REST Resource: projects.locations.keyRings.cryptoKeys

Resource: CryptoKey

A CryptoKey represents a logical key that can be used for cryptographic operations.

A CryptoKey is made up of one or more versions, which represent the actual key material used in cryptographic operations.

JSON representation
{
  "name": string,
  "primary": {
    object (CryptoKeyVersion)
  },
  "purpose": enum (CryptoKeyPurpose),
  "createTime": string,
  "nextRotationTime": string,
  "versionTemplate": {
    object (CryptoKeyVersionTemplate)
  },
  "labels": {
    string: string,
    ...
  },
  "rotationPeriod": string
}
Fields
name

string

Output only. The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.

primary

object (CryptoKeyVersion)

Output only. A copy of the "primary" CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name.

The CryptoKey's primary version can be updated via cryptoKeys.updatePrimaryVersion.

All keys with purpose ENCRYPT_DECRYPT have a primary. For other keys, this field will be omitted.

purpose

enum (CryptoKeyPurpose)

The immutable purpose of this CryptoKey.

createTime

string (Timestamp format)

Output only. The time at which this CryptoKey was created.

A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

nextRotationTime

string (Timestamp format)

At nextRotationTime, the Key Management Service will automatically:

  1. Create a new version of this CryptoKey.
  2. Mark the new version as primary.

Key rotations performed manually via cryptoKeyVersions.create and cryptoKeys.updatePrimaryVersion do not affect nextRotationTime.

Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

versionTemplate

object (CryptoKeyVersionTemplate)

A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either cryptoKeyVersions.create or auto-rotation are controlled by this template.

labels

map (key: string, value: string)

Labels with user-defined metadata. For more information, see Labeling Keys.

rotationPeriod

string (Duration format)

nextRotationTime will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

If rotationPeriod is set, nextRotationTime must also be set.

Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".

CryptoKeyPurpose

CryptoKeyPurpose describes the cryptographic capabilities of a CryptoKey. A given key can only be used for the operations allowed by its purpose. For more information, see Key purposes.

Enums
CRYPTO_KEY_PURPOSE_UNSPECIFIED Not specified.
ENCRYPT_DECRYPT CryptoKeys with this purpose may be used with cryptoKeys.encrypt and cryptoKeys.decrypt.
ASYMMETRIC_SIGN CryptoKeys with this purpose may be used with cryptoKeyVersions.asymmetricSign and cryptoKeyVersions.getPublicKey.
ASYMMETRIC_DECRYPT CryptoKeys with this purpose may be used with cryptoKeyVersions.asymmetricDecrypt and cryptoKeyVersions.getPublicKey.

CryptoKeyVersionTemplate

A CryptoKeyVersionTemplate specifies the properties to use when creating a new CryptoKeyVersion, either manually with cryptoKeyVersions.create or automatically as a result of auto-rotation.

JSON representation
{
  "protectionLevel": enum (ProtectionLevel),
  "algorithm": enum (CryptoKeyVersionAlgorithm)
}
Fields
protectionLevel

enum (ProtectionLevel)

ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

algorithm

enum (CryptoKeyVersionAlgorithm)

Required. Algorithm to use when creating a CryptoKeyVersion based on this template.

For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

Methods

create

Create a new CryptoKey within a KeyRing.

decrypt

Decrypts data that was protected by Encrypt.

encrypt

Encrypts data, so that it can only be recovered by a call to Decrypt.

get

Returns metadata for a given CryptoKey, as well as its primary CryptoKeyVersion.

getIamPolicy

Gets the access control policy for a resource.

list

Lists CryptoKeys.

patch

Update a CryptoKey.

setIamPolicy

Sets the access control policy on the specified resource.

testIamPermissions

Returns permissions that a caller has on the specified resource.

updatePrimaryVersion

Update the version of a CryptoKey that will be used in Encrypt.
Kunde den här sidan hjälpa dig? Berätta:

Skicka feedback om ...