REST Resource: projects.locations.keyRings.cryptoKeys

Resource: CryptoKey
- JSON representation
CryptoKeyPurpose
CryptoKeyVersionTemplate
- JSON representation
Methods

Resource: CryptoKey

A CryptoKey represents a logical key that can be used for cryptographic operations.

A CryptoKey is made up of zero or more versions, which represent the actual key material used in cryptographic operations.

JSON representation

JSON representation
{ "name": string, "primary": { object (`CryptoKeyVersion`) }, "purpose": enum (`CryptoKeyPurpose`), "createTime": string, "nextRotationTime": string, "versionTemplate": { object (`CryptoKeyVersionTemplate`) }, "labels": { string: string, ... }, "importOnly": boolean, "destroyScheduledDuration": string, "cryptoKeyBackend": string, // Union field `rotation_schedule` can be only one of the following: "rotationPeriod": string // End of list of possible types for union field `rotation_schedule`. }

{
  "name": string,
  "primary": {
    object (CryptoKeyVersion)
  },
  "purpose": enum (CryptoKeyPurpose),
  "createTime": string,
  "nextRotationTime": string,
  "versionTemplate": {
    object (CryptoKeyVersionTemplate)
  },
  "labels": {
    string: string,
    ...
  },
  "importOnly": boolean,
  "destroyScheduledDuration": string,
  "cryptoKeyBackend": string,

  // Union field rotation_schedule can be only one of the following:
  "rotationPeriod": string
  // End of list of possible types for union field rotation_schedule.
}

Fields
`name`	`string` Output only. The resource name for this `CryptoKey` in the format `projects//locations//keyRings//cryptoKeys/`.
`primary`	`object (CryptoKeyVersion)` Output only. A copy of the "primary" `CryptoKeyVersion` that will be used by `cryptoKeys.encrypt` when this `CryptoKey` is given in `EncryptRequest.name`. The `CryptoKey`'s primary version can be updated via `cryptoKeys.updatePrimaryVersion`. Keys with `purpose` `ENCRYPT_DECRYPT` may have a primary. For other keys, this field will be omitted.
`purpose`	`enum (CryptoKeyPurpose)` Immutable. The immutable purpose of this `CryptoKey`.
`createTime`	`string (Timestamp format)` Output only. The time at which this `CryptoKey` was created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`nextRotationTime`	`string (Timestamp format)` At `nextRotationTime`, the Key Management Service will automatically: Create a new version of this `CryptoKey`. Mark the new version as primary. Key rotations performed manually via `cryptoKeyVersions.create` and `cryptoKeys.updatePrimaryVersion` do not affect `nextRotationTime`. Keys with `purpose` `ENCRYPT_DECRYPT` support automatic rotation. For other keys, this field must be omitted. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`versionTemplate`	`object (CryptoKeyVersionTemplate)` A template describing settings for new `CryptoKeyVersion` instances. The properties of new `CryptoKeyVersion` instances created by either `cryptoKeyVersions.create` or auto-rotation are controlled by this template.
`labels`	`map (key: string, value: string)` Labels with user-defined metadata. For more information, see Labeling Keys.
`importOnly`	`boolean` Immutable. Whether this key may contain imported versions only.
`destroyScheduledDuration`	`string (Duration format)` Immutable. The period of time that versions of this key spend in the `DESTROY_SCHEDULED` state before transitioning to `DESTROYED`. If not specified at creation time, the default duration is 24 hours. A duration in seconds with up to nine fractional digits, ending with '`s`'. Example: `"3.5s"`.
`cryptoKeyBackend`	`string` Immutable. The resource name of the backend environment where the key material for all `CryptoKeyVersions` associated with this `CryptoKey` reside and where all related cryptographic operations are performed. Only applicable if `CryptoKeyVersions` have a `ProtectionLevel` of [EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC], with the resource name in the format `projects//locations//ekmConnections/*`. Note, this list is non-exhaustive and may apply to additional `ProtectionLevels` in the future.
Union field `rotation_schedule`. Controls the rate of automatic rotation. `rotation_schedule` can be only one of the following:
`rotationPeriod`	`string (Duration format)` `nextRotationTime` will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If `rotationPeriod` is set, `nextRotationTime` must also be set. Keys with `purpose` `ENCRYPT_DECRYPT` support automatic rotation. For other keys, this field must be omitted. A duration in seconds with up to nine fractional digits, ending with '`s`'. Example: `"3.5s"`.

