Class google::cloud::kms_v1::KeyManagementServiceClient (2.10.1)

Google Cloud Key Management Service.

Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:

If you are using manual gRPC libraries, see Using gRPC with Cloud KMS.

Equality

Instances of this class created via copy-construction or copy-assignment always compare equal. Instances created with equal std::shared_ptr<*Connection> objects compare equal. Objects that compare equal share the same underlying resources.

Performance

Creating a new instance of this class is a relatively expensive operation, new objects establish new connections to the service. In contrast, copy-construction, move-construction, and the corresponding assignment operations are relatively efficient as the copies share all underlying resources.

Thread Safety

Concurrent access to different instances of this class, even if they compare equal, is guaranteed to work. Two or more threads operating on the same instance of this class is not guaranteed to work. Since copy-construction and move-construction is a relatively efficient operation, consider using such a copy when using this class from multiple threads.

Constructors

KeyManagementServiceClient

Parameter
Name	Description
	`KeyManagementServiceClient const &`

KeyManagementServiceClient

Parameter
Name	Description
	`KeyManagementServiceClient &&`

KeyManagementServiceClient

Parameters
Name	Description
`connection`	`std::shared_ptr< KeyManagementServiceConnection >`
`opts`	`Options`

~KeyManagementServiceClient

Operators

operator=

Parameter
Name	Description
	`KeyManagementServiceClient const &`

Returns
Type	Description
`KeyManagementServiceClient &`

operator=

Parameter
Name	Description
	`KeyManagementServiceClient &&`

Returns
Type	Description
`KeyManagementServiceClient &`

Functions

ListKeyRings

Lists KeyRings.

Parameters
Name	Description
`parent`	`std::string const &` Required. The resource name of the location associated with the KeyRings, in the format `projects//locations/`.
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StreamRange< google::cloud::kms::v1::KeyRing >`	[`google::cloud::kms::v1::KeyRing`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L35)

ListKeyRings

Lists KeyRings.

Parameters
Name	Description
`request`	`google::cloud::kms::v1::ListKeyRingsRequest` `google::cloud::kms::v1::ListKeyRingsRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StreamRange< google::cloud::kms::v1::KeyRing >`	[`google::cloud::kms::v1::KeyRing`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L35)

ListCryptoKeys

Lists CryptoKeys.

Parameters
Name	Description
`parent`	`std::string const &` Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing] to list, in the format `projects//locations//keyRings/*`.
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StreamRange< google::cloud::kms::v1::CryptoKey >`	[`google::cloud::kms::v1::CryptoKey`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L58)

ListCryptoKeys

Lists CryptoKeys.

Parameters
Name	Description
`request`	`google::cloud::kms::v1::ListCryptoKeysRequest` `google::cloud::kms::v1::ListCryptoKeysRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StreamRange< google::cloud::kms::v1::CryptoKey >`	[`google::cloud::kms::v1::CryptoKey`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L58)

ListCryptoKeyVersions

Lists CryptoKeyVersions.

Parameters
Name	Description
`parent`	`std::string const &` Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to list, in the format `projects//locations//keyRings//cryptoKeys/`.
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StreamRange< google::cloud::kms::v1::CryptoKeyVersion >`	[`google::cloud::kms::v1::CryptoKeyVersion`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L284)

ListCryptoKeyVersions

Lists CryptoKeyVersions.

Parameters
Name	Description
`request`	`google::cloud::kms::v1::ListCryptoKeyVersionsRequest` `google::cloud::kms::v1::ListCryptoKeyVersionsRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StreamRange< google::cloud::kms::v1::CryptoKeyVersion >`	[`google::cloud::kms::v1::CryptoKeyVersion`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L284)

ListImportJobs

Lists ImportJobs.

Parameters
Name	Description
`parent`	`std::string const &` Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing] to list, in the format `projects//locations//keyRings/*`.
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StreamRange< google::cloud::kms::v1::ImportJob >`	[`google::cloud::kms::v1::ImportJob`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L702)

ListImportJobs

Lists ImportJobs.

Parameters
Name	Description
`request`	`google::cloud::kms::v1::ListImportJobsRequest` `google::cloud::kms::v1::ListImportJobsRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StreamRange< google::cloud::kms::v1::ImportJob >`	[`google::cloud::kms::v1::ImportJob`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L702)

GetKeyRing

Returns metadata for a given KeyRing.

Parameters
Name	Description
`name`	`std::string const &` Required. The [name][google.cloud.kms.v1.KeyRing.name] of the KeyRing to get.
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::KeyRing >`	[`google::cloud::kms::v1::KeyRing`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L35)

GetKeyRing

Returns metadata for a given KeyRing.

