public class KeyManagementServiceClient implements BackgroundResource
Service Description: Google Cloud Key Management Service
Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:
- KeyRing
- CryptoKey
- CryptoKeyVersion
- ImportJob
If you are using manual gRPC libraries, see Using gRPC with Cloud KMS.
This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
KeyRingName name = KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]");
KeyRing response = keyManagementServiceClient.getKeyRing(name);
}
Note: close() needs to be called on the KeyManagementServiceClient object to clean up resources such as threads. In the example above, try-with-resources is used, which automatically calls close().
The surface of this class includes several types of Java methods for each of the API's methods:
- A "flattened" method. With this type of method, the fields of the request type have been converted into function parameters. It may be the case that not all fields are available as parameters, and not every API method will have a flattened method entry point.
- A "request object" method. This type of method only takes one parameter, a request object, which must be constructed before the call. Not every API method will have a request object method.
- A "callable" method. This type of method takes no parameters and returns an immutable API callable object, which can be used to initiate calls to the service.
See the individual methods for example code.
Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parse method to extract the individual identifiers contained within names that are returned.
This class can be customized by passing in a custom instance of KeyManagementServiceSettings to create(). For example:
To customize credentials:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
KeyManagementServiceSettings keyManagementServiceSettings =
KeyManagementServiceSettings.newBuilder()
.setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
.build();
KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create(keyManagementServiceSettings);
To customize the endpoint:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
KeyManagementServiceSettings keyManagementServiceSettings =
KeyManagementServiceSettings.newBuilder().setEndpoint(myEndpoint).build();
KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create(keyManagementServiceSettings);
To use REST (HTTP1.1/JSON) transport (instead of gRPC) for sending and receiving requests over the wire:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
KeyManagementServiceSettings keyManagementServiceSettings =
KeyManagementServiceSettings.newHttpJsonBuilder().build();
KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create(keyManagementServiceSettings);
Please refer to the GitHub repository's samples for more quickstart code snippets.
Implements
BackgroundResourceStatic Methods
create()
public static final KeyManagementServiceClient create()
Constructs an instance of KeyManagementServiceClient with default settings.
Type | Description |
KeyManagementServiceClient |
Type | Description |
IOException |
create(KeyManagementServiceSettings settings)
public static final KeyManagementServiceClient create(KeyManagementServiceSettings settings)
Constructs an instance of KeyManagementServiceClient, using the given settings. The channels are created based on the settings passed in, or defaults for any settings that are not set.
Name | Description |
settings | KeyManagementServiceSettings |
Type | Description |
KeyManagementServiceClient |
Type | Description |
IOException |
create(KeyManagementServiceStub stub)
public static final KeyManagementServiceClient create(KeyManagementServiceStub stub)
Constructs an instance of KeyManagementServiceClient, using the given stub for making calls. This is for advanced usage - prefer using create(KeyManagementServiceSettings).
Name | Description |
stub | KeyManagementServiceStub |
Type | Description |
KeyManagementServiceClient |
Constructors
KeyManagementServiceClient(KeyManagementServiceSettings settings)
protected KeyManagementServiceClient(KeyManagementServiceSettings settings)
Constructs an instance of KeyManagementServiceClient, using the given settings. This is protected so that it is easy to make a subclass, but otherwise, the static factory methods should be preferred.
