Variables
EkmConnection_KeyManagementMode_name, EkmConnection_KeyManagementMode_value
var (
EkmConnection_KeyManagementMode_name = map[int32]string{
0: "KEY_MANAGEMENT_MODE_UNSPECIFIED",
1: "MANUAL",
2: "CLOUD_KMS",
}
EkmConnection_KeyManagementMode_value = map[string]int32{
"KEY_MANAGEMENT_MODE_UNSPECIFIED": 0,
"MANUAL": 1,
"CLOUD_KMS": 2,
}
)
Enum value maps for EkmConnection_KeyManagementMode.
ProtectionLevel_name, ProtectionLevel_value
var (
ProtectionLevel_name = map[int32]string{
0: "PROTECTION_LEVEL_UNSPECIFIED",
1: "SOFTWARE",
2: "HSM",
3: "EXTERNAL",
4: "EXTERNAL_VPC",
}
ProtectionLevel_value = map[string]int32{
"PROTECTION_LEVEL_UNSPECIFIED": 0,
"SOFTWARE": 1,
"HSM": 2,
"EXTERNAL": 3,
"EXTERNAL_VPC": 4,
}
)
Enum value maps for ProtectionLevel.
AccessReason_name, AccessReason_value
var (
AccessReason_name = map[int32]string{
0: "REASON_UNSPECIFIED",
1: "CUSTOMER_INITIATED_SUPPORT",
2: "GOOGLE_INITIATED_SERVICE",
3: "THIRD_PARTY_DATA_REQUEST",
4: "GOOGLE_INITIATED_REVIEW",
5: "CUSTOMER_INITIATED_ACCESS",
6: "GOOGLE_INITIATED_SYSTEM_OPERATION",
7: "REASON_NOT_EXPECTED",
8: "MODIFIED_CUSTOMER_INITIATED_ACCESS",
9: "MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION",
10: "GOOGLE_RESPONSE_TO_PRODUCTION_ALERT",
11: "CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING",
}
AccessReason_value = map[string]int32{
"REASON_UNSPECIFIED": 0,
"CUSTOMER_INITIATED_SUPPORT": 1,
"GOOGLE_INITIATED_SERVICE": 2,
"THIRD_PARTY_DATA_REQUEST": 3,
"GOOGLE_INITIATED_REVIEW": 4,
"CUSTOMER_INITIATED_ACCESS": 5,
"GOOGLE_INITIATED_SYSTEM_OPERATION": 6,
"REASON_NOT_EXPECTED": 7,
"MODIFIED_CUSTOMER_INITIATED_ACCESS": 8,
"MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION": 9,
"GOOGLE_RESPONSE_TO_PRODUCTION_ALERT": 10,
"CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING": 11,
}
)
Enum value maps for AccessReason.
CryptoKey_CryptoKeyPurpose_name, CryptoKey_CryptoKeyPurpose_value
var (
CryptoKey_CryptoKeyPurpose_name = map[int32]string{
0: "CRYPTO_KEY_PURPOSE_UNSPECIFIED",
1: "ENCRYPT_DECRYPT",
5: "ASYMMETRIC_SIGN",
6: "ASYMMETRIC_DECRYPT",
7: "RAW_ENCRYPT_DECRYPT",
9: "MAC",
}
CryptoKey_CryptoKeyPurpose_value = map[string]int32{
"CRYPTO_KEY_PURPOSE_UNSPECIFIED": 0,
"ENCRYPT_DECRYPT": 1,
"ASYMMETRIC_SIGN": 5,
"ASYMMETRIC_DECRYPT": 6,
"RAW_ENCRYPT_DECRYPT": 7,
"MAC": 9,
}
)
Enum value maps for CryptoKey_CryptoKeyPurpose.
KeyOperationAttestation_AttestationFormat_name, KeyOperationAttestation_AttestationFormat_value
var (
KeyOperationAttestation_AttestationFormat_name = map[int32]string{
0: "ATTESTATION_FORMAT_UNSPECIFIED",
3: "CAVIUM_V1_COMPRESSED",
4: "CAVIUM_V2_COMPRESSED",
}
KeyOperationAttestation_AttestationFormat_value = map[string]int32{
"ATTESTATION_FORMAT_UNSPECIFIED": 0,
"CAVIUM_V1_COMPRESSED": 3,
"CAVIUM_V2_COMPRESSED": 4,
}
)
Enum value maps for KeyOperationAttestation_AttestationFormat.
CryptoKeyVersion_CryptoKeyVersionAlgorithm_name, CryptoKeyVersion_CryptoKeyVersionAlgorithm_value
var (
CryptoKeyVersion_CryptoKeyVersionAlgorithm_name = map[int32]string{
0: "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED",
1: "GOOGLE_SYMMETRIC_ENCRYPTION",
41: "AES_128_GCM",
19: "AES_256_GCM",
42: "AES_128_CBC",
43: "AES_256_CBC",
44: "AES_128_CTR",
45: "AES_256_CTR",
2: "RSA_SIGN_PSS_2048_SHA256",
3: "RSA_SIGN_PSS_3072_SHA256",
4: "RSA_SIGN_PSS_4096_SHA256",
15: "RSA_SIGN_PSS_4096_SHA512",
5: "RSA_SIGN_PKCS1_2048_SHA256",
6: "RSA_SIGN_PKCS1_3072_SHA256",
7: "RSA_SIGN_PKCS1_4096_SHA256",
16: "RSA_SIGN_PKCS1_4096_SHA512",
28: "RSA_SIGN_RAW_PKCS1_2048",
29: "RSA_SIGN_RAW_PKCS1_3072",
30: "RSA_SIGN_RAW_PKCS1_4096",
8: "RSA_DECRYPT_OAEP_2048_SHA256",
9: "RSA_DECRYPT_OAEP_3072_SHA256",
10: "RSA_DECRYPT_OAEP_4096_SHA256",
17: "RSA_DECRYPT_OAEP_4096_SHA512",
37: "RSA_DECRYPT_OAEP_2048_SHA1",
38: "RSA_DECRYPT_OAEP_3072_SHA1",
39: "RSA_DECRYPT_OAEP_4096_SHA1",
12: "EC_SIGN_P256_SHA256",
13: "EC_SIGN_P384_SHA384",
31: "EC_SIGN_SECP256K1_SHA256",
40: "EC_SIGN_ED25519",
32: "HMAC_SHA256",
33: "HMAC_SHA1",
34: "HMAC_SHA384",
35: "HMAC_SHA512",
36: "HMAC_SHA224",
18: "EXTERNAL_SYMMETRIC_ENCRYPTION",
}
CryptoKeyVersion_CryptoKeyVersionAlgorithm_value = map[string]int32{
"CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED": 0,
"GOOGLE_SYMMETRIC_ENCRYPTION": 1,
"AES_128_GCM": 41,
"AES_256_GCM": 19,
"AES_128_CBC": 42,
"AES_256_CBC": 43,
"AES_128_CTR": 44,
"AES_256_CTR": 45,
"RSA_SIGN_PSS_2048_SHA256": 2,
"RSA_SIGN_PSS_3072_SHA256": 3,
"RSA_SIGN_PSS_4096_SHA256": 4,
"RSA_SIGN_PSS_4096_SHA512": 15,
"RSA_SIGN_PKCS1_2048_SHA256": 5,
"RSA_SIGN_PKCS1_3072_SHA256": 6,
"RSA_SIGN_PKCS1_4096_SHA256": 7,
"RSA_SIGN_PKCS1_4096_SHA512": 16,
"RSA_SIGN_RAW_PKCS1_2048": 28,
"RSA_SIGN_RAW_PKCS1_3072": 29,
"RSA_SIGN_RAW_PKCS1_4096": 30,
"RSA_DECRYPT_OAEP_2048_SHA256": 8,
"RSA_DECRYPT_OAEP_3072_SHA256": 9,
"RSA_DECRYPT_OAEP_4096_SHA256": 10,
"RSA_DECRYPT_OAEP_4096_SHA512": 17,
"RSA_DECRYPT_OAEP_2048_SHA1": 37,
"RSA_DECRYPT_OAEP_3072_SHA1": 38,
"RSA_DECRYPT_OAEP_4096_SHA1": 39,
"EC_SIGN_P256_SHA256": 12,
"EC_SIGN_P384_SHA384": 13,
"EC_SIGN_SECP256K1_SHA256": 31,
"EC_SIGN_ED25519": 40,
"HMAC_SHA256": 32,
"HMAC_SHA1": 33,
"HMAC_SHA384": 34,
"HMAC_SHA512": 35,
"HMAC_SHA224": 36,
"EXTERNAL_SYMMETRIC_ENCRYPTION": 18,
}
)
Enum value maps for CryptoKeyVersion_CryptoKeyVersionAlgorithm.
CryptoKeyVersion_CryptoKeyVersionState_name, CryptoKeyVersion_CryptoKeyVersionState_value
var (
CryptoKeyVersion_CryptoKeyVersionState_name = map[int32]string{
0: "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED",
5: "PENDING_GENERATION",
1: "ENABLED",
2: "DISABLED",
3: "DESTROYED",
4: "DESTROY_SCHEDULED",
6: "PENDING_IMPORT",
7: "IMPORT_FAILED",
8: "GENERATION_FAILED",
9: "PENDING_EXTERNAL_DESTRUCTION",
10: "EXTERNAL_DESTRUCTION_FAILED",
}
CryptoKeyVersion_CryptoKeyVersionState_value = map[string]int32{
"CRYPTO_KEY_VERSION_STATE_UNSPECIFIED": 0,
"PENDING_GENERATION": 5,
"ENABLED": 1,
"DISABLED": 2,
"DESTROYED": 3,
"DESTROY_SCHEDULED": 4,
"PENDING_IMPORT": 6,
"IMPORT_FAILED": 7,
"GENERATION_FAILED": 8,
"PENDING_EXTERNAL_DESTRUCTION": 9,
"EXTERNAL_DESTRUCTION_FAILED": 10,
}
)
Enum value maps for CryptoKeyVersion_CryptoKeyVersionState.
CryptoKeyVersion_CryptoKeyVersionView_name, CryptoKeyVersion_CryptoKeyVersionView_value
var (
CryptoKeyVersion_CryptoKeyVersionView_name = map[int32]string{
0: "CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED",
1: "FULL",
}
CryptoKeyVersion_CryptoKeyVersionView_value = map[string]int32{
"CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED": 0,
"FULL": 1,
}
)
Enum value maps for CryptoKeyVersion_CryptoKeyVersionView.
ImportJob_ImportMethod_name, ImportJob_ImportMethod_value
var (
ImportJob_ImportMethod_name = map[int32]string{
0: "IMPORT_METHOD_UNSPECIFIED",
1: "RSA_OAEP_3072_SHA1_AES_256",
2: "RSA_OAEP_4096_SHA1_AES_256",
3: "RSA_OAEP_3072_SHA256_AES_256",
4: "RSA_OAEP_4096_SHA256_AES_256",
5: "RSA_OAEP_3072_SHA256",
6: "RSA_OAEP_4096_SHA256",
}
ImportJob_ImportMethod_value = map[string]int32{
"IMPORT_METHOD_UNSPECIFIED": 0,
"RSA_OAEP_3072_SHA1_AES_256": 1,
"RSA_OAEP_4096_SHA1_AES_256": 2,
"RSA_OAEP_3072_SHA256_AES_256": 3,
"RSA_OAEP_4096_SHA256_AES_256": 4,
"RSA_OAEP_3072_SHA256": 5,
"RSA_OAEP_4096_SHA256": 6,
}
)
Enum value maps for ImportJob_ImportMethod.
ImportJob_ImportJobState_name, ImportJob_ImportJobState_value
var (
ImportJob_ImportJobState_name = map[int32]string{
0: "IMPORT_JOB_STATE_UNSPECIFIED",
1: "PENDING_GENERATION",
2: "ACTIVE",
3: "EXPIRED",
}
ImportJob_ImportJobState_value = map[string]int32{
"IMPORT_JOB_STATE_UNSPECIFIED": 0,
"PENDING_GENERATION": 1,
"ACTIVE": 2,
"EXPIRED": 3,
}
)
Enum value maps for ImportJob_ImportJobState.
File_google_cloud_kms_v1_autokey_admin_proto
var File_google_cloud_kms_v1_autokey_admin_proto protoreflect.FileDescriptor
File_google_cloud_kms_v1_autokey_proto
var File_google_cloud_kms_v1_autokey_proto protoreflect.FileDescriptor
File_google_cloud_kms_v1_ekm_service_proto
var File_google_cloud_kms_v1_ekm_service_proto protoreflect.FileDescriptor
File_google_cloud_kms_v1_resources_proto
var File_google_cloud_kms_v1_resources_proto protoreflect.FileDescriptor
File_google_cloud_kms_v1_service_proto
var File_google_cloud_kms_v1_service_proto protoreflect.FileDescriptor
Functions
func RegisterAutokeyAdminServer
func RegisterAutokeyAdminServer(s *grpc.Server, srv AutokeyAdminServer)
func RegisterAutokeyServer
func RegisterAutokeyServer(s *grpc.Server, srv AutokeyServer)
func RegisterEkmServiceServer
func RegisterEkmServiceServer(s *grpc.Server, srv EkmServiceServer)
func RegisterKeyManagementServiceServer
func RegisterKeyManagementServiceServer(s *grpc.Server, srv KeyManagementServiceServer)
AccessReason
type AccessReason int32
Describes the reason for a data access. Please refer to https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes for the detailed semantic meaning of justification reason codes.
AccessReason_REASON_UNSPECIFIED, AccessReason_CUSTOMER_INITIATED_SUPPORT, AccessReason_GOOGLE_INITIATED_SERVICE, AccessReason_THIRD_PARTY_DATA_REQUEST, AccessReason_GOOGLE_INITIATED_REVIEW, AccessReason_CUSTOMER_INITIATED_ACCESS, AccessReason_GOOGLE_INITIATED_SYSTEM_OPERATION, AccessReason_REASON_NOT_EXPECTED, AccessReason_MODIFIED_CUSTOMER_INITIATED_ACCESS, AccessReason_MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION, AccessReason_GOOGLE_RESPONSE_TO_PRODUCTION_ALERT, AccessReason_CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING
const (
// Unspecified access reason.
AccessReason_REASON_UNSPECIFIED AccessReason = 0
// Customer-initiated support.
AccessReason_CUSTOMER_INITIATED_SUPPORT AccessReason = 1
// Google-initiated access for system management and troubleshooting.
AccessReason_GOOGLE_INITIATED_SERVICE AccessReason = 2
// Google-initiated access in response to a legal request or legal process.
AccessReason_THIRD_PARTY_DATA_REQUEST AccessReason = 3
// Google-initiated access for security, fraud, abuse, or compliance purposes.
AccessReason_GOOGLE_INITIATED_REVIEW AccessReason = 4
// Customer uses their account to perform any access to their own data which
// their IAM policy authorizes.
AccessReason_CUSTOMER_INITIATED_ACCESS AccessReason = 5
// Google systems access customer data to help optimize the structure of the
// data or quality for future uses by the customer.
