Package cloud.google.com/go/kms/apiv1/kmspb (v1.6.0)

Variables

ProtectionLevel_name, ProtectionLevel_value

var (
	ProtectionLevel_name = map[int32]string{
		0: "PROTECTION_LEVEL_UNSPECIFIED",
		1: "SOFTWARE",
		2: "HSM",
		3: "EXTERNAL",
		4: "EXTERNAL_VPC",
	}
	ProtectionLevel_value = map[string]int32{
		"PROTECTION_LEVEL_UNSPECIFIED": 0,
		"SOFTWARE":                     1,
		"HSM":                          2,
		"EXTERNAL":                     3,
		"EXTERNAL_VPC":                 4,
	}
)

Enum value maps for ProtectionLevel.

CryptoKey_CryptoKeyPurpose_name, CryptoKey_CryptoKeyPurpose_value

var (
	CryptoKey_CryptoKeyPurpose_name = map[int32]string{
		0: "CRYPTO_KEY_PURPOSE_UNSPECIFIED",
		1: "ENCRYPT_DECRYPT",
		5: "ASYMMETRIC_SIGN",
		6: "ASYMMETRIC_DECRYPT",
		9: "MAC",
	}
	CryptoKey_CryptoKeyPurpose_value = map[string]int32{
		"CRYPTO_KEY_PURPOSE_UNSPECIFIED": 0,
		"ENCRYPT_DECRYPT":                1,
		"ASYMMETRIC_SIGN":                5,
		"ASYMMETRIC_DECRYPT":             6,
		"MAC":                            9,
	}
)

Enum value maps for CryptoKey_CryptoKeyPurpose.

KeyOperationAttestation_AttestationFormat_name, KeyOperationAttestation_AttestationFormat_value

var (
	KeyOperationAttestation_AttestationFormat_name = map[int32]string{
		0: "ATTESTATION_FORMAT_UNSPECIFIED",
		3: "CAVIUM_V1_COMPRESSED",
		4: "CAVIUM_V2_COMPRESSED",
	}
	KeyOperationAttestation_AttestationFormat_value = map[string]int32{
		"ATTESTATION_FORMAT_UNSPECIFIED": 0,
		"CAVIUM_V1_COMPRESSED":           3,
		"CAVIUM_V2_COMPRESSED":           4,
	}
)

Enum value maps for KeyOperationAttestation_AttestationFormat.

CryptoKeyVersion_CryptoKeyVersionAlgorithm_name, CryptoKeyVersion_CryptoKeyVersionAlgorithm_value

var (
	CryptoKeyVersion_CryptoKeyVersionAlgorithm_name = map[int32]string{
		0:  "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED",
		1:  "GOOGLE_SYMMETRIC_ENCRYPTION",
		2:  "RSA_SIGN_PSS_2048_SHA256",
		3:  "RSA_SIGN_PSS_3072_SHA256",
		4:  "RSA_SIGN_PSS_4096_SHA256",
		15: "RSA_SIGN_PSS_4096_SHA512",
		5:  "RSA_SIGN_PKCS1_2048_SHA256",
		6:  "RSA_SIGN_PKCS1_3072_SHA256",
		7:  "RSA_SIGN_PKCS1_4096_SHA256",
		16: "RSA_SIGN_PKCS1_4096_SHA512",
		28: "RSA_SIGN_RAW_PKCS1_2048",
		29: "RSA_SIGN_RAW_PKCS1_3072",
		30: "RSA_SIGN_RAW_PKCS1_4096",
		8:  "RSA_DECRYPT_OAEP_2048_SHA256",
		9:  "RSA_DECRYPT_OAEP_3072_SHA256",
		10: "RSA_DECRYPT_OAEP_4096_SHA256",
		17: "RSA_DECRYPT_OAEP_4096_SHA512",
		37: "RSA_DECRYPT_OAEP_2048_SHA1",
		38: "RSA_DECRYPT_OAEP_3072_SHA1",
		39: "RSA_DECRYPT_OAEP_4096_SHA1",
		12: "EC_SIGN_P256_SHA256",
		13: "EC_SIGN_P384_SHA384",
		31: "EC_SIGN_SECP256K1_SHA256",
		32: "HMAC_SHA256",
		18: "EXTERNAL_SYMMETRIC_ENCRYPTION",
	}
	CryptoKeyVersion_CryptoKeyVersionAlgorithm_value = map[string]int32{
		"CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED": 0,
		"GOOGLE_SYMMETRIC_ENCRYPTION":              1,
		"RSA_SIGN_PSS_2048_SHA256":                 2,
		"RSA_SIGN_PSS_3072_SHA256":                 3,
		"RSA_SIGN_PSS_4096_SHA256":                 4,
		"RSA_SIGN_PSS_4096_SHA512":                 15,
		"RSA_SIGN_PKCS1_2048_SHA256":               5,
		"RSA_SIGN_PKCS1_3072_SHA256":               6,
		"RSA_SIGN_PKCS1_4096_SHA256":               7,
		"RSA_SIGN_PKCS1_4096_SHA512":               16,
		"RSA_SIGN_RAW_PKCS1_2048":                  28,
		"RSA_SIGN_RAW_PKCS1_3072":                  29,
		"RSA_SIGN_RAW_PKCS1_4096":                  30,
		"RSA_DECRYPT_OAEP_2048_SHA256":             8,
		"RSA_DECRYPT_OAEP_3072_SHA256":             9,
		"RSA_DECRYPT_OAEP_4096_SHA256":             10,
		"RSA_DECRYPT_OAEP_4096_SHA512":             17,
		"RSA_DECRYPT_OAEP_2048_SHA1":               37,
		"RSA_DECRYPT_OAEP_3072_SHA1":               38,
		"RSA_DECRYPT_OAEP_4096_SHA1":               39,
		"EC_SIGN_P256_SHA256":                      12,
		"EC_SIGN_P384_SHA384":                      13,
		"EC_SIGN_SECP256K1_SHA256":                 31,
		"HMAC_SHA256":                              32,
		"EXTERNAL_SYMMETRIC_ENCRYPTION":            18,
	}
)

Enum value maps for CryptoKeyVersion_CryptoKeyVersionAlgorithm.

CryptoKeyVersion_CryptoKeyVersionState_name, CryptoKeyVersion_CryptoKeyVersionState_value

var (
	CryptoKeyVersion_CryptoKeyVersionState_name = map[int32]string{
		0: "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED",
		5: "PENDING_GENERATION",
		1: "ENABLED",
		2: "DISABLED",
		3: "DESTROYED",
		4: "DESTROY_SCHEDULED",
		6: "PENDING_IMPORT",
		7: "IMPORT_FAILED",
	}
	CryptoKeyVersion_CryptoKeyVersionState_value = map[string]int32{
		"CRYPTO_KEY_VERSION_STATE_UNSPECIFIED": 0,
		"PENDING_GENERATION":                   5,
		"ENABLED":                              1,
		"DISABLED":                             2,
		"DESTROYED":                            3,
		"DESTROY_SCHEDULED":                    4,
		"PENDING_IMPORT":                       6,
		"IMPORT_FAILED":                        7,
	}
)

Enum value maps for CryptoKeyVersion_CryptoKeyVersionState.

CryptoKeyVersion_CryptoKeyVersionView_name, CryptoKeyVersion_CryptoKeyVersionView_value

var (
	CryptoKeyVersion_CryptoKeyVersionView_name = map[int32]string{
		0: "CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED",
		1: "FULL",
	}
	CryptoKeyVersion_CryptoKeyVersionView_value = map[string]int32{
		"CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED": 0,
		"FULL":                                1,
	}
)

Enum value maps for CryptoKeyVersion_CryptoKeyVersionView.

ImportJob_ImportMethod_name, ImportJob_ImportMethod_value

var (
	ImportJob_ImportMethod_name = map[int32]string{
		0: "IMPORT_METHOD_UNSPECIFIED",
		1: "RSA_OAEP_3072_SHA1_AES_256",
		2: "RSA_OAEP_4096_SHA1_AES_256",
	}
	ImportJob_ImportMethod_value = map[string]int32{
		"IMPORT_METHOD_UNSPECIFIED":  0,
		"RSA_OAEP_3072_SHA1_AES_256": 1,
		"RSA_OAEP_4096_SHA1_AES_256": 2,
	}
)

Enum value maps for ImportJob_ImportMethod.

ImportJob_ImportJobState_name, ImportJob_ImportJobState_value

var (
	ImportJob_ImportJobState_name = map[int32]string{
		0: "IMPORT_JOB_STATE_UNSPECIFIED",
		1: "PENDING_GENERATION",
		2: "ACTIVE",
		3: "EXPIRED",
	}
	ImportJob_ImportJobState_value = map[string]int32{
		"IMPORT_JOB_STATE_UNSPECIFIED": 0,
		"PENDING_GENERATION":           1,
		"ACTIVE":                       2,
		"EXPIRED":                      3,
	}
)

Enum value maps for ImportJob_ImportJobState.

File_google_cloud_kms_v1_ekm_service_proto

var File_google_cloud_kms_v1_ekm_service_proto protoreflect.FileDescriptor

File_google_cloud_kms_v1_resources_proto

var File_google_cloud_kms_v1_resources_proto protoreflect.FileDescriptor

File_google_cloud_kms_v1_service_proto

var File_google_cloud_kms_v1_service_proto protoreflect.FileDescriptor

Functions

func RegisterEkmServiceServer

func RegisterEkmServiceServer(s *grpc.Server, srv EkmServiceServer)

func RegisterKeyManagementServiceServer

func RegisterKeyManagementServiceServer(s *grpc.Server, srv KeyManagementServiceServer)

AsymmetricDecryptRequest

type AsymmetricDecryptRequest struct {

	// Required. The resource name of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
	// decryption.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. The data encrypted with the named
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s public key using
	// OAEP.
	Ciphertext []byte `protobuf:"bytes,3,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
	// Optional. An optional CRC32C checksum of the
	// [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext].
	// If specified,
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// verify the integrity of the received
	// [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]
	// using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// report an error if the checksum verification fails. If you receive a
	// checksum error, your client should verify that
	// CRC32C([AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext])
	// is equal to
	// [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c],
	// and if so, perform a limited number of retries. A persistent mismatch may
	// indicate an issue in your computation of the CRC32C checksum. Note: This
	// field is defined as int64 for reasons of compatibility across different
	// languages. However, it is a non-negative integer, which will never exceed
	// 2^32-1, and can be safely downconverted to uint32 in languages that support
	// this type.
	CiphertextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,4,opt,name=ciphertext_crc32c,json=ciphertextCrc32c,proto3" json:"ciphertext_crc32c,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt].

func (*AsymmetricDecryptRequest) Descriptor

func (*AsymmetricDecryptRequest) Descriptor() ([]byte, []int)

Deprecated: Use AsymmetricDecryptRequest.ProtoReflect.Descriptor instead.

func (*AsymmetricDecryptRequest) GetCiphertext

func (x *AsymmetricDecryptRequest) GetCiphertext() []byte

func (*AsymmetricDecryptRequest) GetCiphertextCrc32C

func (x *AsymmetricDecryptRequest) GetCiphertextCrc32C() *wrapperspb.Int64Value

func (*AsymmetricDecryptRequest) GetName

func (x *AsymmetricDecryptRequest) GetName() string

func (*AsymmetricDecryptRequest) ProtoMessage

func (*AsymmetricDecryptRequest) ProtoMessage()

func (*AsymmetricDecryptRequest) ProtoReflect

func (x *AsymmetricDecryptRequest) ProtoReflect() protoreflect.Message

func (*AsymmetricDecryptRequest) Reset

func (x *AsymmetricDecryptRequest) Reset()

func (*AsymmetricDecryptRequest) String

func (x *AsymmetricDecryptRequest) String() string

AsymmetricDecryptResponse

type AsymmetricDecryptResponse struct {
	Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"`

	PlaintextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,2,opt,name=plaintext_crc32c,json=plaintextCrc32c,proto3" json:"plaintext_crc32c,omitempty"`

	VerifiedCiphertextCrc32C bool "" /* 136 byte string literal not displayed */

	ProtectionLevel ProtectionLevel "" /* 148 byte string literal not displayed */

}

Response message for [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt].

func (*AsymmetricDecryptResponse) Descriptor

func (*AsymmetricDecryptResponse) Descriptor() ([]byte, []int)

Deprecated: Use AsymmetricDecryptResponse.ProtoReflect.Descriptor instead.

