Package cloud.google.com/go/kms/apiv1/kmspb (v1.19.1)

Variables

EkmConnection_KeyManagementMode_name, EkmConnection_KeyManagementMode_value

var (
	EkmConnection_KeyManagementMode_name = map[int32]string{
		0: "KEY_MANAGEMENT_MODE_UNSPECIFIED",
		1: "MANUAL",
		2: "CLOUD_KMS",
	}
	EkmConnection_KeyManagementMode_value = map[string]int32{
		"KEY_MANAGEMENT_MODE_UNSPECIFIED": 0,
		"MANUAL":                          1,
		"CLOUD_KMS":                       2,
	}
)

Enum value maps for EkmConnection_KeyManagementMode.

ProtectionLevel_name, ProtectionLevel_value

var (
	ProtectionLevel_name = map[int32]string{
		0: "PROTECTION_LEVEL_UNSPECIFIED",
		1: "SOFTWARE",
		2: "HSM",
		3: "EXTERNAL",
		4: "EXTERNAL_VPC",
	}
	ProtectionLevel_value = map[string]int32{
		"PROTECTION_LEVEL_UNSPECIFIED": 0,
		"SOFTWARE":                     1,
		"HSM":                          2,
		"EXTERNAL":                     3,
		"EXTERNAL_VPC":                 4,
	}
)

Enum value maps for ProtectionLevel.

AccessReason_name, AccessReason_value

var (
	AccessReason_name = map[int32]string{
		0:  "REASON_UNSPECIFIED",
		1:  "CUSTOMER_INITIATED_SUPPORT",
		2:  "GOOGLE_INITIATED_SERVICE",
		3:  "THIRD_PARTY_DATA_REQUEST",
		4:  "GOOGLE_INITIATED_REVIEW",
		5:  "CUSTOMER_INITIATED_ACCESS",
		6:  "GOOGLE_INITIATED_SYSTEM_OPERATION",
		7:  "REASON_NOT_EXPECTED",
		8:  "MODIFIED_CUSTOMER_INITIATED_ACCESS",
		9:  "MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION",
		10: "GOOGLE_RESPONSE_TO_PRODUCTION_ALERT",
		11: "CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING",
	}
	AccessReason_value = map[string]int32{
		"REASON_UNSPECIFIED":                         0,
		"CUSTOMER_INITIATED_SUPPORT":                 1,
		"GOOGLE_INITIATED_SERVICE":                   2,
		"THIRD_PARTY_DATA_REQUEST":                   3,
		"GOOGLE_INITIATED_REVIEW":                    4,
		"CUSTOMER_INITIATED_ACCESS":                  5,
		"GOOGLE_INITIATED_SYSTEM_OPERATION":          6,
		"REASON_NOT_EXPECTED":                        7,
		"MODIFIED_CUSTOMER_INITIATED_ACCESS":         8,
		"MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION": 9,
		"GOOGLE_RESPONSE_TO_PRODUCTION_ALERT":        10,
		"CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING":     11,
	}
)

Enum value maps for AccessReason.

CryptoKey_CryptoKeyPurpose_name, CryptoKey_CryptoKeyPurpose_value

var (
	CryptoKey_CryptoKeyPurpose_name = map[int32]string{
		0: "CRYPTO_KEY_PURPOSE_UNSPECIFIED",
		1: "ENCRYPT_DECRYPT",
		5: "ASYMMETRIC_SIGN",
		6: "ASYMMETRIC_DECRYPT",
		7: "RAW_ENCRYPT_DECRYPT",
		9: "MAC",
	}
	CryptoKey_CryptoKeyPurpose_value = map[string]int32{
		"CRYPTO_KEY_PURPOSE_UNSPECIFIED": 0,
		"ENCRYPT_DECRYPT":                1,
		"ASYMMETRIC_SIGN":                5,
		"ASYMMETRIC_DECRYPT":             6,
		"RAW_ENCRYPT_DECRYPT":            7,
		"MAC":                            9,
	}
)

Enum value maps for CryptoKey_CryptoKeyPurpose.

KeyOperationAttestation_AttestationFormat_name, KeyOperationAttestation_AttestationFormat_value

var (
	KeyOperationAttestation_AttestationFormat_name = map[int32]string{
		0: "ATTESTATION_FORMAT_UNSPECIFIED",
		3: "CAVIUM_V1_COMPRESSED",
		4: "CAVIUM_V2_COMPRESSED",
	}
	KeyOperationAttestation_AttestationFormat_value = map[string]int32{
		"ATTESTATION_FORMAT_UNSPECIFIED": 0,
		"CAVIUM_V1_COMPRESSED":           3,
		"CAVIUM_V2_COMPRESSED":           4,
	}
)

Enum value maps for KeyOperationAttestation_AttestationFormat.

CryptoKeyVersion_CryptoKeyVersionAlgorithm_name, CryptoKeyVersion_CryptoKeyVersionAlgorithm_value

var (
	CryptoKeyVersion_CryptoKeyVersionAlgorithm_name = map[int32]string{
		0:  "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED",
		1:  "GOOGLE_SYMMETRIC_ENCRYPTION",
		41: "AES_128_GCM",
		19: "AES_256_GCM",
		42: "AES_128_CBC",
		43: "AES_256_CBC",
		44: "AES_128_CTR",
		45: "AES_256_CTR",
		2:  "RSA_SIGN_PSS_2048_SHA256",
		3:  "RSA_SIGN_PSS_3072_SHA256",
		4:  "RSA_SIGN_PSS_4096_SHA256",
		15: "RSA_SIGN_PSS_4096_SHA512",
		5:  "RSA_SIGN_PKCS1_2048_SHA256",
		6:  "RSA_SIGN_PKCS1_3072_SHA256",
		7:  "RSA_SIGN_PKCS1_4096_SHA256",
		16: "RSA_SIGN_PKCS1_4096_SHA512",
		28: "RSA_SIGN_RAW_PKCS1_2048",
		29: "RSA_SIGN_RAW_PKCS1_3072",
		30: "RSA_SIGN_RAW_PKCS1_4096",
		8:  "RSA_DECRYPT_OAEP_2048_SHA256",
		9:  "RSA_DECRYPT_OAEP_3072_SHA256",
		10: "RSA_DECRYPT_OAEP_4096_SHA256",
		17: "RSA_DECRYPT_OAEP_4096_SHA512",
		37: "RSA_DECRYPT_OAEP_2048_SHA1",
		38: "RSA_DECRYPT_OAEP_3072_SHA1",
		39: "RSA_DECRYPT_OAEP_4096_SHA1",
		12: "EC_SIGN_P256_SHA256",
		13: "EC_SIGN_P384_SHA384",
		31: "EC_SIGN_SECP256K1_SHA256",
		40: "EC_SIGN_ED25519",
		32: "HMAC_SHA256",
		33: "HMAC_SHA1",
		34: "HMAC_SHA384",
		35: "HMAC_SHA512",
		36: "HMAC_SHA224",
		18: "EXTERNAL_SYMMETRIC_ENCRYPTION",
	}
	CryptoKeyVersion_CryptoKeyVersionAlgorithm_value = map[string]int32{
		"CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED": 0,
		"GOOGLE_SYMMETRIC_ENCRYPTION":              1,
		"AES_128_GCM":                              41,
		"AES_256_GCM":                              19,
		"AES_128_CBC":                              42,
		"AES_256_CBC":                              43,
		"AES_128_CTR":                              44,
		"AES_256_CTR":                              45,
		"RSA_SIGN_PSS_2048_SHA256":                 2,
		"RSA_SIGN_PSS_3072_SHA256":                 3,
		"RSA_SIGN_PSS_4096_SHA256":                 4,
		"RSA_SIGN_PSS_4096_SHA512":                 15,
		"RSA_SIGN_PKCS1_2048_SHA256":               5,
		"RSA_SIGN_PKCS1_3072_SHA256":               6,
		"RSA_SIGN_PKCS1_4096_SHA256":               7,
		"RSA_SIGN_PKCS1_4096_SHA512":               16,
		"RSA_SIGN_RAW_PKCS1_2048":                  28,
		"RSA_SIGN_RAW_PKCS1_3072":                  29,
		"RSA_SIGN_RAW_PKCS1_4096":                  30,
		"RSA_DECRYPT_OAEP_2048_SHA256":             8,
		"RSA_DECRYPT_OAEP_3072_SHA256":             9,
		"RSA_DECRYPT_OAEP_4096_SHA256":             10,
		"RSA_DECRYPT_OAEP_4096_SHA512":             17,
		"RSA_DECRYPT_OAEP_2048_SHA1":               37,
		"RSA_DECRYPT_OAEP_3072_SHA1":               38,
		"RSA_DECRYPT_OAEP_4096_SHA1":               39,
		"EC_SIGN_P256_SHA256":                      12,
		"EC_SIGN_P384_SHA384":                      13,
		"EC_SIGN_SECP256K1_SHA256":                 31,
		"EC_SIGN_ED25519":                          40,
		"HMAC_SHA256":                              32,
		"HMAC_SHA1":                                33,
		"HMAC_SHA384":                              34,
		"HMAC_SHA512":                              35,
		"HMAC_SHA224":                              36,
		"EXTERNAL_SYMMETRIC_ENCRYPTION":            18,
	}
)

Enum value maps for CryptoKeyVersion_CryptoKeyVersionAlgorithm.

CryptoKeyVersion_CryptoKeyVersionState_name, CryptoKeyVersion_CryptoKeyVersionState_value

var (
	CryptoKeyVersion_CryptoKeyVersionState_name = map[int32]string{
		0:  "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED",
		5:  "PENDING_GENERATION",
		1:  "ENABLED",
		2:  "DISABLED",
		3:  "DESTROYED",
		4:  "DESTROY_SCHEDULED",
		6:  "PENDING_IMPORT",
		7:  "IMPORT_FAILED",
		8:  "GENERATION_FAILED",
		9:  "PENDING_EXTERNAL_DESTRUCTION",
		10: "EXTERNAL_DESTRUCTION_FAILED",
	}
	CryptoKeyVersion_CryptoKeyVersionState_value = map[string]int32{
		"CRYPTO_KEY_VERSION_STATE_UNSPECIFIED": 0,
		"PENDING_GENERATION":                   5,
		"ENABLED":                              1,
		"DISABLED":                             2,
		"DESTROYED":                            3,
		"DESTROY_SCHEDULED":                    4,
		"PENDING_IMPORT":                       6,
		"IMPORT_FAILED":                        7,
		"GENERATION_FAILED":                    8,
		"PENDING_EXTERNAL_DESTRUCTION":         9,
		"EXTERNAL_DESTRUCTION_FAILED":          10,
	}
)

Enum value maps for CryptoKeyVersion_CryptoKeyVersionState.

CryptoKeyVersion_CryptoKeyVersionView_name, CryptoKeyVersion_CryptoKeyVersionView_value

var (
	CryptoKeyVersion_CryptoKeyVersionView_name = map[int32]string{
		0: "CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED",
		1: "FULL",
	}
	CryptoKeyVersion_CryptoKeyVersionView_value = map[string]int32{
		"CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED": 0,
		"FULL":                                1,
	}
)

Enum value maps for CryptoKeyVersion_CryptoKeyVersionView.

ImportJob_ImportMethod_name, ImportJob_ImportMethod_value

var (
	ImportJob_ImportMethod_name = map[int32]string{
		0: "IMPORT_METHOD_UNSPECIFIED",
		1: "RSA_OAEP_3072_SHA1_AES_256",
		2: "RSA_OAEP_4096_SHA1_AES_256",
		3: "RSA_OAEP_3072_SHA256_AES_256",
		4: "RSA_OAEP_4096_SHA256_AES_256",
		5: "RSA_OAEP_3072_SHA256",
		6: "RSA_OAEP_4096_SHA256",
	}
	ImportJob_ImportMethod_value = map[string]int32{
		"IMPORT_METHOD_UNSPECIFIED":    0,
		"RSA_OAEP_3072_SHA1_AES_256":   1,
		"RSA_OAEP_4096_SHA1_AES_256":   2,
		"RSA_OAEP_3072_SHA256_AES_256": 3,
		"RSA_OAEP_4096_SHA256_AES_256": 4,
		"RSA_OAEP_3072_SHA256":         5,
		"RSA_OAEP_4096_SHA256":         6,
	}
)

Enum value maps for ImportJob_ImportMethod.

ImportJob_ImportJobState_name, ImportJob_ImportJobState_value

var (
	ImportJob_ImportJobState_name = map[int32]string{
		0: "IMPORT_JOB_STATE_UNSPECIFIED",
		1: "PENDING_GENERATION",
		2: "ACTIVE",
		3: "EXPIRED",
	}
	ImportJob_ImportJobState_value = map[string]int32{
		"IMPORT_JOB_STATE_UNSPECIFIED": 0,
		"PENDING_GENERATION":           1,
		"ACTIVE":                       2,
		"EXPIRED":                      3,
	}
)

Enum value maps for ImportJob_ImportJobState.

File_google_cloud_kms_v1_autokey_admin_proto

var File_google_cloud_kms_v1_autokey_admin_proto protoreflect.FileDescriptor

File_google_cloud_kms_v1_autokey_proto

var File_google_cloud_kms_v1_autokey_proto protoreflect.FileDescriptor

File_google_cloud_kms_v1_ekm_service_proto

var File_google_cloud_kms_v1_ekm_service_proto protoreflect.FileDescriptor

File_google_cloud_kms_v1_resources_proto

var File_google_cloud_kms_v1_resources_proto protoreflect.FileDescriptor

File_google_cloud_kms_v1_service_proto

var File_google_cloud_kms_v1_service_proto protoreflect.FileDescriptor

Functions

func RegisterAutokeyAdminServer

func RegisterAutokeyAdminServer(s *grpc.Server, srv AutokeyAdminServer)

func RegisterAutokeyServer

func RegisterAutokeyServer(s *grpc.Server, srv AutokeyServer)

func RegisterEkmServiceServer

func RegisterEkmServiceServer(s *grpc.Server, srv EkmServiceServer)

func RegisterKeyManagementServiceServer

func RegisterKeyManagementServiceServer(s *grpc.Server, srv KeyManagementServiceServer)

AccessReason

type AccessReason int32

Describes the reason for a data access. Please refer to https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes for the detailed semantic meaning of justification reason codes.