AccessReason_GOOGLE_INITIATED_SYSTEM_OPERATION AccessReason = 6
// No reason is expected for this key request.
AccessReason_REASON_NOT_EXPECTED AccessReason = 7
// Customer uses their account to perform any access to their own data which
// their IAM policy authorizes, and one of the following is true:
//
// - A Google administrator has reset the root-access account associated with
// the user's organization within the past 7 days.
// - A Google-initiated emergency access operation has interacted with a
// resource in the same project or folder as the currently accessed resource
// within the past 7 days.
AccessReason_MODIFIED_CUSTOMER_INITIATED_ACCESS AccessReason = 8
// Google systems access customer data to help optimize the structure of the
// data or quality for future uses by the customer, and one of the following
// is true:
//
// - A Google administrator has reset the root-access account associated with
// the user's organization within the past 7 days.
// - A Google-initiated emergency access operation has interacted with a
// resource in the same project or folder as the currently accessed resource
// within the past 7 days.
AccessReason_MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION AccessReason = 9
// Google-initiated access to maintain system reliability.
AccessReason_GOOGLE_RESPONSE_TO_PRODUCTION_ALERT AccessReason = 10
// One of the following operations is being executed while simultaneously
// encountering an internal technical issue which prevented a more precise
// justification code from being generated:
//
// - Your account has been used to perform any access to your own data which
// your IAM policy authorizes.
// - An automated Google system operates on encrypted customer data which your
// IAM policy authorizes.
// - Customer-initiated Google support access.
// - Google-initiated support access to protect system reliability.
AccessReason_CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING AccessReason = 11
)
func (AccessReason) Descriptor
func (AccessReason) Descriptor() protoreflect.EnumDescriptor
func (AccessReason) Enum
func (x AccessReason) Enum() *AccessReason
func (AccessReason) EnumDescriptor
func (AccessReason) EnumDescriptor() ([]byte, []int)
Deprecated: Use AccessReason.Descriptor instead.
func (AccessReason) Number
func (x AccessReason) Number() protoreflect.EnumNumber
func (AccessReason) String
func (x AccessReason) String() string
func (AccessReason) Type
func (AccessReason) Type() protoreflect.EnumType
AsymmetricDecryptRequest
type AsymmetricDecryptRequest struct {
// Required. The resource name of the
// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
// decryption.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Required. The data encrypted with the named
// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s public key using
// OAEP.
Ciphertext []byte `protobuf:"bytes,3,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
// Optional. An optional CRC32C checksum of the
// [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext].
// If specified,
// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
// verify the integrity of the received
// [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]
// using this checksum.
// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
// report an error if the checksum verification fails. If you receive a
// checksum error, your client should verify that
// CRC32C([AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext])
// is equal to
// [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c],
// and if so, perform a limited number of retries. A persistent mismatch may
// indicate an issue in your computation of the CRC32C checksum. Note: This
// field is defined as int64 for reasons of compatibility across different
// languages. However, it is a non-negative integer, which will never exceed
// 2^32-1, and can be safely downconverted to uint32 in languages that support
// this type.
CiphertextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,4,opt,name=ciphertext_crc32c,json=ciphertextCrc32c,proto3" json:"ciphertext_crc32c,omitempty"`
// contains filtered or unexported fields
}
Request message for [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt].
func (*AsymmetricDecryptRequest) Descriptor
func (*AsymmetricDecryptRequest) Descriptor() ([]byte, []int)
Deprecated: Use AsymmetricDecryptRequest.ProtoReflect.Descriptor instead.
func (*AsymmetricDecryptRequest) GetCiphertext
func (x *AsymmetricDecryptRequest) GetCiphertext() []byte
func (*AsymmetricDecryptRequest) GetCiphertextCrc32C
func (x *AsymmetricDecryptRequest) GetCiphertextCrc32C() *wrapperspb.Int64Value
func (*AsymmetricDecryptRequest) GetName
func (x *AsymmetricDecryptRequest) GetName() string
func (*AsymmetricDecryptRequest) ProtoMessage
func (*AsymmetricDecryptRequest) ProtoMessage()
func (*AsymmetricDecryptRequest) ProtoReflect
func (x *AsymmetricDecryptRequest) ProtoReflect() protoreflect.Message
func (*AsymmetricDecryptRequest) Reset
func (x *AsymmetricDecryptRequest) Reset()
func (*AsymmetricDecryptRequest) String
func (x *AsymmetricDecryptRequest) String() string
AsymmetricDecryptResponse
type AsymmetricDecryptResponse struct {
Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
PlaintextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,2,opt,name=plaintext_crc32c,json=plaintextCrc32c,proto3" json:"plaintext_crc32c,omitempty"`
VerifiedCiphertextCrc32C bool "" /* 136 byte string literal not displayed */
ProtectionLevel ProtectionLevel "" /* 148 byte string literal not displayed */
}
Response message for [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt].
func (*AsymmetricDecryptResponse) Descriptor
func (*AsymmetricDecryptResponse) Descriptor() ([]byte, []int)
Deprecated: Use AsymmetricDecryptResponse.ProtoReflect.Descriptor instead.
func (*AsymmetricDecryptResponse) GetPlaintext
func (x *AsymmetricDecryptResponse) GetPlaintext() []byte
func (*AsymmetricDecryptResponse) GetPlaintextCrc32C
func (x *AsymmetricDecryptResponse) GetPlaintextCrc32C() *wrapperspb.Int64Value
func (*AsymmetricDecryptResponse) GetProtectionLevel
func (x *AsymmetricDecryptResponse) GetProtectionLevel() ProtectionLevel
func (*AsymmetricDecryptResponse) GetVerifiedCiphertextCrc32C
func (x *AsymmetricDecryptResponse) GetVerifiedCiphertextCrc32C() bool
func (*AsymmetricDecryptResponse) ProtoMessage
func (*AsymmetricDecryptResponse) ProtoMessage()
func (*AsymmetricDecryptResponse) ProtoReflect
func (x *AsymmetricDecryptResponse) ProtoReflect() protoreflect.Message
func (*AsymmetricDecryptResponse) Reset
func (x *AsymmetricDecryptResponse) Reset()
func (*AsymmetricDecryptResponse) String
func (x *AsymmetricDecryptResponse) String() string
AsymmetricSignRequest
type AsymmetricSignRequest struct {
// Required. The resource name of the
// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
// signing.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. The digest of the data to sign. The digest must be produced with
// the same digest algorithm as specified by the key version's
// [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm].
//
// This field may not be supplied if
// [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data]
// is supplied.
Digest *Digest `protobuf:"bytes,3,opt,name=digest,proto3" json:"digest,omitempty"`
// Optional. An optional CRC32C checksum of the
// [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest].
// If specified,
// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
// verify the integrity of the received
// [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]
// using this checksum.
// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
// report an error if the checksum verification fails. If you receive a
// checksum error, your client should verify that
// CRC32C([AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest])
// is equal to
// [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c],
// and if so, perform a limited number of retries. A persistent mismatch may
// indicate an issue in your computation of the CRC32C checksum. Note: This
// field is defined as int64 for reasons of compatibility across different
// languages. However, it is a non-negative integer, which will never exceed
// 2^32-1, and can be safely downconverted to uint32 in languages that support
// this type.
DigestCrc32C *wrapperspb.Int64Value `protobuf:"bytes,4,opt,name=digest_crc32c,json=digestCrc32c,proto3" json:"digest_crc32c,omitempty"`
// Optional. The data to sign.
// It can't be supplied if
// [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]
// is supplied.
Data []byte `protobuf:"bytes,6,opt,name=data,proto3" json:"data,omitempty"`
// Optional. An optional CRC32C checksum of the
// [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data].
// If specified,
// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
// verify the integrity of the received
// [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data]
// using this checksum.
// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
// report an error if the checksum verification fails. If you receive a
// checksum error, your client should verify that
// CRC32C([AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data])
// is equal to
// [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c],
// and if so, perform a limited number of retries. A persistent mismatch may
// indicate an issue in your computation of the CRC32C checksum. Note: This
// field is defined as int64 for reasons of compatibility across different
// languages. However, it is a non-negative integer, which will never exceed
// 2^32-1, and can be safely downconverted to uint32 in languages that support
// this type.
DataCrc32C *wrapperspb.Int64Value `protobuf:"bytes,7,opt,name=data_crc32c,json=dataCrc32c,proto3" json:"data_crc32c,omitempty"`
// contains filtered or unexported fields
}
Request message for [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign].
func (*AsymmetricSignRequest) Descriptor
func (*AsymmetricSignRequest) Descriptor() ([]byte, []int)
Deprecated: Use AsymmetricSignRequest.ProtoReflect.Descriptor instead.
func (*AsymmetricSignRequest) GetData
func (x *AsymmetricSignRequest) GetData() []byte
func (*AsymmetricSignRequest) GetDataCrc32C
func (x *AsymmetricSignRequest) GetDataCrc32C() *wrapperspb.Int64Value
func (*AsymmetricSignRequest) GetDigest
func (x *AsymmetricSignRequest) GetDigest() *Digest
func (*AsymmetricSignRequest) GetDigestCrc32C
func (x *AsymmetricSignRequest) GetDigestCrc32C() *wrapperspb.Int64Value
func (*AsymmetricSignRequest) GetName
func (x *AsymmetricSignRequest) GetName() string
func (*AsymmetricSignRequest) ProtoMessage
func (*AsymmetricSignRequest) ProtoMessage()
func (*AsymmetricSignRequest) ProtoReflect
func (x *AsymmetricSignRequest) ProtoReflect() protoreflect.Message
func (*AsymmetricSignRequest) Reset
func (x *AsymmetricSignRequest) Reset()
func (*AsymmetricSignRequest) String
func (x *AsymmetricSignRequest) String() string
AsymmetricSignResponse
type AsymmetricSignResponse struct {
Signature []byte `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"`
SignatureCrc32C *wrapperspb.Int64Value `protobuf:"bytes,2,opt,name=signature_crc32c,json=signatureCrc32c,proto3" json:"signature_crc32c,omitempty"`
VerifiedDigestCrc32C bool `protobuf:"varint,3,opt,name=verified_digest_crc32c,json=verifiedDigestCrc32c,proto3" json:"verified_digest_crc32c,omitempty"`
Name string `protobuf:"bytes,4,opt,name=name,proto3" json:"name,omitempty"`
VerifiedDataCrc32C bool `protobuf:"varint,5,opt,name=verified_data_crc32c,json=verifiedDataCrc32c,proto3" json:"verified_data_crc32c,omitempty"`
ProtectionLevel ProtectionLevel "" /* 148 byte string literal not displayed */
}
Response message for [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign].
func (*AsymmetricSignResponse) Descriptor
func (*AsymmetricSignResponse) Descriptor() ([]byte, []int)
Deprecated: Use AsymmetricSignResponse.ProtoReflect.Descriptor instead.
func (*AsymmetricSignResponse) GetName
func (x *AsymmetricSignResponse) GetName() string
func (*AsymmetricSignResponse) GetProtectionLevel
func (x *AsymmetricSignResponse) GetProtectionLevel() ProtectionLevel
func (*AsymmetricSignResponse) GetSignature
func (x *AsymmetricSignResponse) GetSignature() []byte
func (*AsymmetricSignResponse) GetSignatureCrc32C
func (x *AsymmetricSignResponse) GetSignatureCrc32C() *wrapperspb.Int64Value
func (*AsymmetricSignResponse) GetVerifiedDataCrc32C
func (x *AsymmetricSignResponse) GetVerifiedDataCrc32C() bool
func (*AsymmetricSignResponse) GetVerifiedDigestCrc32C
func (x *AsymmetricSignResponse) GetVerifiedDigestCrc32C() bool
func (*AsymmetricSignResponse) ProtoMessage
func (*AsymmetricSignResponse) ProtoMessage()
func (*AsymmetricSignResponse) ProtoReflect
func (x *AsymmetricSignResponse) ProtoReflect() protoreflect.Message
func (*AsymmetricSignResponse) Reset
func (x *AsymmetricSignResponse) Reset()
func (*AsymmetricSignResponse) String
func (x *AsymmetricSignResponse) String() string
AutokeyAdminClient
type AutokeyAdminClient interface {
// Updates the [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig] for a
// folder. The caller must have both `cloudkms.autokeyConfigs.update`
// permission on the parent folder and `cloudkms.cryptoKeys.setIamPolicy`
// permission on the provided key project. A
// [KeyHandle][google.cloud.kms.v1.KeyHandle] creation in the folder's
// descendant projects will use this configuration to determine where to
// create the resulting [CryptoKey][google.cloud.kms.v1.CryptoKey].
UpdateAutokeyConfig(ctx context.Context, in *UpdateAutokeyConfigRequest, opts ...grpc.CallOption) (*AutokeyConfig, error)
// Returns the [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig] for a
// folder.
GetAutokeyConfig(ctx context.Context, in *GetAutokeyConfigRequest, opts ...grpc.CallOption) (*AutokeyConfig, error)
// Returns the effective Cloud KMS Autokey configuration for a given project.
ShowEffectiveAutokeyConfig(ctx context.Context, in *ShowEffectiveAutokeyConfigRequest, opts ...grpc.CallOption) (*ShowEffectiveAutokeyConfigResponse, error)
}
AutokeyAdminClient is the client API for AutokeyAdmin service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
func NewAutokeyAdminClient
func NewAutokeyAdminClient(cc grpc.ClientConnInterface) AutokeyAdminClient
AutokeyAdminServer
type AutokeyAdminServer interface {
// Updates the [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig] for a
// folder. The caller must have both `cloudkms.autokeyConfigs.update`
// permission on the parent folder and `cloudkms.cryptoKeys.setIamPolicy`
// permission on the provided key project. A
// [KeyHandle][google.cloud.kms.v1.KeyHandle] creation in the folder's
// descendant projects will use this configuration to determine where to
// create the resulting [CryptoKey][google.cloud.kms.v1.CryptoKey].
UpdateAutokeyConfig(context.Context, *UpdateAutokeyConfigRequest) (*AutokeyConfig, error)
// Returns the [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig] for a
// folder.
GetAutokeyConfig(context.Context, *GetAutokeyConfigRequest) (*AutokeyConfig, error)
// Returns the effective Cloud KMS Autokey configuration for a given project.
ShowEffectiveAutokeyConfig(context.Context, *ShowEffectiveAutokeyConfigRequest) (*ShowEffectiveAutokeyConfigResponse, error)
}
AutokeyAdminServer is the server API for AutokeyAdmin service.
AutokeyClient
type AutokeyClient interface {
// Creates a new [KeyHandle][google.cloud.kms.v1.KeyHandle], triggering the
// provisioning of a new [CryptoKey][google.cloud.kms.v1.CryptoKey] for CMEK
// use with the given resource type in the configured key project and the same
// location. [GetOperation][Operations.GetOperation] should be used to resolve
// the resulting long-running operation and get the resulting
// [KeyHandle][google.cloud.kms.v1.KeyHandle] and
// [CryptoKey][google.cloud.kms.v1.CryptoKey].
CreateKeyHandle(ctx context.Context, in *CreateKeyHandleRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
// Returns the [KeyHandle][google.cloud.kms.v1.KeyHandle].
