Class CryptoKey (3.0.1)

CryptoKey(mapping=None, *, ignore_unknown_fields=False, **kwargs)

This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key.

Attributes

NameDescription
transient .dlp.TransientCryptoKey
Transient crypto key
unwrapped .dlp.UnwrappedCryptoKey
Unwrapped crypto key
kms_wrapped .dlp.KmsWrappedCryptoKey
Kms wrapped key