Google Cloud Key Management Service.
Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:
If you are using manual gRPC libraries, see Using gRPC with Cloud KMS.
Equality
Instances of this class created via copy-construction or copy-assignment always compare equal. Instances created with equal std::shared_ptr<*Connection>
objects compare equal. Objects that compare equal share the same underlying resources.
Performance
Creating a new instance of this class is a relatively expensive operation, new objects establish new connections to the service. In contrast, copy-construction, move-construction, and the corresponding assignment operations are relatively efficient as the copies share all underlying resources.
Thread Safety
Concurrent access to different instances of this class, even if they compare equal, is guaranteed to work. Two or more threads operating on the same instance of this class is not guaranteed to work. Since copy-construction and move-construction is a relatively efficient operation, consider using such a copy when using this class from multiple threads.
Constructors
KeyManagementServiceClient(KeyManagementServiceClient const &)
Copy and move support
Parameter | |
---|---|
Name | Description |
|
KeyManagementServiceClient const &
|
KeyManagementServiceClient(KeyManagementServiceClient &&)
Copy and move support
Parameter | |
---|---|
Name | Description |
|
KeyManagementServiceClient &&
|
KeyManagementServiceClient(std::shared_ptr< KeyManagementServiceConnection >, Options)
Parameters | |
---|---|
Name | Description |
connection |
std::shared_ptr< KeyManagementServiceConnection >
|
opts |
Options
|
Operators
operator=(KeyManagementServiceClient const &)
Copy and move support
Parameter | |
---|---|
Name | Description |
|
KeyManagementServiceClient const &
|
Returns | |
---|---|
Type | Description |
KeyManagementServiceClient & |
operator=(KeyManagementServiceClient &&)
Copy and move support
Parameter | |
---|---|
Name | Description |
|
KeyManagementServiceClient &&
|
Returns | |
---|---|
Type | Description |
KeyManagementServiceClient & |
Functions
ListKeyRings(std::string const &, Options)
Lists KeyRings.
Parameters | |
---|---|
Name | Description |
parent |
std::string const &
Required. The resource name of the location associated with the KeyRings, in the format |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StreamRange< google::cloud::kms::v1::KeyRing > |
a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has |
ListKeyRings(google::cloud::kms::v1::ListKeyRingsRequest, Options)
Lists KeyRings.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::ListKeyRingsRequest
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StreamRange< google::cloud::kms::v1::KeyRing > |
a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has |
ListCryptoKeys(std::string const &, Options)
Lists CryptoKeys.
Parameters | |
---|---|
Name | Description |
parent |
std::string const &
Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing] to list, in the format |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StreamRange< google::cloud::kms::v1::CryptoKey > |
a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has |
ListCryptoKeys(google::cloud::kms::v1::ListCryptoKeysRequest, Options)
Lists CryptoKeys.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::ListCryptoKeysRequest
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StreamRange< google::cloud::kms::v1::CryptoKey > |
a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has |
ListCryptoKeyVersions(std::string const &, Options)
Lists CryptoKeyVersions.
Parameters | |
---|---|
Name | Description |
parent |
std::string const &
Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to list, in the format |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StreamRange< google::cloud::kms::v1::CryptoKeyVersion > |
a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has |
ListCryptoKeyVersions(google::cloud::kms::v1::ListCryptoKeyVersionsRequest, Options)
Lists CryptoKeyVersions.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::ListCryptoKeyVersionsRequest
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StreamRange< google::cloud::kms::v1::CryptoKeyVersion > |
a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has |
ListImportJobs(std::string const &, Options)
Lists ImportJobs.
Parameters | |
---|---|
Name | Description |
parent |
std::string const &
Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing] to list, in the format |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StreamRange< google::cloud::kms::v1::ImportJob > |
a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has |
ListImportJobs(google::cloud::kms::v1::ListImportJobsRequest, Options)
Lists ImportJobs.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::ListImportJobsRequest
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StreamRange< google::cloud::kms::v1::ImportJob > |
a StreamRange to iterate of the results. See the documentation of this type for details. In brief, this class has |
GetKeyRing(std::string const &, Options)
Returns metadata for a given KeyRing.
Parameters | |
---|---|
Name | Description |
name |
std::string const &
Required. The [name][google.cloud.kms.v1.KeyRing.name] of the KeyRing to get. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::KeyRing > |
the result of the RPC. The response message type (google.cloud.kms.v1.KeyRing) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
GetKeyRing(google::cloud::kms::v1::GetKeyRingRequest const &, Options)
Returns metadata for a given KeyRing.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::GetKeyRingRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::KeyRing > |
the result of the RPC. The response message type (google.cloud.kms.v1.KeyRing) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
GetCryptoKey(std::string const &, Options)
Returns metadata for a given CryptoKey, as well as its primaryCryptoKeyVersion.