GetKeyHandle(ctx context.Context, in *GetKeyHandleRequest, opts ...grpc.CallOption) (*KeyHandle, error)
// Lists [KeyHandles][google.cloud.kms.v1.KeyHandle].
ListKeyHandles(ctx context.Context, in *ListKeyHandlesRequest, opts ...grpc.CallOption) (*ListKeyHandlesResponse, error)
}
AutokeyClient is the client API for Autokey service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
func NewAutokeyClient
func NewAutokeyClient(cc grpc.ClientConnInterface) AutokeyClient
AutokeyConfig
type AutokeyConfig struct {
// Identifier. Name of the [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig]
// resource, e.g. `folders/{FOLDER_NUMBER}/autokeyConfig`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. Name of the key project, e.g. `projects/{PROJECT_ID}` or
// `projects/{PROJECT_NUMBER}`, where Cloud KMS Autokey will provision a new
// [CryptoKey][google.cloud.kms.v1.CryptoKey] when a
// [KeyHandle][google.cloud.kms.v1.KeyHandle] is created. On
// [UpdateAutokeyConfig][google.cloud.kms.v1.AutokeyAdmin.UpdateAutokeyConfig],
// the caller will require `cloudkms.cryptoKeys.setIamPolicy` permission on
// this key project. Once configured, for Cloud KMS Autokey to function
// properly, this key project must have the Cloud KMS API activated and the
// Cloud KMS Service Agent for this key project must be granted the
// `cloudkms.admin` role (or pertinent permissions). A request with an empty
// key project field will clear the configuration.
KeyProject string `protobuf:"bytes,2,opt,name=key_project,json=keyProject,proto3" json:"key_project,omitempty"`
// contains filtered or unexported fields
}
Cloud KMS Autokey configuration for a folder.
func (*AutokeyConfig) Descriptor
func (*AutokeyConfig) Descriptor() ([]byte, []int)
Deprecated: Use AutokeyConfig.ProtoReflect.Descriptor instead.
func (*AutokeyConfig) GetKeyProject
func (x *AutokeyConfig) GetKeyProject() string
func (*AutokeyConfig) GetName
func (x *AutokeyConfig) GetName() string
func (*AutokeyConfig) ProtoMessage
func (*AutokeyConfig) ProtoMessage()
func (*AutokeyConfig) ProtoReflect
func (x *AutokeyConfig) ProtoReflect() protoreflect.Message
func (*AutokeyConfig) Reset
func (x *AutokeyConfig) Reset()
func (*AutokeyConfig) String
func (x *AutokeyConfig) String() string
AutokeyServer
type AutokeyServer interface {
// Creates a new [KeyHandle][google.cloud.kms.v1.KeyHandle], triggering the
// provisioning of a new [CryptoKey][google.cloud.kms.v1.CryptoKey] for CMEK
// use with the given resource type in the configured key project and the same
// location. [GetOperation][Operations.GetOperation] should be used to resolve
// the resulting long-running operation and get the resulting
// [KeyHandle][google.cloud.kms.v1.KeyHandle] and
// [CryptoKey][google.cloud.kms.v1.CryptoKey].
CreateKeyHandle(context.Context, *CreateKeyHandleRequest) (*longrunningpb.Operation, error)
// Returns the [KeyHandle][google.cloud.kms.v1.KeyHandle].
GetKeyHandle(context.Context, *GetKeyHandleRequest) (*KeyHandle, error)
// Lists [KeyHandles][google.cloud.kms.v1.KeyHandle].
ListKeyHandles(context.Context, *ListKeyHandlesRequest) (*ListKeyHandlesResponse, error)
}
AutokeyServer is the server API for Autokey service.
Certificate
type Certificate struct {
RawDer []byte `protobuf:"bytes,1,opt,name=raw_der,json=rawDer,proto3" json:"raw_der,omitempty"`
Parsed bool `protobuf:"varint,2,opt,name=parsed,proto3" json:"parsed,omitempty"`
Issuer string `protobuf:"bytes,3,opt,name=issuer,proto3" json:"issuer,omitempty"`
Subject string `protobuf:"bytes,4,opt,name=subject,proto3" json:"subject,omitempty"`
SubjectAlternativeDnsNames []string "" /* 143 byte string literal not displayed */
NotBeforeTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=not_before_time,json=notBeforeTime,proto3" json:"not_before_time,omitempty"`
NotAfterTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=not_after_time,json=notAfterTime,proto3" json:"not_after_time,omitempty"`
SerialNumber string `protobuf:"bytes,8,opt,name=serial_number,json=serialNumber,proto3" json:"serial_number,omitempty"`
Sha256Fingerprint string `protobuf:"bytes,9,opt,name=sha256_fingerprint,json=sha256Fingerprint,proto3" json:"sha256_fingerprint,omitempty"`
}
A [Certificate][google.cloud.kms.v1.Certificate] represents an X.509 certificate used to authenticate HTTPS connections to EKM replicas.
func (*Certificate) Descriptor
func (*Certificate) Descriptor() ([]byte, []int)
Deprecated: Use Certificate.ProtoReflect.Descriptor instead.
func (*Certificate) GetIssuer
func (x *Certificate) GetIssuer() string
func (*Certificate) GetNotAfterTime
func (x *Certificate) GetNotAfterTime() *timestamppb.Timestamp
func (*Certificate) GetNotBeforeTime
func (x *Certificate) GetNotBeforeTime() *timestamppb.Timestamp
func (*Certificate) GetParsed
func (x *Certificate) GetParsed() bool
func (*Certificate) GetRawDer
func (x *Certificate) GetRawDer() []byte
func (*Certificate) GetSerialNumber
func (x *Certificate) GetSerialNumber() string
func (*Certificate) GetSha256Fingerprint
func (x *Certificate) GetSha256Fingerprint() string
func (*Certificate) GetSubject
func (x *Certificate) GetSubject() string
func (*Certificate) GetSubjectAlternativeDnsNames
func (x *Certificate) GetSubjectAlternativeDnsNames() []string
func (*Certificate) ProtoMessage
func (*Certificate) ProtoMessage()
func (*Certificate) ProtoReflect
func (x *Certificate) ProtoReflect() protoreflect.Message
func (*Certificate) Reset
func (x *Certificate) Reset()
func (*Certificate) String
func (x *Certificate) String() string
CreateCryptoKeyRequest
type CreateCryptoKeyRequest struct {
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
CryptoKeyId string `protobuf:"bytes,2,opt,name=crypto_key_id,json=cryptoKeyId,proto3" json:"crypto_key_id,omitempty"`
CryptoKey *CryptoKey `protobuf:"bytes,3,opt,name=crypto_key,json=cryptoKey,proto3" json:"crypto_key,omitempty"`
SkipInitialVersionCreation bool "" /* 144 byte string literal not displayed */
}
Request message for [KeyManagementService.CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey].
func (*CreateCryptoKeyRequest) Descriptor
func (*CreateCryptoKeyRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreateCryptoKeyRequest.ProtoReflect.Descriptor instead.
func (*CreateCryptoKeyRequest) GetCryptoKey
func (x *CreateCryptoKeyRequest) GetCryptoKey() *CryptoKey
func (*CreateCryptoKeyRequest) GetCryptoKeyId
func (x *CreateCryptoKeyRequest) GetCryptoKeyId() string
func (*CreateCryptoKeyRequest) GetParent
func (x *CreateCryptoKeyRequest) GetParent() string
func (*CreateCryptoKeyRequest) GetSkipInitialVersionCreation
func (x *CreateCryptoKeyRequest) GetSkipInitialVersionCreation() bool
func (*CreateCryptoKeyRequest) ProtoMessage
func (*CreateCryptoKeyRequest) ProtoMessage()
func (*CreateCryptoKeyRequest) ProtoReflect
func (x *CreateCryptoKeyRequest) ProtoReflect() protoreflect.Message
func (*CreateCryptoKeyRequest) Reset
func (x *CreateCryptoKeyRequest) Reset()
func (*CreateCryptoKeyRequest) String
func (x *CreateCryptoKeyRequest) String() string
CreateCryptoKeyVersionRequest
type CreateCryptoKeyVersionRequest struct {
// Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the
// [CryptoKey][google.cloud.kms.v1.CryptoKey] associated with the
// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
// initial field values.
CryptoKeyVersion *CryptoKeyVersion `protobuf:"bytes,2,opt,name=crypto_key_version,json=cryptoKeyVersion,proto3" json:"crypto_key_version,omitempty"`
// contains filtered or unexported fields
}
Request message for [KeyManagementService.CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion].
func (*CreateCryptoKeyVersionRequest) Descriptor
func (*CreateCryptoKeyVersionRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreateCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.
func (*CreateCryptoKeyVersionRequest) GetCryptoKeyVersion
func (x *CreateCryptoKeyVersionRequest) GetCryptoKeyVersion() *CryptoKeyVersion
func (*CreateCryptoKeyVersionRequest) GetParent
func (x *CreateCryptoKeyVersionRequest) GetParent() string
func (*CreateCryptoKeyVersionRequest) ProtoMessage
func (*CreateCryptoKeyVersionRequest) ProtoMessage()
func (*CreateCryptoKeyVersionRequest) ProtoReflect
func (x *CreateCryptoKeyVersionRequest) ProtoReflect() protoreflect.Message
func (*CreateCryptoKeyVersionRequest) Reset
func (x *CreateCryptoKeyVersionRequest) Reset()
func (*CreateCryptoKeyVersionRequest) String
func (x *CreateCryptoKeyVersionRequest) String() string
CreateEkmConnectionRequest
type CreateEkmConnectionRequest struct {
// Required. The resource name of the location associated with the
// [EkmConnection][google.cloud.kms.v1.EkmConnection], in the format
// `projects/*/locations/*`.
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. It must be unique within a location and match the regular
// expression `[a-zA-Z0-9_-]{1,63}`.
EkmConnectionId string `protobuf:"bytes,2,opt,name=ekm_connection_id,json=ekmConnectionId,proto3" json:"ekm_connection_id,omitempty"`
// Required. An [EkmConnection][google.cloud.kms.v1.EkmConnection] with
// initial field values.
EkmConnection *EkmConnection `protobuf:"bytes,3,opt,name=ekm_connection,json=ekmConnection,proto3" json:"ekm_connection,omitempty"`
// contains filtered or unexported fields
}
Request message for [EkmService.CreateEkmConnection][google.cloud.kms.v1.EkmService.CreateEkmConnection].
func (*CreateEkmConnectionRequest) Descriptor
func (*CreateEkmConnectionRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreateEkmConnectionRequest.ProtoReflect.Descriptor instead.
func (*CreateEkmConnectionRequest) GetEkmConnection
func (x *CreateEkmConnectionRequest) GetEkmConnection() *EkmConnection
func (*CreateEkmConnectionRequest) GetEkmConnectionId
func (x *CreateEkmConnectionRequest) GetEkmConnectionId() string
func (*CreateEkmConnectionRequest) GetParent
func (x *CreateEkmConnectionRequest) GetParent() string
func (*CreateEkmConnectionRequest) ProtoMessage
func (*CreateEkmConnectionRequest) ProtoMessage()
func (*CreateEkmConnectionRequest) ProtoReflect
func (x *CreateEkmConnectionRequest) ProtoReflect() protoreflect.Message
func (*CreateEkmConnectionRequest) Reset
func (x *CreateEkmConnectionRequest) Reset()
func (*CreateEkmConnectionRequest) String
func (x *CreateEkmConnectionRequest) String() string
CreateImportJobRequest
type CreateImportJobRequest struct {
// Required. The [name][google.cloud.kms.v1.KeyRing.name] of the
// [KeyRing][google.cloud.kms.v1.KeyRing] associated with the
// [ImportJobs][google.cloud.kms.v1.ImportJob].
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. It must be unique within a KeyRing and match the regular
// expression `[a-zA-Z0-9_-]{1,63}`
ImportJobId string `protobuf:"bytes,2,opt,name=import_job_id,json=importJobId,proto3" json:"import_job_id,omitempty"`
// Required. An [ImportJob][google.cloud.kms.v1.ImportJob] with initial field
// values.
ImportJob *ImportJob `protobuf:"bytes,3,opt,name=import_job,json=importJob,proto3" json:"import_job,omitempty"`
// contains filtered or unexported fields
}
Request message for [KeyManagementService.CreateImportJob][google.cloud.kms.v1.KeyManagementService.CreateImportJob].
func (*CreateImportJobRequest) Descriptor
func (*CreateImportJobRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreateImportJobRequest.ProtoReflect.Descriptor instead.
func (*CreateImportJobRequest) GetImportJob
func (x *CreateImportJobRequest) GetImportJob() *ImportJob
func (*CreateImportJobRequest) GetImportJobId
func (x *CreateImportJobRequest) GetImportJobId() string
func (*CreateImportJobRequest) GetParent
func (x *CreateImportJobRequest) GetParent() string
func (*CreateImportJobRequest) ProtoMessage
func (*CreateImportJobRequest) ProtoMessage()
func (*CreateImportJobRequest) ProtoReflect
func (x *CreateImportJobRequest) ProtoReflect() protoreflect.Message
func (*CreateImportJobRequest) Reset
func (x *CreateImportJobRequest) Reset()
func (*CreateImportJobRequest) String
func (x *CreateImportJobRequest) String() string
CreateKeyHandleMetadata
type CreateKeyHandleMetadata struct {
// contains filtered or unexported fields
}
Metadata message for [CreateKeyHandle][google.cloud.kms.v1.Autokey.CreateKeyHandle] long-running operation response.
func (*CreateKeyHandleMetadata) Descriptor
func (*CreateKeyHandleMetadata) Descriptor() ([]byte, []int)
Deprecated: Use CreateKeyHandleMetadata.ProtoReflect.Descriptor instead.
func (*CreateKeyHandleMetadata) ProtoMessage
func (*CreateKeyHandleMetadata) ProtoMessage()
func (*CreateKeyHandleMetadata) ProtoReflect
func (x *CreateKeyHandleMetadata) ProtoReflect() protoreflect.Message
func (*CreateKeyHandleMetadata) Reset
func (x *CreateKeyHandleMetadata) Reset()
func (*CreateKeyHandleMetadata) String
func (x *CreateKeyHandleMetadata) String() string
CreateKeyHandleRequest
type CreateKeyHandleRequest struct {
// Required. Name of the resource project and location to create the
// [KeyHandle][google.cloud.kms.v1.KeyHandle] in, e.g.
// `projects/{PROJECT_ID}/locations/{LOCATION}`.
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Optional. Id of the [KeyHandle][google.cloud.kms.v1.KeyHandle]. Must be
// unique to the resource project and location. If not provided by the caller,
// a new UUID is used.
KeyHandleId string `protobuf:"bytes,2,opt,name=key_handle_id,json=keyHandleId,proto3" json:"key_handle_id,omitempty"`
// Required. [KeyHandle][google.cloud.kms.v1.KeyHandle] to create.
