v1.KeyManagementServiceClient

class   static

Google Cloud Key Management Service

Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:

  • KeyRing
  • CryptoKey
  • CryptoKeyVersion

If you are using manual gRPC libraries, see Using gRPC with Cloud KMS.

Constructor

KeyManagementServiceClient

new KeyManagementServiceClient(options)

Construct an instance of KeyManagementServiceClient.

Parameter

options

Optional

object

The configuration object. See the subsequent parameters for more details.

Values in options have the following properties:

Parameter

credentials

Optional

object

Credentials object.

credentials.client_email

Optional

string

credentials.private_key

Optional

string

email

Optional

string

Account email address. Required when using a .pem or .p12 keyFilename.

keyFilename

Optional

string

Full path to the a .json, .pem, or .p12 key downloaded from the Google Developers Console. If you provide a path to a JSON file, the projectId option below is not necessary. NOTE: .pem and .p12 require you to specify options.email as well.

port

Optional

number

The port on which to connect to the remote host.

projectId

Optional

string

The project ID from the Google Developer's Console, e.g. 'grape-spaceship-123'. We will also check the environment variable GCLOUD_PROJECT for your project ID. If your app is running in an environment which supports Application Default Credentials, your project ID will be detected automatically.

promise

Optional

function()

Custom promise module to use instead of native Promises.

servicePath

Optional

string

The domain name of the API remote host.

Properties

port

static

The port for this API service.

scopes

static

The scopes needed to make gRPC calls for every method defined in this service.

servicePath

static

The DNS address for this API service.

Methods

asymmetricDecrypt

asymmetricDecrypt(request, options, callback) returns Promise

Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

name

string

Required. The resource name of the CryptoKeyVersion to use for decryption.

ciphertext

string

Required. The data encrypted with the named CryptoKeyVersion's public key using OAEP.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing AsymmetricDecryptResponse.
Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing AsymmetricDecryptResponse. The promise has a method named "cancel" which cancels the ongoing API call.

Example 

const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedName = client.cryptoKeyVersionPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]');
const ciphertext = '';
const request = {
  name: formattedName,
  ciphertext: ciphertext,
};
client.asymmetricDecrypt(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

asymmetricSign

asymmetricSign(request, options, callback) returns Promise

Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

name

string

Required. The resource name of the CryptoKeyVersion to use for signing.

digest

Object

Required. The digest of the data to sign. The digest must be produced with the same digest algorithm as specified by the key version's algorithm.

This object should have the same structure as Digest

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing AsymmetricSignResponse.
Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing AsymmetricSignResponse. The promise has a method named "cancel" which cancels the ongoing API call.

Example 

const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedName = client.cryptoKeyVersionPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]');
const digest = {};
const request = {
  name: formattedName,
  digest: digest,
};
client.asymmetricSign(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

createCryptoKey

createCryptoKey(request, options, callback) returns Promise

Create a new CryptoKey within a KeyRing.

CryptoKey.purpose and CryptoKey.version_template.algorithm are required.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

parent

string

Required. The name of the KeyRing associated with the CryptoKeys.

cryptoKeyId

string

Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

cryptoKey

Object

A CryptoKey with initial field values.

This object should have the same structure as CryptoKey

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKey.
Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing CryptoKey. The promise has a method named "cancel" which cancels the ongoing API call.

Example 

const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedParent = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');
const cryptoKeyId = 'my-app-key';
const purpose = 'ENCRYPT_DECRYPT';
const seconds = 2147483647;
const nextRotationTime = {
  seconds: seconds,
};
const seconds2 = 604800;
const rotationPeriod = {
  seconds: seconds2,
};
const cryptoKey = {
  purpose: purpose,
  nextRotationTime: nextRotationTime,
  rotationPeriod: rotationPeriod,
};
const request = {
  parent: formattedParent,
  cryptoKeyId: cryptoKeyId,
  cryptoKey: cryptoKey,
};
client.createCryptoKey(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

createCryptoKeyVersion

createCryptoKeyVersion(request, options, callback) returns Promise

Create a new CryptoKeyVersion in a CryptoKey.

The server will assign the next sequential id. If unset, state will be set to ENABLED.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

parent

string

Required. The name of the CryptoKey associated with the CryptoKeyVersions.

cryptoKeyVersion

Object

A CryptoKeyVersion with initial field values.