Name | Description |
settings | KeyManagementServiceSettings |
KeyManagementServiceClient(KeyManagementServiceStub stub)
protected KeyManagementServiceClient(KeyManagementServiceStub stub)
Name | Description |
stub | KeyManagementServiceStub |
Methods
asymmetricDecrypt(AsymmetricDecryptRequest request)
public final AsymmetricDecryptResponse asymmetricDecrypt(AsymmetricDecryptRequest request)
Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
AsymmetricDecryptRequest request =
AsymmetricDecryptRequest.newBuilder()
.setName(
CryptoKeyVersionName.of(
"[PROJECT]",
"[LOCATION]",
"[KEY_RING]",
"[CRYPTO_KEY]",
"[CRYPTO_KEY_VERSION]")
.toString())
.setCiphertext(ByteString.EMPTY)
.setCiphertextCrc32C(Int64Value.newBuilder().build())
.build();
AsymmetricDecryptResponse response = keyManagementServiceClient.asymmetricDecrypt(request);
}
Name | Description |
request | AsymmetricDecryptRequest The request object containing all of the parameters for the API call. |
Type | Description |
AsymmetricDecryptResponse |
asymmetricDecrypt(CryptoKeyVersionName name, ByteString ciphertext)
public final AsymmetricDecryptResponse asymmetricDecrypt(CryptoKeyVersionName name, ByteString ciphertext)
Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
CryptoKeyVersionName name =
CryptoKeyVersionName.of(
"[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]", "[CRYPTO_KEY_VERSION]");
ByteString ciphertext = ByteString.EMPTY;
AsymmetricDecryptResponse response =
keyManagementServiceClient.asymmetricDecrypt(name, ciphertext);
}
Name | Description |
name | CryptoKeyVersionName Required. The resource name of the CryptoKeyVersion to use for decryption. |
ciphertext | ByteString Required. The data encrypted with the named CryptoKeyVersion's public key using OAEP. |
Type | Description |
AsymmetricDecryptResponse |
asymmetricDecrypt(String name, ByteString ciphertext)
public final AsymmetricDecryptResponse asymmetricDecrypt(String name, ByteString ciphertext)
Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
String name =
CryptoKeyVersionName.of(
"[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]", "[CRYPTO_KEY_VERSION]")
.toString();
ByteString ciphertext = ByteString.EMPTY;
AsymmetricDecryptResponse response =
keyManagementServiceClient.asymmetricDecrypt(name, ciphertext);
}
Name | Description |
name | String Required. The resource name of the CryptoKeyVersion to use for decryption. |
ciphertext | ByteString Required. The data encrypted with the named CryptoKeyVersion's public key using OAEP. |
Type | Description |
AsymmetricDecryptResponse |
asymmetricDecryptCallable()
public final UnaryCallable<AsymmetricDecryptRequest,AsymmetricDecryptResponse> asymmetricDecryptCallable()
Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
AsymmetricDecryptRequest request =
AsymmetricDecryptRequest.newBuilder()
.setName(
CryptoKeyVersionName.of(
"[PROJECT]",
"[LOCATION]",
"[KEY_RING]",
"[CRYPTO_KEY]",
"[CRYPTO_KEY_VERSION]")
.toString())
.setCiphertext(ByteString.EMPTY)
.setCiphertextCrc32C(Int64Value.newBuilder().build())
.build();
ApiFuture<AsymmetricDecryptResponse> future =
keyManagementServiceClient.asymmetricDecryptCallable().futureCall(request);
// Do something.
AsymmetricDecryptResponse response = future.get();
}
Type | Description |
UnaryCallable<AsymmetricDecryptRequest,AsymmetricDecryptResponse> |
asymmetricSign(AsymmetricSignRequest request)
public final AsymmetricSignResponse asymmetricSign(AsymmetricSignRequest request)
Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
AsymmetricSignRequest request =
AsymmetricSignRequest.newBuilder()
.setName(
CryptoKeyVersionName.of(
"[PROJECT]",
"[LOCATION]",
"[KEY_RING]",
"[CRYPTO_KEY]",
"[CRYPTO_KEY_VERSION]")
.toString())
.setDigest(Digest.newBuilder().build())
.setDigestCrc32C(Int64Value.newBuilder().build())
.setData(ByteString.EMPTY)
.setDataCrc32C(Int64Value.newBuilder().build())
.build();
AsymmetricSignResponse response = keyManagementServiceClient.asymmetricSign(request);
}
Name | Description |
