REST Resource: projects.locations.keyRings.cryptoKeys.cryptoKeyVersions

Resource: CryptoKeyVersion

A CryptoKeyVersion represents an individual cryptographic key, and the associated key material.

An ENABLED version can be used for cryptographic operations.

For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS.

JSON representation
{
  "name": string,
  "state": enum (CryptoKeyVersionState),
  "protectionLevel": enum (ProtectionLevel),
  "algorithm": enum (CryptoKeyVersionAlgorithm),
  "attestation": {
    object (KeyOperationAttestation)
  },
  "createTime": string,
  "generateTime": string,
  "destroyTime": string,
  "destroyEventTime": string,
  "importJob": string,
  "importTime": string,
  "importFailureReason": string
}
Fields
name

string

Output only. The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.

state

enum (CryptoKeyVersionState)

The current state of the CryptoKeyVersion.

protectionLevel

enum (ProtectionLevel)

Output only. The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.

algorithm

enum (CryptoKeyVersionAlgorithm)

Output only. The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

attestation

object (KeyOperationAttestation)

Output only. Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM.

createTime

string (Timestamp format)

Output only. The time at which this CryptoKeyVersion was created.

A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

generateTime

string (Timestamp format)

Output only. The time this CryptoKeyVersion's key material was generated.

A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

destroyTime

string (Timestamp format)

Output only. The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.

A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

destroyEventTime

string (Timestamp format)

Output only. The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.

A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

importJob

string

Output only. The name of the ImportJob used to import this CryptoKeyVersion. Only present if the underlying key material was imported.

importTime

string (Timestamp format)

Output only. The time at which this CryptoKeyVersion's key material was imported.

A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

importFailureReason

string

Output only. The root cause of an import failure. Only present if state is IMPORT_FAILED.

CryptoKeyVersionState

The state of a CryptoKeyVersion, indicating if it can be used.

Enums
CRYPTO_KEY_VERSION_STATE_UNSPECIFIED Not specified.
PENDING_GENERATION This version is still being generated. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
ENABLED This version may be used for cryptographic operations.
DISABLED This version may not be used, but the key material is still available, and the version can be placed back into the ENABLED state.
DESTROYED This version is destroyed, and the key material is no longer stored. A version may not leave this state once entered.
DESTROY_SCHEDULED This version is scheduled for destruction, and will be destroyed soon. Call cryptoKeyVersions.restore to put it back into the DISABLED state.
PENDING_IMPORT This version is still being imported. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
IMPORT_FAILED This version was not imported successfully. It may not be used, enabled, disabled, or destroyed. The submitted key material has been discarded. Additional details can be found in CryptoKeyVersion.import_failure_reason.

Methods

asymmetricDecrypt

Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT.

asymmetricSign

Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.

create

Create a new CryptoKeyVersion in a CryptoKey.

destroy

Schedule a CryptoKeyVersion for destruction.

get

Returns metadata for a given CryptoKeyVersion.

getPublicKey

Returns the public key for the given CryptoKeyVersion.

import

Imports a new CryptoKeyVersion into an existing CryptoKey using the wrapped key material provided in the request.

list

Lists CryptoKeyVersions.

patch

Update a CryptoKeyVersion's metadata.

restore

Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state.
Bu sayfayı yararlı buldunuz mu? Lütfen görüşünüzü bildirin:

Şunun hakkında geri bildirim gönderin...