This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Uploading PEM encoded RSA Keys to KVM

Posted Thursday
raghunathapalle
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi @dchiesa1 

This morning we were trying using https://github.com/DinoChiesa/apigee-load-pem-key-into-kvm

but looks like it needed the private & public key pair to upload to KVM.

In our use case we have public keys only(but not pair) from vendor which are being used for encryption (in request flow) & signature verification (in response flow). Similarly we have our private keys for signing (in request) & decryption (in response). Now we need to upload them to KVM & refer.

we have them hardcoded in AM policy & we have the flow working seamlessly. Need your help on this.

 

error:

Checking for existing entries in KVM 'kvm-secrets'...
Found existing entries.
Found public key rsa-public-key-xenc.pubkey.pem, but the corresponding private key
rsa-private-key-xenc.pubkey.pem is missing. Exiting.

Solved Solved
0 3 46
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

ok can you just modify the example script to fit your requirements? 

There's a test in the script that looks for both public and private key.  Just remove that.  And you may need to modify it to look for a file that matches the pattern your file has. 

And then there is a loop that uploads 2 files. Just modify it so that t uploads only one file. 

would that work? 

Remove lines 111-117

dchiesa1_0-1750965101636.png

Modify line 159 to look only at keytype "public" (remove the word private)

dchiesa1_1-1750965149585.png

Would that work? 

Also this is an EXAMPLE.  In the end you have to own the provisioning scripts. So I don't suppose you would be using exactly what is provided in a git repo.  You will want to understand and own the scripts, maybe parameterize them differently, make them less interactive (because you would want to make them automated, I guess). 

I have found... Gemini to be super useful in coaching me through those kinds of modifications of existing code.

Especially now that there is a Gemini CLI.  I just ask it questions and get answers and code suggestions. Pretty slick! 

Good luck.

View solution in original post

Jump to Solution
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

ok can you just modify the example script to fit your requirements? 

There's a test in the script that looks for both public and private key.  Just remove that.  And you may need to modify it to look for a file that matches the pattern your file has. 

And then there is a loop that uploads 2 files. Just modify it so that t uploads only one file. 

would that work? 

Remove lines 111-117

dchiesa1_0-1750965101636.png

Modify line 159 to look only at keytype "public" (remove the word private)

dchiesa1_1-1750965149585.png

Would that work? 

Also this is an EXAMPLE.  In the end you have to own the provisioning scripts. So I don't suppose you would be using exactly what is provided in a git repo.  You will want to understand and own the scripts, maybe parameterize them differently, make them less interactive (because you would want to make them automated, I guess). 

I have found... Gemini to be super useful in coaching me through those kinds of modifications of existing code.

Especially now that there is a Gemini CLI.  I just ask it questions and get answers and code suggestions. Pretty slick! 

Good luck.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
raghunathapalle
Bronze 3
Bronze 3
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Thank you @dchiesa1 . I was able to modify the script according to my needs & upload the PEM files to the KVM. Removed all the AM policies which had hardcoded PEM files & tested. Its working fine. thanks for all your help.

Jump to Solution

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to raghunathapalle
Reply posted on --/--/---- --:-- AM

whoo!  Excellent! 

Jump to Solution
0 Likes