KeyManagementServiceAsyncClient(*, credentials: Optional[google.auth.credentials.Credentials] = None, transport: Union[str, google.cloud.kms_v1.services.key_management_service.transports.base.KeyManagementServiceTransport] = 'grpc_asyncio', client_options: Optional[google.api_core.client_options.ClientOptions] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)Google Cloud Key Management Service
Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:
- KeyRing
- CryptoKey
- CryptoKeyVersion
- ImportJob
If you are using manual gRPC libraries, see Using gRPC with Cloud
KMS <https://cloud.google.com/kms/docs/grpc>__.
Properties
transport
Returns the transport used by the client instance.
| Type | Description |
KeyManagementServiceTransport | The transport used by the client instance. |
Methods
KeyManagementServiceAsyncClient
KeyManagementServiceAsyncClient(*, credentials: Optional[google.auth.credentials.Credentials] = None, transport: Union[str, google.cloud.kms_v1.services.key_management_service.transports.base.KeyManagementServiceTransport] = 'grpc_asyncio', client_options: Optional[google.api_core.client_options.ClientOptions] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)Instantiates the key management service client.
| Name | Description |
credentials |
Optional[google.auth.credentials.Credentials]
The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment. |
transport |
Union[str,
The transport to use. If set to None, a transport is chosen automatically. |
client_options |
ClientOptions
Custom options for the client. It won't take effect if a |
| Type | Description |
google.auth.exceptions.MutualTlsChannelError | If mutual TLS transport creation failed for any reason. |
asymmetric_decrypt
asymmetric_decrypt(request: Optional[Union[google.cloud.kms_v1.types.service.AsymmetricDecryptRequest, dict]] = None, *, name: Optional[str] = None, ciphertext: Optional[bytes] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Decrypts data that was encrypted with a public key retrieved from xref_GetPublicKey corresponding to a xref_CryptoKeyVersion with xref_CryptoKey.purpose ASYMMETRIC_DECRYPT.
from google.cloud import kms_v1
async def sample_asymmetric_decrypt():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
request = kms_v1.AsymmetricDecryptRequest(
name="name_value",
ciphertext=b'ciphertext_blob',
)
# Make the request
response = await client.asymmetric_decrypt(request=request)
# Handle the response
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.AsymmetricDecryptRequest, dict]
The request object. Request message for KeyManagementService.AsymmetricDecrypt. |
name |
Required. The resource name of the CryptoKeyVersion to use for decryption. This corresponds to the |
ciphertext |
Required. The data encrypted with the named CryptoKeyVersion's public key using OAEP. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.types.AsymmetricDecryptResponse | Response message for KeyManagementService.AsymmetricDecrypt. |
asymmetric_sign
asymmetric_sign(request: Optional[Union[google.cloud.kms_v1.types.service.AsymmetricSignRequest, dict]] = None, *, name: Optional[str] = None, digest: Optional[google.cloud.kms_v1.types.service.Digest] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Signs data using a xref_CryptoKeyVersion with xref_CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from xref_GetPublicKey.
from google.cloud import kms_v1
async def sample_asymmetric_sign():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
request = kms_v1.AsymmetricSignRequest(
name="name_value",
)
# Make the request
response = await client.asymmetric_sign(request=request)
# Handle the response
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.AsymmetricSignRequest, dict]
The request object. Request message for KeyManagementService.AsymmetricSign. |
name |
Required. The resource name of the CryptoKeyVersion to use for signing. This corresponds to the |
digest |
Digest
Optional. The digest of the data to sign. The digest must be produced with the same digest algorithm as specified by the key version's algorithm. This field may not be supplied if AsymmetricSignRequest.data is supplied. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.types.AsymmetricSignResponse | Response message for KeyManagementService.AsymmetricSign. |
common_billing_account_path
common_billing_account_path(billing_account: str)Returns a fully-qualified billing_account string.
common_folder_path
common_folder_path(folder: str)Returns a fully-qualified folder string.
common_location_path
common_location_path(project: str, location: str)Returns a fully-qualified location string.
common_organization_path
common_organization_path(organization: str)Returns a fully-qualified organization string.
common_project_path
common_project_path(project: str)Returns a fully-qualified project string.
create_crypto_key
create_crypto_key(request: Optional[Union[google.cloud.kms_v1.types.service.CreateCryptoKeyRequest, dict]] = None, *, parent: Optional[str] = None, crypto_key_id: Optional[str] = None, crypto_key: Optional[google.cloud.kms_v1.types.resources.CryptoKey] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Create a new xref_CryptoKey within a xref_KeyRing.
xref_CryptoKey.purpose and xref_CryptoKey.version_template.algorithm are required.
