- 2.56.0 (latest)
- 2.55.0
- 2.54.0
- 2.52.0
- 2.51.0
- 2.50.0
- 2.49.0
- 2.48.0
- 2.47.0
- 2.46.0
- 2.45.0
- 2.44.0
- 2.43.0
- 2.42.0
- 2.40.0
- 2.39.0
- 2.38.0
- 2.37.0
- 2.36.0
- 2.35.0
- 2.34.0
- 2.33.0
- 2.32.0
- 2.31.0
- 2.30.0
- 2.27.0
- 2.26.0
- 2.25.0
- 2.24.0
- 2.23.0
- 2.22.0
- 2.21.0
- 2.20.0
- 2.19.0
- 2.18.0
- 2.17.0
- 2.16.0
- 2.15.0
- 2.14.0
- 2.12.0
- 2.11.0
- 2.10.0
- 2.9.0
- 2.8.0
- 2.7.0
- 2.6.8
- 2.5.3
- 2.4.4
- 2.3.1
A client to Cloud Key Management Service (KMS) API
The interfaces provided are listed below, along with usage samples.
EkmServiceClient
Service Description: Google Cloud Key Management EKM Service
Manages external cryptographic keys and operations using those keys. Implements a REST model with the following objects:
- EkmConnection
Sample for EkmServiceClient:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (EkmServiceClient ekmServiceClient = EkmServiceClient.create()) {
EkmConnectionName name = EkmConnectionName.of("[PROJECT]", "[LOCATION]", "[EKM_CONNECTION]");
EkmConnection response = ekmServiceClient.getEkmConnection(name);
}
KeyManagementServiceClient
Service Description: Google Cloud Key Management Service
Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:
- KeyRing
- CryptoKey
- CryptoKeyVersion
- ImportJob
If you are using manual gRPC libraries, see Using gRPC with Cloud KMS.
Sample for KeyManagementServiceClient:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
KeyRingName name = KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]");
KeyRing response = keyManagementServiceClient.getKeyRing(name);
}
Classes
AsymmetricDecryptRequest
Request message for KeyManagementService.AsymmetricDecrypt.
Protobuf type google.cloud.kms.v1.AsymmetricDecryptRequest
AsymmetricDecryptRequest.Builder
Request message for KeyManagementService.AsymmetricDecrypt.
Protobuf type google.cloud.kms.v1.AsymmetricDecryptRequest
AsymmetricDecryptResponse
Response message for KeyManagementService.AsymmetricDecrypt.
Protobuf type google.cloud.kms.v1.AsymmetricDecryptResponse
AsymmetricDecryptResponse.Builder
Response message for KeyManagementService.AsymmetricDecrypt.
Protobuf type google.cloud.kms.v1.AsymmetricDecryptResponse
AsymmetricSignRequest
Request message for KeyManagementService.AsymmetricSign.
Protobuf type google.cloud.kms.v1.AsymmetricSignRequest
AsymmetricSignRequest.Builder
Request message for KeyManagementService.AsymmetricSign.
Protobuf type google.cloud.kms.v1.AsymmetricSignRequest
AsymmetricSignResponse
Response message for KeyManagementService.AsymmetricSign.
Protobuf type google.cloud.kms.v1.AsymmetricSignResponse
AsymmetricSignResponse.Builder
Response message for KeyManagementService.AsymmetricSign.
Protobuf type google.cloud.kms.v1.AsymmetricSignResponse
Certificate
A Certificate represents an X.509 certificate used to authenticate HTTPS connections to EKM replicas.
Protobuf type google.cloud.kms.v1.Certificate
Certificate.Builder
A Certificate represents an X.509 certificate used to authenticate HTTPS connections to EKM replicas.
Protobuf type google.cloud.kms.v1.Certificate
CreateCryptoKeyRequest
Request message for KeyManagementService.CreateCryptoKey.
Protobuf type google.cloud.kms.v1.CreateCryptoKeyRequest
CreateCryptoKeyRequest.Builder
Request message for KeyManagementService.CreateCryptoKey.
Protobuf type google.cloud.kms.v1.CreateCryptoKeyRequest
CreateCryptoKeyVersionRequest
Request message for KeyManagementService.CreateCryptoKeyVersion.
Protobuf type google.cloud.kms.v1.CreateCryptoKeyVersionRequest
CreateCryptoKeyVersionRequest.Builder
Request message for KeyManagementService.CreateCryptoKeyVersion.
Protobuf type google.cloud.kms.v1.CreateCryptoKeyVersionRequest
CreateEkmConnectionRequest
Request message for [KeyManagementService.CreateEkmConnection][].
Protobuf type google.cloud.kms.v1.CreateEkmConnectionRequest
CreateEkmConnectionRequest.Builder
Request message for [KeyManagementService.CreateEkmConnection][].
Protobuf type google.cloud.kms.v1.CreateEkmConnectionRequest
CreateImportJobRequest
Request message for KeyManagementService.CreateImportJob.
Protobuf type google.cloud.kms.v1.CreateImportJobRequest
CreateImportJobRequest.Builder
Request message for KeyManagementService.CreateImportJob.
