRA8W8TdgtAdawhk81AS4gPN2j/AcHz+7ljeRlOj5ZyaVCM6j8Ds2VwS0WVWQq5mG9s9oEj4XQ8EQ7ZCumez9pxc01dY/g6ku4iaFtvUkIDgS7A+LxYZ1TrgWWsuroejBXMjjWQQdpZi53/4gvM8WAsX+OObYTsTwr4X0EJfqb3qIDJo8Hnnr/Vipu8sJkB9eYkA6YpDXaIVhewMN7qPn3gK7knbHIsxG3F5HIYU7F6Wj1PWNnVySRjfzk9SHtFKsDRjNjnaE27bK130Nraw4Ufrn1eoQs82hJ1YdH7QlZAGVkPPF5QNxqdsdPcbvJU9z9gbHYp05UnBHcLL9l4lCpMlZf7UOM/zvlXCWwmqV3XpNAHtvKr1cUtNz7K4lCQ3MGxaFtXBSxwAPJqhUEOBCgieWOFLR8T3l9Rfu8k0zIDEmmY8pWAe5ZkCQwrKW6escbMyFI8iWlWC/89CjbPHbIUyY+Lp/DFkzSWiGfQq8CmHfISG8HgUFGBUgtjDZg8dAITJN4y4jd1C8mcgQVsvhwGGIYcXrZhroj05kq5LANvvA71vvRUFQnW3909wUId+T0QNBuuZ21gGzAo6JEiMzcbalnmiFsVyg4GQzXRPDtrjFE6ncRkK3HeOjnBQ7vbvllSd+H9W6YN2SA/QX9dERVX5UOa20ECIajPmYClO2HxpsKEkCnT764r0NyocpPFbSI2KiXPSLvpjd03WIHe/evbBnFO6Zz8rHlsYwsgPm49WxK8Sv8TPTTImBGFnt1b9Jz2GaJLPhFaO+0AJVq3WmZGZpQYuO2ryocQZzmTP25AduGLYxcBD/mmbe9Vx5TtZ0QJPLLw3yVMsamJR7A3w8ftABK1nfmOLJF1mW+CCUr6nRhp3ur+0HblbLTFli8xXc0I77jCuMrXSsmliEkMHJrbnuys2yCIaeMYh322LqIBBj0nNWFmgxjPC5tGtpzjSF0VgFQuyII4ycKsFjcGu5skh3//ipWyELEzzGgSPwHrgXhtPDbkeQGcoJK3QIkQS4CZM4FszP39lo9gOyNVDaJawjBeLht8Vt5tKLdgubozeSPYsnMiiK0sfHmqNQCtMeV+6oTYLLfnXUG16cI8SlLXL0+5HwqFiD2RGecGtxElQRZoPy+rUSK4xOk2vurSVnE626/lV8BgPcbTJUHdPEz4zHmafyKyvaN8SwMf8I/lDEFXoRSLNDYZA9GXpl3veJdbf9wOzpLOvYSpmoCm3I6t0zGP4/D3RkEZkw+oOQ5YnkZejIx6zOVyy0CAVtz2d5xol+mQzilUV5fVrUeeEG/GISCxpN+NYO3HxMh6ziQkmppNBMdSaYLW3QFsM13L7bj+03aB6QiR+QIm2cCRg9cSyty9LzczXURtnM+IE6JLOcYFK32pJGkyhGdXwbasi5l/c52yt31BQS8F4B4RDHORMdicpll8XyQkgIhk/5cbZnDQBFUGxA5FO3wv5ItHb12b4X/zGQeETXRA0t2GIZoKiZnvAGWfslOiGggFRYatNSzuOqcHAEqssmtCBaEgUq1Yk2U4iGk3vB3GmJfwCSBOfHr/kR8LuH7tC3eFgDk9ThsB+R13hTCpZ9Qw5o1mDAAa7BF+dc8R/+R50WtFmerovGZO4sX2J2ozTMP3bUm4wQdfGwjhtYxlZDLTRjyv+HkA8Dd5yQjuIQalhl2dsGjT1OqAWmZPaFpu1JEBM12cWCkQbvUMMuAccUGF4ySle0e7j+Hf6DMD3YFdT9xT6TfOt3PG1tNwWV7xrz2qBSSqGAhsDeAW1LvxJ4LQwmoTKkeVn2oKpt06U+pmlXmDG77Gf5LsMlx7RlMiRvaiwnANMtZt5s8Bk/hYwZonAIVdGd4WWZ8QSVkQZ3K3ABSwGit1wJ5dZkhCxfBbp6ntK5GY7NvKnUnycViY2MlncUNpTstuivu6/FFvvjlXqaZ46ba8t+rFFPBOlkeiEf2qr2p1f+u/h4sddnKqRjtCQNo/gFZy/ZPtfcDUzW7kSYM3UR79T2tV9DimPQ9LqOADmtjG6wD8IAS8lXoM/J0Lih161vA8XwD4CDP2cA/I2B/xatLm/tqRDAQbPJ/jQaLW/rqCqy+bZcE6uUmZnZ7sFIKpcdRX3/vqzPvUBRul5qfsKcmzm5Q5sw/pInzadpfDWdjyMSsvvH18ZjB7ZusaXgFlwS7mKHSCiJSe7A==",
  "ciphertextCrc32c": "2639283167",
  "protectionLevel": "SOFTWARE"
}
* Connection #0 to host cloudkms.googleapis.com left intact
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ 
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ 
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ 
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ curl -v "https://cloudkms.googleapis.com/v1/projects/$DEVSHELL_PROJECT_ID/locations/global/keyRings/$KEYRING_NAME/cryptoKeys/$CRYPTOKEY_NAME:encrypt" \
  -d "{\"plaintext\":\"$PLAINTEXT\"}" \
  -H "Authorization:Bearer $(gcloud auth application-default print-access-token)"\
  -H "Content-Type:application/json" \
| jq .ciphertext -r > 1.encrypted
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 74.125.197.95:443...
* Connected to cloudkms.googleapis.com (74.125.197.95) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [15 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [4395 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [78 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=upload.video.google.com
*  start date: Jul 10 08:21:11 2023 GMT
*  expire date: Oct  2 08:21:10 2023 GMT
*  subjectAltName: host "cloudkms.googleapis.com" matched cert's "*.googleapis.com"
*  issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0x5632996832c0)
} [5 bytes data]
> POST /v1/projects/qwiklabs-gcp-03-6ca5b3b7ee09/locations/global/keyRings/test/cryptoKeys/qwiklab:encrypt HTTP/2
> Host: cloudkms.googleapis.com
> user-agent: curl/7.74.0
> accept: */*
