Enumerations

AttestationFormat

static

number

Attestion formats provided by the HSM.

Value

ATTESTATION_FORMAT_UNSPECIFIED

CAVIUM_V1_COMPRESSED

Cavium HSM attestation compressed with gzip. Note that this format is defined by Cavium and subject to change at any time.

CryptoKeyPurpose

static

number

CryptoKeyPurpose describes the cryptographic capabilities of a CryptoKey. A given key can only be used for the operations allowed by its purpose.

Value

CRYPTO_KEY_PURPOSE_UNSPECIFIED

Not specified.

ENCRYPT_DECRYPT

CryptoKeys with this purpose may be used with Encrypt and Decrypt.

ASYMMETRIC_SIGN

CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.

ASYMMETRIC_DECRYPT

CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.

CryptoKeyVersionAlgorithm

static

number

The algorithm of the CryptoKeyVersion, indicating what parameters must be used for each cryptographic operation.

The GOOGLE_SYMMETRIC_ENCRYPTION algorithm is usable with CryptoKey.purpose ENCRYPT_DECRYPT.

Algorithms beginning with "RSA_SIGN_" are usable with CryptoKey.purpose ASYMMETRIC_SIGN.

The fields in the name after "RSA_SIGN_" correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm.

For PSS, the salt length used is equal to the length of digest algorithm. For example, RSA_SIGN_PSS_2048_SHA256 will use PSS with a salt length of 256 bits or 32 bytes.

Algorithms beginning with "RSA_DECRYPT_" are usable with CryptoKey.purpose ASYMMETRIC_DECRYPT.

The fields in the name after "RSA_DECRYPT_" correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm.

Algorithms beginning with "EC_SIGN_" are usable with CryptoKey.purpose ASYMMETRIC_SIGN.

The fields in the name after "EC_SIGN_" correspond to the following parameters: elliptic curve, digest algorithm.

Value

CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED

Not specified.

GOOGLE_SYMMETRIC_ENCRYPTION

Creates symmetric encryption keys.

RSA_SIGN_PSS_2048_SHA256

RSASSA-PSS 2048 bit key with a SHA256 digest.

RSA_SIGN_PSS_3072_SHA256

RSASSA-PSS 3072 bit key with a SHA256 digest.

RSA_SIGN_PSS_4096_SHA256

RSASSA-PSS 4096 bit key with a SHA256 digest.

RSA_SIGN_PKCS1_2048_SHA256

RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

RSA_SIGN_PKCS1_3072_SHA256

RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

RSA_SIGN_PKCS1_4096_SHA256

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

RSA_DECRYPT_OAEP_2048_SHA256

RSAES-OAEP 2048 bit key with a SHA256 digest.

RSA_DECRYPT_OAEP_3072_SHA256

RSAES-OAEP 3072 bit key with a SHA256 digest.

RSA_DECRYPT_OAEP_4096_SHA256

RSAES-OAEP 4096 bit key with a SHA256 digest.

EC_SIGN_P256_SHA256

ECDSA on the NIST P-256 curve with a SHA256 digest.

EC_SIGN_P384_SHA384

ECDSA on the NIST P-384 curve with a SHA384 digest.

CryptoKeyVersionState

static

number

The state of a CryptoKeyVersion, indicating if it can be used.

Value

CRYPTO_KEY_VERSION_STATE_UNSPECIFIED

Not specified.

PENDING_GENERATION

This version is still being generated. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.

ENABLED

This version may be used for cryptographic operations.

DISABLED

This version may not be used, but the key material is still available, and the version can be placed back into the ENABLED state.

DESTROYED

This version is destroyed, and the key material is no longer stored. A version may not leave this state once entered.

DESTROY_SCHEDULED

This version is scheduled for destruction, and will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the DISABLED state.

CryptoKeyVersionView

static

number

A view for CryptoKeyVersions. Controls the level of detail returned for CryptoKeyVersions in KeyManagementService.ListCryptoKeyVersions and KeyManagementService.ListCryptoKeys.

Value

CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED

Default view for each CryptoKeyVersion. Does not include the attestation field.

