Constructor

KeyManagementServiceClient

new KeyManagementServiceClient(options)

Construct an instance of KeyManagementServiceClient.

Parameter

options

Optional

object

The configuration object. See the subsequent parameters for more details.

Values in options have the following properties:

Parameter

credentials

Optional

object

Credentials object.

credentials.client_email

Optional

string

credentials.private_key

Optional

string

email

Optional

string

Account email address. Required when using a .pem or .p12 keyFilename.

keyFilename

Optional

string

Full path to the a .json, .pem, or .p12 key downloaded from the Google Developers Console. If you provide a path to a JSON file, the projectId option below is not necessary. NOTE: .pem and .p12 require you to specify options.email as well.

port

Optional

number

The port on which to connect to the remote host.

projectId

Optional

string

The project ID from the Google Developer's Console, e.g. 'grape-spaceship-123'. We will also check the environment variable GCLOUD_PROJECT for your project ID. If your app is running in an environment which supports Application Default Credentials, your project ID will be detected automatically.

promise

Optional

function()

Custom promise module to use instead of native Promises.

servicePath

Optional

string

The domain name of the API remote host.

Properties

port

static

The port for this API service.

scopes

static

The scopes needed to make gRPC calls for every method defined in this service.

servicePath

static

The DNS address for this API service.

Methods

createCryptoKey

createCryptoKey(request, options, callback) returns Promise

Create a new CryptoKey within a KeyRing.

CryptoKey.purpose is required.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

parent

string

Required. The name of the KeyRing associated with the CryptoKeys.

cryptoKeyId

string

Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

cryptoKey

Object

A CryptoKey with initial field values.

This object should have the same structure as CryptoKey

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKey.

Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing CryptoKey. The promise has a method named "cancel" which cancels the ongoing API call.

Example

const kms = require('@google-cloud/kms');

var client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

var formattedParent = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');
var cryptoKeyId = 'my-app-key';
var purpose = 'ENCRYPT_DECRYPT';
var seconds = 2147483647;
var nextRotationTime = {
  seconds: seconds,
};
var seconds2 = 604800;
var rotationPeriod = {
  seconds: seconds2,
};
var cryptoKey = {
  purpose: purpose,
  nextRotationTime: nextRotationTime,
  rotationPeriod: rotationPeriod,
};
var request = {
  parent: formattedParent,
  cryptoKeyId: cryptoKeyId,
  cryptoKey: cryptoKey,
};
client.createCryptoKey(request)
  .then(responses => {
    var response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

createCryptoKeyVersion

createCryptoKeyVersion(request, options, callback) returns Promise

Create a new CryptoKeyVersion in a CryptoKey.

The server will assign the next sequential id. If unset, state will be set to ENABLED.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

parent

string

Required. The name of the CryptoKey associated with the CryptoKeyVersions.

cryptoKeyVersion

Object

A CryptoKeyVersion with initial field values.

This object should have the same structure as CryptoKeyVersion

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKeyVersion.

Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing CryptoKeyVersion. The promise has a method named "cancel" which cancels the ongoing API call.

Example

const kms = require('@google-cloud/kms');

var client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

var formattedParent = client.cryptoKeyPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]');
var cryptoKeyVersion = {};
var request = {
  parent: formattedParent,
  cryptoKeyVersion: cryptoKeyVersion,
};
client.createCryptoKeyVersion(request)
  .then(responses => {
    var response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

createKeyRing

createKeyRing(request, options, callback) returns Promise

Create a new KeyRing in a given Project and Location.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

parent

string

Required. The resource name of the location associated with the KeyRings, in the format projects/ /locations/.

keyRingId

string

Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}

keyRing

Object

A KeyRing with initial field values.

This object should have the same structure as KeyRing

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing KeyRing.

Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing KeyRing. The promise has a method named "cancel" which cancels the ongoing API call.

Example

const kms = require('@google-cloud/kms');

var client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

var formattedParent = client.locationPath('[PROJECT]', '[LOCATION]');
var keyRingId = '';
var keyRing = {};
var request = {
  parent: formattedParent,
  keyRingId: keyRingId,
  keyRing: keyRing,
};
client.createKeyRing(request)
  .then(responses => {
    var response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

cryptoKeyPath

cryptoKeyPath(project, location, keyRing, cryptoKey) returns String

Return a fully-qualified crypto_key resource name string.