Protobuf type google.cloud.kms.v1.CreateImportJobRequest
CreateKeyRingRequest
Request message for KeyManagementService.CreateKeyRing.
Protobuf type google.cloud.kms.v1.CreateKeyRingRequest
CreateKeyRingRequest.Builder
Request message for KeyManagementService.CreateKeyRing.
Protobuf type google.cloud.kms.v1.CreateKeyRingRequest
CryptoKey
A CryptoKey represents a logical key that can be used for cryptographic operations. A CryptoKey is made up of zero or more versions, which represent the actual key material used in cryptographic operations.
Protobuf type google.cloud.kms.v1.CryptoKey
CryptoKey.Builder
A CryptoKey represents a logical key that can be used for cryptographic operations. A CryptoKey is made up of zero or more versions, which represent the actual key material used in cryptographic operations.
Protobuf type google.cloud.kms.v1.CryptoKey
CryptoKeyName
CryptoKeyName.Builder
Builder for projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.
CryptoKeyPathName
AUTO-GENERATED DOCUMENTATION AND CLASS
CryptoKeyPathName.Builder
Builder for CryptoKeyPathName.
CryptoKeyVersion
A CryptoKeyVersion represents an individual cryptographic key, and the associated key material. An ENABLED version can be used for cryptographic operations. For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS.
Protobuf type google.cloud.kms.v1.CryptoKeyVersion
CryptoKeyVersion.Builder
A CryptoKeyVersion represents an individual cryptographic key, and the associated key material. An ENABLED version can be used for cryptographic operations. For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS.
Protobuf type google.cloud.kms.v1.CryptoKeyVersion
CryptoKeyVersionName
CryptoKeyVersionName.Builder
Builder for projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}.
CryptoKeyVersionTemplate
A CryptoKeyVersionTemplate specifies the properties to use when creating a new CryptoKeyVersion, either manually with CreateCryptoKeyVersion or automatically as a result of auto-rotation.
Protobuf type google.cloud.kms.v1.CryptoKeyVersionTemplate
CryptoKeyVersionTemplate.Builder
A CryptoKeyVersionTemplate specifies the properties to use when creating a new CryptoKeyVersion, either manually with CreateCryptoKeyVersion or automatically as a result of auto-rotation.
Protobuf type google.cloud.kms.v1.CryptoKeyVersionTemplate
DecryptRequest
Request message for KeyManagementService.Decrypt.
Protobuf type google.cloud.kms.v1.DecryptRequest
DecryptRequest.Builder
Request message for KeyManagementService.Decrypt.
Protobuf type google.cloud.kms.v1.DecryptRequest
DecryptResponse
Response message for KeyManagementService.Decrypt.
Protobuf type google.cloud.kms.v1.DecryptResponse
DecryptResponse.Builder
Response message for KeyManagementService.Decrypt.
Protobuf type google.cloud.kms.v1.DecryptResponse
DestroyCryptoKeyVersionRequest
Request message for KeyManagementService.DestroyCryptoKeyVersion.
Protobuf type google.cloud.kms.v1.DestroyCryptoKeyVersionRequest
DestroyCryptoKeyVersionRequest.Builder
Request message for KeyManagementService.DestroyCryptoKeyVersion.
Protobuf type google.cloud.kms.v1.DestroyCryptoKeyVersionRequest
Digest
A Digest holds a cryptographic message digest.
Protobuf type google.cloud.kms.v1.Digest
Digest.Builder
A Digest holds a cryptographic message digest.
Protobuf type google.cloud.kms.v1.Digest
EkmConnection
An EkmConnection represents an individual EKM connection. It can be used for creating CryptoKeys and CryptoKeyVersions with a ProtectionLevel of EXTERNAL_VPC, as well as performing cryptographic operations using keys created within the EkmConnection.
Protobuf type google.cloud.kms.v1.EkmConnection
EkmConnection.Builder
An EkmConnection represents an individual EKM connection. It can be used for creating CryptoKeys and CryptoKeyVersions with a ProtectionLevel of EXTERNAL_VPC, as well as performing cryptographic operations using keys created within the EkmConnection.
Protobuf type google.cloud.kms.v1.EkmConnection
EkmConnection.ServiceResolver
A ServiceResolver represents an EKM replica that can be reached within an EkmConnection.
Protobuf type google.cloud.kms.v1.EkmConnection.ServiceResolver
EkmConnection.ServiceResolver.Builder
A ServiceResolver represents an EKM replica that can be reached within an EkmConnection.
Protobuf type google.cloud.kms.v1.EkmConnection.ServiceResolver
EkmConnectionName
EkmConnectionName.Builder
Builder for projects/{project}/locations/{location}/ekmConnections/{ekm_connection}.
EkmServiceClient
Service Description: Google Cloud Key Management EKM Service
Manages external cryptographic keys and operations using those keys. Implements a REST model with the following objects:
- EkmConnection
This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (EkmServiceClient ekmServiceClient = EkmServiceClient.create()) {
EkmConnectionName name = EkmConnectionName.of("[PROJECT]", "[LOCATION]", "[EKM_CONNECTION]");
EkmConnection response = ekmServiceClient.getEkmConnection(name);
}
Note: close() needs to be called on the EkmServiceClient object to clean up resources such as threads. In the example above, try-with-resources is used, which automatically calls close().