KeyHandle *KeyHandle `protobuf:"bytes,3,opt,name=key_handle,json=keyHandle,proto3" json:"key_handle,omitempty"`
// contains filtered or unexported fields
}
Request message for [Autokey.CreateKeyHandle][google.cloud.kms.v1.Autokey.CreateKeyHandle].
func (*CreateKeyHandleRequest) Descriptor
func (*CreateKeyHandleRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreateKeyHandleRequest.ProtoReflect.Descriptor instead.
func (*CreateKeyHandleRequest) GetKeyHandle
func (x *CreateKeyHandleRequest) GetKeyHandle() *KeyHandle
func (*CreateKeyHandleRequest) GetKeyHandleId
func (x *CreateKeyHandleRequest) GetKeyHandleId() string
func (*CreateKeyHandleRequest) GetParent
func (x *CreateKeyHandleRequest) GetParent() string
func (*CreateKeyHandleRequest) ProtoMessage
func (*CreateKeyHandleRequest) ProtoMessage()
func (*CreateKeyHandleRequest) ProtoReflect
func (x *CreateKeyHandleRequest) ProtoReflect() protoreflect.Message
func (*CreateKeyHandleRequest) Reset
func (x *CreateKeyHandleRequest) Reset()
func (*CreateKeyHandleRequest) String
func (x *CreateKeyHandleRequest) String() string
CreateKeyRingRequest
type CreateKeyRingRequest struct {
// Required. The resource name of the location associated with the
// [KeyRings][google.cloud.kms.v1.KeyRing], in the format
// `projects/*/locations/*`.
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. It must be unique within a location and match the regular
// expression `[a-zA-Z0-9_-]{1,63}`
KeyRingId string `protobuf:"bytes,2,opt,name=key_ring_id,json=keyRingId,proto3" json:"key_ring_id,omitempty"`
// Required. A [KeyRing][google.cloud.kms.v1.KeyRing] with initial field
// values.
KeyRing *KeyRing `protobuf:"bytes,3,opt,name=key_ring,json=keyRing,proto3" json:"key_ring,omitempty"`
// contains filtered or unexported fields
}
Request message for [KeyManagementService.CreateKeyRing][google.cloud.kms.v1.KeyManagementService.CreateKeyRing].
func (*CreateKeyRingRequest) Descriptor
func (*CreateKeyRingRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreateKeyRingRequest.ProtoReflect.Descriptor instead.
func (*CreateKeyRingRequest) GetKeyRing
func (x *CreateKeyRingRequest) GetKeyRing() *KeyRing
func (*CreateKeyRingRequest) GetKeyRingId
func (x *CreateKeyRingRequest) GetKeyRingId() string
func (*CreateKeyRingRequest) GetParent
func (x *CreateKeyRingRequest) GetParent() string
func (*CreateKeyRingRequest) ProtoMessage
func (*CreateKeyRingRequest) ProtoMessage()
func (*CreateKeyRingRequest) ProtoReflect
func (x *CreateKeyRingRequest) ProtoReflect() protoreflect.Message
func (*CreateKeyRingRequest) Reset
func (x *CreateKeyRingRequest) Reset()
func (*CreateKeyRingRequest) String
func (x *CreateKeyRingRequest) String() string
CryptoKey
type CryptoKey struct {
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
Primary *CryptoKeyVersion `protobuf:"bytes,2,opt,name=primary,proto3" json:"primary,omitempty"`
Purpose CryptoKey_CryptoKeyPurpose `protobuf:"varint,3,opt,name=purpose,proto3,enum=google.cloud.kms.v1.CryptoKey_CryptoKeyPurpose" json:"purpose,omitempty"`
CreateTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
NextRotationTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=next_rotation_time,json=nextRotationTime,proto3" json:"next_rotation_time,omitempty"`
RotationSchedule isCryptoKey_RotationSchedule `protobuf_oneof:"rotation_schedule"`
VersionTemplate *CryptoKeyVersionTemplate `protobuf:"bytes,11,opt,name=version_template,json=versionTemplate,proto3" json:"version_template,omitempty"`
Labels map[string]string "" /* 154 byte string literal not displayed */
ImportOnly bool `protobuf:"varint,13,opt,name=import_only,json=importOnly,proto3" json:"import_only,omitempty"`
DestroyScheduledDuration *durationpb.Duration "" /* 136 byte string literal not displayed */
CryptoKeyBackend string `protobuf:"bytes,15,opt,name=crypto_key_backend,json=cryptoKeyBackend,proto3" json:"crypto_key_backend,omitempty"`
KeyAccessJustificationsPolicy *KeyAccessJustificationsPolicy "" /* 153 byte string literal not displayed */
}
A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents a logical key that can be used for cryptographic operations.
A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up of zero or more [versions][google.cloud.kms.v1.CryptoKeyVersion], which represent the actual key material used in cryptographic operations.
func (*CryptoKey) Descriptor
Deprecated: Use CryptoKey.ProtoReflect.Descriptor instead.
func (*CryptoKey) GetCreateTime
func (x *CryptoKey) GetCreateTime() *timestamppb.Timestamp
func (*CryptoKey) GetCryptoKeyBackend
func (*CryptoKey) GetDestroyScheduledDuration
func (x *CryptoKey) GetDestroyScheduledDuration() *durationpb.Duration
func (*CryptoKey) GetImportOnly
func (*CryptoKey) GetKeyAccessJustificationsPolicy
func (x *CryptoKey) GetKeyAccessJustificationsPolicy() *KeyAccessJustificationsPolicy
func (*CryptoKey) GetLabels
func (*CryptoKey) GetName
func (*CryptoKey) GetNextRotationTime
func (x *CryptoKey) GetNextRotationTime() *timestamppb.Timestamp
func (*CryptoKey) GetPrimary
func (x *CryptoKey) GetPrimary() *CryptoKeyVersion
func (*CryptoKey) GetPurpose
func (x *CryptoKey) GetPurpose() CryptoKey_CryptoKeyPurpose
func (*CryptoKey) GetRotationPeriod
func (x *CryptoKey) GetRotationPeriod() *durationpb.Duration
func (*CryptoKey) GetRotationSchedule
func (m *CryptoKey) GetRotationSchedule() isCryptoKey_RotationSchedule
func (*CryptoKey) GetVersionTemplate
func (x *CryptoKey) GetVersionTemplate() *CryptoKeyVersionTemplate
func (*CryptoKey) ProtoMessage
func (*CryptoKey) ProtoMessage()
func (*CryptoKey) ProtoReflect
func (x *CryptoKey) ProtoReflect() protoreflect.Message
func (*CryptoKey) Reset
func (x *CryptoKey) Reset()
func (*CryptoKey) String
CryptoKeyVersion
type CryptoKeyVersion struct {
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
State CryptoKeyVersion_CryptoKeyVersionState "" /* 128 byte string literal not displayed */
ProtectionLevel ProtectionLevel "" /* 148 byte string literal not displayed */
Algorithm CryptoKeyVersion_CryptoKeyVersionAlgorithm "" /* 141 byte string literal not displayed */
Attestation *KeyOperationAttestation `protobuf:"bytes,8,opt,name=attestation,proto3" json:"attestation,omitempty"`
CreateTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
GenerateTime *timestamppb.Timestamp `protobuf:"bytes,11,opt,name=generate_time,json=generateTime,proto3" json:"generate_time,omitempty"`
DestroyTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=destroy_time,json=destroyTime,proto3" json:"destroy_time,omitempty"`
DestroyEventTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=destroy_event_time,json=destroyEventTime,proto3" json:"destroy_event_time,omitempty"`
ImportJob string `protobuf:"bytes,14,opt,name=import_job,json=importJob,proto3" json:"import_job,omitempty"`
ImportTime *timestamppb.Timestamp `protobuf:"bytes,15,opt,name=import_time,json=importTime,proto3" json:"import_time,omitempty"`
ImportFailureReason string `protobuf:"bytes,16,opt,name=import_failure_reason,json=importFailureReason,proto3" json:"import_failure_reason,omitempty"`
GenerationFailureReason string "" /* 133 byte string literal not displayed */
ExternalDestructionFailureReason string "" /* 162 byte string literal not displayed */
ExternalProtectionLevelOptions *ExternalProtectionLevelOptions "" /* 156 byte string literal not displayed */
ReimportEligible bool `protobuf:"varint,18,opt,name=reimport_eligible,json=reimportEligible,proto3" json:"reimport_eligible,omitempty"`
}
A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] represents an individual cryptographic key, and the associated key material.
An [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] version can be used for cryptographic operations.
For security reasons, the raw cryptographic key material represented by a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS.
func (*CryptoKeyVersion) Descriptor
func (*CryptoKeyVersion) Descriptor() ([]byte, []int)
Deprecated: Use CryptoKeyVersion.ProtoReflect.Descriptor instead.
func (*CryptoKeyVersion) GetAlgorithm
func (x *CryptoKeyVersion) GetAlgorithm() CryptoKeyVersion_CryptoKeyVersionAlgorithm
func (*CryptoKeyVersion) GetAttestation
func (x *CryptoKeyVersion) GetAttestation() *KeyOperationAttestation
func (*CryptoKeyVersion) GetCreateTime
func (x *CryptoKeyVersion) GetCreateTime() *timestamppb.Timestamp
func (*CryptoKeyVersion) GetDestroyEventTime
func (x *CryptoKeyVersion) GetDestroyEventTime() *timestamppb.Timestamp
func (*CryptoKeyVersion) GetDestroyTime
func (x *CryptoKeyVersion) GetDestroyTime() *timestamppb.Timestamp
func (*CryptoKeyVersion) GetExternalDestructionFailureReason
func (x *CryptoKeyVersion) GetExternalDestructionFailureReason() string
func (*CryptoKeyVersion) GetExternalProtectionLevelOptions
func (x *CryptoKeyVersion) GetExternalProtectionLevelOptions() *ExternalProtectionLevelOptions
func (*CryptoKeyVersion) GetGenerateTime
func (x *CryptoKeyVersion) GetGenerateTime() *timestamppb.Timestamp
func (*CryptoKeyVersion) GetGenerationFailureReason
func (x *CryptoKeyVersion) GetGenerationFailureReason() string
func (*CryptoKeyVersion) GetImportFailureReason
func (x *CryptoKeyVersion) GetImportFailureReason() string
func (*CryptoKeyVersion) GetImportJob
func (x *CryptoKeyVersion) GetImportJob() string
func (*CryptoKeyVersion) GetImportTime
func (x *CryptoKeyVersion) GetImportTime() *timestamppb.Timestamp
func (*CryptoKeyVersion) GetName
func (x *CryptoKeyVersion) GetName() string
func (*CryptoKeyVersion) GetProtectionLevel
func (x *CryptoKeyVersion) GetProtectionLevel() ProtectionLevel
func (*CryptoKeyVersion) GetReimportEligible
func (x *CryptoKeyVersion) GetReimportEligible() bool
func (*CryptoKeyVersion) GetState
func (x *CryptoKeyVersion) GetState() CryptoKeyVersion_CryptoKeyVersionState
func (*CryptoKeyVersion) ProtoMessage
func (*CryptoKeyVersion) ProtoMessage()
func (*CryptoKeyVersion) ProtoReflect
func (x *CryptoKeyVersion) ProtoReflect() protoreflect.Message
func (*CryptoKeyVersion) Reset
func (x *CryptoKeyVersion) Reset()
func (*CryptoKeyVersion) String
func (x *CryptoKeyVersion) String() string
CryptoKeyVersionTemplate
type CryptoKeyVersionTemplate struct {
ProtectionLevel ProtectionLevel "" /* 148 byte string literal not displayed */
Algorithm CryptoKeyVersion_CryptoKeyVersionAlgorithm "" /* 140 byte string literal not displayed */
}
A [CryptoKeyVersionTemplate][google.cloud.kms.v1.CryptoKeyVersionTemplate] specifies the properties to use when creating a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], either manually with [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or automatically as a result of auto-rotation.
func (*CryptoKeyVersionTemplate) Descriptor
func (*CryptoKeyVersionTemplate) Descriptor() ([]byte, []int)
Deprecated: Use CryptoKeyVersionTemplate.ProtoReflect.Descriptor instead.
func (*CryptoKeyVersionTemplate) GetAlgorithm
func (x *CryptoKeyVersionTemplate) GetAlgorithm() CryptoKeyVersion_CryptoKeyVersionAlgorithm
func (*CryptoKeyVersionTemplate) GetProtectionLevel
func (x *CryptoKeyVersionTemplate) GetProtectionLevel() ProtectionLevel
func (*CryptoKeyVersionTemplate) ProtoMessage
func (*CryptoKeyVersionTemplate) ProtoMessage()
func (*CryptoKeyVersionTemplate) ProtoReflect
func (x *CryptoKeyVersionTemplate) ProtoReflect() protoreflect.Message
func (*CryptoKeyVersionTemplate) Reset
func (x *CryptoKeyVersionTemplate) Reset()
func (*CryptoKeyVersionTemplate) String
func (x *CryptoKeyVersionTemplate) String() string
CryptoKeyVersion_CryptoKeyVersionAlgorithm
type CryptoKeyVersion_CryptoKeyVersionAlgorithm int32
The algorithm of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], indicating what parameters must be used for each cryptographic operation.
The [GOOGLE_SYMMETRIC_ENCRYPTION][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION] algorithm is usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
Algorithms beginning with RSA_SIGN_
are usable with
[CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
[ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN].
The fields in the name after RSA_SIGN_
correspond to the following
parameters: padding algorithm, modulus bit length, and digest algorithm.
For PSS, the salt length used is equal to the length of digest algorithm. For example, [RSA_SIGN_PSS_2048_SHA256][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256] will use PSS with a salt length of 256 bits or 32 bytes.
Algorithms beginning with RSA_DECRYPT_
are usable with
[CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
[ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
The fields in the name after RSA_DECRYPT_
correspond to the following
parameters: padding algorithm, modulus bit length, and digest algorithm.
Algorithms beginning with EC_SIGN_
are usable with
[CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
[ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN].
The fields in the name after EC_SIGN_
correspond to the following
parameters: elliptic curve, digest algorithm.
Algorithms beginning with HMAC_
are usable with
[CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
[MAC][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.MAC].
The suffix following HMAC_
corresponds to the hash algorithm being used
(eg. SHA256).
For more information, see Key purposes and algorithms.
