Configure key in Google KMS
Creating a Google Cloud Project
1. Go to Google Cloud Platform.
2. Click Encryption EAR, then click NEW PROJECT.
3. Give a Project name, set your Location, then click Create.
Creating a Service account in Google cloud
1. Click APIs & Services in the left menu, then click Credentials.
2. Click +CREATE CREDENTIALS, then select Service account.
3. Give a Service account name, Service account ID, then click Done.
4. Under Service Accounts, select the relevant Email Id.
5. To create RSA Authentication key, click KEYS, then click ADD KEY, and select Create new key from the dropdown menu.
6. Select JSON for downloading the respective RSA Private Key, then click CREATE.
This file should be configured in Zoho directory for remote authentication.
Creating a Symmetric key in Google Cloud
1. Click Security in the left menu, then click Key Management.
2. If you are accessing this page for the first time, you'll be prompted to enable Google Cloud KMS API. Under Cloud Key Management Service (KMS) API, click Enable.
3. After enabling Google Cloud KMS API, go to Key Management in the left menu, then click + CREATE KEY RING and create a Key Ring.
4. Give a Key ring name, set the Location type, then click Create.
5. Give a Key name, select a Protection Level, Key material, Purpose and algorithm, Versions, click CONTINUE, then click CREATE.
6. To grant the service account access to the key/key ring, select the key from the list, then click ADD PRINCIPAL.
7. Under New principals, enter the Service account email Id. Under Assign roles, select Cloud KMS, then select Cloud KMS Crypto Operator and click Save.
Credentials required for BYOK integration in Zoho Directory:
- ProjectId
- locationId
- Key Ring name
- key purpose
- key version
- key name
- Service account RSA private key JSON file
REST APIs used for Integration:
Generating Access Token:
https://oauth2.googleapis.com/token