request | AsymmetricSignRequest The request object containing all of the parameters for the API call. |
Type | Description |
AsymmetricSignResponse |
asymmetricSign(CryptoKeyVersionName name, Digest digest)
public final AsymmetricSignResponse asymmetricSign(CryptoKeyVersionName name, Digest digest)
Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
CryptoKeyVersionName name =
CryptoKeyVersionName.of(
"[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]", "[CRYPTO_KEY_VERSION]");
Digest digest = Digest.newBuilder().build();
AsymmetricSignResponse response = keyManagementServiceClient.asymmetricSign(name, digest);
}
Name | Description |
name | CryptoKeyVersionName Required. The resource name of the CryptoKeyVersion to use for signing. |
digest | Digest Optional. The digest of the data to sign. The digest must be produced with the same digest algorithm as specified by the key version's algorithm. This field may not be supplied if AsymmetricSignRequest.data is supplied. |
Type | Description |
AsymmetricSignResponse |
asymmetricSign(String name, Digest digest)
public final AsymmetricSignResponse asymmetricSign(String name, Digest digest)
Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
String name =
CryptoKeyVersionName.of(
"[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]", "[CRYPTO_KEY_VERSION]")
.toString();
Digest digest = Digest.newBuilder().build();
AsymmetricSignResponse response = keyManagementServiceClient.asymmetricSign(name, digest);
}
Name | Description |
name | String Required. The resource name of the CryptoKeyVersion to use for signing. |
digest | Digest Optional. The digest of the data to sign. The digest must be produced with the same digest algorithm as specified by the key version's algorithm. This field may not be supplied if AsymmetricSignRequest.data is supplied. |
Type | Description |
AsymmetricSignResponse |
asymmetricSignCallable()
public final UnaryCallable<AsymmetricSignRequest,AsymmetricSignResponse> asymmetricSignCallable()
Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
AsymmetricSignRequest request =
AsymmetricSignRequest.newBuilder()
.setName(
CryptoKeyVersionName.of(
"[PROJECT]",
"[LOCATION]",
"[KEY_RING]",
"[CRYPTO_KEY]",
"[CRYPTO_KEY_VERSION]")
.toString())
.setDigest(Digest.newBuilder().build())
.setDigestCrc32C(Int64Value.newBuilder().build())
.setData(ByteString.EMPTY)
.setDataCrc32C(Int64Value.newBuilder().build())
.build();
ApiFuture<AsymmetricSignResponse> future =
keyManagementServiceClient.asymmetricSignCallable().futureCall(request);
// Do something.
AsymmetricSignResponse response = future.get();
}
Type | Description |
UnaryCallable<AsymmetricSignRequest,AsymmetricSignResponse> |
awaitTermination(long duration, TimeUnit unit)
public boolean awaitTermination(long duration, TimeUnit unit)
Name | Description |
duration | long |
unit | TimeUnit |
Type | Description |
boolean |
Type | Description |
InterruptedException |
close()
public final void close()
createCryptoKey(CreateCryptoKeyRequest request)
public final CryptoKey createCryptoKey(CreateCryptoKeyRequest request)
Create a new CryptoKey within a KeyRing.
CryptoKey.purpose and CryptoKey.version_template.algorithm are required.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
CreateCryptoKeyRequest request =
CreateCryptoKeyRequest.newBuilder()
.setParent(KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]").toString())
.setCryptoKeyId("cryptoKeyId-1643185255")
.setCryptoKey(CryptoKey.newBuilder().build())
.setSkipInitialVersionCreation(true)
.build();
CryptoKey response = keyManagementServiceClient.createCryptoKey(request);
}
Name | Description |
request | CreateCryptoKeyRequest The request object containing all of the parameters for the API call. |
Type | Description |
CryptoKey |
createCryptoKey(KeyRingName parent, String cryptoKeyId, CryptoKey cryptoKey)
public final CryptoKey createCryptoKey(KeyRingName parent, String cryptoKeyId, CryptoKey cryptoKey)
Create a new CryptoKey within a KeyRing.