This object should have the same structure as CryptoKeyVersion

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKeyVersion.
Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing CryptoKeyVersion. The promise has a method named "cancel" which cancels the ongoing API call.

Example 

const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedParent = client.cryptoKeyPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]');
const cryptoKeyVersion = {};
const request = {
  parent: formattedParent,
  cryptoKeyVersion: cryptoKeyVersion,
};
client.createCryptoKeyVersion(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

createKeyRing

createKeyRing(request, options, callback) returns Promise

Create a new KeyRing in a given Project and Location.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

parent

string

Required. The resource name of the location associated with the KeyRings, in the format projects/ /locations/.

keyRingId

string

Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}

keyRing

Object

A KeyRing with initial field values.

This object should have the same structure as KeyRing

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing KeyRing.
Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing KeyRing. The promise has a method named "cancel" which cancels the ongoing API call.

Example 

const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedParent = client.locationPath('[PROJECT]', '[LOCATION]');
const keyRingId = '';
const keyRing = {};
const request = {
  parent: formattedParent,
  keyRingId: keyRingId,
  keyRing: keyRing,
};
client.createKeyRing(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

cryptoKeyPath

cryptoKeyPath(project, location, keyRing, cryptoKey) returns String

Return a fully-qualified crypto_key resource name string.

Parameter

project

String

location

String

keyRing

String

cryptoKey

String
Returns

String 

cryptoKeyPathPath

cryptoKeyPathPath(project, location, keyRing, cryptoKeyPath) returns String

Return a fully-qualified crypto_key_path resource name string.

Parameter

project

String

location

String

keyRing

String

cryptoKeyPath

String
Returns

String 

cryptoKeyVersionPath

cryptoKeyVersionPath(project, location, keyRing, cryptoKey, cryptoKeyVersion) returns String

Return a fully-qualified crypto_key_version resource name string.

Parameter

project

String

location

String

keyRing

String

cryptoKey

String

cryptoKeyVersion

String
Returns

String 

decrypt

decrypt(request, options, callback) returns Promise

Decrypts data that was protected by Encrypt. The CryptoKey.purpose must be ENCRYPT_DECRYPT.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

name

string

Required. The resource name of the CryptoKey to use for decryption. The server will choose the appropriate version.

ciphertext

string

Required. The encrypted data originally returned in EncryptResponse.ciphertext.

additionalAuthenticatedData

Optional

string

Optional data that must match the data originally supplied in EncryptRequest.additional_authenticated_data.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing DecryptResponse.
Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing DecryptResponse. The promise has a method named "cancel" which cancels the ongoing API call.

Example 

const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedName = client.cryptoKeyPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]');
const ciphertext = '';
const request = {
  name: formattedName,
  ciphertext: ciphertext,
};
client.decrypt(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

destroyCryptoKeyVersion

destroyCryptoKeyVersion(request, options, callback) returns Promise

Schedule a CryptoKeyVersion for destruction.

Upon calling this method, CryptoKeyVersion.state will be set to DESTROY_SCHEDULED and destroy_time will be set to a time 24 hours in the future, at which point the state will be changed to DESTROYED, and the key material will be irrevocably destroyed.

Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to reverse the process.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

name

string

The resource name of the CryptoKeyVersion to destroy.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKeyVersion.
Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing CryptoKeyVersion. The promise has a method named "cancel" which cancels the ongoing API call.

Example 

const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedName = client.cryptoKeyVersionPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]');
client.destroyCryptoKeyVersion({name: formattedName})
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

encrypt

encrypt(request, options, callback) returns Promise

Encrypts data, so that it can only be recovered by a call to Decrypt. The CryptoKey.purpose must be ENCRYPT_DECRYPT.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

name

string

Required. The resource name of the CryptoKey or CryptoKeyVersion to use for encryption.

If a CryptoKey is specified, the server will use its primary version.

plaintext

string

Required. The data to encrypt. Must be no larger than 64KiB.

The maximum size depends on the key version's protection_level. For SOFTWARE keys, the plaintext must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.

additionalAuthenticatedData

Optional

string

Optional data that, if specified, must also be provided during decryption through DecryptRequest.additional_authenticated_data.

The maximum size depends on the key version's protection_level. For SOFTWARE keys, the AAD must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing EncryptResponse.
Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing EncryptResponse. The promise has a method named "cancel" which cancels the ongoing API call.

