Class KeyManagementServiceClient (2.11.0)

Google Cloud Key Management Service.

Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:

If you are using manual gRPC libraries, see Using gRPC with Cloud KMS.

Equality

Instances of this class created via copy-construction or copy-assignment always compare equal. Instances created with equal std::shared_ptr<*Connection> objects compare equal. Objects that compare equal share the same underlying resources.

Performance

Creating a new instance of this class is a relatively expensive operation, new objects establish new connections to the service. In contrast, copy-construction, move-construction, and the corresponding assignment operations are relatively efficient as the copies share all underlying resources.

Thread Safety

Concurrent access to different instances of this class, even if they compare equal, is guaranteed to work. Two or more threads operating on the same instance of this class is not guaranteed to work. Since copy-construction and move-construction is a relatively efficient operation, consider using such a copy when using this class from multiple threads.

Constructors

KeyManagementServiceClient(KeyManagementServiceClient const &)

Copy and move support

Parameter
Name Description
KeyManagementServiceClient const &

KeyManagementServiceClient(KeyManagementServiceClient &&)

Copy and move support

Parameter
Name Description
KeyManagementServiceClient &&

KeyManagementServiceClient(std::shared_ptr< KeyManagementServiceConnection >, Options)

Parameters
Name Description
connection std::shared_ptr< KeyManagementServiceConnection >
opts Options

Operators

operator=(KeyManagementServiceClient const &)

Copy and move support

Parameter
Name Description
KeyManagementServiceClient const &
Returns
Type Description
KeyManagementServiceClient &

operator=(KeyManagementServiceClient &&)

Copy and move support

Parameter
Name Description
KeyManagementServiceClient &&
Returns
Type Description
KeyManagementServiceClient &

Functions

ListKeyRings(std::string const &, Options)

Lists KeyRings.

Parameters
Name Description
parent std::string const &

Required. The resource name of the location associated with the KeyRings, in the format projects/*/locations/*.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StreamRange< google::cloud::kms::v1::KeyRing >

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a StatusOr as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.cloud.kms.v1.KeyRing, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

ListKeyRings(google::cloud::kms::v1::ListKeyRingsRequest, Options)

Lists KeyRings.

Parameters
Name Description
request google::cloud::kms::v1::ListKeyRingsRequest

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.ListKeyRingsRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StreamRange< google::cloud::kms::v1::KeyRing >

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a StatusOr as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.cloud.kms.v1.KeyRing, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

ListCryptoKeys(std::string const &, Options)

Lists CryptoKeys.

Parameters
Name Description
parent std::string const &

Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing] to list, in the format projects/*/locations/*/keyRings/*.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StreamRange< google::cloud::kms::v1::CryptoKey >

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a StatusOr as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.cloud.kms.v1.CryptoKey, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

ListCryptoKeys(google::cloud::kms::v1::ListCryptoKeysRequest, Options)

Lists CryptoKeys.

Parameters
Name Description
request google::cloud::kms::v1::ListCryptoKeysRequest

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.ListCryptoKeysRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StreamRange< google::cloud::kms::v1::CryptoKey >

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a StatusOr as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.cloud.kms.v1.CryptoKey, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

ListCryptoKeyVersions(std::string const &, Options)

Parameters
Name Description
parent std::string const &

Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to list, in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StreamRange< google::cloud::kms::v1::CryptoKeyVersion >

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a StatusOr as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.cloud.kms.v1.CryptoKeyVersion, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

ListCryptoKeyVersions(google::cloud::kms::v1::ListCryptoKeyVersionsRequest, Options)

Parameters
Name Description
request google::cloud::kms::v1::ListCryptoKeyVersionsRequest

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.ListCryptoKeyVersionsRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StreamRange< google::cloud::kms::v1::CryptoKeyVersion >

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a StatusOr as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.cloud.kms.v1.CryptoKeyVersion, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

ListImportJobs(std::string const &, Options)

Lists ImportJobs.