Parameters | |
---|---|
Name | Description |
name |
std::string const &
Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the CryptoKey to get. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::CryptoKey > |
the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKey) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
GetCryptoKey(google::cloud::kms::v1::GetCryptoKeyRequest const &, Options)
Returns metadata for a given CryptoKey, as well as its primaryCryptoKeyVersion.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::GetCryptoKeyRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::CryptoKey > |
the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKey) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
GetCryptoKeyVersion(std::string const &, Options)
Returns metadata for a given CryptoKeyVersion.
Parameters | |
---|---|
Name | Description |
name |
std::string const &
Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the CryptoKeyVersion to get. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::CryptoKeyVersion > |
the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKeyVersion) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
GetCryptoKeyVersion(google::cloud::kms::v1::GetCryptoKeyVersionRequest const &, Options)
Returns metadata for a given CryptoKeyVersion.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::GetCryptoKeyVersionRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::CryptoKeyVersion > |
the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKeyVersion) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
GetPublicKey(std::string const &, Options)
Returns the public key for the given CryptoKeyVersion.
The CryptoKey.purpose must be ASYMMETRIC_SIGN or ASYMMETRIC_DECRYPT.
Parameters | |
---|---|
Name | Description |
name |
std::string const &
Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the CryptoKeyVersion public key to get. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::PublicKey > |
the result of the RPC. The response message type (google.cloud.kms.v1.PublicKey) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
GetPublicKey(google::cloud::kms::v1::GetPublicKeyRequest const &, Options)
Returns the public key for the given CryptoKeyVersion.
The CryptoKey.purpose must be ASYMMETRIC_SIGN or ASYMMETRIC_DECRYPT.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::GetPublicKeyRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::PublicKey > |
the result of the RPC. The response message type (google.cloud.kms.v1.PublicKey) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
GetImportJob(std::string const &, Options)
Returns metadata for a given ImportJob.
Parameters | |
---|---|
Name | Description |
name |
std::string const &
Required. The [name][google.cloud.kms.v1.ImportJob.name] of the ImportJob to get. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::ImportJob > |
the result of the RPC. The response message type (google.cloud.kms.v1.ImportJob) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
GetImportJob(google::cloud::kms::v1::GetImportJobRequest const &, Options)
Returns metadata for a given ImportJob.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::GetImportJobRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::ImportJob > |
the result of the RPC. The response message type (google.cloud.kms.v1.ImportJob) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
CreateKeyRing(std::string const &, std::string const &, google::cloud::kms::v1::KeyRing const &, Options)
Parameters | |
---|---|
Name | Description |
parent |
std::string const &
Required. The resource name of the location associated with the KeyRings, in the format |
key_ring_id |
std::string const &
Required. It must be unique within a location and match the regular expression |
key_ring |
google::cloud::kms::v1::KeyRing const &
Required. A KeyRing with initial field values. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::KeyRing > |
the result of the RPC. The response message type (google.cloud.kms.v1.KeyRing) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
CreateKeyRing(google::cloud::kms::v1::CreateKeyRingRequest const &, Options)
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::CreateKeyRingRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::KeyRing > |
the result of the RPC. The response message type (google.cloud.kms.v1.KeyRing) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
CreateCryptoKey(std::string const &, std::string const &, google::cloud::kms::v1::CryptoKey const &, Options)
CryptoKey.purpose and CryptoKey.version_template.algorithm are required.
Parameters | |
---|---|
Name | Description |
parent |
std::string const &
Required. The [name][google.cloud.kms.v1.KeyRing.name] of the KeyRing associated with the CryptoKeys. |
crypto_key_id |
std::string const &
Required. It must be unique within a KeyRing and match the regular expression |
crypto_key |
google::cloud::kms::v1::CryptoKey const &
Required. A CryptoKey with initial field values. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::CryptoKey > |
the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKey) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
CreateCryptoKey(google::cloud::kms::v1::CreateCryptoKeyRequest const &, Options)
CryptoKey.purpose and CryptoKey.version_template.algorithm are required.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::CreateCryptoKeyRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::CryptoKey > |
the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKey) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
CreateCryptoKeyVersion(std::string const &, google::cloud::kms::v1::CryptoKeyVersion const &, Options)
Create a new CryptoKeyVersion in a CryptoKey.