Parameter

project

String

location

String

keyRing

String

cryptoKey

String

Returns

String 

cryptoKeyPathPath

cryptoKeyPathPath(project, location, keyRing, cryptoKeyPath) returns String

Return a fully-qualified crypto_key_path resource name string.

Parameter

project

String

location

String

keyRing

String

cryptoKeyPath

String

Returns

String 

cryptoKeyVersionPath

cryptoKeyVersionPath(project, location, keyRing, cryptoKey, cryptoKeyVersion) returns String

Return a fully-qualified crypto_key_version resource name string.

Parameter

project

String

location

String

keyRing

String

cryptoKey

String

cryptoKeyVersion

String

Returns

String 

decrypt

decrypt(request, options, callback) returns Promise

Decrypts data that was protected by Encrypt.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

name

string

Required. The resource name of the CryptoKey to use for decryption. The server will choose the appropriate version.

ciphertext

string

Required. The encrypted data originally returned in EncryptResponse.ciphertext.

additionalAuthenticatedData

Optional

string

Optional data that must match the data originally supplied in EncryptRequest.additional_authenticated_data.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing DecryptResponse.

Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing DecryptResponse. The promise has a method named "cancel" which cancels the ongoing API call.

Example

const kms = require('@google-cloud/kms');

var client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

var formattedName = client.cryptoKeyPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]');
var ciphertext = '';
var request = {
  name: formattedName,
  ciphertext: ciphertext,
};
client.decrypt(request)
  .then(responses => {
    var response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

destroyCryptoKeyVersion

destroyCryptoKeyVersion(request, options, callback) returns Promise

Schedule a CryptoKeyVersion for destruction.

Upon calling this method, CryptoKeyVersion.state will be set to DESTROY_SCHEDULED and destroy_time will be set to a time 24 hours in the future, at which point the state will be changed to DESTROYED, and the key material will be irrevocably destroyed.

Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to reverse the process.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

name

string

The resource name of the CryptoKeyVersion to destroy.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKeyVersion.

Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing CryptoKeyVersion. The promise has a method named "cancel" which cancels the ongoing API call.

Example

const kms = require('@google-cloud/kms');

var client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

var formattedName = client.cryptoKeyVersionPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]');
client.destroyCryptoKeyVersion({name: formattedName})
  .then(responses => {
    var response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

encrypt

encrypt(request, options, callback) returns Promise

Encrypts data, so that it can only be recovered by a call to Decrypt.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

name

string

Required. The resource name of the CryptoKey or CryptoKeyVersion to use for encryption.

If a CryptoKey is specified, the server will use its primary version.

plaintext

string

Required. The data to encrypt. Must be no larger than 64KiB.

additionalAuthenticatedData

Optional

string

Optional data that, if specified, must also be provided during decryption through DecryptRequest.additional_authenticated_data. Must be no larger than 64KiB.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing EncryptResponse.

Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing EncryptResponse. The promise has a method named "cancel" which cancels the ongoing API call.

Example

const kms = require('@google-cloud/kms');

var client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

var formattedName = client.cryptoKeyPathPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY_PATH]');
var plaintext = '';
var request = {
  name: formattedName,
  plaintext: plaintext,
};
client.encrypt(request)
  .then(responses => {
    var response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

getCryptoKey

getCryptoKey(request, options, callback) returns Promise

Returns metadata for a given CryptoKey, as well as its primary CryptoKeyVersion.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

name

string

The name of the CryptoKey to get.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKey.

Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing CryptoKey. The promise has a method named "cancel" which cancels the ongoing API call.

Example

const kms = require('@google-cloud/kms');

var client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

var formattedName = client.cryptoKeyPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]');
client.getCryptoKey({name: formattedName})
  .then(responses => {
    var response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

getCryptoKeyVersion

getCryptoKeyVersion(request, options, callback) returns Promise

Returns metadata for a given CryptoKeyVersion.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

name

string

The name of the CryptoKeyVersion to get.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKeyVersion.

Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing CryptoKeyVersion. The promise has a method named "cancel" which cancels the ongoing API call.

