鍵バージョンの無効化
もっと見る
このコードサンプルを含む詳細なドキュメントについては、以下をご覧ください。
コードサンプル
C#
Cloud KMS 用のクライアント ライブラリをインストールして使用する方法については、Cloud KMS クライアント ライブラリをご覧ください。
using Google.Cloud.Kms.V1;
using Google.Protobuf.WellKnownTypes;
public class DisableKeyVersionSample
{
public CryptoKeyVersion DisableKeyVersion(string projectId = "my-project", string locationId = "us-east1", string keyRingId = "my-key-ring", string keyId = "my-key", string keyVersionId = "123")
{
// Create the client.
KeyManagementServiceClient client = KeyManagementServiceClient.Create();
// Build the key version.
CryptoKeyVersion keyVersion = new CryptoKeyVersion
{
CryptoKeyVersionName = new CryptoKeyVersionName(projectId, locationId, keyRingId, keyId, keyVersionId),
State = CryptoKeyVersion.Types.CryptoKeyVersionState.Disabled,
};
// Build the update mask.
FieldMask fieldMask = new FieldMask
{
Paths = { "state" },
};
// Call the API.
CryptoKeyVersion result = client.UpdateCryptoKeyVersion(keyVersion, fieldMask);
// Return the result.
return result;
}
}
Go
Cloud KMS 用のクライアント ライブラリをインストールして使用する方法については、Cloud KMS クライアント ライブラリをご覧ください。
import (
"context"
"fmt"
"io"
kms "cloud.google.com/go/kms/apiv1"
kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1"
fieldmask "google.golang.org/genproto/protobuf/field_mask"
)
// disableKeyVersion disables the specified key version on Cloud KMS.
func disableKeyVersion(w io.Writer, name string) error {
// name := "projects/my-project/locations/us-east1/keyRings/my-key-ring/cryptoKeys/my-key/cryptoKeyVersions/123"
// Create the client.
ctx := context.Background()
client, err := kms.NewKeyManagementClient(ctx)
if err != nil {
return fmt.Errorf("failed to create kms client: %v", err)
}
defer client.Close()
// Build the request.
req := &kmspb.UpdateCryptoKeyVersionRequest{
CryptoKeyVersion: &kmspb.CryptoKeyVersion{
Name: name,
State: kmspb.CryptoKeyVersion_DISABLED,
},
UpdateMask: &fieldmask.FieldMask{
Paths: []string{"state"},
},
}
// Call the API.
result, err := client.UpdateCryptoKeyVersion(ctx, req)
if err != nil {
return fmt.Errorf("failed to update key version: %v", err)
}
fmt.Fprintf(w, "Disabled key version: %s\n", result)
return nil
}
Java
Cloud KMS 用のクライアント ライブラリをインストールして使用する方法については、Cloud KMS クライアント ライブラリをご覧ください。
import com.google.cloud.kms.v1.CryptoKeyVersion;
import com.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState;
import com.google.cloud.kms.v1.CryptoKeyVersionName;
import com.google.cloud.kms.v1.KeyManagementServiceClient;
import com.google.protobuf.FieldMask;
import com.google.protobuf.util.FieldMaskUtil;
import java.io.IOException;
public class DisableKeyVersion {
public void disableKeyVersion() throws IOException {
// TODO(developer): Replace these variables before running the sample.
String projectId = "your-project-id";
String locationId = "us-east1";
String keyRingId = "my-key-ring";
String keyId = "my-key";
String keyVersionId = "123";
disableKeyVersion(projectId, locationId, keyRingId, keyId, keyVersionId);
}
// Disable a key version from use.
public void disableKeyVersion(
String projectId, String locationId, String keyRingId, String keyId, String keyVersionId)
throws IOException {
// Initialize client that will be used to send requests. This client only
// needs to be created once, and can be reused for multiple requests. After
// completing all of your requests, call the "close" method on the client to
// safely clean up any remaining background resources.
try (KeyManagementServiceClient client = KeyManagementServiceClient.create()) {
// Build the key version name from the project, location, key ring, key,
// and key version.
CryptoKeyVersionName keyVersionName =
CryptoKeyVersionName.of(projectId, locationId, keyRingId, keyId, keyVersionId);
// Build the updated key version, setting it to disbaled.
CryptoKeyVersion keyVersion =
CryptoKeyVersion.newBuilder()
.setName(keyVersionName.toString())
.setState(CryptoKeyVersionState.DISABLED)
.build();
// Create a field mask of updated values.
FieldMask fieldMask = FieldMaskUtil.fromString("state");
// Disable the key version.
CryptoKeyVersion response = client.updateCryptoKeyVersion(keyVersion, fieldMask);
System.out.printf("Disabled key version: %s%n", response.getName());
}
}
}
Node.js
Cloud KMS 用のクライアント ライブラリをインストールして使用する方法については、Cloud KMS クライアント ライブラリをご覧ください。
//
// TODO(developer): Uncomment these variables before running the sample.
//
// const projectId = 'my-project';
// const locationId = 'us-east1';
// const keyRingId = 'my-key-ring';
// const keyId = 'my-key';
// const versionId = '123';
// Imports the Cloud KMS library
const {KeyManagementServiceClient} = require('@google-cloud/kms');
// Instantiates a client
const client = new KeyManagementServiceClient();
// Build the key version name
const versionName = client.cryptoKeyVersionPath(
projectId,
locationId,
keyRingId,
keyId,
versionId
);
async function disableKeyVersion() {
const [version] = await client.updateCryptoKeyVersion({
cryptoKeyVersion: {
name: versionName,
state: 'DISABLED',
},
updateMask: {
paths: ['state'],
},
});
console.log(`Disabled key version: ${version.name}`);
return version;
}
return disableKeyVersion();
PHP
Cloud KMS 用のクライアント ライブラリをインストールして使用する方法については、Cloud KMS クライアント ライブラリをご覧ください。
use Google\Cloud\Kms\V1\CryptoKeyVersion;
use Google\Cloud\Kms\V1\CryptoKeyVersion\CryptoKeyVersionState;
use Google\Cloud\Kms\V1\KeyManagementServiceClient;
use Google\Protobuf\FieldMask;
function disable_key_version_sample(
string $projectId = 'my-project',
string $locationId = 'us-east1',
string $keyRingId = 'my-key-ring',
string $keyId = 'my-key',
string $versionId = '123'
) {
// Create the Cloud KMS client.
$client = new KeyManagementServiceClient();
// Build the key version name.
$keyVersionName = $client->cryptoKeyVersionName($projectId, $locationId, $keyRingId, $keyId, $versionId);
// Create the updated version.
$keyVersion = (new CryptoKeyVersion())
->setName($keyVersionName)
->setState(CryptoKeyVersionState::DISABLED);
// Create the field mask.
$updateMask = (new FieldMask())
->setPaths(['state']);
// Call the API.
$disabledVersion = $client->updateCryptoKeyVersion($keyVersion, $updateMask);
printf('Disabled key version: %s' . PHP_EOL, $disabledVersion->getName());
return $disabledVersion;
}
Python
Cloud KMS 用のクライアント ライブラリをインストールして使用する方法については、Cloud KMS クライアント ライブラリをご覧ください。
def disable_key_version(project_id, location_id, key_ring_id, key_id, version_id):
"""
Disable a key.
Args:
project_id (string): Google Cloud project ID (e.g. 'my-project').
location_id (string): Cloud KMS location (e.g. 'us-east1').
key_ring_id (string): ID of the Cloud KMS key ring (e.g. 'my-key-ring').
key_id (string): ID of the key to use (e.g. 'my-key').
version_id (string): ID of the key version to disable (e.g. '1').
Returns:
CryptoKeyVersion: The version.
"""
# Import the client library.
from google.cloud import kms
# Create the client.
client = kms.KeyManagementServiceClient()
# Build the key version name.
key_version_name = client.crypto_key_version_path(project_id, location_id, key_ring_id, key_id, version_id)
key_version = {
'name': key_version_name,
'state': kms.CryptoKeyVersion.CryptoKeyVersionState.DISABLED
}
# Build the update mask.
update_mask = {'paths': ['state']}
# Call the API.
disabled_version = client.update_crypto_key_version(request={'crypto_key_version': key_version, 'update_mask': update_mask})
print('Disabled key version: {}'.format(disabled_version.name))
return disabled_version
Ruby
Cloud KMS 用のクライアント ライブラリをインストールして使用する方法については、Cloud KMS クライアント ライブラリをご覧ください。
# TODO(developer): uncomment these values before running the sample.
# project_id = "my-project"
# location_id = "us-east1"
# key_ring_id = "my-key-ring"
# key_id = "my-key"
# version_id = "123"
# Require the library.
require "google/cloud/kms"
# Create the client.
client = Google::Cloud::Kms.key_management_service
# Build the key version name.
key_version_name = client.crypto_key_version_path project: project_id,
location: location_id,
key_ring: key_ring_id,
crypto_key: key_id,
crypto_key_version: version_id
# Create the updated version.
version = {
name: key_version_name,
state: :DISABLED
}
# Create the field mask.
update_mask = { paths: ["state"] }
# Call the API.
disabled_version = client.update_crypto_key_version crypto_key_version: version, update_mask: update_mask
puts "Disabled key version: #{disabled_version.name}"
次のステップ
他の Google Cloud プロダクトに関連するコードサンプルの検索およびフィルタ検索を行うには、Google Cloud のサンプルをご覧ください。