KeyManagementServiceClient(
transport=None, channel=None, credentials=None, client_config=None, client_info=None
)
Google Cloud Key Management Service
Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:
KeyRing
CryptoKey
CryptoKeyVersion
If you are using manual gRPC libraries, see Using gRPC with Cloud
KMS <https://cloud.google.com/kms/docs/grpc>
__.
Methods
KeyManagementServiceClient
KeyManagementServiceClient(
transport=None, channel=None, credentials=None, client_config=None, client_info=None
)
Constructor.
Name | Description |
channel |
grpc.Channel
DEPRECATED. A |
credentials |
google.auth.credentials.Credentials
The authorization credentials to attach to requests. These credentials identify this application to the service. If none are specified, the client will attempt to ascertain the credentials from the environment. This argument is mutually exclusive with providing a transport instance to |
client_config |
dict
DEPRECATED. A dictionary of call options for each method. If not specified, the default configuration is used. |
client_info |
google.api_core.gapic_v1.client_info.ClientInfo
The client info used to send a user-agent string along with API requests. If |
asymmetric_decrypt
asymmetric_decrypt(name, ciphertext, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Decrypts data that was encrypted with a public key retrieved from
GetPublicKey
corresponding to a CryptoKeyVersion
with
CryptoKey.purpose
ASYMMETRIC_DECRYPT.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]')
TODO: Initialize
ciphertext
:ciphertext = b''
response = client.asymmetric_decrypt(name, ciphertext)
Name | Description |
name |
str
Required. The resource name of the |
ciphertext |
bytes
Required. The data encrypted with the named |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
asymmetric_sign
asymmetric_sign(name, digest, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Signs data using a CryptoKeyVersion
with CryptoKey.purpose
ASYMMETRIC_SIGN, producing a signature that can be verified with the
public key retrieved from GetPublicKey
.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]')
TODO: Initialize
digest
:digest = {}
response = client.asymmetric_sign(name, digest)
Name | Description |
name |
str
Required. The resource name of the |
digest |
Union[dict, Digest]
Required. The digest of the data to sign. The digest must be produced with the same digest algorithm as specified by the key version's |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
create_crypto_key
create_crypto_key(parent, crypto_key_id, crypto_key, skip_initial_version_creation=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Create a new CryptoKey
within a KeyRing
.
CryptoKey.purpose
and CryptoKey.version_template.algorithm
are
required.
.. rubric:: Example
from google.cloud import kms_v1 from google.cloud.kms_v1 import enums
client = kms_v1.KeyManagementServiceClient()
parent = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]') crypto_key_id = 'my-app-key' purpose = enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT seconds = 2147483647 next_rotation_time = {'seconds': seconds} seconds_2 = 604800 rotation_period = {'seconds': seconds_2} crypto_key = {'purpose': purpose, 'next_rotation_time': next_rotation_time, 'rotation_period': rotation_period}
response = client.create_crypto_key(parent, crypto_key_id, crypto_key)
Name | Description |
parent |
str
Required. The |
crypto_key_id |
str
Required. It must be unique within a KeyRing and match the regular expression |
crypto_key |
Union[dict, CryptoKey]
A |
skip_initial_version_creation |
bool
If set to true, the request will create a |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
create_crypto_key_version
create_crypto_key_version(parent, crypto_key_version, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Create a new CryptoKeyVersion
in a CryptoKey
.
The server will assign the next sequential id. If unset, state
will
be set to ENABLED
.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
parent = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]')
TODO: Initialize
crypto_key_version
:crypto_key_version = {}
response = client.create_crypto_key_version(parent, crypto_key_version)
Name | Description |
parent |
str
Required. The |
crypto_key_version |
Union[dict, CryptoKeyVersion]
A |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
create_import_job
create_import_job(parent, import_job_id, import_job, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Create a new ImportJob
within a KeyRing
.
ImportJob.import_method
is required.
.. rubric:: Example
from google.cloud import kms_v1 from google.cloud.kms_v1 import enums
client = kms_v1.KeyManagementServiceClient()
parent = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]') import_job_id = 'my-import-job' import_method = enums.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256 protection_level = enums.ProtectionLevel.HSM import_job = {'import_method': import_method, 'protection_level': protection_level}
response = client.create_import_job(parent, import_job_id, import_job)
Name | Description |
parent |
str
Required. The |
import_job_id |
str
Required. It must be unique within a KeyRing and match the regular expression |
import_job |
Union[dict, ImportJob]
Required. An |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
create_key_ring
create_key_ring(parent, key_ring_id, key_ring, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Create a new KeyRing
in a given Project and Location.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
parent = client.location_path('[PROJECT]', '[LOCATION]')
TODO: Initialize
key_ring_id
:key_ring_id = ''
TODO: Initialize
key_ring
:key_ring = {}
response = client.create_key_ring(parent, key_ring_id, key_ring)
Name | Description |
parent |
str
Required. The resource name of the location associated with the |
key_ring_id |
str
Required. It must be unique within a location and match the regular expression |
key_ring |
Union[dict, KeyRing]
A |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
crypto_key_path
crypto_key_path(project, location, key_ring, crypto_key)
Return a fully-qualified crypto_key string.
crypto_key_path_path
crypto_key_path_path(project, location, key_ring, crypto_key_path)
Return a fully-qualified crypto_key_path string.
crypto_key_version_path
crypto_key_version_path(
project, location, key_ring, crypto_key, crypto_key_version
)
Return a fully-qualified crypto_key_version string.
decrypt
decrypt(name, ciphertext, additional_authenticated_data=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Decrypts data that was protected by Encrypt
. The
CryptoKey.purpose
must be ENCRYPT_DECRYPT
.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]')
TODO: Initialize
ciphertext
:ciphertext = b''
response = client.decrypt(name, ciphertext)
Name | Description |
name |
str
Required. The resource name of the |
ciphertext |
bytes
Required. The encrypted data originally returned in |
additional_authenticated_data |
bytes
Optional data that must match the data originally supplied in |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
destroy_crypto_key_version
destroy_crypto_key_version(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Schedule a CryptoKeyVersion
for destruction.
Upon calling this method, CryptoKeyVersion.state
will be set to
DESTROY_SCHEDULED
and destroy_time
will be set to a time 24
hours in the future, at which point the state
will be changed to
DESTROYED
, and the key material will be irrevocably destroyed.
Before the destroy_time
is reached, RestoreCryptoKeyVersion
may
be called to reverse the process.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]')
response = client.destroy_crypto_key_version(name)
Name | Description |
name |
str
The resource name of the |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
encrypt
encrypt(name, plaintext, additional_authenticated_data=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Encrypts data, so that it can only be recovered by a call to
Decrypt
. The CryptoKey.purpose
must be ENCRYPT_DECRYPT
.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
name = client.crypto_key_path_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY_PATH]')
TODO: Initialize
plaintext
:plaintext = b''
response = client.encrypt(name, plaintext)
Name | Description |
name |
str
Required. The resource name of the |
plaintext |
bytes
Required. The data to encrypt. Must be no larger than 64KiB. The maximum size depends on the key version's |
additional_authenticated_data |
bytes
Optional data that, if specified, must also be provided during decryption through |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
from_service_account_file
from_service_account_file(filename, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Name | Description |
filename |
str
The path to the service account private key json file. |
Type | Description |
KeyManagementServiceClient | The constructed client. |
from_service_account_json
from_service_account_json(filename, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Name | Description |
filename |
str
The path to the service account private key json file. |
Type | Description |
KeyManagementServiceClient | The constructed client. |
get_crypto_key
get_crypto_key(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Returns metadata for a given CryptoKey
, as well as its primary
CryptoKeyVersion
.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]')
response = client.get_crypto_key(name)
Name | Description |
name |
str
The |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
get_crypto_key_version
get_crypto_key_version(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Returns metadata for a given CryptoKeyVersion
.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]')
response = client.get_crypto_key_version(name)
Name | Description |
name |
str
The |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
get_iam_policy
get_iam_policy(resource, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
resource = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
response = client.get_iam_policy(resource)
Name | Description |
resource |
str
REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
get_import_job
get_import_job(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Returns metadata for a given ImportJob
.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
name = client.import_job_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[IMPORT_JOB]')
response = client.get_import_job(name)
Name | Description |
name |
str
The |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
get_key_ring
get_key_ring(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Returns metadata for a given KeyRing
.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
name = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
response = client.get_key_ring(name)
Name | Description |
name |
str
The |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
get_public_key
get_public_key(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Returns the public key for the given CryptoKeyVersion
. The
CryptoKey.purpose
must be ASYMMETRIC_SIGN
or
ASYMMETRIC_DECRYPT
.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]')
response = client.get_public_key(name)
Name | Description |
name |
str
The |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
import_crypto_key_version
import_crypto_key_version(parent, algorithm, import_job, rsa_aes_wrapped_key=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Imports a new CryptoKeyVersion
into an existing CryptoKey
using
the wrapped key material provided in the request.