func (*AsymmetricDecryptResponse) GetPlaintext

func (x *AsymmetricDecryptResponse) GetPlaintext() []byte

func (*AsymmetricDecryptResponse) GetPlaintextCrc32C

func (x *AsymmetricDecryptResponse) GetPlaintextCrc32C() *wrapperspb.Int64Value

func (*AsymmetricDecryptResponse) GetProtectionLevel

func (x *AsymmetricDecryptResponse) GetProtectionLevel() ProtectionLevel

func (*AsymmetricDecryptResponse) GetVerifiedCiphertextCrc32C

func (x *AsymmetricDecryptResponse) GetVerifiedCiphertextCrc32C() bool

func (*AsymmetricDecryptResponse) ProtoMessage

func (*AsymmetricDecryptResponse) ProtoMessage()

func (*AsymmetricDecryptResponse) ProtoReflect

func (*AsymmetricDecryptResponse) Reset

func (x *AsymmetricDecryptResponse) Reset()

func (*AsymmetricDecryptResponse) String

func (x *AsymmetricDecryptResponse) String() string

AsymmetricSignRequest

type AsymmetricSignRequest struct {

	// Required. The resource name of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
	// signing.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. The digest of the data to sign. The digest must be produced with
	// the same digest algorithm as specified by the key version's
	// [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm].
	//
	// This field may not be supplied if
	// [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data]
	// is supplied.
	Digest *Digest `protobuf:"bytes,3,opt,name=digest,proto3" json:"digest,omitempty"`
	// Optional. An optional CRC32C checksum of the
	// [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest].
	// If specified,
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// verify the integrity of the received
	// [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]
	// using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// report an error if the checksum verification fails. If you receive a
	// checksum error, your client should verify that
	// CRC32C([AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest])
	// is equal to
	// [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c],
	// and if so, perform a limited number of retries. A persistent mismatch may
	// indicate an issue in your computation of the CRC32C checksum. Note: This
	// field is defined as int64 for reasons of compatibility across different
	// languages. However, it is a non-negative integer, which will never exceed
	// 2^32-1, and can be safely downconverted to uint32 in languages that support
	// this type.
	DigestCrc32C *wrapperspb.Int64Value `protobuf:"bytes,4,opt,name=digest_crc32c,json=digestCrc32c,proto3" json:"digest_crc32c,omitempty"`
	// Optional. The data to sign.
	// It can't be supplied if
	// [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]
	// is supplied.
	Data []byte `protobuf:"bytes,6,opt,name=data,proto3" json:"data,omitempty"`
	// Optional. An optional CRC32C checksum of the
	// [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data].
	// If specified,
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// verify the integrity of the received
	// [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data]
	// using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// report an error if the checksum verification fails. If you receive a
	// checksum error, your client should verify that
	// CRC32C([AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data])
	// is equal to
	// [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c],
	// and if so, perform a limited number of retries. A persistent mismatch may
	// indicate an issue in your computation of the CRC32C checksum. Note: This
	// field is defined as int64 for reasons of compatibility across different
	// languages. However, it is a non-negative integer, which will never exceed
	// 2^32-1, and can be safely downconverted to uint32 in languages that support
	// this type.
	DataCrc32C *wrapperspb.Int64Value `protobuf:"bytes,7,opt,name=data_crc32c,json=dataCrc32c,proto3" json:"data_crc32c,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign].

func (*AsymmetricSignRequest) Descriptor

func (*AsymmetricSignRequest) Descriptor() ([]byte, []int)

Deprecated: Use AsymmetricSignRequest.ProtoReflect.Descriptor instead.

func (*AsymmetricSignRequest) GetData

func (x *AsymmetricSignRequest) GetData() []byte

func (*AsymmetricSignRequest) GetDataCrc32C

func (x *AsymmetricSignRequest) GetDataCrc32C() *wrapperspb.Int64Value

func (*AsymmetricSignRequest) GetDigest

func (x *AsymmetricSignRequest) GetDigest() *Digest

func (*AsymmetricSignRequest) GetDigestCrc32C

func (x *AsymmetricSignRequest) GetDigestCrc32C() *wrapperspb.Int64Value

func (*AsymmetricSignRequest) GetName

func (x *AsymmetricSignRequest) GetName() string

func (*AsymmetricSignRequest) ProtoMessage

func (*AsymmetricSignRequest) ProtoMessage()

func (*AsymmetricSignRequest) ProtoReflect

func (x *AsymmetricSignRequest) ProtoReflect() protoreflect.Message

func (*AsymmetricSignRequest) Reset

func (x *AsymmetricSignRequest) Reset()

func (*AsymmetricSignRequest) String

func (x *AsymmetricSignRequest) String() string

AsymmetricSignResponse

type AsymmetricSignResponse struct {
	Signature []byte `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"`

	SignatureCrc32C *wrapperspb.Int64Value `protobuf:"bytes,2,opt,name=signature_crc32c,json=signatureCrc32c,proto3" json:"signature_crc32c,omitempty"`

	VerifiedDigestCrc32C bool `protobuf:"varint,3,opt,name=verified_digest_crc32c,json=verifiedDigestCrc32c,proto3" json:"verified_digest_crc32c,omitempty"`

	Name string `protobuf:"bytes,4,opt,name=name,proto3" json:"name,omitempty"`

	VerifiedDataCrc32C bool `protobuf:"varint,5,opt,name=verified_data_crc32c,json=verifiedDataCrc32c,proto3" json:"verified_data_crc32c,omitempty"`

	ProtectionLevel ProtectionLevel "" /* 148 byte string literal not displayed */

}

Response message for [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign].

func (*AsymmetricSignResponse) Descriptor

func (*AsymmetricSignResponse) Descriptor() ([]byte, []int)

Deprecated: Use AsymmetricSignResponse.ProtoReflect.Descriptor instead.

func (*AsymmetricSignResponse) GetName

func (x *AsymmetricSignResponse) GetName() string

func (*AsymmetricSignResponse) GetProtectionLevel

func (x *AsymmetricSignResponse) GetProtectionLevel() ProtectionLevel

func (*AsymmetricSignResponse) GetSignature

func (x *AsymmetricSignResponse) GetSignature() []byte

func (*AsymmetricSignResponse) GetSignatureCrc32C

func (x *AsymmetricSignResponse) GetSignatureCrc32C() *wrapperspb.Int64Value

func (*AsymmetricSignResponse) GetVerifiedDataCrc32C

func (x *AsymmetricSignResponse) GetVerifiedDataCrc32C() bool

func (*AsymmetricSignResponse) GetVerifiedDigestCrc32C

func (x *AsymmetricSignResponse) GetVerifiedDigestCrc32C() bool

func (*AsymmetricSignResponse) ProtoMessage

func (*AsymmetricSignResponse) ProtoMessage()

func (*AsymmetricSignResponse) ProtoReflect

func (x *AsymmetricSignResponse) ProtoReflect() protoreflect.Message

func (*AsymmetricSignResponse) Reset

func (x *AsymmetricSignResponse) Reset()

func (*AsymmetricSignResponse) String

func (x *AsymmetricSignResponse) String() string

Certificate

type Certificate struct {
	RawDer []byte `protobuf:"bytes,1,opt,name=raw_der,json=rawDer,proto3" json:"raw_der,omitempty"`

	Parsed bool `protobuf:"varint,2,opt,name=parsed,proto3" json:"parsed,omitempty"`

	Issuer string `protobuf:"bytes,3,opt,name=issuer,proto3" json:"issuer,omitempty"`

	Subject string `protobuf:"bytes,4,opt,name=subject,proto3" json:"subject,omitempty"`

	SubjectAlternativeDnsNames []string "" /* 143 byte string literal not displayed */

	NotBeforeTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=not_before_time,json=notBeforeTime,proto3" json:"not_before_time,omitempty"`

	NotAfterTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=not_after_time,json=notAfterTime,proto3" json:"not_after_time,omitempty"`

	SerialNumber string `protobuf:"bytes,8,opt,name=serial_number,json=serialNumber,proto3" json:"serial_number,omitempty"`

	Sha256Fingerprint string `protobuf:"bytes,9,opt,name=sha256_fingerprint,json=sha256Fingerprint,proto3" json:"sha256_fingerprint,omitempty"`

}

A [Certificate][google.cloud.kms.v1.Certificate] represents an X.509 certificate used to authenticate HTTPS connections to EKM replicas.

func (*Certificate) Descriptor

func (*Certificate) Descriptor() ([]byte, []int)

Deprecated: Use Certificate.ProtoReflect.Descriptor instead.

func (*Certificate) GetIssuer

func (x *Certificate) GetIssuer() string

func (*Certificate) GetNotAfterTime

func (x *Certificate) GetNotAfterTime() *timestamppb.Timestamp

func (*Certificate) GetNotBeforeTime

func (x *Certificate) GetNotBeforeTime() *timestamppb.Timestamp

func (*Certificate) GetParsed

func (x *Certificate) GetParsed() bool

func (*Certificate) GetRawDer

func (x *Certificate) GetRawDer() []byte

func (*Certificate) GetSerialNumber

func (x *Certificate) GetSerialNumber() string

func (*Certificate) GetSha256Fingerprint

func (x *Certificate) GetSha256Fingerprint() string

func (*Certificate) GetSubject

func (x *Certificate) GetSubject() string

func (*Certificate) GetSubjectAlternativeDnsNames

func (x *Certificate) GetSubjectAlternativeDnsNames() []string

func (*Certificate) ProtoMessage

func (*Certificate) ProtoMessage()

func (*Certificate) ProtoReflect

func (x *Certificate) ProtoReflect() protoreflect.Message

func (*Certificate) Reset

func (x *Certificate) Reset()

func (*Certificate) String

func (x *Certificate) String() string

CreateCryptoKeyRequest

type CreateCryptoKeyRequest struct {
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`

	CryptoKeyId string `protobuf:"bytes,2,opt,name=crypto_key_id,json=cryptoKeyId,proto3" json:"crypto_key_id,omitempty"`

	CryptoKey *CryptoKey `protobuf:"bytes,3,opt,name=crypto_key,json=cryptoKey,proto3" json:"crypto_key,omitempty"`

	SkipInitialVersionCreation bool "" /* 144 byte string literal not displayed */

}

Request message for [KeyManagementService.CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey].

func (*CreateCryptoKeyRequest) Descriptor

func (*CreateCryptoKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateCryptoKeyRequest.ProtoReflect.Descriptor instead.

func (*CreateCryptoKeyRequest) GetCryptoKey

func (x *CreateCryptoKeyRequest) GetCryptoKey() *CryptoKey

func (*CreateCryptoKeyRequest) GetCryptoKeyId

func (x *CreateCryptoKeyRequest) GetCryptoKeyId() string

func (*CreateCryptoKeyRequest) GetParent

func (x *CreateCryptoKeyRequest) GetParent() string

func (*CreateCryptoKeyRequest) GetSkipInitialVersionCreation

func (x *CreateCryptoKeyRequest) GetSkipInitialVersionCreation() bool

func (*CreateCryptoKeyRequest) ProtoMessage

func (*CreateCryptoKeyRequest) ProtoMessage()

func (*CreateCryptoKeyRequest) ProtoReflect

func (x *CreateCryptoKeyRequest) ProtoReflect() protoreflect.Message

func (*CreateCryptoKeyRequest) Reset

func (x *CreateCryptoKeyRequest) Reset()

func (*CreateCryptoKeyRequest) String

func (x *CreateCryptoKeyRequest) String() string

CreateCryptoKeyVersionRequest

type CreateCryptoKeyVersionRequest struct {

	// Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the
	// [CryptoKey][google.cloud.kms.v1.CryptoKey] associated with the
	// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
	// initial field values.
	CryptoKeyVersion *CryptoKeyVersion `protobuf:"bytes,2,opt,name=crypto_key_version,json=cryptoKeyVersion,proto3" json:"crypto_key_version,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion].

func (*CreateCryptoKeyVersionRequest) Descriptor

func (*CreateCryptoKeyVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.

func (*CreateCryptoKeyVersionRequest) GetCryptoKeyVersion

func (x *CreateCryptoKeyVersionRequest) GetCryptoKeyVersion() *CryptoKeyVersion

func (*CreateCryptoKeyVersionRequest) GetParent

func (x *CreateCryptoKeyVersionRequest) GetParent() string

func (*CreateCryptoKeyVersionRequest) ProtoMessage

func (*CreateCryptoKeyVersionRequest) ProtoMessage()

func (*CreateCryptoKeyVersionRequest) ProtoReflect

func (*CreateCryptoKeyVersionRequest) Reset

func (x *CreateCryptoKeyVersionRequest) Reset()

func (*CreateCryptoKeyVersionRequest) String

CreateEkmConnectionRequest

type CreateEkmConnectionRequest struct {

	// Required. The resource name of the location associated with the
	// [EkmConnection][google.cloud.kms.v1.EkmConnection], in the format
	// `projects/*/locations/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. It must be unique within a location and match the regular
	// expression `[a-zA-Z0-9_-]{1,63}`.
	EkmConnectionId string `protobuf:"bytes,2,opt,name=ekm_connection_id,json=ekmConnectionId,proto3" json:"ekm_connection_id,omitempty"`
	// Required. An [EkmConnection][google.cloud.kms.v1.EkmConnection] with
	// initial field values.
	EkmConnection *EkmConnection `protobuf:"bytes,3,opt,name=ekm_connection,json=ekmConnection,proto3" json:"ekm_connection,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.CreateEkmConnection][].

func (*CreateEkmConnectionRequest) Descriptor

func (*CreateEkmConnectionRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateEkmConnectionRequest.ProtoReflect.Descriptor instead.

func (*CreateEkmConnectionRequest) GetEkmConnection

func (x *CreateEkmConnectionRequest) GetEkmConnection() *EkmConnection

func (*CreateEkmConnectionRequest) GetEkmConnectionId

func (x *CreateEkmConnectionRequest) GetEkmConnectionId() string

func (*CreateEkmConnectionRequest) GetParent

func (x *CreateEkmConnectionRequest) GetParent() string

func (*CreateEkmConnectionRequest) ProtoMessage

func (*CreateEkmConnectionRequest) ProtoMessage()

func (*CreateEkmConnectionRequest) ProtoReflect

func (*CreateEkmConnectionRequest) Reset

func (x *CreateEkmConnectionRequest) Reset()

func (*CreateEkmConnectionRequest) String

func (x *CreateEkmConnectionRequest) String() string

CreateImportJobRequest

type CreateImportJobRequest struct {

	// Required. The [name][google.cloud.kms.v1.KeyRing.name] of the
	// [KeyRing][google.cloud.kms.v1.KeyRing] associated with the
	// [ImportJobs][google.cloud.kms.v1.ImportJob].
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. It must be unique within a KeyRing and match the regular
	// expression `[a-zA-Z0-9_-]{1,63}`
	ImportJobId string `protobuf:"bytes,2,opt,name=import_job_id,json=importJobId,proto3" json:"import_job_id,omitempty"`
	// Required. An [ImportJob][google.cloud.kms.v1.ImportJob] with initial field
	// values.
	ImportJob *ImportJob `protobuf:"bytes,3,opt,name=import_job,json=importJob,proto3" json:"import_job,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.CreateImportJob][google.cloud.kms.v1.KeyManagementService.CreateImportJob].