AccessReason_REASON_UNSPECIFIED, AccessReason_CUSTOMER_INITIATED_SUPPORT, AccessReason_GOOGLE_INITIATED_SERVICE, AccessReason_THIRD_PARTY_DATA_REQUEST, AccessReason_GOOGLE_INITIATED_REVIEW, AccessReason_CUSTOMER_INITIATED_ACCESS, AccessReason_GOOGLE_INITIATED_SYSTEM_OPERATION, AccessReason_REASON_NOT_EXPECTED, AccessReason_MODIFIED_CUSTOMER_INITIATED_ACCESS, AccessReason_MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION, AccessReason_GOOGLE_RESPONSE_TO_PRODUCTION_ALERT, AccessReason_CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING

const (
	// Unspecified access reason.
	AccessReason_REASON_UNSPECIFIED AccessReason = 0
	// Customer-initiated support.
	AccessReason_CUSTOMER_INITIATED_SUPPORT AccessReason = 1
	// Google-initiated access for system management and troubleshooting.
	AccessReason_GOOGLE_INITIATED_SERVICE AccessReason = 2
	// Google-initiated access in response to a legal request or legal process.
	AccessReason_THIRD_PARTY_DATA_REQUEST AccessReason = 3
	// Google-initiated access for security, fraud, abuse, or compliance purposes.
	AccessReason_GOOGLE_INITIATED_REVIEW AccessReason = 4
	// Customer uses their account to perform any access to their own data which
	// their IAM policy authorizes.
	AccessReason_CUSTOMER_INITIATED_ACCESS AccessReason = 5
	// Google systems access customer data to help optimize the structure of the
	// data or quality for future uses by the customer.
	AccessReason_GOOGLE_INITIATED_SYSTEM_OPERATION AccessReason = 6
	// No reason is expected for this key request.
	AccessReason_REASON_NOT_EXPECTED AccessReason = 7
	// Customer uses their account to perform any access to their own data which
	// their IAM policy authorizes, and one of the following is true:
	//
	//   - A Google administrator has reset the root-access account associated with
	//     the user's organization within the past 7 days.
	//   - A Google-initiated emergency access operation has interacted with a
	//     resource in the same project or folder as the currently accessed resource
	//     within the past 7 days.
	AccessReason_MODIFIED_CUSTOMER_INITIATED_ACCESS AccessReason = 8
	// Google systems access customer data to help optimize the structure of the
	// data or quality for future uses by the customer, and one of the following
	// is true:
	//
	//   - A Google administrator has reset the root-access account associated with
	//     the user's organization within the past 7 days.
	//   - A Google-initiated emergency access operation has interacted with a
	//     resource in the same project or folder as the currently accessed resource
	//     within the past 7 days.
	AccessReason_MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION AccessReason = 9
	// Google-initiated access to maintain system reliability.
	AccessReason_GOOGLE_RESPONSE_TO_PRODUCTION_ALERT AccessReason = 10
	// One of the following operations is being executed while simultaneously
	// encountering an internal technical issue which prevented a more precise
	// justification code from being generated:
	//
	//   - Your account has been used to perform any access to your own data which
	//     your IAM policy authorizes.
	//   - An automated Google system operates on encrypted customer data which your
	//     IAM policy authorizes.
	//   - Customer-initiated Google support access.
	//   - Google-initiated support access to protect system reliability.
	AccessReason_CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING AccessReason = 11
)

func (AccessReason) Descriptor

func (AccessReason) Enum

func (x AccessReason) Enum() *AccessReason

func (AccessReason) EnumDescriptor

func (AccessReason) EnumDescriptor() ([]byte, []int)

Deprecated: Use AccessReason.Descriptor instead.

func (AccessReason) Number

func (AccessReason) String

func (x AccessReason) String() string

func (AccessReason) Type

AsymmetricDecryptRequest

type AsymmetricDecryptRequest struct {

	// Required. The resource name of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
	// decryption.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. The data encrypted with the named
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s public key using
	// OAEP.
	Ciphertext []byte `protobuf:"bytes,3,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
	// Optional. An optional CRC32C checksum of the
	// [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext].
	// If specified,
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// verify the integrity of the received
	// [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]
	// using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// report an error if the checksum verification fails. If you receive a
	// checksum error, your client should verify that
	// CRC32C([AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext])
	// is equal to
	// [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c],
	// and if so, perform a limited number of retries. A persistent mismatch may
	// indicate an issue in your computation of the CRC32C checksum. Note: This
	// field is defined as int64 for reasons of compatibility across different
	// languages. However, it is a non-negative integer, which will never exceed
	// 2^32-1, and can be safely downconverted to uint32 in languages that support
	// this type.
	CiphertextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,4,opt,name=ciphertext_crc32c,json=ciphertextCrc32c,proto3" json:"ciphertext_crc32c,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt].

func (*AsymmetricDecryptRequest) Descriptor

func (*AsymmetricDecryptRequest) Descriptor() ([]byte, []int)

Deprecated: Use AsymmetricDecryptRequest.ProtoReflect.Descriptor instead.

func (*AsymmetricDecryptRequest) GetCiphertext

func (x *AsymmetricDecryptRequest) GetCiphertext() []byte

func (*AsymmetricDecryptRequest) GetCiphertextCrc32C

func (x *AsymmetricDecryptRequest) GetCiphertextCrc32C() *wrapperspb.Int64Value

func (*AsymmetricDecryptRequest) GetName

func (x *AsymmetricDecryptRequest) GetName() string

func (*AsymmetricDecryptRequest) ProtoMessage

func (*AsymmetricDecryptRequest) ProtoMessage()

func (*AsymmetricDecryptRequest) ProtoReflect

func (x *AsymmetricDecryptRequest) ProtoReflect() protoreflect.Message

func (*AsymmetricDecryptRequest) Reset

func (x *AsymmetricDecryptRequest) Reset()

func (*AsymmetricDecryptRequest) String

func (x *AsymmetricDecryptRequest) String() string

AsymmetricDecryptResponse

type AsymmetricDecryptResponse struct {
	Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"`

	PlaintextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,2,opt,name=plaintext_crc32c,json=plaintextCrc32c,proto3" json:"plaintext_crc32c,omitempty"`

	VerifiedCiphertextCrc32C bool "" /* 136 byte string literal not displayed */

	ProtectionLevel ProtectionLevel "" /* 148 byte string literal not displayed */

}

Response message for [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt].

func (*AsymmetricDecryptResponse) Descriptor

func (*AsymmetricDecryptResponse) Descriptor() ([]byte, []int)

Deprecated: Use AsymmetricDecryptResponse.ProtoReflect.Descriptor instead.

func (*AsymmetricDecryptResponse) GetPlaintext

func (x *AsymmetricDecryptResponse) GetPlaintext() []byte

func (*AsymmetricDecryptResponse) GetPlaintextCrc32C

func (x *AsymmetricDecryptResponse) GetPlaintextCrc32C() *wrapperspb.Int64Value

func (*AsymmetricDecryptResponse) GetProtectionLevel

func (x *AsymmetricDecryptResponse) GetProtectionLevel() ProtectionLevel

func (*AsymmetricDecryptResponse) GetVerifiedCiphertextCrc32C

func (x *AsymmetricDecryptResponse) GetVerifiedCiphertextCrc32C() bool

func (*AsymmetricDecryptResponse) ProtoMessage

func (*AsymmetricDecryptResponse) ProtoMessage()

func (*AsymmetricDecryptResponse) ProtoReflect

func (*AsymmetricDecryptResponse) Reset

func (x *AsymmetricDecryptResponse) Reset()

func (*AsymmetricDecryptResponse) String

func (x *AsymmetricDecryptResponse) String() string

AsymmetricSignRequest

type AsymmetricSignRequest struct {

	// Required. The resource name of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
	// signing.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. The digest of the data to sign. The digest must be produced with
	// the same digest algorithm as specified by the key version's
	// [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm].
	//
	// This field may not be supplied if
	// [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data]
	// is supplied.
	Digest *Digest `protobuf:"bytes,3,opt,name=digest,proto3" json:"digest,omitempty"`
	// Optional. An optional CRC32C checksum of the
	// [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest].
	// If specified,
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// verify the integrity of the received
	// [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]
	// using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// report an error if the checksum verification fails. If you receive a
	// checksum error, your client should verify that
	// CRC32C([AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest])
	// is equal to
	// [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c],
	// and if so, perform a limited number of retries. A persistent mismatch may
	// indicate an issue in your computation of the CRC32C checksum. Note: This
	// field is defined as int64 for reasons of compatibility across different
	// languages. However, it is a non-negative integer, which will never exceed
	// 2^32-1, and can be safely downconverted to uint32 in languages that support
	// this type.
	DigestCrc32C *wrapperspb.Int64Value `protobuf:"bytes,4,opt,name=digest_crc32c,json=digestCrc32c,proto3" json:"digest_crc32c,omitempty"`
	// Optional. The data to sign.
	// It can't be supplied if
	// [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]
	// is supplied.
	Data []byte `protobuf:"bytes,6,opt,name=data,proto3" json:"data,omitempty"`
	// Optional. An optional CRC32C checksum of the
	// [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data].
	// If specified,
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// verify the integrity of the received
	// [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data]
	// using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// report an error if the checksum verification fails. If you receive a
	// checksum error, your client should verify that
	// CRC32C([AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data])
	// is equal to
	// [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c],
	// and if so, perform a limited number of retries. A persistent mismatch may
	// indicate an issue in your computation of the CRC32C checksum. Note: This
	// field is defined as int64 for reasons of compatibility across different
	// languages. However, it is a non-negative integer, which will never exceed
	// 2^32-1, and can be safely downconverted to uint32 in languages that support
	// this type.
	DataCrc32C *wrapperspb.Int64Value `protobuf:"bytes,7,opt,name=data_crc32c,json=dataCrc32c,proto3" json:"data_crc32c,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign].

func (*AsymmetricSignRequest) Descriptor

func (*AsymmetricSignRequest) Descriptor() ([]byte, []int)

Deprecated: Use AsymmetricSignRequest.ProtoReflect.Descriptor instead.

func (*AsymmetricSignRequest) GetData

func (x *AsymmetricSignRequest) GetData() []byte

func (*AsymmetricSignRequest) GetDataCrc32C

func (x *AsymmetricSignRequest) GetDataCrc32C() *wrapperspb.Int64Value

func (*AsymmetricSignRequest) GetDigest

func (x *AsymmetricSignRequest) GetDigest() *Digest

func (*AsymmetricSignRequest) GetDigestCrc32C

func (x *AsymmetricSignRequest) GetDigestCrc32C() *wrapperspb.Int64Value

func (*AsymmetricSignRequest) GetName

func (x *AsymmetricSignRequest) GetName() string

func (*AsymmetricSignRequest) ProtoMessage

func (*AsymmetricSignRequest) ProtoMessage()

func (*AsymmetricSignRequest) ProtoReflect

func (x *AsymmetricSignRequest) ProtoReflect() protoreflect.Message

func (*AsymmetricSignRequest) Reset

func (x *AsymmetricSignRequest) Reset()

func (*AsymmetricSignRequest) String

func (x *AsymmetricSignRequest) String() string

AsymmetricSignResponse

type AsymmetricSignResponse struct {
	Signature []byte `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"`

	SignatureCrc32C *wrapperspb.Int64Value `protobuf:"bytes,2,opt,name=signature_crc32c,json=signatureCrc32c,proto3" json:"signature_crc32c,omitempty"`

	VerifiedDigestCrc32C bool `protobuf:"varint,3,opt,name=verified_digest_crc32c,json=verifiedDigestCrc32c,proto3" json:"verified_digest_crc32c,omitempty"`

	Name string `protobuf:"bytes,4,opt,name=name,proto3" json:"name,omitempty"`

	VerifiedDataCrc32C bool `protobuf:"varint,5,opt,name=verified_data_crc32c,json=verifiedDataCrc32c,proto3" json:"verified_data_crc32c,omitempty"`

	ProtectionLevel ProtectionLevel "" /* 148 byte string literal not displayed */

}

Response message for [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign].

func (*AsymmetricSignResponse) Descriptor

func (*AsymmetricSignResponse) Descriptor() ([]byte, []int)

Deprecated: Use AsymmetricSignResponse.ProtoReflect.Descriptor instead.

func (*AsymmetricSignResponse) GetName

func (x *AsymmetricSignResponse) GetName() string

func (*AsymmetricSignResponse) GetProtectionLevel

func (x *AsymmetricSignResponse) GetProtectionLevel() ProtectionLevel

func (*AsymmetricSignResponse) GetSignature

func (x *AsymmetricSignResponse) GetSignature() []byte

func (*AsymmetricSignResponse) GetSignatureCrc32C

func (x *AsymmetricSignResponse) GetSignatureCrc32C() *wrapperspb.Int64Value

func (*AsymmetricSignResponse) GetVerifiedDataCrc32C

func (x *AsymmetricSignResponse) GetVerifiedDataCrc32C() bool

func (*AsymmetricSignResponse) GetVerifiedDigestCrc32C

func (x *AsymmetricSignResponse) GetVerifiedDigestCrc32C() bool

func (*AsymmetricSignResponse) ProtoMessage

func (*AsymmetricSignResponse) ProtoMessage()

func (*AsymmetricSignResponse) ProtoReflect

func (x *AsymmetricSignResponse) ProtoReflect() protoreflect.Message

func (*AsymmetricSignResponse) Reset

func (x *AsymmetricSignResponse) Reset()

func (*AsymmetricSignResponse) String

func (x *AsymmetricSignResponse) String() string

AutokeyAdminClient

type AutokeyAdminClient interface {
	// Updates the [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig] for a
	// folder. The caller must have both `cloudkms.autokeyConfigs.update`
	// permission on the parent folder and `cloudkms.cryptoKeys.setIamPolicy`
	// permission on the provided key project. A
	// [KeyHandle][google.cloud.kms.v1.KeyHandle] creation in the folder's
	// descendant projects will use this configuration to determine where to
	// create the resulting [CryptoKey][google.cloud.kms.v1.CryptoKey].
	UpdateAutokeyConfig(ctx context.Context, in *UpdateAutokeyConfigRequest, opts ...grpc.CallOption) (*AutokeyConfig, error)
	// Returns the [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig] for a
	// folder.
	GetAutokeyConfig(ctx context.Context, in *GetAutokeyConfigRequest, opts ...grpc.CallOption) (*AutokeyConfig, error)
	// Returns the effective Cloud KMS Autokey configuration for a given project.
	ShowEffectiveAutokeyConfig(ctx context.Context, in *ShowEffectiveAutokeyConfigRequest, opts ...grpc.CallOption) (*ShowEffectiveAutokeyConfigResponse, error)
}

AutokeyAdminClient is the client API for AutokeyAdmin service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewAutokeyAdminClient

func NewAutokeyAdminClient(cc grpc.ClientConnInterface) AutokeyAdminClient

AutokeyAdminServer

type AutokeyAdminServer interface {
	// Updates the [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig] for a
	// folder. The caller must have both `cloudkms.autokeyConfigs.update`
	// permission on the parent folder and `cloudkms.cryptoKeys.setIamPolicy`
	// permission on the provided key project. A
	// [KeyHandle][google.cloud.kms.v1.KeyHandle] creation in the folder's
	// descendant projects will use this configuration to determine where to
	// create the resulting [CryptoKey][google.cloud.kms.v1.CryptoKey].
	UpdateAutokeyConfig(context.Context, *UpdateAutokeyConfigRequest) (*AutokeyConfig, error)
	// Returns the [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig] for a
	// folder.
	GetAutokeyConfig(context.Context, *GetAutokeyConfigRequest) (*AutokeyConfig, error)
	// Returns the effective Cloud KMS Autokey configuration for a given project.
	ShowEffectiveAutokeyConfig(context.Context, *ShowEffectiveAutokeyConfigRequest) (*ShowEffectiveAutokeyConfigResponse, error)
}

AutokeyAdminServer is the server API for AutokeyAdmin service.