FULL

Provides all fields in each CryptoKeyVersion, including the attestation.

ProtectionLevel

static

number

ProtectionLevel specifies how cryptographic operations are performed.

Value

PROTECTION_LEVEL_UNSPECIFIED

Not specified.

SOFTWARE

Crypto operations are performed in software.

HSM

Crypto operations are performed in a Hardware Security Module.

Properties

AttestationFormat

static

number

Attestion formats provided by the HSM.

Value

ATTESTATION_FORMAT_UNSPECIFIED

CAVIUM_V1_COMPRESSED

Cavium HSM attestation compressed with gzip. Note that this format is defined by Cavium and subject to change at any time.

CryptoKeyPurpose

static

number

CryptoKeyPurpose describes the cryptographic capabilities of a CryptoKey. A given key can only be used for the operations allowed by its purpose.

Value

CRYPTO_KEY_PURPOSE_UNSPECIFIED

Not specified.

ENCRYPT_DECRYPT

CryptoKeys with this purpose may be used with Encrypt and Decrypt.

ASYMMETRIC_SIGN

CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.

ASYMMETRIC_DECRYPT

CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.

CryptoKeyVersionAlgorithm

static

number

The algorithm of the CryptoKeyVersion, indicating what parameters must be used for each cryptographic operation.

The GOOGLE_SYMMETRIC_ENCRYPTION algorithm is usable with CryptoKey.purpose ENCRYPT_DECRYPT.

Algorithms beginning with "RSA_SIGN_" are usable with CryptoKey.purpose ASYMMETRIC_SIGN.

The fields in the name after "RSA_SIGN_" correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm.

For PSS, the salt length used is equal to the length of digest algorithm. For example, RSA_SIGN_PSS_2048_SHA256 will use PSS with a salt length of 256 bits or 32 bytes.

Algorithms beginning with "RSA_DECRYPT_" are usable with CryptoKey.purpose ASYMMETRIC_DECRYPT.

The fields in the name after "RSA_DECRYPT_" correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm.

Algorithms beginning with "EC_SIGN_" are usable with CryptoKey.purpose ASYMMETRIC_SIGN.

The fields in the name after "EC_SIGN_" correspond to the following parameters: elliptic curve, digest algorithm.

Value

CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED

Not specified.

GOOGLE_SYMMETRIC_ENCRYPTION

Creates symmetric encryption keys.

RSA_SIGN_PSS_2048_SHA256

RSASSA-PSS 2048 bit key with a SHA256 digest.

RSA_SIGN_PSS_3072_SHA256

RSASSA-PSS 3072 bit key with a SHA256 digest.

RSA_SIGN_PSS_4096_SHA256

RSASSA-PSS 4096 bit key with a SHA256 digest.

RSA_SIGN_PKCS1_2048_SHA256

RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

RSA_SIGN_PKCS1_3072_SHA256

RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

RSA_SIGN_PKCS1_4096_SHA256

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

RSA_DECRYPT_OAEP_2048_SHA256

RSAES-OAEP 2048 bit key with a SHA256 digest.

RSA_DECRYPT_OAEP_3072_SHA256

RSAES-OAEP 3072 bit key with a SHA256 digest.

RSA_DECRYPT_OAEP_4096_SHA256

RSAES-OAEP 4096 bit key with a SHA256 digest.

EC_SIGN_P256_SHA256

ECDSA on the NIST P-256 curve with a SHA256 digest.

EC_SIGN_P384_SHA384

ECDSA on the NIST P-384 curve with a SHA384 digest.

CryptoKeyVersionState

static

number

The state of a CryptoKeyVersion, indicating if it can be used.

Value

CRYPTO_KEY_VERSION_STATE_UNSPECIFIED

Not specified.

PENDING_GENERATION

This version is still being generated. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.

ENABLED

This version may be used for cryptographic operations.

DISABLED

This version may not be used, but the key material is still available, and the version can be placed back into the ENABLED state.

DESTROYED

This version is destroyed, and the key material is no longer stored. A version may not leave this state once entered.

DESTROY_SCHEDULED

This version is scheduled for destruction, and will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the DISABLED state.