Example

const kms = require('@google-cloud/kms');

var client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

var formattedName = client.cryptoKeyVersionPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]');
client.getCryptoKeyVersion({name: formattedName})
  .then(responses => {
    var response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

getIamPolicy

getIamPolicy(request, options, callback) returns Promise

Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

resource

string

REQUIRED: The resource for which the policy is being requested. resource is usually specified as a path. For example, a Project resource is specified as projects/{project}.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing Policy.

Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing Policy. The promise has a method named "cancel" which cancels the ongoing API call.

Example

const kms = require('@google-cloud/kms');

var client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

var formattedResource = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');
client.getIamPolicy({resource: formattedResource})
  .then(responses => {
    var response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

getKeyRing

getKeyRing(request, options, callback) returns Promise

Returns metadata for a given KeyRing.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

name

string

The name of the KeyRing to get.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing KeyRing.

Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing KeyRing. The promise has a method named "cancel" which cancels the ongoing API call.

Example

const kms = require('@google-cloud/kms');

var client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

var formattedName = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');
client.getKeyRing({name: formattedName})
  .then(responses => {
    var response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

getProjectId

getProjectId(callback)

Return the project ID used by this class.

Parameter

callback

function(Error, string)

the callback to be called with the current project Id.

keyRingPath

keyRingPath(project, location, keyRing) returns String

Return a fully-qualified key_ring resource name string.

Parameter

project

String

location

String

keyRing

String

Returns

String 

listCryptoKeys

listCryptoKeys(request, options, callback) returns Promise

Lists CryptoKeys.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

parent

string

Required. The resource name of the KeyRing to list, in the format projects/ /locations/ /keyRings/*.

pageSize

Optional

number

The maximum number of resources contained in the underlying API response. If page streaming is performed per-resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Array, nullable Object, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is Array of CryptoKey.

When autoPaginate: false is specified through options, it contains the result in a single response. If the response indicates the next page exists, the third parameter is set to be used for the next request object. The fourth parameter keeps the raw response object of an object representing ListCryptoKeysResponse.

Returns

Promise 

  • The promise which resolves to an array. The first element of the array is Array of CryptoKey.

    When autoPaginate: false is specified through options, the array has three elements. The first element is Array of CryptoKey in a single response. The second element is the next request object if the response indicates the next page exists, or null. The third element is an object representing ListCryptoKeysResponse.

    The promise has a method named "cancel" which cancels the ongoing API call.

Example

const kms = require('@google-cloud/kms');

var client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

// Iterate over all elements.
var formattedParent = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');

client.listCryptoKeys({parent: formattedParent})
  .then(responses => {
    var resources = responses[0];
    for (let i = 0; i < resources.length; i += 1) {
      // doThingsWith(resources[i])
    }
  })
  .catch(err => {
    console.error(err);
  });

// Or obtain the paged response.
var formattedParent = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');


var options = {autoPaginate: false};
var callback = responses => {
  // The actual resources in a response.
  var resources = responses[0];
  // The next request if the response shows that there are more responses.
  var nextRequest = responses[1];
  // The actual response object, if necessary.
  // var rawResponse = responses[2];
  for (let i = 0; i < resources.length; i += 1) {
    // doThingsWith(resources[i]);
  }
  if (nextRequest) {
    // Fetch the next page.
    return client.listCryptoKeys(nextRequest, options).then(callback);
  }
}
client.listCryptoKeys({parent: formattedParent}, options)
  .then(callback)
  .catch(err => {
    console.error(err);
  });

listCryptoKeysStream

listCryptoKeysStream(request, options) returns Stream

Equivalent to listCryptoKeys, but returns a NodeJS Stream object.

This fetches the paged responses for listCryptoKeys continuously and invokes the callback registered for 'data' event for each element in the responses.

The returned object has 'end' method when no more elements are required.

autoPaginate option will be ignored.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

parent

string

Required. The resource name of the KeyRing to list, in the format projects/ /locations/ /keyRings/*.

pageSize

Optional

number

The maximum number of resources contained in the underlying API response. If page streaming is performed per-resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

See also
https://nodejs.org/api/stream.html
Returns

Stream 

An object stream which emits an object representing CryptoKey on 'data' event.

Example

const kms = require('@google-cloud/kms');

var client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

var formattedParent = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');
client.listCryptoKeysStream({parent: formattedParent})
  .on('data', element => {
    // doThingsWith(element)
  }).on('error', err => {
    console.log(err);
  });

listCryptoKeyVersions

listCryptoKeyVersions(request, options, callback) returns Promise

Lists CryptoKeyVersions.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

parent

string

Required. The resource name of the CryptoKey to list, in the format projects/ /locations/ /keyRings/ /cryptoKeys/.

pageSize

Optional

number

The maximum number of resources contained in the underlying API response. If page streaming is performed per-resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Array, nullable Object, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is Array of CryptoKeyVersion.

When autoPaginate: false is specified through options, it contains the result in a single response. If the response indicates the next page exists, the third parameter is set to be used for the next request object. The fourth parameter keeps the raw response object of an object representing ListCryptoKeyVersionsResponse.

Returns

Promise 

  • The promise which resolves to an array. The first element of the array is Array of CryptoKeyVersion.

    When autoPaginate: false is specified through options, the array has three elements. The first element is Array of CryptoKeyVersion in a single response. The second element is the next request object if the response indicates the next page exists, or null. The third element is an object representing ListCryptoKeyVersionsResponse.

    The promise has a method named "cancel" which cancels the ongoing API call.

Example

const kms = require('@google-cloud/kms');

var client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

// Iterate over all elements.
var formattedParent = client.cryptoKeyPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]');

client.listCryptoKeyVersions({parent: formattedParent})
  .then(responses => {
    var resources = responses[0];
    for (let i = 0; i < resources.length; i += 1) {
      // doThingsWith(resources[i])
    }
  })
  .catch(err => {
    console.error(err);
  });

// Or obtain the paged response.
var formattedParent = client.cryptoKeyPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]');


var options = {autoPaginate: false};
var callback = responses => {
  // The actual resources in a response.
  var resources = responses[0];
  // The next request if the response shows that there are more responses.
  var nextRequest = responses[1];
  // The actual response object, if necessary.
  // var rawResponse = responses[2];
  for (let i = 0; i < resources.length; i += 1) {
    // doThingsWith(resources[i]);
  }
  if (nextRequest) {
    // Fetch the next page.
    return client.listCryptoKeyVersions(nextRequest, options).then(callback);
  }
}
client.listCryptoKeyVersions({parent: formattedParent}, options)
  .then(callback)
  .catch(err => {
    console.error(err);
  });

listCryptoKeyVersionsStream

listCryptoKeyVersionsStream(request, options) returns Stream

Equivalent to listCryptoKeyVersions, but returns a NodeJS Stream object.

This fetches the paged responses for listCryptoKeyVersions continuously and invokes the callback registered for 'data' event for each element in the responses.

The returned object has 'end' method when no more elements are required.

autoPaginate option will be ignored.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

parent

string

Required. The resource name of the CryptoKey to list, in the format projects/ /locations/ /keyRings/ /cryptoKeys/.

pageSize

Optional

number

The maximum number of resources contained in the underlying API response. If page streaming is performed per-resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

See also
https://nodejs.org/api/stream.html
Returns

Stream 

An object stream which emits an object representing CryptoKeyVersion on 'data' event.

Example

const kms = require('@google-cloud/kms');

var client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

var formattedParent = client.cryptoKeyPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]');
client.listCryptoKeyVersionsStream({parent: formattedParent})
  .on('data', element => {
    // doThingsWith(element)
  }).on('error', err => {
    console.log(err);
  });

listKeyRings

listKeyRings(request, options, callback) returns Promise

Lists KeyRings.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

parent

string

Required. The resource name of the location associated with the KeyRings, in the format projects/ /locations/.

pageSize

Optional

number

The maximum number of resources contained in the underlying API response. If page streaming is performed per-resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Array, nullable Object, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is Array of KeyRing.

When autoPaginate: false is specified through options, it contains the result in a single response. If the response indicates the next page exists, the third parameter is set to be used for the next request object. The fourth parameter keeps the raw response object of an object representing ListKeyRingsResponse.

Returns

Promise 

  • The promise which resolves to an array. The first element of the array is Array of KeyRing.

    When autoPaginate: false is specified through options, the array has three elements. The first element is Array of KeyRing in a single response. The second element is the next request object if the response indicates the next page exists, or null. The third element is an object representing ListKeyRingsResponse.