func (*CreateImportJobRequest) Descriptor

func (*CreateImportJobRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateImportJobRequest.ProtoReflect.Descriptor instead.

func (*CreateImportJobRequest) GetImportJob

func (x *CreateImportJobRequest) GetImportJob() *ImportJob

func (*CreateImportJobRequest) GetImportJobId

func (x *CreateImportJobRequest) GetImportJobId() string

func (*CreateImportJobRequest) GetParent

func (x *CreateImportJobRequest) GetParent() string

func (*CreateImportJobRequest) ProtoMessage

func (*CreateImportJobRequest) ProtoMessage()

func (*CreateImportJobRequest) ProtoReflect

func (x *CreateImportJobRequest) ProtoReflect() protoreflect.Message

func (*CreateImportJobRequest) Reset

func (x *CreateImportJobRequest) Reset()

func (*CreateImportJobRequest) String

func (x *CreateImportJobRequest) String() string

CreateKeyRingRequest

type CreateKeyRingRequest struct {

	// Required. The resource name of the location associated with the
	// [KeyRings][google.cloud.kms.v1.KeyRing], in the format
	// `projects/*/locations/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. It must be unique within a location and match the regular
	// expression `[a-zA-Z0-9_-]{1,63}`
	KeyRingId string `protobuf:"bytes,2,opt,name=key_ring_id,json=keyRingId,proto3" json:"key_ring_id,omitempty"`
	// Required. A [KeyRing][google.cloud.kms.v1.KeyRing] with initial field
	// values.
	KeyRing *KeyRing `protobuf:"bytes,3,opt,name=key_ring,json=keyRing,proto3" json:"key_ring,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.CreateKeyRing][google.cloud.kms.v1.KeyManagementService.CreateKeyRing].

func (*CreateKeyRingRequest) Descriptor

func (*CreateKeyRingRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateKeyRingRequest.ProtoReflect.Descriptor instead.

func (*CreateKeyRingRequest) GetKeyRing

func (x *CreateKeyRingRequest) GetKeyRing() *KeyRing

func (*CreateKeyRingRequest) GetKeyRingId

func (x *CreateKeyRingRequest) GetKeyRingId() string

func (*CreateKeyRingRequest) GetParent

func (x *CreateKeyRingRequest) GetParent() string

func (*CreateKeyRingRequest) ProtoMessage

func (*CreateKeyRingRequest) ProtoMessage()

func (*CreateKeyRingRequest) ProtoReflect

func (x *CreateKeyRingRequest) ProtoReflect() protoreflect.Message

func (*CreateKeyRingRequest) Reset

func (x *CreateKeyRingRequest) Reset()

func (*CreateKeyRingRequest) String

func (x *CreateKeyRingRequest) String() string

CryptoKey

type CryptoKey struct {
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`

	Primary *CryptoKeyVersion `protobuf:"bytes,2,opt,name=primary,proto3" json:"primary,omitempty"`

	Purpose CryptoKey_CryptoKeyPurpose `protobuf:"varint,3,opt,name=purpose,proto3,enum=google.cloud.kms.v1.CryptoKey_CryptoKeyPurpose" json:"purpose,omitempty"`

	CreateTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`

	NextRotationTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=next_rotation_time,json=nextRotationTime,proto3" json:"next_rotation_time,omitempty"`

	RotationSchedule isCryptoKey_RotationSchedule `protobuf_oneof:"rotation_schedule"`

	VersionTemplate *CryptoKeyVersionTemplate `protobuf:"bytes,11,opt,name=version_template,json=versionTemplate,proto3" json:"version_template,omitempty"`

	Labels map[string]string "" /* 154 byte string literal not displayed */

	ImportOnly bool `protobuf:"varint,13,opt,name=import_only,json=importOnly,proto3" json:"import_only,omitempty"`

	DestroyScheduledDuration *durationpb.Duration "" /* 136 byte string literal not displayed */

	CryptoKeyBackend string `protobuf:"bytes,15,opt,name=crypto_key_backend,json=cryptoKeyBackend,proto3" json:"crypto_key_backend,omitempty"`

}

A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents a logical key that can be used for cryptographic operations.

A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up of zero or more [versions][google.cloud.kms.v1.CryptoKeyVersion], which represent the actual key material used in cryptographic operations.

func (*CryptoKey) Descriptor

func (*CryptoKey) Descriptor() ([]byte, []int)

Deprecated: Use CryptoKey.ProtoReflect.Descriptor instead.

func (*CryptoKey) GetCreateTime

func (x *CryptoKey) GetCreateTime() *timestamppb.Timestamp

func (*CryptoKey) GetCryptoKeyBackend

func (x *CryptoKey) GetCryptoKeyBackend() string

func (*CryptoKey) GetDestroyScheduledDuration

func (x *CryptoKey) GetDestroyScheduledDuration() *durationpb.Duration

func (*CryptoKey) GetImportOnly

func (x *CryptoKey) GetImportOnly() bool

func (*CryptoKey) GetLabels

func (x *CryptoKey) GetLabels() map[string]string

func (*CryptoKey) GetName

func (x *CryptoKey) GetName() string

func (*CryptoKey) GetNextRotationTime

func (x *CryptoKey) GetNextRotationTime() *timestamppb.Timestamp

func (*CryptoKey) GetPrimary

func (x *CryptoKey) GetPrimary() *CryptoKeyVersion

func (*CryptoKey) GetPurpose

func (x *CryptoKey) GetPurpose() CryptoKey_CryptoKeyPurpose

func (*CryptoKey) GetRotationPeriod

func (x *CryptoKey) GetRotationPeriod() *durationpb.Duration

func (*CryptoKey) GetRotationSchedule

func (m *CryptoKey) GetRotationSchedule() isCryptoKey_RotationSchedule

func (*CryptoKey) GetVersionTemplate

func (x *CryptoKey) GetVersionTemplate() *CryptoKeyVersionTemplate

func (*CryptoKey) ProtoMessage

func (*CryptoKey) ProtoMessage()

func (*CryptoKey) ProtoReflect

func (x *CryptoKey) ProtoReflect() protoreflect.Message

func (*CryptoKey) Reset

func (x *CryptoKey) Reset()

func (*CryptoKey) String

func (x *CryptoKey) String() string

CryptoKeyVersion

type CryptoKeyVersion struct {
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`

	State CryptoKeyVersion_CryptoKeyVersionState "" /* 128 byte string literal not displayed */

	ProtectionLevel ProtectionLevel "" /* 148 byte string literal not displayed */

	Algorithm CryptoKeyVersion_CryptoKeyVersionAlgorithm "" /* 141 byte string literal not displayed */

	Attestation *KeyOperationAttestation `protobuf:"bytes,8,opt,name=attestation,proto3" json:"attestation,omitempty"`

	CreateTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`

	GenerateTime *timestamppb.Timestamp `protobuf:"bytes,11,opt,name=generate_time,json=generateTime,proto3" json:"generate_time,omitempty"`

	DestroyTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=destroy_time,json=destroyTime,proto3" json:"destroy_time,omitempty"`

	DestroyEventTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=destroy_event_time,json=destroyEventTime,proto3" json:"destroy_event_time,omitempty"`

	ImportJob string `protobuf:"bytes,14,opt,name=import_job,json=importJob,proto3" json:"import_job,omitempty"`

	ImportTime *timestamppb.Timestamp `protobuf:"bytes,15,opt,name=import_time,json=importTime,proto3" json:"import_time,omitempty"`

	ImportFailureReason string `protobuf:"bytes,16,opt,name=import_failure_reason,json=importFailureReason,proto3" json:"import_failure_reason,omitempty"`

	ExternalProtectionLevelOptions *ExternalProtectionLevelOptions "" /* 156 byte string literal not displayed */

	ReimportEligible bool `protobuf:"varint,18,opt,name=reimport_eligible,json=reimportEligible,proto3" json:"reimport_eligible,omitempty"`

}

A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] represents an individual cryptographic key, and the associated key material.

An [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] version can be used for cryptographic operations.

For security reasons, the raw cryptographic key material represented by a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS.

func (*CryptoKeyVersion) Descriptor

func (*CryptoKeyVersion) Descriptor() ([]byte, []int)

Deprecated: Use CryptoKeyVersion.ProtoReflect.Descriptor instead.

func (*CryptoKeyVersion) GetAlgorithm

func (*CryptoKeyVersion) GetAttestation

func (x *CryptoKeyVersion) GetAttestation() *KeyOperationAttestation

func (*CryptoKeyVersion) GetCreateTime

func (x *CryptoKeyVersion) GetCreateTime() *timestamppb.Timestamp

func (*CryptoKeyVersion) GetDestroyEventTime

func (x *CryptoKeyVersion) GetDestroyEventTime() *timestamppb.Timestamp

func (*CryptoKeyVersion) GetDestroyTime

func (x *CryptoKeyVersion) GetDestroyTime() *timestamppb.Timestamp

func (*CryptoKeyVersion) GetExternalProtectionLevelOptions

func (x *CryptoKeyVersion) GetExternalProtectionLevelOptions() *ExternalProtectionLevelOptions

func (*CryptoKeyVersion) GetGenerateTime

func (x *CryptoKeyVersion) GetGenerateTime() *timestamppb.Timestamp

func (*CryptoKeyVersion) GetImportFailureReason

func (x *CryptoKeyVersion) GetImportFailureReason() string

func (*CryptoKeyVersion) GetImportJob

func (x *CryptoKeyVersion) GetImportJob() string

func (*CryptoKeyVersion) GetImportTime

func (x *CryptoKeyVersion) GetImportTime() *timestamppb.Timestamp

func (*CryptoKeyVersion) GetName

func (x *CryptoKeyVersion) GetName() string

func (*CryptoKeyVersion) GetProtectionLevel

func (x *CryptoKeyVersion) GetProtectionLevel() ProtectionLevel

func (*CryptoKeyVersion) GetReimportEligible

func (x *CryptoKeyVersion) GetReimportEligible() bool

func (*CryptoKeyVersion) GetState

func (*CryptoKeyVersion) ProtoMessage

func (*CryptoKeyVersion) ProtoMessage()

func (*CryptoKeyVersion) ProtoReflect

func (x *CryptoKeyVersion) ProtoReflect() protoreflect.Message

func (*CryptoKeyVersion) Reset

func (x *CryptoKeyVersion) Reset()

func (*CryptoKeyVersion) String

func (x *CryptoKeyVersion) String() string

CryptoKeyVersionTemplate

type CryptoKeyVersionTemplate struct {
	ProtectionLevel ProtectionLevel "" /* 148 byte string literal not displayed */

	Algorithm CryptoKeyVersion_CryptoKeyVersionAlgorithm "" /* 140 byte string literal not displayed */

}

A [CryptoKeyVersionTemplate][google.cloud.kms.v1.CryptoKeyVersionTemplate] specifies the properties to use when creating a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], either manually with [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or automatically as a result of auto-rotation.

func (*CryptoKeyVersionTemplate) Descriptor

func (*CryptoKeyVersionTemplate) Descriptor() ([]byte, []int)

Deprecated: Use CryptoKeyVersionTemplate.ProtoReflect.Descriptor instead.

func (*CryptoKeyVersionTemplate) GetAlgorithm

func (*CryptoKeyVersionTemplate) GetProtectionLevel

func (x *CryptoKeyVersionTemplate) GetProtectionLevel() ProtectionLevel

func (*CryptoKeyVersionTemplate) ProtoMessage

func (*CryptoKeyVersionTemplate) ProtoMessage()

func (*CryptoKeyVersionTemplate) ProtoReflect

func (x *CryptoKeyVersionTemplate) ProtoReflect() protoreflect.Message

func (*CryptoKeyVersionTemplate) Reset

func (x *CryptoKeyVersionTemplate) Reset()

func (*CryptoKeyVersionTemplate) String

func (x *CryptoKeyVersionTemplate) String() string

CryptoKeyVersion_CryptoKeyVersionAlgorithm

type CryptoKeyVersion_CryptoKeyVersionAlgorithm int32

The algorithm of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], indicating what parameters must be used for each cryptographic operation.

The [GOOGLE_SYMMETRIC_ENCRYPTION][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION] algorithm is usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].

Algorithms beginning with "RSA_SIGN_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN].

The fields in the name after "RSA_SIGN_" correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm.

For PSS, the salt length used is equal to the length of digest algorithm. For example, [RSA_SIGN_PSS_2048_SHA256][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256] will use PSS with a salt length of 256 bits or 32 bytes.

Algorithms beginning with "RSA_DECRYPT_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].

The fields in the name after "RSA_DECRYPT_" correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm.

Algorithms beginning with "EC_SIGN_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN].

The fields in the name after "EC_SIGN_" correspond to the following parameters: elliptic curve, digest algorithm.

Algorithms beginning with "HMAC_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [MAC][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.MAC].

The suffix following "HMAC_" corresponds to the hash algorithm being used (eg. SHA256).

For more information, see Key purposes and algorithms.

