我正在一个Java项目上工作,我需要从GCP获取加密密钥。这是我的代码
`
public PublicKey fetchKey() {
try {
KeyManagementServiceSettings keyManagementServiceSettings =
KeyManagementServiceSettings.newBuilder()
.setCredentialsProvider(FixedCredentialsProvider.create(GoogleCredentials.getApplicationDefault()
.createScoped(Collections.singleton("https://www.googleapis.com/auth/cloudkms"))))
.build();
KeyManagementServiceClient client =
KeyManagementServiceClient.create(keyManagementServiceSettings);
// Build the key version name from the project, location, key ring, key,
// and key version.
CryptoKeyVersionName keyVersionName =
CryptoKeyVersionName.of("khgvjgvhjyfjghb", "global", "test-key",
"test-key", "3");
// Get the public key.
PublicKey publicKey = client.getPublicKey(keyVersionName);
//this.secretKey = publicKey.toByteArray();
return publicKey;
}catch (Exception e){
throw new Exception(e);
}
}
我一直得到这个无权限错误。我检查过了,我的帐户确实有访问密钥的权限,GCP文档对此没有太多说明
请帮助Caused by: io.grpc.StatusRuntimeException: PERMISSION_DENIED: Permission 'cloudkms.cryptoKeyVersions.viewPublicKey' denied on resource
我从官方gcp文档中尝试了这段代码,我期望公钥
似乎很可能您没有专门查看公钥的正确权限。包含viewPublicKey权限的角色请参见https://cloud.google.com/kms/docs/reference/permissions-and-roles。如果您确实拥有该权限,请使用您的凭据当前分配的IAM角色更新您的帖子。
也有可能您正在使用的应用程序默认凭据与您检查权限的凭据不同。我建议您确认是否使用了正确的凭据。