Cloud KMS V1 Client - Class ImportJob (2.1.3)

Reference documentation and code samples for the Cloud KMS V1 Client class ImportJob.

An ImportJob can be used to create CryptoKeys and CryptoKeyVersions using pre-existing key material, generated outside of Cloud KMS.

When an ImportJob is created, Cloud KMS will generate a "wrapping key", which is a public/private key pair. You use the wrapping key to encrypt (also known as wrap) the pre-existing key material to protect it during the import process. The nature of the wrapping key depends on the choice of import_method. When the wrapping key generation is complete, the state will be set to ACTIVE and the public_key can be fetched. The fetched public key can then be used to wrap your pre-existing key material. Once the key material is wrapped, it can be imported into a new CryptoKeyVersion in an existing CryptoKey by calling ImportCryptoKeyVersion. Multiple CryptoKeyVersions can be imported with a single ImportJob. Cloud KMS uses the private key portion of the wrapping key to unwrap the key material. Only Cloud KMS has access to the private key. An ImportJob expires 3 days after it is created. Once expired, Cloud KMS will no longer be able to import or unwrap any key material that was wrapped with the ImportJob's public key. For more information, see Importing a key.

Generated from protobuf message google.cloud.kms.v1.ImportJob

Namespace

Google \ Cloud \ Kms \ V1

Methods

__construct

Constructor.

Parameters
Name Description
data array

Optional. Data for populating the Message object.

↳ name string

Output only. The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*.

↳ import_method int

Required. Immutable. The wrapping method to be used for incoming key material.

↳ protection_level int

Required. Immutable. The protection level of the ImportJob. This must match the protection_level of the version_template on the CryptoKey you attempt to import into.

↳ create_time Google\Protobuf\Timestamp

Output only. The time at which this ImportJob was created.

↳ generate_time Google\Protobuf\Timestamp

Output only. The time this ImportJob's key material was generated.

↳ expire_time Google\Protobuf\Timestamp

Output only. The time at which this ImportJob is scheduled for expiration and can no longer be used to import key material.

↳ expire_event_time Google\Protobuf\Timestamp

Output only. The time this ImportJob expired. Only present if state is EXPIRED.

↳ state int

Output only. The current state of the ImportJob, indicating if it can be used.

↳ public_key ImportJob\WrappingPublicKey

Output only. The public key with which to wrap key material prior to import. Only returned if state is ACTIVE.

↳ attestation KeyOperationAttestation

Output only. Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only present if the chosen ImportMethod is one with a protection level of HSM.

getName

Output only. The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*.

Returns
Type Description
string

setName

Output only. The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*.

Parameter
Name Description
var string
Returns
Type Description
$this

getImportMethod

Required. Immutable. The wrapping method to be used for incoming key material.

Returns
Type Description
int

setImportMethod

Required. Immutable. The wrapping method to be used for incoming key material.

Parameter
Name Description
var int
Returns
Type Description
$this

getProtectionLevel

Required. Immutable. The protection level of the ImportJob. This must match the protection_level of the version_template on the CryptoKey you attempt to import into.

Returns
Type Description
int

setProtectionLevel

Required. Immutable. The protection level of the ImportJob. This must match the protection_level of the version_template on the CryptoKey you attempt to import into.

Parameter
Name Description
var int
Returns
Type Description
$this

getCreateTime

Output only. The time at which this ImportJob was created.

Returns
Type Description
Google\Protobuf\Timestamp|null

hasCreateTime

clearCreateTime

setCreateTime

Output only. The time at which this ImportJob was created.

Parameter
Name Description
var Google\Protobuf\Timestamp
Returns
Type Description
$this

getGenerateTime

Output only. The time this ImportJob's key material was generated.

Returns
Type Description
Google\Protobuf\Timestamp|null

hasGenerateTime

clearGenerateTime

setGenerateTime

Output only. The time this ImportJob's key material was generated.

Parameter
Name Description
var Google\Protobuf\Timestamp
Returns
Type Description
$this

getExpireTime

Output only. The time at which this ImportJob is scheduled for expiration and can no longer be used to import key material.

Returns
Type Description
Google\Protobuf\Timestamp|null

hasExpireTime

clearExpireTime

setExpireTime

Output only. The time at which this ImportJob is scheduled for expiration and can no longer be used to import key material.

Parameter
Name Description
var Google\Protobuf\Timestamp
Returns
Type Description
$this

getExpireEventTime

Output only. The time this ImportJob expired. Only present if state is EXPIRED.

Returns
Type Description
Google\Protobuf\Timestamp|null

hasExpireEventTime

clearExpireEventTime

setExpireEventTime

Output only. The time this ImportJob expired. Only present if state is EXPIRED.

Parameter
Name Description
var Google\Protobuf\Timestamp
Returns
Type Description
$this

getState

Output only. The current state of the ImportJob, indicating if it can be used.

Returns
Type Description
int

setState

Output only. The current state of the ImportJob, indicating if it can be used.

Parameter
Name Description
var int
Returns
Type Description
$this

getPublicKey

Output only. The public key with which to wrap key material prior to import. Only returned if state is ACTIVE.

Returns
Type Description
ImportJob\WrappingPublicKey|null

hasPublicKey

clearPublicKey

setPublicKey

Output only. The public key with which to wrap key material prior to import. Only returned if state is ACTIVE.

Parameter
Name Description
var ImportJob\WrappingPublicKey
Returns
Type Description
$this

getAttestation

Output only. Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google.

Only present if the chosen ImportMethod is one with a protection level of HSM.

Returns
Type Description
KeyOperationAttestation|null

hasAttestation

clearAttestation

setAttestation

Output only. Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google.

Only present if the chosen ImportMethod is one with a protection level of HSM.

Parameter
Name Description
var KeyOperationAttestation
Returns
Type Description
$this