A small utility library that creates CSR's where the private key is stored in GCP KMS.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) { // create builder factory that will cache key meta data CsrBuilderFactory factory = CsrBuilderFactory.builder(client) .withKeyCacheDuration(Duration.ofMinutes(20)) .build(); // you need a key for the csr String resourceId = "projects/your-project/locations/your-location/keyRings/your-keyring/cryptoKeys/your-key/cryptoKeyVersions/version" CryptoKeyVersionName keyName = CryptoKeyVersionName.parse(resourceId); // create a csr using a builder String csrPem = factory.builder() .forPrincipal(new X500Principal("CN=io.github.fungrim, O=Fungrim Consulting AB, OU=, C=SE, L=Stockholm")) .withKey(keyName) .build() .asPem(); // profit!! System.out.println(csrPem); }