Reference documentation and code samples for the Cloud KMS V1 Client class KeyManagementMode.
KeyManagementMode describes who can perform control plane cryptographic operations using this EkmConnection.
Protobuf type google.cloud.kms.v1.EkmConnection.KeyManagementMode
Namespace
Google \ Cloud \ Kms \ V1 \ EkmConnectionMethods
static::name
| Parameter | |
|---|---|
| Name | Description |
value |
mixed
|
static::value
| Parameter | |
|---|---|
| Name | Description |
name |
mixed
|
Constants
KEY_MANAGEMENT_MODE_UNSPECIFIED
Value: 0Not specified.
Generated from protobuf enum KEY_MANAGEMENT_MODE_UNSPECIFIED = 0;
MANUAL
Value: 1EKM-side key management operations on CryptoKeys created with this EkmConnection must be initiated from the EKM directly and cannot be performed from Cloud KMS. This means that:
When creating a CryptoKeyVersion associated with this EkmConnection, the caller must supply the key path of pre-existing external key material that will be linked to the CryptoKeyVersion.
Destruction of external key material cannot be requested via the Cloud KMS API and must be performed directly in the EKM.
- Automatic rotation of key material is not supported.
Generated from protobuf enum MANUAL = 1;
CLOUD_KMS
Value: 2All CryptoKeys created with this EkmConnection use EKM-side key management operations initiated from Cloud KMS. This means that:
When a CryptoKeyVersion associated with this EkmConnection is created, the EKM automatically generates new key material and a new key path. The caller cannot supply the key path of pre-existing external key material.
Destruction of external key material associated with this EkmConnection can be requested by calling DestroyCryptoKeyVersion.
- Automatic rotation of key material is supported.
Generated from protobuf enum CLOUD_KMS = 2;