Reference documentation and code samples for the Google Cloud Key Management Service v1 API enum EkmConnection.Types.KeyManagementMode.
[KeyManagementMode][google.cloud.kms.v1.EkmConnection.KeyManagementMode]
describes who can perform control plane cryptographic operations using this
[EkmConnection][google.cloud.kms.v1.EkmConnection].
All [CryptoKeys][google.cloud.kms.v1.CryptoKey] created with this
[EkmConnection][google.cloud.kms.v1.EkmConnection] use EKM-side key
management operations initiated from Cloud KMS. This means that:
When a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
associated with this [EkmConnection][google.cloud.kms.v1.EkmConnection]
is
created, the EKM automatically generates new key material and a new
key path. The caller cannot supply the key path of pre-existing
external key material.
Destruction of external key material associated with this
[EkmConnection][google.cloud.kms.v1.EkmConnection] can be requested by
calling [DestroyCryptoKeyVersion][EkmService.DestroyCryptoKeyVersion].
Automatic rotation of key material is supported.
Manual
EKM-side key management operations on
[CryptoKeys][google.cloud.kms.v1.CryptoKey] created with this
[EkmConnection][google.cloud.kms.v1.EkmConnection] must be initiated from
the EKM directly and cannot be performed from Cloud KMS. This means that:
When creating a
[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] associated with
this
[EkmConnection][google.cloud.kms.v1.EkmConnection], the caller must
supply the key path of pre-existing external key material that will be
linked to the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
Destruction of external key material cannot be requested via the
Cloud KMS API and must be performed directly in the EKM.
Automatic rotation of key material is not supported.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-21 UTC."],[[["This document provides reference documentation for the `EkmConnection.Types.KeyManagementMode` enum within the Google Cloud Key Management Service v1 API, specifically in the .NET context."],["The `KeyManagementMode` enum defines whether key management operations are initiated from Cloud KMS (`CloudKms`) or directly from the EKM (`Manual`)."],["The `CloudKms` mode allows for automatic key material generation, destruction requests via `DestroyCryptoKeyVersion`, and automatic key rotation, while `Manual` requires pre-existing key material, disallows Cloud KMS destruction, and does not support automatic rotation."],["The latest available version of the documentation is 3.16.0, with a variety of other versions listed down to 2.2.0."],["The namespace for this enum is `Google.Cloud.Kms.V1`, and it's part of the `Google.Cloud.Kms.V1.dll` assembly."]]],[]]