CryptoKeyVersion_CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED, CryptoKeyVersion_GOOGLE_SYMMETRIC_ENCRYPTION, CryptoKeyVersion_AES_128_GCM, CryptoKeyVersion_AES_256_GCM, CryptoKeyVersion_AES_128_CBC, CryptoKeyVersion_AES_256_CBC, CryptoKeyVersion_AES_128_CTR, CryptoKeyVersion_AES_256_CTR, CryptoKeyVersion_RSA_SIGN_PSS_2048_SHA256, CryptoKeyVersion_RSA_SIGN_PSS_3072_SHA256, CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA256, CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA512, CryptoKeyVersion_RSA_SIGN_PKCS1_2048_SHA256, CryptoKeyVersion_RSA_SIGN_PKCS1_3072_SHA256, CryptoKeyVersion_RSA_SIGN_PKCS1_4096_SHA256, CryptoKeyVersion_RSA_SIGN_PKCS1_4096_SHA512, CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_2048, CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_3072, CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_4096, CryptoKeyVersion_RSA_DECRYPT_OAEP_2048_SHA256, CryptoKeyVersion_RSA_DECRYPT_OAEP_3072_SHA256, CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA256, CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA512, CryptoKeyVersion_RSA_DECRYPT_OAEP_2048_SHA1, CryptoKeyVersion_RSA_DECRYPT_OAEP_3072_SHA1, CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA1, CryptoKeyVersion_EC_SIGN_P256_SHA256, CryptoKeyVersion_EC_SIGN_P384_SHA384, CryptoKeyVersion_EC_SIGN_SECP256K1_SHA256, CryptoKeyVersion_EC_SIGN_ED25519, CryptoKeyVersion_HMAC_SHA256, CryptoKeyVersion_HMAC_SHA1, CryptoKeyVersion_HMAC_SHA384, CryptoKeyVersion_HMAC_SHA512, CryptoKeyVersion_HMAC_SHA224, CryptoKeyVersion_EXTERNAL_SYMMETRIC_ENCRYPTION
const (
// Not specified.
CryptoKeyVersion_CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED CryptoKeyVersion_CryptoKeyVersionAlgorithm = 0
// Creates symmetric encryption keys.
CryptoKeyVersion_GOOGLE_SYMMETRIC_ENCRYPTION CryptoKeyVersion_CryptoKeyVersionAlgorithm = 1
// AES-GCM (Galois Counter Mode) using 128-bit keys.
CryptoKeyVersion_AES_128_GCM CryptoKeyVersion_CryptoKeyVersionAlgorithm = 41
// AES-GCM (Galois Counter Mode) using 256-bit keys.
CryptoKeyVersion_AES_256_GCM CryptoKeyVersion_CryptoKeyVersionAlgorithm = 19
// AES-CBC (Cipher Block Chaining Mode) using 128-bit keys.
CryptoKeyVersion_AES_128_CBC CryptoKeyVersion_CryptoKeyVersionAlgorithm = 42
// AES-CBC (Cipher Block Chaining Mode) using 256-bit keys.
CryptoKeyVersion_AES_256_CBC CryptoKeyVersion_CryptoKeyVersionAlgorithm = 43
// AES-CTR (Counter Mode) using 128-bit keys.
CryptoKeyVersion_AES_128_CTR CryptoKeyVersion_CryptoKeyVersionAlgorithm = 44
// AES-CTR (Counter Mode) using 256-bit keys.
CryptoKeyVersion_AES_256_CTR CryptoKeyVersion_CryptoKeyVersionAlgorithm = 45
// RSASSA-PSS 2048 bit key with a SHA256 digest.
CryptoKeyVersion_RSA_SIGN_PSS_2048_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 2
// RSASSA-PSS 3072 bit key with a SHA256 digest.
CryptoKeyVersion_RSA_SIGN_PSS_3072_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 3
// RSASSA-PSS 4096 bit key with a SHA256 digest.
CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 4
// RSASSA-PSS 4096 bit key with a SHA512 digest.
CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 15
// RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
CryptoKeyVersion_RSA_SIGN_PKCS1_2048_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 5
// RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
CryptoKeyVersion_RSA_SIGN_PKCS1_3072_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 6
// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
CryptoKeyVersion_RSA_SIGN_PKCS1_4096_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 7
// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
CryptoKeyVersion_RSA_SIGN_PKCS1_4096_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 16
// RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_2048 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 28
// RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_3072 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 29
// RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_4096 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 30
// RSAES-OAEP 2048 bit key with a SHA256 digest.
CryptoKeyVersion_RSA_DECRYPT_OAEP_2048_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 8
// RSAES-OAEP 3072 bit key with a SHA256 digest.
CryptoKeyVersion_RSA_DECRYPT_OAEP_3072_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 9
// RSAES-OAEP 4096 bit key with a SHA256 digest.
CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 10
// RSAES-OAEP 4096 bit key with a SHA512 digest.
CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 17
// RSAES-OAEP 2048 bit key with a SHA1 digest.
CryptoKeyVersion_RSA_DECRYPT_OAEP_2048_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 37
// RSAES-OAEP 3072 bit key with a SHA1 digest.
CryptoKeyVersion_RSA_DECRYPT_OAEP_3072_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 38
// RSAES-OAEP 4096 bit key with a SHA1 digest.
CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 39
// ECDSA on the NIST P-256 curve with a SHA256 digest.
// Other hash functions can also be used:
// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
CryptoKeyVersion_EC_SIGN_P256_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 12
// ECDSA on the NIST P-384 curve with a SHA384 digest.
// Other hash functions can also be used:
// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
CryptoKeyVersion_EC_SIGN_P384_SHA384 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 13
// ECDSA on the non-NIST secp256k1 curve. This curve is only supported for
// HSM protection level.
// Other hash functions can also be used:
// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
CryptoKeyVersion_EC_SIGN_SECP256K1_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 31
// EdDSA on the Curve25519 in pure mode (taking data as input).
CryptoKeyVersion_EC_SIGN_ED25519 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 40
// HMAC-SHA256 signing with a 256 bit key.
CryptoKeyVersion_HMAC_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 32
// HMAC-SHA1 signing with a 160 bit key.
CryptoKeyVersion_HMAC_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 33
// HMAC-SHA384 signing with a 384 bit key.
CryptoKeyVersion_HMAC_SHA384 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 34
// HMAC-SHA512 signing with a 512 bit key.
CryptoKeyVersion_HMAC_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 35
// HMAC-SHA224 signing with a 224 bit key.
CryptoKeyVersion_HMAC_SHA224 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 36
// Algorithm representing symmetric encryption by an external key manager.
CryptoKeyVersion_EXTERNAL_SYMMETRIC_ENCRYPTION CryptoKeyVersion_CryptoKeyVersionAlgorithm = 18
)
func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Descriptor
func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Descriptor() protoreflect.EnumDescriptor
func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Enum
func (x CryptoKeyVersion_CryptoKeyVersionAlgorithm) Enum() *CryptoKeyVersion_CryptoKeyVersionAlgorithm
func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) EnumDescriptor
func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) EnumDescriptor() ([]byte, []int)
Deprecated: Use CryptoKeyVersion_CryptoKeyVersionAlgorithm.Descriptor instead.
func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Number
func (x CryptoKeyVersion_CryptoKeyVersionAlgorithm) Number() protoreflect.EnumNumber
func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) String
func (x CryptoKeyVersion_CryptoKeyVersionAlgorithm) String() string
func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Type
func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Type() protoreflect.EnumType
CryptoKeyVersion_CryptoKeyVersionState
type CryptoKeyVersion_CryptoKeyVersionState int32
The state of a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], indicating if it can be used.
CryptoKeyVersion_CRYPTO_KEY_VERSION_STATE_UNSPECIFIED, CryptoKeyVersion_PENDING_GENERATION, CryptoKeyVersion_ENABLED, CryptoKeyVersion_DISABLED, CryptoKeyVersion_DESTROYED, CryptoKeyVersion_DESTROY_SCHEDULED, CryptoKeyVersion_PENDING_IMPORT, CryptoKeyVersion_IMPORT_FAILED, CryptoKeyVersion_GENERATION_FAILED, CryptoKeyVersion_PENDING_EXTERNAL_DESTRUCTION, CryptoKeyVersion_EXTERNAL_DESTRUCTION_FAILED
const (
// Not specified.
CryptoKeyVersion_CRYPTO_KEY_VERSION_STATE_UNSPECIFIED CryptoKeyVersion_CryptoKeyVersionState = 0
// This version is still being generated. It may not be used, enabled,
// disabled, or destroyed yet. Cloud KMS will automatically mark this
// version
// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
// as soon as the version is ready.
CryptoKeyVersion_PENDING_GENERATION CryptoKeyVersion_CryptoKeyVersionState = 5
// This version may be used for cryptographic operations.
CryptoKeyVersion_ENABLED CryptoKeyVersion_CryptoKeyVersionState = 1
// This version may not be used, but the key material is still available,
// and the version can be placed back into the
// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
// state.
CryptoKeyVersion_DISABLED CryptoKeyVersion_CryptoKeyVersionState = 2
// This version is destroyed, and the key material is no longer stored.
// This version may only become
// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
// again if this version is
// [reimport_eligible][google.cloud.kms.v1.CryptoKeyVersion.reimport_eligible]
// and the original key material is reimported with a call to
// [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion].
CryptoKeyVersion_DESTROYED CryptoKeyVersion_CryptoKeyVersionState = 3
// This version is scheduled for destruction, and will be destroyed soon.
// Call
// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
// to put it back into the
// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]
// state.
CryptoKeyVersion_DESTROY_SCHEDULED CryptoKeyVersion_CryptoKeyVersionState = 4
// This version is still being imported. It may not be used, enabled,
// disabled, or destroyed yet. Cloud KMS will automatically mark this
// version
// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
// as soon as the version is ready.
CryptoKeyVersion_PENDING_IMPORT CryptoKeyVersion_CryptoKeyVersionState = 6
// This version was not imported successfully. It may not be used, enabled,
// disabled, or destroyed. The submitted key material has been discarded.
// Additional details can be found in
// [CryptoKeyVersion.import_failure_reason][google.cloud.kms.v1.CryptoKeyVersion.import_failure_reason].
CryptoKeyVersion_IMPORT_FAILED CryptoKeyVersion_CryptoKeyVersionState = 7
// This version was not generated successfully. It may not be used, enabled,
// disabled, or destroyed. Additional details can be found in
// [CryptoKeyVersion.generation_failure_reason][google.cloud.kms.v1.CryptoKeyVersion.generation_failure_reason].
CryptoKeyVersion_GENERATION_FAILED CryptoKeyVersion_CryptoKeyVersionState = 8
// This version was destroyed, and it may not be used or enabled again.
// Cloud KMS is waiting for the corresponding key material residing in an
// external key manager to be destroyed.
CryptoKeyVersion_PENDING_EXTERNAL_DESTRUCTION CryptoKeyVersion_CryptoKeyVersionState = 9
// This version was destroyed, and it may not be used or enabled again.
// However, Cloud KMS could not confirm that the corresponding key material
// residing in an external key manager was destroyed. Additional details can
// be found in
// [CryptoKeyVersion.external_destruction_failure_reason][google.cloud.kms.v1.CryptoKeyVersion.external_destruction_failure_reason].
CryptoKeyVersion_EXTERNAL_DESTRUCTION_FAILED CryptoKeyVersion_CryptoKeyVersionState = 10
)
func (CryptoKeyVersion_CryptoKeyVersionState) Descriptor
func (CryptoKeyVersion_CryptoKeyVersionState) Descriptor() protoreflect.EnumDescriptor
func (CryptoKeyVersion_CryptoKeyVersionState) Enum
func (CryptoKeyVersion_CryptoKeyVersionState) EnumDescriptor
func (CryptoKeyVersion_CryptoKeyVersionState) EnumDescriptor() ([]byte, []int)
Deprecated: Use CryptoKeyVersion_CryptoKeyVersionState.Descriptor instead.
func (CryptoKeyVersion_CryptoKeyVersionState) Number
func (x CryptoKeyVersion_CryptoKeyVersionState) Number() protoreflect.EnumNumber
func (CryptoKeyVersion_CryptoKeyVersionState) String
func (x CryptoKeyVersion_CryptoKeyVersionState) String() string
func (CryptoKeyVersion_CryptoKeyVersionState) Type
func (CryptoKeyVersion_CryptoKeyVersionState) Type() protoreflect.EnumType
CryptoKeyVersion_CryptoKeyVersionView
type CryptoKeyVersion_CryptoKeyVersionView int32
A view for [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]s. Controls the level of detail returned for [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] in [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions] and [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys].
CryptoKeyVersion_CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED, CryptoKeyVersion_FULL
const (
// Default view for each
// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Does not
// include the
// [attestation][google.cloud.kms.v1.CryptoKeyVersion.attestation] field.
CryptoKeyVersion_CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED CryptoKeyVersion_CryptoKeyVersionView = 0
// Provides all fields in each
// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], including the
// [attestation][google.cloud.kms.v1.CryptoKeyVersion.attestation].
CryptoKeyVersion_FULL CryptoKeyVersion_CryptoKeyVersionView = 1
)
func (CryptoKeyVersion_CryptoKeyVersionView) Descriptor
func (CryptoKeyVersion_CryptoKeyVersionView) Descriptor() protoreflect.EnumDescriptor
func (CryptoKeyVersion_CryptoKeyVersionView) Enum
func (CryptoKeyVersion_CryptoKeyVersionView) EnumDescriptor
func (CryptoKeyVersion_CryptoKeyVersionView) EnumDescriptor() ([]byte, []int)
Deprecated: Use CryptoKeyVersion_CryptoKeyVersionView.Descriptor instead.
func (CryptoKeyVersion_CryptoKeyVersionView) Number
func (x CryptoKeyVersion_CryptoKeyVersionView) Number() protoreflect.EnumNumber
func (CryptoKeyVersion_CryptoKeyVersionView) String
func (x CryptoKeyVersion_CryptoKeyVersionView) String() string
func (CryptoKeyVersion_CryptoKeyVersionView) Type
func (CryptoKeyVersion_CryptoKeyVersionView) Type() protoreflect.EnumType
CryptoKey_CryptoKeyPurpose
type CryptoKey_CryptoKeyPurpose int32
[CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] describes the cryptographic capabilities of a [CryptoKey][google.cloud.kms.v1.CryptoKey]. A given key can only be used for the operations allowed by its purpose. For more information, see Key purposes.
CryptoKey_CRYPTO_KEY_PURPOSE_UNSPECIFIED, CryptoKey_ENCRYPT_DECRYPT, CryptoKey_ASYMMETRIC_SIGN, CryptoKey_ASYMMETRIC_DECRYPT, CryptoKey_RAW_ENCRYPT_DECRYPT, CryptoKey_MAC
const (
// Not specified.
CryptoKey_CRYPTO_KEY_PURPOSE_UNSPECIFIED CryptoKey_CryptoKeyPurpose = 0
// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
// with [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and
// [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
CryptoKey_ENCRYPT_DECRYPT CryptoKey_CryptoKeyPurpose = 1
// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
// with
// [AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]
// and
// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
CryptoKey_ASYMMETRIC_SIGN CryptoKey_CryptoKeyPurpose = 5
// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
// with
// [AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]
// and
// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
CryptoKey_ASYMMETRIC_DECRYPT CryptoKey_CryptoKeyPurpose = 6
// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
// with [RawEncrypt][google.cloud.kms.v1.KeyManagementService.RawEncrypt]
// and [RawDecrypt][google.cloud.kms.v1.KeyManagementService.RawDecrypt].
// This purpose is meant to be used for interoperable symmetric
// encryption and does not support automatic CryptoKey rotation.
CryptoKey_RAW_ENCRYPT_DECRYPT CryptoKey_CryptoKeyPurpose = 7
// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
// with [MacSign][google.cloud.kms.v1.KeyManagementService.MacSign].