The version ID will be assigned the next sequential id within the
CryptoKey
.
.. rubric:: Example
from google.cloud import kms_v1 from google.cloud.kms_v1 import enums
client = kms_v1.KeyManagementServiceClient()
parent = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]')
TODO: Initialize
algorithm
:algorithm = enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED
TODO: Initialize
import_job
:import_job = ''
response = client.import_crypto_key_version(parent, algorithm, import_job)
Name | Description |
parent |
str
Required. The |
algorithm |
CryptoKeyVersionAlgorithm
Required. The |
import_job |
str
Required. The |
rsa_aes_wrapped_key |
bytes
Wrapped key material produced with
|
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
import_job_path
import_job_path(project, location, key_ring, import_job)
Return a fully-qualified import_job string.
key_ring_path
key_ring_path(project, location, key_ring)
Return a fully-qualified key_ring string.
list_crypto_key_versions
list_crypto_key_versions(parent, page_size=None, view=None, filter_=None, order_by=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Lists CryptoKeyVersions
.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
parent = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]')
Iterate over all results
for element in client.list_crypto_key_versions(parent): ... # process element ... pass
Alternatively:
Iterate over results one page at a time
for page in client.list_crypto_key_versions(parent).pages: ... for element in page: ... # process element ... pass
Name | Description |
parent |
str
Required. The resource name of the |
page_size |
int
The maximum number of resources contained in the underlying API response. If page streaming is performed per- resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page. |
view |
CryptoKeyVersionView
The fields to include in the response. |
filter_ |
str
Optional. Only include resources that match the filter in the response. |
order_by |
str
Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
list_crypto_keys
list_crypto_keys(parent, page_size=None, version_view=None, filter_=None, order_by=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Lists CryptoKeys
.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
parent = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
Iterate over all results
for element in client.list_crypto_keys(parent): ... # process element ... pass
Alternatively:
Iterate over results one page at a time
for page in client.list_crypto_keys(parent).pages: ... for element in page: ... # process element ... pass
Name | Description |
parent |
str
Required. The resource name of the |
page_size |
int
The maximum number of resources contained in the underlying API response. If page streaming is performed per- resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page. |
version_view |
CryptoKeyVersionView
The fields of the primary version to include in the response. |
filter_ |
str
Optional. Only include resources that match the filter in the response. |
order_by |
str
Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
list_import_jobs
list_import_jobs(parent, page_size=None, filter_=None, order_by=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Lists ImportJobs
.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
parent = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
Iterate over all results
for element in client.list_import_jobs(parent): ... # process element ... pass
Alternatively:
Iterate over results one page at a time
for page in client.list_import_jobs(parent).pages: ... for element in page: ... # process element ... pass
Name | Description |
parent |
str
Required. The resource name of the |
page_size |
int
The maximum number of resources contained in the underlying API response. If page streaming is performed per- resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page. |
filter_ |
str
Optional. Only include resources that match the filter in the response. |
order_by |
str
Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
list_key_rings
list_key_rings(parent, page_size=None, filter_=None, order_by=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Lists KeyRings
.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
parent = client.location_path('[PROJECT]', '[LOCATION]')
Iterate over all results
for element in client.list_key_rings(parent): ... # process element ... pass
Alternatively:
Iterate over results one page at a time
for page in client.list_key_rings(parent).pages: ... for element in page: ... # process element ... pass
Name | Description |
parent |
str
Required. The resource name of the location associated with the |
page_size |
int
The maximum number of resources contained in the underlying API response. If page streaming is performed per- resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page. |
filter_ |
str
Optional. Only include resources that match the filter in the response. |
order_by |
str
Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
location_path
location_path(project, location)
Return a fully-qualified location string.