Parameters
Name Description
parent std::string const &

Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing] to list, in the format projects/*/locations/*/keyRings/*.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StreamRange< google::cloud::kms::v1::ImportJob >

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a StatusOr as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.cloud.kms.v1.ImportJob, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

ListImportJobs(google::cloud::kms::v1::ListImportJobsRequest, Options)

Lists ImportJobs.

Parameters
Name Description
request google::cloud::kms::v1::ListImportJobsRequest

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.ListImportJobsRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StreamRange< google::cloud::kms::v1::ImportJob >

a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has begin() and end() member functions returning a iterator class meeting the input iterator requirements. The value type for this iterator is a StatusOr as the iteration may fail even after some values are retrieved successfully, for example, if there is a network disconnect. An empty set of results does not indicate an error, it indicates that there are no resources meeting the request criteria. On a successful iteration the StatusOr<T> contains elements of type google.cloud.kms.v1.ImportJob, or rather, the C++ class generated by Protobuf from that type. Please consult the Protobuf documentation for details on the Protobuf mapping rules.

GetKeyRing(std::string const &, Options)

Returns metadata for a given KeyRing.

Parameters
Name Description
name std::string const &

Required. The [name][google.cloud.kms.v1.KeyRing.name] of the KeyRing to get.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::KeyRing >

the result of the RPC. The response message type (google.cloud.kms.v1.KeyRing) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

GetKeyRing(google::cloud::kms::v1::GetKeyRingRequest const &, Options)

Returns metadata for a given KeyRing.

Parameters
Name Description
request google::cloud::kms::v1::GetKeyRingRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.GetKeyRingRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::KeyRing >

the result of the RPC. The response message type (google.cloud.kms.v1.KeyRing) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

GetCryptoKey(std::string const &, Options)

Returns metadata for a given CryptoKey, as well as its primaryCryptoKeyVersion.

Parameters
Name Description
name std::string const &

Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the CryptoKey to get.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::CryptoKey >

the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKey) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

GetCryptoKey(google::cloud::kms::v1::GetCryptoKeyRequest const &, Options)

Returns metadata for a given CryptoKey, as well as its primaryCryptoKeyVersion.

Parameters
Name Description
request google::cloud::kms::v1::GetCryptoKeyRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.GetCryptoKeyRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::CryptoKey >

the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKey) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

GetCryptoKeyVersion(std::string const &, Options)

Returns metadata for a given CryptoKeyVersion.

Parameters
Name Description
name std::string const &

Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the CryptoKeyVersion to get.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::CryptoKeyVersion >

the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKeyVersion) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

GetCryptoKeyVersion(google::cloud::kms::v1::GetCryptoKeyVersionRequest const &, Options)

Returns metadata for a given CryptoKeyVersion.

Parameters
Name Description
request google::cloud::kms::v1::GetCryptoKeyVersionRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.GetCryptoKeyVersionRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::CryptoKeyVersion >

the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKeyVersion) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

GetPublicKey(std::string const &, Options)

Returns the public key for the given CryptoKeyVersion.

Parameters
Name Description
name std::string const &

Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the CryptoKeyVersion public key to get.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::PublicKey >

the result of the RPC. The response message type (google.cloud.kms.v1.PublicKey) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

GetPublicKey(google::cloud::kms::v1::GetPublicKeyRequest const &, Options)

Returns the public key for the given CryptoKeyVersion.

Parameters
Name Description
request google::cloud::kms::v1::GetPublicKeyRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.GetPublicKeyRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::PublicKey >

the result of the RPC. The response message type (google.cloud.kms.v1.PublicKey) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

GetImportJob(std::string const &, Options)

Returns metadata for a given ImportJob.

Parameters
Name Description
name std::string const &

Required. The [name][google.cloud.kms.v1.ImportJob.name] of the ImportJob to get.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::ImportJob >

the result of the RPC. The response message type (google.cloud.kms.v1.ImportJob) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

GetImportJob(google::cloud::kms::v1::GetImportJobRequest const &, Options)

Returns metadata for a given ImportJob.