Example 

const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedName = client.cryptoKeyPathPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY_PATH]');
const plaintext = '';
const request = {
  name: formattedName,
  plaintext: plaintext,
};
client.encrypt(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

getCryptoKey

getCryptoKey(request, options, callback) returns Promise

Returns metadata for a given CryptoKey, as well as its primary CryptoKeyVersion.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

name

string

The name of the CryptoKey to get.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKey.
Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing CryptoKey. The promise has a method named "cancel" which cancels the ongoing API call.

Example 

const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedName = client.cryptoKeyPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]');
client.getCryptoKey({name: formattedName})
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

getCryptoKeyVersion

getCryptoKeyVersion(request, options, callback) returns Promise

Returns metadata for a given CryptoKeyVersion.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

name

string

The name of the CryptoKeyVersion to get.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKeyVersion.
Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing CryptoKeyVersion. The promise has a method named "cancel" which cancels the ongoing API call.

Example 

const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedName = client.cryptoKeyVersionPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]');
client.getCryptoKeyVersion({name: formattedName})
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

getIamPolicy

getIamPolicy(request, options, callback) returns Promise

Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

resource

string

REQUIRED: The resource for which the policy is being requested. resource is usually specified as a path. For example, a Project resource is specified as projects/{project}.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing Policy.
Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing Policy. The promise has a method named "cancel" which cancels the ongoing API call.

Example 

const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedResource = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');
client.getIamPolicy({resource: formattedResource})
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

getKeyRing

getKeyRing(request, options, callback) returns Promise

Returns metadata for a given KeyRing.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

name

string

The name of the KeyRing to get.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing KeyRing.
Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing KeyRing. The promise has a method named "cancel" which cancels the ongoing API call.

Example 

const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedName = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');
client.getKeyRing({name: formattedName})
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

getProjectId

getProjectId(callback)

Return the project ID used by this class.

Parameter

callback

function(Error, string)

the callback to be called with the current project Id.

getPublicKey

getPublicKey(request, options, callback) returns Promise

Returns the public key for the given CryptoKeyVersion. The CryptoKey.purpose must be ASYMMETRIC_SIGN or ASYMMETRIC_DECRYPT.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

name

string

The name of the CryptoKeyVersion public key to get.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing PublicKey.
Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing PublicKey. The promise has a method named "cancel" which cancels the ongoing API call.

Example 

const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedName = client.cryptoKeyVersionPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]');
client.getPublicKey({name: formattedName})
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

keyRingPath

keyRingPath(project, location, keyRing) returns String

Return a fully-qualified key_ring resource name string.

Parameter

project

String

location

String

keyRing

String
Returns

String 

listCryptoKeys

listCryptoKeys(request, options, callback) returns Promise

Lists CryptoKeys.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

parent

string

Required. The resource name of the KeyRing to list, in the format projects/ /locations/ /keyRings/*.

pageSize

Optional

number

The maximum number of resources contained in the underlying API response. If page streaming is performed per-resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.

versionView

Optional

number

The fields of the primary version to include in the response.

The number should be among the values of CryptoKeyVersionView

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Array, nullable Object, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is Array of CryptoKey.

When autoPaginate: false is specified through options, it contains the result in a single response. If the response indicates the next page exists, the third parameter is set to be used for the next request object. The fourth parameter keeps the raw response object of an object representing ListCryptoKeysResponse.
Returns

Promise 

  • The promise which resolves to an array. The first element of the array is Array of CryptoKey.

    When autoPaginate: false is specified through options, the array has three elements. The first element is Array of CryptoKey in a single response. The second element is the next request object if the response indicates the next page exists, or null. The third element is an object representing ListCryptoKeysResponse.

    The promise has a method named "cancel" which cancels the ongoing API call.

Example 

const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

// Iterate over all elements.
const formattedParent = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');

client.listCryptoKeys({parent: formattedParent})
  .then(responses => {
    const resources = responses[0];
    for (const resource of resources) {
      // doThingsWith(resource)
    }
  })
  .catch(err => {
    console.error(err);
  });

// Or obtain the paged response.
const formattedParent = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');


const options = {autoPaginate: false};
const callback = responses => {
  // The actual resources in a response.
  const resources = responses[0];
  // The next request if the response shows that there are more responses.
  const nextRequest = responses[1];
  // The actual response object, if necessary.
  // const rawResponse = responses[2];
  for (const resource of resources) {
    // doThingsWith(resource);
  }
  if (nextRequest) {
    // Fetch the next page.
    return client.listCryptoKeys(nextRequest, options).then(callback);
  }
}
client.listCryptoKeys({parent: formattedParent}, options)
  .then(callback)
  .catch(err => {
    console.error(err);
  });

listCryptoKeysStream

listCryptoKeysStream(request, options) returns Stream

Equivalent to listCryptoKeys, but returns a NodeJS Stream object.

