feat: Add module to get a Key from the GCP Project

security/gcp/get-kms/README.md

@@ -0,0 +1,52 @@
+# Cloud KMS
+
+Cloud Key Management Service allows you to create, import, and manage cryptographic keys and perform cryptographic
+operations in a single centralized cloud service. You can use these keys and perform these operations by using Cloud KMS
+directly, by using Cloud HSM or Cloud External Key Manager, or by using Customer-Managed Encryption Keys (CMEK) integrations
+within other Google Cloud services.
+
+This module retrieve a key from the GCP project. The retrieved keys are used by the service accounts for 
+encrypt and decrypt the data (by adding decrypt/encrypt rights on the kms key for the service accounts).
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_google"></a> [google](#requirement\_google) | >= 4.75.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_google"></a> [google](#provider\_google) | >= 4.75.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [google_client_config.current](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source |
+| [google_kms_crypto_key.my_crypto_keys](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/kms_crypto_key) | data source |
+| [google_kms_key_ring.my_key_ring](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/kms_key_ring) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_crypto_key_names"></a> [crypto\_key\_names](#input\_crypto\_key\_names) | The names of the crypto keys to retrieve from the GCP project. | `list(string)` | n/a | yes |
+| <a name="input_key_ring_name"></a> [key\_ring\_name](#input\_key\_ring\_name) | The key ring name on which the crypto key belongs to. | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_key_ring_id"></a> [key\_ring\_id](#output\_key\_ring\_id) | The ID of the KeyRing. |
+| <a name="output_key_ring_location"></a> [key\_ring\_location](#output\_key\_ring\_location) | The location for the KeyRing. |
+| <a name="output_key_ring_name"></a> [key\_ring\_name](#output\_key\_ring\_name) | The resource name for the KeyRing. |
+| <a name="output_my_crypto_key_output"></a> [my\_crypto\_key\_output](#output\_my\_crypto\_key\_output) | The crypto keys on the GCP project from the specified KeyRing. |
+<!-- END_TF_DOCS -->

security/gcp/get-kms/examples/README.md

@@ -0,0 +1,4 @@
+# Simple GCP Cloud KMS
+
+Terraform scripts to get a kms key from the GCP project. 
+

security/gcp/get-kms/examples/simple/README.md

@@ -0,0 +1,38 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_google"></a> [google](#requirement\_google) | ~> 4.75.0 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_simple_kms"></a> [simple\_kms](#module\_simple\_kms) | ../../../get-kms | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_project"></a> [project](#input\_project) | Project name | `string` | n/a | yes |
+| <a name="input_region"></a> [region](#input\_region) | The GCP region used to deploy the KMS. | `string` | `"europe-west9"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_key_ring_id"></a> [key\_ring\_id](#output\_key\_ring\_id) | The ID of the KeyRing. |
+| <a name="output_key_ring_location"></a> [key\_ring\_location](#output\_key\_ring\_location) | The location for the KeyRing. |
+| <a name="output_key_ring_name"></a> [key\_ring\_name](#output\_key\_ring\_name) | The resource name for the KeyRing. |
+| <a name="output_my_crypto_key_output"></a> [my\_crypto\_key\_output](#output\_my\_crypto\_key\_output) | The crypto keys on the GCP project from the specified KeyRing. |
+<!-- END_TF_DOCS -->

security/gcp/get-kms/examples/simple/main.tf

@@ -0,0 +1,5 @@
+module "simple_kms" {
+  source           = "../../../get-kms"
+  key_ring_name    = "test"
+  crypto_key_names = ["my-key-name", "my-key-name2"]
+}

security/gcp/get-kms/examples/simple/outputs.tf

@@ -0,0 +1,19 @@
+output "my_crypto_key_output" {
+  description = "The crypto keys on the GCP project from the specified KeyRing."
+  value       = module.simple_kms.my_crypto_key_output
+}
+
+output "key_ring_name" {
+  description = "The resource name for the KeyRing."
+  value       = module.simple_kms.key_ring_name
+}
+
+output "key_ring_location" {
+  description = "The location for the KeyRing."
+  value       = module.simple_kms.key_ring_location
+}
+
+output "key_ring_id" {
+  description = "The ID of the KeyRing."
+  value       = module.simple_kms.key_ring_id
+}

security/gcp/get-kms/examples/simple/variables.tf

@@ -0,0 +1,10 @@
+variable "region" {
+  description = "The GCP region used to deploy the KMS."
+  type        = string
+  default     = "europe-west9"
+}
+
+variable "project" {
+  description = "Project name"
+  type        = string
+}

security/gcp/get-kms/examples/simple/versions.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_version = ">= 1.0"
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 4.75.0"
+    }
+  }
+}
+
+provider "google" {
+  project = var.project
+  region  = var.region
+}

security/gcp/get-kms/main.tf

@@ -0,0 +1,12 @@
+data "google_kms_key_ring" "my_key_ring" {
+  name     = var.key_ring_name
+  location = data.google_client_config.current.region
+}
+
+data "google_kms_crypto_key" "my_crypto_keys" {
+  for_each = toset(var.crypto_key_names)
+  name     = each.value
+  key_ring = data.google_kms_key_ring.my_key_ring.id
+}
+
+data "google_client_config" "current" {}

security/gcp/get-kms/outputs.tf

@@ -0,0 +1,19 @@
+output "my_crypto_key_output" {
+  description = "The crypto keys on the GCP project from the specified KeyRing."
+  value       = { for key, value in data.google_kms_crypto_key.my_crypto_keys : key => value.id }
+}
+
+output "key_ring_name" {
+  description = "The resource name for the KeyRing."
+  value       = data.google_kms_key_ring.my_key_ring.name
+}
+
+output "key_ring_location" {
+  description = "The location for the KeyRing."
+  value       = data.google_kms_key_ring.my_key_ring.location
+}
+
+output "key_ring_id" {
+  description = "The ID of the KeyRing."
+  value       = data.google_kms_key_ring.my_key_ring.id
+}

security/gcp/get-kms/variables.tf

@@ -0,0 +1,9 @@
+variable "crypto_key_names" {
+  description = "The names of the crypto keys to retrieve from the GCP project."
+  type        = list(string)
+}
+
+variable "key_ring_name" {
+  description = "The key ring name on which the crypto key belongs to."
+  type        = string
+}

security/gcp/get-kms/versions.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.0"
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = ">= 4.75.0"
+    }
+  }
+}