from google.cloud import kms_v1
async def sample_create_crypto_key():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
request = kms_v1.CreateCryptoKeyRequest(
parent="parent_value",
crypto_key_id="crypto_key_id_value",
)
# Make the request
response = await client.create_crypto_key(request=request)
# Handle the response
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.CreateCryptoKeyRequest, dict]
The request object. Request message for KeyManagementService.CreateCryptoKey. |
parent |
Required. The name of the KeyRing associated with the CryptoKeys. This corresponds to the |
crypto_key_id |
Required. It must be unique within a KeyRing and match the regular expression |
crypto_key |
CryptoKey
Required. A CryptoKey with initial field values. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.types.CryptoKey | A CryptoKey represents a logical key that can be used for cryptographic operations. A CryptoKey is made up of zero or more versions, which represent the actual key material used in cryptographic operations. |
create_crypto_key_version
create_crypto_key_version(request: Optional[Union[google.cloud.kms_v1.types.service.CreateCryptoKeyVersionRequest, dict]] = None, *, parent: Optional[str] = None, crypto_key_version: Optional[google.cloud.kms_v1.types.resources.CryptoKeyVersion] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Create a new xref_CryptoKeyVersion in a xref_CryptoKey.
The server will assign the next sequential id. If unset, xref_state will be set to xref_ENABLED.
from google.cloud import kms_v1
async def sample_create_crypto_key_version():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
request = kms_v1.CreateCryptoKeyVersionRequest(
parent="parent_value",
)
# Make the request
response = await client.create_crypto_key_version(request=request)
# Handle the response
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.CreateCryptoKeyVersionRequest, dict]
The request object. Request message for KeyManagementService.CreateCryptoKeyVersion. |
parent |
Required. The name of the CryptoKey associated with the CryptoKeyVersions. This corresponds to the |
crypto_key_version |
CryptoKeyVersion
Required. A CryptoKeyVersion with initial field values. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.types.CryptoKeyVersion | A CryptoKeyVersion represents an individual cryptographic key, and the associated key material. An ENABLED version can be used for cryptographic operations. For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS. |
create_import_job
create_import_job(request: Optional[Union[google.cloud.kms_v1.types.service.CreateImportJobRequest, dict]] = None, *, parent: Optional[str] = None, import_job_id: Optional[str] = None, import_job: Optional[google.cloud.kms_v1.types.resources.ImportJob] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Create a new xref_ImportJob within a xref_KeyRing.
xref_ImportJob.import_method is required.
from google.cloud import kms_v1
async def sample_create_import_job():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
import_job = kms_v1.ImportJob()
import_job.import_method = "RSA_OAEP_4096_SHA1_AES_256"
import_job.protection_level = "EXTERNAL_VPC"
request = kms_v1.CreateImportJobRequest(
parent="parent_value",
import_job_id="import_job_id_value",
import_job=import_job,
)
# Make the request
response = await client.create_import_job(request=request)
# Handle the response
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.CreateImportJobRequest, dict]
The request object. Request message for KeyManagementService.CreateImportJob. |
parent |
Required. The name of the KeyRing associated with the ImportJobs. This corresponds to the |
import_job_id |
Required. It must be unique within a KeyRing and match the regular expression |
import_job |
ImportJob
Required. An ImportJob with initial field values. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.types.ImportJob | An ImportJob can be used to create CryptoKeys and CryptoKeyVersions using pre-existing key material, generated outside of Cloud KMS. When an ImportJob is created, Cloud KMS will generate a "wrapping key", which is a public/private key pair. You use the wrapping key to encrypt (also known as wrap) the pre-existing key material to protect it during the import process. The nature of the wrapping key depends on the choice of import_method. When the wrapping key generation is complete, the state will be set to ACTIVE and the public_key can be fetched. The fetched public key can then be used to wrap your pre-existing key material. Once the key material is wrapped, it can be imported into a new CryptoKeyVersion in an existing CryptoKey by calling ImportCryptoKeyVersion. Multiple CryptoKeyVersions can be imported with a single ImportJob. Cloud KMS uses the private key portion of the wrapping key to unwrap the key material. Only Cloud KMS has access to the private key. An ImportJob expires 3 days after it is created. Once expired, Cloud KMS will no longer be able to import or unwrap any key material that was wrapped with the ImportJob's public key. For more information, see [Importing a key](\ https://cloud.google.com/kms/docs/importing-a-key). |
create_key_ring
create_key_ring(request: Optional[Union[google.cloud.kms_v1.types.service.CreateKeyRingRequest, dict]] = None, *, parent: Optional[str] = None, key_ring_id: Optional[str] = None, key_ring: Optional[google.cloud.kms_v1.types.resources.KeyRing] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Create a new xref_KeyRing in a given Project and Location.