This fetches the paged responses for listCryptoKeys continuously and invokes the callback registered for 'data' event for each element in the responses.

The returned object has 'end' method when no more elements are required.

autoPaginate option will be ignored.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

parent

string

Required. The resource name of the KeyRing to list, in the format projects/ /locations/ /keyRings/*.

pageSize

Optional

number

The maximum number of resources contained in the underlying API response. If page streaming is performed per-resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.

versionView

Optional

number

The fields of the primary version to include in the response.

The number should be among the values of CryptoKeyVersionView

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
See also
https://nodejs.org/api/stream.html
Returns

Stream 

An object stream which emits an object representing CryptoKey on 'data' event.

Example 

const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedParent = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');
client.listCryptoKeysStream({parent: formattedParent})
  .on('data', element => {
    // doThingsWith(element)
  }).on('error', err => {
    console.log(err);
  });

listCryptoKeyVersions

listCryptoKeyVersions(request, options, callback) returns Promise

Lists CryptoKeyVersions.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

parent

string

Required. The resource name of the CryptoKey to list, in the format projects/ /locations/ /keyRings/ /cryptoKeys/.

pageSize

Optional

number

The maximum number of resources contained in the underlying API response. If page streaming is performed per-resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.

view

Optional

number

The fields to include in the response.

The number should be among the values of CryptoKeyVersionView

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Array, nullable Object, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is Array of CryptoKeyVersion.

When autoPaginate: false is specified through options, it contains the result in a single response. If the response indicates the next page exists, the third parameter is set to be used for the next request object. The fourth parameter keeps the raw response object of an object representing ListCryptoKeyVersionsResponse.
Returns

Promise 

  • The promise which resolves to an array. The first element of the array is Array of CryptoKeyVersion.

    When autoPaginate: false is specified through options, the array has three elements. The first element is Array of CryptoKeyVersion in a single response. The second element is the next request object if the response indicates the next page exists, or null. The third element is an object representing ListCryptoKeyVersionsResponse.

    The promise has a method named "cancel" which cancels the ongoing API call.

Example 

const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

// Iterate over all elements.
const formattedParent = client.cryptoKeyPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]');

client.listCryptoKeyVersions({parent: formattedParent})
  .then(responses => {
    const resources = responses[0];
    for (const resource of resources) {
      // doThingsWith(resource)
    }
  })
  .catch(err => {
    console.error(err);
  });

// Or obtain the paged response.
const formattedParent = client.cryptoKeyPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]');


const options = {autoPaginate: false};
const callback = responses => {
  // The actual resources in a response.
  const resources = responses[0];
  // The next request if the response shows that there are more responses.
  const nextRequest = responses[1];
  // The actual response object, if necessary.
  // const rawResponse = responses[2];
  for (const resource of resources) {
    // doThingsWith(resource);
  }
  if (nextRequest) {
    // Fetch the next page.
    return client.listCryptoKeyVersions(nextRequest, options).then(callback);
  }
}
client.listCryptoKeyVersions({parent: formattedParent}, options)
  .then(callback)
  .catch(err => {
    console.error(err);
  });

listCryptoKeyVersionsStream

listCryptoKeyVersionsStream(request, options) returns Stream

Equivalent to listCryptoKeyVersions, but returns a NodeJS Stream object.

This fetches the paged responses for listCryptoKeyVersions continuously and invokes the callback registered for 'data' event for each element in the responses.

The returned object has 'end' method when no more elements are required.

autoPaginate option will be ignored.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

parent

string

Required. The resource name of the CryptoKey to list, in the format projects/ /locations/ /keyRings/ /cryptoKeys/.

pageSize

Optional

number

The maximum number of resources contained in the underlying API response. If page streaming is performed per-resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.

view

Optional

number

The fields to include in the response.

The number should be among the values of CryptoKeyVersionView

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
See also
https://nodejs.org/api/stream.html
Returns

Stream 

An object stream which emits an object representing CryptoKeyVersion on 'data' event.

