Google Cloud Key Management Service v1 API - Class KeyManagementService.KeyManagementServiceBase (3.11.0)

[BindServiceMethod(typeof(KeyManagementService), "BindService")]
public abstract class KeyManagementService.KeyManagementServiceBase

Reference documentation and code samples for the Google Cloud Key Management Service v1 API class KeyManagementService.KeyManagementServiceBase.

Base class for server-side implementations of KeyManagementService

Inheritance

object > KeyManagementService.KeyManagementServiceBase

Namespace

Google.Cloud.Kms.V1

Assembly

Google.Cloud.Kms.V1.dll

Methods

AsymmetricDecrypt(AsymmetricDecryptRequest, ServerCallContext)

public virtual Task<AsymmetricDecryptResponse> AsymmetricDecrypt(AsymmetricDecryptRequest request, ServerCallContext context)

Decrypts data that was encrypted with a public key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.

Parameters
Name Description
request AsymmetricDecryptRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskAsymmetricDecryptResponse

The response to send back to the client (wrapped by a task).

AsymmetricSign(AsymmetricSignRequest, ServerCallContext)

public virtual Task<AsymmetricSignResponse> AsymmetricSign(AsymmetricSignRequest request, ServerCallContext context)

Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].

Parameters
Name Description
request AsymmetricSignRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskAsymmetricSignResponse

The response to send back to the client (wrapped by a task).

CreateCryptoKey(CreateCryptoKeyRequest, ServerCallContext)

public virtual Task<CryptoKey> CreateCryptoKey(CreateCryptoKeyRequest request, ServerCallContext context)

Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing].

[CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm] are required.

Parameters
Name Description
request CreateCryptoKeyRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskCryptoKey

The response to send back to the client (wrapped by a task).

CreateCryptoKeyVersion(CreateCryptoKeyVersionRequest, ServerCallContext)

public virtual Task<CryptoKeyVersion> CreateCryptoKeyVersion(CreateCryptoKeyVersionRequest request, ServerCallContext context)

Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey].

The server will assign the next sequential id. If unset, [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].

Parameters
Name Description
request CreateCryptoKeyVersionRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskCryptoKeyVersion

The response to send back to the client (wrapped by a task).

CreateImportJob(CreateImportJobRequest, ServerCallContext)

public virtual Task<ImportJob> CreateImportJob(CreateImportJobRequest request, ServerCallContext context)

Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing].

[ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is required.

Parameters
Name Description
request CreateImportJobRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskImportJob

The response to send back to the client (wrapped by a task).

CreateKeyRing(CreateKeyRingRequest, ServerCallContext)

public virtual Task<KeyRing> CreateKeyRing(CreateKeyRingRequest request, ServerCallContext context)

Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location.

Parameters
Name Description
request CreateKeyRingRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskKeyRing

The response to send back to the client (wrapped by a task).

Decrypt(DecryptRequest, ServerCallContext)

public virtual Task<DecryptResponse> Decrypt(DecryptRequest request, ServerCallContext context)

Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].

Parameters
Name Description
request DecryptRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskDecryptResponse

The response to send back to the client (wrapped by a task).

DestroyCryptoKeyVersion(DestroyCryptoKeyVersionRequest, ServerCallContext)

public virtual Task<CryptoKeyVersion> DestroyCryptoKeyVersion(DestroyCryptoKeyVersionRequest request, ServerCallContext context)

Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.

Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED], and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will automatically change to [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key material will be irrevocably destroyed.

Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached, [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process.

Parameters
Name Description
request DestroyCryptoKeyVersionRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskCryptoKeyVersion

The response to send back to the client (wrapped by a task).

Encrypt(EncryptRequest, ServerCallContext)

public virtual Task<EncryptResponse> Encrypt(EncryptRequest request, ServerCallContext context)

Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].

Parameters
Name Description
request EncryptRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskEncryptResponse

The response to send back to the client (wrapped by a task).

GenerateRandomBytes(GenerateRandomBytesRequest, ServerCallContext)

public virtual Task<GenerateRandomBytesResponse> GenerateRandomBytes(GenerateRandomBytesRequest request, ServerCallContext context)

Generate random bytes using the Cloud KMS randomness source in the provided location.

Parameters
Name Description
request GenerateRandomBytesRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskGenerateRandomBytesResponse

The response to send back to the client (wrapped by a task).

GetCryptoKey(GetCryptoKeyRequest, ServerCallContext)

public virtual Task<CryptoKey> GetCryptoKey(GetCryptoKeyRequest request, ServerCallContext context)

Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].

Parameters
Name Description
request GetCryptoKeyRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskCryptoKey

The response to send back to the client (wrapped by a task).

GetCryptoKeyVersion(GetCryptoKeyVersionRequest, ServerCallContext)

public virtual Task<CryptoKeyVersion> GetCryptoKeyVersion(GetCryptoKeyVersionRequest request, ServerCallContext context)

Returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].

Parameters
Name Description
request GetCryptoKeyVersionRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskCryptoKeyVersion

The response to send back to the client (wrapped by a task).

GetImportJob(GetImportJobRequest, ServerCallContext)

public virtual Task<ImportJob> GetImportJob(GetImportJobRequest request, ServerCallContext context)

Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].

Parameters
Name Description
request GetImportJobRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskImportJob

The response to send back to the client (wrapped by a task).

GetKeyRing(GetKeyRingRequest, ServerCallContext)

public virtual Task<KeyRing> GetKeyRing(GetKeyRingRequest request, ServerCallContext context)

Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].

Parameters
Name Description
request GetKeyRingRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskKeyRing

The response to send back to the client (wrapped by a task).

