Class CustomerManagedEncryption (2.22.0)

CustomerManagedEncryption(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Configuration for encrypting secret payloads using customer-managed encryption keys (CMEK).

Attribute

Name Description
kms_key_name str
Required. The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. For secrets using the UserManaged replication policy type, Cloud KMS CryptoKeys must reside in the same location as the [replica location][Secret.UserManaged.Replica.location]. For secrets using the Automatic replication policy type, Cloud KMS CryptoKeys must reside in global. The expected format is projects/*/locations/*/keyRings/*/cryptoKeys/*.