CryptoKeyVersion_CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED, CryptoKeyVersion_GOOGLE_SYMMETRIC_ENCRYPTION, CryptoKeyVersion_RSA_SIGN_PSS_2048_SHA256, CryptoKeyVersion_RSA_SIGN_PSS_3072_SHA256, CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA256, CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA512, CryptoKeyVersion_RSA_SIGN_PKCS1_2048_SHA256, CryptoKeyVersion_RSA_SIGN_PKCS1_3072_SHA256, CryptoKeyVersion_RSA_SIGN_PKCS1_4096_SHA256, CryptoKeyVersion_RSA_SIGN_PKCS1_4096_SHA512, CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_2048, CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_3072, CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_4096, CryptoKeyVersion_RSA_DECRYPT_OAEP_2048_SHA256, CryptoKeyVersion_RSA_DECRYPT_OAEP_3072_SHA256, CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA256, CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA512, CryptoKeyVersion_RSA_DECRYPT_OAEP_2048_SHA1, CryptoKeyVersion_RSA_DECRYPT_OAEP_3072_SHA1, CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA1, CryptoKeyVersion_EC_SIGN_P256_SHA256, CryptoKeyVersion_EC_SIGN_P384_SHA384, CryptoKeyVersion_EC_SIGN_SECP256K1_SHA256, CryptoKeyVersion_HMAC_SHA256, CryptoKeyVersion_EXTERNAL_SYMMETRIC_ENCRYPTION

const (
	// Not specified.
	CryptoKeyVersion_CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED CryptoKeyVersion_CryptoKeyVersionAlgorithm = 0
	// Creates symmetric encryption keys.
	CryptoKeyVersion_GOOGLE_SYMMETRIC_ENCRYPTION CryptoKeyVersion_CryptoKeyVersionAlgorithm = 1
	// RSASSA-PSS 2048 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PSS_2048_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 2
	// RSASSA-PSS 3072 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PSS_3072_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 3
	// RSASSA-PSS 4096 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 4
	// RSASSA-PSS 4096 bit key with a SHA512 digest.
	CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 15
	// RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PKCS1_2048_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 5
	// RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PKCS1_3072_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 6
	// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PKCS1_4096_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 7
	// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
	CryptoKeyVersion_RSA_SIGN_PKCS1_4096_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 16
	// RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
	CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_2048 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 28
	// RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
	CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_3072 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 29
	// RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
	CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_4096 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 30
	// RSAES-OAEP 2048 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_2048_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 8
	// RSAES-OAEP 3072 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_3072_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 9
	// RSAES-OAEP 4096 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 10
	// RSAES-OAEP 4096 bit key with a SHA512 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 17
	// RSAES-OAEP 2048 bit key with a SHA1 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_2048_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 37
	// RSAES-OAEP 3072 bit key with a SHA1 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_3072_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 38
	// RSAES-OAEP 4096 bit key with a SHA1 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 39
	// ECDSA on the NIST P-256 curve with a SHA256 digest.
	CryptoKeyVersion_EC_SIGN_P256_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 12
	// ECDSA on the NIST P-384 curve with a SHA384 digest.
	CryptoKeyVersion_EC_SIGN_P384_SHA384 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 13
	// ECDSA on the non-NIST secp256k1 curve. This curve is only supported for
	// HSM protection level.
	CryptoKeyVersion_EC_SIGN_SECP256K1_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 31
	// HMAC-SHA256 signing with a 256 bit key.
	CryptoKeyVersion_HMAC_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 32
	// Algorithm representing symmetric encryption by an external key manager.
	CryptoKeyVersion_EXTERNAL_SYMMETRIC_ENCRYPTION CryptoKeyVersion_CryptoKeyVersionAlgorithm = 18
)

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Descriptor

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Enum

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) EnumDescriptor

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) EnumDescriptor() ([]byte, []int)

Deprecated: Use CryptoKeyVersion_CryptoKeyVersionAlgorithm.Descriptor instead.

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Number

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) String

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Type

CryptoKeyVersion_CryptoKeyVersionState

type CryptoKeyVersion_CryptoKeyVersionState int32

The state of a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], indicating if it can be used.

CryptoKeyVersion_CRYPTO_KEY_VERSION_STATE_UNSPECIFIED, CryptoKeyVersion_PENDING_GENERATION, CryptoKeyVersion_ENABLED, CryptoKeyVersion_DISABLED, CryptoKeyVersion_DESTROYED, CryptoKeyVersion_DESTROY_SCHEDULED, CryptoKeyVersion_PENDING_IMPORT, CryptoKeyVersion_IMPORT_FAILED

const (
	// Not specified.
	CryptoKeyVersion_CRYPTO_KEY_VERSION_STATE_UNSPECIFIED CryptoKeyVersion_CryptoKeyVersionState = 0
	// This version is still being generated. It may not be used, enabled,
	// disabled, or destroyed yet. Cloud KMS will automatically mark this
	// version
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
	// as soon as the version is ready.
	CryptoKeyVersion_PENDING_GENERATION CryptoKeyVersion_CryptoKeyVersionState = 5
	// This version may be used for cryptographic operations.
	CryptoKeyVersion_ENABLED CryptoKeyVersion_CryptoKeyVersionState = 1
	// This version may not be used, but the key material is still available,
	// and the version can be placed back into the
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
	// state.
	CryptoKeyVersion_DISABLED CryptoKeyVersion_CryptoKeyVersionState = 2
	// This version is destroyed, and the key material is no longer stored.
	// This version may only become
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
	// again if this version is
	// [reimport_eligible][google.cloud.kms.v1.CryptoKeyVersion.reimport_eligible]
	// and the original key material is reimported with a call to
	// [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion].
	CryptoKeyVersion_DESTROYED CryptoKeyVersion_CryptoKeyVersionState = 3
	// This version is scheduled for destruction, and will be destroyed soon.
	// Call
	// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
	// to put it back into the
	// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]
	// state.
	CryptoKeyVersion_DESTROY_SCHEDULED CryptoKeyVersion_CryptoKeyVersionState = 4
	// This version is still being imported. It may not be used, enabled,
	// disabled, or destroyed yet. Cloud KMS will automatically mark this
	// version
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
	// as soon as the version is ready.
	CryptoKeyVersion_PENDING_IMPORT CryptoKeyVersion_CryptoKeyVersionState = 6
	// This version was not imported successfully. It may not be used, enabled,
	// disabled, or destroyed. The submitted key material has been discarded.
	// Additional details can be found in
	// [CryptoKeyVersion.import_failure_reason][google.cloud.kms.v1.CryptoKeyVersion.import_failure_reason].
	CryptoKeyVersion_IMPORT_FAILED CryptoKeyVersion_CryptoKeyVersionState = 7
)

func (CryptoKeyVersion_CryptoKeyVersionState) Descriptor

func (CryptoKeyVersion_CryptoKeyVersionState) Enum

func (CryptoKeyVersion_CryptoKeyVersionState) EnumDescriptor

func (CryptoKeyVersion_CryptoKeyVersionState) EnumDescriptor() ([]byte, []int)

Deprecated: Use CryptoKeyVersion_CryptoKeyVersionState.Descriptor instead.

func (CryptoKeyVersion_CryptoKeyVersionState) Number

func (CryptoKeyVersion_CryptoKeyVersionState) String

func (CryptoKeyVersion_CryptoKeyVersionState) Type

CryptoKeyVersion_CryptoKeyVersionView

type CryptoKeyVersion_CryptoKeyVersionView int32

A view for [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]s. Controls the level of detail returned for [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] in [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions] and [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys].

CryptoKeyVersion_CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED, CryptoKeyVersion_FULL

const (
	// Default view for each
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Does not
	// include the
	// [attestation][google.cloud.kms.v1.CryptoKeyVersion.attestation] field.
	CryptoKeyVersion_CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED CryptoKeyVersion_CryptoKeyVersionView = 0
	// Provides all fields in each
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], including the
	// [attestation][google.cloud.kms.v1.CryptoKeyVersion.attestation].
	CryptoKeyVersion_FULL CryptoKeyVersion_CryptoKeyVersionView = 1
)

func (CryptoKeyVersion_CryptoKeyVersionView) Descriptor

func (CryptoKeyVersion_CryptoKeyVersionView) Enum

func (CryptoKeyVersion_CryptoKeyVersionView) EnumDescriptor

func (CryptoKeyVersion_CryptoKeyVersionView) EnumDescriptor() ([]byte, []int)

Deprecated: Use CryptoKeyVersion_CryptoKeyVersionView.Descriptor instead.

func (CryptoKeyVersion_CryptoKeyVersionView) Number

func (CryptoKeyVersion_CryptoKeyVersionView) String

func (CryptoKeyVersion_CryptoKeyVersionView) Type

CryptoKey_CryptoKeyPurpose

type CryptoKey_CryptoKeyPurpose int32

[CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] describes the cryptographic capabilities of a [CryptoKey][google.cloud.kms.v1.CryptoKey]. A given key can only be used for the operations allowed by its purpose. For more information, see Key purposes.

CryptoKey_CRYPTO_KEY_PURPOSE_UNSPECIFIED, CryptoKey_ENCRYPT_DECRYPT, CryptoKey_ASYMMETRIC_SIGN, CryptoKey_ASYMMETRIC_DECRYPT, CryptoKey_MAC

const (
	// Not specified.
	CryptoKey_CRYPTO_KEY_PURPOSE_UNSPECIFIED CryptoKey_CryptoKeyPurpose = 0
	// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
	// with [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and
	// [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
	CryptoKey_ENCRYPT_DECRYPT CryptoKey_CryptoKeyPurpose = 1
	// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
	// with
	// [AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]
	// and
	// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
	CryptoKey_ASYMMETRIC_SIGN CryptoKey_CryptoKeyPurpose = 5
	// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
	// with
	// [AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]
	// and
	// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
	CryptoKey_ASYMMETRIC_DECRYPT CryptoKey_CryptoKeyPurpose = 6
	// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
	// with [MacSign][google.cloud.kms.v1.KeyManagementService.MacSign].
	CryptoKey_MAC CryptoKey_CryptoKeyPurpose = 9
)

func (CryptoKey_CryptoKeyPurpose) Descriptor

func (CryptoKey_CryptoKeyPurpose) Enum

func (CryptoKey_CryptoKeyPurpose) EnumDescriptor

func (CryptoKey_CryptoKeyPurpose) EnumDescriptor() ([]byte, []int)

Deprecated: Use CryptoKey_CryptoKeyPurpose.Descriptor instead.

func (CryptoKey_CryptoKeyPurpose) Number

func (CryptoKey_CryptoKeyPurpose) String

func (CryptoKey_CryptoKeyPurpose) Type

CryptoKey_RotationPeriod

type CryptoKey_RotationPeriod struct {
	// [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time]
	// will be advanced by this period when the service automatically rotates a
	// key. Must be at least 24 hours and at most 876,000 hours.
	//
	// If [rotation_period][google.cloud.kms.v1.CryptoKey.rotation_period] is
	// set,
	// [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time]
	// must also be set.
	//
	// Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]
	// support automatic rotation. For other keys, this field must be omitted.
	RotationPeriod *durationpb.Duration `protobuf:"bytes,8,opt,name=rotation_period,json=rotationPeriod,proto3,oneof"`
}

DecryptRequest

type DecryptRequest struct {
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`

	Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`

	AdditionalAuthenticatedData []byte "" /* 144 byte string literal not displayed */

	CiphertextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,5,opt,name=ciphertext_crc32c,json=ciphertextCrc32c,proto3" json:"ciphertext_crc32c,omitempty"`

	AdditionalAuthenticatedDataCrc32C *wrapperspb.Int64Value "" /* 164 byte string literal not displayed */

}

Request message for [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].

func (*DecryptRequest) Descriptor

func (*DecryptRequest) Descriptor() ([]byte, []int)

Deprecated: Use DecryptRequest.ProtoReflect.Descriptor instead.

func (*DecryptRequest) GetAdditionalAuthenticatedData

func (x *DecryptRequest) GetAdditionalAuthenticatedData() []byte

func (*DecryptRequest) GetAdditionalAuthenticatedDataCrc32C

func (x *DecryptRequest) GetAdditionalAuthenticatedDataCrc32C() *wrapperspb.Int64Value

func (*DecryptRequest) GetCiphertext

func (x *DecryptRequest) GetCiphertext() []byte

func (*DecryptRequest) GetCiphertextCrc32C

func (x *DecryptRequest) GetCiphertextCrc32C() *wrapperspb.Int64Value

func (*DecryptRequest) GetName

func (x *DecryptRequest) GetName() string

func (*DecryptRequest) ProtoMessage

func (*DecryptRequest) ProtoMessage()

func (*DecryptRequest) ProtoReflect

func (x *DecryptRequest) ProtoReflect() protoreflect.Message

func (*DecryptRequest) Reset

func (x *DecryptRequest) Reset()

func (*DecryptRequest) String

func (x *DecryptRequest) String() string

DecryptResponse

type DecryptResponse struct {
	Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"`

	PlaintextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,2,opt,name=plaintext_crc32c,json=plaintextCrc32c,proto3" json:"plaintext_crc32c,omitempty"`

	UsedPrimary bool `protobuf:"varint,3,opt,name=used_primary,json=usedPrimary,proto3" json:"used_primary,omitempty"`

	ProtectionLevel ProtectionLevel "" /* 148 byte string literal not displayed */

}

Response message for [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].

func (*DecryptResponse) Descriptor

func (*DecryptResponse) Descriptor() ([]byte, []int)

Deprecated: Use DecryptResponse.ProtoReflect.Descriptor instead.

