Enum EkmConnection.KeyManagementMode (2.23.0)

public enum EkmConnection.KeyManagementMode extends Enum<EkmConnection.KeyManagementMode> implements ProtocolMessageEnum

KeyManagementMode describes who can perform control plane cryptographic operations using this EkmConnection.

Protobuf enum google.cloud.kms.v1.EkmConnection.KeyManagementMode

Implements

ProtocolMessageEnum

Static Fields

NameDescription
CLOUD_KMS

All CryptoKeys created with this EkmConnection use EKM-side key management operations initiated from Cloud KMS. This means that:

  • When a CryptoKeyVersion associated with this EkmConnection is created, the EKM automatically generates new key material and a new key path. The caller cannot supply the key path of pre-existing external key material.
  • Destruction of external key material associated with this EkmConnection can be requested by calling DestroyCryptoKeyVersion.
  • Automatic rotation of key material is supported.

CLOUD_KMS = 2;

CLOUD_KMS_VALUE

All CryptoKeys created with this EkmConnection use EKM-side key management operations initiated from Cloud KMS. This means that:

  • When a CryptoKeyVersion associated with this EkmConnection is created, the EKM automatically generates new key material and a new key path. The caller cannot supply the key path of pre-existing external key material.
  • Destruction of external key material associated with this EkmConnection can be requested by calling DestroyCryptoKeyVersion.
  • Automatic rotation of key material is supported.

CLOUD_KMS = 2;

KEY_MANAGEMENT_MODE_UNSPECIFIED

Not specified.

KEY_MANAGEMENT_MODE_UNSPECIFIED = 0;

KEY_MANAGEMENT_MODE_UNSPECIFIED_VALUE

Not specified.

KEY_MANAGEMENT_MODE_UNSPECIFIED = 0;

MANUAL

EKM-side key management operations on CryptoKeys created with this EkmConnection must be initiated from the EKM directly and cannot be performed from Cloud KMS. This means that:

  • When creating a CryptoKeyVersion associated with this EkmConnection, the caller must supply the key path of pre-existing external key material that will be linked to the CryptoKeyVersion.
  • Destruction of external key material cannot be requested via the Cloud KMS API and must be performed directly in the EKM.
  • Automatic rotation of key material is not supported.

MANUAL = 1;

MANUAL_VALUE

EKM-side key management operations on CryptoKeys created with this EkmConnection must be initiated from the EKM directly and cannot be performed from Cloud KMS. This means that:

  • When creating a CryptoKeyVersion associated with this EkmConnection, the caller must supply the key path of pre-existing external key material that will be linked to the CryptoKeyVersion.
  • Destruction of external key material cannot be requested via the Cloud KMS API and must be performed directly in the EKM.
  • Automatic rotation of key material is not supported.

MANUAL = 1;

UNRECOGNIZED

Static Methods

NameDescription
forNumber(int value)
getDescriptor()
internalGetValueMap()
valueOf(Descriptors.EnumValueDescriptor desc)
valueOf(int value)

Deprecated. Use #forNumber(int) instead.

valueOf(String name)
values()

Methods

NameDescription
getDescriptorForType()
getNumber()
getValueDescriptor()