Parameters
Name	Description
`request`	`google::cloud::kms::v1::GetKeyRingRequest const &` `google::cloud::kms::v1::GetKeyRingRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::KeyRing >`	[`google::cloud::kms::v1::KeyRing`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L35)

GetCryptoKey

Returns metadata for a given CryptoKey, as well as its primary CryptoKeyVersion.

Parameters
Name	Description
`name`	`std::string const &` Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the CryptoKey to get.
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::CryptoKey >`	[`google::cloud::kms::v1::CryptoKey`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L58)

GetCryptoKey

Returns metadata for a given CryptoKey, as well as its primary CryptoKeyVersion.

Parameters
Name	Description
`request`	`google::cloud::kms::v1::GetCryptoKeyRequest const &` `google::cloud::kms::v1::GetCryptoKeyRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::CryptoKey >`	[`google::cloud::kms::v1::CryptoKey`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L58)

GetCryptoKeyVersion

Returns metadata for a given CryptoKeyVersion.

Parameters
Name	Description
`name`	`std::string const &` Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the CryptoKeyVersion to get.
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::CryptoKeyVersion >`	[`google::cloud::kms::v1::CryptoKeyVersion`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L284)

GetCryptoKeyVersion

Returns metadata for a given CryptoKeyVersion.

Parameters
Name	Description
`request`	`google::cloud::kms::v1::GetCryptoKeyVersionRequest const &` `google::cloud::kms::v1::GetCryptoKeyVersionRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::CryptoKeyVersion >`	[`google::cloud::kms::v1::CryptoKeyVersion`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L284)

GetPublicKey

Returns the public key for the given CryptoKeyVersion.

The CryptoKey.purpose must be [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].

Parameters
Name	Description
`name`	`std::string const &` Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the CryptoKeyVersion public key to get.
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::PublicKey >`	[`google::cloud::kms::v1::PublicKey`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L623)

GetPublicKey

Returns the public key for the given CryptoKeyVersion.

Parameters
Name	Description
`request`	`google::cloud::kms::v1::GetPublicKeyRequest const &` `google::cloud::kms::v1::GetPublicKeyRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::PublicKey >`	[`google::cloud::kms::v1::PublicKey`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L623)

GetImportJob

Returns metadata for a given ImportJob.

Parameters
Name	Description
`name`	`std::string const &` Required. The [name][google.cloud.kms.v1.ImportJob.name] of the ImportJob to get.
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::ImportJob >`	[`google::cloud::kms::v1::ImportJob`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L702)

GetImportJob

Returns metadata for a given ImportJob.

Parameters
Name	Description
`request`	`google::cloud::kms::v1::GetImportJobRequest const &` `google::cloud::kms::v1::GetImportJobRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::ImportJob >`	[`google::cloud::kms::v1::ImportJob`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L702)

CreateKeyRing

Create a new KeyRing in a given Project and Location.

Parameters
Name	Description
`parent`	`std::string const &` Required. The resource name of the location associated with the KeyRings, in the format `projects//locations/`.
`key_ring_id`	`std::string const &` Required. It must be unique within a location and match the regular expression `[a-zA-Z0-9_-]{1,63}`
`key_ring`	`google::cloud::kms::v1::KeyRing const &` Required. A KeyRing with initial field values.
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::KeyRing >`	[`google::cloud::kms::v1::KeyRing`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L35)

CreateKeyRing

Create a new KeyRing in a given Project and Location.

Parameters
Name	Description
`request`	`google::cloud::kms::v1::CreateKeyRingRequest const &` `google::cloud::kms::v1::CreateKeyRingRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::KeyRing >`	[`google::cloud::kms::v1::KeyRing`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L35)

CreateCryptoKey

Create a new CryptoKey within a KeyRing.

CryptoKey.purpose and CryptoKey.version_template.algorithm are required.

Parameters
Name	Description
`parent`	`std::string const &` Required. The [name][google.cloud.kms.v1.KeyRing.name] of the KeyRing associated with the CryptoKeys.
`crypto_key_id`	`std::string const &` Required. It must be unique within a KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}`
`crypto_key`	`google::cloud::kms::v1::CryptoKey const &` Required. A CryptoKey with initial field values.
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::CryptoKey >`	[`google::cloud::kms::v1::CryptoKey`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L58)

CreateCryptoKey

Create a new CryptoKey within a KeyRing.

CryptoKey.purpose and CryptoKey.version_template.algorithm are required.

