Full name: projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.import
Imports a new CryptoKeyVersion
into an existing CryptoKey
using the wrapped key material provided in the request.
The version ID will be assigned the next sequential id within the CryptoKey
.
HTTP request
POST https://cloudkms.googleapis.com/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions:import
The URL uses gRPC Transcoding syntax.
Path parameters
Parameters | |
---|---|
parent |
Required. The Authorization requires the following IAM permission on the specified resource
|
Request body
The request body contains data with the following structure:
JSON representation | |
---|---|
{
"algorithm": enum ( |
Fields | |
---|---|
algorithm |
Required. The |
importJob |
Required. The Authorization requires the following IAM permission on the specified resource
|
rsaAesWrappedKey |
Wrapped key material produced with This field contains the concatenation of two wrapped keys:
If importing symmetric key material, it is expected that the unwrapped key contains plain bytes. If importing asymmetric key material, it is expected that the unwrapped key is in PKCS#8-encoded DER format (the PrivateKeyInfo structure from RFC 5208). This format is the same as the format produced by PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP. A base64-encoded string. |
Response body
If successful, the response body contains an instance of CryptoKeyVersion
.
Authorization Scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/cloudkms
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.