CryptoKey.purpose and CryptoKey.version_template.algorithm are required.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
KeyRingName parent = KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]");
String cryptoKeyId = "cryptoKeyId-1643185255";
CryptoKey cryptoKey = CryptoKey.newBuilder().build();
CryptoKey response =
keyManagementServiceClient.createCryptoKey(parent, cryptoKeyId, cryptoKey);
}
Name | Description |
parent | KeyRingName Required. The name of the KeyRing associated with the CryptoKeys. |
cryptoKeyId | String Required. It must be unique within a KeyRing and match the regular
expression |
cryptoKey | CryptoKey Required. A CryptoKey with initial field values. |
Type | Description |
CryptoKey |
createCryptoKey(String parent, String cryptoKeyId, CryptoKey cryptoKey)
public final CryptoKey createCryptoKey(String parent, String cryptoKeyId, CryptoKey cryptoKey)
Create a new CryptoKey within a KeyRing.
CryptoKey.purpose and CryptoKey.version_template.algorithm are required.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
String parent = KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]").toString();
String cryptoKeyId = "cryptoKeyId-1643185255";
CryptoKey cryptoKey = CryptoKey.newBuilder().build();
CryptoKey response =
keyManagementServiceClient.createCryptoKey(parent, cryptoKeyId, cryptoKey);
}
Name | Description |
parent | String Required. The name of the KeyRing associated with the CryptoKeys. |
cryptoKeyId | String Required. It must be unique within a KeyRing and match the regular
expression |
cryptoKey | CryptoKey Required. A CryptoKey with initial field values. |
Type | Description |
CryptoKey |
createCryptoKeyCallable()
public final UnaryCallable<CreateCryptoKeyRequest,CryptoKey> createCryptoKeyCallable()
Create a new CryptoKey within a KeyRing.
CryptoKey.purpose and CryptoKey.version_template.algorithm are required.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
CreateCryptoKeyRequest request =
CreateCryptoKeyRequest.newBuilder()
.setParent(KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]").toString())
.setCryptoKeyId("cryptoKeyId-1643185255")
.setCryptoKey(CryptoKey.newBuilder().build())
.setSkipInitialVersionCreation(true)
.build();
ApiFuture<CryptoKey> future =
keyManagementServiceClient.createCryptoKeyCallable().futureCall(request);
// Do something.
CryptoKey response = future.get();
}
Type | Description |
UnaryCallable<CreateCryptoKeyRequest,CryptoKey> |
createCryptoKeyVersion(CreateCryptoKeyVersionRequest request)
public final CryptoKeyVersion createCryptoKeyVersion(CreateCryptoKeyVersionRequest request)
Create a new CryptoKeyVersion in a CryptoKey.
The server will assign the next sequential id. If unset, state will be set to ENABLED.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
CreateCryptoKeyVersionRequest request =
CreateCryptoKeyVersionRequest.newBuilder()
.setParent(
CryptoKeyName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]")
.toString())
.setCryptoKeyVersion(CryptoKeyVersion.newBuilder().build())
.build();
CryptoKeyVersion response = keyManagementServiceClient.createCryptoKeyVersion(request);
}
Name | Description |
request | CreateCryptoKeyVersionRequest The request object containing all of the parameters for the API call. |
Type | Description |
CryptoKeyVersion |
createCryptoKeyVersion(CryptoKeyName parent, CryptoKeyVersion cryptoKeyVersion)
public final CryptoKeyVersion createCryptoKeyVersion(CryptoKeyName parent, CryptoKeyVersion cryptoKeyVersion)
Create a new CryptoKeyVersion in a CryptoKey.
The server will assign the next sequential id. If unset, state will be set to ENABLED.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
CryptoKeyName parent =
CryptoKeyName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]");
CryptoKeyVersion cryptoKeyVersion = CryptoKeyVersion.newBuilder().build();
CryptoKeyVersion response =
keyManagementServiceClient.createCryptoKeyVersion(parent, cryptoKeyVersion);
}
Name | Description |
parent | CryptoKeyName Required. The name of the CryptoKey associated with the CryptoKeyVersions. |
cryptoKeyVersion | CryptoKeyVersion Required. A CryptoKeyVersion with initial field values. |
Type | Description |
CryptoKeyVersion |
createCryptoKeyVersion(String parent, CryptoKeyVersion cryptoKeyVersion)
public final CryptoKeyVersion createCryptoKeyVersion(String parent, CryptoKeyVersion cryptoKeyVersion)
Create a new CryptoKeyVersion in a CryptoKey.
