public sealed class CryptoKey : IMessage<CryptoKey>, IEquatable<CryptoKey>, IDeepCloneable<CryptoKey>, IBufferMessage, IMessage
Reference documentation and code samples for the Google Cloud Key Management Service v1 API class CryptoKey.
A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents a logical key that can be used for cryptographic operations.
A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up of zero or more [versions][google.cloud.kms.v1.CryptoKeyVersion], which represent the actual key material used in cryptographic operations.
Implements
IMessageCryptoKey, IEquatableCryptoKey, IDeepCloneableCryptoKey, IBufferMessage, IMessageNamespace
Google.Cloud.Kms.V1Assembly
Google.Cloud.Kms.V1.dll
Constructors
CryptoKey()
public CryptoKey()
CryptoKey(CryptoKey)
public CryptoKey(CryptoKey other)
Parameter | |
---|---|
Name | Description |
other | CryptoKey |
Properties
CreateTime
public Timestamp CreateTime { get; set; }
Output only. The time at which this [CryptoKey][google.cloud.kms.v1.CryptoKey] was created.
Property Value | |
---|---|
Type | Description |
Timestamp |
CryptoKeyBackend
public string CryptoKeyBackend { get; set; }
Immutable. The resource name of the backend environment where the key
material for all [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]
associated with this [CryptoKey][google.cloud.kms.v1.CryptoKey] reside and
where all related cryptographic operations are performed. Only applicable
if [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] have a
[ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of
[EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC], with the
resource name in the format projects/*/locations/*/ekmConnections/*
.
Note, this list is non-exhaustive and may apply to additional
[ProtectionLevels][google.cloud.kms.v1.ProtectionLevel] in the future.
Property Value | |
---|---|
Type | Description |
string |
CryptoKeyBackendAsResourceName
public IResourceName CryptoKeyBackendAsResourceName { get; set; }
IResourceName-typed view over the CryptoKeyBackend resource name property.
Property Value | |
---|---|
Type | Description |
IResourceName |
CryptoKeyName
public CryptoKeyName CryptoKeyName { get; set; }
CryptoKeyName-typed view over the Name resource name property.
Property Value | |
---|---|
Type | Description |
CryptoKeyName |
DestroyScheduledDuration
public Duration DestroyScheduledDuration { get; set; }
Immutable. The period of time that versions of this key spend in the [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] state before transitioning to [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED]. If not specified at creation time, the default duration is 24 hours.
Property Value | |
---|---|
Type | Description |
Duration |
ImportOnly
public bool ImportOnly { get; set; }
Immutable. Whether this key may contain imported versions only.
Property Value | |
---|---|
Type | Description |
bool |
Labels
public MapField<string, string> Labels { get; }
Labels with user-defined metadata. For more information, see Labeling Keys.
Property Value | |
---|---|
Type | Description |
MapFieldstringstring |
Name
public string Name { get; set; }
Output only. The resource name for this
[CryptoKey][google.cloud.kms.v1.CryptoKey] in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*
.
Property Value | |
---|---|
Type | Description |
string |
NextRotationTime
public Timestamp NextRotationTime { get; set; }
At [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time], the Key Management Service will automatically:
- Create a new version of this [CryptoKey][google.cloud.kms.v1.CryptoKey].
- Mark the new version as primary.
Key rotations performed manually via [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] and [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion] do not affect [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time].
Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] support automatic rotation. For other keys, this field must be omitted.
Property Value | |
---|---|
Type | Description |
Timestamp |
Primary
public CryptoKeyVersion Primary { get; set; }
Output only. A copy of the "primary" [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that will be used by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] when this [CryptoKey][google.cloud.kms.v1.CryptoKey] is given in [EncryptRequest.name][google.cloud.kms.v1.EncryptRequest.name].
The [CryptoKey][google.cloud.kms.v1.CryptoKey]'s primary version can be updated via [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion].
Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] may have a primary. For other keys, this field will be omitted.
Property Value | |
---|---|
Type | Description |
CryptoKeyVersion |
Purpose
public CryptoKey.Types.CryptoKeyPurpose Purpose { get; set; }
Immutable. The immutable purpose of this [CryptoKey][google.cloud.kms.v1.CryptoKey].
Property Value | |
---|---|
Type | Description |
CryptoKeyTypesCryptoKeyPurpose |
RotationPeriod
public Duration RotationPeriod { get; set; }
[next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time] will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
If [rotation_period][google.cloud.kms.v1.CryptoKey.rotation_period] is set, [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time] must also be set.
Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] support automatic rotation. For other keys, this field must be omitted.
Property Value | |
---|---|
Type | Description |
Duration |
RotationScheduleCase
public CryptoKey.RotationScheduleOneofCase RotationScheduleCase { get; }
Property Value | |
---|---|
Type | Description |
CryptoKeyRotationScheduleOneofCase |
VersionTemplate
public CryptoKeyVersionTemplate VersionTemplate { get; set; }
A template describing settings for new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] instances. The properties of new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] instances created by either [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or auto-rotation are controlled by this template.
Property Value | |
---|---|
Type | Description |
CryptoKeyVersionTemplate |