Class DatabaseEncryption (2.45.0)

DatabaseEncryption(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Attributes

NameDescription
key_name str
Name of CloudKMS key to use for the encryption of secrets in etcd. Ex. projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key
state google.cloud.container_v1beta1.types.DatabaseEncryption.State
The desired state of etcd encryption.
current_state google.cloud.container_v1beta1.types.DatabaseEncryption.CurrentState
Output only. The current state of etcd encryption. This field is a member of oneof_ _current_state.
decryption_keys MutableSequence[str]
Output only. Keys in use by the cluster for decrypting existing objects, in addition to the key in key_name. Each item is a CloudKMS key resource.
last_operation_errors MutableSequence[google.cloud.container_v1beta1.types.DatabaseEncryption.OperationError]
Output only. Records errors seen during DatabaseEncryption update operations.

Classes

CurrentState

CurrentState(value)

Current State of etcd encryption.

Values: CURRENT_STATE_UNSPECIFIED (0): Should never be set CURRENT_STATE_ENCRYPTED (7): Secrets in etcd are encrypted. CURRENT_STATE_DECRYPTED (2): Secrets in etcd are stored in plain text (at etcd level) - this is unrelated to Compute Engine level full disk encryption. CURRENT_STATE_ENCRYPTION_PENDING (3): Encryption (or re-encryption with a different CloudKMS key) of Secrets is in progress. CURRENT_STATE_ENCRYPTION_ERROR (4): Encryption (or re-encryption with a different CloudKMS key) of Secrets in etcd encountered an error. CURRENT_STATE_DECRYPTION_PENDING (5): De-crypting Secrets to plain text in etcd is in progress. CURRENT_STATE_DECRYPTION_ERROR (6): De-crypting Secrets to plain text in etcd encountered an error.

OperationError

OperationError(mapping=None, *, ignore_unknown_fields=False, **kwargs)

OperationError records errors seen from CloudKMS keys encountered during updates to DatabaseEncryption configuration.

State

State(value)

State of etcd encryption.

Values: UNKNOWN (0): Should never be set ENCRYPTED (1): Secrets in etcd are encrypted. DECRYPTED (2): Secrets in etcd are stored in plain text (at etcd level) - this is unrelated to Compute Engine level full disk encryption.