Parameters
Name	Description
`request`	`google::cloud::kms::v1::CreateCryptoKeyRequest const &` `google::cloud::kms::v1::CreateCryptoKeyRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::CryptoKey >`	[`google::cloud::kms::v1::CryptoKey`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L58)

CreateCryptoKeyVersion

Create a new CryptoKeyVersion in a CryptoKey.

The server will assign the next sequential id. If unset, state will be set to [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].

Parameters
Name	Description
`parent`	`std::string const &` Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the CryptoKey associated with the CryptoKeyVersions.
`crypto_key_version`	`google::cloud::kms::v1::CryptoKeyVersion const &` Required. A CryptoKeyVersion with initial field values.
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::CryptoKeyVersion >`	[`google::cloud::kms::v1::CryptoKeyVersion`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L284)

CreateCryptoKeyVersion

Create a new CryptoKeyVersion in a CryptoKey.

The server will assign the next sequential id. If unset, state will be set to [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].

Parameters
Name	Description
`request`	`google::cloud::kms::v1::CreateCryptoKeyVersionRequest const &` `google::cloud::kms::v1::CreateCryptoKeyVersionRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::CryptoKeyVersion >`	[`google::cloud::kms::v1::CryptoKeyVersion`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L284)

ImportCryptoKeyVersion

Import wrapped key material into a CryptoKeyVersion.

All requests must specify a CryptoKey. If a CryptoKeyVersion is additionally specified in the request, key material will be reimported into that version. Otherwise, a new version will be created, and will be assigned the next sequential id within the CryptoKey.

Parameters
Name	Description
`request`	`google::cloud::kms::v1::ImportCryptoKeyVersionRequest const &` `google::cloud::kms::v1::ImportCryptoKeyVersionRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::CryptoKeyVersion >`	[`google::cloud::kms::v1::CryptoKeyVersion`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L284)

CreateImportJob

Create a new ImportJob within a KeyRing.

ImportJob.import_method is required.

Parameters
Name	Description
`parent`	`std::string const &` Required. The [name][google.cloud.kms.v1.KeyRing.name] of the KeyRing associated with the ImportJobs.
`import_job_id`	`std::string const &` Required. It must be unique within a KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}`
`import_job`	`google::cloud::kms::v1::ImportJob const &` Required. An ImportJob with initial field values.
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::ImportJob >`	[`google::cloud::kms::v1::ImportJob`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L702)

CreateImportJob

Create a new ImportJob within a KeyRing.

ImportJob.import_method is required.

Parameters
Name	Description
`request`	`google::cloud::kms::v1::CreateImportJobRequest const &` `google::cloud::kms::v1::CreateImportJobRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::ImportJob >`	[`google::cloud::kms::v1::ImportJob`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L702)

UpdateCryptoKey

Update a CryptoKey.

Parameters
Name	Description
`crypto_key`	`google::cloud::kms::v1::CryptoKey const &` Required. CryptoKey with updated values.
`update_mask`	`google::protobuf::FieldMask const &` Required. List of fields to be updated in this request.
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::CryptoKey >`	[`google::cloud::kms::v1::CryptoKey`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L58)

UpdateCryptoKey

Update a CryptoKey.

Parameters
Name	Description
`request`	`google::cloud::kms::v1::UpdateCryptoKeyRequest const &` `google::cloud::kms::v1::UpdateCryptoKeyRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::CryptoKey >`	[`google::cloud::kms::v1::CryptoKey`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L58)

UpdateCryptoKeyVersion

Update a CryptoKeyVersion's metadata.

state may be changed between [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] and [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this method. See DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to move between other states.

Parameters
Name	Description
`crypto_key_version`	`google::cloud::kms::v1::CryptoKeyVersion const &` Required. CryptoKeyVersion with updated values.
`update_mask`	`google::protobuf::FieldMask const &` Required. List of fields to be updated in this request.
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::CryptoKeyVersion >`	[`google::cloud::kms::v1::CryptoKeyVersion`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L284)

UpdateCryptoKeyVersion

Update a CryptoKeyVersion's metadata.

Parameters
Name	Description
`request`	`google::cloud::kms::v1::UpdateCryptoKeyVersionRequest const &` `google::cloud::kms::v1::UpdateCryptoKeyVersionRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::CryptoKeyVersion >`	[`google::cloud::kms::v1::CryptoKeyVersion`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L284)

UpdateCryptoKeyPrimaryVersion

Update the version of a CryptoKey that will be used in Encrypt.

Returns an error if called on a key whose purpose is not [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].

