Enumerations

CryptoKeyPurpose

static

number

CryptoKeyPurpose describes the capabilities of a CryptoKey. Two keys with the same purpose may use different underlying algorithms, but must support the same set of operations.

Value

CRYPTO_KEY_PURPOSE_UNSPECIFIED

Not specified.

ENCRYPT_DECRYPT

CryptoKeys with this purpose may be used with Encrypt and Decrypt.

CryptoKeyVersionState

static

number

The state of a CryptoKeyVersion, indicating if it can be used.

Value

CRYPTO_KEY_VERSION_STATE_UNSPECIFIED

Not specified.

ENABLED

This version may be used in Encrypt and Decrypt requests.

DISABLED

This version may not be used, but the key material is still available, and the version can be placed back into the ENABLED state.

DESTROYED

This version is destroyed, and the key material is no longer stored. A version may not leave this state once entered.

DESTROY_SCHEDULED

This version is scheduled for destruction, and will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the DISABLED state.

Properties

CryptoKeyPurpose

static

number

CryptoKeyPurpose describes the capabilities of a CryptoKey. Two keys with the same purpose may use different underlying algorithms, but must support the same set of operations.

Value

CRYPTO_KEY_PURPOSE_UNSPECIFIED

Not specified.

ENCRYPT_DECRYPT

CryptoKeys with this purpose may be used with Encrypt and Decrypt.

CryptoKeyVersionState

static

number

The state of a CryptoKeyVersion, indicating if it can be used.

Value

CRYPTO_KEY_VERSION_STATE_UNSPECIFIED

Not specified.

ENABLED

This version may be used in Encrypt and Decrypt requests.

DISABLED

This version may not be used, but the key material is still available, and the version can be placed back into the ENABLED state.

DESTROYED

This version is destroyed, and the key material is no longer stored. A version may not leave this state once entered.

DESTROY_SCHEDULED

This version is scheduled for destruction, and will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the DISABLED state.

Abstract types

CreateCryptoKeyRequest

static

Request message for KeyManagementService.CreateCryptoKey.

Properties

Parameter

parent

string

Required. The name of the KeyRing associated with the CryptoKeys.

cryptoKeyId

string

Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

cryptoKey

Object

A CryptoKey with initial field values.

This object should have the same structure as CryptoKey

See also

google.cloud.kms.v1.CreateCryptoKeyRequest definition in proto format

CreateCryptoKeyVersionRequest

static

Request message for KeyManagementService.CreateCryptoKeyVersion.

Properties

Parameter

parent

string

Required. The name of the CryptoKey associated with the CryptoKeyVersions.

cryptoKeyVersion

Object

A CryptoKeyVersion with initial field values.

This object should have the same structure as CryptoKeyVersion

See also

google.cloud.kms.v1.CreateCryptoKeyVersionRequest definition in proto format

CreateKeyRingRequest

static

Request message for KeyManagementService.CreateKeyRing.

Properties

Parameter

parent

string

Required. The resource name of the location associated with the KeyRings, in the format projects/ /locations/.

keyRingId

string

Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}

keyRing

Object

A KeyRing with initial field values.

This object should have the same structure as KeyRing

See also

google.cloud.kms.v1.CreateKeyRingRequest definition in proto format

CryptoKey

static

A CryptoKey represents a logical key that can be used for cryptographic operations.

A CryptoKey is made up of one or more versions, which represent the actual key material used in cryptographic operations.

Properties

Parameter

name

string

Output only. The resource name for this CryptoKey in the format projects/ /locations/ /keyRings/ /cryptoKeys/.

primary

Object

Output only. A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name.

The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion.

This object should have the same structure as CryptoKeyVersion

purpose

number

The immutable purpose of this CryptoKey. Currently, the only acceptable purpose is ENCRYPT_DECRYPT.

The number should be among the values of CryptoKeyPurpose

createTime

Object

Output only. The time at which this CryptoKey was created.

This object should have the same structure as Timestamp

nextRotationTime

Object

At next_rotation_time, the Key Management Service will automatically:

  1. Create a new version of this CryptoKey.
  2. Mark the new version as primary.

    Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time.

    This object should have the same structure as Timestamp

rotationPeriod

Object

next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least one day.

If rotation_period is set, next_rotation_time must also be set.

This object should have the same structure as Duration

labels

Object with string properties

Labels with user-defined metadata. For more information, see Labeling Keys.

