English
Bahasa Indonesia
Deutsch
Español
Español – América Latina
Français
Italiano
Polski
Português – Brasil
Tiếng Việt
Türkçe
Русский
עברית
العربيّة
فارسی
हिंदी
বাংলা
ภาษาไทย
中文 – 简体
中文 – 繁體
日本語
한국어

Get key credentials

Once you create a key in your external Key Management System (KMS) and get its URI, Tink needs credentials to use your key:

Google Cloud KMS credentials are service account JSON files that can be created and downloaded from Google Cloud Console.
AWS KMS credentials are properties files with the AWS access key ID in the accessKey property, and the AWS secret key in the secretKey property.
HashiCorp Vault credentials are service tokens that can be created by the vault token create command. (This is currently only available in Golang.)

Once you have the credentials available, you can use Tink APIs or Tinkey to generate encrypted keysets.

If you don’t supply credentials, Tink and Tinkey will attempt to load default credentials. Refer to the documentation for your KMS for more information on default credentials:

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2022-11-24 UTC.