Parameters
Name	Description
`name`	`std::string const &` Required. The resource name of the CryptoKey to update.
`crypto_key_version_id`	`std::string const &` Required. The id of the child [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use as primary.
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::CryptoKey >`	[`google::cloud::kms::v1::CryptoKey`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L58)

UpdateCryptoKeyPrimaryVersion

Update the version of a CryptoKey that will be used in Encrypt.

Returns an error if called on a key whose purpose is not [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].

Parameters
Name	Description
`request`	`google::cloud::kms::v1::UpdateCryptoKeyPrimaryVersionRequest const &` `google::cloud::kms::v1::UpdateCryptoKeyPrimaryVersionRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::CryptoKey >`	[`google::cloud::kms::v1::CryptoKey`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L58)

DestroyCryptoKeyVersion

Schedule a CryptoKeyVersion for destruction.

Upon calling this method, CryptoKeyVersion.state will be set to [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED], and destroy_time will be set to the time destroy_scheduled_duration in the future. At that time, the state will automatically change to [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key material will be irrevocably destroyed.

Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to reverse the process.

Parameters
Name	Description
`name`	`std::string const &` Required. The resource name of the CryptoKeyVersion to destroy.
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::CryptoKeyVersion >`	[`google::cloud::kms::v1::CryptoKeyVersion`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L284)

DestroyCryptoKeyVersion

Schedule a CryptoKeyVersion for destruction.

Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to reverse the process.

Parameters
Name	Description
`request`	`google::cloud::kms::v1::DestroyCryptoKeyVersionRequest const &` `google::cloud::kms::v1::DestroyCryptoKeyVersionRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::CryptoKeyVersion >`	[`google::cloud::kms::v1::CryptoKeyVersion`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L284)

RestoreCryptoKeyVersion

Restore a CryptoKeyVersion in the [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] state.

Upon restoration of the CryptoKeyVersion, state will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED], and destroy_time will be cleared.

Parameters
Name	Description
`name`	`std::string const &` Required. The resource name of the CryptoKeyVersion to restore.
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::CryptoKeyVersion >`	[`google::cloud::kms::v1::CryptoKeyVersion`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L284)

RestoreCryptoKeyVersion

Restore a CryptoKeyVersion in the [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] state.

Upon restoration of the CryptoKeyVersion, state will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED], and destroy_time will be cleared.

Parameters
Name	Description
`request`	`google::cloud::kms::v1::RestoreCryptoKeyVersionRequest const &` `google::cloud::kms::v1::RestoreCryptoKeyVersionRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::CryptoKeyVersion >`	[`google::cloud::kms::v1::CryptoKeyVersion`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/resources.proto#L284)

Encrypt

Encrypts data, so that it can only be recovered by a call to Decrypt.

The CryptoKey.purpose must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].

Parameters
Name	Description
`name`	`std::string const &` Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] or [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for encryption. If a [CryptoKey][google.cloud.kms.v1.CryptoKey] is specified, the server will use its [primary version][google.cloud.kms.v1.CryptoKey.primary].
`plaintext`	`std::string const &` Required. The data to encrypt. Must be no larger than 64KiB. The maximum size depends on the key version's [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE], [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys, the plaintext must be no larger than 64KiB. For [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::EncryptResponse >`	[`google::cloud::kms::v1::EncryptResponse`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/service.proto#L1332)

Encrypt

Encrypts data, so that it can only be recovered by a call to Decrypt.

The CryptoKey.purpose must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].

Parameters
Name	Description
`request`	`google::cloud::kms::v1::EncryptRequest const &` `google::cloud::kms::v1::EncryptRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::EncryptResponse >`	[`google::cloud::kms::v1::EncryptResponse`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/service.proto#L1332)

Decrypt

Decrypts data that was protected by Encrypt.

The CryptoKey.purpose must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].

Parameters
Name	Description
`name`	`std::string const &` Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to use for decryption. The server will choose the appropriate version.
`ciphertext`	`std::string const &` Required. The encrypted data originally returned in [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext].
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::DecryptResponse >`	[`google::cloud::kms::v1::DecryptResponse`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/service.proto#L1397)

Decrypt

Decrypts data that was protected by Encrypt.

The CryptoKey.purpose must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].

Parameters
Name	Description
`request`	`google::cloud::kms::v1::DecryptRequest const &` `google::cloud::kms::v1::DecryptRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::DecryptResponse >`	[`google::cloud::kms::v1::DecryptResponse`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/service.proto#L1397)

AsymmetricSign

Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.