from google.cloud import kms_v1
async def sample_create_key_ring():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
request = kms_v1.CreateKeyRingRequest(
parent="parent_value",
key_ring_id="key_ring_id_value",
)
# Make the request
response = await client.create_key_ring(request=request)
# Handle the response
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.CreateKeyRingRequest, dict]
The request object. Request message for KeyManagementService.CreateKeyRing. |
parent |
Required. The resource name of the location associated with the KeyRings, in the format |
key_ring_id |
Required. It must be unique within a location and match the regular expression |
key_ring |
KeyRing
Required. A KeyRing with initial field values. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.types.KeyRing | A KeyRing is a toplevel logical grouping of CryptoKeys. |
crypto_key_path
crypto_key_path(project: str, location: str, key_ring: str, crypto_key: str)Returns a fully-qualified crypto_key string.
crypto_key_version_path
crypto_key_version_path(
project: str, location: str, key_ring: str, crypto_key: str, crypto_key_version: str
)Returns a fully-qualified crypto_key_version string.
decrypt
decrypt(request: Optional[Union[google.cloud.kms_v1.types.service.DecryptRequest, dict]] = None, *, name: Optional[str] = None, ciphertext: Optional[bytes] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Decrypts data that was protected by xref_Encrypt. The xref_CryptoKey.purpose must be xref_ENCRYPT_DECRYPT.
from google.cloud import kms_v1
async def sample_decrypt():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
request = kms_v1.DecryptRequest(
name="name_value",
ciphertext=b'ciphertext_blob',
)
# Make the request
response = await client.decrypt(request=request)
# Handle the response
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.DecryptRequest, dict]
The request object. Request message for KeyManagementService.Decrypt. |
name |
Required. The resource name of the CryptoKey to use for decryption. The server will choose the appropriate version. This corresponds to the |
ciphertext |
Required. The encrypted data originally returned in EncryptResponse.ciphertext. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.types.DecryptResponse | Response message for KeyManagementService.Decrypt. |
destroy_crypto_key_version
destroy_crypto_key_version(request: Optional[Union[google.cloud.kms_v1.types.service.DestroyCryptoKeyVersionRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Schedule a xref_CryptoKeyVersion for destruction.
Upon calling this method, xref_CryptoKeyVersion.state will be set to xref_DESTROY_SCHEDULED, and xref_destroy_time will be set to the time xref_destroy_scheduled_duration in the future. At that time, the xref_state will automatically change to xref_DESTROYED, and the key material will be irrevocably destroyed.
Before the xref_destroy_time is reached, xref_RestoreCryptoKeyVersion may be called to reverse the process.
from google.cloud import kms_v1
async def sample_destroy_crypto_key_version():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
request = kms_v1.DestroyCryptoKeyVersionRequest(
name="name_value",
)
# Make the request
response = await client.destroy_crypto_key_version(request=request)
# Handle the response
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.DestroyCryptoKeyVersionRequest, dict]
The request object. Request message for KeyManagementService.DestroyCryptoKeyVersion. |
name |
Required. The resource name of the CryptoKeyVersion to destroy. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.types.CryptoKeyVersion | A CryptoKeyVersion represents an individual cryptographic key, and the associated key material. An ENABLED version can be used for cryptographic operations. For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS. |
encrypt
encrypt(request: Optional[Union[google.cloud.kms_v1.types.service.EncryptRequest, dict]] = None, *, name: Optional[str] = None, plaintext: Optional[bytes] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Encrypts data, so that it can only be recovered by a call to xref_Decrypt. The xref_CryptoKey.purpose must be xref_ENCRYPT_DECRYPT.
from google.cloud import kms_v1
async def sample_encrypt():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
request = kms_v1.EncryptRequest(
name="name_value",
plaintext=b'plaintext_blob',
)
# Make the request
response = await client.encrypt(request=request)
# Handle the response
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.EncryptRequest, dict]
The request object. Request message for KeyManagementService.Encrypt. |
name |
Required. The resource name of the CryptoKey or CryptoKeyVersion to use for encryption. If a CryptoKey is specified, the server will use its [primary version][google.cloud.kms.v1.CryptoKey.primary]. This corresponds to the |
plaintext |
Required. The data to encrypt. Must be no larger than 64KiB. The maximum size depends on the key version's protection_level. For SOFTWARE keys, the plaintext must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.types.EncryptResponse | Response message for KeyManagementService.Encrypt. |
from_service_account_file
from_service_account_file(filename: str, *args, **kwargs)Creates an instance of this client using the provided credentials file.
