Full name: projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.import
Import wrapped key material into a CryptoKeyVersion
.
All requests must specify a CryptoKey
. If a CryptoKeyVersion
is additionally specified in the request, key material will be reimported into that version. Otherwise, a new version will be created, and will be assigned the next sequential id within the CryptoKey
.
HTTP request
The URLs use gRPC Transcoding syntax.
Path parameters
Parameters | |
---|---|
parent |
Required. The The create permission is only required on this key when creating a new Authorization requires the following IAM permission on the specified resource
|
Request body
The request body contains data with the following structure:
JSON representation |
---|
{ "cryptoKeyVersion": string, "algorithm": enum ( |
Fields | |
---|---|
crypto |
Optional. The optional If this field is present, the supplied key material is imported into the existing Authorization requires the following IAM permission on the specified resource
|
algorithm |
Required. The |
import |
Required. The Authorization requires the following IAM permission on the specified resource
|
wrapped |
Optional. The wrapped key material to import. Before wrapping, key material must be formatted. If importing symmetric key material, the expected key material format is plain bytes. If importing asymmetric key material, the expected key material format is PKCS#8-encoded DER (the PrivateKeyInfo structure from RFC 5208). When wrapping with import methods ( this field must contain the concatenation of:
This format is the same as the format produced by PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP. When wrapping with import methods ( this field must contain the formatted key to be imported, wrapped with the A base64-encoded string. |
Union field wrapped_key_material . This field is legacy. Use the field wrapped_key instead. wrapped_key_material can be only one of the following: |
|
rsa |
Optional. This field has the same meaning as A base64-encoded string. |
Response body
If successful, the response body contains an instance of CryptoKeyVersion
.
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/cloudkms
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.