Stay organized with collections
Save and categorize content based on your preferences.
Encryption information for a given resource. If this resource is protected with customer managed encryption, the in-use Cloud Key Management Service (Cloud KMS) key version is specified along with its status.
Output only. The status of encrypt/decrypt calls on underlying data for this resource. Regardless of status, the existing data is always encrypted at rest.
kmsKeyVersion
string
Output only. The version of the Cloud KMS key specified in the parent cluster that is in use for the data underlying this table.
EncryptionType
Possible encryption types for a resource.
Enums
ENCRYPTION_TYPE_UNSPECIFIED
Encryption type was not specified, though data at rest remains encrypted.
GOOGLE_DEFAULT_ENCRYPTION
The data backing this resource is encrypted at rest with a key that is fully managed by Google. No key version or status will be populated. This is the default state.
CUSTOMER_MANAGED_ENCRYPTION
The data backing this resource is encrypted at rest with a key that is managed by the customer. The in-use version of the key and its status are populated for CMEK-protected tables. CMEK-protected backups are pinned to the key version that was in use at the time the backup was taken. This key version is populated but its status is not tracked and is reported as UNKNOWN.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-05-08 UTC."],[[["\u003cp\u003eThe content provides details on encryption information for a given resource, including the type of encryption used.\u003c/p\u003e\n"],["\u003cp\u003eResources can be encrypted using Google-managed keys (default) or customer-managed keys (CMEK), where only CMEK encryption will show the in-use key version.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eencryptionType\u003c/code\u003e field specifies whether the encryption is \u003ccode\u003eGOOGLE_DEFAULT_ENCRYPTION\u003c/code\u003e or \u003ccode\u003eCUSTOMER_MANAGED_ENCRYPTION\u003c/code\u003e, while \u003ccode\u003eencryptionStatus\u003c/code\u003e indicates the status of encrypt/decrypt calls.\u003c/p\u003e\n"],["\u003cp\u003eFor CMEK, the \u003ccode\u003ekmsKeyVersion\u003c/code\u003e field reveals the specific Cloud KMS key version in use for encrypting the data.\u003c/p\u003e\n"],["\u003cp\u003eRegardless of encryption status, the data is always encrypted at rest.\u003c/p\u003e\n"]]],[],null,["# EncryptionInfo\n\nEncryption information for a given resource. If this resource is protected with customer managed encryption, the in-use Cloud Key Management Service (Cloud KMS) key version is specified along with its status.\n\nEncryptionType\n--------------\n\nPossible encryption types for a resource."]]