| Name | Description |
filename |
str
The path to the service account private key json file. |
| Type | Description |
KeyManagementServiceAsyncClient | The constructed client. |
from_service_account_info
from_service_account_info(info: dict, *args, **kwargs)Creates an instance of this client using the provided credentials info.
| Name | Description |
info |
dict
The service account private key info. |
| Type | Description |
KeyManagementServiceAsyncClient | The constructed client. |
from_service_account_json
from_service_account_json(filename: str, *args, **kwargs)Creates an instance of this client using the provided credentials file.
| Name | Description |
filename |
str
The path to the service account private key json file. |
| Type | Description |
KeyManagementServiceAsyncClient | The constructed client. |
generate_random_bytes
generate_random_bytes(request: Optional[Union[google.cloud.kms_v1.types.service.GenerateRandomBytesRequest, dict]] = None, *, location: Optional[str] = None, length_bytes: Optional[int] = None, protection_level: Optional[google.cloud.kms_v1.types.resources.ProtectionLevel] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Generate random bytes using the Cloud KMS randomness source in the provided location.
from google.cloud import kms_v1
async def sample_generate_random_bytes():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
request = kms_v1.GenerateRandomBytesRequest(
)
# Make the request
response = await client.generate_random_bytes(request=request)
# Handle the response
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.GenerateRandomBytesRequest, dict]
The request object. Request message for KeyManagementService.GenerateRandomBytes. |
location |
The project-specific location in which to generate random bytes. For example, "projects/my-project/locations/us-central1". This corresponds to the |
length_bytes |
The length in bytes of the amount of randomness to retrieve. Minimum 8 bytes, maximum 1024 bytes. This corresponds to the |
protection_level |
ProtectionLevel
The ProtectionLevel to use when generating the random data. Currently, only HSM protection level is supported. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.types.GenerateRandomBytesResponse | Response message for KeyManagementService.GenerateRandomBytes. |
get_crypto_key
get_crypto_key(request: Optional[Union[google.cloud.kms_v1.types.service.GetCryptoKeyRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Returns metadata for a given xref_CryptoKey, as well as its xref_primary xref_CryptoKeyVersion.
from google.cloud import kms_v1
async def sample_get_crypto_key():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
request = kms_v1.GetCryptoKeyRequest(
name="name_value",
)
# Make the request
response = await client.get_crypto_key(request=request)
# Handle the response
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.GetCryptoKeyRequest, dict]
The request object. Request message for KeyManagementService.GetCryptoKey. |
name |
Required. The name of the CryptoKey to get. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.types.CryptoKey | A CryptoKey represents a logical key that can be used for cryptographic operations. A CryptoKey is made up of zero or more versions, which represent the actual key material used in cryptographic operations. |
get_crypto_key_version
get_crypto_key_version(request: Optional[Union[google.cloud.kms_v1.types.service.GetCryptoKeyVersionRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Returns metadata for a given xref_CryptoKeyVersion.
from google.cloud import kms_v1
async def sample_get_crypto_key_version():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
request = kms_v1.GetCryptoKeyVersionRequest(
name="name_value",
)
# Make the request
response = await client.get_crypto_key_version(request=request)
# Handle the response
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.GetCryptoKeyVersionRequest, dict]
The request object. Request message for KeyManagementService.GetCryptoKeyVersion. |
name |
Required. The name of the CryptoKeyVersion to get. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.types.CryptoKeyVersion | A CryptoKeyVersion represents an individual cryptographic key, and the associated key material. An ENABLED version can be used for cryptographic operations. For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS. |
get_iam_policy
get_iam_policy(request: Optional[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest] = None, *, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Gets the IAM access control policy for a function.
Returns an empty policy if the function exists and does not have a policy set.
| Name | Description |
request |
The request object. Request message for |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
| Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A Policy is a collection of bindings. A binding binds one or more members to a single role. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions (defined by IAM or configured by users). A binding can optionally specify a condition, which is a logic expression that further constrains the role binding based on attributes about the request and/or target resource. **JSON Example**:: { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": ["user:eve@example.com"], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ]="" }="" **yaml="" example**::="" bindings:="" -="" members:="" -="" user:mike@example.com="" -="" group:admins@example.com="" -="" domain:google.com="" -="" serviceaccount:my-project-id@appspot.gserviceaccount.com="" role:="" roles/resourcemanager.organizationadmin="" -="" members:="" -="" user:eve@example.com="" role:="" roles/resourcemanager.organizationviewer="" condition:="" title:="" expirable="" access="" description:="" does="" not="" grant="" access="" after="" sep="" 2020="" expression:="" request.time="">< timestamp('2020-10-01t00:00:00.000z')="" for="" a="" description="" of="" iam="" and="" its="" features,="" see="" the="">IAM developer's guide __. |
get_import_job
get_import_job(request: Optional[Union[google.cloud.kms_v1.types.service.GetImportJobRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Returns metadata for a given xref_ImportJob.