> authorization:Bearer ya29.a0AfB_byDUBAjp3mNQlPpUwo-8prfNw2B5Whr1BOTjxB8cHToNma0uw19cqx8gyAzeYbdm1OXrxcnIw-uxMhLSzEWyskBb79xRWVFl36fLQftPOx-5Bz6tm20LW1vi1sjkDKDEiXqP3h8MLWI1ph6dcYiFKePQTvEJVks8iho1keNNHA8bblksK9tFCTyTVFv7awSvRQzaDQykCV6frYMIDFX3ZvEAATEfKO_nj-X1yqjYimD3mb5T8kVxdqv2PGcJuuSkQihbeqWEFAjUR41V9EpZeyURUFSesIZxzGpauo5Jl_W9CN5r7wr8Q7Od4ikd1LowzibUOXQSNnmyC-aEWoRxydcx3W__Jd3zb8oTFia0J4wD3QKlShVBnt1bkbs-EKth6l13LldabAu0aDc--Pn7-waCgYKAW0SARESFQHsvYlsO1dMZZbKTiWIv-YB4Ze79Q0417
> content-type:application/json
> content-length: 2384
{ [5 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
} [5 bytes data]
* We are completely uploaded and fine
{ [5 bytes data]
< HTTP/2 200 
< content-type: application/json; charset=UTF-8
< vary: X-Origin
< vary: Referer
< vary: Origin,Accept-Encoding
< date: Thu, 03 Aug 2023 20:04:56 GMT
< server: ESF
< cache-control: private
< x-xss-protection: 0
< x-frame-options: SAMEORIGIN
< x-content-type-options: nosniff
< accept-ranges: none
{ [5 bytes data]
100  5077    0  2693  100  2384  24261  21477 --:--:-- --:--:-- --:--:-- 45738
* Connection #0 to host cloudkms.googleapis.com left intact
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ 
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ 
student_04_140dad0d0d33@cloudshell:~ (qwiklabs-gcp-03-6ca5b3b7ee09)$ curl -v "https://cloudkms.googleapis.com/v1/projects/$DEVSHELL_PROJECT_ID/locations/global/keyRings/$KEYRING_NAME/cryptoKeys/$CRYPTOKEY_NAME:decrypt" \
  -d "{\"ciphertext\":\"$(cat 1.encrypted)\"}" \
  -H "Authorization:Bearer $(gcloud auth application-default print-access-token)"\
  -H "Content-Type:application/json" \
| jq .plaintext -r | base64 -d
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 74.125.197.95:443...
* Connected to cloudkms.googleapis.com (74.125.197.95) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [15 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [4395 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [79 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=upload.video.google.com
*  start date: Jul 10 08:21:11 2023 GMT
*  expire date: Oct  2 08:21:10 2023 GMT
*  subjectAltName: host "cloudkms.googleapis.com" matched cert's "*.googleapis.com"
*  issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0x559fedd0e2c0)
} [5 bytes data]
> POST /v1/projects/qwiklabs-gcp-03-6ca5b3b7ee09/locations/global/keyRings/test/cryptoKeys/qwiklab:decrypt HTTP/2
> Host: cloudkms.googleapis.com
> user-agent: curl/7.74.0
> accept: */*
> authorization:Bearer ya29.a0AfB_byDUBAjp3mNQlPpUwo-8prfNw2B5Whr1BOTjxB8cHToNma0uw19cqx8gyAzeYbdm1OXrxcnIw-uxMhLSzEWyskBb79xRWVFl36fLQftPOx-5Bz6tm20LW1vi1sjkDKDEiXqP3h8MLWI1ph6dcYiFKePQTvEJVks8iho1keNNHA8bblksK9tFCTyTVFv7awSvRQzaDQykCV6frYMIDFX3ZvEAATEfKO_nj-X1yqjYimD3mb5T8kVxdqv2PGcJuuSkQihbeqWEFAjUR41V9EpZeyURUFSesIZxzGpauo5Jl_W9CN5r7wr8Q7Od4ikd1LowzibUOXQSNnmyC-aEWoRxydcx3W__Jd3zb8oTFia0J4wD3QKlShVBnt1bkbs-EKth6l13LldabAu0aDc--Pn7-waCgYKAW0SARESFQHsvYlsO1dMZZbKTiWIv-YB4Ze79Q0417
> content-type:application/json
> content-length: 2497
{ [5 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
} [5 bytes data]
* We are completely uploaded and fine
{ [5 bytes data]
< HTTP/2 200 
< content-type: application/json; charset=UTF-8
< vary: X-Origin
< vary: Referer
< vary: Origin,Accept-Encoding
< date: Thu, 03 Aug 2023 20:05:11 GMT
< server: ESF
< cache-control: private
< x-xss-protection: 0
< x-frame-options: SAMEORIGIN
< x-content-type-options: nosniff
< accept-ranges: none
{ [5 bytes data]
100  4978    0  2481  100  2497  21763  21903 --:--:-- --:--:-- --:--:-- 43666
* Connection #0 to host cloudkms.googleapis.com left intact
Message-ID: <16159836.1075855377439.JavaMail.evans@thyme>
Date: Fri, 7 Dec 2001 10:06:42 -0800 (PST)
From: heather.dunton@enron.com
To: k..allen@enron.com
Subject: RE: West Position
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-From: Dunton, Heather </O=ENRON/OU=NA/CN=RECIPIENTS/CN=HDUNTON>
X-To: Allen, Phillip K. </O=ENRON/OU=NA/CN=RECIPIENTS/CN=Pallen>
X-cc: 
X-bcc: 
X-Folder: \Phillip_Allen_Jan2002_1\Allen, Phillip K.\Inbox
X-Origin: Allen-P
X-FileName: pallen (Non-Privileged).pst

