Class CryptoKey (3.20.0)

CryptoKey(mapping=None, *, ignore_unknown_fields=False, **kwargs)

This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

Attributes

Name Description
transient google.cloud.dlp_v2.types.TransientCryptoKey
Transient crypto key This field is a member of oneof_ source.
unwrapped google.cloud.dlp_v2.types.UnwrappedCryptoKey
Unwrapped crypto key This field is a member of oneof_ source.
kms_wrapped google.cloud.dlp_v2.types.KmsWrappedCryptoKey
Key wrapped using Cloud KMS This field is a member of oneof_ source.