CryptoKey_MAC CryptoKey_CryptoKeyPurpose = 9
)
func (CryptoKey_CryptoKeyPurpose) Descriptor
func (CryptoKey_CryptoKeyPurpose) Descriptor() protoreflect.EnumDescriptor
func (CryptoKey_CryptoKeyPurpose) Enum
func (x CryptoKey_CryptoKeyPurpose) Enum() *CryptoKey_CryptoKeyPurpose
func (CryptoKey_CryptoKeyPurpose) EnumDescriptor
func (CryptoKey_CryptoKeyPurpose) EnumDescriptor() ([]byte, []int)
Deprecated: Use CryptoKey_CryptoKeyPurpose.Descriptor instead.
func (CryptoKey_CryptoKeyPurpose) Number
func (x CryptoKey_CryptoKeyPurpose) Number() protoreflect.EnumNumber
func (CryptoKey_CryptoKeyPurpose) String
func (x CryptoKey_CryptoKeyPurpose) String() string
func (CryptoKey_CryptoKeyPurpose) Type
func (CryptoKey_CryptoKeyPurpose) Type() protoreflect.EnumType
CryptoKey_RotationPeriod
type CryptoKey_RotationPeriod struct {
// [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time]
// will be advanced by this period when the service automatically rotates a
// key. Must be at least 24 hours and at most 876,000 hours.
//
// If [rotation_period][google.cloud.kms.v1.CryptoKey.rotation_period] is
// set,
// [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time]
// must also be set.
//
// Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose]
// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]
// support automatic rotation. For other keys, this field must be omitted.
RotationPeriod *durationpb.Duration `protobuf:"bytes,8,opt,name=rotation_period,json=rotationPeriod,proto3,oneof"`
}
DecryptRequest
type DecryptRequest struct {
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
AdditionalAuthenticatedData []byte "" /* 144 byte string literal not displayed */
CiphertextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,5,opt,name=ciphertext_crc32c,json=ciphertextCrc32c,proto3" json:"ciphertext_crc32c,omitempty"`
AdditionalAuthenticatedDataCrc32C *wrapperspb.Int64Value "" /* 164 byte string literal not displayed */
}
Request message for [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
func (*DecryptRequest) Descriptor
func (*DecryptRequest) Descriptor() ([]byte, []int)
Deprecated: Use DecryptRequest.ProtoReflect.Descriptor instead.
func (*DecryptRequest) GetAdditionalAuthenticatedData
func (x *DecryptRequest) GetAdditionalAuthenticatedData() []byte
func (*DecryptRequest) GetAdditionalAuthenticatedDataCrc32C
func (x *DecryptRequest) GetAdditionalAuthenticatedDataCrc32C() *wrapperspb.Int64Value
func (*DecryptRequest) GetCiphertext
func (x *DecryptRequest) GetCiphertext() []byte
func (*DecryptRequest) GetCiphertextCrc32C
func (x *DecryptRequest) GetCiphertextCrc32C() *wrapperspb.Int64Value
func (*DecryptRequest) GetName
func (x *DecryptRequest) GetName() string
func (*DecryptRequest) ProtoMessage
func (*DecryptRequest) ProtoMessage()
func (*DecryptRequest) ProtoReflect
func (x *DecryptRequest) ProtoReflect() protoreflect.Message
func (*DecryptRequest) Reset
func (x *DecryptRequest) Reset()
func (*DecryptRequest) String
func (x *DecryptRequest) String() string
DecryptResponse
type DecryptResponse struct {
Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
PlaintextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,2,opt,name=plaintext_crc32c,json=plaintextCrc32c,proto3" json:"plaintext_crc32c,omitempty"`
UsedPrimary bool `protobuf:"varint,3,opt,name=used_primary,json=usedPrimary,proto3" json:"used_primary,omitempty"`
ProtectionLevel ProtectionLevel "" /* 148 byte string literal not displayed */
}
Response message for [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
func (*DecryptResponse) Descriptor
func (*DecryptResponse) Descriptor() ([]byte, []int)
Deprecated: Use DecryptResponse.ProtoReflect.Descriptor instead.
func (*DecryptResponse) GetPlaintext
func (x *DecryptResponse) GetPlaintext() []byte
func (*DecryptResponse) GetPlaintextCrc32C
func (x *DecryptResponse) GetPlaintextCrc32C() *wrapperspb.Int64Value
func (*DecryptResponse) GetProtectionLevel
func (x *DecryptResponse) GetProtectionLevel() ProtectionLevel
func (*DecryptResponse) GetUsedPrimary
func (x *DecryptResponse) GetUsedPrimary() bool
func (*DecryptResponse) ProtoMessage
func (*DecryptResponse) ProtoMessage()
func (*DecryptResponse) ProtoReflect
func (x *DecryptResponse) ProtoReflect() protoreflect.Message
func (*DecryptResponse) Reset
func (x *DecryptResponse) Reset()
func (*DecryptResponse) String
func (x *DecryptResponse) String() string
DestroyCryptoKeyVersionRequest
type DestroyCryptoKeyVersionRequest struct {
// Required. The resource name of the
// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to destroy.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
Request message for [KeyManagementService.DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion].
func (*DestroyCryptoKeyVersionRequest) Descriptor
func (*DestroyCryptoKeyVersionRequest) Descriptor() ([]byte, []int)
Deprecated: Use DestroyCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.
func (*DestroyCryptoKeyVersionRequest) GetName
func (x *DestroyCryptoKeyVersionRequest) GetName() string
func (*DestroyCryptoKeyVersionRequest) ProtoMessage
func (*DestroyCryptoKeyVersionRequest) ProtoMessage()
func (*DestroyCryptoKeyVersionRequest) ProtoReflect
func (x *DestroyCryptoKeyVersionRequest) ProtoReflect() protoreflect.Message
func (*DestroyCryptoKeyVersionRequest) Reset
func (x *DestroyCryptoKeyVersionRequest) Reset()
func (*DestroyCryptoKeyVersionRequest) String
func (x *DestroyCryptoKeyVersionRequest) String() string
Digest
type Digest struct {
// Required. The message digest.
//
// Types that are assignable to Digest:
//
// *Digest_Sha256
// *Digest_Sha384
// *Digest_Sha512
Digest isDigest_Digest `protobuf_oneof:"digest"`
// contains filtered or unexported fields
}
A [Digest][google.cloud.kms.v1.Digest] holds a cryptographic message digest.
func (*Digest) Descriptor
Deprecated: Use Digest.ProtoReflect.Descriptor instead.
func (*Digest) GetDigest
func (m *Digest) GetDigest() isDigest_Digest
func (*Digest) GetSha256
func (*Digest) GetSha384
func (*Digest) GetSha512
func (*Digest) ProtoMessage
func (*Digest) ProtoMessage()
func (*Digest) ProtoReflect
func (x *Digest) ProtoReflect() protoreflect.Message
func (*Digest) Reset
func (x *Digest) Reset()
func (*Digest) String
Digest_Sha256
type Digest_Sha256 struct {
// A message digest produced with the SHA-256 algorithm.
Sha256 []byte `protobuf:"bytes,1,opt,name=sha256,proto3,oneof"`
}
Digest_Sha384
type Digest_Sha384 struct {
// A message digest produced with the SHA-384 algorithm.
Sha384 []byte `protobuf:"bytes,2,opt,name=sha384,proto3,oneof"`
}
Digest_Sha512
type Digest_Sha512 struct {
// A message digest produced with the SHA-512 algorithm.
Sha512 []byte `protobuf:"bytes,3,opt,name=sha512,proto3,oneof"`
}
EkmConfig
type EkmConfig struct {
// Output only. The resource name for the
// [EkmConfig][google.cloud.kms.v1.EkmConfig] in the format
// `projects/*/locations/*/ekmConfig`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. Resource name of the default
// [EkmConnection][google.cloud.kms.v1.EkmConnection]. Setting this field to
// the empty string removes the default.
DefaultEkmConnection string `protobuf:"bytes,2,opt,name=default_ekm_connection,json=defaultEkmConnection,proto3" json:"default_ekm_connection,omitempty"`
// contains filtered or unexported fields
}
An [EkmConfig][google.cloud.kms.v1.EkmConfig] is a singleton resource that represents configuration parameters that apply to all [CryptoKeys][google.cloud.kms.v1.CryptoKey] and [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] with a [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of [EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC] in a given project and location.
func (*EkmConfig) Descriptor
Deprecated: Use EkmConfig.ProtoReflect.Descriptor instead.
func (*EkmConfig) GetDefaultEkmConnection
func (*EkmConfig) GetName
func (*EkmConfig) ProtoMessage
func (*EkmConfig) ProtoMessage()
func (*EkmConfig) ProtoReflect
func (x *EkmConfig) ProtoReflect() protoreflect.Message
func (*EkmConfig) Reset
func (x *EkmConfig) Reset()
func (*EkmConfig) String
EkmConnection
type EkmConnection struct {
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
CreateTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
ServiceResolvers []*EkmConnection_ServiceResolver `protobuf:"bytes,3,rep,name=service_resolvers,json=serviceResolvers,proto3" json:"service_resolvers,omitempty"`
Etag string `protobuf:"bytes,5,opt,name=etag,proto3" json:"etag,omitempty"`
KeyManagementMode EkmConnection_KeyManagementMode "" /* 172 byte string literal not displayed */
CryptoSpacePath string `protobuf:"bytes,7,opt,name=crypto_space_path,json=cryptoSpacePath,proto3" json:"crypto_space_path,omitempty"`
}
An [EkmConnection][google.cloud.kms.v1.EkmConnection] represents an individual EKM connection. It can be used for creating [CryptoKeys][google.cloud.kms.v1.CryptoKey] and [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] with a [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of [EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC], as well as performing cryptographic operations using keys created within the [EkmConnection][google.cloud.kms.v1.EkmConnection].
func (*EkmConnection) Descriptor
func (*EkmConnection) Descriptor() ([]byte, []int)
Deprecated: Use EkmConnection.ProtoReflect.Descriptor instead.
func (*EkmConnection) GetCreateTime
func (x *EkmConnection) GetCreateTime() *timestamppb.Timestamp
func (*EkmConnection) GetCryptoSpacePath
func (x *EkmConnection) GetCryptoSpacePath() string
func (*EkmConnection) GetEtag
func (x *EkmConnection) GetEtag() string
func (*EkmConnection) GetKeyManagementMode
func (x *EkmConnection) GetKeyManagementMode() EkmConnection_KeyManagementMode
func (*EkmConnection) GetName
func (x *EkmConnection) GetName() string
func (*EkmConnection) GetServiceResolvers
func (x *EkmConnection) GetServiceResolvers() []*EkmConnection_ServiceResolver
func (*EkmConnection) ProtoMessage
func (*EkmConnection) ProtoMessage()
func (*EkmConnection) ProtoReflect
func (x *EkmConnection) ProtoReflect() protoreflect.Message
func (*EkmConnection) Reset
func (x *EkmConnection) Reset()
func (*EkmConnection) String
func (x *EkmConnection) String() string
EkmConnection_KeyManagementMode
type EkmConnection_KeyManagementMode int32
[KeyManagementMode][google.cloud.kms.v1.EkmConnection.KeyManagementMode] describes who can perform control plane cryptographic operations using this [EkmConnection][google.cloud.kms.v1.EkmConnection].
EkmConnection_KEY_MANAGEMENT_MODE_UNSPECIFIED, EkmConnection_MANUAL, EkmConnection_CLOUD_KMS
const (
// Not specified.
EkmConnection_KEY_MANAGEMENT_MODE_UNSPECIFIED EkmConnection_KeyManagementMode = 0
// EKM-side key management operations on
// [CryptoKeys][google.cloud.kms.v1.CryptoKey] created with this
// [EkmConnection][google.cloud.kms.v1.EkmConnection] must be initiated from
// the EKM directly and cannot be performed from Cloud KMS. This means that:
// * When creating a
// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] associated with
// this
//
// [EkmConnection][google.cloud.kms.v1.EkmConnection], the caller must
// supply the key path of pre-existing external key material that will be
// linked to the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
// - Destruction of external key material cannot be requested via the
// Cloud KMS API and must be performed directly in the EKM.
// - Automatic rotation of key material is not supported.
EkmConnection_MANUAL EkmConnection_KeyManagementMode = 1
// All [CryptoKeys][google.cloud.kms.v1.CryptoKey] created with this
// [EkmConnection][google.cloud.kms.v1.EkmConnection] use EKM-side key
// management operations initiated from Cloud KMS. This means that:
// * When a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
// associated with this [EkmConnection][google.cloud.kms.v1.EkmConnection]
// is
//
// created, the EKM automatically generates new key material and a new
// key path. The caller cannot supply the key path of pre-existing
// external key material.
// - Destruction of external key material associated with this
// [EkmConnection][google.cloud.kms.v1.EkmConnection] can be requested by
// calling [DestroyCryptoKeyVersion][EkmService.DestroyCryptoKeyVersion].
// - Automatic rotation of key material is supported.
EkmConnection_CLOUD_KMS EkmConnection_KeyManagementMode = 2
)
func (EkmConnection_KeyManagementMode) Descriptor
func (EkmConnection_KeyManagementMode) Descriptor() protoreflect.EnumDescriptor
func (EkmConnection_KeyManagementMode) Enum
func (x EkmConnection_KeyManagementMode) Enum() *EkmConnection_KeyManagementMode
func (EkmConnection_KeyManagementMode) EnumDescriptor
func (EkmConnection_KeyManagementMode) EnumDescriptor() ([]byte, []int)
Deprecated: Use EkmConnection_KeyManagementMode.Descriptor instead.
func (EkmConnection_KeyManagementMode) Number
func (x EkmConnection_KeyManagementMode) Number() protoreflect.EnumNumber
func (EkmConnection_KeyManagementMode) String
func (x EkmConnection_KeyManagementMode) String() string
func (EkmConnection_KeyManagementMode) Type
func (EkmConnection_KeyManagementMode) Type() protoreflect.EnumType
EkmConnection_ServiceResolver
type EkmConnection_ServiceResolver struct {
ServiceDirectoryService string "" /* 132 byte string literal not displayed */
EndpointFilter string `protobuf:"bytes,2,opt,name=endpoint_filter,json=endpointFilter,proto3" json:"endpoint_filter,omitempty"`
Hostname string `protobuf:"bytes,3,opt,name=hostname,proto3" json:"hostname,omitempty"`
ServerCertificates []*Certificate `protobuf:"bytes,4,rep,name=server_certificates,json=serverCertificates,proto3" json:"server_certificates,omitempty"`
}
A [ServiceResolver][google.cloud.kms.v1.EkmConnection.ServiceResolver] represents an EKM replica that can be reached within an [EkmConnection][google.cloud.kms.v1.EkmConnection].
func (*EkmConnection_ServiceResolver) Descriptor
func (*EkmConnection_ServiceResolver) Descriptor() ([]byte, []int)
Deprecated: Use EkmConnection_ServiceResolver.ProtoReflect.Descriptor instead.
func (*EkmConnection_ServiceResolver) GetEndpointFilter
func (x *EkmConnection_ServiceResolver) GetEndpointFilter() string
func (*EkmConnection_ServiceResolver) GetHostname
func (x *EkmConnection_ServiceResolver) GetHostname() string
func (*EkmConnection_ServiceResolver) GetServerCertificates
func (x *EkmConnection_ServiceResolver) GetServerCertificates() []*Certificate
func (*EkmConnection_ServiceResolver) GetServiceDirectoryService
func (x *EkmConnection_ServiceResolver) GetServiceDirectoryService() string
func (*EkmConnection_ServiceResolver) ProtoMessage
func (*EkmConnection_ServiceResolver) ProtoMessage()
func (*EkmConnection_ServiceResolver) ProtoReflect
func (x *EkmConnection_ServiceResolver) ProtoReflect() protoreflect.Message
func (*EkmConnection_ServiceResolver) Reset
func (x *EkmConnection_ServiceResolver) Reset()
func (*EkmConnection_ServiceResolver) String
func (x *EkmConnection_ServiceResolver) String() string
EkmServiceClient
type EkmServiceClient interface {
// Lists [EkmConnections][google.cloud.kms.v1.EkmConnection].