The server will assign the next sequential id. If unset, state will be set to ENABLED.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
String parent =
CryptoKeyName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]").toString();
CryptoKeyVersion cryptoKeyVersion = CryptoKeyVersion.newBuilder().build();
CryptoKeyVersion response =
keyManagementServiceClient.createCryptoKeyVersion(parent, cryptoKeyVersion);
}
Name | Description |
parent | String Required. The name of the CryptoKey associated with the CryptoKeyVersions. |
cryptoKeyVersion | CryptoKeyVersion Required. A CryptoKeyVersion with initial field values. |
Type | Description |
CryptoKeyVersion |
createCryptoKeyVersionCallable()
public final UnaryCallable<CreateCryptoKeyVersionRequest,CryptoKeyVersion> createCryptoKeyVersionCallable()
Create a new CryptoKeyVersion in a CryptoKey.
The server will assign the next sequential id. If unset, state will be set to ENABLED.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
CreateCryptoKeyVersionRequest request =
CreateCryptoKeyVersionRequest.newBuilder()
.setParent(
CryptoKeyName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]")
.toString())
.setCryptoKeyVersion(CryptoKeyVersion.newBuilder().build())
.build();
ApiFuture<CryptoKeyVersion> future =
keyManagementServiceClient.createCryptoKeyVersionCallable().futureCall(request);
// Do something.
CryptoKeyVersion response = future.get();
}
Type | Description |
UnaryCallable<CreateCryptoKeyVersionRequest,CryptoKeyVersion> |
createImportJob(CreateImportJobRequest request)
public final ImportJob createImportJob(CreateImportJobRequest request)
Create a new ImportJob within a KeyRing.
ImportJob.import_method is required.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
CreateImportJobRequest request =
CreateImportJobRequest.newBuilder()
.setParent(KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]").toString())
.setImportJobId("importJobId1449444627")
.setImportJob(ImportJob.newBuilder().build())
.build();
ImportJob response = keyManagementServiceClient.createImportJob(request);
}
Name | Description |
request | CreateImportJobRequest The request object containing all of the parameters for the API call. |
Type | Description |
ImportJob |
createImportJob(KeyRingName parent, String importJobId, ImportJob importJob)
public final ImportJob createImportJob(KeyRingName parent, String importJobId, ImportJob importJob)
Create a new ImportJob within a KeyRing.
ImportJob.import_method is required.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
KeyRingName parent = KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]");
String importJobId = "importJobId1449444627";
ImportJob importJob = ImportJob.newBuilder().build();
ImportJob response =
keyManagementServiceClient.createImportJob(parent, importJobId, importJob);
}
Name | Description |
parent | KeyRingName Required. The name of the KeyRing associated with the ImportJobs. |
importJobId | String Required. It must be unique within a KeyRing and match the regular
expression |
importJob | ImportJob Required. An ImportJob with initial field values. |
Type | Description |
ImportJob |
createImportJob(String parent, String importJobId, ImportJob importJob)
public final ImportJob createImportJob(String parent, String importJobId, ImportJob importJob)
Create a new ImportJob within a KeyRing.
ImportJob.import_method is required.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
String parent = KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]").toString();
String importJobId = "importJobId1449444627";
ImportJob importJob = ImportJob.newBuilder().build();
ImportJob response =
keyManagementServiceClient.createImportJob(parent, importJobId, importJob);
}
Name | Description |
parent | String Required. The name of the KeyRing associated with the ImportJobs. |
importJobId | String Required. It must be unique within a KeyRing and match the regular
expression |
importJob | ImportJob Required. An ImportJob with initial field values. |
Type | Description |
ImportJob |
createImportJobCallable()
public final UnaryCallable<CreateImportJobRequest,ImportJob> createImportJobCallable()
Create a new ImportJob within a KeyRing.