func (*DecryptResponse) GetPlaintext

func (x *DecryptResponse) GetPlaintext() []byte

func (*DecryptResponse) GetPlaintextCrc32C

func (x *DecryptResponse) GetPlaintextCrc32C() *wrapperspb.Int64Value

func (*DecryptResponse) GetProtectionLevel

func (x *DecryptResponse) GetProtectionLevel() ProtectionLevel

func (*DecryptResponse) GetUsedPrimary

func (x *DecryptResponse) GetUsedPrimary() bool

func (*DecryptResponse) ProtoMessage

func (*DecryptResponse) ProtoMessage()

func (*DecryptResponse) ProtoReflect

func (x *DecryptResponse) ProtoReflect() protoreflect.Message

func (*DecryptResponse) Reset

func (x *DecryptResponse) Reset()

func (*DecryptResponse) String

func (x *DecryptResponse) String() string

DestroyCryptoKeyVersionRequest

type DestroyCryptoKeyVersionRequest struct {

	// Required. The resource name of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to destroy.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion].

func (*DestroyCryptoKeyVersionRequest) Descriptor

func (*DestroyCryptoKeyVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use DestroyCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.

func (*DestroyCryptoKeyVersionRequest) GetName

func (*DestroyCryptoKeyVersionRequest) ProtoMessage

func (*DestroyCryptoKeyVersionRequest) ProtoMessage()

func (*DestroyCryptoKeyVersionRequest) ProtoReflect

func (*DestroyCryptoKeyVersionRequest) Reset

func (x *DestroyCryptoKeyVersionRequest) Reset()

func (*DestroyCryptoKeyVersionRequest) String

Digest

type Digest struct {

	// Required. The message digest.
	//
	// Types that are assignable to Digest:
	//
	//	*Digest_Sha256
	//	*Digest_Sha384
	//	*Digest_Sha512
	Digest isDigest_Digest `protobuf_oneof:"digest"`
	// contains filtered or unexported fields
}

A [Digest][google.cloud.kms.v1.Digest] holds a cryptographic message digest.

func (*Digest) Descriptor

func (*Digest) Descriptor() ([]byte, []int)

Deprecated: Use Digest.ProtoReflect.Descriptor instead.

func (*Digest) GetDigest

func (m *Digest) GetDigest() isDigest_Digest

func (*Digest) GetSha256

func (x *Digest) GetSha256() []byte

func (*Digest) GetSha384

func (x *Digest) GetSha384() []byte

func (*Digest) GetSha512

func (x *Digest) GetSha512() []byte

func (*Digest) ProtoMessage

func (*Digest) ProtoMessage()

func (*Digest) ProtoReflect

func (x *Digest) ProtoReflect() protoreflect.Message

func (*Digest) Reset

func (x *Digest) Reset()

func (*Digest) String

func (x *Digest) String() string

Digest_Sha256

type Digest_Sha256 struct {
	// A message digest produced with the SHA-256 algorithm.
	Sha256 []byte `protobuf:"bytes,1,opt,name=sha256,proto3,oneof"`
}

Digest_Sha384

type Digest_Sha384 struct {
	// A message digest produced with the SHA-384 algorithm.
	Sha384 []byte `protobuf:"bytes,2,opt,name=sha384,proto3,oneof"`
}

Digest_Sha512

type Digest_Sha512 struct {
	// A message digest produced with the SHA-512 algorithm.
	Sha512 []byte `protobuf:"bytes,3,opt,name=sha512,proto3,oneof"`
}

EkmConnection

type EkmConnection struct {

	// Output only. The resource name for the
	// [EkmConnection][google.cloud.kms.v1.EkmConnection] in the format
	// `projects/*/locations/*/ekmConnections/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Output only. The time at which the
	// [EkmConnection][google.cloud.kms.v1.EkmConnection] was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// A list of
	// [ServiceResolvers][google.cloud.kms.v1.EkmConnection.ServiceResolver] where
	// the EKM can be reached. There should be one ServiceResolver per EKM
	// replica. Currently, only a single
	// [ServiceResolver][google.cloud.kms.v1.EkmConnection.ServiceResolver] is
	// supported.
	ServiceResolvers []*EkmConnection_ServiceResolver `protobuf:"bytes,3,rep,name=service_resolvers,json=serviceResolvers,proto3" json:"service_resolvers,omitempty"`
	// This checksum is computed by the server based on the value of other fields,
	// and may be sent on update requests to ensure the client has an up-to-date
	// value before proceeding.
	Etag string `protobuf:"bytes,5,opt,name=etag,proto3" json:"etag,omitempty"`
	// contains filtered or unexported fields
}

An [EkmConnection][google.cloud.kms.v1.EkmConnection] represents an individual EKM connection. It can be used for creating [CryptoKeys][google.cloud.kms.v1.CryptoKey] and [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] with a [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of [EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC], as well as performing cryptographic operations using keys created within the [EkmConnection][google.cloud.kms.v1.EkmConnection].

func (*EkmConnection) Descriptor

func (*EkmConnection) Descriptor() ([]byte, []int)

Deprecated: Use EkmConnection.ProtoReflect.Descriptor instead.

func (*EkmConnection) GetCreateTime

func (x *EkmConnection) GetCreateTime() *timestamppb.Timestamp

func (*EkmConnection) GetEtag

func (x *EkmConnection) GetEtag() string

func (*EkmConnection) GetName

func (x *EkmConnection) GetName() string

func (*EkmConnection) GetServiceResolvers

func (x *EkmConnection) GetServiceResolvers() []*EkmConnection_ServiceResolver

func (*EkmConnection) ProtoMessage

func (*EkmConnection) ProtoMessage()

func (*EkmConnection) ProtoReflect

func (x *EkmConnection) ProtoReflect() protoreflect.Message

func (*EkmConnection) Reset

func (x *EkmConnection) Reset()

func (*EkmConnection) String

func (x *EkmConnection) String() string

EkmConnection_ServiceResolver

type EkmConnection_ServiceResolver struct {
	ServiceDirectoryService string "" /* 132 byte string literal not displayed */

	EndpointFilter string `protobuf:"bytes,2,opt,name=endpoint_filter,json=endpointFilter,proto3" json:"endpoint_filter,omitempty"`

	Hostname string `protobuf:"bytes,3,opt,name=hostname,proto3" json:"hostname,omitempty"`

	ServerCertificates []*Certificate `protobuf:"bytes,4,rep,name=server_certificates,json=serverCertificates,proto3" json:"server_certificates,omitempty"`

}

A [ServiceResolver][google.cloud.kms.v1.EkmConnection.ServiceResolver] represents an EKM replica that can be reached within an [EkmConnection][google.cloud.kms.v1.EkmConnection].

func (*EkmConnection_ServiceResolver) Descriptor

func (*EkmConnection_ServiceResolver) Descriptor() ([]byte, []int)

Deprecated: Use EkmConnection_ServiceResolver.ProtoReflect.Descriptor instead.

func (*EkmConnection_ServiceResolver) GetEndpointFilter

func (x *EkmConnection_ServiceResolver) GetEndpointFilter() string

func (*EkmConnection_ServiceResolver) GetHostname

func (x *EkmConnection_ServiceResolver) GetHostname() string

func (*EkmConnection_ServiceResolver) GetServerCertificates

func (x *EkmConnection_ServiceResolver) GetServerCertificates() []*Certificate

func (*EkmConnection_ServiceResolver) GetServiceDirectoryService

func (x *EkmConnection_ServiceResolver) GetServiceDirectoryService() string

func (*EkmConnection_ServiceResolver) ProtoMessage

func (*EkmConnection_ServiceResolver) ProtoMessage()

func (*EkmConnection_ServiceResolver) ProtoReflect

func (*EkmConnection_ServiceResolver) Reset

func (x *EkmConnection_ServiceResolver) Reset()

func (*EkmConnection_ServiceResolver) String

EkmServiceClient

type EkmServiceClient interface {
	// Lists [EkmConnections][google.cloud.kms.v1.EkmConnection].
	ListEkmConnections(ctx context.Context, in *ListEkmConnectionsRequest, opts ...grpc.CallOption) (*ListEkmConnectionsResponse, error)
	// Returns metadata for a given
	// [EkmConnection][google.cloud.kms.v1.EkmConnection].
	GetEkmConnection(ctx context.Context, in *GetEkmConnectionRequest, opts ...grpc.CallOption) (*EkmConnection, error)
	// Creates a new [EkmConnection][google.cloud.kms.v1.EkmConnection] in a given
	// Project and Location.
	CreateEkmConnection(ctx context.Context, in *CreateEkmConnectionRequest, opts ...grpc.CallOption) (*EkmConnection, error)
	// Updates an [EkmConnection][google.cloud.kms.v1.EkmConnection]'s metadata.
	UpdateEkmConnection(ctx context.Context, in *UpdateEkmConnectionRequest, opts ...grpc.CallOption) (*EkmConnection, error)
}

EkmServiceClient is the client API for EkmService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewEkmServiceClient

func NewEkmServiceClient(cc grpc.ClientConnInterface) EkmServiceClient

EkmServiceServer

type EkmServiceServer interface {
	// Lists [EkmConnections][google.cloud.kms.v1.EkmConnection].
	ListEkmConnections(context.Context, *ListEkmConnectionsRequest) (*ListEkmConnectionsResponse, error)
	// Returns metadata for a given
	// [EkmConnection][google.cloud.kms.v1.EkmConnection].
	GetEkmConnection(context.Context, *GetEkmConnectionRequest) (*EkmConnection, error)
	// Creates a new [EkmConnection][google.cloud.kms.v1.EkmConnection] in a given
	// Project and Location.
	CreateEkmConnection(context.Context, *CreateEkmConnectionRequest) (*EkmConnection, error)
	// Updates an [EkmConnection][google.cloud.kms.v1.EkmConnection]'s metadata.
	UpdateEkmConnection(context.Context, *UpdateEkmConnectionRequest) (*EkmConnection, error)
}

EkmServiceServer is the server API for EkmService service.

EncryptRequest

type EncryptRequest struct {
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`

	Plaintext []byte `protobuf:"bytes,2,opt,name=plaintext,proto3" json:"plaintext,omitempty"`

	AdditionalAuthenticatedData []byte "" /* 144 byte string literal not displayed */

	PlaintextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,7,opt,name=plaintext_crc32c,json=plaintextCrc32c,proto3" json:"plaintext_crc32c,omitempty"`

	AdditionalAuthenticatedDataCrc32C *wrapperspb.Int64Value "" /* 164 byte string literal not displayed */

}

Request message for [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].

func (*EncryptRequest) Descriptor

func (*EncryptRequest) Descriptor() ([]byte, []int)

Deprecated: Use EncryptRequest.ProtoReflect.Descriptor instead.

func (*EncryptRequest) GetAdditionalAuthenticatedData

func (x *EncryptRequest) GetAdditionalAuthenticatedData() []byte

func (*EncryptRequest) GetAdditionalAuthenticatedDataCrc32C

func (x *EncryptRequest) GetAdditionalAuthenticatedDataCrc32C() *wrapperspb.Int64Value

func (*EncryptRequest) GetName

func (x *EncryptRequest) GetName() string

func (*EncryptRequest) GetPlaintext

func (x *EncryptRequest) GetPlaintext() []byte

func (*EncryptRequest) GetPlaintextCrc32C

func (x *EncryptRequest) GetPlaintextCrc32C() *wrapperspb.Int64Value

func (*EncryptRequest) ProtoMessage

func (*EncryptRequest) ProtoMessage()

func (*EncryptRequest) ProtoReflect

func (x *EncryptRequest) ProtoReflect() protoreflect.Message

func (*EncryptRequest) Reset

func (x *EncryptRequest) Reset()

func (*EncryptRequest) String

func (x *EncryptRequest) String() string

EncryptResponse

type EncryptResponse struct {
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`

	Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`

	CiphertextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,4,opt,name=ciphertext_crc32c,json=ciphertextCrc32c,proto3" json:"ciphertext_crc32c,omitempty"`

	VerifiedPlaintextCrc32C bool "" /* 133 byte string literal not displayed */

	VerifiedAdditionalAuthenticatedDataCrc32C bool "" /* 191 byte string literal not displayed */

	ProtectionLevel ProtectionLevel "" /* 148 byte string literal not displayed */

}

Response message for [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].

func (*EncryptResponse) Descriptor

func (*EncryptResponse) Descriptor() ([]byte, []int)

Deprecated: Use EncryptResponse.ProtoReflect.Descriptor instead.

func (*EncryptResponse) GetCiphertext

func (x *EncryptResponse) GetCiphertext() []byte

func (*EncryptResponse) GetCiphertextCrc32C

func (x *EncryptResponse) GetCiphertextCrc32C() *wrapperspb.Int64Value

func (*EncryptResponse) GetName

func (x *EncryptResponse) GetName() string

func (*EncryptResponse) GetProtectionLevel

func (x *EncryptResponse) GetProtectionLevel() ProtectionLevel

func (*EncryptResponse) GetVerifiedAdditionalAuthenticatedDataCrc32C

func (x *EncryptResponse) GetVerifiedAdditionalAuthenticatedDataCrc32C() bool

func (*EncryptResponse) GetVerifiedPlaintextCrc32C

func (x *EncryptResponse) GetVerifiedPlaintextCrc32C() bool

func (*EncryptResponse) ProtoMessage

func (*EncryptResponse) ProtoMessage()

func (*EncryptResponse) ProtoReflect

func (x *EncryptResponse) ProtoReflect() protoreflect.Message

func (*EncryptResponse) Reset

func (x *EncryptResponse) Reset()

func (*EncryptResponse) String

func (x *EncryptResponse) String() string

ExternalProtectionLevelOptions

type ExternalProtectionLevelOptions struct {

	// The URI for an external resource that this
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] represents.
	ExternalKeyUri string `protobuf:"bytes,1,opt,name=external_key_uri,json=externalKeyUri,proto3" json:"external_key_uri,omitempty"`
	// The path to the external key material on the EKM when using
	// [EkmConnection][google.cloud.kms.v1.EkmConnection] e.g., "v0/my/key". Set
	// this field instead of external_key_uri when using an
	// [EkmConnection][google.cloud.kms.v1.EkmConnection].
	EkmConnectionKeyPath string `protobuf:"bytes,2,opt,name=ekm_connection_key_path,json=ekmConnectionKeyPath,proto3" json:"ekm_connection_key_path,omitempty"`
	// contains filtered or unexported fields
}

