Class CryptoKey (3.2.4)

CryptoKey(mapping=None, *, ignore_unknown_fields=False, **kwargs)

This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key.

Attributes

NameDescription
transient google.cloud.dlp_v2.types.TransientCryptoKey
Transient crypto key
unwrapped google.cloud.dlp_v2.types.UnwrappedCryptoKey
Unwrapped crypto key
kms_wrapped google.cloud.dlp_v2.types.KmsWrappedCryptoKey
Kms wrapped key