CryptoKeyVersionView

static

number

A view for CryptoKeyVersions. Controls the level of detail returned for CryptoKeyVersions in KeyManagementService.ListCryptoKeyVersions and KeyManagementService.ListCryptoKeys.

Value

CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED

Default view for each CryptoKeyVersion. Does not include the attestation field.

FULL

Provides all fields in each CryptoKeyVersion, including the attestation.

ProtectionLevel

static

number

ProtectionLevel specifies how cryptographic operations are performed.

Value

PROTECTION_LEVEL_UNSPECIFIED

Not specified.

SOFTWARE

Crypto operations are performed in software.

HSM

Crypto operations are performed in a Hardware Security Module.

Abstract types

AsymmetricDecryptRequest

static

Request message for KeyManagementService.AsymmetricDecrypt.

Properties

Parameter

name

string

Required. The resource name of the CryptoKeyVersion to use for decryption.

ciphertext

string

Required. The data encrypted with the named CryptoKeyVersion's public key using OAEP.

See also

google.cloud.kms.v1.AsymmetricDecryptRequest definition in proto format

AsymmetricDecryptResponse

static

Response message for KeyManagementService.AsymmetricDecrypt.

Property

Parameter

plaintext

string

The decrypted data originally encrypted with the matching public key.

See also

google.cloud.kms.v1.AsymmetricDecryptResponse definition in proto format

AsymmetricSignRequest

static

Request message for KeyManagementService.AsymmetricSign.

Properties

Parameter

name

string

Required. The resource name of the CryptoKeyVersion to use for signing.

digest

Object

Required. The digest of the data to sign. The digest must be produced with the same digest algorithm as specified by the key version's algorithm.

This object should have the same structure as Digest

See also

google.cloud.kms.v1.AsymmetricSignRequest definition in proto format

AsymmetricSignResponse

static

Response message for KeyManagementService.AsymmetricSign.

Property

Parameter

signature

string

The created signature.

See also

google.cloud.kms.v1.AsymmetricSignResponse definition in proto format

CreateCryptoKeyRequest

static

Request message for KeyManagementService.CreateCryptoKey.

Properties

Parameter

parent

string

Required. The name of the KeyRing associated with the CryptoKeys.

cryptoKeyId

string

Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

cryptoKey

Object

A CryptoKey with initial field values.

This object should have the same structure as CryptoKey

See also

google.cloud.kms.v1.CreateCryptoKeyRequest definition in proto format

CreateCryptoKeyVersionRequest

static

Request message for KeyManagementService.CreateCryptoKeyVersion.

Properties

Parameter

parent

string

Required. The name of the CryptoKey associated with the CryptoKeyVersions.

cryptoKeyVersion

Object

A CryptoKeyVersion with initial field values.

This object should have the same structure as CryptoKeyVersion

See also

google.cloud.kms.v1.CreateCryptoKeyVersionRequest definition in proto format

CreateKeyRingRequest

static

Request message for KeyManagementService.CreateKeyRing.

Properties

Parameter

parent

string

Required. The resource name of the location associated with the KeyRings, in the format projects/ /locations/.

keyRingId

string

Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}

keyRing

Object

A KeyRing with initial field values.

This object should have the same structure as KeyRing

See also

google.cloud.kms.v1.CreateKeyRingRequest definition in proto format

CryptoKey

static

A CryptoKey represents a logical key that can be used for cryptographic operations.

A CryptoKey is made up of one or more versions, which represent the actual key material used in cryptographic operations.

Properties

Parameter

name

string

Output only. The resource name for this CryptoKey in the format projects/ /locations/ /keyRings/ /cryptoKeys/.

primary

Object

Output only. A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name.

The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion.

All keys with purpose ENCRYPT_DECRYPT have a primary. For other keys, this field will be omitted.

This object should have the same structure as CryptoKeyVersion

purpose

number

The immutable purpose of this CryptoKey.

The number should be among the values of CryptoKeyPurpose

createTime

Object

Output only. The time at which this CryptoKey was created.