    The promise has a method named "cancel" which cancels the ongoing API call.

Example

const kms = require('@google-cloud/kms');

var client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

// Iterate over all elements.
var formattedParent = client.locationPath('[PROJECT]', '[LOCATION]');

client.listKeyRings({parent: formattedParent})
  .then(responses => {
    var resources = responses[0];
    for (let i = 0; i < resources.length; i += 1) {
      // doThingsWith(resources[i])
    }
  })
  .catch(err => {
    console.error(err);
  });

// Or obtain the paged response.
var formattedParent = client.locationPath('[PROJECT]', '[LOCATION]');


var options = {autoPaginate: false};
var callback = responses => {
  // The actual resources in a response.
  var resources = responses[0];
  // The next request if the response shows that there are more responses.
  var nextRequest = responses[1];
  // The actual response object, if necessary.
  // var rawResponse = responses[2];
  for (let i = 0; i < resources.length; i += 1) {
    // doThingsWith(resources[i]);
  }
  if (nextRequest) {
    // Fetch the next page.
    return client.listKeyRings(nextRequest, options).then(callback);
  }
}
client.listKeyRings({parent: formattedParent}, options)
  .then(callback)
  .catch(err => {
    console.error(err);
  });

listKeyRingsStream

listKeyRingsStream(request, options) returns Stream

Equivalent to listKeyRings, but returns a NodeJS Stream object.

This fetches the paged responses for listKeyRings continuously and invokes the callback registered for 'data' event for each element in the responses.

The returned object has 'end' method when no more elements are required.

autoPaginate option will be ignored.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

parent

string

Required. The resource name of the location associated with the KeyRings, in the format projects/ /locations/.

pageSize

Optional

number

The maximum number of resources contained in the underlying API response. If page streaming is performed per-resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

See also
https://nodejs.org/api/stream.html
Returns

Stream 

An object stream which emits an object representing KeyRing on 'data' event.

Example

const kms = require('@google-cloud/kms');

var client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

var formattedParent = client.locationPath('[PROJECT]', '[LOCATION]');
client.listKeyRingsStream({parent: formattedParent})
  .on('data', element => {
    // doThingsWith(element)
  }).on('error', err => {
    console.log(err);
  });

locationPath

locationPath(project, location) returns String

Return a fully-qualified location resource name string.

Parameter

project

String

location

String

Returns

String 

matchCryptoKeyFromCryptoKeyName

matchCryptoKeyFromCryptoKeyName(cryptoKeyName) returns String

Parse the cryptoKeyName from a crypto_key resource.

Parameter

cryptoKeyName

String

A fully-qualified path representing a crypto_key resources.

Returns

String 

  • A string representing the crypto_key.

matchCryptoKeyFromCryptoKeyVersionName

matchCryptoKeyFromCryptoKeyVersionName(cryptoKeyVersionName) returns String

Parse the cryptoKeyVersionName from a crypto_key_version resource.

Parameter

cryptoKeyVersionName

String

A fully-qualified path representing a crypto_key_version resources.

Returns

String 

  • A string representing the crypto_key.

matchCryptoKeyPathFromCryptoKeyPathName

matchCryptoKeyPathFromCryptoKeyPathName(cryptoKeyPathName) returns String

Parse the cryptoKeyPathName from a crypto_key_path resource.

Parameter

cryptoKeyPathName

String

A fully-qualified path representing a crypto_key_path resources.

Returns

String 

  • A string representing the crypto_key_path.

matchCryptoKeyVersionFromCryptoKeyVersionName

matchCryptoKeyVersionFromCryptoKeyVersionName(cryptoKeyVersionName) returns String

Parse the cryptoKeyVersionName from a crypto_key_version resource.

Parameter

cryptoKeyVersionName

String

A fully-qualified path representing a crypto_key_version resources.

Returns

String 

  • A string representing the crypto_key_version.

matchKeyRingFromCryptoKeyName

matchKeyRingFromCryptoKeyName(cryptoKeyName) returns String

Parse the cryptoKeyName from a crypto_key resource.

Parameter

cryptoKeyName

String

A fully-qualified path representing a crypto_key resources.

