-
If you haven't already, set up a Java Development Environment (including google-cloud-sdk and maven utilities) by following the java setup guide and create a project.
-
Create a 2nd Gen Cloud SQL Instance by following these instructions. Note the connection string, database user, and database password that you create.
-
Create a database for your application by following these instructions. Note the database name.
-
Create a KMS key for your application by following these instructions. Copy the resource name of your created key.
-
Create a service account with the 'Cloud SQL Client' permissions by following these instructions. Then, add the 'Cloud KMS CryptoKey Encrypter/Decrypter' permission for the key to your service account by following these instructions.
Before running, copy the example.envrc file to .envrc and replace the values for
GOOGLE_APPLICATION_CREDENTIALS, DB_USER, DB_PASS, DB_NAME, INSTANCE_CONNECTION_NAME,
and CLOUD_KMS_URI with the values from your project. Then run source .envrc or optionally use
direnv.
Once the environment variables have been set, run:
mvn exec:java -Dexec.mainClass=cloudsql.tink.EncryptAndInsertData
and
mvn exec:java -Dexec.mainClass=cloudsql.tink.QueryAndDecryptData