from google.cloud import kms_v1
async def sample_get_import_job():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
request = kms_v1.GetImportJobRequest(
name="name_value",
)
# Make the request
response = await client.get_import_job(request=request)
# Handle the response
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.GetImportJobRequest, dict]
The request object. Request message for KeyManagementService.GetImportJob. |
name |
Required. The name of the ImportJob to get. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.types.ImportJob | An ImportJob can be used to create CryptoKeys and CryptoKeyVersions using pre-existing key material, generated outside of Cloud KMS. When an ImportJob is created, Cloud KMS will generate a "wrapping key", which is a public/private key pair. You use the wrapping key to encrypt (also known as wrap) the pre-existing key material to protect it during the import process. The nature of the wrapping key depends on the choice of import_method. When the wrapping key generation is complete, the state will be set to ACTIVE and the public_key can be fetched. The fetched public key can then be used to wrap your pre-existing key material. Once the key material is wrapped, it can be imported into a new CryptoKeyVersion in an existing CryptoKey by calling ImportCryptoKeyVersion. Multiple CryptoKeyVersions can be imported with a single ImportJob. Cloud KMS uses the private key portion of the wrapping key to unwrap the key material. Only Cloud KMS has access to the private key. An ImportJob expires 3 days after it is created. Once expired, Cloud KMS will no longer be able to import or unwrap any key material that was wrapped with the ImportJob's public key. For more information, see [Importing a key](\ https://cloud.google.com/kms/docs/importing-a-key). |
get_key_ring
get_key_ring(request: Optional[Union[google.cloud.kms_v1.types.service.GetKeyRingRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Returns metadata for a given xref_KeyRing.
from google.cloud import kms_v1
async def sample_get_key_ring():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
request = kms_v1.GetKeyRingRequest(
name="name_value",
)
# Make the request
response = await client.get_key_ring(request=request)
# Handle the response
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.GetKeyRingRequest, dict]
The request object. Request message for KeyManagementService.GetKeyRing. |
name |
Required. The name of the KeyRing to get. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.types.KeyRing | A KeyRing is a toplevel logical grouping of CryptoKeys. |
get_mtls_endpoint_and_cert_source
get_mtls_endpoint_and_cert_source(
client_options: Optional[google.api_core.client_options.ClientOptions] = None,
)Return the API endpoint and client cert source for mutual TLS.
The client cert source is determined in the following order:
(1) if GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is not "true", the
client cert source is None.
(2) if client_options.client_cert_source is provided, use the provided one; if the
default client cert source exists, use the default one; otherwise the client cert
source is None.
The API endpoint is determined in the following order:
(1) if client_options.api_endpoint if provided, use the provided one.
(2) if GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is "always", use the
default mTLS endpoint; if the environment variabel is "never", use the default API
endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise
use the default API endpoint.
More details can be found at https://google.aip.dev/auth/4114.
| Name | Description |
client_options |
google.api_core.client_options.ClientOptions
Custom options for the client. Only the |
| Type | Description |
google.auth.exceptions.MutualTLSChannelError | If any errors happen. |
| Type | Description |
Tuple[str, Callable[[], Tuple[bytes, bytes]]] | returns the API endpoint and the client cert source to use. |
get_public_key
get_public_key(request: Optional[Union[google.cloud.kms_v1.types.service.GetPublicKeyRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Returns the public key for the given xref_CryptoKeyVersion. The xref_CryptoKey.purpose must be xref_ASYMMETRIC_SIGN or xref_ASYMMETRIC_DECRYPT.
from google.cloud import kms_v1
async def sample_get_public_key():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
request = kms_v1.GetPublicKeyRequest(
name="name_value",
)
# Make the request
response = await client.get_public_key(request=request)
# Handle the response
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.GetPublicKeyRequest, dict]
The request object. Request message for KeyManagementService.GetPublicKey. |
name |
Required. The name of the CryptoKeyVersion public key to get. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.types.PublicKey | The public key for a given CryptoKeyVersion. Obtained via GetPublicKey. |
get_transport_class
get_transport_class()Returns an appropriate transport class.
import_crypto_key_version
import_crypto_key_version(request: Optional[Union[google.cloud.kms_v1.types.service.ImportCryptoKeyVersionRequest, dict]] = None, *, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Import wrapped key material into a xref_CryptoKeyVersion.