Returns

String 

  • A string representing the key_ring.

matchKeyRingFromCryptoKeyPathName

matchKeyRingFromCryptoKeyPathName(cryptoKeyPathName) returns String

Parse the cryptoKeyPathName from a crypto_key_path resource.

Parameter

cryptoKeyPathName

String

A fully-qualified path representing a crypto_key_path resources.

Returns

String 

  • A string representing the key_ring.

matchKeyRingFromCryptoKeyVersionName

matchKeyRingFromCryptoKeyVersionName(cryptoKeyVersionName) returns String

Parse the cryptoKeyVersionName from a crypto_key_version resource.

Parameter

cryptoKeyVersionName

String

A fully-qualified path representing a crypto_key_version resources.

Returns

String 

  • A string representing the key_ring.

matchKeyRingFromKeyRingName

matchKeyRingFromKeyRingName(keyRingName) returns String

Parse the keyRingName from a key_ring resource.

Parameter

keyRingName

String

A fully-qualified path representing a key_ring resources.

Returns

String 

  • A string representing the key_ring.

matchLocationFromCryptoKeyName

matchLocationFromCryptoKeyName(cryptoKeyName) returns String

Parse the cryptoKeyName from a crypto_key resource.

Parameter

cryptoKeyName

String

A fully-qualified path representing a crypto_key resources.

Returns

String 

  • A string representing the location.

matchLocationFromCryptoKeyPathName

matchLocationFromCryptoKeyPathName(cryptoKeyPathName) returns String

Parse the cryptoKeyPathName from a crypto_key_path resource.

Parameter

cryptoKeyPathName

String

A fully-qualified path representing a crypto_key_path resources.

Returns

String 

  • A string representing the location.

matchLocationFromCryptoKeyVersionName

matchLocationFromCryptoKeyVersionName(cryptoKeyVersionName) returns String

Parse the cryptoKeyVersionName from a crypto_key_version resource.

Parameter

cryptoKeyVersionName

String

A fully-qualified path representing a crypto_key_version resources.

Returns

String 

  • A string representing the location.

matchLocationFromKeyRingName

matchLocationFromKeyRingName(keyRingName) returns String

Parse the keyRingName from a key_ring resource.

Parameter

keyRingName

String

A fully-qualified path representing a key_ring resources.

Returns

String 

  • A string representing the location.

matchLocationFromLocationName

matchLocationFromLocationName(locationName) returns String

Parse the locationName from a location resource.

Parameter

locationName

String

A fully-qualified path representing a location resources.

Returns

String 

  • A string representing the location.

matchProjectFromCryptoKeyName

matchProjectFromCryptoKeyName(cryptoKeyName) returns String

Parse the cryptoKeyName from a crypto_key resource.

Parameter

cryptoKeyName

String

A fully-qualified path representing a crypto_key resources.

Returns

String 

  • A string representing the project.

matchProjectFromCryptoKeyPathName

matchProjectFromCryptoKeyPathName(cryptoKeyPathName) returns String

Parse the cryptoKeyPathName from a crypto_key_path resource.

Parameter

cryptoKeyPathName

String

A fully-qualified path representing a crypto_key_path resources.

Returns

String 

  • A string representing the project.

matchProjectFromCryptoKeyVersionName

matchProjectFromCryptoKeyVersionName(cryptoKeyVersionName) returns String

Parse the cryptoKeyVersionName from a crypto_key_version resource.

Parameter

cryptoKeyVersionName

String

A fully-qualified path representing a crypto_key_version resources.

Returns

String 

  • A string representing the project.

matchProjectFromKeyRingName

matchProjectFromKeyRingName(keyRingName) returns String

Parse the keyRingName from a key_ring resource.

Parameter

keyRingName

String

A fully-qualified path representing a key_ring resources.

Returns

String 

  • A string representing the project.

matchProjectFromLocationName

matchProjectFromLocationName(locationName) returns String

Parse the locationName from a location resource.

Parameter

locationName

String

A fully-qualified path representing a location resources.

Returns

String 

  • A string representing the project.

restoreCryptoKeyVersion

restoreCryptoKeyVersion(request, options, callback) returns Promise

Restore a CryptoKeyVersion in the DESTROY_SCHEDULED, state.