Parameters
Name Description
request google::cloud::kms::v1::GetImportJobRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.GetImportJobRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::ImportJob >

the result of the RPC. The response message type (google.cloud.kms.v1.ImportJob) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

CreateKeyRing(std::string const &, std::string const &, google::cloud::kms::v1::KeyRing const &, Options)

Create a new KeyRing in a given Project and Location.

Parameters
Name Description
parent std::string const &

Required. The resource name of the location associated with the KeyRings, in the format projects/*/locations/*.

key_ring_id std::string const &

Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}

key_ring google::cloud::kms::v1::KeyRing const &

Required. A KeyRing with initial field values.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::KeyRing >

the result of the RPC. The response message type (google.cloud.kms.v1.KeyRing) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

CreateKeyRing(google::cloud::kms::v1::CreateKeyRingRequest const &, Options)

Create a new KeyRing in a given Project and Location.

Parameters
Name Description
request google::cloud::kms::v1::CreateKeyRingRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.CreateKeyRingRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::KeyRing >

the result of the RPC. The response message type (google.cloud.kms.v1.KeyRing) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

CreateCryptoKey(std::string const &, std::string const &, google::cloud::kms::v1::CryptoKey const &, Options)

Create a new CryptoKey within a KeyRing.

Parameters
Name Description
parent std::string const &

Required. The [name][google.cloud.kms.v1.KeyRing.name] of the KeyRing associated with the CryptoKeys.

crypto_key_id std::string const &

Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

crypto_key google::cloud::kms::v1::CryptoKey const &

Required. A CryptoKey with initial field values.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::CryptoKey >

the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKey) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

CreateCryptoKey(google::cloud::kms::v1::CreateCryptoKeyRequest const &, Options)

Create a new CryptoKey within a KeyRing.

Parameters
Name Description
request google::cloud::kms::v1::CreateCryptoKeyRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.CreateCryptoKeyRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::CryptoKey >

the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKey) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

CreateCryptoKeyVersion(std::string const &, google::cloud::kms::v1::CryptoKeyVersion const &, Options)

Create a new CryptoKeyVersion in a CryptoKey.

The server will assign the next sequential id. If unset, state will be set to ENABLED.

Parameters
Name Description
parent std::string const &

Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the CryptoKey associated with the CryptoKeyVersions.

crypto_key_version google::cloud::kms::v1::CryptoKeyVersion const &

Required. A CryptoKeyVersion with initial field values.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::CryptoKeyVersion >

the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKeyVersion) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

CreateCryptoKeyVersion(google::cloud::kms::v1::CreateCryptoKeyVersionRequest const &, Options)

Create a new CryptoKeyVersion in a CryptoKey.

The server will assign the next sequential id. If unset, state will be set to ENABLED.

Parameters
Name Description
request google::cloud::kms::v1::CreateCryptoKeyVersionRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.CreateCryptoKeyVersionRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::CryptoKeyVersion >

the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKeyVersion) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

ImportCryptoKeyVersion(google::cloud::kms::v1::ImportCryptoKeyVersionRequest const &, Options)

Import wrapped key material into a CryptoKeyVersion.

All requests must specify a CryptoKey. If a CryptoKeyVersion is additionally specified in the request, key material will be reimported into that version. Otherwise, a new version will be created, and will be assigned the next sequential id within the CryptoKey.

Parameters
Name Description
request google::cloud::kms::v1::ImportCryptoKeyVersionRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.ImportCryptoKeyVersionRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::CryptoKeyVersion >

the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKeyVersion) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

CreateImportJob(std::string const &, std::string const &, google::cloud::kms::v1::ImportJob const &, Options)

Create a new ImportJob within a KeyRing.

Parameters
Name Description
parent std::string const &

Required. The [name][google.cloud.kms.v1.KeyRing.name] of the KeyRing associated with the ImportJobs.

import_job_id std::string const &

Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

import_job google::cloud::kms::v1::ImportJob const &

Required. An ImportJob with initial field values.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::ImportJob >

the result of the RPC. The response message type (google.cloud.kms.v1.ImportJob) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

CreateImportJob(google::cloud::kms::v1::CreateImportJobRequest const &, Options)

Create a new ImportJob within a KeyRing.