 
Please let me know if you still need Curve Shift.

Thanks,
Heather
 -----Original Message-----
From:   Allen, Phillip K.  
Sent:   Friday, December 07, 2001 5:14 AM
To:     Dunton, Heather
Subject:        RE: West Position

Heather,

Did you attach the file to this email?

 -----Original Message-----
From:   Dunton, Heather  
Sent:   Wednesday, December 05, 2001 1:43 PM
To:     Allen, Phillip K.; Belden, Tim
Subject:        FW: West Position

Attached is the Delta position for 1/16, 1/30, 6/19, 7/13, 9/21


 -----Original Message-----
From:   Allen, Phillip K.  
Sent:   Wednesday, December 05, 2001 6:41 AM
To:     Dunton, Heather
Subject:        RE: West Position

Heather,

This is exactly what we need.  Would it possible to add the prior day for each of the dates below to the pivot table.  In order to validate the curve shift on the dates below we also need the prior days ending positions.

Thank you,

Phillip Allen

 -----Original Message-----
From:   Dunton, Heather  
Sent:   Tuesday, December 04, 2001 3:12 PM
To:     Belden, Tim; Allen, Phillip K.
Cc:     Driscoll, Michael M.
Subject:        West Position


Attached is the Delta position for 1/18, 1/31, 6/20, 7/16, 9/24



 << File: west_delta_pos.xls >> 

Let me know if you have any questions.





