public sealed class CryptoKey : IMessage<CryptoKey>, IEquatable<CryptoKey>, IDeepCloneable<CryptoKey>, IBufferMessage, IMessage
Reference documentation and code samples for the Google Cloud Key Management Service v1 API class CryptoKey.
A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents a logical key that can be used for cryptographic operations.
A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up of zero or more [versions][google.cloud.kms.v1.CryptoKeyVersion], which represent the actual key material used in cryptographic operations.
Implements
IMessageCryptoKey, IEquatableCryptoKey, IDeepCloneableCryptoKey, IBufferMessage, IMessageNamespace
Google.Cloud.Kms.V1Assembly
Google.Cloud.Kms.V1.dll
Constructors
CryptoKey()
public CryptoKey()
CryptoKey(CryptoKey)
public CryptoKey(CryptoKey other)
Parameter | |
---|---|
Name | Description |
other |
CryptoKey |
Properties
CreateTime
public Timestamp CreateTime { get; set; }
Output only. The time at which this [CryptoKey][google.cloud.kms.v1.CryptoKey] was created.
Property Value | |
---|---|
Type | Description |
Timestamp |
CryptoKeyBackend
public string CryptoKeyBackend { get; set; }
Immutable. The resource name of the backend environment where the key
material for all [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]
associated with this [CryptoKey][google.cloud.kms.v1.CryptoKey] reside and
where all related cryptographic operations are performed. Only applicable
if [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] have a
[ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of
[EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC], with the
resource name in the format projects/*/locations/*/ekmConnections/*
.
Note, this list is non-exhaustive and may apply to additional
[ProtectionLevels][google.cloud.kms.v1.ProtectionLevel] in the future.
Property Value | |
---|---|
Type | Description |
string |
CryptoKeyBackendAsResourceName
public IResourceName CryptoKeyBackendAsResourceName { get; set; }
IResourceName-typed view over the CryptoKeyBackend resource name property.
Property Value | |
---|---|
Type | Description |
IResourceName |
CryptoKeyName
public CryptoKeyName CryptoKeyName { get; set; }
CryptoKeyName-typed view over the Name resource name property.
Property Value | |
---|---|
Type | Description |
CryptoKeyName |
DestroyScheduledDuration
public Duration DestroyScheduledDuration { get; set; }
Immutable. The period of time that versions of this key spend in the [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] state before transitioning to [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED]. If not specified at creation time, the default duration is 30 days.
Property Value | |
---|---|
Type | Description |
Duration |
ImportOnly
public bool ImportOnly { get; set; }
Immutable. Whether this key may contain imported versions only.
Property Value | |
---|---|
Type | Description |
bool |
KeyAccessJustificationsPolicy
public KeyAccessJustificationsPolicy KeyAccessJustificationsPolicy { get; set; }
Optional. The policy used for Key Access Justifications Policy Enforcement. If this field is present and this key is enrolled in Key Access Justifications Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if rejected by the policy. The policy is defined by specifying zero or more allowed justification codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes By default, this field is absent, and all justification codes are allowed.
Property Value | |
---|---|
Type | Description |
KeyAccessJustificationsPolicy |
Labels
public MapField<string, string> Labels { get; }
Labels with user-defined metadata. For more information, see Labeling Keys.
Property Value | |
---|---|
Type | Description |
MapFieldstringstring |
Name
public string Name { get; set; }
Output only. The resource name for this
[CryptoKey][google.cloud.kms.v1.CryptoKey] in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*
.
Property Value | |
---|---|
Type | Description |
string |
NextRotationTime
public Timestamp NextRotationTime { get; set; }
At [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time], the Key Management Service will automatically:
- Create a new version of this [CryptoKey][google.cloud.kms.v1.CryptoKey].
- Mark the new version as primary.
Key rotations performed manually via [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] and [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion] do not affect [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time].
Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] support automatic rotation. For other keys, this field must be omitted.
Property Value | |
---|---|
Type | Description |
Timestamp |
Primary
public CryptoKeyVersion Primary { get; set; }
Output only. A copy of the "primary" [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that will be used by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] when this [CryptoKey][google.cloud.kms.v1.CryptoKey] is given in [EncryptRequest.name][google.cloud.kms.v1.EncryptRequest.name].
The [CryptoKey][google.cloud.kms.v1.CryptoKey]'s primary version can be updated via [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion].
Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] may have a primary. For other keys, this field will be omitted.
Property Value | |
---|---|
Type | Description |
CryptoKeyVersion |
Purpose
public CryptoKey.Types.CryptoKeyPurpose Purpose { get; set; }
Immutable. The immutable purpose of this [CryptoKey][google.cloud.kms.v1.CryptoKey].
Property Value | |
---|---|
Type | Description |
CryptoKeyTypesCryptoKeyPurpose |
RotationPeriod
public Duration RotationPeriod { get; set; }
[next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time] will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
If [rotation_period][google.cloud.kms.v1.CryptoKey.rotation_period] is set, [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time] must also be set.
Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] support automatic rotation. For other keys, this field must be omitted.
Property Value | |
---|---|
Type | Description |
Duration |
RotationScheduleCase
public CryptoKey.RotationScheduleOneofCase RotationScheduleCase { get; }
Property Value | |
---|---|
Type | Description |
CryptoKeyRotationScheduleOneofCase |
VersionTemplate
public CryptoKeyVersionTemplate VersionTemplate { get; set; }
A template describing settings for new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] instances. The properties of new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] instances created by either [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or auto-rotation are controlled by this template.
Property Value | |
---|---|
Type | Description |
CryptoKeyVersionTemplate |