Parameters
Name Description
request google::cloud::kms::v1::CreateImportJobRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.CreateImportJobRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::ImportJob >

the result of the RPC. The response message type (google.cloud.kms.v1.ImportJob) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

UpdateCryptoKey(google::cloud::kms::v1::CryptoKey const &, google::protobuf::FieldMask const &, Options)

Update a CryptoKey.

Parameters
Name Description
crypto_key google::cloud::kms::v1::CryptoKey const &

Required. CryptoKey with updated values.

update_mask google::protobuf::FieldMask const &

Required. List of fields to be updated in this request.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::CryptoKey >

the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKey) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

UpdateCryptoKey(google::cloud::kms::v1::UpdateCryptoKeyRequest const &, Options)

Update a CryptoKey.

Parameters
Name Description
request google::cloud::kms::v1::UpdateCryptoKeyRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.UpdateCryptoKeyRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::CryptoKey >

the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKey) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

UpdateCryptoKeyVersion(google::cloud::kms::v1::CryptoKeyVersion const &, google::protobuf::FieldMask const &, Options)

Update a CryptoKeyVersion's metadata.

state may be changed between ENABLED and DISABLED using this method. See DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to move between other states.

Parameters
Name Description
crypto_key_version google::cloud::kms::v1::CryptoKeyVersion const &

Required. CryptoKeyVersion with updated values.

update_mask google::protobuf::FieldMask const &

Required. List of fields to be updated in this request.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::CryptoKeyVersion >

the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKeyVersion) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

UpdateCryptoKeyVersion(google::cloud::kms::v1::UpdateCryptoKeyVersionRequest const &, Options)

Update a CryptoKeyVersion's metadata.

state may be changed between ENABLED and DISABLED using this method. See DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to move between other states.

Parameters
Name Description
request google::cloud::kms::v1::UpdateCryptoKeyVersionRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.UpdateCryptoKeyVersionRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::CryptoKeyVersion >

the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKeyVersion) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

UpdateCryptoKeyPrimaryVersion(std::string const &, std::string const &, Options)

Update the version of a CryptoKey that will be used in Encrypt.

Returns an error if called on a key whose purpose is not ENCRYPT_DECRYPT.

Parameters
Name Description
name std::string const &

Required. The resource name of the CryptoKey to update.

crypto_key_version_id std::string const &

Required. The id of the child [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use as primary.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::CryptoKey >

the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKey) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

UpdateCryptoKeyPrimaryVersion(google::cloud::kms::v1::UpdateCryptoKeyPrimaryVersionRequest const &, Options)

Update the version of a CryptoKey that will be used in Encrypt.

Returns an error if called on a key whose purpose is not ENCRYPT_DECRYPT.

Parameters
Name Description
request google::cloud::kms::v1::UpdateCryptoKeyPrimaryVersionRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::CryptoKey >

the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKey) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

DestroyCryptoKeyVersion(std::string const &, Options)

Schedule a CryptoKeyVersion for destruction.

Upon calling this method, CryptoKeyVersion.state will be set to DESTROY_SCHEDULED, and destroy_time will be set to the time destroy_scheduled_duration in the future. At that time, the state will automatically change to DESTROYED, and the key material will be irrevocably destroyed.

Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to reverse the process.

Parameters
Name Description
name std::string const &

Required. The resource name of the CryptoKeyVersion to destroy.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::CryptoKeyVersion >

the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKeyVersion) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

DestroyCryptoKeyVersion(google::cloud::kms::v1::DestroyCryptoKeyVersionRequest const &, Options)

Schedule a CryptoKeyVersion for destruction.

Upon calling this method, CryptoKeyVersion.state will be set to DESTROY_SCHEDULED, and destroy_time will be set to the time destroy_scheduled_duration in the future. At that time, the state will automatically change to DESTROYED, and the key material will be irrevocably destroyed.

Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to reverse the process.

Parameters
Name Description
request google::cloud::kms::v1::DestroyCryptoKeyVersionRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.DestroyCryptoKeyVersionRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::CryptoKeyVersion >

the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKeyVersion) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

RestoreCryptoKeyVersion(std::string const &, Options)

Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state.

Upon restoration of the CryptoKeyVersion, state will be set to DISABLED, and destroy_time will be cleared.

Parameters
Name Description
name std::string const &

Required. The resource name of the CryptoKeyVersion to restore.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::CryptoKeyVersion >

the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKeyVersion) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

RestoreCryptoKeyVersion(google::cloud::kms::v1::RestoreCryptoKeyVersionRequest const &, Options)

Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state.

Upon restoration of the CryptoKeyVersion, state will be set to DISABLED, and destroy_time will be cleared.

Parameters
Name Description
request google::cloud::kms::v1::RestoreCryptoKeyVersionRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.RestoreCryptoKeyVersionRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::CryptoKeyVersion >

the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKeyVersion) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

Encrypt(std::string const &, std::string const &, Options)

Encrypts data, so that it can only be recovered by a call to Decrypt.

Parameters
Name Description
name std::string const &

Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] or [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for encryption.
If a [CryptoKey][google.cloud.kms.v1.CryptoKey] is specified, the server will use its [primary version][google.cloud.kms.v1.CryptoKey.primary].

plaintext std::string const &

Required. The data to encrypt. Must be no larger than 64KiB.
The maximum size depends on the key version's [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE], [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys, the plaintext must be no larger than 64KiB. For [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::EncryptResponse >

the result of the RPC. The response message type (google.cloud.kms.v1.EncryptResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

Encrypt(google::cloud::kms::v1::EncryptRequest const &, Options)

Encrypts data, so that it can only be recovered by a call to Decrypt.

Parameters
Name Description
request google::cloud::kms::v1::EncryptRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.EncryptRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::EncryptResponse >

the result of the RPC. The response message type (google.cloud.kms.v1.EncryptResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

Decrypt(std::string const &, std::string const &, Options)

Decrypts data that was protected by Encrypt.

Parameters
Name Description
name std::string const &

Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to use for decryption. The server will choose the appropriate version.

ciphertext std::string const &

Required. The encrypted data originally returned in [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext].

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::DecryptResponse >

the result of the RPC. The response message type (google.cloud.kms.v1.DecryptResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

Decrypt(google::cloud::kms::v1::DecryptRequest const &, Options)

Decrypts data that was protected by Encrypt.

Parameters
Name Description
request google::cloud::kms::v1::DecryptRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.DecryptRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::DecryptResponse >

the result of the RPC. The response message type (google.cloud.kms.v1.DecryptResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

AsymmetricSign(std::string const &, google::cloud::kms::v1::Digest const &, Options)

Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.

Parameters
Name Description
name std::string const &

Required. The resource name of the CryptoKeyVersion to use for signing.

digest google::cloud::kms::v1::Digest const &

Optional. The digest of the data to sign. The digest must be produced with the same digest algorithm as specified by the key version's [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm].
This field may not be supplied if [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data] is supplied.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::AsymmetricSignResponse >

the result of the RPC. The response message type (google.cloud.kms.v1.AsymmetricSignResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

AsymmetricSign(google::cloud::kms::v1::AsymmetricSignRequest const &, Options)

Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.

Parameters
Name Description
request google::cloud::kms::v1::AsymmetricSignRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.AsymmetricSignRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::AsymmetricSignResponse >

the result of the RPC. The response message type (google.cloud.kms.v1.AsymmetricSignResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

AsymmetricDecrypt(std::string const &, std::string const &, Options)

Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT.

Parameters
Name Description
name std::string const &

Required. The resource name of the CryptoKeyVersion to use for decryption.

ciphertext std::string const &

Required. The data encrypted with the named CryptoKeyVersion's public key using OAEP.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::AsymmetricDecryptResponse >

the result of the RPC. The response message type (google.cloud.kms.v1.AsymmetricDecryptResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

AsymmetricDecrypt(google::cloud::kms::v1::AsymmetricDecryptRequest const &, Options)

Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT.