AutokeyClient

type AutokeyClient interface {
	// Creates a new [KeyHandle][google.cloud.kms.v1.KeyHandle], triggering the
	// provisioning of a new [CryptoKey][google.cloud.kms.v1.CryptoKey] for CMEK
	// use with the given resource type in the configured key project and the same
	// location. [GetOperation][Operations.GetOperation] should be used to resolve
	// the resulting long-running operation and get the resulting
	// [KeyHandle][google.cloud.kms.v1.KeyHandle] and
	// [CryptoKey][google.cloud.kms.v1.CryptoKey].
	CreateKeyHandle(ctx context.Context, in *CreateKeyHandleRequest, opts ...grpc.CallOption) (*longrunningpb.Operation, error)
	// Returns the [KeyHandle][google.cloud.kms.v1.KeyHandle].
	GetKeyHandle(ctx context.Context, in *GetKeyHandleRequest, opts ...grpc.CallOption) (*KeyHandle, error)
	// Lists [KeyHandles][google.cloud.kms.v1.KeyHandle].
	ListKeyHandles(ctx context.Context, in *ListKeyHandlesRequest, opts ...grpc.CallOption) (*ListKeyHandlesResponse, error)
}

AutokeyClient is the client API for Autokey service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewAutokeyClient

func NewAutokeyClient(cc grpc.ClientConnInterface) AutokeyClient

AutokeyConfig

type AutokeyConfig struct {

	// Identifier. Name of the [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig]
	// resource, e.g. `folders/{FOLDER_NUMBER}/autokeyConfig`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. Name of the key project, e.g. `projects/{PROJECT_ID}` or
	// `projects/{PROJECT_NUMBER}`, where Cloud KMS Autokey will provision a new
	// [CryptoKey][google.cloud.kms.v1.CryptoKey] when a
	// [KeyHandle][google.cloud.kms.v1.KeyHandle] is created. On
	// [UpdateAutokeyConfig][google.cloud.kms.v1.AutokeyAdmin.UpdateAutokeyConfig],
	// the caller will require `cloudkms.cryptoKeys.setIamPolicy` permission on
	// this key project. Once configured, for Cloud KMS Autokey to function
	// properly, this key project must have the Cloud KMS API activated and the
	// Cloud KMS Service Agent for this key project must be granted the
	// `cloudkms.admin` role (or pertinent permissions). A request with an empty
	// key project field will clear the configuration.
	KeyProject string `protobuf:"bytes,2,opt,name=key_project,json=keyProject,proto3" json:"key_project,omitempty"`
	// contains filtered or unexported fields
}

Cloud KMS Autokey configuration for a folder.

func (*AutokeyConfig) Descriptor

func (*AutokeyConfig) Descriptor() ([]byte, []int)

Deprecated: Use AutokeyConfig.ProtoReflect.Descriptor instead.

func (*AutokeyConfig) GetKeyProject

func (x *AutokeyConfig) GetKeyProject() string

func (*AutokeyConfig) GetName

func (x *AutokeyConfig) GetName() string

func (*AutokeyConfig) ProtoMessage

func (*AutokeyConfig) ProtoMessage()

func (*AutokeyConfig) ProtoReflect

func (x *AutokeyConfig) ProtoReflect() protoreflect.Message

func (*AutokeyConfig) Reset

func (x *AutokeyConfig) Reset()

func (*AutokeyConfig) String

func (x *AutokeyConfig) String() string

AutokeyServer

type AutokeyServer interface {
	// Creates a new [KeyHandle][google.cloud.kms.v1.KeyHandle], triggering the
	// provisioning of a new [CryptoKey][google.cloud.kms.v1.CryptoKey] for CMEK
	// use with the given resource type in the configured key project and the same
	// location. [GetOperation][Operations.GetOperation] should be used to resolve
	// the resulting long-running operation and get the resulting
	// [KeyHandle][google.cloud.kms.v1.KeyHandle] and
	// [CryptoKey][google.cloud.kms.v1.CryptoKey].
	CreateKeyHandle(context.Context, *CreateKeyHandleRequest) (*longrunningpb.Operation, error)
	// Returns the [KeyHandle][google.cloud.kms.v1.KeyHandle].
	GetKeyHandle(context.Context, *GetKeyHandleRequest) (*KeyHandle, error)
	// Lists [KeyHandles][google.cloud.kms.v1.KeyHandle].
	ListKeyHandles(context.Context, *ListKeyHandlesRequest) (*ListKeyHandlesResponse, error)
}

AutokeyServer is the server API for Autokey service.

Certificate

type Certificate struct {
	RawDer []byte `protobuf:"bytes,1,opt,name=raw_der,json=rawDer,proto3" json:"raw_der,omitempty"`

	Parsed bool `protobuf:"varint,2,opt,name=parsed,proto3" json:"parsed,omitempty"`

	Issuer string `protobuf:"bytes,3,opt,name=issuer,proto3" json:"issuer,omitempty"`

	Subject string `protobuf:"bytes,4,opt,name=subject,proto3" json:"subject,omitempty"`

	SubjectAlternativeDnsNames []string "" /* 143 byte string literal not displayed */

	NotBeforeTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=not_before_time,json=notBeforeTime,proto3" json:"not_before_time,omitempty"`

	NotAfterTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=not_after_time,json=notAfterTime,proto3" json:"not_after_time,omitempty"`

	SerialNumber string `protobuf:"bytes,8,opt,name=serial_number,json=serialNumber,proto3" json:"serial_number,omitempty"`

	Sha256Fingerprint string `protobuf:"bytes,9,opt,name=sha256_fingerprint,json=sha256Fingerprint,proto3" json:"sha256_fingerprint,omitempty"`

}

A [Certificate][google.cloud.kms.v1.Certificate] represents an X.509 certificate used to authenticate HTTPS connections to EKM replicas.

func (*Certificate) Descriptor

func (*Certificate) Descriptor() ([]byte, []int)

Deprecated: Use Certificate.ProtoReflect.Descriptor instead.

func (*Certificate) GetIssuer

func (x *Certificate) GetIssuer() string

func (*Certificate) GetNotAfterTime

func (x *Certificate) GetNotAfterTime() *timestamppb.Timestamp

func (*Certificate) GetNotBeforeTime

func (x *Certificate) GetNotBeforeTime() *timestamppb.Timestamp

func (*Certificate) GetParsed

func (x *Certificate) GetParsed() bool

func (*Certificate) GetRawDer

func (x *Certificate) GetRawDer() []byte

func (*Certificate) GetSerialNumber

func (x *Certificate) GetSerialNumber() string

func (*Certificate) GetSha256Fingerprint

func (x *Certificate) GetSha256Fingerprint() string

func (*Certificate) GetSubject

func (x *Certificate) GetSubject() string

func (*Certificate) GetSubjectAlternativeDnsNames

func (x *Certificate) GetSubjectAlternativeDnsNames() []string

func (*Certificate) ProtoMessage

func (*Certificate) ProtoMessage()

func (*Certificate) ProtoReflect

func (x *Certificate) ProtoReflect() protoreflect.Message

func (*Certificate) Reset

func (x *Certificate) Reset()

func (*Certificate) String

func (x *Certificate) String() string

CreateCryptoKeyRequest

type CreateCryptoKeyRequest struct {
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`

	CryptoKeyId string `protobuf:"bytes,2,opt,name=crypto_key_id,json=cryptoKeyId,proto3" json:"crypto_key_id,omitempty"`

	CryptoKey *CryptoKey `protobuf:"bytes,3,opt,name=crypto_key,json=cryptoKey,proto3" json:"crypto_key,omitempty"`

	SkipInitialVersionCreation bool "" /* 144 byte string literal not displayed */

}

Request message for [KeyManagementService.CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey].

func (*CreateCryptoKeyRequest) Descriptor

func (*CreateCryptoKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateCryptoKeyRequest.ProtoReflect.Descriptor instead.

func (*CreateCryptoKeyRequest) GetCryptoKey

func (x *CreateCryptoKeyRequest) GetCryptoKey() *CryptoKey

func (*CreateCryptoKeyRequest) GetCryptoKeyId

func (x *CreateCryptoKeyRequest) GetCryptoKeyId() string

func (*CreateCryptoKeyRequest) GetParent

func (x *CreateCryptoKeyRequest) GetParent() string

func (*CreateCryptoKeyRequest) GetSkipInitialVersionCreation

func (x *CreateCryptoKeyRequest) GetSkipInitialVersionCreation() bool

func (*CreateCryptoKeyRequest) ProtoMessage

func (*CreateCryptoKeyRequest) ProtoMessage()

func (*CreateCryptoKeyRequest) ProtoReflect

func (x *CreateCryptoKeyRequest) ProtoReflect() protoreflect.Message

func (*CreateCryptoKeyRequest) Reset

func (x *CreateCryptoKeyRequest) Reset()

func (*CreateCryptoKeyRequest) String

func (x *CreateCryptoKeyRequest) String() string

CreateCryptoKeyVersionRequest

type CreateCryptoKeyVersionRequest struct {

	// Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the
	// [CryptoKey][google.cloud.kms.v1.CryptoKey] associated with the
	// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
	// initial field values.
	CryptoKeyVersion *CryptoKeyVersion `protobuf:"bytes,2,opt,name=crypto_key_version,json=cryptoKeyVersion,proto3" json:"crypto_key_version,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion].

func (*CreateCryptoKeyVersionRequest) Descriptor

func (*CreateCryptoKeyVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.

func (*CreateCryptoKeyVersionRequest) GetCryptoKeyVersion

func (x *CreateCryptoKeyVersionRequest) GetCryptoKeyVersion() *CryptoKeyVersion

func (*CreateCryptoKeyVersionRequest) GetParent

func (x *CreateCryptoKeyVersionRequest) GetParent() string

func (*CreateCryptoKeyVersionRequest) ProtoMessage

func (*CreateCryptoKeyVersionRequest) ProtoMessage()

func (*CreateCryptoKeyVersionRequest) ProtoReflect

func (*CreateCryptoKeyVersionRequest) Reset

func (x *CreateCryptoKeyVersionRequest) Reset()

func (*CreateCryptoKeyVersionRequest) String

CreateEkmConnectionRequest

type CreateEkmConnectionRequest struct {

	// Required. The resource name of the location associated with the
	// [EkmConnection][google.cloud.kms.v1.EkmConnection], in the format
	// `projects/*/locations/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. It must be unique within a location and match the regular
	// expression `[a-zA-Z0-9_-]{1,63}`.
	EkmConnectionId string `protobuf:"bytes,2,opt,name=ekm_connection_id,json=ekmConnectionId,proto3" json:"ekm_connection_id,omitempty"`
	// Required. An [EkmConnection][google.cloud.kms.v1.EkmConnection] with
	// initial field values.
	EkmConnection *EkmConnection `protobuf:"bytes,3,opt,name=ekm_connection,json=ekmConnection,proto3" json:"ekm_connection,omitempty"`
	// contains filtered or unexported fields
}

Request message for [EkmService.CreateEkmConnection][google.cloud.kms.v1.EkmService.CreateEkmConnection].

func (*CreateEkmConnectionRequest) Descriptor

func (*CreateEkmConnectionRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateEkmConnectionRequest.ProtoReflect.Descriptor instead.

func (*CreateEkmConnectionRequest) GetEkmConnection

func (x *CreateEkmConnectionRequest) GetEkmConnection() *EkmConnection

func (*CreateEkmConnectionRequest) GetEkmConnectionId

func (x *CreateEkmConnectionRequest) GetEkmConnectionId() string

func (*CreateEkmConnectionRequest) GetParent

func (x *CreateEkmConnectionRequest) GetParent() string

func (*CreateEkmConnectionRequest) ProtoMessage

func (*CreateEkmConnectionRequest) ProtoMessage()

func (*CreateEkmConnectionRequest) ProtoReflect

func (*CreateEkmConnectionRequest) Reset

func (x *CreateEkmConnectionRequest) Reset()

func (*CreateEkmConnectionRequest) String

func (x *CreateEkmConnectionRequest) String() string

CreateImportJobRequest

type CreateImportJobRequest struct {

	// Required. The [name][google.cloud.kms.v1.KeyRing.name] of the
	// [KeyRing][google.cloud.kms.v1.KeyRing] associated with the
	// [ImportJobs][google.cloud.kms.v1.ImportJob].
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. It must be unique within a KeyRing and match the regular
	// expression `[a-zA-Z0-9_-]{1,63}`
	ImportJobId string `protobuf:"bytes,2,opt,name=import_job_id,json=importJobId,proto3" json:"import_job_id,omitempty"`
	// Required. An [ImportJob][google.cloud.kms.v1.ImportJob] with initial field
	// values.
	ImportJob *ImportJob `protobuf:"bytes,3,opt,name=import_job,json=importJob,proto3" json:"import_job,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.CreateImportJob][google.cloud.kms.v1.KeyManagementService.CreateImportJob].

func (*CreateImportJobRequest) Descriptor

func (*CreateImportJobRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateImportJobRequest.ProtoReflect.Descriptor instead.

func (*CreateImportJobRequest) GetImportJob

func (x *CreateImportJobRequest) GetImportJob() *ImportJob

func (*CreateImportJobRequest) GetImportJobId

func (x *CreateImportJobRequest) GetImportJobId() string

func (*CreateImportJobRequest) GetParent

func (x *CreateImportJobRequest) GetParent() string

func (*CreateImportJobRequest) ProtoMessage

func (*CreateImportJobRequest) ProtoMessage()

func (*CreateImportJobRequest) ProtoReflect

func (x *CreateImportJobRequest) ProtoReflect() protoreflect.Message

func (*CreateImportJobRequest) Reset

func (x *CreateImportJobRequest) Reset()

func (*CreateImportJobRequest) String

func (x *CreateImportJobRequest) String() string

CreateKeyHandleMetadata

type CreateKeyHandleMetadata struct {
	// contains filtered or unexported fields
}

Metadata message for [CreateKeyHandle][google.cloud.kms.v1.Autokey.CreateKeyHandle] long-running operation response.