Parameters | |
---|---|
Name | Description |
parent |
std::string const &
Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the CryptoKey associated with the CryptoKeyVersions. |
crypto_key_version |
google::cloud::kms::v1::CryptoKeyVersion const &
Required. A CryptoKeyVersion with initial field values. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::CryptoKeyVersion > |
the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKeyVersion) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
CreateCryptoKeyVersion(google::cloud::kms::v1::CreateCryptoKeyVersionRequest const &, Options)
Create a new CryptoKeyVersion in a CryptoKey.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::CreateCryptoKeyVersionRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::CryptoKeyVersion > |
the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKeyVersion) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
ImportCryptoKeyVersion(google::cloud::kms::v1::ImportCryptoKeyVersionRequest const &, Options)
Import wrapped key material into a CryptoKeyVersion.
All requests must specify a CryptoKey. If a CryptoKeyVersion is additionally specified in the request, key material will be reimported into that version. Otherwise, a new version will be created, and will be assigned the next sequential id within the CryptoKey.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::ImportCryptoKeyVersionRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::CryptoKeyVersion > |
the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKeyVersion) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
CreateImportJob(std::string const &, std::string const &, google::cloud::kms::v1::ImportJob const &, Options)
ImportJob.import_method is required.
Parameters | |
---|---|
Name | Description |
parent |
std::string const &
Required. The [name][google.cloud.kms.v1.KeyRing.name] of the KeyRing associated with the ImportJobs. |
import_job_id |
std::string const &
Required. It must be unique within a KeyRing and match the regular expression |
import_job |
google::cloud::kms::v1::ImportJob const &
Required. An ImportJob with initial field values. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::ImportJob > |
the result of the RPC. The response message type (google.cloud.kms.v1.ImportJob) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
CreateImportJob(google::cloud::kms::v1::CreateImportJobRequest const &, Options)
ImportJob.import_method is required.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::CreateImportJobRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::ImportJob > |
the result of the RPC. The response message type (google.cloud.kms.v1.ImportJob) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
UpdateCryptoKey(google::cloud::kms::v1::CryptoKey const &, google::protobuf::FieldMask const &, Options)
Update a CryptoKey.
Parameters | |
---|---|
Name | Description |
crypto_key |
google::cloud::kms::v1::CryptoKey const &
Required. CryptoKey with updated values. |
update_mask |
google::protobuf::FieldMask const &
Required. List of fields to be updated in this request. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::CryptoKey > |
the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKey) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
UpdateCryptoKey(google::cloud::kms::v1::UpdateCryptoKeyRequest const &, Options)
Update a CryptoKey.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::UpdateCryptoKeyRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::CryptoKey > |
the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKey) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
UpdateCryptoKeyVersion(google::cloud::kms::v1::CryptoKeyVersion const &, google::protobuf::FieldMask const &, Options)
Update a CryptoKeyVersion's metadata.
state may be changed between ENABLED and DISABLED using this method. See DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to move between other states.
Parameters | |
---|---|
Name | Description |
crypto_key_version |
google::cloud::kms::v1::CryptoKeyVersion const &
Required. CryptoKeyVersion with updated values. |
update_mask |
google::protobuf::FieldMask const &
Required. List of fields to be updated in this request. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::CryptoKeyVersion > |
the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKeyVersion) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
UpdateCryptoKeyVersion(google::cloud::kms::v1::UpdateCryptoKeyVersionRequest const &, Options)
Update a CryptoKeyVersion's metadata.
state may be changed between ENABLED and DISABLED using this method. See DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to move between other states.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::UpdateCryptoKeyVersionRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::CryptoKeyVersion > |
the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKeyVersion) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
UpdateCryptoKeyPrimaryVersion(std::string const &, std::string const &, Options)
Returns an error if called on a key whose purpose is not ENCRYPT_DECRYPT.
Parameters | |
---|---|
Name | Description |
name |
std::string const &
Required. The resource name of the CryptoKey to update. |
crypto_key_version_id |
std::string const &
Required. The id of the child [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use as primary. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::CryptoKey > |
the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKey) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
UpdateCryptoKeyPrimaryVersion(google::cloud::kms::v1::UpdateCryptoKeyPrimaryVersionRequest const &, Options)
Returns an error if called on a key whose purpose is not ENCRYPT_DECRYPT.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::UpdateCryptoKeyPrimaryVersionRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::CryptoKey > |
the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKey) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
DestroyCryptoKeyVersion(std::string const &, Options)
Schedule a CryptoKeyVersion for destruction.