GetPublicKey(GetPublicKeyRequest, ServerCallContext)

public virtual Task<PublicKey> GetPublicKey(GetPublicKeyRequest request, ServerCallContext context)

Returns the public key for the given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].

Parameters
Name Description
request GetPublicKeyRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskPublicKey

The response to send back to the client (wrapped by a task).

ImportCryptoKeyVersion(ImportCryptoKeyVersionRequest, ServerCallContext)

public virtual Task<CryptoKeyVersion> ImportCryptoKeyVersion(ImportCryptoKeyVersionRequest request, ServerCallContext context)

Import wrapped key material into a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].

All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is additionally specified in the request, key material will be reimported into that version. Otherwise, a new version will be created, and will be assigned the next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].

Parameters
Name Description
request ImportCryptoKeyVersionRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskCryptoKeyVersion

The response to send back to the client (wrapped by a task).

ListCryptoKeyVersions(ListCryptoKeyVersionsRequest, ServerCallContext)

public virtual Task<ListCryptoKeyVersionsResponse> ListCryptoKeyVersions(ListCryptoKeyVersionsRequest request, ServerCallContext context)

Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].

Parameters
Name Description
request ListCryptoKeyVersionsRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskListCryptoKeyVersionsResponse

The response to send back to the client (wrapped by a task).

ListCryptoKeys(ListCryptoKeysRequest, ServerCallContext)

public virtual Task<ListCryptoKeysResponse> ListCryptoKeys(ListCryptoKeysRequest request, ServerCallContext context)

Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey].

Parameters
Name Description
request ListCryptoKeysRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskListCryptoKeysResponse

The response to send back to the client (wrapped by a task).

ListImportJobs(ListImportJobsRequest, ServerCallContext)

public virtual Task<ListImportJobsResponse> ListImportJobs(ListImportJobsRequest request, ServerCallContext context)

Lists [ImportJobs][google.cloud.kms.v1.ImportJob].

Parameters
Name Description
request ListImportJobsRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskListImportJobsResponse

The response to send back to the client (wrapped by a task).

ListKeyRings(ListKeyRingsRequest, ServerCallContext)

public virtual Task<ListKeyRingsResponse> ListKeyRings(ListKeyRingsRequest request, ServerCallContext context)

Lists [KeyRings][google.cloud.kms.v1.KeyRing].

Parameters
Name Description
request ListKeyRingsRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskListKeyRingsResponse

The response to send back to the client (wrapped by a task).

MacSign(MacSignRequest, ServerCallContext)

public virtual Task<MacSignResponse> MacSign(MacSignRequest request, ServerCallContext context)

Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC, producing a tag that can be verified by another source with the same key.

Parameters
Name Description
request MacSignRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskMacSignResponse

The response to send back to the client (wrapped by a task).

MacVerify(MacVerifyRequest, ServerCallContext)

public virtual Task<MacVerifyResponse> MacVerify(MacVerifyRequest request, ServerCallContext context)

Verifies MAC tag using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC, and returns a response that indicates whether or not the verification was successful.

Parameters
Name Description
request MacVerifyRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskMacVerifyResponse

The response to send back to the client (wrapped by a task).

RawDecrypt(RawDecryptRequest, ServerCallContext)

public virtual Task<RawDecryptResponse> RawDecrypt(RawDecryptRequest request, ServerCallContext context)

Decrypts data that was originally encrypted using a raw cryptographic mechanism. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT].

Parameters
Name Description
request RawDecryptRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskRawDecryptResponse

The response to send back to the client (wrapped by a task).

RawEncrypt(RawEncryptRequest, ServerCallContext)

public virtual Task<RawEncryptResponse> RawEncrypt(RawEncryptRequest request, ServerCallContext context)

Encrypts data using portable cryptographic primitives. Most users should choose [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt] rather than their raw counterparts. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT].

Parameters
Name Description
request RawEncryptRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskRawEncryptResponse

The response to send back to the client (wrapped by a task).

RestoreCryptoKeyVersion(RestoreCryptoKeyVersionRequest, ServerCallContext)

public virtual Task<CryptoKeyVersion> RestoreCryptoKeyVersion(RestoreCryptoKeyVersionRequest request, ServerCallContext context)

Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] state.

Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED], and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared.

Parameters
Name Description
request RestoreCryptoKeyVersionRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskCryptoKeyVersion

The response to send back to the client (wrapped by a task).

UpdateCryptoKey(UpdateCryptoKeyRequest, ServerCallContext)

public virtual Task<CryptoKey> UpdateCryptoKey(UpdateCryptoKeyRequest request, ServerCallContext context)

Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].

Parameters
Name Description
request UpdateCryptoKeyRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskCryptoKey

The response to send back to the client (wrapped by a task).

UpdateCryptoKeyPrimaryVersion(UpdateCryptoKeyPrimaryVersionRequest, ServerCallContext)

public virtual Task<CryptoKey> UpdateCryptoKeyPrimaryVersion(UpdateCryptoKeyPrimaryVersionRequest request, ServerCallContext context)

Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].

Returns an error if called on a key whose purpose is not [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].

Parameters
Name Description
request UpdateCryptoKeyPrimaryVersionRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskCryptoKey

The response to send back to the client (wrapped by a task).

UpdateCryptoKeyVersion(UpdateCryptoKeyVersionRequest, ServerCallContext)

public virtual Task<CryptoKeyVersion> UpdateCryptoKeyVersion(UpdateCryptoKeyVersionRequest request, ServerCallContext context)

Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata.

[state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] and [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to move between other states.

Parameters
Name Description
request UpdateCryptoKeyVersionRequest

The request received from the client.

context ServerCallContext

The context of the server-side call handler being invoked.

Returns
Type Description
TaskCryptoKeyVersion

The response to send back to the client (wrapped by a task).