ListEkmConnections(ctx context.Context, in *ListEkmConnectionsRequest, opts ...grpc.CallOption) (*ListEkmConnectionsResponse, error)
// Returns metadata for a given
// [EkmConnection][google.cloud.kms.v1.EkmConnection].
GetEkmConnection(ctx context.Context, in *GetEkmConnectionRequest, opts ...grpc.CallOption) (*EkmConnection, error)
// Creates a new [EkmConnection][google.cloud.kms.v1.EkmConnection] in a given
// Project and Location.
CreateEkmConnection(ctx context.Context, in *CreateEkmConnectionRequest, opts ...grpc.CallOption) (*EkmConnection, error)
// Updates an [EkmConnection][google.cloud.kms.v1.EkmConnection]'s metadata.
UpdateEkmConnection(ctx context.Context, in *UpdateEkmConnectionRequest, opts ...grpc.CallOption) (*EkmConnection, error)
// Returns the [EkmConfig][google.cloud.kms.v1.EkmConfig] singleton resource
// for a given project and location.
GetEkmConfig(ctx context.Context, in *GetEkmConfigRequest, opts ...grpc.CallOption) (*EkmConfig, error)
// Updates the [EkmConfig][google.cloud.kms.v1.EkmConfig] singleton resource
// for a given project and location.
UpdateEkmConfig(ctx context.Context, in *UpdateEkmConfigRequest, opts ...grpc.CallOption) (*EkmConfig, error)
// Verifies that Cloud KMS can successfully connect to the external key
// manager specified by an [EkmConnection][google.cloud.kms.v1.EkmConnection].
// If there is an error connecting to the EKM, this method returns a
// FAILED_PRECONDITION status containing structured information as described
// at https://cloud.google.com/kms/docs/reference/ekm_errors.
VerifyConnectivity(ctx context.Context, in *VerifyConnectivityRequest, opts ...grpc.CallOption) (*VerifyConnectivityResponse, error)
}
EkmServiceClient is the client API for EkmService service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
func NewEkmServiceClient
func NewEkmServiceClient(cc grpc.ClientConnInterface) EkmServiceClient
EkmServiceServer
type EkmServiceServer interface {
// Lists [EkmConnections][google.cloud.kms.v1.EkmConnection].
ListEkmConnections(context.Context, *ListEkmConnectionsRequest) (*ListEkmConnectionsResponse, error)
// Returns metadata for a given
// [EkmConnection][google.cloud.kms.v1.EkmConnection].
GetEkmConnection(context.Context, *GetEkmConnectionRequest) (*EkmConnection, error)
// Creates a new [EkmConnection][google.cloud.kms.v1.EkmConnection] in a given
// Project and Location.
CreateEkmConnection(context.Context, *CreateEkmConnectionRequest) (*EkmConnection, error)
// Updates an [EkmConnection][google.cloud.kms.v1.EkmConnection]'s metadata.
UpdateEkmConnection(context.Context, *UpdateEkmConnectionRequest) (*EkmConnection, error)
// Returns the [EkmConfig][google.cloud.kms.v1.EkmConfig] singleton resource
// for a given project and location.
GetEkmConfig(context.Context, *GetEkmConfigRequest) (*EkmConfig, error)
// Updates the [EkmConfig][google.cloud.kms.v1.EkmConfig] singleton resource
// for a given project and location.
UpdateEkmConfig(context.Context, *UpdateEkmConfigRequest) (*EkmConfig, error)
// Verifies that Cloud KMS can successfully connect to the external key
// manager specified by an [EkmConnection][google.cloud.kms.v1.EkmConnection].
// If there is an error connecting to the EKM, this method returns a
// FAILED_PRECONDITION status containing structured information as described
// at https://cloud.google.com/kms/docs/reference/ekm_errors.
VerifyConnectivity(context.Context, *VerifyConnectivityRequest) (*VerifyConnectivityResponse, error)
}
EkmServiceServer is the server API for EkmService service.
EncryptRequest
type EncryptRequest struct {
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
Plaintext []byte `protobuf:"bytes,2,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
AdditionalAuthenticatedData []byte "" /* 144 byte string literal not displayed */
PlaintextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,7,opt,name=plaintext_crc32c,json=plaintextCrc32c,proto3" json:"plaintext_crc32c,omitempty"`
AdditionalAuthenticatedDataCrc32C *wrapperspb.Int64Value "" /* 164 byte string literal not displayed */
}
Request message for [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
func (*EncryptRequest) Descriptor
func (*EncryptRequest) Descriptor() ([]byte, []int)
Deprecated: Use EncryptRequest.ProtoReflect.Descriptor instead.
func (*EncryptRequest) GetAdditionalAuthenticatedData
func (x *EncryptRequest) GetAdditionalAuthenticatedData() []byte
func (*EncryptRequest) GetAdditionalAuthenticatedDataCrc32C
func (x *EncryptRequest) GetAdditionalAuthenticatedDataCrc32C() *wrapperspb.Int64Value
func (*EncryptRequest) GetName
func (x *EncryptRequest) GetName() string
func (*EncryptRequest) GetPlaintext
func (x *EncryptRequest) GetPlaintext() []byte
func (*EncryptRequest) GetPlaintextCrc32C
func (x *EncryptRequest) GetPlaintextCrc32C() *wrapperspb.Int64Value
func (*EncryptRequest) ProtoMessage
func (*EncryptRequest) ProtoMessage()
func (*EncryptRequest) ProtoReflect
func (x *EncryptRequest) ProtoReflect() protoreflect.Message
func (*EncryptRequest) Reset
func (x *EncryptRequest) Reset()
func (*EncryptRequest) String
func (x *EncryptRequest) String() string
EncryptResponse
type EncryptResponse struct {
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
CiphertextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,4,opt,name=ciphertext_crc32c,json=ciphertextCrc32c,proto3" json:"ciphertext_crc32c,omitempty"`
VerifiedPlaintextCrc32C bool "" /* 133 byte string literal not displayed */
VerifiedAdditionalAuthenticatedDataCrc32C bool "" /* 191 byte string literal not displayed */
ProtectionLevel ProtectionLevel "" /* 148 byte string literal not displayed */
}
Response message for [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
func (*EncryptResponse) Descriptor
func (*EncryptResponse) Descriptor() ([]byte, []int)
Deprecated: Use EncryptResponse.ProtoReflect.Descriptor instead.
func (*EncryptResponse) GetCiphertext
func (x *EncryptResponse) GetCiphertext() []byte
func (*EncryptResponse) GetCiphertextCrc32C
func (x *EncryptResponse) GetCiphertextCrc32C() *wrapperspb.Int64Value
func (*EncryptResponse) GetName
func (x *EncryptResponse) GetName() string
func (*EncryptResponse) GetProtectionLevel
func (x *EncryptResponse) GetProtectionLevel() ProtectionLevel
func (*EncryptResponse) GetVerifiedAdditionalAuthenticatedDataCrc32C
func (x *EncryptResponse) GetVerifiedAdditionalAuthenticatedDataCrc32C() bool
func (*EncryptResponse) GetVerifiedPlaintextCrc32C
func (x *EncryptResponse) GetVerifiedPlaintextCrc32C() bool
func (*EncryptResponse) ProtoMessage
func (*EncryptResponse) ProtoMessage()
func (*EncryptResponse) ProtoReflect
func (x *EncryptResponse) ProtoReflect() protoreflect.Message
func (*EncryptResponse) Reset
func (x *EncryptResponse) Reset()
func (*EncryptResponse) String
func (x *EncryptResponse) String() string
ExternalProtectionLevelOptions
type ExternalProtectionLevelOptions struct {
// The URI for an external resource that this
// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] represents.
ExternalKeyUri string `protobuf:"bytes,1,opt,name=external_key_uri,json=externalKeyUri,proto3" json:"external_key_uri,omitempty"`
// The path to the external key material on the EKM when using
// [EkmConnection][google.cloud.kms.v1.EkmConnection] e.g., "v0/my/key". Set
// this field instead of external_key_uri when using an
// [EkmConnection][google.cloud.kms.v1.EkmConnection].
EkmConnectionKeyPath string `protobuf:"bytes,2,opt,name=ekm_connection_key_path,json=ekmConnectionKeyPath,proto3" json:"ekm_connection_key_path,omitempty"`
// contains filtered or unexported fields
}
ExternalProtectionLevelOptions stores a group of additional fields for configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that are specific to the [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level and [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] protection levels.
func (*ExternalProtectionLevelOptions) Descriptor
func (*ExternalProtectionLevelOptions) Descriptor() ([]byte, []int)
Deprecated: Use ExternalProtectionLevelOptions.ProtoReflect.Descriptor instead.
func (*ExternalProtectionLevelOptions) GetEkmConnectionKeyPath
func (x *ExternalProtectionLevelOptions) GetEkmConnectionKeyPath() string
func (*ExternalProtectionLevelOptions) GetExternalKeyUri
func (x *ExternalProtectionLevelOptions) GetExternalKeyUri() string
func (*ExternalProtectionLevelOptions) ProtoMessage
func (*ExternalProtectionLevelOptions) ProtoMessage()
func (*ExternalProtectionLevelOptions) ProtoReflect
func (x *ExternalProtectionLevelOptions) ProtoReflect() protoreflect.Message
func (*ExternalProtectionLevelOptions) Reset
func (x *ExternalProtectionLevelOptions) Reset()
func (*ExternalProtectionLevelOptions) String
func (x *ExternalProtectionLevelOptions) String() string
GenerateRandomBytesRequest
type GenerateRandomBytesRequest struct {
Location string `protobuf:"bytes,1,opt,name=location,proto3" json:"location,omitempty"`
LengthBytes int32 `protobuf:"varint,2,opt,name=length_bytes,json=lengthBytes,proto3" json:"length_bytes,omitempty"`
ProtectionLevel ProtectionLevel "" /* 148 byte string literal not displayed */
}
Request message for [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes].
func (*GenerateRandomBytesRequest) Descriptor
func (*GenerateRandomBytesRequest) Descriptor() ([]byte, []int)
Deprecated: Use GenerateRandomBytesRequest.ProtoReflect.Descriptor instead.
func (*GenerateRandomBytesRequest) GetLengthBytes
func (x *GenerateRandomBytesRequest) GetLengthBytes() int32
func (*GenerateRandomBytesRequest) GetLocation
func (x *GenerateRandomBytesRequest) GetLocation() string
func (*GenerateRandomBytesRequest) GetProtectionLevel
func (x *GenerateRandomBytesRequest) GetProtectionLevel() ProtectionLevel
func (*GenerateRandomBytesRequest) ProtoMessage
func (*GenerateRandomBytesRequest) ProtoMessage()
func (*GenerateRandomBytesRequest) ProtoReflect
func (x *GenerateRandomBytesRequest) ProtoReflect() protoreflect.Message
func (*GenerateRandomBytesRequest) Reset
func (x *GenerateRandomBytesRequest) Reset()
func (*GenerateRandomBytesRequest) String
func (x *GenerateRandomBytesRequest) String() string
GenerateRandomBytesResponse
type GenerateRandomBytesResponse struct {
// The generated data.
Data []byte `protobuf:"bytes,1,opt,name=data,proto3" json:"data,omitempty"`
// Integrity verification field. A CRC32C checksum of the returned
// [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data].
// An integrity check of
// [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data]
// can be performed by computing the CRC32C checksum of
// [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data]
// and comparing your results to this field. Discard the response in case of
// non-matching checksum values, and perform a limited number of retries. A
// persistent mismatch may indicate an issue in your computation of the CRC32C
// checksum. Note: This field is defined as int64 for reasons of compatibility
// across different languages. However, it is a non-negative integer, which
// will never exceed 2^32-1, and can be safely downconverted to uint32 in
// languages that support this type.
DataCrc32C *wrapperspb.Int64Value `protobuf:"bytes,3,opt,name=data_crc32c,json=dataCrc32c,proto3" json:"data_crc32c,omitempty"`
// contains filtered or unexported fields
}
Response message for [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes].
func (*GenerateRandomBytesResponse) Descriptor
func (*GenerateRandomBytesResponse) Descriptor() ([]byte, []int)
Deprecated: Use GenerateRandomBytesResponse.ProtoReflect.Descriptor instead.
func (*GenerateRandomBytesResponse) GetData
func (x *GenerateRandomBytesResponse) GetData() []byte
func (*GenerateRandomBytesResponse) GetDataCrc32C
func (x *GenerateRandomBytesResponse) GetDataCrc32C() *wrapperspb.Int64Value
func (*GenerateRandomBytesResponse) ProtoMessage
func (*GenerateRandomBytesResponse) ProtoMessage()
func (*GenerateRandomBytesResponse) ProtoReflect
func (x *GenerateRandomBytesResponse) ProtoReflect() protoreflect.Message
func (*GenerateRandomBytesResponse) Reset
func (x *GenerateRandomBytesResponse) Reset()
func (*GenerateRandomBytesResponse) String
func (x *GenerateRandomBytesResponse) String() string
GetAutokeyConfigRequest
type GetAutokeyConfigRequest struct {
// Required. Name of the [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig]
// resource, e.g. `folders/{FOLDER_NUMBER}/autokeyConfig`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
Request message for [GetAutokeyConfig][google.cloud.kms.v1.AutokeyAdmin.GetAutokeyConfig].
func (*GetAutokeyConfigRequest) Descriptor
func (*GetAutokeyConfigRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetAutokeyConfigRequest.ProtoReflect.Descriptor instead.
func (*GetAutokeyConfigRequest) GetName
func (x *GetAutokeyConfigRequest) GetName() string
func (*GetAutokeyConfigRequest) ProtoMessage
func (*GetAutokeyConfigRequest) ProtoMessage()
func (*GetAutokeyConfigRequest) ProtoReflect
func (x *GetAutokeyConfigRequest) ProtoReflect() protoreflect.Message
func (*GetAutokeyConfigRequest) Reset
func (x *GetAutokeyConfigRequest) Reset()
func (*GetAutokeyConfigRequest) String
func (x *GetAutokeyConfigRequest) String() string
GetCryptoKeyRequest
type GetCryptoKeyRequest struct {
// Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the
// [CryptoKey][google.cloud.kms.v1.CryptoKey] to get.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
Request message for [KeyManagementService.GetCryptoKey][google.cloud.kms.v1.KeyManagementService.GetCryptoKey].