Parameters
Name Description
request google::cloud::kms::v1::AsymmetricDecryptRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.AsymmetricDecryptRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::AsymmetricDecryptResponse >

the result of the RPC. The response message type (google.cloud.kms.v1.AsymmetricDecryptResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

MacSign(std::string const &, std::string const &, Options)

Signs data using a CryptoKeyVersion with CryptoKey.purpose MAC, producing a tag that can be verified by another source with the same key.

Parameters
Name Description
name std::string const &

Required. The resource name of the CryptoKeyVersion to use for signing.

data std::string const &

Required. The data to sign. The MAC tag is computed over this data field based on the specific algorithm.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::MacSignResponse >

the result of the RPC. The response message type (google.cloud.kms.v1.MacSignResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

MacSign(google::cloud::kms::v1::MacSignRequest const &, Options)

Signs data using a CryptoKeyVersion with CryptoKey.purpose MAC, producing a tag that can be verified by another source with the same key.

Parameters
Name Description
request google::cloud::kms::v1::MacSignRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.MacSignRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::MacSignResponse >

the result of the RPC. The response message type (google.cloud.kms.v1.MacSignResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

MacVerify(std::string const &, std::string const &, std::string const &, Options)

Verifies MAC tag using a CryptoKeyVersion with CryptoKey.purpose MAC, and returns a response that indicates whether or not the verification was successful.

Parameters
Name Description
name std::string const &

Required. The resource name of the CryptoKeyVersion to use for verification.

data std::string const &

Required. The data used previously as a [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data] to generate the MAC tag.

mac std::string const &

Required. The signature to verify.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::MacVerifyResponse >

the result of the RPC. The response message type (google.cloud.kms.v1.MacVerifyResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

MacVerify(google::cloud::kms::v1::MacVerifyRequest const &, Options)

Verifies MAC tag using a CryptoKeyVersion with CryptoKey.purpose MAC, and returns a response that indicates whether or not the verification was successful.

Parameters
Name Description
request google::cloud::kms::v1::MacVerifyRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.MacVerifyRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::MacVerifyResponse >

the result of the RPC. The response message type (google.cloud.kms.v1.MacVerifyResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

GenerateRandomBytes(std::string const &, std::int32_t, google::cloud::kms::v1::ProtectionLevel, Options)

Generate random bytes using the Cloud KMS randomness source in the provided location.

Parameters
Name Description
location std::string const &

The project-specific location in which to generate random bytes. For example, "projects/my-project/locations/us-central1".

length_bytes std::int32_t

The length in bytes of the amount of randomness to retrieve. Minimum 8 bytes, maximum 1024 bytes.

protection_level google::cloud::kms::v1::ProtectionLevel

The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] to use when generating the random data. Currently, only [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] protection level is supported.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::GenerateRandomBytesResponse >

the result of the RPC. The response message type (google.cloud.kms.v1.GenerateRandomBytesResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.

GenerateRandomBytes(google::cloud::kms::v1::GenerateRandomBytesRequest const &, Options)

Generate random bytes using the Cloud KMS randomness source in the provided location.

Parameters
Name Description
request google::cloud::kms::v1::GenerateRandomBytesRequest const &

Unary RPCs, such as the one wrapped by this function, receive a single request proto message which includes all the inputs for the RPC. In this case, the proto message is a google.cloud.kms.v1.GenerateRandomBytesRequest. Proto messages are converted to C++ classes by Protobuf, using the Protobuf mapping rules.

opts Options

Optional. Override the class-level options, such as retry and backoff policies.

Returns
Type Description
StatusOr< google::cloud::kms::v1::GenerateRandomBytesResponse >

the result of the RPC. The response message type (google.cloud.kms.v1.GenerateRandomBytesResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the StatusOr contains the error details.