Merge pull request #6 from scaleway/doc/full-examples

enzzc · web-flow · commit ec100190aaae · 2024-06-12T17:29:47.000+02:00
Add a full example
diff --git a/README.md b/README.md
@@ -8,10 +8,4 @@ The official documentation is available at https://developers.google.com/tink.
 ## Getting Started
 
 1. Create a Key in Scaleway's Key Manager and retrieve its ID.
-2. Check the [example](./integration/scwkms/scw_kms_client_test.go) to use the
-   extension. Make sure to replace the client fields with your own
-   configuration.
-3. Rather than configuring the provider in-app, you can also use Scaleway's
-   configuration file and environment variables. Check [Scaleway's configuration
-   documentation](https://www.scaleway.com/en/docs/developer-tools/scaleway-cli/reference-content/scaleway-configuration-file/)
-   for more details.
+2. Once you have a key ID, you can reuse a full working example in `examples/` to get started.
diff --git a/examples/encrypt_decrypt/go.mod b/examples/encrypt_decrypt/go.mod
@@ -0,0 +1,16 @@
+module main
+
+go 1.22.3
+
+require (
+	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.27
+	github.com/scaleway/tink-go-scwkms v0.1.0
+	github.com/tink-crypto/tink-go/v2 v2.2.0
+)
+
+require (
+	golang.org/x/crypto v0.23.0 // indirect
+	golang.org/x/sys v0.20.0 // indirect
+	google.golang.org/protobuf v1.34.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+)
diff --git a/examples/encrypt_decrypt/go.sum b/examples/encrypt_decrypt/go.sum
@@ -0,0 +1,18 @@
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/scaleway/scaleway-sdk-go v1.0.0-beta.27 h1:yGAraK1uUjlhSXgNMIy8o/J4LFNcy7yeipBqt9N9mVg=
+github.com/scaleway/scaleway-sdk-go v1.0.0-beta.27/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg=
+github.com/scaleway/tink-go-scwkms v0.1.0 h1:fp/g+9PzuZzFXn9JdVmGU163G5edLKb/w+dZdg3x7WA=
+github.com/scaleway/tink-go-scwkms v0.1.0/go.mod h1:3mfuRK8omCRCDgViq82RPcPEPeXSxPelNh2zKH6mugw=
+github.com/tink-crypto/tink-go/v2 v2.2.0 h1:L2Da0F2Udh2agtKztdr69mV/KpnY3/lGTkMgLTVIXlA=
+github.com/tink-crypto/tink-go/v2 v2.2.0/go.mod h1:JJ6PomeNPF3cJpfWC0lgyTES6zpJILkAX0cJNwlS3xU=
+golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
+golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
+golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
+google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
diff --git a/examples/encrypt_decrypt/main.go b/examples/encrypt_decrypt/main.go
@@ -0,0 +1,59 @@
+package main
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/scaleway/scaleway-sdk-go/scw"
+	"github.com/scaleway/tink-go-scwkms/integration/scwkms"
+	"github.com/tink-crypto/tink-go/v2/aead"
+)
+
+const (
+	keyURIPrefix = "scw-kms://regions/fr-par/keys/"                      // Replace with your region
+	keyURI       = keyURIPrefix + "00000000-0000-0000-0000-000000000000" // Replace with your key ID
+)
+
+func main() {
+
+	// Setup a scw configuration as usual
+	config, err := scw.LoadConfig()
+	if err != nil {
+		log.Fatal(err)
+	}
+	profile, err := config.GetActiveProfile()
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Create the Tink Scaleway client
+	kms, _ := scwkms.NewClientWithOptions(
+		keyURIPrefix,
+		scw.WithProfile(profile),
+		scw.WithEnv(),
+	)
+
+	kekAEAD, _ := kms.GetAEAD(keyURI)
+
+	dekTemplate := aead.AES256GCMKeyTemplate() // Your DEK is an AES-256-GCM key
+	primitive := aead.NewKMSEnvelopeAEAD2(dekTemplate, kekAEAD)
+
+	// Use the primitive to encrypt and decrypt data
+	plaintext := []byte("Hello, World!")
+	associatedData := []byte("example KMS envelope AEAD encryption")
+
+	fmt.Println("Plaintext:", string(plaintext))
+
+	ciphertext, err := primitive.Encrypt(plaintext, associatedData)
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Println("Ciphertext:", ciphertext)
+
+	plaintextBack, err := primitive.Decrypt(ciphertext, associatedData)
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Println("Plaintext again:", string(plaintextBack))
+
+}
