REST Resource: projects.locations.edgeCacheKeysets

Resource: EdgeCacheKeyset

Represents a collection of public keys used for validating signed requests.

JSON representation
{
  "name": string,
  "createTime": string,
  "updateTime": string,
  "description": string,
  "labels": {
    string: string,
    ...
  },
  "publicKeys": [
    {
      object (PublicKey)
    }
  ],
  "validationSharedKeys": [
    {
      object (Secret)
    }
  ]
}
Fields
name

string

Required. The name of the resource as provided by the client when the resource is created. The name must be 1-64 characters long, and match the regular expression [a-zA-Z]([a-zA-Z0-9_-])* which means the first character must be a letter, and all following characters must be a dash, an underscore, a letter, or a digit.

createTime

string (Timestamp format)

Output only. The creation timestamp in RFC3339 text format.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

updateTime

string (Timestamp format)

Output only. The update timestamp in RFC3339 text format.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

description

string

Optional. A human-readable description of the resource.

labels

map (key: string, value: string)

Optional. A set of label tags associated with the EdgeCacheKeyset resource.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

publicKeys[]

object (PublicKey)

Optional. An ordered list of Ed25519 public keys to use for validating signed requests.

Ed25519 public keys are not secret and only allow Google to validate that a request was signed by your corresponding private key. Ensure that the private key is kept secret and that only authorized users can add public keys to a keyset.

You can rotate keys by appending (pushing) a new key to the list of public keys, and removing any superseded keys.

You must specify publicKeys or validationSharedKeys (or both). The keys in publicKeys are checked first.

You can specify at most one Google-managed public key.

If you specify publicKeys, you must specify at least one key and can specify up to three keys.

validationSharedKeys[]

object (Secret)

Optional. An ordered list of shared keys to use for validating signed requests.

Shared keys are secret. Ensure that only authorized users can add validationSharedKeys to a keyset.

You can rotate keys by appending (pushing) a new key to the list of validationSharedKeys and removing any superseded keys.

You must specify publicKeys or validationSharedKeys (or both). The keys in publicKeys are checked first.

If you specify validationSharedKeys, you must specify at least one key and can specify up to three keys.

PublicKey

An Ed25519 public key used for validating signed requests.

JSON representation
{
  "id": string,
  "value": string,
  "managed": boolean
}
Fields
id

string

Required. The ID of the public key.

The ID must be 1-64 characters long, and match the regular expression [a-zA-Z]([a-zA-Z0-9_-])* which means the first character must be a letter, and all following characters must be a dash, an underscore, a letter, or a digit.

value

string

Optional. The base64-encoded value of the Ed25519 public key.

The base64 encoding can be padded (44 bytes) or unpadded (43 bytes). Representations or encodings of the public key other than this are rejected with an error.

Either value or managed must be specified.

managed

boolean

Optional. Set to true to have the CDN automatically manage this public key.

Managed keys are used by the CDN for dual-token authentication. Media CDN internally generates, uses, and rotates the underlying public and private key pair. It is not possible to use a managed key outside of dual-token authentication.

Either value or managed must be specified.

Secret

A secret key stored in Secret Manager.

JSON representation
{
  "secretVersion": string
}
Fields
secretVersion

string

Required. The name of the secret in Secret Manager.

The resource name of the secret version must be in the format projects/*/secrets/*/versions/* where the * values are replaced by the name of the secret.

The secrets must be at least 16 bytes. The recommended secret size depends on the signature algorithm that you're using.

  • If you're using HMAC-SHA1, we recommend 20-byte secrets.

  • If you're using HMAC-SHA256, we recommend 32-byte secrets.

See RFC 2104, Section 3 for more details on these recommendations.

Methods

create

Creates a new EdgeCacheKeyset in a given project and location.

delete

Deletes a single EdgeCacheKeyset.

get

Gets details of a single EdgeCacheKeyset.

getIamPolicy

Gets the access control policy for a resource.

list

Lists EdgeCacheKeysets in a given project and location.

patch

Updates the parameters of a single EdgeCacheKeyset.

setIamPolicy

Sets the access control policy on the specified resource.

testIamPermissions

Returns permissions that a caller has on the specified resource.