Method: instances.startWithEncryptionKey

Starts an instance that was stopped using the instances().stop method. For more information, see Restart an instance.

HTTP request

POST https://compute.googleapis.com/compute/v1/projects/{project}/zones/{zone}/instances/{resourceId}/startWithEncryptionKey

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
project

string

Project ID for this request.

zone

string

The name of the zone for this request.

resourceId

string

Name of the instance resource to start.

Query parameters

Parameters
requestId

string

An optional request ID to identify requests. Specify a unique request ID so that if you must retry your request, the server will know to ignore the request if it has already been completed.

For example, consider a situation where you make an initial request and the request times out. If you make the request again with the same request ID, the server can check if original operation with the same request ID was received, and if so, will ignore the second request. This prevents clients from accidentally creating duplicate commitments.

The request ID must be a valid UUID with the exception that zero UUID is not supported (00000000-0000-0000-0000-000000000000).

Request body

The request body contains data with the following structure:

JSON representation
{
  "disks": [
    {
      "source": string,
      "diskEncryptionKey": {
        "sha256": string,
        "kmsKeyServiceAccount": string,

        
        "rawKey": string,
        "rsaEncryptedKey": string,
        "kmsKeyName": string
        
      }
    }
  ]
}
Fields
disks[]

object

Array of disks associated with this instance that are protected with a customer-supplied encryption key.

In order to start the instance, the disk url and its corresponding key must be provided.

If the disk is not protected with a customer-supplied encryption key it should not be specified.

disks[].source

string

Specifies a valid partial or full URL to an existing Persistent Disk resource. This field is only applicable for persistent disks. For example:

"source": "/compute/v1/projects/ projectId/zones/ zone/disks/ diskName 

disks[].diskEncryptionKey

object

Decrypts data associated with the disk with a customer-supplied encryption key.

disks[].diskEncryptionKey.rawKey

string

Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example:

"rawKey": "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=" 

disks[].diskEncryptionKey.rsaEncryptedKey

string

Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. For example:

"rsaEncryptedKey": "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFoD D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe==" 
The key must meet the following requirements before you can provide it to Compute Engine:
  1. The key is wrapped using a RSA public key certificate provided by Google.
  2. After being wrapped, the key must be encoded in RFC 4648 base64 encoding.
Gets the RSA public key certificate provided by Google at:
 https://cloud-certs.storage.googleapis.com/google-cloud-csek-ingress.pem

disks[].diskEncryptionKey.kmsKeyName

string

The name of the encryption key that is stored in Google Cloud KMS. For example:

"kmsKeyName": "projects/ kms_project_id/locations/ region/keyRings/ key_region/cryptoKeys/key 

disks[].diskEncryptionKey.sha256

string

[Output only] The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.