Google Cloud Key Management Service v1 API - Class CryptoKey (3.9.0)

public sealed class CryptoKey : IMessage<CryptoKey>, IEquatable<CryptoKey>, IDeepCloneable<CryptoKey>, IBufferMessage, IMessage

Reference documentation and code samples for the Google Cloud Key Management Service v1 API class CryptoKey.

A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents a logical key that can be used for cryptographic operations.

A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up of zero or more [versions][google.cloud.kms.v1.CryptoKeyVersion], which represent the actual key material used in cryptographic operations.

Inheritance

object > CryptoKey

Namespace

Google.Cloud.Kms.V1

Assembly

Google.Cloud.Kms.V1.dll

Constructors

CryptoKey()

public CryptoKey()

CryptoKey(CryptoKey)

public CryptoKey(CryptoKey other)
Parameter
NameDescription
otherCryptoKey

Properties

CreateTime

public Timestamp CreateTime { get; set; }

Output only. The time at which this [CryptoKey][google.cloud.kms.v1.CryptoKey] was created.

Property Value
TypeDescription
Timestamp

CryptoKeyBackend

public string CryptoKeyBackend { get; set; }

Immutable. The resource name of the backend environment where the key material for all [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] associated with this [CryptoKey][google.cloud.kms.v1.CryptoKey] reside and where all related cryptographic operations are performed. Only applicable if [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] have a [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of [EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC], with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional [ProtectionLevels][google.cloud.kms.v1.ProtectionLevel] in the future.

Property Value
TypeDescription
string

CryptoKeyBackendAsResourceName

public IResourceName CryptoKeyBackendAsResourceName { get; set; }

IResourceName-typed view over the CryptoKeyBackend resource name property.

Property Value
TypeDescription
IResourceName

CryptoKeyName

public CryptoKeyName CryptoKeyName { get; set; }

CryptoKeyName-typed view over the Name resource name property.

Property Value
TypeDescription
CryptoKeyName

DestroyScheduledDuration

public Duration DestroyScheduledDuration { get; set; }

Immutable. The period of time that versions of this key spend in the [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] state before transitioning to [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED]. If not specified at creation time, the default duration is 24 hours.

Property Value
TypeDescription
Duration

ImportOnly

public bool ImportOnly { get; set; }

Immutable. Whether this key may contain imported versions only.

Property Value
TypeDescription
bool

Labels

public MapField<string, string> Labels { get; }

Labels with user-defined metadata. For more information, see Labeling Keys.

Property Value
TypeDescription
MapFieldstringstring

Name

public string Name { get; set; }

Output only. The resource name for this [CryptoKey][google.cloud.kms.v1.CryptoKey] in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.

Property Value
TypeDescription
string

NextRotationTime

public Timestamp NextRotationTime { get; set; }

At [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time], the Key Management Service will automatically:

  1. Create a new version of this [CryptoKey][google.cloud.kms.v1.CryptoKey].
  2. Mark the new version as primary.

Key rotations performed manually via [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] and [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion] do not affect [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time].

Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] support automatic rotation. For other keys, this field must be omitted.

Property Value
TypeDescription
Timestamp

Primary

public CryptoKeyVersion Primary { get; set; }

Output only. A copy of the "primary" [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that will be used by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] when this [CryptoKey][google.cloud.kms.v1.CryptoKey] is given in [EncryptRequest.name][google.cloud.kms.v1.EncryptRequest.name].

The [CryptoKey][google.cloud.kms.v1.CryptoKey]'s primary version can be updated via [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion].

Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] may have a primary. For other keys, this field will be omitted.

Property Value
TypeDescription
CryptoKeyVersion

Purpose

public CryptoKey.Types.CryptoKeyPurpose Purpose { get; set; }

Immutable. The immutable purpose of this [CryptoKey][google.cloud.kms.v1.CryptoKey].

Property Value
TypeDescription
CryptoKeyTypesCryptoKeyPurpose

RotationPeriod

public Duration RotationPeriod { get; set; }

[next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time] will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

If [rotation_period][google.cloud.kms.v1.CryptoKey.rotation_period] is set, [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time] must also be set.

Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] support automatic rotation. For other keys, this field must be omitted.

Property Value
TypeDescription
Duration

RotationScheduleCase

public CryptoKey.RotationScheduleOneofCase RotationScheduleCase { get; }
Property Value
TypeDescription
CryptoKeyRotationScheduleOneofCase

VersionTemplate

public CryptoKeyVersionTemplate VersionTemplate { get; set; }

A template describing settings for new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] instances. The properties of new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] instances created by either [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or auto-rotation are controlled by this template.

Property Value
TypeDescription
CryptoKeyVersionTemplate