func (*GetCryptoKeyRequest) Descriptor
func (*GetCryptoKeyRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetCryptoKeyRequest.ProtoReflect.Descriptor instead.
func (*GetCryptoKeyRequest) GetName
func (x *GetCryptoKeyRequest) GetName() string
func (*GetCryptoKeyRequest) ProtoMessage
func (*GetCryptoKeyRequest) ProtoMessage()
func (*GetCryptoKeyRequest) ProtoReflect
func (x *GetCryptoKeyRequest) ProtoReflect() protoreflect.Message
func (*GetCryptoKeyRequest) Reset
func (x *GetCryptoKeyRequest) Reset()
func (*GetCryptoKeyRequest) String
func (x *GetCryptoKeyRequest) String() string
GetCryptoKeyVersionRequest
type GetCryptoKeyVersionRequest struct {
// Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the
// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to get.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
Request message for [KeyManagementService.GetCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.GetCryptoKeyVersion].
func (*GetCryptoKeyVersionRequest) Descriptor
func (*GetCryptoKeyVersionRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.
func (*GetCryptoKeyVersionRequest) GetName
func (x *GetCryptoKeyVersionRequest) GetName() string
func (*GetCryptoKeyVersionRequest) ProtoMessage
func (*GetCryptoKeyVersionRequest) ProtoMessage()
func (*GetCryptoKeyVersionRequest) ProtoReflect
func (x *GetCryptoKeyVersionRequest) ProtoReflect() protoreflect.Message
func (*GetCryptoKeyVersionRequest) Reset
func (x *GetCryptoKeyVersionRequest) Reset()
func (*GetCryptoKeyVersionRequest) String
func (x *GetCryptoKeyVersionRequest) String() string
GetEkmConfigRequest
type GetEkmConfigRequest struct {
// Required. The [name][google.cloud.kms.v1.EkmConfig.name] of the
// [EkmConfig][google.cloud.kms.v1.EkmConfig] to get.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
Request message for [EkmService.GetEkmConfig][google.cloud.kms.v1.EkmService.GetEkmConfig].
func (*GetEkmConfigRequest) Descriptor
func (*GetEkmConfigRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetEkmConfigRequest.ProtoReflect.Descriptor instead.
func (*GetEkmConfigRequest) GetName
func (x *GetEkmConfigRequest) GetName() string
func (*GetEkmConfigRequest) ProtoMessage
func (*GetEkmConfigRequest) ProtoMessage()
func (*GetEkmConfigRequest) ProtoReflect
func (x *GetEkmConfigRequest) ProtoReflect() protoreflect.Message
func (*GetEkmConfigRequest) Reset
func (x *GetEkmConfigRequest) Reset()
func (*GetEkmConfigRequest) String
func (x *GetEkmConfigRequest) String() string
GetEkmConnectionRequest
type GetEkmConnectionRequest struct {
// Required. The [name][google.cloud.kms.v1.EkmConnection.name] of the
// [EkmConnection][google.cloud.kms.v1.EkmConnection] to get.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
Request message for [EkmService.GetEkmConnection][google.cloud.kms.v1.EkmService.GetEkmConnection].
func (*GetEkmConnectionRequest) Descriptor
func (*GetEkmConnectionRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetEkmConnectionRequest.ProtoReflect.Descriptor instead.
func (*GetEkmConnectionRequest) GetName
func (x *GetEkmConnectionRequest) GetName() string
func (*GetEkmConnectionRequest) ProtoMessage
func (*GetEkmConnectionRequest) ProtoMessage()
func (*GetEkmConnectionRequest) ProtoReflect
func (x *GetEkmConnectionRequest) ProtoReflect() protoreflect.Message
func (*GetEkmConnectionRequest) Reset
func (x *GetEkmConnectionRequest) Reset()
func (*GetEkmConnectionRequest) String
func (x *GetEkmConnectionRequest) String() string
GetImportJobRequest
type GetImportJobRequest struct {
// Required. The [name][google.cloud.kms.v1.ImportJob.name] of the
// [ImportJob][google.cloud.kms.v1.ImportJob] to get.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
Request message for [KeyManagementService.GetImportJob][google.cloud.kms.v1.KeyManagementService.GetImportJob].
func (*GetImportJobRequest) Descriptor
func (*GetImportJobRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetImportJobRequest.ProtoReflect.Descriptor instead.
func (*GetImportJobRequest) GetName
func (x *GetImportJobRequest) GetName() string
func (*GetImportJobRequest) ProtoMessage
func (*GetImportJobRequest) ProtoMessage()
func (*GetImportJobRequest) ProtoReflect
func (x *GetImportJobRequest) ProtoReflect() protoreflect.Message
func (*GetImportJobRequest) Reset
func (x *GetImportJobRequest) Reset()
func (*GetImportJobRequest) String
func (x *GetImportJobRequest) String() string
GetKeyHandleRequest
type GetKeyHandleRequest struct {
// Required. Name of the [KeyHandle][google.cloud.kms.v1.KeyHandle] resource,
// e.g.
// `projects/{PROJECT_ID}/locations/{LOCATION}/keyHandles/{KEY_HANDLE_ID}`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
Request message for [GetKeyHandle][google.cloud.kms.v1.Autokey.GetKeyHandle].
func (*GetKeyHandleRequest) Descriptor
func (*GetKeyHandleRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetKeyHandleRequest.ProtoReflect.Descriptor instead.
func (*GetKeyHandleRequest) GetName
func (x *GetKeyHandleRequest) GetName() string
func (*GetKeyHandleRequest) ProtoMessage
func (*GetKeyHandleRequest) ProtoMessage()
func (*GetKeyHandleRequest) ProtoReflect
func (x *GetKeyHandleRequest) ProtoReflect() protoreflect.Message
func (*GetKeyHandleRequest) Reset
func (x *GetKeyHandleRequest) Reset()
func (*GetKeyHandleRequest) String
func (x *GetKeyHandleRequest) String() string
GetKeyRingRequest
type GetKeyRingRequest struct {
// Required. The [name][google.cloud.kms.v1.KeyRing.name] of the
// [KeyRing][google.cloud.kms.v1.KeyRing] to get.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
Request message for [KeyManagementService.GetKeyRing][google.cloud.kms.v1.KeyManagementService.GetKeyRing].
func (*GetKeyRingRequest) Descriptor
func (*GetKeyRingRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetKeyRingRequest.ProtoReflect.Descriptor instead.
func (*GetKeyRingRequest) GetName
func (x *GetKeyRingRequest) GetName() string
func (*GetKeyRingRequest) ProtoMessage
func (*GetKeyRingRequest) ProtoMessage()
func (*GetKeyRingRequest) ProtoReflect
func (x *GetKeyRingRequest) ProtoReflect() protoreflect.Message
func (*GetKeyRingRequest) Reset
func (x *GetKeyRingRequest) Reset()
func (*GetKeyRingRequest) String
func (x *GetKeyRingRequest) String() string
GetPublicKeyRequest
type GetPublicKeyRequest struct {
// Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the
// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key to get.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
Request message for [KeyManagementService.GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
func (*GetPublicKeyRequest) Descriptor
func (*GetPublicKeyRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetPublicKeyRequest.ProtoReflect.Descriptor instead.
func (*GetPublicKeyRequest) GetName
func (x *GetPublicKeyRequest) GetName() string
func (*GetPublicKeyRequest) ProtoMessage
func (*GetPublicKeyRequest) ProtoMessage()
func (*GetPublicKeyRequest) ProtoReflect
func (x *GetPublicKeyRequest) ProtoReflect() protoreflect.Message
func (*GetPublicKeyRequest) Reset
func (x *GetPublicKeyRequest) Reset()
func (*GetPublicKeyRequest) String
func (x *GetPublicKeyRequest) String() string
ImportCryptoKeyVersionRequest
type ImportCryptoKeyVersionRequest struct {
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
CryptoKeyVersion string `protobuf:"bytes,6,opt,name=crypto_key_version,json=cryptoKeyVersion,proto3" json:"crypto_key_version,omitempty"`
Algorithm CryptoKeyVersion_CryptoKeyVersionAlgorithm "" /* 140 byte string literal not displayed */
ImportJob string `protobuf:"bytes,4,opt,name=import_job,json=importJob,proto3" json:"import_job,omitempty"`
WrappedKey []byte `protobuf:"bytes,8,opt,name=wrapped_key,json=wrappedKey,proto3" json:"wrapped_key,omitempty"`
WrappedKeyMaterial isImportCryptoKeyVersionRequest_WrappedKeyMaterial `protobuf_oneof:"wrapped_key_material"`
}
Request message for [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion].
func (*ImportCryptoKeyVersionRequest) Descriptor
func (*ImportCryptoKeyVersionRequest) Descriptor() ([]byte, []int)
Deprecated: Use ImportCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.
func (*ImportCryptoKeyVersionRequest) GetAlgorithm
func (x *ImportCryptoKeyVersionRequest) GetAlgorithm() CryptoKeyVersion_CryptoKeyVersionAlgorithm
func (*ImportCryptoKeyVersionRequest) GetCryptoKeyVersion
func (x *ImportCryptoKeyVersionRequest) GetCryptoKeyVersion() string
func (*ImportCryptoKeyVersionRequest) GetImportJob
func (x *ImportCryptoKeyVersionRequest) GetImportJob() string
func (*ImportCryptoKeyVersionRequest) GetParent
func (x *ImportCryptoKeyVersionRequest) GetParent() string
func (*ImportCryptoKeyVersionRequest) GetRsaAesWrappedKey
func (x *ImportCryptoKeyVersionRequest) GetRsaAesWrappedKey() []byte
func (*ImportCryptoKeyVersionRequest) GetWrappedKey
func (x *ImportCryptoKeyVersionRequest) GetWrappedKey() []byte
func (*ImportCryptoKeyVersionRequest) GetWrappedKeyMaterial
func (m *ImportCryptoKeyVersionRequest) GetWrappedKeyMaterial() isImportCryptoKeyVersionRequest_WrappedKeyMaterial
func (*ImportCryptoKeyVersionRequest) ProtoMessage
func (*ImportCryptoKeyVersionRequest) ProtoMessage()
func (*ImportCryptoKeyVersionRequest) ProtoReflect
func (x *ImportCryptoKeyVersionRequest) ProtoReflect() protoreflect.Message
func (*ImportCryptoKeyVersionRequest) Reset
func (x *ImportCryptoKeyVersionRequest) Reset()
func (*ImportCryptoKeyVersionRequest) String
func (x *ImportCryptoKeyVersionRequest) String() string
ImportCryptoKeyVersionRequest_RsaAesWrappedKey
type ImportCryptoKeyVersionRequest_RsaAesWrappedKey struct {
// Optional. This field has the same meaning as
// [wrapped_key][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key].
// Prefer to use that field in new work. Either that field or this field
// (but not both) must be specified.
RsaAesWrappedKey []byte `protobuf:"bytes,5,opt,name=rsa_aes_wrapped_key,json=rsaAesWrappedKey,proto3,oneof"`
}
ImportJob
type ImportJob struct {
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
ImportMethod ImportJob_ImportMethod "" /* 146 byte string literal not displayed */
ProtectionLevel ProtectionLevel "" /* 148 byte string literal not displayed */
CreateTime *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
GenerateTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=generate_time,json=generateTime,proto3" json:"generate_time,omitempty"`
ExpireTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=expire_time,json=expireTime,proto3" json:"expire_time,omitempty"`
ExpireEventTime *timestamppb.Timestamp `protobuf:"bytes,10,opt,name=expire_event_time,json=expireEventTime,proto3" json:"expire_event_time,omitempty"`
State ImportJob_ImportJobState `protobuf:"varint,6,opt,name=state,proto3,enum=google.cloud.kms.v1.ImportJob_ImportJobState" json:"state,omitempty"`
PublicKey *ImportJob_WrappingPublicKey `protobuf:"bytes,7,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
Attestation *KeyOperationAttestation `protobuf:"bytes,8,opt,name=attestation,proto3" json:"attestation,omitempty"`
}
An [ImportJob][google.cloud.kms.v1.ImportJob] can be used to create [CryptoKeys][google.cloud.kms.v1.CryptoKey] and [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] using pre-existing key material, generated outside of Cloud KMS.
When an [ImportJob][google.cloud.kms.v1.ImportJob] is created, Cloud KMS will generate a "wrapping key", which is a public/private key pair. You use the wrapping key to encrypt (also known as wrap) the pre-existing key material to protect it during the import process. The nature of the wrapping key depends on the choice of [import_method][google.cloud.kms.v1.ImportJob.import_method]. When the wrapping key generation is complete, the [state][google.cloud.kms.v1.ImportJob.state] will be set to [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] and the [public_key][google.cloud.kms.v1.ImportJob.public_key] can be fetched. The fetched public key can then be used to wrap your pre-existing key material.
Once the key material is wrapped, it can be imported into a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] by calling [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. Multiple [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] can be imported with a single [ImportJob][google.cloud.kms.v1.ImportJob]. Cloud KMS uses the private key portion of the wrapping key to unwrap the key material. Only Cloud KMS has access to the private key.
An [ImportJob][google.cloud.kms.v1.ImportJob] expires 3 days after it is created. Once expired, Cloud KMS will no longer be able to import or unwrap any key material that was wrapped with the [ImportJob][google.cloud.kms.v1.ImportJob]'s public key.
For more information, see Importing a key.
func (*ImportJob) Descriptor
Deprecated: Use ImportJob.ProtoReflect.Descriptor instead.
func (*ImportJob) GetAttestation
func (x *ImportJob) GetAttestation() *KeyOperationAttestation
func (*ImportJob) GetCreateTime
func (x *ImportJob) GetCreateTime() *timestamppb.Timestamp
func (*ImportJob) GetExpireEventTime
func (x *ImportJob) GetExpireEventTime() *timestamppb.Timestamp
func (*ImportJob) GetExpireTime
func (x *ImportJob) GetExpireTime() *timestamppb.Timestamp
func (*ImportJob) GetGenerateTime
func (x *ImportJob) GetGenerateTime() *timestamppb.Timestamp
func (*ImportJob) GetImportMethod
func (x *ImportJob) GetImportMethod() ImportJob_ImportMethod
func (*ImportJob) GetName
func (*ImportJob) GetProtectionLevel
func (x *ImportJob) GetProtectionLevel() ProtectionLevel
func (*ImportJob) GetPublicKey
func (x *ImportJob) GetPublicKey() *ImportJob_WrappingPublicKey
func (*ImportJob) GetState
func (x *ImportJob) GetState() ImportJob_ImportJobState
func (*ImportJob) ProtoMessage
func (*ImportJob) ProtoMessage()
func (*ImportJob) ProtoReflect
func (x *ImportJob) ProtoReflect() protoreflect.Message
func (*ImportJob) Reset
func (x *ImportJob) Reset()
func (*ImportJob) String
ImportJob_ImportJobState
type ImportJob_ImportJobState int32
The state of the [ImportJob][google.cloud.kms.v1.ImportJob], indicating if it can be used.