The surface of this class includes several types of Java methods for each of the API's methods:
- A "flattened" method. With this type of method, the fields of the request type have been converted into function parameters. It may be the case that not all fields are available as parameters, and not every API method will have a flattened method entry point.
- A "request object" method. This type of method only takes one parameter, a request object, which must be constructed before the call. Not every API method will have a request object method.
- A "callable" method. This type of method takes no parameters and returns an immutable API callable object, which can be used to initiate calls to the service.
See the individual methods for example code.
Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parse method to extract the individual identifiers contained within names that are returned.
This class can be customized by passing in a custom instance of EkmServiceSettings to create(). For example:
To customize credentials:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
EkmServiceSettings ekmServiceSettings =
EkmServiceSettings.newBuilder()
.setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
.build();
EkmServiceClient ekmServiceClient = EkmServiceClient.create(ekmServiceSettings);
To customize the endpoint:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
EkmServiceSettings ekmServiceSettings =
EkmServiceSettings.newBuilder().setEndpoint(myEndpoint).build();
EkmServiceClient ekmServiceClient = EkmServiceClient.create(ekmServiceSettings);
To use REST (HTTP1.1/JSON) transport (instead of gRPC) for sending and receiving requests over the wire:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
EkmServiceSettings ekmServiceSettings =
EkmServiceSettings.newBuilder()
.setTransportChannelProvider(
EkmServiceSettings.defaultHttpJsonTransportProviderBuilder().build())
.build();
EkmServiceClient ekmServiceClient = EkmServiceClient.create(ekmServiceSettings);
Please refer to the GitHub repository's samples for more quickstart code snippets.
EkmServiceClient.ListEkmConnectionsFixedSizeCollection
EkmServiceClient.ListEkmConnectionsPage
EkmServiceClient.ListEkmConnectionsPagedResponse
EkmServiceClient.ListLocationsFixedSizeCollection
EkmServiceClient.ListLocationsPage
EkmServiceClient.ListLocationsPagedResponse
EkmServiceGrpc
Google Cloud Key Management EKM Service Manages external cryptographic keys and operations using those keys. Implements a REST model with the following objects:
- EkmConnection
EkmServiceGrpc.EkmServiceBlockingStub
Google Cloud Key Management EKM Service Manages external cryptographic keys and operations using those keys. Implements a REST model with the following objects:
- EkmConnection
EkmServiceGrpc.EkmServiceFutureStub
Google Cloud Key Management EKM Service Manages external cryptographic keys and operations using those keys. Implements a REST model with the following objects:
- EkmConnection
EkmServiceGrpc.EkmServiceImplBase
Google Cloud Key Management EKM Service Manages external cryptographic keys and operations using those keys. Implements a REST model with the following objects:
- EkmConnection
EkmServiceGrpc.EkmServiceStub
Google Cloud Key Management EKM Service Manages external cryptographic keys and operations using those keys. Implements a REST model with the following objects:
- EkmConnection
EkmServiceProto
EkmServiceSettings
Settings class to configure an instance of EkmServiceClient.
The default instance has everything set to sensible defaults:
- The default service address (cloudkms.googleapis.com) and default port (443) are used.
- Credentials are acquired automatically through Application Default Credentials.
- Retries are configured for idempotent methods but not for non-idempotent methods.
The builder of this class is recursive, so contained classes are themselves builders. When build() is called, the tree of builders is called to create the complete settings object.
For example, to set the total timeout of getEkmConnection to 30 seconds:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
EkmServiceSettings.Builder ekmServiceSettingsBuilder = EkmServiceSettings.newBuilder();
ekmServiceSettingsBuilder
.getEkmConnectionSettings()
.setRetrySettings(
ekmServiceSettingsBuilder.getEkmConnectionSettings().getRetrySettings().toBuilder()
.setTotalTimeout(Duration.ofSeconds(30))
.build());
EkmServiceSettings ekmServiceSettings = ekmServiceSettingsBuilder.build();
EkmServiceSettings.Builder
Builder for EkmServiceSettings.
EncryptRequest
Request message for KeyManagementService.Encrypt.
Protobuf type google.cloud.kms.v1.EncryptRequest
EncryptRequest.Builder
Request message for KeyManagementService.Encrypt.
Protobuf type google.cloud.kms.v1.EncryptRequest
EncryptResponse
Response message for KeyManagementService.Encrypt.
Protobuf type google.cloud.kms.v1.EncryptResponse
EncryptResponse.Builder
Response message for KeyManagementService.Encrypt.
Protobuf type google.cloud.kms.v1.EncryptResponse
ExternalProtectionLevelOptions
ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
Protobuf type google.cloud.kms.v1.ExternalProtectionLevelOptions
ExternalProtectionLevelOptions.Builder
ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
Protobuf type google.cloud.kms.v1.ExternalProtectionLevelOptions
GenerateRandomBytesRequest
Request message for KeyManagementService.GenerateRandomBytes.
Protobuf type google.cloud.kms.v1.GenerateRandomBytesRequest
GenerateRandomBytesRequest.Builder
Request message for KeyManagementService.GenerateRandomBytes.