CryptoKeyPurpose

CryptoKeyPurpose describes the cryptographic capabilities of a CryptoKey. A given key can only be used for the operations allowed by its purpose. For more information, see Key purposes.

Enums
`CRYPTO_KEY_PURPOSE_UNSPECIFIED`	Not specified.
`ENCRYPT_DECRYPT`	`CryptoKeys` with this purpose may be used with `cryptoKeys.encrypt` and `cryptoKeys.decrypt`.
`ASYMMETRIC_SIGN`	`CryptoKeys` with this purpose may be used with `cryptoKeyVersions.asymmetricSign` and `cryptoKeyVersions.getPublicKey`.
`ASYMMETRIC_DECRYPT`	`CryptoKeys` with this purpose may be used with `cryptoKeyVersions.asymmetricDecrypt` and `cryptoKeyVersions.getPublicKey`.
`RAW_ENCRYPT_DECRYPT`	`CryptoKeys` with this purpose may be used with `cryptoKeyVersions.rawEncrypt` and `cryptoKeyVersions.rawDecrypt`. This purpose is meant to be used for interoperable symmetric encryption and does not support automatic CryptoKey rotation.
`MAC`	`CryptoKeys` with this purpose may be used with `cryptoKeyVersions.macSign`.

CryptoKeyVersionTemplate

A CryptoKeyVersionTemplate specifies the properties to use when creating a new CryptoKeyVersion, either manually with cryptoKeyVersions.create or automatically as a result of auto-rotation.

JSON representation
{ "protectionLevel": enum (`ProtectionLevel`), "algorithm": enum (`CryptoKeyVersionAlgorithm`) }

Fields

Fields
`protectionLevel`	`enum (ProtectionLevel)` `ProtectionLevel` to use when creating a `CryptoKeyVersion` based on this template. Immutable. Defaults to `SOFTWARE`.
`algorithm`	`enum (CryptoKeyVersionAlgorithm)` Required. `Algorithm` to use when creating a `CryptoKeyVersion` based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and `CryptoKey.purpose` is `ENCRYPT_DECRYPT`.

protectionLevel

enum (ProtectionLevel)

ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

algorithm

enum (CryptoKeyVersionAlgorithm)

Required. Algorithm to use when creating a CryptoKeyVersion based on this template.

For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

Methods
`create`	Create a new `CryptoKey` within a `KeyRing`.
`decrypt`	Decrypts data that was protected by `Encrypt`.
`encrypt`	Encrypts data, so that it can only be recovered by a call to `Decrypt`.
`get`	Returns metadata for a given `CryptoKey`, as well as its `primary` `CryptoKeyVersion`.
`getIamPolicy`	Gets the access control policy for a resource.
`list`	Lists `CryptoKeys`.
`patch`	Update a `CryptoKey`.
`setIamPolicy`	Sets the access control policy on the specified resource.
`testIamPermissions`	Returns permissions that a caller has on the specified resource.
`updatePrimaryVersion`	Update the version of a `CryptoKey` that will be used in `Encrypt`.

REST Resource: projects.locations.keyRings.cryptoKeys

Resource: CryptoKey

CryptoKeyPurpose

CryptoKeyVersionTemplate

Methods

`create`

`decrypt`

`encrypt`

`get`

`getIamPolicy`

`list`

`patch`

`setIamPolicy`

`testIamPermissions`

`updatePrimaryVersion`