ExternalProtectionLevelOptions stores a group of additional fields for configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that are specific to the [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level and [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] protection levels.

func (*ExternalProtectionLevelOptions) Descriptor

func (*ExternalProtectionLevelOptions) Descriptor() ([]byte, []int)

Deprecated: Use ExternalProtectionLevelOptions.ProtoReflect.Descriptor instead.

func (*ExternalProtectionLevelOptions) GetEkmConnectionKeyPath

func (x *ExternalProtectionLevelOptions) GetEkmConnectionKeyPath() string

func (*ExternalProtectionLevelOptions) GetExternalKeyUri

func (x *ExternalProtectionLevelOptions) GetExternalKeyUri() string

func (*ExternalProtectionLevelOptions) ProtoMessage

func (*ExternalProtectionLevelOptions) ProtoMessage()

func (*ExternalProtectionLevelOptions) ProtoReflect

func (*ExternalProtectionLevelOptions) Reset

func (x *ExternalProtectionLevelOptions) Reset()

func (*ExternalProtectionLevelOptions) String

GenerateRandomBytesRequest

type GenerateRandomBytesRequest struct {
	Location string `protobuf:"bytes,1,opt,name=location,proto3" json:"location,omitempty"`

	LengthBytes int32 `protobuf:"varint,2,opt,name=length_bytes,json=lengthBytes,proto3" json:"length_bytes,omitempty"`

	ProtectionLevel ProtectionLevel "" /* 148 byte string literal not displayed */

}

Request message for [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes].

func (*GenerateRandomBytesRequest) Descriptor

func (*GenerateRandomBytesRequest) Descriptor() ([]byte, []int)

Deprecated: Use GenerateRandomBytesRequest.ProtoReflect.Descriptor instead.

func (*GenerateRandomBytesRequest) GetLengthBytes

func (x *GenerateRandomBytesRequest) GetLengthBytes() int32

func (*GenerateRandomBytesRequest) GetLocation

func (x *GenerateRandomBytesRequest) GetLocation() string

func (*GenerateRandomBytesRequest) GetProtectionLevel

func (x *GenerateRandomBytesRequest) GetProtectionLevel() ProtectionLevel

func (*GenerateRandomBytesRequest) ProtoMessage

func (*GenerateRandomBytesRequest) ProtoMessage()

func (*GenerateRandomBytesRequest) ProtoReflect

func (*GenerateRandomBytesRequest) Reset

func (x *GenerateRandomBytesRequest) Reset()

func (*GenerateRandomBytesRequest) String

func (x *GenerateRandomBytesRequest) String() string

GenerateRandomBytesResponse

type GenerateRandomBytesResponse struct {

	// The generated data.
	Data []byte `protobuf:"bytes,1,opt,name=data,proto3" json:"data,omitempty"`
	// Integrity verification field. A CRC32C checksum of the returned
	// [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data].
	// An integrity check of
	// [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data]
	// can be performed by computing the CRC32C checksum of
	// [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data]
	// and comparing your results to this field. Discard the response in case of
	// non-matching checksum values, and perform a limited number of retries. A
	// persistent mismatch may indicate an issue in your computation of the CRC32C
	// checksum. Note: This field is defined as int64 for reasons of compatibility
	// across different languages. However, it is a non-negative integer, which
	// will never exceed 2^32-1, and can be safely downconverted to uint32 in
	// languages that support this type.
	DataCrc32C *wrapperspb.Int64Value `protobuf:"bytes,3,opt,name=data_crc32c,json=dataCrc32c,proto3" json:"data_crc32c,omitempty"`
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes].

func (*GenerateRandomBytesResponse) Descriptor

func (*GenerateRandomBytesResponse) Descriptor() ([]byte, []int)

Deprecated: Use GenerateRandomBytesResponse.ProtoReflect.Descriptor instead.

func (*GenerateRandomBytesResponse) GetData

func (x *GenerateRandomBytesResponse) GetData() []byte

func (*GenerateRandomBytesResponse) GetDataCrc32C

func (*GenerateRandomBytesResponse) ProtoMessage

func (*GenerateRandomBytesResponse) ProtoMessage()

func (*GenerateRandomBytesResponse) ProtoReflect

func (*GenerateRandomBytesResponse) Reset

func (x *GenerateRandomBytesResponse) Reset()

func (*GenerateRandomBytesResponse) String

func (x *GenerateRandomBytesResponse) String() string

GetCryptoKeyRequest

type GetCryptoKeyRequest struct {

	// Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the
	// [CryptoKey][google.cloud.kms.v1.CryptoKey] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetCryptoKey][google.cloud.kms.v1.KeyManagementService.GetCryptoKey].

func (*GetCryptoKeyRequest) Descriptor

func (*GetCryptoKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetCryptoKeyRequest.ProtoReflect.Descriptor instead.

func (*GetCryptoKeyRequest) GetName

func (x *GetCryptoKeyRequest) GetName() string

func (*GetCryptoKeyRequest) ProtoMessage

func (*GetCryptoKeyRequest) ProtoMessage()

func (*GetCryptoKeyRequest) ProtoReflect

func (x *GetCryptoKeyRequest) ProtoReflect() protoreflect.Message

func (*GetCryptoKeyRequest) Reset

func (x *GetCryptoKeyRequest) Reset()

func (*GetCryptoKeyRequest) String

func (x *GetCryptoKeyRequest) String() string

GetCryptoKeyVersionRequest

type GetCryptoKeyVersionRequest struct {

	// Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.GetCryptoKeyVersion].

func (*GetCryptoKeyVersionRequest) Descriptor

func (*GetCryptoKeyVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.

func (*GetCryptoKeyVersionRequest) GetName

func (x *GetCryptoKeyVersionRequest) GetName() string

func (*GetCryptoKeyVersionRequest) ProtoMessage

func (*GetCryptoKeyVersionRequest) ProtoMessage()

func (*GetCryptoKeyVersionRequest) ProtoReflect

func (*GetCryptoKeyVersionRequest) Reset

func (x *GetCryptoKeyVersionRequest) Reset()

func (*GetCryptoKeyVersionRequest) String

func (x *GetCryptoKeyVersionRequest) String() string

GetEkmConnectionRequest

type GetEkmConnectionRequest struct {

	// Required. The [name][google.cloud.kms.v1.EkmConnection.name] of the
	// [EkmConnection][google.cloud.kms.v1.EkmConnection] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetEkmConnection][].

func (*GetEkmConnectionRequest) Descriptor

func (*GetEkmConnectionRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetEkmConnectionRequest.ProtoReflect.Descriptor instead.

func (*GetEkmConnectionRequest) GetName

func (x *GetEkmConnectionRequest) GetName() string

func (*GetEkmConnectionRequest) ProtoMessage

func (*GetEkmConnectionRequest) ProtoMessage()

func (*GetEkmConnectionRequest) ProtoReflect

func (x *GetEkmConnectionRequest) ProtoReflect() protoreflect.Message

func (*GetEkmConnectionRequest) Reset

func (x *GetEkmConnectionRequest) Reset()

func (*GetEkmConnectionRequest) String

func (x *GetEkmConnectionRequest) String() string

GetImportJobRequest

type GetImportJobRequest struct {

	// Required. The [name][google.cloud.kms.v1.ImportJob.name] of the
	// [ImportJob][google.cloud.kms.v1.ImportJob] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetImportJob][google.cloud.kms.v1.KeyManagementService.GetImportJob].

func (*GetImportJobRequest) Descriptor

func (*GetImportJobRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetImportJobRequest.ProtoReflect.Descriptor instead.

func (*GetImportJobRequest) GetName

func (x *GetImportJobRequest) GetName() string

func (*GetImportJobRequest) ProtoMessage

func (*GetImportJobRequest) ProtoMessage()

func (*GetImportJobRequest) ProtoReflect

func (x *GetImportJobRequest) ProtoReflect() protoreflect.Message

func (*GetImportJobRequest) Reset

func (x *GetImportJobRequest) Reset()

func (*GetImportJobRequest) String

func (x *GetImportJobRequest) String() string

GetKeyRingRequest

type GetKeyRingRequest struct {

	// Required. The [name][google.cloud.kms.v1.KeyRing.name] of the
	// [KeyRing][google.cloud.kms.v1.KeyRing] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetKeyRing][google.cloud.kms.v1.KeyManagementService.GetKeyRing].

func (*GetKeyRingRequest) Descriptor

func (*GetKeyRingRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetKeyRingRequest.ProtoReflect.Descriptor instead.

func (*GetKeyRingRequest) GetName

func (x *GetKeyRingRequest) GetName() string

func (*GetKeyRingRequest) ProtoMessage

func (*GetKeyRingRequest) ProtoMessage()

func (*GetKeyRingRequest) ProtoReflect

func (x *GetKeyRingRequest) ProtoReflect() protoreflect.Message

func (*GetKeyRingRequest) Reset

func (x *GetKeyRingRequest) Reset()

func (*GetKeyRingRequest) String

func (x *GetKeyRingRequest) String() string

GetPublicKeyRequest

type GetPublicKeyRequest struct {

	// Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].

func (*GetPublicKeyRequest) Descriptor

func (*GetPublicKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetPublicKeyRequest.ProtoReflect.Descriptor instead.

func (*GetPublicKeyRequest) GetName

func (x *GetPublicKeyRequest) GetName() string

func (*GetPublicKeyRequest) ProtoMessage

func (*GetPublicKeyRequest) ProtoMessage()

func (*GetPublicKeyRequest) ProtoReflect

func (x *GetPublicKeyRequest) ProtoReflect() protoreflect.Message

func (*GetPublicKeyRequest) Reset

func (x *GetPublicKeyRequest) Reset()

func (*GetPublicKeyRequest) String

func (x *GetPublicKeyRequest) String() string

ImportCryptoKeyVersionRequest

type ImportCryptoKeyVersionRequest struct {
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`

	CryptoKeyVersion string `protobuf:"bytes,6,opt,name=crypto_key_version,json=cryptoKeyVersion,proto3" json:"crypto_key_version,omitempty"`

	Algorithm CryptoKeyVersion_CryptoKeyVersionAlgorithm "" /* 140 byte string literal not displayed */

	ImportJob string `protobuf:"bytes,4,opt,name=import_job,json=importJob,proto3" json:"import_job,omitempty"`

	WrappedKeyMaterial isImportCryptoKeyVersionRequest_WrappedKeyMaterial `protobuf_oneof:"wrapped_key_material"`

}

Request message for [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion].

func (*ImportCryptoKeyVersionRequest) Descriptor

func (*ImportCryptoKeyVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use ImportCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.

func (*ImportCryptoKeyVersionRequest) GetAlgorithm

func (*ImportCryptoKeyVersionRequest) GetCryptoKeyVersion

func (x *ImportCryptoKeyVersionRequest) GetCryptoKeyVersion() string

func (*ImportCryptoKeyVersionRequest) GetImportJob

func (x *ImportCryptoKeyVersionRequest) GetImportJob() string

func (*ImportCryptoKeyVersionRequest) GetParent

func (x *ImportCryptoKeyVersionRequest) GetParent() string

func (*ImportCryptoKeyVersionRequest) GetRsaAesWrappedKey

func (x *ImportCryptoKeyVersionRequest) GetRsaAesWrappedKey() []byte

func (*ImportCryptoKeyVersionRequest) GetWrappedKeyMaterial

func (m *ImportCryptoKeyVersionRequest) GetWrappedKeyMaterial() isImportCryptoKeyVersionRequest_WrappedKeyMaterial

func (*ImportCryptoKeyVersionRequest) ProtoMessage

func (*ImportCryptoKeyVersionRequest) ProtoMessage()

func (*ImportCryptoKeyVersionRequest) ProtoReflect

func (*ImportCryptoKeyVersionRequest) Reset

func (x *ImportCryptoKeyVersionRequest) Reset()

func (*ImportCryptoKeyVersionRequest) String

ImportCryptoKeyVersionRequest_RsaAesWrappedKey

type ImportCryptoKeyVersionRequest_RsaAesWrappedKey struct {
	// Wrapped key material produced with
	// [RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256]
	// or
	// [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256].
	//
	// This field contains the concatenation of two wrapped keys:
	// 
    // //
  1. An ephemeral AES-256 wrapping key wrapped with the // [public_key][google.cloud.kms.v1.ImportJob.public_key] using // RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an // empty label. //
  2. //
  3. The key to be imported, wrapped with the ephemeral AES-256 key // using AES-KWP (RFC 5649). //
  4. // //
// // If importing symmetric key material, it is expected that the unwrapped // key contains plain bytes. If importing asymmetric key material, it is // expected that the unwrapped key is in PKCS#8-encoded DER format (the // PrivateKeyInfo structure from RFC 5208). // // This format is the same as the format produced by PKCS#11 mechanism // CKM_RSA_AES_KEY_WRAP. RsaAesWrappedKey []byte `protobuf:"bytes,5,opt,name=rsa_aes_wrapped_key,json=rsaAesWrappedKey,proto3,oneof"` }

ImportJob

type ImportJob struct {
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`

	ImportMethod ImportJob_ImportMethod "" /* 146 byte string literal not displayed */

	ProtectionLevel ProtectionLevel "" /* 148 byte string literal not displayed */

	CreateTime *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`

	GenerateTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=generate_time,json=generateTime,proto3" json:"generate_time,omitempty"`

	ExpireTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=expire_time,json=expireTime,proto3" json:"expire_time,omitempty"`

	ExpireEventTime *timestamppb.Timestamp `protobuf:"bytes,10,opt,name=expire_event_time,json=expireEventTime,proto3" json:"expire_event_time,omitempty"`

	State ImportJob_ImportJobState `protobuf:"varint,6,opt,name=state,proto3,enum=google.cloud.kms.v1.ImportJob_ImportJobState" json:"state,omitempty"`

	PublicKey *ImportJob_WrappingPublicKey `protobuf:"bytes,7,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`

	Attestation *KeyOperationAttestation `protobuf:"bytes,8,opt,name=attestation,proto3" json:"attestation,omitempty"`

}

An [ImportJob][google.cloud.kms.v1.ImportJob] can be used to create [CryptoKeys][google.cloud.kms.v1.CryptoKey] and [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] using pre-existing key material, generated outside of Cloud KMS.