Protobuf type google.cloud.kms.v1.GenerateRandomBytesRequest
GenerateRandomBytesResponse
Response message for KeyManagementService.GenerateRandomBytes.
Protobuf type google.cloud.kms.v1.GenerateRandomBytesResponse
GenerateRandomBytesResponse.Builder
Response message for KeyManagementService.GenerateRandomBytes.
Protobuf type google.cloud.kms.v1.GenerateRandomBytesResponse
GetCryptoKeyRequest
Request message for KeyManagementService.GetCryptoKey.
Protobuf type google.cloud.kms.v1.GetCryptoKeyRequest
GetCryptoKeyRequest.Builder
Request message for KeyManagementService.GetCryptoKey.
Protobuf type google.cloud.kms.v1.GetCryptoKeyRequest
GetCryptoKeyVersionRequest
Request message for KeyManagementService.GetCryptoKeyVersion.
Protobuf type google.cloud.kms.v1.GetCryptoKeyVersionRequest
GetCryptoKeyVersionRequest.Builder
Request message for KeyManagementService.GetCryptoKeyVersion.
Protobuf type google.cloud.kms.v1.GetCryptoKeyVersionRequest
GetEkmConnectionRequest
Request message for [KeyManagementService.GetEkmConnection][].
Protobuf type google.cloud.kms.v1.GetEkmConnectionRequest
GetEkmConnectionRequest.Builder
Request message for [KeyManagementService.GetEkmConnection][].
Protobuf type google.cloud.kms.v1.GetEkmConnectionRequest
GetImportJobRequest
Request message for KeyManagementService.GetImportJob.
Protobuf type google.cloud.kms.v1.GetImportJobRequest
GetImportJobRequest.Builder
Request message for KeyManagementService.GetImportJob.
Protobuf type google.cloud.kms.v1.GetImportJobRequest
GetKeyRingRequest
Request message for KeyManagementService.GetKeyRing.
Protobuf type google.cloud.kms.v1.GetKeyRingRequest
GetKeyRingRequest.Builder
Request message for KeyManagementService.GetKeyRing.
Protobuf type google.cloud.kms.v1.GetKeyRingRequest
GetPublicKeyRequest
Request message for KeyManagementService.GetPublicKey.
Protobuf type google.cloud.kms.v1.GetPublicKeyRequest
GetPublicKeyRequest.Builder
Request message for KeyManagementService.GetPublicKey.
Protobuf type google.cloud.kms.v1.GetPublicKeyRequest
ImportCryptoKeyVersionRequest
Request message for KeyManagementService.ImportCryptoKeyVersion.
Protobuf type google.cloud.kms.v1.ImportCryptoKeyVersionRequest
ImportCryptoKeyVersionRequest.Builder
Request message for KeyManagementService.ImportCryptoKeyVersion.
Protobuf type google.cloud.kms.v1.ImportCryptoKeyVersionRequest
ImportJob
An ImportJob can be used to create CryptoKeys and CryptoKeyVersions using pre-existing key material, generated outside of Cloud KMS. When an ImportJob is created, Cloud KMS will generate a "wrapping key", which is a public/private key pair. You use the wrapping key to encrypt (also known as wrap) the pre-existing key material to protect it during the import process. The nature of the wrapping key depends on the choice of import_method. When the wrapping key generation is complete, the state will be set to ACTIVE and the public_key can be fetched. The fetched public key can then be used to wrap your pre-existing key material. Once the key material is wrapped, it can be imported into a new CryptoKeyVersion in an existing CryptoKey by calling ImportCryptoKeyVersion. Multiple CryptoKeyVersions can be imported with a single ImportJob. Cloud KMS uses the private key portion of the wrapping key to unwrap the key material. Only Cloud KMS has access to the private key. An ImportJob expires 3 days after it is created. Once expired, Cloud KMS will no longer be able to import or unwrap any key material that was wrapped with the ImportJob's public key. For more information, see Importing a key.
Protobuf type google.cloud.kms.v1.ImportJob
ImportJob.Builder
An ImportJob can be used to create CryptoKeys and CryptoKeyVersions using pre-existing key material, generated outside of Cloud KMS. When an ImportJob is created, Cloud KMS will generate a "wrapping key", which is a public/private key pair. You use the wrapping key to encrypt (also known as wrap) the pre-existing key material to protect it during the import process. The nature of the wrapping key depends on the choice of import_method. When the wrapping key generation is complete, the state will be set to ACTIVE and the public_key can be fetched. The fetched public key can then be used to wrap your pre-existing key material. Once the key material is wrapped, it can be imported into a new CryptoKeyVersion in an existing CryptoKey by calling ImportCryptoKeyVersion. Multiple CryptoKeyVersions can be imported with a single ImportJob. Cloud KMS uses the private key portion of the wrapping key to unwrap the key material. Only Cloud KMS has access to the private key. An ImportJob expires 3 days after it is created. Once expired, Cloud KMS will no longer be able to import or unwrap any key material that was wrapped with the ImportJob's public key. For more information, see Importing a key.
