search

tink-crypto / tink

Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
https://developers.google.com/tink
Apache License 2.0
13.47k stars 1.18k forks source link

INVALID_ARGUMENT: GCP KMS encryption failed: empty address list #664

Closed sovongsa closed 1 year ago

sovongsa commented 1 year ago

./bazel-bin/envelope_aead/envelope --mode encrypt \ --gcp_credential_path gcp_account.json \ --kek_uri gcp-kms://projects/proeject/locations/global/keyRings/sample-ring/cryptoKeys/test/cryptoKeyVersions/1 \ --input_path testdata.txt --output_path testdata.txt.encrypted

i am seeing this error tink.core._tink_error.TinkError: INVALID_ARGUMENT: GCP KMS encryption failed: empty address list:

after running above command to encrypt sample text. can you please check empty address list? it is KMS key not found? i dont think it is the issue with the key since i just copy key from resource name. any comment would help thanks!

sovongsa commented 1 year ago

i found a solution for this: i need to do the following steps: curl -Lo roots.pem https://pki.google.com/roots.pem export GRPC_DEFAULT_SSL_ROOTS_FILE_PATH="$PWD/roots.pem"

then run the above bazel command.

morambro commented 1 year ago

Hi @sovongsa, I am closing this issue. Please feel free to reopen it if you have any questions/feedback.