Upon restoration of the CryptoKeyVersion, state will be set to DISABLED, and destroy_time will be cleared.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

name

string

The resource name of the CryptoKeyVersion to restore.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKeyVersion.

Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing CryptoKeyVersion. The promise has a method named "cancel" which cancels the ongoing API call.

Example

const kms = require('@google-cloud/kms');

var client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

var formattedName = client.cryptoKeyVersionPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]');
client.restoreCryptoKeyVersion({name: formattedName})
  .then(responses => {
    var response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

setIamPolicy

setIamPolicy(request, options, callback) returns Promise

Sets the access control policy on the specified resource. Replaces any existing policy.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

resource

string

REQUIRED: The resource for which the policy is being specified. resource is usually specified as a path. For example, a Project resource is specified as projects/{project}.

policy

Object

REQUIRED: The complete policy to be applied to the resource. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.

This object should have the same structure as Policy

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing Policy.

Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing Policy. The promise has a method named "cancel" which cancels the ongoing API call.

Example

const kms = require('@google-cloud/kms');

var client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

var formattedResource = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');
var policy = {};
var request = {
  resource: formattedResource,
  policy: policy,
};
client.setIamPolicy(request)
  .then(responses => {
    var response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

testIamPermissions

testIamPermissions(request, options, callback) returns Promise

Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

resource

string

REQUIRED: The resource for which the policy detail is being requested. resource is usually specified as a path. For example, a Project resource is specified as projects/{project}.

permissions

Array of string

The set of permissions to check for the resource. Permissions with wildcards (such as '' or 'storage.') are not allowed. For more information see IAM Overview.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing TestIamPermissionsResponse.

Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing TestIamPermissionsResponse. The promise has a method named "cancel" which cancels the ongoing API call.

Example

const kms = require('@google-cloud/kms');

var client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

var formattedResource = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');
var permissions = [];
var request = {
  resource: formattedResource,
  permissions: permissions,
};
client.testIamPermissions(request)
  .then(responses => {
    var response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

updateCryptoKey

updateCryptoKey(request, options, callback) returns Promise

Update a CryptoKey.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

cryptoKey

Object

CryptoKey with updated values.

This object should have the same structure as CryptoKey

updateMask

Object

Required list of fields to be updated in this request.

This object should have the same structure as FieldMask

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKey.

Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing CryptoKey. The promise has a method named "cancel" which cancels the ongoing API call.

Example

const kms = require('@google-cloud/kms');

var client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

var cryptoKey = {};
var updateMask = {};
var request = {
  cryptoKey: cryptoKey,
  updateMask: updateMask,
};
client.updateCryptoKey(request)
  .then(responses => {
    var response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

updateCryptoKeyPrimaryVersion

updateCryptoKeyPrimaryVersion(request, options, callback) returns Promise

Update the version of a CryptoKey that will be used in Encrypt

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

name

string

The resource name of the CryptoKey to update.

cryptoKeyVersionId

string

The id of the child CryptoKeyVersion to use as primary.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKey.

Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing CryptoKey. The promise has a method named "cancel" which cancels the ongoing API call.

Example

const kms = require('@google-cloud/kms');

var client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

var formattedName = client.cryptoKeyPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]');
var cryptoKeyVersionId = '';
var request = {
  name: formattedName,
  cryptoKeyVersionId: cryptoKeyVersionId,
};
client.updateCryptoKeyPrimaryVersion(request)
  .then(responses => {
    var response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

updateCryptoKeyVersion

updateCryptoKeyVersion(request, options, callback) returns Promise

Update a CryptoKeyVersion's metadata.

state may be changed between ENABLED and DISABLED using this method. See DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to move between other states.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

cryptoKeyVersion

Object

CryptoKeyVersion with updated values.

This object should have the same structure as CryptoKeyVersion

updateMask

Object

Required list of fields to be updated in this request.

This object should have the same structure as FieldMask

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKeyVersion.

Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing CryptoKeyVersion. The promise has a method named "cancel" which cancels the ongoing API call.

Example

const kms = require('@google-cloud/kms');

var client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

var cryptoKeyVersion = {};
var updateMask = {};
var request = {
  cryptoKeyVersion: cryptoKeyVersion,
  updateMask: updateMask,
};
client.updateCryptoKeyVersion(request)
  .then(responses => {
    var response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });