Module types (1.1.0)

API documentation for kms_v1.types module.

Classes

AsymmetricDecryptRequest

Request message for KeyManagementService.AsymmetricDecrypt.

Required. The data encrypted with the named CryptoKeyVersion's public key using OAEP.

AsymmetricDecryptResponse

Response message for KeyManagementService.AsymmetricDecrypt.

AsymmetricSignRequest

Request message for KeyManagementService.AsymmetricSign.

Required. The digest of the data to sign. The digest must be produced with the same digest algorithm as specified by the key version's algorithm.

AsymmetricSignResponse

Response message for KeyManagementService.AsymmetricSign.

CreateCryptoKeyRequest

Request message for KeyManagementService.CreateCryptoKey.

Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call [CreateCryptoKeyVersion][google.cloud.kms.v 1.KeyManagementService.CreateCryptoKeyVersion] or [ImportCrypt oKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCr yptoKeyVersion] before you can use this CryptoKey.

CreateCryptoKeyVersionRequest

Request message for KeyManagementService.CreateCryptoKeyVersion.

A CryptoKeyVersion with initial field values.

CreateImportJobRequest

Request message for KeyManagementService.CreateImportJob.

Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

CreateKeyRingRequest

Request message for KeyManagementService.CreateKeyRing.

Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}

CryptoKey

A CryptoKey represents a logical key that can be used for cryptographic operations.

A CryptoKey is made up of one or more versions, which represent the actual key material used in cryptographic operations.

Output only. A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in [EncryptRequest.name][google.cloud.kms.v1.EncryptRequest.na me]. The CryptoKey's primary version can be updated via [UpdateCryptoKeyPrimaryVersion][goo gle.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVe rsion]. All keys with purpose [ENCRYPT_DEC RYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_ DECRYPT] have a primary. For other keys, this field will be omitted.

Output only. The time at which this CryptoKey was created.

Controls the rate of automatic rotation.

A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either [CreateCryptoKeyVersion][google.cl oud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or auto-rotation are controlled by this template.

CryptoKeyVersion

A CryptoKeyVersion represents an individual cryptographic key, and the associated key material.

An ENABLED version can be used for cryptographic operations.

For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS.

The current state of the CryptoKeyVersion.

Output only. The [CryptoKeyVersionAlgorithm][google.cloud.kms. v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] that this CryptoKeyVersion supports.

Output only. The time at which this CryptoKeyVersion was created.

Output only. The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is [DESTRO Y_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVe rsionState.DESTROY_SCHEDULED].

Output only. The name of the ImportJob used to import this CryptoKeyVersion. Only present if the underlying key material was imported.

Output only. The root cause of an import failure. Only present if state is [IMP ORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVer sionState.IMPORT_FAILED].

CryptoKeyVersionTemplate

A CryptoKeyVersionTemplate specifies the properties to use when creating a new CryptoKeyVersion, either manually with CreateCryptoKeyVersion or automatically as a result of auto-rotation.

Required. [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.Cry ptoKeyVersionAlgorithm] to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurp ose.ENCRYPT_DECRYPT].

DecryptRequest

Request message for KeyManagementService.Decrypt.

Required. The encrypted data originally returned in [EncryptRe sponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphert ext].

DecryptResponse

Response message for KeyManagementService.Decrypt.

DestroyCryptoKeyVersionRequest

Request message for KeyManagementService.DestroyCryptoKeyVersion.

Digest

A Digest holds a cryptographic message digest.

A message digest produced with the SHA-256 algorithm.

A message digest produced with the SHA-512 algorithm.

Duration

API documentation for kms_v1.types.Duration class.

EncryptRequest

Request message for KeyManagementService.Encrypt.

Required. The data to encrypt. Must be no larger than 64KiB. The maximum size depends on the key version's [protection_lev el][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_l evel]. For SOFTWARE keys, the plaintext must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.

EncryptResponse

Response message for KeyManagementService.Encrypt.

The encrypted data.

FieldMask

API documentation for kms_v1.types.FieldMask class.

GetCryptoKeyRequest

Request message for KeyManagementService.GetCryptoKey.

GetCryptoKeyVersionRequest

Request message for KeyManagementService.GetCryptoKeyVersion.

GetImportJobRequest

Request message for KeyManagementService.GetImportJob.

GetKeyRingRequest

Request message for KeyManagementService.GetKeyRing.

GetPublicKeyRequest

Request message for KeyManagementService.GetPublicKey.

ImportCryptoKeyVersionRequest

Request message for KeyManagementService.ImportCryptoKeyVersion.

Required. The [algorithm][google.cloud.kms.v1.CryptoKeyVersion .CryptoKeyVersionAlgorithm] of the key being imported. This does not need to match the [version_template][google.cloud.km s.v1.CryptoKey.version_template] of the CryptoKey this version imports into.

Required. The incoming wrapped key material that is to be imported.

ImportJob

An ImportJob can be used to create CryptoKeys and CryptoKeyVersions using pre-existing key material, generated outside of Cloud KMS.

When an ImportJob is created, Cloud KMS will generate a "wrapping key", which is a public/private key pair. You use the wrapping key to encrypt (also known as wrap) the pre-existing key material to protect it during the import process. The nature of the wrapping key depends on the choice of [import_method][google.cloud.kms.v1.ImportJob.import_method]. When the wrapping key generation is complete, the state will be set to ACTIVE and the [public_key][google.cloud.kms.v1.ImportJob.public_key] can be fetched. The fetched public key can then be used to wrap your pre-existing key material.

Once the key material is wrapped, it can be imported into a new CryptoKeyVersion in an existing CryptoKey by calling ImportCryptoKeyVersion. Multiple CryptoKeyVersions can be imported with a single ImportJob. Cloud KMS uses the private key portion of the wrapping key to unwrap the key material. Only Cloud KMS has access to the private key.

An ImportJob expires 3 days after it is created. Once expired, Cloud KMS will no longer be able to import or unwrap any key material that was wrapped with the ImportJob's public key.

For more information, see Importing a key <https://cloud.google.com/kms/docs/importing-a-key>__.

Required and immutable. The wrapping method to be used for incoming key material.

Output only. The time at which this ImportJob was created.

Output only. The time at which this ImportJob is scheduled for expiration and can no longer be used to import key material.

Output only. The current state of the ImportJob, indicating if it can be used.

Output only. Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only present if the chosen ImportMethod is one with a protection level of HSM.

KeyOperationAttestation

Contains an HSM-generated attestation about a key operation. For more information, see Verifying attestations.

Output only. The attestation data provided by the HSM when the key operation was performed.

KeyRing

A KeyRing is a toplevel logical grouping of CryptoKeys.

Output only. The time at which this KeyRing was created.

ListCryptoKeyVersionsRequest

Request message for KeyManagementService.ListCryptoKeyVersions.

Optional limit on the number of CryptoKeyVersions to include in the response. Further CryptoKeyVersions can subsequently be obtained by including the [ListCryptoKeyVersio nsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKe yVersionsResponse.next_page_token] in a subsequent request. If unspecified, the server will pick an appropriate default.

The fields to include in the response.

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order.

ListCryptoKeyVersionsResponse

Response message for KeyManagementService.ListCryptoKeyVersions.

A token to retrieve next page of results. Pass this value in [ ListCryptoKeyVersionsRequest.page_token][google.cloud.kms.v1. ListCryptoKeyVersionsRequest.page_token] to retrieve the next page of results.

ListCryptoKeysRequest

Request message for KeyManagementService.ListCryptoKeys.

Optional limit on the number of CryptoKeys to include in the response. Further CryptoKeys can subsequently be obtained by including the [ListCryptoKeysR esponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysR esponse.next_page_token] in a subsequent request. If unspecified, the server will pick an appropriate default.

The fields of the primary version to include in the response.

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order.

ListCryptoKeysResponse

Response message for KeyManagementService.ListCryptoKeys.

A token to retrieve next page of results. Pass this value in [ ListCryptoKeysRequest.page_token][google.cloud.kms.v1.ListCry ptoKeysRequest.page_token] to retrieve the next page of results.

ListImportJobsRequest

Request message for KeyManagementService.ListImportJobs.

Optional limit on the number of ImportJobs to include in the response. Further ImportJobs can subsequently be obtained by including the [ListImportJobsR esponse.next_page_token][google.cloud.kms.v1.ListImportJobsR esponse.next_page_token] in a subsequent request. If unspecified, the server will pick an appropriate default.

Optional. Only include resources that match the filter in the response.

ListImportJobsResponse

Response message for KeyManagementService.ListImportJobs.

A token to retrieve next page of results. Pass this value in [ ListImportJobsRequest.page_token][google.cloud.kms.v1.ListImp ortJobsRequest.page_token] to retrieve the next page of results.

ListKeyRingsRequest

Request message for KeyManagementService.ListKeyRings.

Optional limit on the number of KeyRings to include in the response. Further KeyRings can subsequently be obtained by including the [ListKeyRingsRespons e.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse. next_page_token] in a subsequent request. If unspecified, the server will pick an appropriate default.

Optional. Only include resources that match the filter in the response.

ListKeyRingsResponse

Response message for KeyManagementService.ListKeyRings.

A token to retrieve next page of results. Pass this value in [ ListKeyRingsRequest.page_token][google.cloud.kms.v1.ListKeyRi ngsRequest.page_token] to retrieve the next page of results.

LocationMetadata

Cloud KMS metadata for the given google.cloud.location.Location.

PublicKey

The public key for a given CryptoKeyVersion. Obtained via GetPublicKey.

The [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKey VersionAlgorithm] associated with this key.

RestoreCryptoKeyVersionRequest

Request message for KeyManagementService.RestoreCryptoKeyVersion.

Timestamp

API documentation for kms_v1.types.Timestamp class.

UpdateCryptoKeyPrimaryVersionRequest

Request message for KeyManagementService.UpdateCryptoKeyPrimaryVersion.

The id of the child CryptoKeyVersion to use as primary.

UpdateCryptoKeyRequest

Request message for KeyManagementService.UpdateCryptoKey.

Required list of fields to be updated in this request.

UpdateCryptoKeyVersionRequest

Request message for KeyManagementService.UpdateCryptoKeyVersion.

Required list of fields to be updated in this request.