Erebus.KMS.Google (Erebus v0.2.0-rc.2) View Source

This KMS backend uses Google KMS to encrypt/decrypt DEKs. It requires a 2048 bit RSA key with OAEP Padding and SHA256 Digest.

The used key/service account must have access to the following KMS roles:

  • Cloud KMS CryptoKey Encrypter/Decrypter
  • Cloud KMS CryptoKey Public Key Viewer

When using this backend, please provide the following options:

config :my_app, :erebus,
  kms_backend: Erebus.KMS.Google,
  google_project: "someproject",
  google_region: "someregion",
  google_keyring: "some_keyring",
  google_goth: MyApp.Goth