Upon calling this method, CryptoKeyVersion.state will be set to DESTROY_SCHEDULED, and destroy_time will be set to the time destroy_scheduled_duration in the future. At that time, the state will automatically change to DESTROYED, and the key material will be irrevocably destroyed.
Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to reverse the process.
Parameters | |
---|---|
Name | Description |
name |
std::string const &
Required. The resource name of the CryptoKeyVersion to destroy. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::CryptoKeyVersion > |
the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKeyVersion) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
DestroyCryptoKeyVersion(google::cloud::kms::v1::DestroyCryptoKeyVersionRequest const &, Options)
Schedule a CryptoKeyVersion for destruction.
Upon calling this method, CryptoKeyVersion.state will be set to DESTROY_SCHEDULED, and destroy_time will be set to the time destroy_scheduled_duration in the future. At that time, the state will automatically change to DESTROYED, and the key material will be irrevocably destroyed.
Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to reverse the process.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::DestroyCryptoKeyVersionRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::CryptoKeyVersion > |
the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKeyVersion) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
RestoreCryptoKeyVersion(std::string const &, Options)
Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state.
Upon restoration of the CryptoKeyVersion, state will be set to DISABLED, and destroy_time will be cleared.
Parameters | |
---|---|
Name | Description |
name |
std::string const &
Required. The resource name of the CryptoKeyVersion to restore. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::CryptoKeyVersion > |
the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKeyVersion) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
RestoreCryptoKeyVersion(google::cloud::kms::v1::RestoreCryptoKeyVersionRequest const &, Options)
Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state.
Upon restoration of the CryptoKeyVersion, state will be set to DISABLED, and destroy_time will be cleared.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::RestoreCryptoKeyVersionRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::CryptoKeyVersion > |
the result of the RPC. The response message type (google.cloud.kms.v1.CryptoKeyVersion) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
Encrypt(std::string const &, std::string const &, Options)
Encrypts data, so that it can only be recovered by a call to Decrypt.
The CryptoKey.purpose must be ENCRYPT_DECRYPT.
Parameters | |
---|---|
Name | Description |
name |
std::string const &
Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] or [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for encryption. |
plaintext |
std::string const &
Required. The data to encrypt. Must be no larger than 64KiB. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::EncryptResponse > |
the result of the RPC. The response message type (google.cloud.kms.v1.EncryptResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
Encrypt(google::cloud::kms::v1::EncryptRequest const &, Options)
Encrypts data, so that it can only be recovered by a call to Decrypt.
The CryptoKey.purpose must be ENCRYPT_DECRYPT.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::EncryptRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::EncryptResponse > |
the result of the RPC. The response message type (google.cloud.kms.v1.EncryptResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
Decrypt(std::string const &, std::string const &, Options)
Decrypts data that was protected by Encrypt.
The CryptoKey.purpose must be ENCRYPT_DECRYPT.
Parameters | |
---|---|
Name | Description |
name |
std::string const &
Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to use for decryption. The server will choose the appropriate version. |
ciphertext |
std::string const &
Required. The encrypted data originally returned in [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext]. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::DecryptResponse > |
the result of the RPC. The response message type (google.cloud.kms.v1.DecryptResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
Decrypt(google::cloud::kms::v1::DecryptRequest const &, Options)
Decrypts data that was protected by Encrypt.
The CryptoKey.purpose must be ENCRYPT_DECRYPT.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::DecryptRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::DecryptResponse > |
the result of the RPC. The response message type (google.cloud.kms.v1.DecryptResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
RawEncrypt(google::cloud::kms::v1::RawEncryptRequest const &, Options)
Encrypts data using portable cryptographic primitives.
Most users should choose Encrypt and Decrypt rather than their raw counterparts. The CryptoKey.purpose must be RAW_ENCRYPT_DECRYPT.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::RawEncryptRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::RawEncryptResponse > |
the result of the RPC. The response message type (google.cloud.kms.v1.RawEncryptResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
RawDecrypt(google::cloud::kms::v1::RawDecryptRequest const &, Options)
Decrypts data that was originally encrypted using a raw cryptographic mechanism.
The CryptoKey.purpose must be RAW_ENCRYPT_DECRYPT.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::RawDecryptRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::RawDecryptResponse > |
the result of the RPC. The response message type (google.cloud.kms.v1.RawDecryptResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
AsymmetricSign(std::string const &, google::cloud::kms::v1::Digest const &, Options)
Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.