Protobuf type google.cloud.kms.v1.ImportJob
ImportJob.WrappingPublicKey
The public key component of the wrapping key. For details of the type of key this public key corresponds to, see the ImportMethod.
Protobuf type google.cloud.kms.v1.ImportJob.WrappingPublicKey
ImportJob.WrappingPublicKey.Builder
The public key component of the wrapping key. For details of the type of key this public key corresponds to, see the ImportMethod.
Protobuf type google.cloud.kms.v1.ImportJob.WrappingPublicKey
ImportJobName
ImportJobName.Builder
Builder for projects/{project}/locations/{location}/keyRings/{key_ring}/importJobs/{import_job}.
KeyManagementServiceClient
Service Description: Google Cloud Key Management Service
Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:
- KeyRing
- CryptoKey
- CryptoKeyVersion
- ImportJob
If you are using manual gRPC libraries, see Using gRPC with Cloud KMS.
This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
KeyRingName name = KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]");
KeyRing response = keyManagementServiceClient.getKeyRing(name);
}
Note: close() needs to be called on the KeyManagementServiceClient object to clean up resources such as threads. In the example above, try-with-resources is used, which automatically calls close().
The surface of this class includes several types of Java methods for each of the API's methods:
- A "flattened" method. With this type of method, the fields of the request type have been converted into function parameters. It may be the case that not all fields are available as parameters, and not every API method will have a flattened method entry point.
- A "request object" method. This type of method only takes one parameter, a request object, which must be constructed before the call. Not every API method will have a request object method.
- A "callable" method. This type of method takes no parameters and returns an immutable API callable object, which can be used to initiate calls to the service.
See the individual methods for example code.
Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parse method to extract the individual identifiers contained within names that are returned.
This class can be customized by passing in a custom instance of KeyManagementServiceSettings to create(). For example:
To customize credentials:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
KeyManagementServiceSettings keyManagementServiceSettings =
KeyManagementServiceSettings.newBuilder()
.setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
.build();
KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create(keyManagementServiceSettings);
To customize the endpoint:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
KeyManagementServiceSettings keyManagementServiceSettings =
KeyManagementServiceSettings.newBuilder().setEndpoint(myEndpoint).build();
KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create(keyManagementServiceSettings);
To use REST (HTTP1.1/JSON) transport (instead of gRPC) for sending and receiving requests over the wire:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
KeyManagementServiceSettings keyManagementServiceSettings =
KeyManagementServiceSettings.newBuilder()
.setTransportChannelProvider(
KeyManagementServiceSettings.defaultHttpJsonTransportProviderBuilder().build())
.build();
KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create(keyManagementServiceSettings);
Please refer to the GitHub repository's samples for more quickstart code snippets.
KeyManagementServiceClient.ListCryptoKeyVersionsFixedSizeCollection
KeyManagementServiceClient.ListCryptoKeyVersionsPage
KeyManagementServiceClient.ListCryptoKeyVersionsPagedResponse
KeyManagementServiceClient.ListCryptoKeysFixedSizeCollection
KeyManagementServiceClient.ListCryptoKeysPage
KeyManagementServiceClient.ListCryptoKeysPagedResponse
KeyManagementServiceClient.ListImportJobsFixedSizeCollection
KeyManagementServiceClient.ListImportJobsPage
KeyManagementServiceClient.ListImportJobsPagedResponse
KeyManagementServiceClient.ListKeyRingsFixedSizeCollection
KeyManagementServiceClient.ListKeyRingsPage
KeyManagementServiceClient.ListKeyRingsPagedResponse
KeyManagementServiceClient.ListLocationsFixedSizeCollection
KeyManagementServiceClient.ListLocationsPage
KeyManagementServiceClient.ListLocationsPagedResponse
KeyManagementServiceGrpc
Google Cloud Key Management Service Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:
- KeyRing
- CryptoKey
- CryptoKeyVersion
- ImportJob If you are using manual gRPC libraries, see Using gRPC with Cloud KMS.
KeyManagementServiceGrpc.KeyManagementServiceBlockingStub
Google Cloud Key Management Service Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:
- KeyRing
- CryptoKey
- CryptoKeyVersion
- ImportJob If you are using manual gRPC libraries, see Using gRPC with Cloud KMS.
KeyManagementServiceGrpc.KeyManagementServiceFutureStub
Google Cloud Key Management Service Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:
- KeyRing
- CryptoKey
- CryptoKeyVersion
- ImportJob If you are using manual gRPC libraries, see Using gRPC with Cloud KMS.
KeyManagementServiceGrpc.KeyManagementServiceImplBase
Google Cloud Key Management Service Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:
- KeyRing
- CryptoKey
- CryptoKeyVersion
- ImportJob If you are using manual gRPC libraries, see Using gRPC with Cloud KMS.
KeyManagementServiceGrpc.KeyManagementServiceStub
Google Cloud Key Management Service Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:
- KeyRing
- CryptoKey
- CryptoKeyVersion
- ImportJob If you are using manual gRPC libraries, see Using gRPC with Cloud KMS.
KeyManagementServiceSettings
Settings class to configure an instance of KeyManagementServiceClient.
The default instance has everything set to sensible defaults:
- The default service address (cloudkms.googleapis.com) and default port (443) are used.