func (*CreateKeyHandleMetadata) Descriptor

func (*CreateKeyHandleMetadata) Descriptor() ([]byte, []int)

Deprecated: Use CreateKeyHandleMetadata.ProtoReflect.Descriptor instead.

func (*CreateKeyHandleMetadata) ProtoMessage

func (*CreateKeyHandleMetadata) ProtoMessage()

func (*CreateKeyHandleMetadata) ProtoReflect

func (x *CreateKeyHandleMetadata) ProtoReflect() protoreflect.Message

func (*CreateKeyHandleMetadata) Reset

func (x *CreateKeyHandleMetadata) Reset()

func (*CreateKeyHandleMetadata) String

func (x *CreateKeyHandleMetadata) String() string

CreateKeyHandleRequest

type CreateKeyHandleRequest struct {

	// Required. Name of the resource project and location to create the
	// [KeyHandle][google.cloud.kms.v1.KeyHandle] in, e.g.
	// `projects/{PROJECT_ID}/locations/{LOCATION}`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. Id of the [KeyHandle][google.cloud.kms.v1.KeyHandle]. Must be
	// unique to the resource project and location. If not provided by the caller,
	// a new UUID is used.
	KeyHandleId string `protobuf:"bytes,2,opt,name=key_handle_id,json=keyHandleId,proto3" json:"key_handle_id,omitempty"`
	// Required. [KeyHandle][google.cloud.kms.v1.KeyHandle] to create.
	KeyHandle *KeyHandle `protobuf:"bytes,3,opt,name=key_handle,json=keyHandle,proto3" json:"key_handle,omitempty"`
	// contains filtered or unexported fields
}

Request message for [Autokey.CreateKeyHandle][google.cloud.kms.v1.Autokey.CreateKeyHandle].

func (*CreateKeyHandleRequest) Descriptor

func (*CreateKeyHandleRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateKeyHandleRequest.ProtoReflect.Descriptor instead.

func (*CreateKeyHandleRequest) GetKeyHandle

func (x *CreateKeyHandleRequest) GetKeyHandle() *KeyHandle

func (*CreateKeyHandleRequest) GetKeyHandleId

func (x *CreateKeyHandleRequest) GetKeyHandleId() string

func (*CreateKeyHandleRequest) GetParent

func (x *CreateKeyHandleRequest) GetParent() string

func (*CreateKeyHandleRequest) ProtoMessage

func (*CreateKeyHandleRequest) ProtoMessage()

func (*CreateKeyHandleRequest) ProtoReflect

func (x *CreateKeyHandleRequest) ProtoReflect() protoreflect.Message

func (*CreateKeyHandleRequest) Reset

func (x *CreateKeyHandleRequest) Reset()

func (*CreateKeyHandleRequest) String

func (x *CreateKeyHandleRequest) String() string

CreateKeyRingRequest

type CreateKeyRingRequest struct {

	// Required. The resource name of the location associated with the
	// [KeyRings][google.cloud.kms.v1.KeyRing], in the format
	// `projects/*/locations/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. It must be unique within a location and match the regular
	// expression `[a-zA-Z0-9_-]{1,63}`
	KeyRingId string `protobuf:"bytes,2,opt,name=key_ring_id,json=keyRingId,proto3" json:"key_ring_id,omitempty"`
	// Required. A [KeyRing][google.cloud.kms.v1.KeyRing] with initial field
	// values.
	KeyRing *KeyRing `protobuf:"bytes,3,opt,name=key_ring,json=keyRing,proto3" json:"key_ring,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.CreateKeyRing][google.cloud.kms.v1.KeyManagementService.CreateKeyRing].

func (*CreateKeyRingRequest) Descriptor

func (*CreateKeyRingRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateKeyRingRequest.ProtoReflect.Descriptor instead.

func (*CreateKeyRingRequest) GetKeyRing

func (x *CreateKeyRingRequest) GetKeyRing() *KeyRing

func (*CreateKeyRingRequest) GetKeyRingId

func (x *CreateKeyRingRequest) GetKeyRingId() string

func (*CreateKeyRingRequest) GetParent

func (x *CreateKeyRingRequest) GetParent() string

func (*CreateKeyRingRequest) ProtoMessage

func (*CreateKeyRingRequest) ProtoMessage()

func (*CreateKeyRingRequest) ProtoReflect

func (x *CreateKeyRingRequest) ProtoReflect() protoreflect.Message

func (*CreateKeyRingRequest) Reset

func (x *CreateKeyRingRequest) Reset()

func (*CreateKeyRingRequest) String

func (x *CreateKeyRingRequest) String() string

CryptoKey

type CryptoKey struct {
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`

	Primary *CryptoKeyVersion `protobuf:"bytes,2,opt,name=primary,proto3" json:"primary,omitempty"`

	Purpose CryptoKey_CryptoKeyPurpose `protobuf:"varint,3,opt,name=purpose,proto3,enum=google.cloud.kms.v1.CryptoKey_CryptoKeyPurpose" json:"purpose,omitempty"`

	CreateTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`

	NextRotationTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=next_rotation_time,json=nextRotationTime,proto3" json:"next_rotation_time,omitempty"`

	RotationSchedule isCryptoKey_RotationSchedule `protobuf_oneof:"rotation_schedule"`

	VersionTemplate *CryptoKeyVersionTemplate `protobuf:"bytes,11,opt,name=version_template,json=versionTemplate,proto3" json:"version_template,omitempty"`

	Labels map[string]string "" /* 154 byte string literal not displayed */

	ImportOnly bool `protobuf:"varint,13,opt,name=import_only,json=importOnly,proto3" json:"import_only,omitempty"`

	DestroyScheduledDuration *durationpb.Duration "" /* 136 byte string literal not displayed */

	CryptoKeyBackend string `protobuf:"bytes,15,opt,name=crypto_key_backend,json=cryptoKeyBackend,proto3" json:"crypto_key_backend,omitempty"`

	KeyAccessJustificationsPolicy *KeyAccessJustificationsPolicy "" /* 153 byte string literal not displayed */

}

A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents a logical key that can be used for cryptographic operations.

A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up of zero or more [versions][google.cloud.kms.v1.CryptoKeyVersion], which represent the actual key material used in cryptographic operations.

func (*CryptoKey) Descriptor

func (*CryptoKey) Descriptor() ([]byte, []int)

Deprecated: Use CryptoKey.ProtoReflect.Descriptor instead.

func (*CryptoKey) GetCreateTime

func (x *CryptoKey) GetCreateTime() *timestamppb.Timestamp

func (*CryptoKey) GetCryptoKeyBackend

func (x *CryptoKey) GetCryptoKeyBackend() string

func (*CryptoKey) GetDestroyScheduledDuration

func (x *CryptoKey) GetDestroyScheduledDuration() *durationpb.Duration

func (*CryptoKey) GetImportOnly

func (x *CryptoKey) GetImportOnly() bool

func (*CryptoKey) GetKeyAccessJustificationsPolicy

func (x *CryptoKey) GetKeyAccessJustificationsPolicy() *KeyAccessJustificationsPolicy

func (*CryptoKey) GetLabels

func (x *CryptoKey) GetLabels() map[string]string

func (*CryptoKey) GetName

func (x *CryptoKey) GetName() string

func (*CryptoKey) GetNextRotationTime

func (x *CryptoKey) GetNextRotationTime() *timestamppb.Timestamp

func (*CryptoKey) GetPrimary

func (x *CryptoKey) GetPrimary() *CryptoKeyVersion

func (*CryptoKey) GetPurpose

func (x *CryptoKey) GetPurpose() CryptoKey_CryptoKeyPurpose

func (*CryptoKey) GetRotationPeriod

func (x *CryptoKey) GetRotationPeriod() *durationpb.Duration

func (*CryptoKey) GetRotationSchedule

func (m *CryptoKey) GetRotationSchedule() isCryptoKey_RotationSchedule

func (*CryptoKey) GetVersionTemplate

func (x *CryptoKey) GetVersionTemplate() *CryptoKeyVersionTemplate

func (*CryptoKey) ProtoMessage

func (*CryptoKey) ProtoMessage()

func (*CryptoKey) ProtoReflect

func (x *CryptoKey) ProtoReflect() protoreflect.Message

func (*CryptoKey) Reset

func (x *CryptoKey) Reset()

func (*CryptoKey) String

func (x *CryptoKey) String() string

CryptoKeyVersion

type CryptoKeyVersion struct {
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`

	State CryptoKeyVersion_CryptoKeyVersionState "" /* 128 byte string literal not displayed */

	ProtectionLevel ProtectionLevel "" /* 148 byte string literal not displayed */

	Algorithm CryptoKeyVersion_CryptoKeyVersionAlgorithm "" /* 141 byte string literal not displayed */

	Attestation *KeyOperationAttestation `protobuf:"bytes,8,opt,name=attestation,proto3" json:"attestation,omitempty"`

	CreateTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`

	GenerateTime *timestamppb.Timestamp `protobuf:"bytes,11,opt,name=generate_time,json=generateTime,proto3" json:"generate_time,omitempty"`

	DestroyTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=destroy_time,json=destroyTime,proto3" json:"destroy_time,omitempty"`

	DestroyEventTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=destroy_event_time,json=destroyEventTime,proto3" json:"destroy_event_time,omitempty"`

	ImportJob string `protobuf:"bytes,14,opt,name=import_job,json=importJob,proto3" json:"import_job,omitempty"`

	ImportTime *timestamppb.Timestamp `protobuf:"bytes,15,opt,name=import_time,json=importTime,proto3" json:"import_time,omitempty"`

	ImportFailureReason string `protobuf:"bytes,16,opt,name=import_failure_reason,json=importFailureReason,proto3" json:"import_failure_reason,omitempty"`

	GenerationFailureReason string "" /* 133 byte string literal not displayed */

	ExternalDestructionFailureReason string "" /* 162 byte string literal not displayed */

	ExternalProtectionLevelOptions *ExternalProtectionLevelOptions "" /* 156 byte string literal not displayed */

	ReimportEligible bool `protobuf:"varint,18,opt,name=reimport_eligible,json=reimportEligible,proto3" json:"reimport_eligible,omitempty"`

}

A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] represents an individual cryptographic key, and the associated key material.

An [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] version can be used for cryptographic operations.

For security reasons, the raw cryptographic key material represented by a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS.

func (*CryptoKeyVersion) Descriptor

func (*CryptoKeyVersion) Descriptor() ([]byte, []int)

Deprecated: Use CryptoKeyVersion.ProtoReflect.Descriptor instead.

func (*CryptoKeyVersion) GetAlgorithm

func (*CryptoKeyVersion) GetAttestation

func (x *CryptoKeyVersion) GetAttestation() *KeyOperationAttestation

func (*CryptoKeyVersion) GetCreateTime

func (x *CryptoKeyVersion) GetCreateTime() *timestamppb.Timestamp

func (*CryptoKeyVersion) GetDestroyEventTime

func (x *CryptoKeyVersion) GetDestroyEventTime() *timestamppb.Timestamp

func (*CryptoKeyVersion) GetDestroyTime

func (x *CryptoKeyVersion) GetDestroyTime() *timestamppb.Timestamp

func (*CryptoKeyVersion) GetExternalDestructionFailureReason

func (x *CryptoKeyVersion) GetExternalDestructionFailureReason() string

func (*CryptoKeyVersion) GetExternalProtectionLevelOptions

func (x *CryptoKeyVersion) GetExternalProtectionLevelOptions() *ExternalProtectionLevelOptions

func (*CryptoKeyVersion) GetGenerateTime

func (x *CryptoKeyVersion) GetGenerateTime() *timestamppb.Timestamp

func (*CryptoKeyVersion) GetGenerationFailureReason

func (x *CryptoKeyVersion) GetGenerationFailureReason() string

func (*CryptoKeyVersion) GetImportFailureReason

func (x *CryptoKeyVersion) GetImportFailureReason() string

func (*CryptoKeyVersion) GetImportJob

func (x *CryptoKeyVersion) GetImportJob() string

func (*CryptoKeyVersion) GetImportTime

func (x *CryptoKeyVersion) GetImportTime() *timestamppb.Timestamp

func (*CryptoKeyVersion) GetName

func (x *CryptoKeyVersion) GetName() string

func (*CryptoKeyVersion) GetProtectionLevel

func (x *CryptoKeyVersion) GetProtectionLevel() ProtectionLevel

func (*CryptoKeyVersion) GetReimportEligible

func (x *CryptoKeyVersion) GetReimportEligible() bool

func (*CryptoKeyVersion) GetState

func (*CryptoKeyVersion) ProtoMessage

func (*CryptoKeyVersion) ProtoMessage()

func (*CryptoKeyVersion) ProtoReflect

func (x *CryptoKeyVersion) ProtoReflect() protoreflect.Message

func (*CryptoKeyVersion) Reset

func (x *CryptoKeyVersion) Reset()

func (*CryptoKeyVersion) String

func (x *CryptoKeyVersion) String() string

CryptoKeyVersionTemplate

type CryptoKeyVersionTemplate struct {
	ProtectionLevel ProtectionLevel "" /* 148 byte string literal not displayed */

	Algorithm CryptoKeyVersion_CryptoKeyVersionAlgorithm "" /* 140 byte string literal not displayed */

}

A [CryptoKeyVersionTemplate][google.cloud.kms.v1.CryptoKeyVersionTemplate] specifies the properties to use when creating a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], either manually with [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or automatically as a result of auto-rotation.

func (*CryptoKeyVersionTemplate) Descriptor

func (*CryptoKeyVersionTemplate) Descriptor() ([]byte, []int)

Deprecated: Use CryptoKeyVersionTemplate.ProtoReflect.Descriptor instead.

func (*CryptoKeyVersionTemplate) GetAlgorithm

func (*CryptoKeyVersionTemplate) GetProtectionLevel

func (x *CryptoKeyVersionTemplate) GetProtectionLevel() ProtectionLevel

func (*CryptoKeyVersionTemplate) ProtoMessage

func (*CryptoKeyVersionTemplate) ProtoMessage()

func (*CryptoKeyVersionTemplate) ProtoReflect

func (x *CryptoKeyVersionTemplate) ProtoReflect() protoreflect.Message

func (*CryptoKeyVersionTemplate) Reset

func (x *CryptoKeyVersionTemplate) Reset()

func (*CryptoKeyVersionTemplate) String

func (x *CryptoKeyVersionTemplate) String() string

CryptoKeyVersion_CryptoKeyVersionAlgorithm

type CryptoKeyVersion_CryptoKeyVersionAlgorithm int32

The algorithm of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], indicating what parameters must be used for each cryptographic operation.

The [GOOGLE_SYMMETRIC_ENCRYPTION][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION] algorithm is usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].

Algorithms beginning with RSA_SIGN_ are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN].

The fields in the name after RSA_SIGN_ correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm.

For PSS, the salt length used is equal to the length of digest algorithm. For example, [RSA_SIGN_PSS_2048_SHA256][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256] will use PSS with a salt length of 256 bits or 32 bytes.

Algorithms beginning with RSA_DECRYPT_ are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].

The fields in the name after RSA_DECRYPT_ correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm.

Algorithms beginning with EC_SIGN_ are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN].

The fields in the name after EC_SIGN_ correspond to the following parameters: elliptic curve, digest algorithm.

Algorithms beginning with HMAC_ are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [MAC][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.MAC].

The suffix following HMAC_ corresponds to the hash algorithm being used (eg. SHA256).

For more information, see Key purposes and algorithms.

CryptoKeyVersion_CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED, CryptoKeyVersion_GOOGLE_SYMMETRIC_ENCRYPTION, CryptoKeyVersion_AES_128_GCM, CryptoKeyVersion_AES_256_GCM, CryptoKeyVersion_AES_128_CBC, CryptoKeyVersion_AES_256_CBC, CryptoKeyVersion_AES_128_CTR, CryptoKeyVersion_AES_256_CTR, CryptoKeyVersion_RSA_SIGN_PSS_2048_SHA256, CryptoKeyVersion_RSA_SIGN_PSS_3072_SHA256, CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA256, CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA512, CryptoKeyVersion_RSA_SIGN_PKCS1_2048_SHA256, CryptoKeyVersion_RSA_SIGN_PKCS1_3072_SHA256, CryptoKeyVersion_RSA_SIGN_PKCS1_4096_SHA256, CryptoKeyVersion_RSA_SIGN_PKCS1_4096_SHA512, CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_2048, CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_3072, CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_4096, CryptoKeyVersion_RSA_DECRYPT_OAEP_2048_SHA256, CryptoKeyVersion_RSA_DECRYPT_OAEP_3072_SHA256, CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA256, CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA512, CryptoKeyVersion_RSA_DECRYPT_OAEP_2048_SHA1, CryptoKeyVersion_RSA_DECRYPT_OAEP_3072_SHA1, CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA1, CryptoKeyVersion_EC_SIGN_P256_SHA256, CryptoKeyVersion_EC_SIGN_P384_SHA384, CryptoKeyVersion_EC_SIGN_SECP256K1_SHA256, CryptoKeyVersion_EC_SIGN_ED25519, CryptoKeyVersion_HMAC_SHA256, CryptoKeyVersion_HMAC_SHA1, CryptoKeyVersion_HMAC_SHA384, CryptoKeyVersion_HMAC_SHA512, CryptoKeyVersion_HMAC_SHA224, CryptoKeyVersion_EXTERNAL_SYMMETRIC_ENCRYPTION

const (
	// Not specified.
	CryptoKeyVersion_CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED CryptoKeyVersion_CryptoKeyVersionAlgorithm = 0
	// Creates symmetric encryption keys.
	CryptoKeyVersion_GOOGLE_SYMMETRIC_ENCRYPTION CryptoKeyVersion_CryptoKeyVersionAlgorithm = 1
	// AES-GCM (Galois Counter Mode) using 128-bit keys.
	CryptoKeyVersion_AES_128_GCM CryptoKeyVersion_CryptoKeyVersionAlgorithm = 41
	// AES-GCM (Galois Counter Mode) using 256-bit keys.
	CryptoKeyVersion_AES_256_GCM CryptoKeyVersion_CryptoKeyVersionAlgorithm = 19
	// AES-CBC (Cipher Block Chaining Mode) using 128-bit keys.
	CryptoKeyVersion_AES_128_CBC CryptoKeyVersion_CryptoKeyVersionAlgorithm = 42
	// AES-CBC (Cipher Block Chaining Mode) using 256-bit keys.
	CryptoKeyVersion_AES_256_CBC CryptoKeyVersion_CryptoKeyVersionAlgorithm = 43
	// AES-CTR (Counter Mode) using 128-bit keys.
	CryptoKeyVersion_AES_128_CTR CryptoKeyVersion_CryptoKeyVersionAlgorithm = 44
	// AES-CTR (Counter Mode) using 256-bit keys.
	CryptoKeyVersion_AES_256_CTR CryptoKeyVersion_CryptoKeyVersionAlgorithm = 45
	// RSASSA-PSS 2048 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PSS_2048_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 2
	// RSASSA-PSS 3072 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PSS_3072_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 3
	// RSASSA-PSS 4096 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 4
	// RSASSA-PSS 4096 bit key with a SHA512 digest.
	CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 15
	// RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PKCS1_2048_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 5
	// RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PKCS1_3072_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 6
	// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PKCS1_4096_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 7
	// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
	CryptoKeyVersion_RSA_SIGN_PKCS1_4096_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 16
	// RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
	CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_2048 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 28
	// RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
	CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_3072 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 29
	// RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
	CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_4096 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 30
	// RSAES-OAEP 2048 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_2048_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 8
	// RSAES-OAEP 3072 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_3072_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 9
	// RSAES-OAEP 4096 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 10
	// RSAES-OAEP 4096 bit key with a SHA512 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 17
	// RSAES-OAEP 2048 bit key with a SHA1 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_2048_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 37
	// RSAES-OAEP 3072 bit key with a SHA1 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_3072_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 38
	// RSAES-OAEP 4096 bit key with a SHA1 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 39
	// ECDSA on the NIST P-256 curve with a SHA256 digest.
	// Other hash functions can also be used:
	// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
	CryptoKeyVersion_EC_SIGN_P256_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 12
	// ECDSA on the NIST P-384 curve with a SHA384 digest.
	// Other hash functions can also be used:
	// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
	CryptoKeyVersion_EC_SIGN_P384_SHA384 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 13
	// ECDSA on the non-NIST secp256k1 curve. This curve is only supported for
	// HSM protection level.
	// Other hash functions can also be used:
	// https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
	CryptoKeyVersion_EC_SIGN_SECP256K1_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 31
	// EdDSA on the Curve25519 in pure mode (taking data as input).
	CryptoKeyVersion_EC_SIGN_ED25519 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 40
	// HMAC-SHA256 signing with a 256 bit key.
	CryptoKeyVersion_HMAC_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 32
	// HMAC-SHA1 signing with a 160 bit key.
	CryptoKeyVersion_HMAC_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 33
	// HMAC-SHA384 signing with a 384 bit key.
	CryptoKeyVersion_HMAC_SHA384 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 34
	// HMAC-SHA512 signing with a 512 bit key.
	CryptoKeyVersion_HMAC_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 35
	// HMAC-SHA224 signing with a 224 bit key.
	CryptoKeyVersion_HMAC_SHA224 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 36
	// Algorithm representing symmetric encryption by an external key manager.
	CryptoKeyVersion_EXTERNAL_SYMMETRIC_ENCRYPTION CryptoKeyVersion_CryptoKeyVersionAlgorithm = 18
)

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Descriptor

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Enum

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) EnumDescriptor

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) EnumDescriptor() ([]byte, []int)

Deprecated: Use CryptoKeyVersion_CryptoKeyVersionAlgorithm.Descriptor instead.

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Number

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) String

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Type

CryptoKeyVersion_CryptoKeyVersionState

type CryptoKeyVersion_CryptoKeyVersionState int32

The state of a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], indicating if it can be used.

CryptoKeyVersion_CRYPTO_KEY_VERSION_STATE_UNSPECIFIED, CryptoKeyVersion_PENDING_GENERATION, CryptoKeyVersion_ENABLED, CryptoKeyVersion_DISABLED, CryptoKeyVersion_DESTROYED, CryptoKeyVersion_DESTROY_SCHEDULED, CryptoKeyVersion_PENDING_IMPORT, CryptoKeyVersion_IMPORT_FAILED, CryptoKeyVersion_GENERATION_FAILED, CryptoKeyVersion_PENDING_EXTERNAL_DESTRUCTION, CryptoKeyVersion_EXTERNAL_DESTRUCTION_FAILED

const (
	// Not specified.
	CryptoKeyVersion_CRYPTO_KEY_VERSION_STATE_UNSPECIFIED CryptoKeyVersion_CryptoKeyVersionState = 0
	// This version is still being generated. It may not be used, enabled,
	// disabled, or destroyed yet. Cloud KMS will automatically mark this
	// version
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
	// as soon as the version is ready.
	CryptoKeyVersion_PENDING_GENERATION CryptoKeyVersion_CryptoKeyVersionState = 5
	// This version may be used for cryptographic operations.
	CryptoKeyVersion_ENABLED CryptoKeyVersion_CryptoKeyVersionState = 1
	// This version may not be used, but the key material is still available,
	// and the version can be placed back into the
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
	// state.
	CryptoKeyVersion_DISABLED CryptoKeyVersion_CryptoKeyVersionState = 2
	// This version is destroyed, and the key material is no longer stored.
	// This version may only become
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
	// again if this version is
	// [reimport_eligible][google.cloud.kms.v1.CryptoKeyVersion.reimport_eligible]
	// and the original key material is reimported with a call to
	// [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion].
	CryptoKeyVersion_DESTROYED CryptoKeyVersion_CryptoKeyVersionState = 3
	// This version is scheduled for destruction, and will be destroyed soon.
	// Call
	// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
	// to put it back into the
	// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]
	// state.
	CryptoKeyVersion_DESTROY_SCHEDULED CryptoKeyVersion_CryptoKeyVersionState = 4
	// This version is still being imported. It may not be used, enabled,
	// disabled, or destroyed yet. Cloud KMS will automatically mark this
	// version
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
	// as soon as the version is ready.
	CryptoKeyVersion_PENDING_IMPORT CryptoKeyVersion_CryptoKeyVersionState = 6
	// This version was not imported successfully. It may not be used, enabled,
	// disabled, or destroyed. The submitted key material has been discarded.
	// Additional details can be found in
	// [CryptoKeyVersion.import_failure_reason][google.cloud.kms.v1.CryptoKeyVersion.import_failure_reason].
	CryptoKeyVersion_IMPORT_FAILED CryptoKeyVersion_CryptoKeyVersionState = 7
	// This version was not generated successfully. It may not be used, enabled,
	// disabled, or destroyed. Additional details can be found in
	// [CryptoKeyVersion.generation_failure_reason][google.cloud.kms.v1.CryptoKeyVersion.generation_failure_reason].
	CryptoKeyVersion_GENERATION_FAILED CryptoKeyVersion_CryptoKeyVersionState = 8
	// This version was destroyed, and it may not be used or enabled again.
	// Cloud KMS is waiting for the corresponding key material residing in an
	// external key manager to be destroyed.
	CryptoKeyVersion_PENDING_EXTERNAL_DESTRUCTION CryptoKeyVersion_CryptoKeyVersionState = 9
	// This version was destroyed, and it may not be used or enabled again.
	// However, Cloud KMS could not confirm that the corresponding key material
	// residing in an external key manager was destroyed. Additional details can
	// be found in
	// [CryptoKeyVersion.external_destruction_failure_reason][google.cloud.kms.v1.CryptoKeyVersion.external_destruction_failure_reason].
	CryptoKeyVersion_EXTERNAL_DESTRUCTION_FAILED CryptoKeyVersion_CryptoKeyVersionState = 10
)

func (CryptoKeyVersion_CryptoKeyVersionState) Descriptor

func (CryptoKeyVersion_CryptoKeyVersionState) Enum

func (CryptoKeyVersion_CryptoKeyVersionState) EnumDescriptor

func (CryptoKeyVersion_CryptoKeyVersionState) EnumDescriptor() ([]byte, []int)

Deprecated: Use CryptoKeyVersion_CryptoKeyVersionState.Descriptor instead.

func (CryptoKeyVersion_CryptoKeyVersionState) Number

func (CryptoKeyVersion_CryptoKeyVersionState) String

func (CryptoKeyVersion_CryptoKeyVersionState) Type

CryptoKeyVersion_CryptoKeyVersionView

type CryptoKeyVersion_CryptoKeyVersionView int32

A view for [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]s. Controls the level of detail returned for [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] in [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions] and [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys].

CryptoKeyVersion_CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED, CryptoKeyVersion_FULL

const (
	// Default view for each
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Does not
	// include the
	// [attestation][google.cloud.kms.v1.CryptoKeyVersion.attestation] field.
	CryptoKeyVersion_CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED CryptoKeyVersion_CryptoKeyVersionView = 0
	// Provides all fields in each
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], including the
	// [attestation][google.cloud.kms.v1.CryptoKeyVersion.attestation].
	CryptoKeyVersion_FULL CryptoKeyVersion_CryptoKeyVersionView = 1
)

func (CryptoKeyVersion_CryptoKeyVersionView) Descriptor

func (CryptoKeyVersion_CryptoKeyVersionView) Enum

func (CryptoKeyVersion_CryptoKeyVersionView) EnumDescriptor

func (CryptoKeyVersion_CryptoKeyVersionView) EnumDescriptor() ([]byte, []int)

Deprecated: Use CryptoKeyVersion_CryptoKeyVersionView.Descriptor instead.

func (CryptoKeyVersion_CryptoKeyVersionView) Number

func (CryptoKeyVersion_CryptoKeyVersionView) String

func (CryptoKeyVersion_CryptoKeyVersionView) Type

CryptoKey_CryptoKeyPurpose

type CryptoKey_CryptoKeyPurpose int32

[CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] describes the cryptographic capabilities of a [CryptoKey][google.cloud.kms.v1.CryptoKey]. A given key can only be used for the operations allowed by its purpose. For more information, see Key purposes.

CryptoKey_CRYPTO_KEY_PURPOSE_UNSPECIFIED, CryptoKey_ENCRYPT_DECRYPT, CryptoKey_ASYMMETRIC_SIGN, CryptoKey_ASYMMETRIC_DECRYPT, CryptoKey_RAW_ENCRYPT_DECRYPT, CryptoKey_MAC

const (
	// Not specified.
	CryptoKey_CRYPTO_KEY_PURPOSE_UNSPECIFIED CryptoKey_CryptoKeyPurpose = 0
	// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
	// with [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and
	// [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
	CryptoKey_ENCRYPT_DECRYPT CryptoKey_CryptoKeyPurpose = 1
	// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
	// with
	// [AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]
	// and
	// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
	CryptoKey_ASYMMETRIC_SIGN CryptoKey_CryptoKeyPurpose = 5
	// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
	// with
	// [AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]
	// and
	// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
	CryptoKey_ASYMMETRIC_DECRYPT CryptoKey_CryptoKeyPurpose = 6
	// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
	// with [RawEncrypt][google.cloud.kms.v1.KeyManagementService.RawEncrypt]
	// and [RawDecrypt][google.cloud.kms.v1.KeyManagementService.RawDecrypt].
	// This purpose is meant to be used for interoperable symmetric
	// encryption and does not support automatic CryptoKey rotation.
	CryptoKey_RAW_ENCRYPT_DECRYPT CryptoKey_CryptoKeyPurpose = 7
	// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
	// with [MacSign][google.cloud.kms.v1.KeyManagementService.MacSign].
	CryptoKey_MAC CryptoKey_CryptoKeyPurpose = 9
)

func (CryptoKey_CryptoKeyPurpose) Descriptor

func (CryptoKey_CryptoKeyPurpose) Enum

func (CryptoKey_CryptoKeyPurpose) EnumDescriptor

func (CryptoKey_CryptoKeyPurpose) EnumDescriptor() ([]byte, []int)

Deprecated: Use CryptoKey_CryptoKeyPurpose.Descriptor instead.

func (CryptoKey_CryptoKeyPurpose) Number

func (CryptoKey_CryptoKeyPurpose) String

func (CryptoKey_CryptoKeyPurpose) Type

CryptoKey_RotationPeriod

type CryptoKey_RotationPeriod struct {
	// [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time]
	// will be advanced by this period when the service automatically rotates a
	// key. Must be at least 24 hours and at most 876,000 hours.
	//
	// If [rotation_period][google.cloud.kms.v1.CryptoKey.rotation_period] is
	// set,
	// [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time]
	// must also be set.
	//
	// Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]
	// support automatic rotation. For other keys, this field must be omitted.
	RotationPeriod *durationpb.Duration `protobuf:"bytes,8,opt,name=rotation_period,json=rotationPeriod,proto3,oneof"`
}

DecryptRequest

type DecryptRequest struct {
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`

	Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`

	AdditionalAuthenticatedData []byte "" /* 144 byte string literal not displayed */

	CiphertextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,5,opt,name=ciphertext_crc32c,json=ciphertextCrc32c,proto3" json:"ciphertext_crc32c,omitempty"`

	AdditionalAuthenticatedDataCrc32C *wrapperspb.Int64Value "" /* 164 byte string literal not displayed */

}

Request message for [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].

func (*DecryptRequest) Descriptor

func (*DecryptRequest) Descriptor() ([]byte, []int)

Deprecated: Use DecryptRequest.ProtoReflect.Descriptor instead.

func (*DecryptRequest) GetAdditionalAuthenticatedData

func (x *DecryptRequest) GetAdditionalAuthenticatedData() []byte

func (*DecryptRequest) GetAdditionalAuthenticatedDataCrc32C

func (x *DecryptRequest) GetAdditionalAuthenticatedDataCrc32C() *wrapperspb.Int64Value

func (*DecryptRequest) GetCiphertext

func (x *DecryptRequest) GetCiphertext() []byte

func (*DecryptRequest) GetCiphertextCrc32C

func (x *DecryptRequest) GetCiphertextCrc32C() *wrapperspb.Int64Value

func (*DecryptRequest) GetName

func (x *DecryptRequest) GetName() string

func (*DecryptRequest) ProtoMessage

func (*DecryptRequest) ProtoMessage()

func (*DecryptRequest) ProtoReflect

func (x *DecryptRequest) ProtoReflect() protoreflect.Message

func (*DecryptRequest) Reset

func (x *DecryptRequest) Reset()

func (*DecryptRequest) String

func (x *DecryptRequest) String() string

DecryptResponse

type DecryptResponse struct {
	Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"`

	PlaintextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,2,opt,name=plaintext_crc32c,json=plaintextCrc32c,proto3" json:"plaintext_crc32c,omitempty"`

	UsedPrimary bool `protobuf:"varint,3,opt,name=used_primary,json=usedPrimary,proto3" json:"used_primary,omitempty"`

	ProtectionLevel ProtectionLevel "" /* 148 byte string literal not displayed */

}

Response message for [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].

func (*DecryptResponse) Descriptor

func (*DecryptResponse) Descriptor() ([]byte, []int)

Deprecated: Use DecryptResponse.ProtoReflect.Descriptor instead.

func (*DecryptResponse) GetPlaintext

func (x *DecryptResponse) GetPlaintext() []byte

func (*DecryptResponse) GetPlaintextCrc32C

func (x *DecryptResponse) GetPlaintextCrc32C() *wrapperspb.Int64Value

func (*DecryptResponse) GetProtectionLevel

func (x *DecryptResponse) GetProtectionLevel() ProtectionLevel

func (*DecryptResponse) GetUsedPrimary

func (x *DecryptResponse) GetUsedPrimary() bool

func (*DecryptResponse) ProtoMessage

func (*DecryptResponse) ProtoMessage()

func (*DecryptResponse) ProtoReflect

func (x *DecryptResponse) ProtoReflect() protoreflect.Message

func (*DecryptResponse) Reset

func (x *DecryptResponse) Reset()

func (*DecryptResponse) String

func (x *DecryptResponse) String() string

DestroyCryptoKeyVersionRequest

type DestroyCryptoKeyVersionRequest struct {

	// Required. The resource name of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to destroy.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion].

func (*DestroyCryptoKeyVersionRequest) Descriptor

func (*DestroyCryptoKeyVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use DestroyCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.

func (*DestroyCryptoKeyVersionRequest) GetName

func (*DestroyCryptoKeyVersionRequest) ProtoMessage

func (*DestroyCryptoKeyVersionRequest) ProtoMessage()

func (*DestroyCryptoKeyVersionRequest) ProtoReflect

func (*DestroyCryptoKeyVersionRequest) Reset

func (x *DestroyCryptoKeyVersionRequest) Reset()

func (*DestroyCryptoKeyVersionRequest) String

Digest

type Digest struct {

	// Required. The message digest.
	//
	// Types that are assignable to Digest:
	//
	//	*Digest_Sha256
	//	*Digest_Sha384
	//	*Digest_Sha512
	Digest isDigest_Digest `protobuf_oneof:"digest"`
	// contains filtered or unexported fields
}

A [Digest][google.cloud.kms.v1.Digest] holds a cryptographic message digest.

func (*Digest) Descriptor

func (*Digest) Descriptor() ([]byte, []int)

Deprecated: Use Digest.ProtoReflect.Descriptor instead.

func (*Digest) GetDigest

func (m *Digest) GetDigest() isDigest_Digest

func (*Digest) GetSha256

func (x *Digest) GetSha256() []byte

func (*Digest) GetSha384

func (x *Digest) GetSha384() []byte

func (*Digest) GetSha512

func (x *Digest) GetSha512() []byte

func (*Digest) ProtoMessage

func (*Digest) ProtoMessage()

func (*Digest) ProtoReflect

func (x *Digest) ProtoReflect() protoreflect.Message

func (*Digest) Reset

func (x *Digest) Reset()

func (*Digest) String

func (x *Digest) String() string

Digest_Sha256

type Digest_Sha256 struct {
	// A message digest produced with the SHA-256 algorithm.
	Sha256 []byte `protobuf:"bytes,1,opt,name=sha256,proto3,oneof"`
}

Digest_Sha384

type Digest_Sha384 struct {
	// A message digest produced with the SHA-384 algorithm.
	Sha384 []byte `protobuf:"bytes,2,opt,name=sha384,proto3,oneof"`
}

Digest_Sha512

type Digest_Sha512 struct {
	// A message digest produced with the SHA-512 algorithm.
	Sha512 []byte `protobuf:"bytes,3,opt,name=sha512,proto3,oneof"`
}

EkmConfig

type EkmConfig struct {

	// Output only. The resource name for the
	// [EkmConfig][google.cloud.kms.v1.EkmConfig] in the format
	// `projects/*/locations/*/ekmConfig`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. Resource name of the default
	// [EkmConnection][google.cloud.kms.v1.EkmConnection]. Setting this field to
	// the empty string removes the default.
	DefaultEkmConnection string `protobuf:"bytes,2,opt,name=default_ekm_connection,json=defaultEkmConnection,proto3" json:"default_ekm_connection,omitempty"`
	// contains filtered or unexported fields
}

An [EkmConfig][google.cloud.kms.v1.EkmConfig] is a singleton resource that represents configuration parameters that apply to all [CryptoKeys][google.cloud.kms.v1.CryptoKey] and [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] with a [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of [EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC] in a given project and location.

func (*EkmConfig) Descriptor

func (*EkmConfig) Descriptor() ([]byte, []int)

Deprecated: Use EkmConfig.ProtoReflect.Descriptor instead.

func (*EkmConfig) GetDefaultEkmConnection

func (x *EkmConfig) GetDefaultEkmConnection() string

func (*EkmConfig) GetName

func (x *EkmConfig) GetName() string

func (*EkmConfig) ProtoMessage

func (*EkmConfig) ProtoMessage()

func (*EkmConfig) ProtoReflect

func (x *EkmConfig) ProtoReflect() protoreflect.Message

func (*EkmConfig) Reset

func (x *EkmConfig) Reset()

func (*EkmConfig) String

func (x *EkmConfig) String() string

EkmConnection

type EkmConnection struct {
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`

	CreateTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`

	ServiceResolvers []*EkmConnection_ServiceResolver `protobuf:"bytes,3,rep,name=service_resolvers,json=serviceResolvers,proto3" json:"service_resolvers,omitempty"`

	Etag string `protobuf:"bytes,5,opt,name=etag,proto3" json:"etag,omitempty"`

	KeyManagementMode EkmConnection_KeyManagementMode "" /* 172 byte string literal not displayed */

	CryptoSpacePath string `protobuf:"bytes,7,opt,name=crypto_space_path,json=cryptoSpacePath,proto3" json:"crypto_space_path,omitempty"`

}

An [EkmConnection][google.cloud.kms.v1.EkmConnection] represents an individual EKM connection. It can be used for creating [CryptoKeys][google.cloud.kms.v1.CryptoKey] and [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] with a [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of [EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC], as well as performing cryptographic operations using keys created within the [EkmConnection][google.cloud.kms.v1.EkmConnection].

func (*EkmConnection) Descriptor

func (*EkmConnection) Descriptor() ([]byte, []int)

Deprecated: Use EkmConnection.ProtoReflect.Descriptor instead.

func (*EkmConnection) GetCreateTime

func (x *EkmConnection) GetCreateTime() *timestamppb.Timestamp

func (*EkmConnection) GetCryptoSpacePath

func (x *EkmConnection) GetCryptoSpacePath() string

func (*EkmConnection) GetEtag

func (x *EkmConnection) GetEtag() string

func (*EkmConnection) GetKeyManagementMode

func (x *EkmConnection) GetKeyManagementMode() EkmConnection_KeyManagementMode

func (*EkmConnection) GetName

func (x *EkmConnection) GetName() string

func (*EkmConnection) GetServiceResolvers

func (x *EkmConnection) GetServiceResolvers() []*EkmConnection_ServiceResolver

func (*EkmConnection) ProtoMessage

func (*EkmConnection) ProtoMessage()

func (*EkmConnection) ProtoReflect

func (x *EkmConnection) ProtoReflect() protoreflect.Message

func (*EkmConnection) Reset

func (x *EkmConnection) Reset()

func (*EkmConnection) String

func (x *EkmConnection) String() string

EkmConnection_KeyManagementMode

type EkmConnection_KeyManagementMode int32

[KeyManagementMode][google.cloud.kms.v1.EkmConnection.KeyManagementMode] describes who can perform control plane cryptographic operations using this [EkmConnection][google.cloud.kms.v1.EkmConnection].

EkmConnection_KEY_MANAGEMENT_MODE_UNSPECIFIED, EkmConnection_MANUAL, EkmConnection_CLOUD_KMS

const (
	// Not specified.
	EkmConnection_KEY_MANAGEMENT_MODE_UNSPECIFIED EkmConnection_KeyManagementMode = 0
	// EKM-side key management operations on
	// [CryptoKeys][google.cloud.kms.v1.CryptoKey] created with this
	// [EkmConnection][google.cloud.kms.v1.EkmConnection] must be initiated from
	// the EKM directly and cannot be performed from Cloud KMS. This means that:
	// * When creating a
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] associated with
	// this
	//
	//	[EkmConnection][google.cloud.kms.v1.EkmConnection], the caller must
	//	supply the key path of pre-existing external key material that will be
	//	linked to the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	//   - Destruction of external key material cannot be requested via the
	//     Cloud KMS API and must be performed directly in the EKM.
	//   - Automatic rotation of key material is not supported.
	EkmConnection_MANUAL EkmConnection_KeyManagementMode = 1
	// All [CryptoKeys][google.cloud.kms.v1.CryptoKey] created with this
	// [EkmConnection][google.cloud.kms.v1.EkmConnection] use EKM-side key
	// management operations initiated from Cloud KMS. This means that:
	// * When a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
	// associated with this [EkmConnection][google.cloud.kms.v1.EkmConnection]
	// is
	//
	//	created, the EKM automatically generates new key material and a new
	//	key path. The caller cannot supply the key path of pre-existing
	//	external key material.
	//   - Destruction of external key material associated with this
	//     [EkmConnection][google.cloud.kms.v1.EkmConnection] can be requested by
	//     calling [DestroyCryptoKeyVersion][EkmService.DestroyCryptoKeyVersion].
	//   - Automatic rotation of key material is supported.
	EkmConnection_CLOUD_KMS EkmConnection_KeyManagementMode = 2
)

func (EkmConnection_KeyManagementMode) Descriptor

func (EkmConnection_KeyManagementMode) Enum

func (EkmConnection_KeyManagementMode) EnumDescriptor

func (EkmConnection_KeyManagementMode) EnumDescriptor() ([]byte, []int)

Deprecated: Use EkmConnection_KeyManagementMode.Descriptor instead.

func (EkmConnection_KeyManagementMode) Number

func (EkmConnection_KeyManagementMode) String

func (EkmConnection_KeyManagementMode) Type

EkmConnection_ServiceResolver

type EkmConnection_ServiceResolver struct {
	ServiceDirectoryService string "" /* 132 byte string literal not displayed */

	EndpointFilter string `protobuf:"bytes,2,opt,name=endpoint_filter,json=endpointFilter,proto3" json:"endpoint_filter,omitempty"`

	Hostname string `protobuf:"bytes,3,opt,name=hostname,proto3" json:"hostname,omitempty"`

	ServerCertificates []*Certificate `protobuf:"bytes,4,rep,name=server_certificates,json=serverCertificates,proto3" json:"server_certificates,omitempty"`

}

A [ServiceResolver][google.cloud.kms.v1.EkmConnection.ServiceResolver] represents an EKM replica that can be reached within an [EkmConnection][google.cloud.kms.v1.EkmConnection].

func (*EkmConnection_ServiceResolver) Descriptor

func (*EkmConnection_ServiceResolver) Descriptor() ([]byte, []int)

Deprecated: Use EkmConnection_ServiceResolver.ProtoReflect.Descriptor instead.

func (*EkmConnection_ServiceResolver) GetEndpointFilter

func (x *EkmConnection_ServiceResolver) GetEndpointFilter() string

func (*EkmConnection_ServiceResolver) GetHostname

func (x *EkmConnection_ServiceResolver) GetHostname() string

func (*EkmConnection_ServiceResolver) GetServerCertificates

func (x *EkmConnection_ServiceResolver) GetServerCertificates() []*Certificate

func (*EkmConnection_ServiceResolver) GetServiceDirectoryService

func (x *EkmConnection_ServiceResolver) GetServiceDirectoryService() string

func (*EkmConnection_ServiceResolver) ProtoMessage

func (*EkmConnection_ServiceResolver) ProtoMessage()

func (*EkmConnection_ServiceResolver) ProtoReflect

func (*EkmConnection_ServiceResolver) Reset

func (x *EkmConnection_ServiceResolver) Reset()

func (*EkmConnection_ServiceResolver) String

EkmServiceClient

type EkmServiceClient interface {
	// Lists [EkmConnections][google.cloud.kms.v1.EkmConnection].
	ListEkmConnections(ctx context.Context, in *ListEkmConnectionsRequest, opts ...grpc.CallOption) (*ListEkmConnectionsResponse, error)
	// Returns metadata for a given
	// [EkmConnection][google.cloud.kms.v1.EkmConnection].
	GetEkmConnection(ctx context.Context, in *GetEkmConnectionRequest, opts ...grpc.CallOption) (*EkmConnection, error)
	// Creates a new [EkmConnection][google.cloud.kms.v1.EkmConnection] in a given
	// Project and Location.
	CreateEkmConnection(ctx context.Context, in *CreateEkmConnectionRequest, opts ...grpc.CallOption) (*EkmConnection, error)
	// Updates an [EkmConnection][google.cloud.kms.v1.EkmConnection]'s metadata.
	UpdateEkmConnection(ctx context.Context, in *UpdateEkmConnectionRequest, opts ...grpc.CallOption) (*EkmConnection, error)
	// Returns the [EkmConfig][google.cloud.kms.v1.EkmConfig] singleton resource
	// for a given project and location.
	GetEkmConfig(ctx context.Context, in *GetEkmConfigRequest, opts ...grpc.CallOption) (*EkmConfig, error)
	// Updates the [EkmConfig][google.cloud.kms.v1.EkmConfig] singleton resource
	// for a given project and location.
	UpdateEkmConfig(ctx context.Context, in *UpdateEkmConfigRequest, opts ...grpc.CallOption) (*EkmConfig, error)
	// Verifies that Cloud KMS can successfully connect to the external key
	// manager specified by an [EkmConnection][google.cloud.kms.v1.EkmConnection].
	// If there is an error connecting to the EKM, this method returns a
	// FAILED_PRECONDITION status containing structured information as described
	// at https://cloud.google.com/kms/docs/reference/ekm_errors.
	VerifyConnectivity(ctx context.Context, in *VerifyConnectivityRequest, opts ...grpc.CallOption) (*VerifyConnectivityResponse, error)
}

EkmServiceClient is the client API for EkmService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewEkmServiceClient

func NewEkmServiceClient(cc grpc.ClientConnInterface) EkmServiceClient

EkmServiceServer

type EkmServiceServer interface {
	// Lists [EkmConnections][google.cloud.kms.v1.EkmConnection].
	ListEkmConnections(context.Context, *ListEkmConnectionsRequest) (*ListEkmConnectionsResponse, error)
	// Returns metadata for a given
	// [EkmConnection][google.cloud.kms.v1.EkmConnection].
	GetEkmConnection(context.Context, *GetEkmConnectionRequest) (*EkmConnection, error)
	// Creates a new [EkmConnection][google.cloud.kms.v1.EkmConnection] in a given
	// Project and Location.
	CreateEkmConnection(context.Context, *CreateEkmConnectionRequest) (*EkmConnection, error)
	// Updates an [EkmConnection][google.cloud.kms.v1.EkmConnection]'s metadata.
	UpdateEkmConnection(context.Context, *UpdateEkmConnectionRequest) (*EkmConnection, error)
	// Returns the [EkmConfig][google.cloud.kms.v1.EkmConfig] singleton resource
	// for a given project and location.
	GetEkmConfig(context.Context, *GetEkmConfigRequest) (*EkmConfig, error)
	// Updates the [EkmConfig][google.cloud.kms.v1.EkmConfig] singleton resource
	// for a given project and location.
	UpdateEkmConfig(context.Context, *UpdateEkmConfigRequest) (*EkmConfig, error)
	// Verifies that Cloud KMS can successfully connect to the external key
	// manager specified by an [EkmConnection][google.cloud.kms.v1.EkmConnection].
	// If there is an error connecting to the EKM, this method returns a
	// FAILED_PRECONDITION status containing structured information as described
	// at https://cloud.google.com/kms/docs/reference/ekm_errors.
	VerifyConnectivity(context.Context, *VerifyConnectivityRequest) (*VerifyConnectivityResponse, error)
}

EkmServiceServer is the server API for EkmService service.

EncryptRequest

type EncryptRequest struct {
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`

	Plaintext []byte `protobuf:"bytes,2,opt,name=plaintext,proto3" json:"plaintext,omitempty"`

	AdditionalAuthenticatedData []byte "" /* 144 byte string literal not displayed */

	PlaintextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,7,opt,name=plaintext_crc32c,json=plaintextCrc32c,proto3" json:"plaintext_crc32c,omitempty"`

	AdditionalAuthenticatedDataCrc32C *wrapperspb.Int64Value "" /* 164 byte string literal not displayed */

}

Request message for [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].

func (*EncryptRequest) Descriptor

func (*EncryptRequest) Descriptor() ([]byte, []int)

Deprecated: Use EncryptRequest.ProtoReflect.Descriptor instead.

func (*EncryptRequest) GetAdditionalAuthenticatedData

func (x *EncryptRequest) GetAdditionalAuthenticatedData() []byte

func (*EncryptRequest) GetAdditionalAuthenticatedDataCrc32C

func (x *EncryptRequest) GetAdditionalAuthenticatedDataCrc32C() *wrapperspb.Int64Value

func (*EncryptRequest) GetName

func (x *EncryptRequest) GetName() string

func (*EncryptRequest) GetPlaintext

func (x *EncryptRequest) GetPlaintext() []byte

func (*EncryptRequest) GetPlaintextCrc32C

func (x *EncryptRequest) GetPlaintextCrc32C() *wrapperspb.Int64Value

func (*EncryptRequest) ProtoMessage

func (*EncryptRequest) ProtoMessage()

func (*EncryptRequest) ProtoReflect

func (x *EncryptRequest) ProtoReflect() protoreflect.Message

func (*EncryptRequest) Reset

func (x *EncryptRequest) Reset()

func (*EncryptRequest) String

func (x *EncryptRequest) String() string

EncryptResponse

type EncryptResponse struct {
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`

	Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`

	CiphertextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,4,opt,name=ciphertext_crc32c,json=ciphertextCrc32c,proto3" json:"ciphertext_crc32c,omitempty"`

	VerifiedPlaintextCrc32C bool "" /* 133 byte string literal not displayed */

	VerifiedAdditionalAuthenticatedDataCrc32C bool "" /* 191 byte string literal not displayed */

	ProtectionLevel ProtectionLevel "" /* 148 byte string literal not displayed */

}

Response message for [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].

func (*EncryptResponse) Descriptor

func (*EncryptResponse) Descriptor() ([]byte, []int)

Deprecated: Use EncryptResponse.ProtoReflect.Descriptor instead.

func (*EncryptResponse) GetCiphertext

func (x *EncryptResponse) GetCiphertext() []byte

func (*EncryptResponse) GetCiphertextCrc32C

func (x *EncryptResponse) GetCiphertextCrc32C() *wrapperspb.Int64Value

func (*EncryptResponse) GetName

func (x *EncryptResponse) GetName() string

func (*EncryptResponse) GetProtectionLevel

func (x *EncryptResponse) GetProtectionLevel() ProtectionLevel

func (*EncryptResponse) GetVerifiedAdditionalAuthenticatedDataCrc32C

func (x *EncryptResponse) GetVerifiedAdditionalAuthenticatedDataCrc32C() bool

func (*EncryptResponse) GetVerifiedPlaintextCrc32C

func (x *EncryptResponse) GetVerifiedPlaintextCrc32C() bool

func (*EncryptResponse) ProtoMessage

func (*EncryptResponse) ProtoMessage()

func (*EncryptResponse) ProtoReflect

func (x *EncryptResponse) ProtoReflect() protoreflect.Message

func (*EncryptResponse) Reset

func (x *EncryptResponse) Reset()

func (*EncryptResponse) String

func (x *EncryptResponse) String() string

ExternalProtectionLevelOptions

type ExternalProtectionLevelOptions struct {

	// The URI for an external resource that this
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] represents.
	ExternalKeyUri string `protobuf:"bytes,1,opt,name=external_key_uri,json=externalKeyUri,proto3" json:"external_key_uri,omitempty"`
	// The path to the external key material on the EKM when using
	// [EkmConnection][google.cloud.kms.v1.EkmConnection] e.g., "v0/my/key". Set
	// this field instead of external_key_uri when using an
	// [EkmConnection][google.cloud.kms.v1.EkmConnection].
	EkmConnectionKeyPath string `protobuf:"bytes,2,opt,name=ekm_connection_key_path,json=ekmConnectionKeyPath,proto3" json:"ekm_connection_key_path,omitempty"`
	// contains filtered or unexported fields
}

ExternalProtectionLevelOptions stores a group of additional fields for configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that are specific to the [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level and [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] protection levels.

func (*ExternalProtectionLevelOptions) Descriptor

func (*ExternalProtectionLevelOptions) Descriptor() ([]byte, []int)

Deprecated: Use ExternalProtectionLevelOptions.ProtoReflect.Descriptor instead.

func (*ExternalProtectionLevelOptions) GetEkmConnectionKeyPath

func (x *ExternalProtectionLevelOptions) GetEkmConnectionKeyPath() string

func (*ExternalProtectionLevelOptions) GetExternalKeyUri

func (x *ExternalProtectionLevelOptions) GetExternalKeyUri() string

func (*ExternalProtectionLevelOptions) ProtoMessage

func (*ExternalProtectionLevelOptions) ProtoMessage()

func (*ExternalProtectionLevelOptions) ProtoReflect

func (*ExternalProtectionLevelOptions) Reset

func (x *ExternalProtectionLevelOptions) Reset()

func (*ExternalProtectionLevelOptions) String

GenerateRandomBytesRequest

type GenerateRandomBytesRequest struct {
	Location string `protobuf:"bytes,1,opt,name=location,proto3" json:"location,omitempty"`

	LengthBytes int32 `protobuf:"varint,2,opt,name=length_bytes,json=lengthBytes,proto3" json:"length_bytes,omitempty"`

	ProtectionLevel ProtectionLevel "" /* 148 byte string literal not displayed */

}

Request message for [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes].

func (*GenerateRandomBytesRequest) Descriptor

func (*GenerateRandomBytesRequest) Descriptor() ([]byte, []int)

Deprecated: Use GenerateRandomBytesRequest.ProtoReflect.Descriptor instead.

func (*GenerateRandomBytesRequest) GetLengthBytes

func (x *GenerateRandomBytesRequest) GetLengthBytes() int32

func (*GenerateRandomBytesRequest) GetLocation

func (x *GenerateRandomBytesRequest) GetLocation() string

func (*GenerateRandomBytesRequest) GetProtectionLevel

func (x *GenerateRandomBytesRequest) GetProtectionLevel() ProtectionLevel

func (*GenerateRandomBytesRequest) ProtoMessage

func (*GenerateRandomBytesRequest) ProtoMessage()

func (*GenerateRandomBytesRequest) ProtoReflect

func (*GenerateRandomBytesRequest) Reset

func (x *GenerateRandomBytesRequest) Reset()

func (*GenerateRandomBytesRequest) String

func (x *GenerateRandomBytesRequest) String() string

GenerateRandomBytesResponse

type GenerateRandomBytesResponse struct {

	// The generated data.
	Data []byte `protobuf:"bytes,1,opt,name=data,proto3" json:"data,omitempty"`
	// Integrity verification field. A CRC32C checksum of the returned
	// [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data].
	// An integrity check of
	// [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data]
	// can be performed by computing the CRC32C checksum of
	// [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data]
	// and comparing your results to this field. Discard the response in case of
	// non-matching checksum values, and perform a limited number of retries. A
	// persistent mismatch may indicate an issue in your computation of the CRC32C
	// checksum. Note: This field is defined as int64 for reasons of compatibility
	// across different languages. However, it is a non-negative integer, which
	// will never exceed 2^32-1, and can be safely downconverted to uint32 in
	// languages that support this type.
	DataCrc32C *wrapperspb.Int64Value `protobuf:"bytes,3,opt,name=data_crc32c,json=dataCrc32c,proto3" json:"data_crc32c,omitempty"`
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes].

func (*GenerateRandomBytesResponse) Descriptor

func (*GenerateRandomBytesResponse) Descriptor() ([]byte, []int)

Deprecated: Use GenerateRandomBytesResponse.ProtoReflect.Descriptor instead.

func (*GenerateRandomBytesResponse) GetData

func (x *GenerateRandomBytesResponse) GetData() []byte

func (*GenerateRandomBytesResponse) GetDataCrc32C

func (*GenerateRandomBytesResponse) ProtoMessage

func (*GenerateRandomBytesResponse) ProtoMessage()

func (*GenerateRandomBytesResponse) ProtoReflect

func (*GenerateRandomBytesResponse) Reset

func (x *GenerateRandomBytesResponse) Reset()

func (*GenerateRandomBytesResponse) String

func (x *GenerateRandomBytesResponse) String() string

GetAutokeyConfigRequest

type GetAutokeyConfigRequest struct {

	// Required. Name of the [AutokeyConfig][google.cloud.kms.v1.AutokeyConfig]
	// resource, e.g. `folders/{FOLDER_NUMBER}/autokeyConfig`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [GetAutokeyConfig][google.cloud.kms.v1.AutokeyAdmin.GetAutokeyConfig].

func (*GetAutokeyConfigRequest) Descriptor

func (*GetAutokeyConfigRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetAutokeyConfigRequest.ProtoReflect.Descriptor instead.

func (*GetAutokeyConfigRequest) GetName

func (x *GetAutokeyConfigRequest) GetName() string

func (*GetAutokeyConfigRequest) ProtoMessage

func (*GetAutokeyConfigRequest) ProtoMessage()

func (*GetAutokeyConfigRequest) ProtoReflect

func (x *GetAutokeyConfigRequest) ProtoReflect() protoreflect.Message

func (*GetAutokeyConfigRequest) Reset

func (x *GetAutokeyConfigRequest) Reset()

func (*GetAutokeyConfigRequest) String

func (x *GetAutokeyConfigRequest) String() string

GetCryptoKeyRequest

type GetCryptoKeyRequest struct {

	// Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the
	// [CryptoKey][google.cloud.kms.v1.CryptoKey] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetCryptoKey][google.cloud.kms.v1.KeyManagementService.GetCryptoKey].

func (*GetCryptoKeyRequest) Descriptor

func (*GetCryptoKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetCryptoKeyRequest.ProtoReflect.Descriptor instead.

func (*GetCryptoKeyRequest) GetName

func (x *GetCryptoKeyRequest) GetName() string

func (*GetCryptoKeyRequest) ProtoMessage

func (*GetCryptoKeyRequest) ProtoMessage()

func (*GetCryptoKeyRequest) ProtoReflect

func (x *GetCryptoKeyRequest) ProtoReflect() protoreflect.Message

func (*GetCryptoKeyRequest) Reset

func (x *GetCryptoKeyRequest) Reset()

func (*GetCryptoKeyRequest) String

func (x *GetCryptoKeyRequest) String() string

GetCryptoKeyVersionRequest

type GetCryptoKeyVersionRequest struct {

	// Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.GetCryptoKeyVersion].

func (*GetCryptoKeyVersionRequest) Descriptor

func (*GetCryptoKeyVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.

func (*GetCryptoKeyVersionRequest) GetName

func (x *GetCryptoKeyVersionRequest) GetName() string

func (*GetCryptoKeyVersionRequest) ProtoMessage

func (*GetCryptoKeyVersionRequest) ProtoMessage()

func (*GetCryptoKeyVersionRequest) ProtoReflect

func (*GetCryptoKeyVersionRequest) Reset

func (x *GetCryptoKeyVersionRequest) Reset()

func (*GetCryptoKeyVersionRequest) String

func (x *GetCryptoKeyVersionRequest) String() string

GetEkmConfigRequest

type GetEkmConfigRequest struct {

	// Required. The [name][google.cloud.kms.v1.EkmConfig.name] of the
	// [EkmConfig][google.cloud.kms.v1.EkmConfig] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [EkmService.GetEkmConfig][google.cloud.kms.v1.EkmService.GetEkmConfig].

func (*GetEkmConfigRequest) Descriptor

func (*GetEkmConfigRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetEkmConfigRequest.ProtoReflect.Descriptor instead.

func (*GetEkmConfigRequest) GetName

func (x *GetEkmConfigRequest) GetName() string

func (*GetEkmConfigRequest) ProtoMessage

func (*GetEkmConfigRequest) ProtoMessage()

func (*GetEkmConfigRequest) ProtoReflect

func (x *GetEkmConfigRequest) ProtoReflect() protoreflect.Message

func (*GetEkmConfigRequest) Reset

func (x *GetEkmConfigRequest) Reset()

func (*GetEkmConfigRequest) String

func (x *GetEkmConfigRequest) String() string

GetEkmConnectionRequest

type GetEkmConnectionRequest struct {

	// Required. The [name][google.cloud.kms.v1.EkmConnection.name] of the
	// [EkmConnection][google.cloud.kms.v1.EkmConnection] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [EkmService.GetEkmConnection][google.cloud.kms.v1.EkmService.GetEkmConnection].

func (*GetEkmConnectionRequest) Descriptor

func (*GetEkmConnectionRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetEkmConnectionRequest.ProtoReflect.Descriptor instead.

func (*GetEkmConnectionRequest) GetName

func (x *GetEkmConnectionRequest) GetName() string

func (*GetEkmConnectionRequest) ProtoMessage

func (*GetEkmConnectionRequest) ProtoMessage()

func (*GetEkmConnectionRequest) ProtoReflect

func (x *GetEkmConnectionRequest) ProtoReflect() protoreflect.Message

func (*GetEkmConnectionRequest) Reset

func (x *GetEkmConnectionRequest) Reset()

func (*GetEkmConnectionRequest) String

func (x *GetEkmConnectionRequest) String() string

GetImportJobRequest

type GetImportJobRequest struct {

	// Required. The [name][google.cloud.kms.v1.ImportJob.name] of the
	// [ImportJob][google.cloud.kms.v1.ImportJob] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetImportJob][google.cloud.kms.v1.KeyManagementService.GetImportJob].

func (*GetImportJobRequest) Descriptor

func (*GetImportJobRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetImportJobRequest.ProtoReflect.Descriptor instead.

func (*GetImportJobRequest) GetName

func (x *GetImportJobRequest) GetName() string

func (*GetImportJobRequest) ProtoMessage

func (*GetImportJobRequest) ProtoMessage()

func (*GetImportJobRequest) ProtoReflect

func (x *GetImportJobRequest) ProtoReflect() protoreflect.Message

func (*GetImportJobRequest) Reset

func (x *GetImportJobRequest) Reset()

func (*GetImportJobRequest) String

func (x *GetImportJobRequest) String() string

GetKeyHandleRequest

type GetKeyHandleRequest struct {

	// Required. Name of the [KeyHandle][google.cloud.kms.v1.KeyHandle] resource,
	// e.g.
	// `projects/{PROJECT_ID}/locations/{LOCATION}/keyHandles/{KEY_HANDLE_ID}`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [GetKeyHandle][google.cloud.kms.v1.Autokey.GetKeyHandle].

func (*GetKeyHandleRequest) Descriptor

func (*GetKeyHandleRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetKeyHandleRequest.ProtoReflect.Descriptor instead.

func (*GetKeyHandleRequest) GetName

func (x *GetKeyHandleRequest) GetName() string

func (*GetKeyHandleRequest) ProtoMessage

func (*GetKeyHandleRequest) ProtoMessage()

func (*GetKeyHandleRequest) ProtoReflect

func (x *GetKeyHandleRequest) ProtoReflect() protoreflect.Message

func (*GetKeyHandleRequest) Reset

func (x *GetKeyHandleRequest) Reset()

func (*GetKeyHandleRequest) String

func (x *GetKeyHandleRequest) String() string

GetKeyRingRequest

type GetKeyRingRequest struct {

	// Required. The [name][google.cloud.kms.v1.KeyRing.name] of the
	// [KeyRing][google.cloud.kms.v1.KeyRing] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetKeyRing][google.cloud.kms.v1.KeyManagementService.GetKeyRing].

func (*GetKeyRingRequest) Descriptor

func (*GetKeyRingRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetKeyRingRequest.ProtoReflect.Descriptor instead.

func (*GetKeyRingRequest) GetName

func (x *GetKeyRingRequest) GetName() string

func (*GetKeyRingRequest) ProtoMessage

func (*GetKeyRingRequest) ProtoMessage()

func (*GetKeyRingRequest) ProtoReflect

func (x *GetKeyRingRequest) ProtoReflect() protoreflect.Message

func (*GetKeyRingRequest) Reset

func (x *GetKeyRingRequest) Reset()

func (*GetKeyRingRequest) String

func (x *GetKeyRingRequest) String() string

GetPublicKeyRequest

type GetPublicKeyRequest struct {

	// Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].

func (*GetPublicKeyRequest) Descriptor

func (*GetPublicKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetPublicKeyRequest.ProtoReflect.Descriptor instead.

func (*GetPublicKeyRequest) GetName

func (x *GetPublicKeyRequest) GetName() string

func (*GetPublicKeyRequest) ProtoMessage

func (*GetPublicKeyRequest) ProtoMessage()

func (*GetPublicKeyRequest) ProtoReflect

func (x *GetPublicKeyRequest) ProtoReflect() protoreflect.Message

func (*GetPublicKeyRequest) Reset

func (x *GetPublicKeyRequest) Reset()

func (*GetPublicKeyRequest) String

func (x *GetPublicKeyRequest) String() string

ImportCryptoKeyVersionRequest

type ImportCryptoKeyVersionRequest struct {
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`

	CryptoKeyVersion string `protobuf:"bytes,6,opt,name=crypto_key_version,json=cryptoKeyVersion,proto3" json:"crypto_key_version,omitempty"`

	Algorithm CryptoKeyVersion_CryptoKeyVersionAlgorithm "" /* 140 byte string literal not displayed */

	ImportJob string `protobuf:"bytes,4,opt,name=import_job,json=importJob,proto3" json:"import_job,omitempty"`

	WrappedKey []byte `protobuf:"bytes,8,opt,name=wrapped_key,json=wrappedKey,proto3" json:"wrapped_key,omitempty"`

	WrappedKeyMaterial isImportCryptoKeyVersionRequest_WrappedKeyMaterial `protobuf_oneof:"wrapped_key_material"`

}

Request message for [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion].

func (*ImportCryptoKeyVersionRequest) Descriptor

func (*ImportCryptoKeyVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use ImportCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.

func (*ImportCryptoKeyVersionRequest) GetAlgorithm

func (*ImportCryptoKeyVersionRequest) GetCryptoKeyVersion

func (x *ImportCryptoKeyVersionRequest) GetCryptoKeyVersion() string

func (*ImportCryptoKeyVersionRequest) GetImportJob

func (x *ImportCryptoKeyVersionRequest) GetImportJob() string

func (*ImportCryptoKeyVersionRequest) GetParent

func (x *ImportCryptoKeyVersionRequest) GetParent() string

func (*ImportCryptoKeyVersionRequest) GetRsaAesWrappedKey

func (x *ImportCryptoKeyVersionRequest) GetRsaAesWrappedKey() []byte

func (*ImportCryptoKeyVersionRequest) GetWrappedKey

func (x *ImportCryptoKeyVersionRequest) GetWrappedKey() []byte

func (*ImportCryptoKeyVersionRequest) GetWrappedKeyMaterial

func (m *ImportCryptoKeyVersionRequest) GetWrappedKeyMaterial() isImportCryptoKeyVersionRequest_WrappedKeyMaterial

func (*ImportCryptoKeyVersionRequest) ProtoMessage

func (*ImportCryptoKeyVersionRequest) ProtoMessage()

func (*ImportCryptoKeyVersionRequest) ProtoReflect

func (*ImportCryptoKeyVersionRequest) Reset

func (x *ImportCryptoKeyVersionRequest) Reset()

func (*ImportCryptoKeyVersionRequest) String

ImportCryptoKeyVersionRequest_RsaAesWrappedKey

type ImportCryptoKeyVersionRequest_RsaAesWrappedKey struct {
	// Optional. This field has the same meaning as
	// [wrapped_key][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key].
	// Prefer to use that field in new work. Either that field or this field
	// (but not both) must be specified.
	RsaAesWrappedKey []byte `protobuf:"bytes,5,opt,name=rsa_aes_wrapped_key,json=rsaAesWrappedKey,proto3,oneof"`
}

ImportJob

type ImportJob struct {
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`

	ImportMethod ImportJob_ImportMethod "" /* 146 byte string literal not displayed */

	ProtectionLevel ProtectionLevel "" /* 148 byte string literal not displayed */

	CreateTime *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`

	GenerateTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=generate_time,json=generateTime,proto3" json:"generate_time,omitempty"`

	ExpireTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=expire_time,json=expireTime,proto3" json:"expire_time,omitempty"`

	ExpireEventTime *timestamppb.Timestamp `protobuf:"bytes,10,opt,name=expire_event_time,json=expireEventTime,proto3" json:"expire_event_time,omitempty"`

	State ImportJob_ImportJobState `protobuf:"varint,6,opt,name=state,proto3,enum=google.cloud.kms.v1.ImportJob_ImportJobState" json:"state,omitempty"`

	PublicKey *ImportJob_WrappingPublicKey `protobuf:"bytes,7,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`

	Attestation *KeyOperationAttestation `protobuf:"bytes,8,opt,name=attestation,proto3" json:"attestation,omitempty"`

}

An [ImportJob][google.cloud.kms.v1.ImportJob] can be used to create [CryptoKeys][google.cloud.kms.v1.CryptoKey] and [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] using pre-existing key material, generated outside of Cloud KMS.

When an [ImportJob][google.cloud.kms.v1.ImportJob] is created, Cloud KMS will generate a "wrapping key", which is a public/private key pair. You use the wrapping key to encrypt (also known as wrap) the pre-existing key material to protect it during the import process. The nature of the wrapping key depends on the choice of [import_method][google.cloud.kms.v1.ImportJob.import_method]. When the wrapping key generation is complete, the [state][google.cloud.kms.v1.ImportJob.state] will be set to [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] and the [public_key][google.cloud.kms.v1.ImportJob.public_key] can be fetched. The fetched public key can then be used to wrap your pre-existing key material.

Once the key material is wrapped, it can be imported into a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] by calling [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. Multiple [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] can be imported with a single [ImportJob][google.cloud.kms.v1.ImportJob]. Cloud KMS uses the private key portion of the wrapping key to unwrap the key material. Only Cloud KMS has access to the private key.

An [ImportJob][google.cloud.kms.v1.ImportJob] expires 3 days after it is created. Once expired, Cloud KMS will no longer be able to import or unwrap any key material that was wrapped with the [ImportJob][google.cloud.kms.v1.ImportJob]'s public key.

For more information, see Importing a key.

func (*ImportJob) Descriptor

func (*ImportJob) Descriptor() ([]byte, []int)

Deprecated: Use ImportJob.ProtoReflect.Descriptor instead.

func (*ImportJob) GetAttestation

func (x *ImportJob) GetAttestation() *KeyOperationAttestation

func (*ImportJob) GetCreateTime

func (x *ImportJob) GetCreateTime() *timestamppb.Timestamp

func (*ImportJob) GetExpireEventTime

func (x *ImportJob) GetExpireEventTime() *timestamppb.Timestamp

func (*ImportJob) GetExpireTime

func (x *ImportJob) GetExpireTime() *timestamppb.Timestamp

func (*ImportJob) GetGenerateTime

func (x *ImportJob) GetGenerateTime() *timestamppb.Timestamp

func (*ImportJob) GetImportMethod

func (x *ImportJob) GetImportMethod() ImportJob_ImportMethod

func (*ImportJob) GetName

func (x *ImportJob) GetName() string

func (*ImportJob) GetProtectionLevel

func (x *ImportJob) GetProtectionLevel() ProtectionLevel

func (*ImportJob) GetPublicKey

func (x *ImportJob) GetPublicKey() *ImportJob_WrappingPublicKey

func (*ImportJob) GetState

func (x *ImportJob) GetState() ImportJob_ImportJobState

func (*ImportJob) ProtoMessage

func (*ImportJob) ProtoMessage()

func (*ImportJob) ProtoReflect

func (x *ImportJob) ProtoReflect() protoreflect.Message

func (*ImportJob) Reset

func (x *ImportJob) Reset()

func (*ImportJob) String

func (x *ImportJob) String() string

ImportJob_ImportJobState

type ImportJob_ImportJobState int32

The state of the [ImportJob][google.cloud.kms.v1.ImportJob], indicating if it can be used.