Parameters | |
---|---|
Name | Description |
name |
std::string const &
Required. The resource name of the CryptoKeyVersion to use for signing. |
digest |
google::cloud::kms::v1::Digest const &
Optional. The digest of the data to sign. The digest must be produced with the same digest algorithm as specified by the key version's [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm]. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::AsymmetricSignResponse > |
the result of the RPC. The response message type (google.cloud.kms.v1.AsymmetricSignResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
AsymmetricSign(google::cloud::kms::v1::AsymmetricSignRequest const &, Options)
Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::AsymmetricSignRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::AsymmetricSignResponse > |
the result of the RPC. The response message type (google.cloud.kms.v1.AsymmetricSignResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
AsymmetricDecrypt(std::string const &, std::string const &, Options)
Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT.
Parameters | |
---|---|
Name | Description |
name |
std::string const &
Required. The resource name of the CryptoKeyVersion to use for decryption. |
ciphertext |
std::string const &
Required. The data encrypted with the named CryptoKeyVersion's public key using OAEP. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::AsymmetricDecryptResponse > |
the result of the RPC. The response message type (google.cloud.kms.v1.AsymmetricDecryptResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
AsymmetricDecrypt(google::cloud::kms::v1::AsymmetricDecryptRequest const &, Options)
Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::AsymmetricDecryptRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::AsymmetricDecryptResponse > |
the result of the RPC. The response message type (google.cloud.kms.v1.AsymmetricDecryptResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
MacSign(std::string const &, std::string const &, Options)
Signs data using a CryptoKeyVersion with CryptoKey.purpose MAC, producing a tag that can be verified by another source with the same key.
Parameters | |
---|---|
Name | Description |
name |
std::string const &
Required. The resource name of the CryptoKeyVersion to use for signing. |
data |
std::string const &
Required. The data to sign. The MAC tag is computed over this data field based on the specific algorithm. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::MacSignResponse > |
the result of the RPC. The response message type (google.cloud.kms.v1.MacSignResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
MacSign(google::cloud::kms::v1::MacSignRequest const &, Options)
Signs data using a CryptoKeyVersion with CryptoKey.purpose MAC, producing a tag that can be verified by another source with the same key.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::MacSignRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::MacSignResponse > |
the result of the RPC. The response message type (google.cloud.kms.v1.MacSignResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
MacVerify(std::string const &, std::string const &, std::string const &, Options)
Verifies MAC tag using a CryptoKeyVersion with CryptoKey.purpose MAC, and returns a response that indicates whether or not the verification was successful.
Parameters | |
---|---|
Name | Description |
name |
std::string const &
Required. The resource name of the CryptoKeyVersion to use for verification. |
data |
std::string const &
Required. The data used previously as a [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data] to generate the MAC tag. |
mac |
std::string const &
Required. The signature to verify. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::MacVerifyResponse > |
the result of the RPC. The response message type (google.cloud.kms.v1.MacVerifyResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
MacVerify(google::cloud::kms::v1::MacVerifyRequest const &, Options)
Verifies MAC tag using a CryptoKeyVersion with CryptoKey.purpose MAC, and returns a response that indicates whether or not the verification was successful.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::MacVerifyRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::MacVerifyResponse > |
the result of the RPC. The response message type (google.cloud.kms.v1.MacVerifyResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
GenerateRandomBytes(std::string const &, std::int32_t, google::cloud::kms::v1::ProtectionLevel, Options)
Generate random bytes using the Cloud KMS randomness source in the provided location.
Parameters | |
---|---|
Name | Description |
location |
std::string const &
The project-specific location in which to generate random bytes. For example, "projects/my-project/locations/us-central1". |
length_bytes |
std::int32_t
The length in bytes of the amount of randomness to retrieve. Minimum 8 bytes, maximum 1024 bytes. |
protection_level |
google::cloud::kms::v1::ProtectionLevel
The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] to use when generating the random data. Currently, only [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] protection level is supported. |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::GenerateRandomBytesResponse > |
the result of the RPC. The response message type (google.cloud.kms.v1.GenerateRandomBytesResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |
GenerateRandomBytes(google::cloud::kms::v1::GenerateRandomBytesRequest const &, Options)
Generate random bytes using the Cloud KMS randomness source in the provided location.
Parameters | |
---|---|
Name | Description |
request |
google::cloud::kms::v1::GenerateRandomBytesRequest const &
Unary RPCs, such as the one wrapped by this function, receive a single |
opts |
Options
Optional. Override the class-level options, such as retry and backoff policies. |
Returns | |
---|---|
Type | Description |
StatusOr< google::cloud::kms::v1::GenerateRandomBytesResponse > |
the result of the RPC. The response message type (google.cloud.kms.v1.GenerateRandomBytesResponse) is mapped to a C++ class using the Protobuf mapping rules. If the request fails, the |