```jsx=
// decrypt function decrypts `cipherSecret` string with Google KMS
function Decrypt(project, location, keyring, key, cipherSecret) {
// parameters for the decryption http call
var params = {
"method" : "POST",
"contentType": "application/json",
"headers": { "Authorization": getOAuth2Token() },
"payload" : JSON.stringify({ "ciphertext": cipherSecret })
};
// create the url with the correct keyring and key names
var url = Utilities.formatString('https://cloudkms.googleapis.com/v1/projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s:decrypt', project, location, keyring, key);
// make the call and extract the decrypted value
var rawResponse = UrlFetchApp.fetch(url, params);
var jsonBody = JSON.parse(rawResponse.getContentText());
var decodedSecret = Utilities.base64Decode(jsonBody.plaintext);
var plainSecret = Utilities.newBlob(decodedSecret).getDataAsString();
return plainSecret;
}
```
```jsx=
// encrypt function encrypts `plainSecret` string with Google KMS
function Encrypt(project, location, keyring, key, plainSecret) {
// parameters for the encryption http call
var params = {
"method" : "POST",
"contentType": "application/json",
"headers": { "Authorization": getOAuth2Token() },
"payload" : JSON.stringify({ "plaintext": Utilities.base64Encode(plainSecret) })
};
// create the url with the correct keyring and key names
var url = Utilities.formatString('https://cloudkms.googleapis.com/v1/projects/%s/locations/%s/keyRings/%s/cryptoKeys/%s:encrypt', project, location, keyring, key);
// make the call and extract the decrypted value
var rawResponse = UrlFetchApp.fetch(url, params);
var jsonBody = JSON.parse(rawResponse.getContentText());
var cipherSecret = jsonBody.ciphertext;
return cipherSecret;
}
```
```jsx=
// create and return a Oauth2 service used to generate an Authorization bearer token
function getOAuth2Token() {
var rawCredentialsJson = '*****' // service account in one line
var serviceAccount = JSON.parse(rawCredentialsJson);
var service = OAuth2.createService('GoogleDrive:' + serviceAccount.client_email)
.setAuthorizationBaseUrl(serviceAccount.auth_uri)
.setTokenUrl(serviceAccount.token_uri)
.setPrivateKey(serviceAccount.private_key)
.setIssuer(serviceAccount.client_email)
.setPropertyStore(PropertiesService.getScriptProperties())
.setCache(CacheService.getUserCache())
.setLock(LockService.getUserLock())
.setScope('https://www.googleapis.com/auth/cloudkms https://www.googleapis.com/auth/cloud-platform');
return 'Bearer ' + service.getAccessToken();
}
```
```jsx=
// used for tests purposes (remove the trailing _ for debugging)
function test_()
{
var kms_project_id = "project_id"
var kms_location = "global"
var kms_keyring = "keyring_name"
var kms_key = "key_name"
var plainData = "salut-les-terriens"
Logger.log("Plain data: " + plainData);
var cipherData = Encrypt(kms_project_id, kms_location, kms_keyring, kms_key, plainData);
Logger.log("Cipher data: " + cipherData);
decryptedData = Decrypt(kms_project_id, kms_location, kms_keyring, kms_key, cipherData);
Logger.log("Decrypted data: " + decryptedData);
}
```
Sign in with Wallet
Connect another wallet