C:\Users\Ketan.Patel\Desktop\2023-08-03 13_18_33-.png




-gcp-03-6ca5b3b7ee09)$ history
    1  gcloud auth list
    2  gcloud config list project
    3  BUCKET_NAME="qwiklabs-gcp-03-6ca5b3b7ee09-enron_corpus"
    4  echo $BUCKET_NAME
    5  gsutil mb gs://${BUCKET_NAME}
    6  gsutil cp gs://enron_emails/allen-p/inbox/1. .
    7  tail 1
    8  ls
    9  ls -l
   10  tail 1.
   11  gcloud services enable cloudkms.googleapis.com
   12  gcloud services list
   13  \
   14  KEYRING_NAME=test CRYPTOKEY_NAME=qwiklab
   15  gcloud kms keyrings create $KEYRING_NAME --location global
   16  gcloud kms keys create $CRYPTOKEY_NAME --location global --keyring $KEYRING_NAME --purpose encryption
   17  tail 1.
   18  PLAINTEXT=$(cat 1. | base64 -w0)
   19  curl -v "https://cloudkms.googleapis.com/v1/projects/$DEVSHELL_PROJECT_ID/locations/global/keyRings/$KEYRING_NAME/cryptoKeys/$CRYPTOKEY_NAME:encrypt"   -d "{\"plaintext\":\"$PLAINTEXT\"}"   -H "Authorization:Bearer $(gcloud auth application-default print-access-token)"  -H "Content-Type: application/json"
   20  curl -v "https://cloudkms.googleapis.com/v1/projects/$DEVSHELL_PROJECT_ID/locations/global/keyRings/$KEYRING_NAME/cryptoKeys/$CRYPTOKEY_NAME:encrypt"   -d "{\"plaintext\":\"$PLAINTEXT\"}"   -H "Authorization:Bearer $(gcloud auth application-default print-access-token)"  -H "Content-Type:application/json" | jq .ciphertext -r > 1.encrypted
   21  curl -v "https://cloudkms.googleapis.com/v1/projects/$DEVSHELL_PROJECT_ID/locations/global/keyRings/$KEYRING_NAME/cryptoKeys/$CRYPTOKEY_NAME:decrypt"   -d "{\"ciphertext\":\"$(cat 1.encrypted)\"}"   -H "Authorization:Bearer $(gcloud auth application-default print-access-token)"  -H "Content-Type:application/json" | jq .plaintext -r | base64 -d
   22  gsutil cp 1.encrypted gs://${BUCKET_NAME}
   23  history
   24  USER_EMAIL=$(gcloud auth list --limit=1 2>/dev/null | grep '@' | awk '{print $2}')
   25  gcloud auth list --limit=1 2>/dev/null | grep '@' | awk '{print $2}'
   26  USER_EMAIL=$(gcloud auth list --limit=1 2>/dev/null | grep '@' | awk '{print $2}')
   27  gcloud kms keyrings add-iam-policy-binding $KEYRING_NAME     --location global     --member user:$USER_EMAIL     --role roles/cloudkms.admin
   28  gcloud kms keyrings add-iam-policy-binding $KEYRING_NAME     --location global     --member user:$USER_EMAIL     --role roles/cloudkms.cryptoKeyEncrypterDecrypter
   29  gsutil -m cp -r gs://enron_emails/allen-p .
   30  ls
   31  ls -l allen-p/
   32  ls -lR allen-p/
   33  MYDIR=allen-p
   34  FILES=$(find $MYDIR -type f -not -name "*.encrypted")
   35  for file in $FILES; do   PLAINTEXT=$(cat $file | base64 -w0);   curl -v "https://cloudkms.googleapis.com/v1/projects/$DEVSHELL_PROJECT_ID/locations/global/keyRings/$KEYRING_NAME/cryptoKeys/$CRYPTOKEY_NAME:encrypt"     -d "{\"pla






Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

AppEngine - Python

tudent_04_347b5286260a@cloudshell:~/python-docs-samples/appengine/standard_python3/hello_world (qwiklabs-gcp-00-88834e0beca1)$ sudo apt upda...

  • CC
  • Configuring IAM Permissions with gcloud
    What is IAM? Google Cloud offers Cloud Identity and Access Management (IAM), which lets you manage access control by defining who (identity)...
  • Kafka on Kubernetes
      Deploying Kafka on Kubernetes(GKE) using Strimzi Operator: Kafka: Apache Kafka is an event streaming platform.  Kafka combines three key c...