REST Resource: projects.locations.kmsConfigs

Resource: KmsConfig

KmsConfig is the customer managed encryption key(CMEK) configuration.

JSON representation 
{
  "name": string,
  "cryptoKeyName": string,
  "state": enum (State),
  "stateDetails": string,
  "createTime": string,
  "description": string,
  "labels": {
    string: string,
    ...
  },
  "instructions": string,
  "serviceAccount": string
}
Fields
name

string

Identifier. Name of the KmsConfig.
cryptoKeyName

string

Required. Customer managed crypto key resource full name. Format: projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{key}.
state

enum (State)

Output only. State of the KmsConfig.
stateDetails

string

Output only. State details of the KmsConfig.
createTime

string (Timestamp format)

Output only. Create time of the KmsConfig.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
description

string

Description of the KmsConfig.
labels

map (key: string, value: string)

Labels as key value pairs

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
instructions

string

Output only. Instructions to provide the access to the customer provided encryption key.
serviceAccount

string

Output only. The Service account which will have access to the customer provided encryption key.

State

The KmsConfig States

Enums
STATE_UNSPECIFIED Unspecified KmsConfig State
READY KmsConfig State is Ready
CREATING KmsConfig State is Creating
DELETING KmsConfig State is Deleting
UPDATING KmsConfig State is Updating
IN_USE KmsConfig State is In Use.
ERROR KmsConfig State is Error
KEY_CHECK_PENDING KmsConfig State is Pending to verify crypto key access.
KEY_NOT_REACHABLE KmsConfig State is Not accessbile by the SDE service account to the crypto key.
DISABLING KmsConfig State is Disabling.
DISABLED KmsConfig State is Disabled.
MIGRATING KmsConfig State is Migrating. The existing volumes are migrating from SMEK to CMEK.

Methods

create

 Creates a new KMS config.

delete

 Warning!

encrypt

 Encrypt the existing volumes without CMEK encryption with the desired the KMS config for the whole region.

get

 Returns the description of the specified KMS config by kms_config_id.

list

 Returns descriptions of all KMS configs owned by the caller.

patch

 Updates the Kms config properties with the full spec

verify

 Verifies KMS config reachability.