Parameters
Name	Description
`name`	`std::string const &` Required. The resource name of the CryptoKeyVersion to use for signing.
`digest`	`google::cloud::kms::v1::Digest const &` Optional. The digest of the data to sign. The digest must be produced with the same digest algorithm as specified by the key version's [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm]. This field may not be supplied if [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data] is supplied.
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::AsymmetricSignResponse >`	[`google::cloud::kms::v1::AsymmetricSignResponse`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/service.proto#L1432)

AsymmetricSign

Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.

Parameters
Name	Description
`request`	`google::cloud::kms::v1::AsymmetricSignRequest const &` `google::cloud::kms::v1::AsymmetricSignRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::AsymmetricSignResponse >`	[`google::cloud::kms::v1::AsymmetricSignResponse`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/service.proto#L1432)

AsymmetricDecrypt

Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT.

Parameters
Name	Description
`name`	`std::string const &` Required. The resource name of the CryptoKeyVersion to use for decryption.
`ciphertext`	`std::string const &` Required. The data encrypted with the named CryptoKeyVersion's public key using OAEP.
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::AsymmetricDecryptResponse >`	[`google::cloud::kms::v1::AsymmetricDecryptResponse`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/service.proto#L1495)

AsymmetricDecrypt

Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT.

Parameters
Name	Description
`request`	`google::cloud::kms::v1::AsymmetricDecryptRequest const &` `google::cloud::kms::v1::AsymmetricDecryptRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::AsymmetricDecryptResponse >`	[`google::cloud::kms::v1::AsymmetricDecryptResponse`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/service.proto#L1495)

MacSign

Signs data using a CryptoKeyVersion with CryptoKey.purpose MAC, producing a tag that can be verified by another source with the same key.

Parameters
Name	Description
`name`	`std::string const &` Required. The resource name of the CryptoKeyVersion to use for signing.
`data`	`std::string const &` Required. The data to sign. The MAC tag is computed over this data field based on the specific algorithm.
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::MacSignResponse >`	[`google::cloud::kms::v1::MacSignResponse`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/service.proto#L1538)

MacSign

Signs data using a CryptoKeyVersion with CryptoKey.purpose MAC, producing a tag that can be verified by another source with the same key.

Parameters
Name	Description
`request`	`google::cloud::kms::v1::MacSignRequest const &` `google::cloud::kms::v1::MacSignRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::MacSignResponse >`	[`google::cloud::kms::v1::MacSignResponse`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/service.proto#L1538)

MacVerify

Verifies MAC tag using a CryptoKeyVersion with CryptoKey.purpose MAC, and returns a response that indicates whether or not the verification was successful.

Parameters
Name	Description
`name`	`std::string const &` Required. The resource name of the CryptoKeyVersion to use for verification.
`data`	`std::string const &` Required. The data used previously as a [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data] to generate the MAC tag.
`mac`	`std::string const &` Required. The signature to verify.
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::MacVerifyResponse >`	[`google::cloud::kms::v1::MacVerifyResponse`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/service.proto#L1585)

MacVerify

Verifies MAC tag using a CryptoKeyVersion with CryptoKey.purpose MAC, and returns a response that indicates whether or not the verification was successful.

Parameters
Name	Description
`request`	`google::cloud::kms::v1::MacVerifyRequest const &` `google::cloud::kms::v1::MacVerifyRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::MacVerifyResponse >`	[`google::cloud::kms::v1::MacVerifyResponse`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/service.proto#L1585)

GenerateRandomBytes

Generate random bytes using the Cloud KMS randomness source in the provided location.

Parameters
Name	Description
`location`	`std::string const &` The project-specific location in which to generate random bytes. For example, "projects/my-project/locations/us-central1".
`length_bytes`	`std::int32_t` The length in bytes of the amount of randomness to retrieve. Minimum 8 bytes, maximum 1024 bytes.
`protection_level`	`google::cloud::kms::v1::ProtectionLevel` The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] to use when generating the random data. Currently, only [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] protection level is supported.
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::GenerateRandomBytesResponse >`	[`google::cloud::kms::v1::GenerateRandomBytesResponse`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/service.proto#L1644)

GenerateRandomBytes

Generate random bytes using the Cloud KMS randomness source in the provided location.

Parameters
Name	Description
`request`	`google::cloud::kms::v1::GenerateRandomBytesRequest const &` `google::cloud::kms::v1::GenerateRandomBytesRequest`
`opts`	`Options` Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type	Description
`StatusOr< google::cloud::kms::v1::GenerateRandomBytesResponse >`	[`google::cloud::kms::v1::GenerateRandomBytesResponse`](https://github.com/googleapis/googleapis/blob/2da477b6a72168c65fdb4245530cfa702cc4b029/google/cloud/kms/v1/service.proto#L1644)