Interface CryptoKeyOrBuilder (2.58.0)

public interface CryptoKeyOrBuilder extends MessageOrBuilder

Implements

MessageOrBuilder

Methods

containsLabels(String key)

public abstract boolean containsLabels(String key)

Labels with user-defined metadata. For more information, see Labeling Keys.

map<string, string> labels = 10;

Parameter
Name Description
key String
Returns
Type Description
boolean

getCreateTime()

public abstract Timestamp getCreateTime()

Output only. The time at which this CryptoKey was created.

.google.protobuf.Timestamp create_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];

Returns
Type Description
Timestamp

The createTime.

getCreateTimeOrBuilder()

public abstract TimestampOrBuilder getCreateTimeOrBuilder()

Output only. The time at which this CryptoKey was created.

.google.protobuf.Timestamp create_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];

Returns
Type Description
TimestampOrBuilder

getCryptoKeyBackend()

public abstract String getCryptoKeyBackend()

Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.

string crypto_key_backend = 15 [(.google.api.field_behavior) = IMMUTABLE, (.google.api.resource_reference) = { ... }

Returns
Type Description
String

The cryptoKeyBackend.

getCryptoKeyBackendBytes()

public abstract ByteString getCryptoKeyBackendBytes()

Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.

string crypto_key_backend = 15 [(.google.api.field_behavior) = IMMUTABLE, (.google.api.resource_reference) = { ... }

Returns
Type Description
ByteString

The bytes for cryptoKeyBackend.

getDestroyScheduledDuration()

public abstract Duration getDestroyScheduledDuration()

Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 30 days.

.google.protobuf.Duration destroy_scheduled_duration = 14 [(.google.api.field_behavior) = IMMUTABLE];

Returns
Type Description
Duration

The destroyScheduledDuration.

getDestroyScheduledDurationOrBuilder()

public abstract DurationOrBuilder getDestroyScheduledDurationOrBuilder()

Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 30 days.

.google.protobuf.Duration destroy_scheduled_duration = 14 [(.google.api.field_behavior) = IMMUTABLE];

Returns
Type Description
DurationOrBuilder

getImportOnly()

public abstract boolean getImportOnly()

Immutable. Whether this key may contain imported versions only.

bool import_only = 13 [(.google.api.field_behavior) = IMMUTABLE];

Returns
Type Description
boolean

The importOnly.

getKeyAccessJustificationsPolicy()

public abstract KeyAccessJustificationsPolicy getKeyAccessJustificationsPolicy()

Optional. The policy used for Key Access Justifications Policy Enforcement. If this field is present and this key is enrolled in Key Access Justifications Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if rejected by the policy. The policy is defined by specifying zero or more allowed justification codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes By default, this field is absent, and all justification codes are allowed.

.google.cloud.kms.v1.KeyAccessJustificationsPolicy key_access_justifications_policy = 17 [(.google.api.field_behavior) = OPTIONAL];

Returns
Type Description
KeyAccessJustificationsPolicy

The keyAccessJustificationsPolicy.

getKeyAccessJustificationsPolicyOrBuilder()

public abstract KeyAccessJustificationsPolicyOrBuilder getKeyAccessJustificationsPolicyOrBuilder()

Optional. The policy used for Key Access Justifications Policy Enforcement. If this field is present and this key is enrolled in Key Access Justifications Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if rejected by the policy. The policy is defined by specifying zero or more allowed justification codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes By default, this field is absent, and all justification codes are allowed.

.google.cloud.kms.v1.KeyAccessJustificationsPolicy key_access_justifications_policy = 17 [(.google.api.field_behavior) = OPTIONAL];

Returns
Type Description
KeyAccessJustificationsPolicyOrBuilder

getLabels() (deprecated)

public abstract Map<String,String> getLabels()

Use #getLabelsMap() instead.

Returns
Type Description
Map<String,String>

getLabelsCount()

public abstract int getLabelsCount()

Labels with user-defined metadata. For more information, see Labeling Keys.

map<string, string> labels = 10;

Returns
Type Description
int

getLabelsMap()

public abstract Map<String,String> getLabelsMap()

Labels with user-defined metadata. For more information, see Labeling Keys.

map<string, string> labels = 10;

Returns
Type Description
Map<String,String>

getLabelsOrDefault(String key, String defaultValue)

public abstract String getLabelsOrDefault(String key, String defaultValue)

Labels with user-defined metadata. For more information, see Labeling Keys.

map<string, string> labels = 10;

Parameters
Name Description
key String
defaultValue String
Returns
Type Description
String

getLabelsOrThrow(String key)

public abstract String getLabelsOrThrow(String key)

Labels with user-defined metadata. For more information, see Labeling Keys.

map<string, string> labels = 10;

Parameter
Name Description
key String
Returns
Type Description
String

getName()

public abstract String getName()

Output only. The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.

string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];

Returns
Type Description
String

The name.

getNameBytes()

public abstract ByteString getNameBytes()

Output only. The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.

string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];

Returns
Type Description
ByteString

The bytes for name.

getNextRotationTime()

public abstract Timestamp getNextRotationTime()

At next_rotation_time, the Key Management Service will automatically:

  1. Create a new version of this CryptoKey.
  2. Mark the new version as primary.

    Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time.

    Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

.google.protobuf.Timestamp next_rotation_time = 7;

Returns
Type Description
Timestamp

The nextRotationTime.

getNextRotationTimeOrBuilder()

public abstract TimestampOrBuilder getNextRotationTimeOrBuilder()

At next_rotation_time, the Key Management Service will automatically:

  1. Create a new version of this CryptoKey.
  2. Mark the new version as primary.

    Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time.

    Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

.google.protobuf.Timestamp next_rotation_time = 7;

Returns
Type Description
TimestampOrBuilder

getPrimary()

public abstract CryptoKeyVersion getPrimary()

Output only. A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name.

The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion.

Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

.google.cloud.kms.v1.CryptoKeyVersion primary = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];

Returns
Type Description
CryptoKeyVersion

The primary.

getPrimaryOrBuilder()

public abstract CryptoKeyVersionOrBuilder getPrimaryOrBuilder()

Output only. A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name.

The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion.

Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

.google.cloud.kms.v1.CryptoKeyVersion primary = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];

Returns
Type Description
CryptoKeyVersionOrBuilder

getPurpose()

public abstract CryptoKey.CryptoKeyPurpose getPurpose()

Immutable. The immutable purpose of this CryptoKey.

.google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose purpose = 3 [(.google.api.field_behavior) = IMMUTABLE];

Returns
Type Description
CryptoKey.CryptoKeyPurpose

The purpose.

getPurposeValue()

public abstract int getPurposeValue()

Immutable. The immutable purpose of this CryptoKey.

.google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose purpose = 3 [(.google.api.field_behavior) = IMMUTABLE];

Returns
Type Description
int

The enum numeric value on the wire for purpose.

getRotationPeriod()

public abstract Duration getRotationPeriod()

next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

If rotation_period is set, next_rotation_time must also be set.

Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

.google.protobuf.Duration rotation_period = 8;

Returns
Type Description
Duration

The rotationPeriod.

getRotationPeriodOrBuilder()

public abstract DurationOrBuilder getRotationPeriodOrBuilder()

next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

If rotation_period is set, next_rotation_time must also be set.

Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

.google.protobuf.Duration rotation_period = 8;

Returns
Type Description
DurationOrBuilder

getRotationScheduleCase()

public abstract CryptoKey.RotationScheduleCase getRotationScheduleCase()
Returns
Type Description
CryptoKey.RotationScheduleCase

getVersionTemplate()

public abstract CryptoKeyVersionTemplate getVersionTemplate()

A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

.google.cloud.kms.v1.CryptoKeyVersionTemplate version_template = 11;

Returns
Type Description
CryptoKeyVersionTemplate

The versionTemplate.

getVersionTemplateOrBuilder()

public abstract CryptoKeyVersionTemplateOrBuilder getVersionTemplateOrBuilder()

A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

.google.cloud.kms.v1.CryptoKeyVersionTemplate version_template = 11;

Returns
Type Description
CryptoKeyVersionTemplateOrBuilder

hasCreateTime()

public abstract boolean hasCreateTime()

Output only. The time at which this CryptoKey was created.

.google.protobuf.Timestamp create_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];

Returns
Type Description
boolean

Whether the createTime field is set.

hasDestroyScheduledDuration()

public abstract boolean hasDestroyScheduledDuration()

Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 30 days.

.google.protobuf.Duration destroy_scheduled_duration = 14 [(.google.api.field_behavior) = IMMUTABLE];

Returns
Type Description
boolean

Whether the destroyScheduledDuration field is set.

hasKeyAccessJustificationsPolicy()

public abstract boolean hasKeyAccessJustificationsPolicy()

Optional. The policy used for Key Access Justifications Policy Enforcement. If this field is present and this key is enrolled in Key Access Justifications Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if rejected by the policy. The policy is defined by specifying zero or more allowed justification codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes By default, this field is absent, and all justification codes are allowed.

.google.cloud.kms.v1.KeyAccessJustificationsPolicy key_access_justifications_policy = 17 [(.google.api.field_behavior) = OPTIONAL];

Returns
Type Description
boolean

Whether the keyAccessJustificationsPolicy field is set.

hasNextRotationTime()

public abstract boolean hasNextRotationTime()

At next_rotation_time, the Key Management Service will automatically:

  1. Create a new version of this CryptoKey.
  2. Mark the new version as primary.

    Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time.

    Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

.google.protobuf.Timestamp next_rotation_time = 7;

Returns
Type Description
boolean

Whether the nextRotationTime field is set.

hasPrimary()

public abstract boolean hasPrimary()

Output only. A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name.

The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion.

Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

.google.cloud.kms.v1.CryptoKeyVersion primary = 2 [(.google.api.field_behavior) = OUTPUT_ONLY];

Returns
Type Description
boolean

Whether the primary field is set.

hasRotationPeriod()

public abstract boolean hasRotationPeriod()

next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

If rotation_period is set, next_rotation_time must also be set.

Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

.google.protobuf.Duration rotation_period = 8;

Returns
Type Description
boolean

Whether the rotationPeriod field is set.

hasVersionTemplate()

public abstract boolean hasVersionTemplate()

A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

.google.cloud.kms.v1.CryptoKeyVersionTemplate version_template = 11;

Returns
Type Description
boolean

Whether the versionTemplate field is set.