All requests must specify a xref_CryptoKey. If a xref_CryptoKeyVersion is additionally specified in the request, key material will be reimported into that version. Otherwise, a new version will be created, and will be assigned the next sequential id within the xref_CryptoKey.
from google.cloud import kms_v1
async def sample_import_crypto_key_version():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
request = kms_v1.ImportCryptoKeyVersionRequest(
rsa_aes_wrapped_key=b'rsa_aes_wrapped_key_blob',
parent="parent_value",
algorithm="EXTERNAL_SYMMETRIC_ENCRYPTION",
import_job="import_job_value",
)
# Make the request
response = await client.import_crypto_key_version(request=request)
# Handle the response
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.ImportCryptoKeyVersionRequest, dict]
The request object. Request message for KeyManagementService.ImportCryptoKeyVersion. |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.types.CryptoKeyVersion | A CryptoKeyVersion represents an individual cryptographic key, and the associated key material. An ENABLED version can be used for cryptographic operations. For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS. |
import_job_path
import_job_path(project: str, location: str, key_ring: str, import_job: str)Returns a fully-qualified import_job string.
key_ring_path
key_ring_path(project: str, location: str, key_ring: str)Returns a fully-qualified key_ring string.
list_crypto_key_versions
list_crypto_key_versions(request: Optional[Union[google.cloud.kms_v1.types.service.ListCryptoKeyVersionsRequest, dict]] = None, *, parent: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Lists xref_CryptoKeyVersions.
from google.cloud import kms_v1
async def sample_list_crypto_key_versions():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
request = kms_v1.ListCryptoKeyVersionsRequest(
parent="parent_value",
)
# Make the request
page_result = client.list_crypto_key_versions(request=request)
# Handle the response
async for response in page_result:
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.ListCryptoKeyVersionsRequest, dict]
The request object. Request message for KeyManagementService.ListCryptoKeyVersions. |
parent |
Required. The resource name of the CryptoKey to list, in the format |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.services.key_management_service.pagers.ListCryptoKeyVersionsAsyncPager | Response message for KeyManagementService.ListCryptoKeyVersions. Iterating over this object will yield results and resolve additional pages automatically. |
list_crypto_keys
list_crypto_keys(request: Optional[Union[google.cloud.kms_v1.types.service.ListCryptoKeysRequest, dict]] = None, *, parent: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Lists xref_CryptoKeys.
from google.cloud import kms_v1
async def sample_list_crypto_keys():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
request = kms_v1.ListCryptoKeysRequest(
parent="parent_value",
)
# Make the request
page_result = client.list_crypto_keys(request=request)
# Handle the response
async for response in page_result:
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.ListCryptoKeysRequest, dict]
The request object. Request message for KeyManagementService.ListCryptoKeys. |
parent |
Required. The resource name of the KeyRing to list, in the format |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.services.key_management_service.pagers.ListCryptoKeysAsyncPager | Response message for KeyManagementService.ListCryptoKeys. Iterating over this object will yield results and resolve additional pages automatically. |
list_import_jobs
list_import_jobs(request: Optional[Union[google.cloud.kms_v1.types.service.ListImportJobsRequest, dict]] = None, *, parent: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Lists xref_ImportJobs.
from google.cloud import kms_v1
async def sample_list_import_jobs():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
request = kms_v1.ListImportJobsRequest(
parent="parent_value",
)
# Make the request
page_result = client.list_import_jobs(request=request)
# Handle the response
async for response in page_result:
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.ListImportJobsRequest, dict]
The request object. Request message for KeyManagementService.ListImportJobs. |
parent |
Required. The resource name of the KeyRing to list, in the format |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.services.key_management_service.pagers.ListImportJobsAsyncPager | Response message for KeyManagementService.ListImportJobs. Iterating over this object will yield results and resolve additional pages automatically. |
list_key_rings
list_key_rings(request: Optional[Union[google.cloud.kms_v1.types.service.ListKeyRingsRequest, dict]] = None, *, parent: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Lists xref_KeyRings.
from google.cloud import kms_v1
async def sample_list_key_rings():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
request = kms_v1.ListKeyRingsRequest(
parent="parent_value",
)
# Make the request
page_result = client.list_key_rings(request=request)
# Handle the response
async for response in page_result:
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.ListKeyRingsRequest, dict]
The request object. Request message for KeyManagementService.ListKeyRings. |
parent |
Required. The resource name of the location associated with the KeyRings, in the format |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.services.key_management_service.pagers.ListKeyRingsAsyncPager | Response message for KeyManagementService.ListKeyRings. Iterating over this object will yield results and resolve additional pages automatically. |
mac_sign
mac_sign(request: Optional[Union[google.cloud.kms_v1.types.service.MacSignRequest, dict]] = None, *, name: Optional[str] = None, data: Optional[bytes] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Signs data using a xref_CryptoKeyVersion with xref_CryptoKey.purpose MAC, producing a tag that can be verified by another source with the same key.