- Credentials are acquired automatically through Application Default Credentials.
- Retries are configured for idempotent methods but not for non-idempotent methods.
The builder of this class is recursive, so contained classes are themselves builders. When build() is called, the tree of builders is called to create the complete settings object.
For example, to set the total timeout of getKeyRing to 30 seconds:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
KeyManagementServiceSettings.Builder keyManagementServiceSettingsBuilder =
KeyManagementServiceSettings.newBuilder();
keyManagementServiceSettingsBuilder
.getKeyRingSettings()
.setRetrySettings(
keyManagementServiceSettingsBuilder.getKeyRingSettings().getRetrySettings().toBuilder()
.setTotalTimeout(Duration.ofSeconds(30))
.build());
KeyManagementServiceSettings keyManagementServiceSettings =
keyManagementServiceSettingsBuilder.build();
KeyManagementServiceSettings.Builder
Builder for KeyManagementServiceSettings.
KeyName
AUTO-GENERATED DOCUMENTATION AND CLASS
KeyNames (deprecated)
Deprecated. This resource name class will be removed in the next major version.
AUTO-GENERATED DOCUMENTATION AND CLASS
KeyOperationAttestation
Contains an HSM-generated attestation about a key operation. For more information, see Verifying attestations.
Protobuf type google.cloud.kms.v1.KeyOperationAttestation
KeyOperationAttestation.Builder
Contains an HSM-generated attestation about a key operation. For more information, see Verifying attestations.
Protobuf type google.cloud.kms.v1.KeyOperationAttestation
KeyOperationAttestation.CertificateChains
Certificate chains needed to verify the attestation. Certificates in chains are PEM-encoded and are ordered based on https://tools.ietf.org/html/rfc5246#section-7.4.2.
Protobuf type google.cloud.kms.v1.KeyOperationAttestation.CertificateChains
KeyOperationAttestation.CertificateChains.Builder
Certificate chains needed to verify the attestation. Certificates in chains are PEM-encoded and are ordered based on https://tools.ietf.org/html/rfc5246#section-7.4.2.
Protobuf type google.cloud.kms.v1.KeyOperationAttestation.CertificateChains
KeyRing
A KeyRing is a toplevel logical grouping of CryptoKeys.
Protobuf type google.cloud.kms.v1.KeyRing
KeyRing.Builder
A KeyRing is a toplevel logical grouping of CryptoKeys.
Protobuf type google.cloud.kms.v1.KeyRing
KeyRingName
KeyRingName.Builder
Builder for projects/{project}/locations/{location}/keyRings/{key_ring}.
KmsProto
KmsResourcesProto
ListCryptoKeyVersionsRequest
Request message for KeyManagementService.ListCryptoKeyVersions.
Protobuf type google.cloud.kms.v1.ListCryptoKeyVersionsRequest
ListCryptoKeyVersionsRequest.Builder
Request message for KeyManagementService.ListCryptoKeyVersions.
Protobuf type google.cloud.kms.v1.ListCryptoKeyVersionsRequest
ListCryptoKeyVersionsResponse
Response message for KeyManagementService.ListCryptoKeyVersions.
Protobuf type google.cloud.kms.v1.ListCryptoKeyVersionsResponse
ListCryptoKeyVersionsResponse.Builder
Response message for KeyManagementService.ListCryptoKeyVersions.
Protobuf type google.cloud.kms.v1.ListCryptoKeyVersionsResponse
ListCryptoKeysRequest
Request message for KeyManagementService.ListCryptoKeys.
Protobuf type google.cloud.kms.v1.ListCryptoKeysRequest
ListCryptoKeysRequest.Builder
Request message for KeyManagementService.ListCryptoKeys.
Protobuf type google.cloud.kms.v1.ListCryptoKeysRequest
ListCryptoKeysResponse
Response message for KeyManagementService.ListCryptoKeys.
Protobuf type google.cloud.kms.v1.ListCryptoKeysResponse
ListCryptoKeysResponse.Builder
Response message for KeyManagementService.ListCryptoKeys.
Protobuf type google.cloud.kms.v1.ListCryptoKeysResponse
ListEkmConnectionsRequest
Request message for [KeyManagementService.ListEkmConnections][].
Protobuf type google.cloud.kms.v1.ListEkmConnectionsRequest
ListEkmConnectionsRequest.Builder
Request message for [KeyManagementService.ListEkmConnections][].
Protobuf type google.cloud.kms.v1.ListEkmConnectionsRequest
ListEkmConnectionsResponse
Response message for [KeyManagementService.ListEkmConnections][].
Protobuf type google.cloud.kms.v1.ListEkmConnectionsResponse
ListEkmConnectionsResponse.Builder
Response message for [KeyManagementService.ListEkmConnections][].
Protobuf type google.cloud.kms.v1.ListEkmConnectionsResponse
ListImportJobsRequest
Request message for KeyManagementService.ListImportJobs.
Protobuf type google.cloud.kms.v1.ListImportJobsRequest
ListImportJobsRequest.Builder
Request message for KeyManagementService.ListImportJobs.
Protobuf type google.cloud.kms.v1.ListImportJobsRequest
ListImportJobsResponse
Response message for KeyManagementService.ListImportJobs.
Protobuf type google.cloud.kms.v1.ListImportJobsResponse
ListImportJobsResponse.Builder
Response message for KeyManagementService.ListImportJobs.
Protobuf type google.cloud.kms.v1.ListImportJobsResponse
ListKeyRingsRequest
Request message for KeyManagementService.ListKeyRings.
Protobuf type google.cloud.kms.v1.ListKeyRingsRequest
ListKeyRingsRequest.Builder
Request message for KeyManagementService.ListKeyRings.
Protobuf type google.cloud.kms.v1.ListKeyRingsRequest
ListKeyRingsResponse
Response message for KeyManagementService.ListKeyRings.
Protobuf type google.cloud.kms.v1.ListKeyRingsResponse
ListKeyRingsResponse.Builder
Response message for KeyManagementService.ListKeyRings.
Protobuf type google.cloud.kms.v1.ListKeyRingsResponse
LocationMetadata
Cloud KMS metadata for the given google.cloud.location.Location.
Protobuf type google.cloud.kms.v1.LocationMetadata
LocationMetadata.Builder
Cloud KMS metadata for the given google.cloud.location.Location.
Protobuf type google.cloud.kms.v1.LocationMetadata
LocationName
LocationName.Builder
Builder for projects/{project}/locations/{location}.
MacSignRequest
Request message for KeyManagementService.MacSign.
Protobuf type google.cloud.kms.v1.MacSignRequest
MacSignRequest.Builder
Request message for KeyManagementService.MacSign.
Protobuf type google.cloud.kms.v1.MacSignRequest
MacSignResponse
Response message for KeyManagementService.MacSign.
Protobuf type google.cloud.kms.v1.MacSignResponse
MacSignResponse.Builder
Response message for KeyManagementService.MacSign.
Protobuf type google.cloud.kms.v1.MacSignResponse
MacVerifyRequest
Request message for KeyManagementService.MacVerify.
Protobuf type google.cloud.kms.v1.MacVerifyRequest
MacVerifyRequest.Builder
Request message for KeyManagementService.MacVerify.
Protobuf type google.cloud.kms.v1.MacVerifyRequest
MacVerifyResponse
Response message for KeyManagementService.MacVerify.
Protobuf type google.cloud.kms.v1.MacVerifyResponse
MacVerifyResponse.Builder
Response message for KeyManagementService.MacVerify.
Protobuf type google.cloud.kms.v1.MacVerifyResponse
PublicKey
The public key for a given CryptoKeyVersion. Obtained via GetPublicKey.
Protobuf type google.cloud.kms.v1.PublicKey
PublicKey.Builder
The public key for a given CryptoKeyVersion. Obtained via GetPublicKey.
Protobuf type google.cloud.kms.v1.PublicKey
RestoreCryptoKeyVersionRequest
Request message for KeyManagementService.RestoreCryptoKeyVersion.
Protobuf type google.cloud.kms.v1.RestoreCryptoKeyVersionRequest
RestoreCryptoKeyVersionRequest.Builder
Request message for KeyManagementService.RestoreCryptoKeyVersion.
Protobuf type google.cloud.kms.v1.RestoreCryptoKeyVersionRequest
UntypedKeyName (deprecated)
Deprecated. This resource name class will be removed in the next major version.
AUTO-GENERATED DOCUMENTATION AND CLASS
UpdateCryptoKeyPrimaryVersionRequest
Request message for KeyManagementService.UpdateCryptoKeyPrimaryVersion.
Protobuf type google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest
UpdateCryptoKeyPrimaryVersionRequest.Builder
Request message for KeyManagementService.UpdateCryptoKeyPrimaryVersion.
Protobuf type google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest
UpdateCryptoKeyRequest
Request message for KeyManagementService.UpdateCryptoKey.
Protobuf type google.cloud.kms.v1.UpdateCryptoKeyRequest
UpdateCryptoKeyRequest.Builder
Request message for KeyManagementService.UpdateCryptoKey.
Protobuf type google.cloud.kms.v1.UpdateCryptoKeyRequest
UpdateCryptoKeyVersionRequest
Request message for KeyManagementService.UpdateCryptoKeyVersion.
Protobuf type google.cloud.kms.v1.UpdateCryptoKeyVersionRequest
UpdateCryptoKeyVersionRequest.Builder
Request message for KeyManagementService.UpdateCryptoKeyVersion.
Protobuf type google.cloud.kms.v1.UpdateCryptoKeyVersionRequest
UpdateEkmConnectionRequest
Request message for [KeyManagementService.UpdateEkmConnection][].
Protobuf type google.cloud.kms.v1.UpdateEkmConnectionRequest
UpdateEkmConnectionRequest.Builder
Request message for [KeyManagementService.UpdateEkmConnection][].