Example 

const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedParent = client.cryptoKeyPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]');
client.listCryptoKeyVersionsStream({parent: formattedParent})
  .on('data', element => {
    // doThingsWith(element)
  }).on('error', err => {
    console.log(err);
  });

listKeyRings

listKeyRings(request, options, callback) returns Promise

Lists KeyRings.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

parent

string

Required. The resource name of the location associated with the KeyRings, in the format projects/ /locations/.

pageSize

Optional

number

The maximum number of resources contained in the underlying API response. If page streaming is performed per-resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Array, nullable Object, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is Array of KeyRing.

When autoPaginate: false is specified through options, it contains the result in a single response. If the response indicates the next page exists, the third parameter is set to be used for the next request object. The fourth parameter keeps the raw response object of an object representing ListKeyRingsResponse.
Returns

Promise 

  • The promise which resolves to an array. The first element of the array is Array of KeyRing.

    When autoPaginate: false is specified through options, the array has three elements. The first element is Array of KeyRing in a single response. The second element is the next request object if the response indicates the next page exists, or null. The third element is an object representing ListKeyRingsResponse.

    The promise has a method named "cancel" which cancels the ongoing API call.

Example 

const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

// Iterate over all elements.
const formattedParent = client.locationPath('[PROJECT]', '[LOCATION]');

client.listKeyRings({parent: formattedParent})
  .then(responses => {
    const resources = responses[0];
    for (const resource of resources) {
      // doThingsWith(resource)
    }
  })
  .catch(err => {
    console.error(err);
  });

// Or obtain the paged response.
const formattedParent = client.locationPath('[PROJECT]', '[LOCATION]');


const options = {autoPaginate: false};
const callback = responses => {
  // The actual resources in a response.
  const resources = responses[0];
  // The next request if the response shows that there are more responses.
  const nextRequest = responses[1];
  // The actual response object, if necessary.
  // const rawResponse = responses[2];
  for (const resource of resources) {
    // doThingsWith(resource);
  }
  if (nextRequest) {
    // Fetch the next page.
    return client.listKeyRings(nextRequest, options).then(callback);
  }
}
client.listKeyRings({parent: formattedParent}, options)
  .then(callback)
  .catch(err => {
    console.error(err);
  });

listKeyRingsStream

listKeyRingsStream(request, options) returns Stream

Equivalent to listKeyRings, but returns a NodeJS Stream object.

This fetches the paged responses for listKeyRings continuously and invokes the callback registered for 'data' event for each element in the responses.

The returned object has 'end' method when no more elements are required.

autoPaginate option will be ignored.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

parent

string

Required. The resource name of the location associated with the KeyRings, in the format projects/ /locations/.

pageSize

Optional

number

The maximum number of resources contained in the underlying API response. If page streaming is performed per-resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
See also
https://nodejs.org/api/stream.html
Returns

Stream 

An object stream which emits an object representing KeyRing on 'data' event.

Example 

const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedParent = client.locationPath('[PROJECT]', '[LOCATION]');
client.listKeyRingsStream({parent: formattedParent})
  .on('data', element => {
    // doThingsWith(element)
  }).on('error', err => {
    console.log(err);
  });

locationPath

locationPath(project, location) returns String

Return a fully-qualified location resource name string.

Parameter

project

String

location

String
Returns

String 

matchCryptoKeyFromCryptoKeyName

matchCryptoKeyFromCryptoKeyName(cryptoKeyName) returns String

Parse the cryptoKeyName from a crypto_key resource.

Parameter

cryptoKeyName

String

A fully-qualified path representing a crypto_key resources.
Returns

String 

  • A string representing the crypto_key.

matchCryptoKeyFromCryptoKeyVersionName

matchCryptoKeyFromCryptoKeyVersionName(cryptoKeyVersionName) returns String

Parse the cryptoKeyVersionName from a crypto_key_version resource.

Parameter

cryptoKeyVersionName

String

A fully-qualified path representing a crypto_key_version resources.
Returns

String 

  • A string representing the crypto_key.

matchCryptoKeyPathFromCryptoKeyPathName

matchCryptoKeyPathFromCryptoKeyPathName(cryptoKeyPathName) returns String

Parse the cryptoKeyPathName from a crypto_key_path resource.

Parameter

cryptoKeyPathName

String

A fully-qualified path representing a crypto_key_path resources.
Returns

String 

  • A string representing the crypto_key_path.

matchCryptoKeyVersionFromCryptoKeyVersionName

matchCryptoKeyVersionFromCryptoKeyVersionName(cryptoKeyVersionName) returns String

Parse the cryptoKeyVersionName from a crypto_key_version resource.

Parameter

cryptoKeyVersionName

String

A fully-qualified path representing a crypto_key_version resources.
Returns

String 

  • A string representing the crypto_key_version.

matchKeyRingFromCryptoKeyName

matchKeyRingFromCryptoKeyName(cryptoKeyName) returns String

Parse the cryptoKeyName from a crypto_key resource.

Parameter

cryptoKeyName

String

A fully-qualified path representing a crypto_key resources.
Returns

String 

  • A string representing the key_ring.

matchKeyRingFromCryptoKeyPathName

matchKeyRingFromCryptoKeyPathName(cryptoKeyPathName) returns String

Parse the cryptoKeyPathName from a crypto_key_path resource.

Parameter

cryptoKeyPathName

String

A fully-qualified path representing a crypto_key_path resources.
Returns

String 

  • A string representing the key_ring.

matchKeyRingFromCryptoKeyVersionName

matchKeyRingFromCryptoKeyVersionName(cryptoKeyVersionName) returns String

Parse the cryptoKeyVersionName from a crypto_key_version resource.

Parameter

cryptoKeyVersionName

String

A fully-qualified path representing a crypto_key_version resources.
Returns

String 

  • A string representing the key_ring.

matchKeyRingFromKeyRingName

matchKeyRingFromKeyRingName(keyRingName) returns String

Parse the keyRingName from a key_ring resource.

Parameter

keyRingName

String

A fully-qualified path representing a key_ring resources.
Returns

String 

  • A string representing the key_ring.

matchLocationFromCryptoKeyName

matchLocationFromCryptoKeyName(cryptoKeyName) returns String

Parse the cryptoKeyName from a crypto_key resource.

Parameter

cryptoKeyName

String

A fully-qualified path representing a crypto_key resources.
Returns

String 

  • A string representing the location.

matchLocationFromCryptoKeyPathName

matchLocationFromCryptoKeyPathName(cryptoKeyPathName) returns String

Parse the cryptoKeyPathName from a crypto_key_path resource.

Parameter

cryptoKeyPathName

String

A fully-qualified path representing a crypto_key_path resources.
Returns

String 

  • A string representing the location.

matchLocationFromCryptoKeyVersionName

matchLocationFromCryptoKeyVersionName(cryptoKeyVersionName) returns String

Parse the cryptoKeyVersionName from a crypto_key_version resource.

Parameter

cryptoKeyVersionName

String

A fully-qualified path representing a crypto_key_version resources.
Returns

String 

  • A string representing the location.

matchLocationFromKeyRingName

matchLocationFromKeyRingName(keyRingName) returns String

Parse the keyRingName from a key_ring resource.

Parameter

keyRingName

String

A fully-qualified path representing a key_ring resources.
Returns

String 

  • A string representing the location.

matchLocationFromLocationName

matchLocationFromLocationName(locationName) returns String

Parse the locationName from a location resource.

Parameter

locationName

String

A fully-qualified path representing a location resources.
Returns

String 

  • A string representing the location.

matchProjectFromCryptoKeyName

matchProjectFromCryptoKeyName(cryptoKeyName) returns String

Parse the cryptoKeyName from a crypto_key resource.

Parameter

cryptoKeyName

String

A fully-qualified path representing a crypto_key resources.
Returns

String 

  • A string representing the project.

matchProjectFromCryptoKeyPathName

matchProjectFromCryptoKeyPathName(cryptoKeyPathName) returns String

Parse the cryptoKeyPathName from a crypto_key_path resource.

Parameter

cryptoKeyPathName

String

A fully-qualified path representing a crypto_key_path resources.
Returns

String 

  • A string representing the project.

matchProjectFromCryptoKeyVersionName

matchProjectFromCryptoKeyVersionName(cryptoKeyVersionName) returns String

Parse the cryptoKeyVersionName from a crypto_key_version resource.

Parameter

cryptoKeyVersionName

String

A fully-qualified path representing a crypto_key_version resources.
Returns

String 

  • A string representing the project.

matchProjectFromKeyRingName

matchProjectFromKeyRingName(keyRingName) returns String

Parse the keyRingName from a key_ring resource.

Parameter

keyRingName

String

A fully-qualified path representing a key_ring resources.
Returns

String 

  • A string representing the project.

matchProjectFromLocationName

matchProjectFromLocationName(locationName) returns String

Parse the locationName from a location resource.

Parameter

locationName

String

A fully-qualified path representing a location resources.
Returns

String 

  • A string representing the project.

restoreCryptoKeyVersion

restoreCryptoKeyVersion(request, options, callback) returns Promise

Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state.

Upon restoration of the CryptoKeyVersion, state will be set to DISABLED, and destroy_time will be cleared.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

name

string

The resource name of the CryptoKeyVersion to restore.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKeyVersion.
Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing CryptoKeyVersion. The promise has a method named "cancel" which cancels the ongoing API call.

Example 

const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedName = client.cryptoKeyVersionPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]');
client.restoreCryptoKeyVersion({name: formattedName})
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

setIamPolicy

setIamPolicy(request, options, callback) returns Promise

Sets the access control policy on the specified resource. Replaces any existing policy.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

resource

string

REQUIRED: The resource for which the policy is being specified. resource is usually specified as a path. For example, a Project resource is specified as projects/{project}.

policy

Object

REQUIRED: The complete policy to be applied to the resource. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.

This object should have the same structure as Policy

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing Policy.
Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing Policy. The promise has a method named "cancel" which cancels the ongoing API call.

Example 

const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedResource = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');
const policy = {};
const request = {
  resource: formattedResource,
  policy: policy,
};
client.setIamPolicy(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

testIamPermissions

testIamPermissions(request, options, callback) returns Promise

Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

resource

string

REQUIRED: The resource for which the policy detail is being requested. resource is usually specified as a path. For example, a Project resource is specified as projects/{project}.

permissions

Array of string

The set of permissions to check for the resource. Permissions with wildcards (such as '' or 'storage.') are not allowed. For more information see IAM Overview.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing TestIamPermissionsResponse.
Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing TestIamPermissionsResponse. The promise has a method named "cancel" which cancels the ongoing API call.

Example 

const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedResource = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');
const permissions = [];
const request = {
  resource: formattedResource,
  permissions: permissions,
};
client.testIamPermissions(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

updateCryptoKey

updateCryptoKey(request, options, callback) returns Promise

Update a CryptoKey.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

cryptoKey

Object

CryptoKey with updated values.

This object should have the same structure as CryptoKey

updateMask

Object

Required list of fields to be updated in this request.

This object should have the same structure as FieldMask

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKey.
Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing CryptoKey. The promise has a method named "cancel" which cancels the ongoing API call.

Example 

const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const cryptoKey = {};
const updateMask = {};
const request = {
  cryptoKey: cryptoKey,
  updateMask: updateMask,
};
client.updateCryptoKey(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

updateCryptoKeyPrimaryVersion

updateCryptoKeyPrimaryVersion(request, options, callback) returns Promise

Update the version of a CryptoKey that will be used in Encrypt.

Returns an error if called on an asymmetric key.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

name

string

The resource name of the CryptoKey to update.

cryptoKeyVersionId

string

The id of the child CryptoKeyVersion to use as primary.

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKey.
Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing CryptoKey. The promise has a method named "cancel" which cancels the ongoing API call.

Example 

const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedName = client.cryptoKeyPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]');
const cryptoKeyVersionId = '';
const request = {
  name: formattedName,
  cryptoKeyVersionId: cryptoKeyVersionId,
};
client.updateCryptoKeyPrimaryVersion(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

updateCryptoKeyVersion

updateCryptoKeyVersion(request, options, callback) returns Promise

Update a CryptoKeyVersion's metadata.

state may be changed between ENABLED and DISABLED using this method. See DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to move between other states.

Parameter

request

Object

The request object that will be sent.

Values in request have the following properties:

Parameter

cryptoKeyVersion

Object

CryptoKeyVersion with updated values.

This object should have the same structure as CryptoKeyVersion

updateMask

Object

Required list of fields to be updated in this request.

This object should have the same structure as FieldMask

options

Optional

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

Optional

function(nullable Error, nullable Object)

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKeyVersion.
Returns

Promise 

  • The promise which resolves to an array. The first element of the array is an object representing CryptoKeyVersion. The promise has a method named "cancel" which cancels the ongoing API call.

Example 

const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const cryptoKeyVersion = {};
const updateMask = {};
const request = {
  cryptoKeyVersion: cryptoKeyVersion,
  updateMask: updateMask,
};
client.updateCryptoKeyVersion(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });