Resource: CryptoKey
A CryptoKey
represents a logical key that can be used for cryptographic operations.
A CryptoKey
is made up of zero or more versions
, which represent the actual key material used in cryptographic operations.
JSON representation |
---|
{ "name": string, "primary": { object ( |
Fields | |
---|---|
name |
Output only. The resource name for this |
primary |
Output only. A copy of the "primary" The Keys with |
purpose |
Immutable. The immutable purpose of this |
createTime |
Output only. The time at which this A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
nextRotationTime |
At
Key rotations performed manually via Keys with A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
versionTemplate |
A template describing settings for new |
labels |
Labels with user-defined metadata. For more information, see Labeling Keys. |
importOnly |
Immutable. Whether this key may contain imported versions only. |
destroyScheduledDuration |
Immutable. The period of time that versions of this key spend in the A duration in seconds with up to nine fractional digits, ending with ' |
cryptoKeyBackend |
Immutable. The resource name of the backend environment where the key material for all |
Union field rotation_schedule . Controls the rate of automatic rotation. rotation_schedule can be only one of the following: |
|
rotationPeriod |
If Keys with A duration in seconds with up to nine fractional digits, ending with ' |
CryptoKeyPurpose
CryptoKeyPurpose
describes the cryptographic capabilities of a CryptoKey
. A given key can only be used for the operations allowed by its purpose. For more information, see Key purposes.
Enums | |
---|---|
CRYPTO_KEY_PURPOSE_UNSPECIFIED |
Not specified. |
ENCRYPT_DECRYPT |
CryptoKeys with this purpose may be used with cryptoKeys.encrypt and cryptoKeys.decrypt . |
ASYMMETRIC_SIGN |
CryptoKeys with this purpose may be used with cryptoKeyVersions.asymmetricSign and cryptoKeyVersions.getPublicKey . |
ASYMMETRIC_DECRYPT |
CryptoKeys with this purpose may be used with cryptoKeyVersions.asymmetricDecrypt and cryptoKeyVersions.getPublicKey . |
RAW_ENCRYPT_DECRYPT |
CryptoKeys with this purpose may be used with cryptoKeyVersions.rawEncrypt and cryptoKeyVersions.rawDecrypt . This purpose is meant to be used for interoperable symmetric encryption and does not support automatic CryptoKey rotation. |
MAC |
CryptoKeys with this purpose may be used with cryptoKeyVersions.macSign . |
CryptoKeyVersionTemplate
A CryptoKeyVersionTemplate
specifies the properties to use when creating a new CryptoKeyVersion
, either manually with cryptoKeyVersions.create
or automatically as a result of auto-rotation.
JSON representation |
---|
{ "protectionLevel": enum ( |
Fields | |
---|---|
protectionLevel |
|
algorithm |
Required. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and |
Methods |
|
---|---|
|
Create a new CryptoKey within a KeyRing . |
|
Decrypts data that was protected by Encrypt . |
|
Encrypts data, so that it can only be recovered by a call to Decrypt . |
|
Returns metadata for a given CryptoKey , as well as its primary CryptoKeyVersion . |
|
Gets the access control policy for a resource. |
|
Lists CryptoKeys . |
|
Update a CryptoKey . |
|
Sets the access control policy on the specified resource. |
|
Returns permissions that a caller has on the specified resource. |
|
Update the version of a CryptoKey that will be used in Encrypt . |