Google Cloud Key Management Service v1 API - Class CryptoKey (3.15.0)

public sealed class CryptoKey : IMessage<CryptoKey>, IEquatable<CryptoKey>, IDeepCloneable<CryptoKey>, IBufferMessage, IMessage

Reference documentation and code samples for the Google Cloud Key Management Service v1 API class CryptoKey.

A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents a logical key that can be used for cryptographic operations.

A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up of zero or more [versions][google.cloud.kms.v1.CryptoKeyVersion], which represent the actual key material used in cryptographic operations.

Inheritance

object > CryptoKey

Namespace

Google.Cloud.Kms.V1

Assembly

Google.Cloud.Kms.V1.dll

Constructors

CryptoKey()

public CryptoKey()

CryptoKey(CryptoKey)

public CryptoKey(CryptoKey other)
Parameter
Name Description
other CryptoKey

Properties

CreateTime

public Timestamp CreateTime { get; set; }

Output only. The time at which this [CryptoKey][google.cloud.kms.v1.CryptoKey] was created.

Property Value
Type Description
Timestamp

CryptoKeyBackend

public string CryptoKeyBackend { get; set; }

Immutable. The resource name of the backend environment where the key material for all [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] associated with this [CryptoKey][google.cloud.kms.v1.CryptoKey] reside and where all related cryptographic operations are performed. Only applicable if [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] have a [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of [EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC], with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional [ProtectionLevels][google.cloud.kms.v1.ProtectionLevel] in the future.

Property Value
Type Description
string

CryptoKeyBackendAsResourceName

public IResourceName CryptoKeyBackendAsResourceName { get; set; }

IResourceName-typed view over the CryptoKeyBackend resource name property.

Property Value
Type Description
IResourceName

CryptoKeyName

public CryptoKeyName CryptoKeyName { get; set; }

CryptoKeyName-typed view over the Name resource name property.

Property Value
Type Description
CryptoKeyName

DestroyScheduledDuration

public Duration DestroyScheduledDuration { get; set; }

Immutable. The period of time that versions of this key spend in the [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] state before transitioning to [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED]. If not specified at creation time, the default duration is 30 days.

Property Value
Type Description
Duration

ImportOnly

public bool ImportOnly { get; set; }

Immutable. Whether this key may contain imported versions only.

Property Value
Type Description
bool

KeyAccessJustificationsPolicy

public KeyAccessJustificationsPolicy KeyAccessJustificationsPolicy { get; set; }

Optional. The policy used for Key Access Justifications Policy Enforcement. If this field is present and this key is enrolled in Key Access Justifications Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if rejected by the policy. The policy is defined by specifying zero or more allowed justification codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes By default, this field is absent, and all justification codes are allowed.

Property Value
Type Description
KeyAccessJustificationsPolicy

Labels

public MapField<string, string> Labels { get; }

Labels with user-defined metadata. For more information, see Labeling Keys.

Property Value
Type Description
MapFieldstringstring

Name

public string Name { get; set; }

Output only. The resource name for this [CryptoKey][google.cloud.kms.v1.CryptoKey] in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.

Property Value
Type Description
string

NextRotationTime

public Timestamp NextRotationTime { get; set; }

At [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time], the Key Management Service will automatically:

  1. Create a new version of this [CryptoKey][google.cloud.kms.v1.CryptoKey].
  2. Mark the new version as primary.

Key rotations performed manually via [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] and [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion] do not affect [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time].

Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] support automatic rotation. For other keys, this field must be omitted.

Property Value
Type Description
Timestamp

Primary

public CryptoKeyVersion Primary { get; set; }

Output only. A copy of the "primary" [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that will be used by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] when this [CryptoKey][google.cloud.kms.v1.CryptoKey] is given in [EncryptRequest.name][google.cloud.kms.v1.EncryptRequest.name].

The [CryptoKey][google.cloud.kms.v1.CryptoKey]'s primary version can be updated via [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion].

Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] may have a primary. For other keys, this field will be omitted.

Property Value
Type Description
CryptoKeyVersion

Purpose

public CryptoKey.Types.CryptoKeyPurpose Purpose { get; set; }

Immutable. The immutable purpose of this [CryptoKey][google.cloud.kms.v1.CryptoKey].

Property Value
Type Description
CryptoKeyTypesCryptoKeyPurpose

RotationPeriod

public Duration RotationPeriod { get; set; }

[next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time] will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

If [rotation_period][google.cloud.kms.v1.CryptoKey.rotation_period] is set, [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time] must also be set.

Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] support automatic rotation. For other keys, this field must be omitted.

Property Value
Type Description
Duration

RotationScheduleCase

public CryptoKey.RotationScheduleOneofCase RotationScheduleCase { get; }
Property Value
Type Description
CryptoKeyRotationScheduleOneofCase

VersionTemplate

public CryptoKeyVersionTemplate VersionTemplate { get; set; }

A template describing settings for new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] instances. The properties of new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] instances created by either [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or auto-rotation are controlled by this template.

Property Value
Type Description
CryptoKeyVersionTemplate