Protobuf type google.cloud.kms.v1.UpdateEkmConnectionRequest
Interfaces
AsymmetricDecryptRequestOrBuilder
AsymmetricDecryptResponseOrBuilder
AsymmetricSignRequestOrBuilder
AsymmetricSignResponseOrBuilder
CertificateOrBuilder
CreateCryptoKeyRequestOrBuilder
CreateCryptoKeyVersionRequestOrBuilder
CreateEkmConnectionRequestOrBuilder
CreateImportJobRequestOrBuilder
CreateKeyRingRequestOrBuilder
CryptoKeyOrBuilder
CryptoKeyVersionOrBuilder
CryptoKeyVersionTemplateOrBuilder
DecryptRequestOrBuilder
DecryptResponseOrBuilder
DestroyCryptoKeyVersionRequestOrBuilder
DigestOrBuilder
EkmConnection.ServiceResolverOrBuilder
EkmConnectionOrBuilder
EncryptRequestOrBuilder
EncryptResponseOrBuilder
ExternalProtectionLevelOptionsOrBuilder
GenerateRandomBytesRequestOrBuilder
GenerateRandomBytesResponseOrBuilder
GetCryptoKeyRequestOrBuilder
GetCryptoKeyVersionRequestOrBuilder
GetEkmConnectionRequestOrBuilder
GetImportJobRequestOrBuilder
GetKeyRingRequestOrBuilder
GetPublicKeyRequestOrBuilder
ImportCryptoKeyVersionRequestOrBuilder
ImportJob.WrappingPublicKeyOrBuilder
ImportJobOrBuilder
KeyOperationAttestation.CertificateChainsOrBuilder
KeyOperationAttestationOrBuilder
KeyRingOrBuilder
ListCryptoKeyVersionsRequestOrBuilder
ListCryptoKeyVersionsResponseOrBuilder
ListCryptoKeysRequestOrBuilder
ListCryptoKeysResponseOrBuilder
ListEkmConnectionsRequestOrBuilder
ListEkmConnectionsResponseOrBuilder
ListImportJobsRequestOrBuilder
ListImportJobsResponseOrBuilder
ListKeyRingsRequestOrBuilder
ListKeyRingsResponseOrBuilder
LocationMetadataOrBuilder
MacSignRequestOrBuilder
MacSignResponseOrBuilder
MacVerifyRequestOrBuilder
MacVerifyResponseOrBuilder
PublicKeyOrBuilder
RestoreCryptoKeyVersionRequestOrBuilder
UpdateCryptoKeyPrimaryVersionRequestOrBuilder
UpdateCryptoKeyRequestOrBuilder
UpdateCryptoKeyVersionRequestOrBuilder
UpdateEkmConnectionRequestOrBuilder
Enums
CryptoKey.CryptoKeyPurpose
CryptoKeyPurpose describes the cryptographic capabilities of a CryptoKey. A given key can only be used for the operations allowed by its purpose. For more information, see Key purposes.
Protobuf enum google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose
CryptoKey.RotationScheduleCase
CryptoKeyVersion.CryptoKeyVersionAlgorithm
The algorithm of the CryptoKeyVersion, indicating what parameters must be used for each cryptographic operation. The GOOGLE_SYMMETRIC_ENCRYPTION algorithm is usable with CryptoKey.purpose ENCRYPT_DECRYPT. Algorithms beginning with "RSA_SIGN_" are usable with CryptoKey.purpose ASYMMETRIC_SIGN. The fields in the name after "RSA_SIGN_" correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm. For PSS, the salt length used is equal to the length of digest algorithm. For example, RSA_SIGN_PSS_2048_SHA256 will use PSS with a salt length of 256 bits or 32 bytes. Algorithms beginning with "RSA_DECRYPT_" are usable with CryptoKey.purpose ASYMMETRIC_DECRYPT. The fields in the name after "RSA_DECRYPT_" correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm. Algorithms beginning with "EC_SIGN_" are usable with CryptoKey.purpose ASYMMETRIC_SIGN. The fields in the name after "EC_SIGN_" correspond to the following parameters: elliptic curve, digest algorithm. Algorithms beginning with "HMAC_" are usable with CryptoKey.purpose MAC. The suffix following "HMAC_" corresponds to the hash algorithm being used (eg. SHA256). For more information, see Key purposes and algorithms.
Protobuf enum google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm
CryptoKeyVersion.CryptoKeyVersionState
The state of a CryptoKeyVersion, indicating if it can be used.
Protobuf enum google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState
CryptoKeyVersion.CryptoKeyVersionView
A view for CryptoKeyVersions. Controls the level of detail returned for CryptoKeyVersions in KeyManagementService.ListCryptoKeyVersions and KeyManagementService.ListCryptoKeys.
Protobuf enum google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionView
Digest.DigestCase
ImportCryptoKeyVersionRequest.WrappedKeyMaterialCase
ImportJob.ImportJobState
The state of the ImportJob, indicating if it can be used.
Protobuf enum google.cloud.kms.v1.ImportJob.ImportJobState
ImportJob.ImportMethod
ImportMethod describes the key wrapping method chosen for this ImportJob.
Protobuf enum google.cloud.kms.v1.ImportJob.ImportMethod
KeyOperationAttestation.AttestationFormat
Attestation formats provided by the HSM.
Protobuf enum google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat
ProtectionLevel
ProtectionLevel specifies how cryptographic operations are performed. For more information, see Protection levels.
Protobuf enum google.cloud.kms.v1.ProtectionLevel