I tried to encrypt the contents of a file and to write the encrypted data to a cipher file with Google cloud KMS. But the php script shows a permission error. Here's the php script I tried
$cryptoKeyName = $kms->cryptoKeyName($projectId, $locationId, $keyRingId, $cryptoKeyId);
$plaintext = file_get_contents($plaintextFileName);
$response = $kms->encrypt($cryptoKeyName, $plaintext);
file_put_contents($ciphertextFileName, $response->getCiphertext());
I got this error
Fatal error: Uncaught Google\ApiCore\ApiException: { "message": "Permission 'cloudkms.cryptoKeyVersions.useToEncrypt' denied for resource 'projects/testproject/locations/global/keyRings/test/cryptoKeys/testkey'.", "code": 7, "status": "PERMISSION_DENIED", "details": [] } thrown in /home/xxxxx/xxx.com/vendor/google/gax/src/ApiException.php on line 139
When I print the user permission, it shows
Role: roles/cloudkms.admin Members: user:renjith@pi-digi.com Role: roles/cloudkms.cryptoKeyEncrypterDecrypter Members: user:renjith@pi-digi.com`