When an [ImportJob][google.cloud.kms.v1.ImportJob] is created, Cloud KMS will generate a "wrapping key", which is a public/private key pair. You use the wrapping key to encrypt (also known as wrap) the pre-existing key material to protect it during the import process. The nature of the wrapping key depends on the choice of [import_method][google.cloud.kms.v1.ImportJob.import_method]. When the wrapping key generation is complete, the [state][google.cloud.kms.v1.ImportJob.state] will be set to [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] and the [public_key][google.cloud.kms.v1.ImportJob.public_key] can be fetched. The fetched public key can then be used to wrap your pre-existing key material.

Once the key material is wrapped, it can be imported into a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] by calling [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. Multiple [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] can be imported with a single [ImportJob][google.cloud.kms.v1.ImportJob]. Cloud KMS uses the private key portion of the wrapping key to unwrap the key material. Only Cloud KMS has access to the private key.

An [ImportJob][google.cloud.kms.v1.ImportJob] expires 3 days after it is created. Once expired, Cloud KMS will no longer be able to import or unwrap any key material that was wrapped with the [ImportJob][google.cloud.kms.v1.ImportJob]'s public key.

For more information, see Importing a key.

func (*ImportJob) Descriptor

func (*ImportJob) Descriptor() ([]byte, []int)

Deprecated: Use ImportJob.ProtoReflect.Descriptor instead.

func (*ImportJob) GetAttestation

func (x *ImportJob) GetAttestation() *KeyOperationAttestation

func (*ImportJob) GetCreateTime

func (x *ImportJob) GetCreateTime() *timestamppb.Timestamp

func (*ImportJob) GetExpireEventTime

func (x *ImportJob) GetExpireEventTime() *timestamppb.Timestamp

func (*ImportJob) GetExpireTime

func (x *ImportJob) GetExpireTime() *timestamppb.Timestamp

func (*ImportJob) GetGenerateTime

func (x *ImportJob) GetGenerateTime() *timestamppb.Timestamp

func (*ImportJob) GetImportMethod

func (x *ImportJob) GetImportMethod() ImportJob_ImportMethod

func (*ImportJob) GetName

func (x *ImportJob) GetName() string

func (*ImportJob) GetProtectionLevel

func (x *ImportJob) GetProtectionLevel() ProtectionLevel

func (*ImportJob) GetPublicKey

func (x *ImportJob) GetPublicKey() *ImportJob_WrappingPublicKey

func (*ImportJob) GetState

func (x *ImportJob) GetState() ImportJob_ImportJobState

func (*ImportJob) ProtoMessage

func (*ImportJob) ProtoMessage()

func (*ImportJob) ProtoReflect

func (x *ImportJob) ProtoReflect() protoreflect.Message

func (*ImportJob) Reset

func (x *ImportJob) Reset()

func (*ImportJob) String

func (x *ImportJob) String() string

ImportJob_ImportJobState

type ImportJob_ImportJobState int32

The state of the [ImportJob][google.cloud.kms.v1.ImportJob], indicating if it can be used.

ImportJob_IMPORT_JOB_STATE_UNSPECIFIED, ImportJob_PENDING_GENERATION, ImportJob_ACTIVE, ImportJob_EXPIRED

const (
	// Not specified.
	ImportJob_IMPORT_JOB_STATE_UNSPECIFIED ImportJob_ImportJobState = 0
	// The wrapping key for this job is still being generated. It may not be
	// used. Cloud KMS will automatically mark this job as
	// [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] as soon as
	// the wrapping key is generated.
	ImportJob_PENDING_GENERATION ImportJob_ImportJobState = 1
	// This job may be used in
	// [CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey]
	// and
	// [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]
	// requests.
	ImportJob_ACTIVE ImportJob_ImportJobState = 2
	// This job can no longer be used and may not leave this state once entered.
	ImportJob_EXPIRED ImportJob_ImportJobState = 3
)

func (ImportJob_ImportJobState) Descriptor

func (ImportJob_ImportJobState) Enum

func (ImportJob_ImportJobState) EnumDescriptor

func (ImportJob_ImportJobState) EnumDescriptor() ([]byte, []int)

Deprecated: Use ImportJob_ImportJobState.Descriptor instead.

func (ImportJob_ImportJobState) Number

func (ImportJob_ImportJobState) String

func (x ImportJob_ImportJobState) String() string

func (ImportJob_ImportJobState) Type

ImportJob_ImportMethod

type ImportJob_ImportMethod int32

[ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod] describes the key wrapping method chosen for this [ImportJob][google.cloud.kms.v1.ImportJob].

ImportJob_IMPORT_METHOD_UNSPECIFIED, ImportJob_RSA_OAEP_3072_SHA1_AES_256, ImportJob_RSA_OAEP_4096_SHA1_AES_256

const (
	// Not specified.
	ImportJob_IMPORT_METHOD_UNSPECIFIED ImportJob_ImportMethod = 0
	// This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
	// scheme defined in the PKCS #11 standard. In summary, this involves
	// wrapping the raw key with an ephemeral AES key, and wrapping the
	// ephemeral AES key with a 3072 bit RSA key. For more details, see
	// [RSA AES key wrap
	// mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
	ImportJob_RSA_OAEP_3072_SHA1_AES_256 ImportJob_ImportMethod = 1
	// This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
	// scheme defined in the PKCS #11 standard. In summary, this involves
	// wrapping the raw key with an ephemeral AES key, and wrapping the
	// ephemeral AES key with a 4096 bit RSA key. For more details, see
	// [RSA AES key wrap
	// mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
	ImportJob_RSA_OAEP_4096_SHA1_AES_256 ImportJob_ImportMethod = 2
)

func (ImportJob_ImportMethod) Descriptor

func (ImportJob_ImportMethod) Enum

func (ImportJob_ImportMethod) EnumDescriptor

func (ImportJob_ImportMethod) EnumDescriptor() ([]byte, []int)

Deprecated: Use ImportJob_ImportMethod.Descriptor instead.

func (ImportJob_ImportMethod) Number

func (ImportJob_ImportMethod) String

func (x ImportJob_ImportMethod) String() string

func (ImportJob_ImportMethod) Type

ImportJob_WrappingPublicKey

type ImportJob_WrappingPublicKey struct {

	// The public key, encoded in PEM format. For more information, see the [RFC
	// 7468](https://tools.ietf.org/html/rfc7468) sections for [General
	// Considerations](https://tools.ietf.org/html/rfc7468#section-2) and
	// [Textual Encoding of Subject Public Key Info]
	// (https://tools.ietf.org/html/rfc7468#section-13).
	Pem string `protobuf:"bytes,1,opt,name=pem,proto3" json:"pem,omitempty"`
	// contains filtered or unexported fields
}

The public key component of the wrapping key. For details of the type of key this public key corresponds to, see the [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod].

func (*ImportJob_WrappingPublicKey) Descriptor

func (*ImportJob_WrappingPublicKey) Descriptor() ([]byte, []int)

Deprecated: Use ImportJob_WrappingPublicKey.ProtoReflect.Descriptor instead.

func (*ImportJob_WrappingPublicKey) GetPem

func (x *ImportJob_WrappingPublicKey) GetPem() string

func (*ImportJob_WrappingPublicKey) ProtoMessage

func (*ImportJob_WrappingPublicKey) ProtoMessage()

func (*ImportJob_WrappingPublicKey) ProtoReflect

func (*ImportJob_WrappingPublicKey) Reset

func (x *ImportJob_WrappingPublicKey) Reset()

func (*ImportJob_WrappingPublicKey) String

func (x *ImportJob_WrappingPublicKey) String() string

KeyManagementServiceClient

type KeyManagementServiceClient interface {
	// Lists [KeyRings][google.cloud.kms.v1.KeyRing].
	ListKeyRings(ctx context.Context, in *ListKeyRingsRequest, opts ...grpc.CallOption) (*ListKeyRingsResponse, error)
	// Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey].
	ListCryptoKeys(ctx context.Context, in *ListCryptoKeysRequest, opts ...grpc.CallOption) (*ListCryptoKeysResponse, error)
	// Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
	ListCryptoKeyVersions(ctx context.Context, in *ListCryptoKeyVersionsRequest, opts ...grpc.CallOption) (*ListCryptoKeyVersionsResponse, error)
	// Lists [ImportJobs][google.cloud.kms.v1.ImportJob].
	ListImportJobs(ctx context.Context, in *ListImportJobsRequest, opts ...grpc.CallOption) (*ListImportJobsResponse, error)
	// Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
	GetKeyRing(ctx context.Context, in *GetKeyRingRequest, opts ...grpc.CallOption) (*KeyRing, error)
	// Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as
	// well as its [primary][google.cloud.kms.v1.CryptoKey.primary]
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	GetCryptoKey(ctx context.Context, in *GetCryptoKeyRequest, opts ...grpc.CallOption) (*CryptoKey, error)
	// Returns metadata for a given
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	GetCryptoKeyVersion(ctx context.Context, in *GetCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error)
	// Returns the public key for the given
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
	// [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]
	// or
	// [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
	GetPublicKey(ctx context.Context, in *GetPublicKeyRequest, opts ...grpc.CallOption) (*PublicKey, error)
	// Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].
	GetImportJob(ctx context.Context, in *GetImportJobRequest, opts ...grpc.CallOption) (*ImportJob, error)
	// Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and
	// Location.
	CreateKeyRing(ctx context.Context, in *CreateKeyRingRequest, opts ...grpc.CallOption) (*KeyRing, error)
	// Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a
	// [KeyRing][google.cloud.kms.v1.KeyRing].
	//
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
	// [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
	// are required.
	CreateCryptoKey(ctx context.Context, in *CreateCryptoKeyRequest, opts ...grpc.CallOption) (*CryptoKey, error)
	// Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a
	// [CryptoKey][google.cloud.kms.v1.CryptoKey].
	//
	// The server will assign the next sequential id. If unset,
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
	CreateCryptoKeyVersion(ctx context.Context, in *CreateCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error)
	// Import wrapped key material into a
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	//
	// All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If
	// a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is additionally
	// specified in the request, key material will be reimported into that
	// version. Otherwise, a new version will be created, and will be assigned the
	// next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
	ImportCryptoKeyVersion(ctx context.Context, in *ImportCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error)
	// Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a
	// [KeyRing][google.cloud.kms.v1.KeyRing].
	//
	// [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is
	// required.
	CreateImportJob(ctx context.Context, in *CreateImportJobRequest, opts ...grpc.CallOption) (*ImportJob, error)
	// Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
	UpdateCryptoKey(ctx context.Context, in *UpdateCryptoKeyRequest, opts ...grpc.CallOption) (*CryptoKey, error)
	// Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
	// metadata.
	//
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
	// and
	// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]
	// using this method. See
	// [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]
	// and
	// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
	// to move between other states.
	UpdateCryptoKeyVersion(ctx context.Context, in *UpdateCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error)
	// Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that
	// will be used in
	// [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
	//
	// Returns an error if called on a key whose purpose is not
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
	UpdateCryptoKeyPrimaryVersion(ctx context.Context, in *UpdateCryptoKeyPrimaryVersionRequest, opts ...grpc.CallOption) (*CryptoKey, error)
	// Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for
	// destruction.
	//
	// Upon calling this method,
	// [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will
	// be set to
	// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
	// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
	// be set to the time
	// [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]
	// in the future. At that time, the
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will automatically
	// change to
	// [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
	// and the key material will be irrevocably destroyed.
	//
	// Before the
	// [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is
	// reached,
	// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
	// may be called to reverse the process.
	DestroyCryptoKeyVersion(ctx context.Context, in *DestroyCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error)
	// Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
	// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
	// state.
	//
	// Upon restoration of the CryptoKeyVersion,
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
	// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
	// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
	// be cleared.
	RestoreCryptoKeyVersion(ctx context.Context, in *RestoreCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error)
	// Encrypts data, so that it can only be recovered by a call to
	// [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
	Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error)
	// Decrypts data that was protected by
	// [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
	Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error)
	// Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
	// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// ASYMMETRIC_SIGN, producing a signature that can be verified with the public
	// key retrieved from
	// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
	AsymmetricSign(ctx context.Context, in *AsymmetricSignRequest, opts ...grpc.CallOption) (*AsymmetricSignResponse, error)
	// Decrypts data that was encrypted with a public key retrieved from
	// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
	// corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
	// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// ASYMMETRIC_DECRYPT.
	AsymmetricDecrypt(ctx context.Context, in *AsymmetricDecryptRequest, opts ...grpc.CallOption) (*AsymmetricDecryptResponse, error)
	// Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
	// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC,
	// producing a tag that can be verified by another source with the same key.
	MacSign(ctx context.Context, in *MacSignRequest, opts ...grpc.CallOption) (*MacSignResponse, error)
	// Verifies MAC tag using a
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC, and returns
	// a response that indicates whether or not the verification was successful.
	MacVerify(ctx context.Context, in *MacVerifyRequest, opts ...grpc.CallOption) (*MacVerifyResponse, error)
	// Generate random bytes using the Cloud KMS randomness source in the provided
	// location.
	GenerateRandomBytes(ctx context.Context, in *GenerateRandomBytesRequest, opts ...grpc.CallOption) (*GenerateRandomBytesResponse, error)
}