ImportJob.import_method is required.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
CreateImportJobRequest request =
CreateImportJobRequest.newBuilder()
.setParent(KeyRingName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]").toString())
.setImportJobId("importJobId1449444627")
.setImportJob(ImportJob.newBuilder().build())
.build();
ApiFuture<ImportJob> future =
keyManagementServiceClient.createImportJobCallable().futureCall(request);
// Do something.
ImportJob response = future.get();
}
Type | Description |
UnaryCallable<CreateImportJobRequest,ImportJob> |
createKeyRing(CreateKeyRingRequest request)
public final KeyRing createKeyRing(CreateKeyRingRequest request)
Create a new KeyRing in a given Project and Location.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
CreateKeyRingRequest request =
CreateKeyRingRequest.newBuilder()
.setParent(LocationName.of("[PROJECT]", "[LOCATION]").toString())
.setKeyRingId("keyRingId-2027180374")
.setKeyRing(KeyRing.newBuilder().build())
.build();
KeyRing response = keyManagementServiceClient.createKeyRing(request);
}
Name | Description |
request | CreateKeyRingRequest The request object containing all of the parameters for the API call. |
Type | Description |
KeyRing |
createKeyRing(LocationName parent, String keyRingId, KeyRing keyRing)
public final KeyRing createKeyRing(LocationName parent, String keyRingId, KeyRing keyRing)
Create a new KeyRing in a given Project and Location.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
LocationName parent = LocationName.of("[PROJECT]", "[LOCATION]");
String keyRingId = "keyRingId-2027180374";
KeyRing keyRing = KeyRing.newBuilder().build();
KeyRing response = keyManagementServiceClient.createKeyRing(parent, keyRingId, keyRing);
}
Name | Description |
parent | LocationName Required. The resource name of the location associated with the
KeyRings, in the format |
keyRingId | String Required. It must be unique within a location and match the regular expression
|
keyRing | KeyRing Required. A KeyRing with initial field values. |
Type | Description |
KeyRing |
createKeyRing(String parent, String keyRingId, KeyRing keyRing)
public final KeyRing createKeyRing(String parent, String keyRingId, KeyRing keyRing)
Create a new KeyRing in a given Project and Location.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
String parent = LocationName.of("[PROJECT]", "[LOCATION]").toString();
String keyRingId = "keyRingId-2027180374";
KeyRing keyRing = KeyRing.newBuilder().build();
KeyRing response = keyManagementServiceClient.createKeyRing(parent, keyRingId, keyRing);
}
Name | Description |
parent | String Required. The resource name of the location associated with the
KeyRings, in the format |
keyRingId | String Required. It must be unique within a location and match the regular expression
|
keyRing | KeyRing Required. A KeyRing with initial field values. |
Type | Description |
KeyRing |
createKeyRingCallable()
public final UnaryCallable<CreateKeyRingRequest,KeyRing> createKeyRingCallable()
Create a new KeyRing in a given Project and Location.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
CreateKeyRingRequest request =
CreateKeyRingRequest.newBuilder()
.setParent(LocationName.of("[PROJECT]", "[LOCATION]").toString())
.setKeyRingId("keyRingId-2027180374")
.setKeyRing(KeyRing.newBuilder().build())
.build();
ApiFuture<KeyRing> future =
keyManagementServiceClient.createKeyRingCallable().futureCall(request);
// Do something.