This object should have the same structure as Timestamp

nextRotationTime

Object

At next_rotation_time, the Key Management Service will automatically:

  1. Create a new version of this CryptoKey.
  2. Mark the new version as primary.

    Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time.

    Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

    This object should have the same structure as Timestamp

rotationPeriod

Object

next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least one day.

If rotation_period is set, next_rotation_time must also be set.

Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

This object should have the same structure as Duration

versionTemplate

Object

A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

This object should have the same structure as CryptoKeyVersionTemplate

labels

Object with string properties

Labels with user-defined metadata. For more information, see Labeling Keys.

See also

google.cloud.kms.v1.CryptoKey definition in proto format

CryptoKeyVersion

static

A CryptoKeyVersion represents an individual cryptographic key, and the associated key material.

An ENABLED version can be used for cryptographic operations.

For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS.

Properties

Parameter

name

string

Output only. The resource name for this CryptoKeyVersion in the format projects/ /locations/ /keyRings/ /cryptoKeys/ /cryptoKeyVersions/*.

state

number

The current state of the CryptoKeyVersion.

The number should be among the values of CryptoKeyVersionState

protectionLevel

number

Output only. The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.

The number should be among the values of ProtectionLevel

algorithm

number

Output only. The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

The number should be among the values of CryptoKeyVersionAlgorithm

attestation

Object

Output only. Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.

This object should have the same structure as KeyOperationAttestation

createTime

Object

Output only. The time at which this CryptoKeyVersion was created.

This object should have the same structure as Timestamp

generateTime

Object

Output only. The time this CryptoKeyVersion's key material was generated.

This object should have the same structure as Timestamp

destroyTime

Object

Output only. The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.

This object should have the same structure as Timestamp

destroyEventTime

Object

Output only. The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.

This object should have the same structure as Timestamp

See also

google.cloud.kms.v1.CryptoKeyVersion definition in proto format

CryptoKeyVersionTemplate

static

A CryptoKeyVersionTemplate specifies the properties to use when creating a new CryptoKeyVersion, either manually with CreateCryptoKeyVersion or automatically as a result of auto-rotation.

Properties

Parameter

protectionLevel

number

ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

The number should be among the values of ProtectionLevel

algorithm

number

Required. Algorithm to use when creating a CryptoKeyVersion based on this template.

For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

The number should be among the values of CryptoKeyVersionAlgorithm

See also

google.cloud.kms.v1.CryptoKeyVersionTemplate definition in proto format

DecryptRequest

static

Request message for KeyManagementService.Decrypt.

Properties

Parameter

name

string

Required. The resource name of the CryptoKey to use for decryption. The server will choose the appropriate version.

ciphertext

string

Required. The encrypted data originally returned in EncryptResponse.ciphertext.

additionalAuthenticatedData

string

Optional data that must match the data originally supplied in EncryptRequest.additional_authenticated_data.

See also

google.cloud.kms.v1.DecryptRequest definition in proto format

DecryptResponse

static

Response message for KeyManagementService.Decrypt.

Property

Parameter

plaintext

string

The decrypted data originally supplied in EncryptRequest.plaintext.

See also

google.cloud.kms.v1.DecryptResponse definition in proto format

DestroyCryptoKeyVersionRequest

static

Request message for KeyManagementService.DestroyCryptoKeyVersion.

Property

Parameter

name

string

The resource name of the CryptoKeyVersion to destroy.

See also

google.cloud.kms.v1.DestroyCryptoKeyVersionRequest definition in proto format

Digest

static

A Digest holds a cryptographic message digest.

Properties

Parameter

sha256

string

A message digest produced with the SHA-256 algorithm.

sha384

string

A message digest produced with the SHA-384 algorithm.

sha512

string

A message digest produced with the SHA-512 algorithm.

See also

google.cloud.kms.v1.Digest definition in proto format

EncryptRequest

static

Request message for KeyManagementService.Encrypt.

Properties

Parameter

name

string

Required. The resource name of the CryptoKey or CryptoKeyVersion to use for encryption.

If a CryptoKey is specified, the server will use its primary version.

plaintext

string

Required. The data to encrypt. Must be no larger than 64KiB.