restore_crypto_key_version
restore_crypto_key_version(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Restore a CryptoKeyVersion
in the DESTROY_SCHEDULED
state.
Upon restoration of the CryptoKeyVersion, state
will be set to
DISABLED
, and destroy_time
will be cleared.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]')
response = client.restore_crypto_key_version(name)
Name | Description |
name |
str
The resource name of the |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
set_iam_policy
set_iam_policy(resource, policy, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Sets the access control policy on the specified resource. Replaces any existing policy.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
resource = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
TODO: Initialize
policy
:policy = {}
response = client.set_iam_policy(resource, policy)
Name | Description |
resource |
str
REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. |
policy |
Union[dict, Policy]
REQUIRED: The complete policy to be applied to the |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
test_iam_permissions
test_iam_permissions(resource, permissions, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error.
Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
resource = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
TODO: Initialize
permissions
:permissions = []
response = client.test_iam_permissions(resource, permissions)
Name | Description |
resource |
str
REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field. |
permissions |
list[str]
The set of permissions to check for the |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
update_crypto_key
update_crypto_key(crypto_key, update_mask, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Update a CryptoKey
.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
TODO: Initialize
crypto_key
:crypto_key = {}
TODO: Initialize
update_mask
:update_mask = {}
response = client.update_crypto_key(crypto_key, update_mask)
Name | Description |
crypto_key |
Union[dict, CryptoKey]
|
update_mask |
Union[dict, FieldMask]
Required list of fields to be updated in this request. If a dict is provided, it must be of the same form as the protobuf message FieldMask |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
update_crypto_key_primary_version
update_crypto_key_primary_version(name, crypto_key_version_id, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Update the version of a CryptoKey
that will be used in Encrypt
.
Returns an error if called on an asymmetric key.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]')
TODO: Initialize
crypto_key_version_id
:crypto_key_version_id = ''
response = client.update_crypto_key_primary_version(name, crypto_key_version_id)
Name | Description |
name |
str
The resource name of the |
crypto_key_version_id |
str
The id of the child |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |
update_crypto_key_version
update_crypto_key_version(crypto_key_version, update_mask, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)
Update a CryptoKeyVersion
's metadata.
state
may be changed between ENABLED
and DISABLED
using this
method. See DestroyCryptoKeyVersion
and RestoreCryptoKeyVersion
to move between other states.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
TODO: Initialize
crypto_key_version
:crypto_key_version = {}
TODO: Initialize
update_mask
:update_mask = {}
response = client.update_crypto_key_version(crypto_key_version, update_mask)
Name | Description |
crypto_key_version |
Union[dict, CryptoKeyVersion]
|
update_mask |
Union[dict, FieldMask]
Required list of fields to be updated in this request. If a dict is provided, it must be of the same form as the protobuf message FieldMask |
retry |
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If |
timeout |
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if |
metadata |
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method. |
Type | Description |
google.api_core.exceptions.GoogleAPICallError | If the request failed for any reason. |
google.api_core.exceptions.RetryError | If the request failed due to a retryable error and retry attempts failed. |
ValueError | If the parameters are invalid. |