See also

google.cloud.kms.v1.CryptoKey definition in proto format

CryptoKeyVersion

static

A CryptoKeyVersion represents an individual cryptographic key, and the associated key material.

It can be used for cryptographic operations either directly, or via its parent CryptoKey, in which case the server will choose the appropriate version for the operation.

For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion can never be viewed or exported. It can only be used to encrypt or decrypt data when an authorized user or application invokes Cloud KMS.

Properties

Parameter

name

string

Output only. The resource name for this CryptoKeyVersion in the format projects/ /locations/ /keyRings/ /cryptoKeys/ /cryptoKeyVersions/*.

state

number

The current state of the CryptoKeyVersion.

The number should be among the values of CryptoKeyVersionState

createTime

Object

Output only. The time at which this CryptoKeyVersion was created.

This object should have the same structure as Timestamp

destroyTime

Object

Output only. The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.

This object should have the same structure as Timestamp

destroyEventTime

Object

Output only. The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.

This object should have the same structure as Timestamp

See also

google.cloud.kms.v1.CryptoKeyVersion definition in proto format

DecryptRequest

static

Request message for KeyManagementService.Decrypt.

Properties

Parameter

name

string

Required. The resource name of the CryptoKey to use for decryption. The server will choose the appropriate version.

ciphertext

string

Required. The encrypted data originally returned in EncryptResponse.ciphertext.

additionalAuthenticatedData

string

Optional data that must match the data originally supplied in EncryptRequest.additional_authenticated_data.

See also

google.cloud.kms.v1.DecryptRequest definition in proto format

DecryptResponse

static

Response message for KeyManagementService.Decrypt.

Property

Parameter

plaintext

string

The decrypted data originally supplied in EncryptRequest.plaintext.

See also

google.cloud.kms.v1.DecryptResponse definition in proto format

DestroyCryptoKeyVersionRequest

static

Request message for KeyManagementService.DestroyCryptoKeyVersion.

Property

Parameter

name

string

The resource name of the CryptoKeyVersion to destroy.

See also

google.cloud.kms.v1.DestroyCryptoKeyVersionRequest definition in proto format

EncryptRequest

static

Request message for KeyManagementService.Encrypt.

Properties

Parameter

name

string

Required. The resource name of the CryptoKey or CryptoKeyVersion to use for encryption.

If a CryptoKey is specified, the server will use its primary version.

plaintext

string

Required. The data to encrypt. Must be no larger than 64KiB.

additionalAuthenticatedData

string

Optional data that, if specified, must also be provided during decryption through DecryptRequest.additional_authenticated_data. Must be no larger than 64KiB.

See also

google.cloud.kms.v1.EncryptRequest definition in proto format

EncryptResponse

static

Response message for KeyManagementService.Encrypt.

Properties

Parameter

name

string

The resource name of the CryptoKeyVersion used in encryption.

ciphertext

string

The encrypted data.

See also

google.cloud.kms.v1.EncryptResponse definition in proto format

GetCryptoKeyRequest

static

Request message for KeyManagementService.GetCryptoKey.

Property

Parameter

name

string

The name of the CryptoKey to get.

See also

google.cloud.kms.v1.GetCryptoKeyRequest definition in proto format

GetCryptoKeyVersionRequest

static

Request message for KeyManagementService.GetCryptoKeyVersion.

Property

Parameter

name

string

The name of the CryptoKeyVersion to get.

See also

google.cloud.kms.v1.GetCryptoKeyVersionRequest definition in proto format

GetKeyRingRequest

static

Request message for KeyManagementService.GetKeyRing.

Property

Parameter

name

string

The name of the KeyRing to get.

See also

google.cloud.kms.v1.GetKeyRingRequest definition in proto format

KeyRing

static

A KeyRing is a toplevel logical grouping of CryptoKeys.

Properties

Parameter

name

string

Output only. The resource name for the KeyRing in the format projects/ /locations/ /keyRings/*.

createTime

Object

Output only. The time at which this KeyRing was created.

This object should have the same structure as Timestamp

See also

google.cloud.kms.v1.KeyRing definition in proto format

ListCryptoKeysRequest

static

Request message for KeyManagementService.ListCryptoKeys.

Properties

Parameter

parent

string

Required. The resource name of the KeyRing to list, in the format projects/ /locations/ /keyRings/*.

pageSize

number

Optional limit on the number of CryptoKeys to include in the response. Further CryptoKeys can subsequently be obtained by including the ListCryptoKeysResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.

pageToken

string

Optional pagination token, returned earlier via ListCryptoKeysResponse.next_page_token.