KeyRing response = future.get();
}
Type | Description |
UnaryCallable<CreateKeyRingRequest,KeyRing> |
decrypt(CryptoKeyName name, ByteString ciphertext)
public final DecryptResponse decrypt(CryptoKeyName name, ByteString ciphertext)
Decrypts data that was protected by Encrypt. The CryptoKey.purpose must be ENCRYPT_DECRYPT.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
CryptoKeyName name =
CryptoKeyName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]");
ByteString ciphertext = ByteString.EMPTY;
DecryptResponse response = keyManagementServiceClient.decrypt(name, ciphertext);
}
Name | Description |
name | CryptoKeyName Required. The resource name of the CryptoKey to use for decryption. The server will choose the appropriate version. |
ciphertext | ByteString Required. The encrypted data originally returned in EncryptResponse.ciphertext. |
Type | Description |
DecryptResponse |
decrypt(DecryptRequest request)
public final DecryptResponse decrypt(DecryptRequest request)
Decrypts data that was protected by Encrypt. The CryptoKey.purpose must be ENCRYPT_DECRYPT.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
DecryptRequest request =
DecryptRequest.newBuilder()
.setName(
CryptoKeyName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]")
.toString())
.setCiphertext(ByteString.EMPTY)
.setAdditionalAuthenticatedData(ByteString.EMPTY)
.setCiphertextCrc32C(Int64Value.newBuilder().build())
.setAdditionalAuthenticatedDataCrc32C(Int64Value.newBuilder().build())
.build();
DecryptResponse response = keyManagementServiceClient.decrypt(request);
}
Name | Description |
request | DecryptRequest The request object containing all of the parameters for the API call. |
Type | Description |
DecryptResponse |
decrypt(String name, ByteString ciphertext)
public final DecryptResponse decrypt(String name, ByteString ciphertext)
Decrypts data that was protected by Encrypt. The CryptoKey.purpose must be ENCRYPT_DECRYPT.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
String name =
CryptoKeyName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]").toString();
ByteString ciphertext = ByteString.EMPTY;
DecryptResponse response = keyManagementServiceClient.decrypt(name, ciphertext);
}
Name | Description |
name | String Required. The resource name of the CryptoKey to use for decryption. The server will choose the appropriate version. |
ciphertext | ByteString Required. The encrypted data originally returned in EncryptResponse.ciphertext. |
Type | Description |
DecryptResponse |
decryptCallable()
public final UnaryCallable<DecryptRequest,DecryptResponse> decryptCallable()
Decrypts data that was protected by Encrypt. The CryptoKey.purpose must be ENCRYPT_DECRYPT.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
DecryptRequest request =
DecryptRequest.newBuilder()
.setName(
CryptoKeyName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]")
.toString())
.setCiphertext(ByteString.EMPTY)
.setAdditionalAuthenticatedData(ByteString.EMPTY)
.setCiphertextCrc32C(Int64Value.newBuilder().build())
.setAdditionalAuthenticatedDataCrc32C(Int64Value.newBuilder().build())
.build();
ApiFuture<DecryptResponse> future =
keyManagementServiceClient.decryptCallable().futureCall(request);
// Do something.
DecryptResponse response = future.get();
}
Type | Description |
UnaryCallable<DecryptRequest,DecryptResponse> |
destroyCryptoKeyVersion(CryptoKeyVersionName name)
public final CryptoKeyVersion destroyCryptoKeyVersion(CryptoKeyVersionName name)
Schedule a CryptoKeyVersion for destruction.
Upon calling this method, CryptoKeyVersion.state will be set to DESTROY_SCHEDULED, and destroy_time will be set to the time destroy_scheduled_duration in the future. At that time, the state will automatically change to DESTROYED, and the key material will be irrevocably destroyed.
Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to reverse the process.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
CryptoKeyVersionName name =
CryptoKeyVersionName.of(
"[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]", "[CRYPTO_KEY_VERSION]");
CryptoKeyVersion response = keyManagementServiceClient.destroyCryptoKeyVersion(name);
}
Name | Description |
name | CryptoKeyVersionName Required. The resource name of the CryptoKeyVersion to destroy. |
Type | Description |
CryptoKeyVersion |
destroyCryptoKeyVersion(DestroyCryptoKeyVersionRequest request)
public final CryptoKeyVersion destroyCryptoKeyVersion(DestroyCryptoKeyVersionRequest request)
Schedule a CryptoKeyVersion for destruction.
Upon calling this method, CryptoKeyVersion.state will be set to DESTROY_SCHEDULED, and destroy_time will be set to the time destroy_scheduled_duration in the future. At that time, the state will automatically change to DESTROYED, and the key material will be irrevocably destroyed.
Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to reverse the process.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
DestroyCryptoKeyVersionRequest request =
DestroyCryptoKeyVersionRequest.newBuilder()
.setName(
CryptoKeyVersionName.of(
"[PROJECT]",
"[LOCATION]",
"[KEY_RING]",
"[CRYPTO_KEY]",
"[CRYPTO_KEY_VERSION]")
.toString())
.build();
CryptoKeyVersion response = keyManagementServiceClient.destroyCryptoKeyVersion(request);
}
Name | Description |
request | DestroyCryptoKeyVersionRequest The request object containing all of the parameters for the API call. |
Type | Description |
CryptoKeyVersion |
destroyCryptoKeyVersion(String name)
public final CryptoKeyVersion destroyCryptoKeyVersion(String name)
Schedule a CryptoKeyVersion for destruction.
Upon calling this method, CryptoKeyVersion.state will be set to DESTROY_SCHEDULED, and destroy_time will be set to the time destroy_scheduled_duration in the future. At that time, the state will automatically change to DESTROYED, and the key material will be irrevocably destroyed.
Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to reverse the process.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
String name =
CryptoKeyVersionName.of(
"[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]", "[CRYPTO_KEY_VERSION]")
.toString();
CryptoKeyVersion response = keyManagementServiceClient.destroyCryptoKeyVersion(name);
}
Name | Description |
name | String Required. The resource name of the CryptoKeyVersion to destroy. |
Type | Description |
CryptoKeyVersion |
destroyCryptoKeyVersionCallable()
public final UnaryCallable<DestroyCryptoKeyVersionRequest,CryptoKeyVersion> destroyCryptoKeyVersionCallable()
Schedule a CryptoKeyVersion for destruction.
Upon calling this method, CryptoKeyVersion.state will be set to DESTROY_SCHEDULED, and destroy_time will be set to the time destroy_scheduled_duration in the future. At that time, the state will automatically change to DESTROYED, and the key material will be irrevocably destroyed.
Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to reverse the process.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
DestroyCryptoKeyVersionRequest request =
DestroyCryptoKeyVersionRequest.newBuilder()
.setName(
CryptoKeyVersionName.of(
"[PROJECT]",
"[LOCATION]",
"[KEY_RING]",
"[CRYPTO_KEY]",
"[CRYPTO_KEY_VERSION]")
.toString())
.build();
ApiFuture<CryptoKeyVersion> future =
keyManagementServiceClient.destroyCryptoKeyVersionCallable().futureCall(request);
// Do something.
CryptoKeyVersion response = future.get();
}
Type | Description |
UnaryCallable<DestroyCryptoKeyVersionRequest,CryptoKeyVersion> |
encrypt(ResourceName name, ByteString plaintext)
public final EncryptResponse encrypt(ResourceName name, ByteString plaintext)
Encrypts data, so that it can only be recovered by a call to Decrypt. The CryptoKey.purpose must be ENCRYPT_DECRYPT.
Sample code:
// This snippet has been automatically generated and should be regarded as a code template only.
// It will require modifications to work:
// - It may require correct/in-range values for request initialization.
// - It may require specifying regional endpoints when creating the service client as shown in
// https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
try (KeyManagementServiceClient keyManagementServiceClient =
KeyManagementServiceClient.create()) {
ResourceName name = CryptoKeyName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]");
ByteString plaintext = ByteString.EMPTY;
EncryptResponse response = keyManagementServiceClient.encrypt(name, plaintext);
}
Name | Description |
name | com.google.api.resourcenames.ResourceName Required. The resource name of the CryptoKey or CryptoKeyVersion to use for encryption. If a CryptoKey is specified, the server will use its primary version. |
plaintext | ByteString Required. The data to encrypt. Must be no larger than 64KiB. The maximum size depends on the key version's protection_level. For SOFTWARE, EXTERNAL, and EXTERNAL_VPC keys, the plaintext must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB. |
Type | Description |
EncryptResponse |
encrypt(CryptoKeyPathName name, ByteString plaintext)
public final EncryptResponse encrypt(CryptoKeyPathName name, ByteString plaintext)