KeyManagementServiceClient is the client API for KeyManagementService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewKeyManagementServiceClient

func NewKeyManagementServiceClient(cc grpc.ClientConnInterface) KeyManagementServiceClient

KeyManagementServiceServer

type KeyManagementServiceServer interface {
	// Lists [KeyRings][google.cloud.kms.v1.KeyRing].
	ListKeyRings(context.Context, *ListKeyRingsRequest) (*ListKeyRingsResponse, error)
	// Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey].
	ListCryptoKeys(context.Context, *ListCryptoKeysRequest) (*ListCryptoKeysResponse, error)
	// Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
	ListCryptoKeyVersions(context.Context, *ListCryptoKeyVersionsRequest) (*ListCryptoKeyVersionsResponse, error)
	// Lists [ImportJobs][google.cloud.kms.v1.ImportJob].
	ListImportJobs(context.Context, *ListImportJobsRequest) (*ListImportJobsResponse, error)
	// Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
	GetKeyRing(context.Context, *GetKeyRingRequest) (*KeyRing, error)
	// Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as
	// well as its [primary][google.cloud.kms.v1.CryptoKey.primary]
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	GetCryptoKey(context.Context, *GetCryptoKeyRequest) (*CryptoKey, error)
	// Returns metadata for a given
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	GetCryptoKeyVersion(context.Context, *GetCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
	// Returns the public key for the given
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
	// [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]
	// or
	// [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
	GetPublicKey(context.Context, *GetPublicKeyRequest) (*PublicKey, error)
	// Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].
	GetImportJob(context.Context, *GetImportJobRequest) (*ImportJob, error)
	// Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and
	// Location.
	CreateKeyRing(context.Context, *CreateKeyRingRequest) (*KeyRing, error)
	// Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a
	// [KeyRing][google.cloud.kms.v1.KeyRing].
	//
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
	// [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
	// are required.
	CreateCryptoKey(context.Context, *CreateCryptoKeyRequest) (*CryptoKey, error)
	// Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a
	// [CryptoKey][google.cloud.kms.v1.CryptoKey].
	//
	// The server will assign the next sequential id. If unset,
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
	CreateCryptoKeyVersion(context.Context, *CreateCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
	// Import wrapped key material into a
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	//
	// All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If
	// a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is additionally
	// specified in the request, key material will be reimported into that
	// version. Otherwise, a new version will be created, and will be assigned the
	// next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
	ImportCryptoKeyVersion(context.Context, *ImportCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
	// Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a
	// [KeyRing][google.cloud.kms.v1.KeyRing].
	//
	// [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is
	// required.
	CreateImportJob(context.Context, *CreateImportJobRequest) (*ImportJob, error)
	// Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
	UpdateCryptoKey(context.Context, *UpdateCryptoKeyRequest) (*CryptoKey, error)
	// Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
	// metadata.
	//
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
	// and
	// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]
	// using this method. See
	// [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]
	// and
	// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
	// to move between other states.
	UpdateCryptoKeyVersion(context.Context, *UpdateCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
	// Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that
	// will be used in
	// [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
	//
	// Returns an error if called on a key whose purpose is not
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
	UpdateCryptoKeyPrimaryVersion(context.Context, *UpdateCryptoKeyPrimaryVersionRequest) (*CryptoKey, error)
	// Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for
	// destruction.
	//
	// Upon calling this method,
	// [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will
	// be set to
	// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
	// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
	// be set to the time
	// [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]
	// in the future. At that time, the
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will automatically
	// change to
	// [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
	// and the key material will be irrevocably destroyed.
	//
	// Before the
	// [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is
	// reached,
	// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
	// may be called to reverse the process.
	DestroyCryptoKeyVersion(context.Context, *DestroyCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
	// Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
	// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
	// state.
	//
	// Upon restoration of the CryptoKeyVersion,
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
	// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
	// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
	// be cleared.
	RestoreCryptoKeyVersion(context.Context, *RestoreCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
	// Encrypts data, so that it can only be recovered by a call to
	// [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
	Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error)
	// Decrypts data that was protected by
	// [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
	Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error)
	// Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
	// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// ASYMMETRIC_SIGN, producing a signature that can be verified with the public
	// key retrieved from
	// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
	AsymmetricSign(context.Context, *AsymmetricSignRequest) (*AsymmetricSignResponse, error)
	// Decrypts data that was encrypted with a public key retrieved from
	// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
	// corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
	// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// ASYMMETRIC_DECRYPT.
	AsymmetricDecrypt(context.Context, *AsymmetricDecryptRequest) (*AsymmetricDecryptResponse, error)
	// Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
	// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC,
	// producing a tag that can be verified by another source with the same key.
	MacSign(context.Context, *MacSignRequest) (*MacSignResponse, error)
	// Verifies MAC tag using a
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC, and returns
	// a response that indicates whether or not the verification was successful.
	MacVerify(context.Context, *MacVerifyRequest) (*MacVerifyResponse, error)
	// Generate random bytes using the Cloud KMS randomness source in the provided
	// location.
	GenerateRandomBytes(context.Context, *GenerateRandomBytesRequest) (*GenerateRandomBytesResponse, error)
}

KeyManagementServiceServer is the server API for KeyManagementService service.

KeyOperationAttestation

type KeyOperationAttestation struct {
	Format KeyOperationAttestation_AttestationFormat "" /* 133 byte string literal not displayed */

	Content []byte `protobuf:"bytes,5,opt,name=content,proto3" json:"content,omitempty"`

	CertChains *KeyOperationAttestation_CertificateChains `protobuf:"bytes,6,opt,name=cert_chains,json=certChains,proto3" json:"cert_chains,omitempty"`

}

Contains an HSM-generated attestation about a key operation. For more information, see Verifying attestations.

func (*KeyOperationAttestation) Descriptor

func (*KeyOperationAttestation) Descriptor() ([]byte, []int)

Deprecated: Use KeyOperationAttestation.ProtoReflect.Descriptor instead.

func (*KeyOperationAttestation) GetCertChains

func (*KeyOperationAttestation) GetContent

func (x *KeyOperationAttestation) GetContent() []byte

func (*KeyOperationAttestation) GetFormat

func (*KeyOperationAttestation) ProtoMessage

func (*KeyOperationAttestation) ProtoMessage()

func (*KeyOperationAttestation) ProtoReflect

func (x *KeyOperationAttestation) ProtoReflect() protoreflect.Message

func (*KeyOperationAttestation) Reset

func (x *KeyOperationAttestation) Reset()

func (*KeyOperationAttestation) String

func (x *KeyOperationAttestation) String() string

KeyOperationAttestation_AttestationFormat

type KeyOperationAttestation_AttestationFormat int32

Attestation formats provided by the HSM.

KeyOperationAttestation_ATTESTATION_FORMAT_UNSPECIFIED, KeyOperationAttestation_CAVIUM_V1_COMPRESSED, KeyOperationAttestation_CAVIUM_V2_COMPRESSED

const (
	// Not specified.
	KeyOperationAttestation_ATTESTATION_FORMAT_UNSPECIFIED KeyOperationAttestation_AttestationFormat = 0
	// Cavium HSM attestation compressed with gzip. Note that this format is
	// defined by Cavium and subject to change at any time.
	KeyOperationAttestation_CAVIUM_V1_COMPRESSED KeyOperationAttestation_AttestationFormat = 3
	// Cavium HSM attestation V2 compressed with gzip. This is a new format
	// introduced in Cavium's version 3.2-08.
	KeyOperationAttestation_CAVIUM_V2_COMPRESSED KeyOperationAttestation_AttestationFormat = 4
)

func (KeyOperationAttestation_AttestationFormat) Descriptor

func (KeyOperationAttestation_AttestationFormat) Enum

func (KeyOperationAttestation_AttestationFormat) EnumDescriptor

func (KeyOperationAttestation_AttestationFormat) EnumDescriptor() ([]byte, []int)

Deprecated: Use KeyOperationAttestation_AttestationFormat.Descriptor instead.

func (KeyOperationAttestation_AttestationFormat) Number

func (KeyOperationAttestation_AttestationFormat) String

func (KeyOperationAttestation_AttestationFormat) Type

KeyOperationAttestation_CertificateChains

type KeyOperationAttestation_CertificateChains struct {

	// Cavium certificate chain corresponding to the attestation.
	CaviumCerts []string `protobuf:"bytes,1,rep,name=cavium_certs,json=caviumCerts,proto3" json:"cavium_certs,omitempty"`
	// Google card certificate chain corresponding to the attestation.
	GoogleCardCerts []string `protobuf:"bytes,2,rep,name=google_card_certs,json=googleCardCerts,proto3" json:"google_card_certs,omitempty"`
	// Google partition certificate chain corresponding to the attestation.
	GooglePartitionCerts []string `protobuf:"bytes,3,rep,name=google_partition_certs,json=googlePartitionCerts,proto3" json:"google_partition_certs,omitempty"`
	// contains filtered or unexported fields
}

Certificate chains needed to verify the attestation. Certificates in chains are PEM-encoded and are ordered based on https://tools.ietf.org/html/rfc5246#section-7.4.2.

func (*KeyOperationAttestation_CertificateChains) Descriptor

func (*KeyOperationAttestation_CertificateChains) Descriptor() ([]byte, []int)

Deprecated: Use KeyOperationAttestation_CertificateChains.ProtoReflect.Descriptor instead.

func (*KeyOperationAttestation_CertificateChains) GetCaviumCerts

func (x *KeyOperationAttestation_CertificateChains) GetCaviumCerts() []string

func (*KeyOperationAttestation_CertificateChains) GetGoogleCardCerts

func (x *KeyOperationAttestation_CertificateChains) GetGoogleCardCerts() []string

func (*KeyOperationAttestation_CertificateChains) GetGooglePartitionCerts

func (x *KeyOperationAttestation_CertificateChains) GetGooglePartitionCerts() []string

func (*KeyOperationAttestation_CertificateChains) ProtoMessage

func (*KeyOperationAttestation_CertificateChains) ProtoReflect

func (*KeyOperationAttestation_CertificateChains) Reset

func (*KeyOperationAttestation_CertificateChains) String

KeyRing

type KeyRing struct {

	// Output only. The resource name for the
	// [KeyRing][google.cloud.kms.v1.KeyRing] in the format
	// `projects/*/locations/*/keyRings/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Output only. The time at which this [KeyRing][google.cloud.kms.v1.KeyRing]
	// was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// contains filtered or unexported fields
}

A [KeyRing][google.cloud.kms.v1.KeyRing] is a toplevel logical grouping of [CryptoKeys][google.cloud.kms.v1.CryptoKey].

func (*KeyRing) Descriptor

func (*KeyRing) Descriptor() ([]byte, []int)

Deprecated: Use KeyRing.ProtoReflect.Descriptor instead.

func (*KeyRing) GetCreateTime

func (x *KeyRing) GetCreateTime() *timestamppb.Timestamp

func (*KeyRing) GetName

func (x *KeyRing) GetName() string

func (*KeyRing) ProtoMessage

func (*KeyRing) ProtoMessage()

func (*KeyRing) ProtoReflect

func (x *KeyRing) ProtoReflect() protoreflect.Message

func (*KeyRing) Reset

func (x *KeyRing) Reset()

func (*KeyRing) String

func (x *KeyRing) String() string

ListCryptoKeyVersionsRequest

type ListCryptoKeyVersionsRequest struct {

	// Required. The resource name of the
	// [CryptoKey][google.cloud.kms.v1.CryptoKey] to list, in the format
	// `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. Optional limit on the number of
	// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] to include in the
	// response. Further [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]
	// can subsequently be obtained by including the
	// [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token]
	// in a subsequent request. If unspecified, the server will pick an
	// appropriate default.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. Optional pagination token, returned earlier via
	// [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token].
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// The fields to include in the response.
	View CryptoKeyVersion_CryptoKeyVersionView `protobuf:"varint,4,opt,name=view,proto3,enum=google.cloud.kms.v1.CryptoKeyVersion_CryptoKeyVersionView" json:"view,omitempty"`
	// Optional. Only include resources that match the filter in the response. For
	// more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	Filter string `protobuf:"bytes,5,opt,name=filter,proto3" json:"filter,omitempty"`
	// Optional. Specify how the results should be sorted. If not specified, the
	// results will be sorted in the default order. For more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	OrderBy string `protobuf:"bytes,6,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions].

func (*ListCryptoKeyVersionsRequest) Descriptor

func (*ListCryptoKeyVersionsRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListCryptoKeyVersionsRequest.ProtoReflect.Descriptor instead.

func (*ListCryptoKeyVersionsRequest) GetFilter

func (x *ListCryptoKeyVersionsRequest) GetFilter() string

func (*ListCryptoKeyVersionsRequest) GetOrderBy

func (x *ListCryptoKeyVersionsRequest) GetOrderBy() string

func (*ListCryptoKeyVersionsRequest) GetPageSize

func (x *ListCryptoKeyVersionsRequest) GetPageSize() int32

func (*ListCryptoKeyVersionsRequest) GetPageToken

func (x *ListCryptoKeyVersionsRequest) GetPageToken() string

func (*ListCryptoKeyVersionsRequest) GetParent