Crie um conjunto de dados com uma chave de criptografia gerenciada pelo cliente
Mantenha tudo organizado com as coleções
Salve e categorize o conteúdo com base nas suas preferências.
O exemplo a seguir cria um conjunto de dados chamado "mydataset" e também usa os recursos "google_kms_crypto_key" e "google_kms_key_ring" para especificar uma chave do Cloud Key Management Service para o conjunto de dados. É necessário ativar a API Cloud Key Management Service antes de executar este exemplo.
Mais informações
Para ver a documentação detalhada que inclui este exemplo de código, consulte:
Exemplo de código
Exceto em caso de indicação contrária, o conteúdo desta página é licenciado de acordo com a Licença de atribuição 4.0 do Creative Commons, e as amostras de código são licenciadas de acordo com a Licença Apache 2.0. Para mais detalhes, consulte as políticas do site do Google Developers. Java é uma marca registrada da Oracle e/ou afiliadas.
[[["Fácil de entender","easyToUnderstand","thumb-up"],["Meu problema foi resolvido","solvedMyProblem","thumb-up"],["Outro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Informações incorretas ou exemplo de código","incorrectInformationOrSampleCode","thumb-down"],["Não contém as informações/amostras de que eu preciso","missingTheInformationSamplesINeed","thumb-down"],["Problema na tradução","translationIssue","thumb-down"],["Outro","otherDown","thumb-down"]],[],[[["\u003cp\u003eThis code creates a BigQuery dataset named \u003ccode\u003emydataset\u003c/code\u003e using Terraform.\u003c/p\u003e\n"],["\u003cp\u003eIt uses the \u003ccode\u003egoogle_kms_crypto_key\u003c/code\u003e and \u003ccode\u003egoogle_kms_key_ring\u003c/code\u003e resources to configure a Cloud Key Management Service key for the dataset's encryption.\u003c/p\u003e\n"],["\u003cp\u003eThe configuration sets default partition and table expiration times, along with a description, location, time travel hours and labels for the dataset.\u003c/p\u003e\n"],["\u003cp\u003eIt grants the BigQuery service account permission to encrypt and decrypt Cloud KMS keys.\u003c/p\u003e\n"],["\u003cp\u003eThe code sets up a random ID, then uses it in the KMS key ring configuration, while also ensuring that the BigQuery service account has the necessary permissions to interact with the Cloud KMS keys.\u003c/p\u003e\n"]]],[],null,["# Create a dataset with a customer-managed encryption key\n\nThe following example creates a dataset named \\`mydataset\\`, and also uses the \\`google_kms_crypto_key\\` and \\`google_kms_key_ring\\` resources to specify a Cloud Key Management Service key for the dataset. You must enable the Cloud Key Management Service API before running this example.\n\nExplore further\n---------------\n\n\nFor detailed documentation that includes this code sample, see the following:\n\n- [Create datasets](/bigquery/docs/datasets)\n\nCode sample\n-----------\n\n### Terraform\n\n\nTo learn how to apply or remove a Terraform configuration, see\n[Basic Terraform commands](/docs/terraform/basic-commands).\n\n\nFor more information, see the\n[Terraform provider reference documentation](https://registry.terraform.io/providers/hashicorp/google/latest/docs).\n\n resource \"google_bigquery_dataset\" \"default\" {\n dataset_id = \"mydataset\"\n default_partition_expiration_ms = 2592000000 # 30 days\n default_table_expiration_ms = 31536000000 # 365 days\n description = \"dataset description\"\n location = \"US\"\n max_time_travel_hours = 96 # 4 days\n\n default_encryption_configuration {\n kms_key_name = google_kms_crypto_key.crypto_key.id\n }\n\n labels = {\n billing_group = \"accounting\",\n pii = \"sensitive\"\n }\n depends_on = [google_project_iam_member.service_account_access]\n }\n\n resource \"google_kms_crypto_key\" \"crypto_key\" {\n name = \"example-key\"\n key_ring = google_kms_key_ring.key_ring.id\n }\n\n resource \"random_id\" \"default\" {\n byte_length = 8\n }\n\n resource \"google_kms_key_ring\" \"key_ring\" {\n name = \"${random_id.default.hex}-example-keyring\"\n location = \"us\"\n }\n\n # Enable the BigQuery service account to encrypt/decrypt Cloud KMS keys\n data \"google_project\" \"project\" {\n }\n\n resource \"google_project_iam_member\" \"service_account_access\" {\n project = data.google_project.project.project_id\n role = \"roles/cloudkms.cryptoKeyEncrypterDecrypter\"\n member = \"serviceAccount:bq-${data.google_project.project.number}@bigquery-encryption.iam.gserviceaccount.com\"\n }\n\nWhat's next\n-----------\n\n\nTo search and filter code samples for other Google Cloud products, see the\n[Google Cloud sample browser](/docs/samples?product=bigquery)."]]