from google.cloud import kms_v1
async def sample_mac_sign():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
request = kms_v1.MacSignRequest(
name="name_value",
data=b'data_blob',
)
# Make the request
response = await client.mac_sign(request=request)
# Handle the response
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.MacSignRequest, dict]
The request object. Request message for KeyManagementService.MacSign. |
name |
Required. The resource name of the CryptoKeyVersion to use for signing. This corresponds to the |
data |
Required. The data to sign. The MAC tag is computed over this data field based on the specific algorithm. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.types.MacSignResponse | Response message for KeyManagementService.MacSign. |
mac_verify
mac_verify(request: Optional[Union[google.cloud.kms_v1.types.service.MacVerifyRequest, dict]] = None, *, name: Optional[str] = None, data: Optional[bytes] = None, mac: Optional[bytes] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Verifies MAC tag using a xref_CryptoKeyVersion with xref_CryptoKey.purpose MAC, and returns a response that indicates whether or not the verification was successful.
from google.cloud import kms_v1
async def sample_mac_verify():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
request = kms_v1.MacVerifyRequest(
name="name_value",
data=b'data_blob',
mac=b'mac_blob',
)
# Make the request
response = await client.mac_verify(request=request)
# Handle the response
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.MacVerifyRequest, dict]
The request object. Request message for KeyManagementService.MacVerify. |
name |
Required. The resource name of the CryptoKeyVersion to use for verification. This corresponds to the |
data |
Required. The data used previously as a MacSignRequest.data to generate the MAC tag. This corresponds to the |
mac |
Required. The signature to verify. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.types.MacVerifyResponse | Response message for KeyManagementService.MacVerify. |
parse_common_billing_account_path
parse_common_billing_account_path(path: str)Parse a billing_account path into its component segments.
parse_common_folder_path
parse_common_folder_path(path: str)Parse a folder path into its component segments.
parse_common_location_path
parse_common_location_path(path: str)Parse a location path into its component segments.
parse_common_organization_path
parse_common_organization_path(path: str)Parse a organization path into its component segments.
parse_common_project_path
parse_common_project_path(path: str)Parse a project path into its component segments.
parse_crypto_key_path
parse_crypto_key_path(path: str)Parses a crypto_key path into its component segments.
parse_crypto_key_version_path
parse_crypto_key_version_path(path: str)Parses a crypto_key_version path into its component segments.
parse_import_job_path
parse_import_job_path(path: str)Parses a import_job path into its component segments.
parse_key_ring_path
parse_key_ring_path(path: str)Parses a key_ring path into its component segments.
parse_public_key_path
parse_public_key_path(path: str)Parses a public_key path into its component segments.
public_key_path
public_key_path(
project: str, location: str, key_ring: str, crypto_key: str, crypto_key_version: str
)Returns a fully-qualified public_key string.
restore_crypto_key_version
restore_crypto_key_version(request: Optional[Union[google.cloud.kms_v1.types.service.RestoreCryptoKeyVersionRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Restore a xref_CryptoKeyVersion in the xref_DESTROY_SCHEDULED state.
Upon restoration of the CryptoKeyVersion, xref_state will be set to xref_DISABLED, and xref_destroy_time will be cleared.
from google.cloud import kms_v1
async def sample_restore_crypto_key_version():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
request = kms_v1.RestoreCryptoKeyVersionRequest(
name="name_value",
)
# Make the request
response = await client.restore_crypto_key_version(request=request)
# Handle the response
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.RestoreCryptoKeyVersionRequest, dict]
The request object. Request message for KeyManagementService.RestoreCryptoKeyVersion. |
name |
Required. The resource name of the CryptoKeyVersion to restore. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.types.CryptoKeyVersion | A CryptoKeyVersion represents an individual cryptographic key, and the associated key material. An ENABLED version can be used for cryptographic operations. For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS. |
set_iam_policy
set_iam_policy(request: Optional[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest] = None, *, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Sets the IAM access control policy on the specified function.
Replaces any existing policy.
| Name | Description |
request |
The request object. Request message for |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
| Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A Policy is a collection of bindings. A binding binds one or more members to a single role. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions (defined by IAM or configured by users). A binding can optionally specify a condition, which is a logic expression that further constrains the role binding based on attributes about the request and/or target resource. **JSON Example**:: { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": ["user:eve@example.com"], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ]="" }="" **yaml="" example**::="" bindings:="" -="" members:="" -="" user:mike@example.com="" -="" group:admins@example.com="" -="" domain:google.com="" -="" serviceaccount:my-project-id@appspot.gserviceaccount.com="" role:="" roles/resourcemanager.organizationadmin="" -="" members:="" -="" user:eve@example.com="" role:="" roles/resourcemanager.organizationviewer="" condition:="" title:="" expirable="" access="" description:="" does="" not="" grant="" access="" after="" sep="" 2020="" expression:="" request.time="">< timestamp('2020-10-01t00:00:00.000z')="" for="" a="" description="" of="" iam="" and="" its="" features,="" see="" the="">IAM developer's guide __. |
test_iam_permissions
test_iam_permissions(request: Optional[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest] = None, *, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Tests the specified permissions against the IAM access control policy for a function.
