Class CryptoKey (2.4.3)

CryptoKey(mapping=None, *, ignore_unknown_fields=False, **kwargs)

A CryptoKey represents a logical key that can be used for cryptographic operations.

A CryptoKey is made up of zero or more versions, which represent the actual key material used in cryptographic operations.

Attributes

NameDescription
name str
Output only. The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.
primary google.cloud.kms_v1.types.CryptoKeyVersion
Output only. A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.
purpose google.cloud.kms_v1.types.CryptoKey.CryptoKeyPurpose
Immutable. The immutable purpose of this CryptoKey.
create_time google.protobuf.timestamp_pb2.Timestamp
Output only. The time at which this CryptoKey was created.
next_rotation_time google.protobuf.timestamp_pb2.Timestamp
At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
rotation_period google.protobuf.duration_pb2.Duration
next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
version_template google.cloud.kms_v1.types.CryptoKeyVersionTemplate
A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.
labels Sequence[google.cloud.kms_v1.types.CryptoKey.LabelsEntry]
Labels with user-defined metadata. For more information, see `Labeling Keys

Classes

CryptoKeyPurpose

CryptoKeyPurpose(value)

CryptoKeyPurpose describes the cryptographic capabilities of a CryptoKey. A given key can only be used for the operations allowed by its purpose. For more information, see Key purposes <https://cloud.google.com/kms/docs/algorithms#key_purposes>__.

LabelsEntry

LabelsEntry(mapping=None, *, ignore_unknown_fields=False, **kwargs)

The abstract base class for a message.

Parameters
NameDescription
kwargs dict

Keys and values corresponding to the fields of the message.

mapping Union[dict, .Message]

A dictionary or message to be used to determine the values for this message.

ignore_unknown_fields Optional(bool)

If True, do not raise errors for unknown fields. Only applied if mapping is a mapping type or there are keyword parameters.