batch-example

Batch Round-Trip Example

In order to run this example, you need to be running a Tenant Security Proxy (TSP) on your machine. Check the README.md file in the parent directory to see how to start the TSP, if you haven't done so yet.

Once the TSP is running, you can experiment with this example Go program. It illustrates the basics of how to use the Tenant Security Client (TSC) SDK to encrypt and decrypt batches of data.

To run the example, you will need to have Go 1.17+ installed on your computer.

export API_KEY='0WUaXesNgbTAuLwn'
go run .

We've assigned an API key for you, but in production you will make your own and edit the TSP configuration with it. This should produce output like:

Using tenant tenant-gcp-l
First decrypted ID: 19828392
Second decrypted ID: 12387643

The decrypted output is printed after round-tripping encryption and decryption of the customer records.

When you run the example, you should see a number of INFO outputs generated by your TSP indicating that it was wrapping a new DEK using the KMS, then unwrapping an EDEK.

If you would like to experiment with a different tenant, just do:

export TENANT_ID=<selected-tenant-ID>
export API_KEY='0WUaXesNgbTAuLwn'
go run .

The list of available tenants is listed in the README.md in the parent directory.

If you set the tenant to tenant-gcp-l and run the program, then compare the logs generated by the TSP to the logs generated when you use tenant-gcp, you can see the difference between using a KMS configuration that has key leasing enabled vs. one that does not.

Additional Resources

If you would like some more in-depth information, our website features a section of technical documentation about the SaaS Shield product.