If the function does not exist, this will return an empty set of permissions, not a NOT_FOUND error.
| Name | Description |
request |
The request object. Request message for |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
| Response message for TestIamPermissions method. |
update_crypto_key
update_crypto_key(request: Optional[Union[google.cloud.kms_v1.types.service.UpdateCryptoKeyRequest, dict]] = None, *, crypto_key: Optional[google.cloud.kms_v1.types.resources.CryptoKey] = None, update_mask: Optional[google.protobuf.field_mask_pb2.FieldMask] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Update a xref_CryptoKey.
from google.cloud import kms_v1
async def sample_update_crypto_key():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
request = kms_v1.UpdateCryptoKeyRequest(
)
# Make the request
response = await client.update_crypto_key(request=request)
# Handle the response
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.UpdateCryptoKeyRequest, dict]
The request object. Request message for KeyManagementService.UpdateCryptoKey. |
crypto_key |
CryptoKey
Required. CryptoKey with updated values. This corresponds to the |
update_mask |
Required. List of fields to be updated in this request. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.types.CryptoKey | A CryptoKey represents a logical key that can be used for cryptographic operations. A CryptoKey is made up of zero or more versions, which represent the actual key material used in cryptographic operations. |
update_crypto_key_primary_version
update_crypto_key_primary_version(request: Optional[Union[google.cloud.kms_v1.types.service.UpdateCryptoKeyPrimaryVersionRequest, dict]] = None, *, name: Optional[str] = None, crypto_key_version_id: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Update the version of a xref_CryptoKey that will be used in xref_Encrypt.
Returns an error if called on a key whose purpose is not xref_ENCRYPT_DECRYPT.
from google.cloud import kms_v1
async def sample_update_crypto_key_primary_version():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
request = kms_v1.UpdateCryptoKeyPrimaryVersionRequest(
name="name_value",
crypto_key_version_id="crypto_key_version_id_value",
)
# Make the request
response = await client.update_crypto_key_primary_version(request=request)
# Handle the response
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.UpdateCryptoKeyPrimaryVersionRequest, dict]
The request object. Request message for KeyManagementService.UpdateCryptoKeyPrimaryVersion. |
name |
Required. The resource name of the CryptoKey to update. This corresponds to the |
crypto_key_version_id |
Required. The id of the child CryptoKeyVersion to use as primary. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.types.CryptoKey | A CryptoKey represents a logical key that can be used for cryptographic operations. A CryptoKey is made up of zero or more versions, which represent the actual key material used in cryptographic operations. |
update_crypto_key_version
update_crypto_key_version(request: Optional[Union[google.cloud.kms_v1.types.service.UpdateCryptoKeyVersionRequest, dict]] = None, *, crypto_key_version: Optional[google.cloud.kms_v1.types.resources.CryptoKeyVersion] = None, update_mask: Optional[google.protobuf.field_mask_pb2.FieldMask] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())Update a xref_CryptoKeyVersion's metadata.
xref_state may be changed between xref_ENABLED and xref_DISABLED using this method. See xref_DestroyCryptoKeyVersion and xref_RestoreCryptoKeyVersion to move between other states.
from google.cloud import kms_v1
async def sample_update_crypto_key_version():
# Create a client
client = kms_v1.KeyManagementServiceAsyncClient()
# Initialize request argument(s)
request = kms_v1.UpdateCryptoKeyVersionRequest(
)
# Make the request
response = await client.update_crypto_key_version(request=request)
# Handle the response
print(response)
| Name | Description |
request |
Union[google.cloud.kms_v1.types.UpdateCryptoKeyVersionRequest, dict]
The request object. Request message for KeyManagementService.UpdateCryptoKeyVersion. |
crypto_key_version |
CryptoKeyVersion
Required. CryptoKeyVersion with updated values. This corresponds to the |
update_mask |
Required. List of fields to be updated in this request. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
| Type | Description |
google.cloud.kms_v1.types.CryptoKeyVersion | A CryptoKeyVersion represents an individual cryptographic key, and the associated key material. An ENABLED version can be used for cryptographic operations. For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS. |