Shared helpers for the Google Cloud KMS signer backends
(Cartouche.Signer.CloudKMS and Cartouche.Solana.Signer.CloudKMS).
The HTTP transport (get_public_key/3, asymmetric_sign/4) is identical for
both the secp256k1 (Ethereum) and Ed25519 (Solana) signers — only the request
body and the public-key parsing differ, and those stay in the signer modules.
Goth credential resolution stays in the signers too, since Goth is an
optional dependency and this module is always loaded.
config_key is the signer module (passed as __MODULE__); it selects that
signer's Application.get_env(:cartouche, config_key) block, so per-signer
:req_options continue to resolve under their existing keys.
Summary
Functions
Calls asymmetricSign on a KMS key version. body is the signer-specific
request payload (%{digest: ...} for secp256k1, %{data: ...} for Ed25519).
Fetches the PEM-encoded public key for a KMS key version. Returns the raw KMS
JSON map (%{"algorithm" => _, "pem" => _}); the caller parses the PEM for its
curve.
Builds the fully-qualified Cloud KMS crypto-key-version resource name from its
component parts, e.g.
projects/p/locations/l/keyRings/kc/cryptoKeys/k/cryptoKeyVersions/v.
Functions
Calls asymmetricSign on a KMS key version. body is the signer-specific
request payload (%{digest: ...} for secp256k1, %{data: ...} for Ed25519).
Fetches the PEM-encoded public key for a KMS key version. Returns the raw KMS
JSON map (%{"algorithm" => _, "pem" => _}); the caller parses the PEM for its
curve.
@spec key_version_name( String.t(), String.t(), String.t(), String.t(), String.t() | non_neg_integer() ) :: String.t()
Builds the fully-qualified Cloud KMS crypto-key-version resource name from its
component parts, e.g.
projects/p/locations/l/keyRings/kc/cryptoKeys/k/cryptoKeyVersions/v.