The maximum size depends on the key version's protection_level. For SOFTWARE keys, the plaintext must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.

additionalAuthenticatedData

string

Optional data that, if specified, must also be provided during decryption through DecryptRequest.additional_authenticated_data.

The maximum size depends on the key version's protection_level. For SOFTWARE keys, the AAD must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.

See also

google.cloud.kms.v1.EncryptRequest definition in proto format

EncryptResponse

static

Response message for KeyManagementService.Encrypt.

Properties

Parameter

name

string

The resource name of the CryptoKeyVersion used in encryption.

ciphertext

string

The encrypted data.

See also

google.cloud.kms.v1.EncryptResponse definition in proto format

GetCryptoKeyRequest

static

Request message for KeyManagementService.GetCryptoKey.

Property

Parameter

name

string

The name of the CryptoKey to get.

See also

google.cloud.kms.v1.GetCryptoKeyRequest definition in proto format

GetCryptoKeyVersionRequest

static

Request message for KeyManagementService.GetCryptoKeyVersion.

Property

Parameter

name

string

The name of the CryptoKeyVersion to get.

See also

google.cloud.kms.v1.GetCryptoKeyVersionRequest definition in proto format

GetKeyRingRequest

static

Request message for KeyManagementService.GetKeyRing.

Property

Parameter

name

string

The name of the KeyRing to get.

See also

google.cloud.kms.v1.GetKeyRingRequest definition in proto format

GetPublicKeyRequest

static

Request message for KeyManagementService.GetPublicKey.

Property

Parameter

name

string

The name of the CryptoKeyVersion public key to get.

See also

google.cloud.kms.v1.GetPublicKeyRequest definition in proto format

KeyOperationAttestation

static

Contains an HSM-generated attestation about a key operation.

Properties

Parameter

format

number

Output only. The format of the attestation data.

The number should be among the values of AttestationFormat

content

string

Output only. The attestation data provided by the HSM when the key operation was performed.

See also

google.cloud.kms.v1.KeyOperationAttestation definition in proto format

KeyRing

static

A KeyRing is a toplevel logical grouping of CryptoKeys.

Properties

Parameter

name

string

Output only. The resource name for the KeyRing in the format projects/ /locations/ /keyRings/*.

createTime

Object

Output only. The time at which this KeyRing was created.

This object should have the same structure as Timestamp

See also

google.cloud.kms.v1.KeyRing definition in proto format

ListCryptoKeysRequest

static

Request message for KeyManagementService.ListCryptoKeys.

Properties

Parameter

parent

string

Required. The resource name of the KeyRing to list, in the format projects/ /locations/ /keyRings/*.

pageSize

number

Optional limit on the number of CryptoKeys to include in the response. Further CryptoKeys can subsequently be obtained by including the ListCryptoKeysResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.

pageToken

string

Optional pagination token, returned earlier via ListCryptoKeysResponse.next_page_token.

versionView

number

The fields of the primary version to include in the response.

The number should be among the values of CryptoKeyVersionView

See also

google.cloud.kms.v1.ListCryptoKeysRequest definition in proto format

ListCryptoKeysResponse

static

Response message for KeyManagementService.ListCryptoKeys.

Properties

Parameter

cryptoKeys

Array of Object

The list of CryptoKeys.

This object should have the same structure as CryptoKey

nextPageToken

string

A token to retrieve next page of results. Pass this value in ListCryptoKeysRequest.page_token to retrieve the next page of results.

totalSize

number

The total number of CryptoKeys that matched the query.

See also

google.cloud.kms.v1.ListCryptoKeysResponse definition in proto format

ListCryptoKeyVersionsRequest

static

Request message for KeyManagementService.ListCryptoKeyVersions.

Properties

Parameter

parent

string

Required. The resource name of the CryptoKey to list, in the format projects/ /locations/ /keyRings/ /cryptoKeys/.

pageSize

number

Optional limit on the number of CryptoKeyVersions to include in the response. Further CryptoKeyVersions can subsequently be obtained by including the ListCryptoKeyVersionsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.

pageToken

string

Optional pagination token, returned earlier via ListCryptoKeyVersionsResponse.next_page_token.

view

number

The fields to include in the response.

The number should be among the values of CryptoKeyVersionView

See also

google.cloud.kms.v1.ListCryptoKeyVersionsRequest definition in proto format

ListCryptoKeyVersionsResponse

static

Response message for KeyManagementService.ListCryptoKeyVersions.

Properties

Parameter

cryptoKeyVersions

Array of Object

The list of CryptoKeyVersions.

This object should have the same structure as CryptoKeyVersion

nextPageToken

string

A token to retrieve next page of results. Pass this value in ListCryptoKeyVersionsRequest.page_token to retrieve the next page of results.

totalSize

number

The total number of CryptoKeyVersions that matched the query.

See also

google.cloud.kms.v1.ListCryptoKeyVersionsResponse definition in proto format

ListKeyRingsRequest

static

Request message for KeyManagementService.ListKeyRings.

Properties

Parameter

parent

string

Required. The resource name of the location associated with the KeyRings, in the format projects/ /locations/.

pageSize

number

Optional limit on the number of KeyRings to include in the response. Further KeyRings can subsequently be obtained by including the ListKeyRingsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.

pageToken

string

Optional pagination token, returned earlier via ListKeyRingsResponse.next_page_token.

See also

google.cloud.kms.v1.ListKeyRingsRequest definition in proto format

ListKeyRingsResponse

static

Response message for KeyManagementService.ListKeyRings.

Properties

Parameter

keyRings

Array of Object

The list of KeyRings.

This object should have the same structure as KeyRing

nextPageToken

string

A token to retrieve next page of results. Pass this value in ListKeyRingsRequest.page_token to retrieve the next page of results.

totalSize

number

The total number of KeyRings that matched the query.

See also

google.cloud.kms.v1.ListKeyRingsResponse definition in proto format

LocationMetadata

static

Cloud KMS metadata for the given google.cloud.location.Location.

Property

Parameter

hsmAvailable

boolean

Indicates whether CryptoKeys with protection_level HSM can be created in this location.

See also

google.cloud.kms.v1.LocationMetadata definition in proto format

PublicKey

static

The public key for a given CryptoKeyVersion. Obtained via GetPublicKey.

Properties

Parameter

pem

string

The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and [Textual Encoding of Subject Public Key Info] (https://tools.ietf.org/html/rfc7468#section-13).

algorithm

number

The Algorithm associated with this key.

The number should be among the values of CryptoKeyVersionAlgorithm

See also

google.cloud.kms.v1.PublicKey definition in proto format

RestoreCryptoKeyVersionRequest

static

Request message for KeyManagementService.RestoreCryptoKeyVersion.

Property

Parameter

name

string

The resource name of the CryptoKeyVersion to restore.

See also

google.cloud.kms.v1.RestoreCryptoKeyVersionRequest definition in proto format

UpdateCryptoKeyPrimaryVersionRequest

static

Request message for KeyManagementService.UpdateCryptoKeyPrimaryVersion.

Properties

Parameter

name

string

The resource name of the CryptoKey to update.

cryptoKeyVersionId

string

The id of the child CryptoKeyVersion to use as primary.

See also

google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest definition in proto format

UpdateCryptoKeyRequest

static

Request message for KeyManagementService.UpdateCryptoKey.

Properties

Parameter

cryptoKey

Object

CryptoKey with updated values.

This object should have the same structure as CryptoKey

updateMask

Object

Required list of fields to be updated in this request.

This object should have the same structure as FieldMask

See also

google.cloud.kms.v1.UpdateCryptoKeyRequest definition in proto format

UpdateCryptoKeyVersionRequest

static

Request message for KeyManagementService.UpdateCryptoKeyVersion.

Properties

Parameter

cryptoKeyVersion

Object

CryptoKeyVersion with updated values.

This object should have the same structure as CryptoKeyVersion

updateMask

Object

Required list of fields to be updated in this request.

This object should have the same structure as FieldMask

See also

google.cloud.kms.v1.UpdateCryptoKeyVersionRequest definition in proto format