See also

google.cloud.kms.v1.ListCryptoKeysRequest definition in proto format

ListCryptoKeysResponse

static

Response message for KeyManagementService.ListCryptoKeys.

Properties

Parameter

cryptoKeys

Array of Object

The list of CryptoKeys.

This object should have the same structure as CryptoKey

nextPageToken

string

A token to retrieve next page of results. Pass this value in ListCryptoKeysRequest.page_token to retrieve the next page of results.

totalSize

number

The total number of CryptoKeys that matched the query.

See also

google.cloud.kms.v1.ListCryptoKeysResponse definition in proto format

ListCryptoKeyVersionsRequest

static

Request message for KeyManagementService.ListCryptoKeyVersions.

Properties

Parameter

parent

string

Required. The resource name of the CryptoKey to list, in the format projects/ /locations/ /keyRings/ /cryptoKeys/.

pageSize

number

Optional limit on the number of CryptoKeyVersions to include in the response. Further CryptoKeyVersions can subsequently be obtained by including the ListCryptoKeyVersionsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.

pageToken

string

Optional pagination token, returned earlier via ListCryptoKeyVersionsResponse.next_page_token.

See also

google.cloud.kms.v1.ListCryptoKeyVersionsRequest definition in proto format

ListCryptoKeyVersionsResponse

static

Response message for KeyManagementService.ListCryptoKeyVersions.

Properties

Parameter

cryptoKeyVersions

Array of Object

The list of CryptoKeyVersions.

This object should have the same structure as CryptoKeyVersion

nextPageToken

string

A token to retrieve next page of results. Pass this value in ListCryptoKeyVersionsRequest.page_token to retrieve the next page of results.

totalSize

number

The total number of CryptoKeyVersions that matched the query.

See also

google.cloud.kms.v1.ListCryptoKeyVersionsResponse definition in proto format

ListKeyRingsRequest

static

Request message for KeyManagementService.ListKeyRings.

Properties

Parameter

parent

string

Required. The resource name of the location associated with the KeyRings, in the format projects/ /locations/.

pageSize

number

Optional limit on the number of KeyRings to include in the response. Further KeyRings can subsequently be obtained by including the ListKeyRingsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.

pageToken

string

Optional pagination token, returned earlier via ListKeyRingsResponse.next_page_token.

See also

google.cloud.kms.v1.ListKeyRingsRequest definition in proto format

ListKeyRingsResponse

static

Response message for KeyManagementService.ListKeyRings.

Properties

Parameter

keyRings

Array of Object

The list of KeyRings.

This object should have the same structure as KeyRing

nextPageToken

string

A token to retrieve next page of results. Pass this value in ListKeyRingsRequest.page_token to retrieve the next page of results.

totalSize

number

The total number of KeyRings that matched the query.

See also

google.cloud.kms.v1.ListKeyRingsResponse definition in proto format

RestoreCryptoKeyVersionRequest

static

Request message for KeyManagementService.RestoreCryptoKeyVersion.

Property

Parameter

name

string

The resource name of the CryptoKeyVersion to restore.

See also

google.cloud.kms.v1.RestoreCryptoKeyVersionRequest definition in proto format

UpdateCryptoKeyPrimaryVersionRequest

static

Request message for KeyManagementService.UpdateCryptoKeyPrimaryVersion.

Properties

Parameter

name

string

The resource name of the CryptoKey to update.

cryptoKeyVersionId

string

The id of the child CryptoKeyVersion to use as primary.

See also

google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest definition in proto format

UpdateCryptoKeyRequest

static

Request message for KeyManagementService.UpdateCryptoKey.

Properties

Parameter

cryptoKey

Object

CryptoKey with updated values.

This object should have the same structure as CryptoKey

updateMask

Object

Required list of fields to be updated in this request.

This object should have the same structure as FieldMask

See also

google.cloud.kms.v1.UpdateCryptoKeyRequest definition in proto format

UpdateCryptoKeyVersionRequest

static

Request message for KeyManagementService.UpdateCryptoKeyVersion.

Properties

Parameter

cryptoKeyVersion

Object

CryptoKeyVersion with updated values.

This object should have the same structure as CryptoKeyVersion

updateMask

Object

Required list of fields to be updated in this request.

This object should have the same structure as FieldMask

See also

google.cloud.kms.v1.UpdateCryptoKeyVersionRequest definition in proto format