GNUPG and Google Cloud

C.J. Collier cjac at colliertech.org
Tue Aug 16 22:29:19 CEST 2022


Hi David,

I would take a look at Secret Manager[1] as a way to store your private key
material confidentially.  Perhaps consider Cloud Run[2] as a mechanism for
execution of arbitrary code, in this case for instance with the
encryption/decryption pipeline using the python runtime and python-gnupg[3]
library.

You might instead find Cloud Pub/Sub[4] and Dataflow[5] to be useful for
streaming the data from your on-prem environment to GCS, and from GCS to
BigQuery.

In short, yes, there are a variety of ways to perform the steps that you're
talking about on GCP.  You should be able to develop a proof of concept on
a small scale while staying within the limits of the free tier[6].  I'm not
quite clear on why you would want to encrypt the data when you will
eventually decrypt it for storage into BigQuery, but yes, it is feasible.

C.J.

[1] https://cloud.google.com/secret-manager
[2] https://cloud.google.com/run
[3] https://pypi.org/project/python-gnupg/
[4] https://cloud.google.com/pubsub
[5] https://cloud.google.com/dataflow
[6] https://cloud.google.com/free

On Tue, Aug 16, 2022 at 11:33 AM David Gordon <DavidWGordon1011 at outlook.com>
wrote:

> CJ,
>
>
>
> We were looking for a server-less solution. What we want to do is take
> data from a legacy mainframe system, encrypt it via PGP, and then via GKE
> transfer it to Cloud Storage. From there we want to decrypt it via GnuPG,
> save it in Cloud Storage and then load it into Big Query.
>
>
>
> Thanks,
>
> David
>
>
>
> *From:* C.J. Collier <cjac at colliertech.org>
> *Sent:* Tuesday, August 16, 2022 10:23 AM
> *To:* David Gordon <DavidWGordon1011 at outlook.com>
> *Cc:* gnupg-users at gnupg.org
> *Subject:* Re: GNUPG and Google Cloud
>
>
>
> Hi there!
>
>
>
> Are you looking for a server-less solution or will a Debian instance on
> GCE or GKE suffice?
>
>
>
> You can "deploy" GNUPG with apt-get.  Decrypting content would require
> getting a private key or an agent onto the system.
>
>
>
> Can you give more details about what you're looking for?
>
>
>
> C.J. in Cloud Support, Seattle
>
> GCP Technical Solutions Engineer
>
>
>
>
>
> On Tue, Aug 16, 2022, 05:49 David Gordon via Gnupg-users <
> gnupg-users at gnupg.org> wrote:
>
> Can GnuPG be deployed to GCP to decrypt files? If so, is there a
> recommended approach?
>
>
>
> Thanks,
>
> David
>
>
>
> Sent from Mail
> <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkId%3D550986&data=05%7C01%7C%7Cad6622d2400147059b4508da7f92dad8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637962565967612968%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=A2zN6aWVAIQ7H8Zhq2JiSIZ2cEjDy2yKCQdRIX7T7bA%3D&reserved=0>
> for Windows
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnupg-users
> <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.gnupg.org%2Fmailman%2Flistinfo%2Fgnupg-users&data=05%7C01%7C%7Cad6622d2400147059b4508da7f92dad8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637962565967612968%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=EnvRhaqhJaDX%2FlpIwBGk3QjuMcIXh5Gcppuypi5kNYw%3D&reserved=0>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220816/1651fc4d/attachment.html>


More information about the Gnupg-users mailing list