Documentation ¶
Overview ¶
Manages keys and performs cryptographic operations in a central cloud service, for direct use by other cloud resources and applications.
Index ¶
- func DefaultAuthScopes() []string
- type CryptoKeyIterator
- type CryptoKeyVersionIterator
- type KeyManagementCallOptions
- type KeyManagementClient
- func (c *KeyManagementClient) AsymmetricDecrypt(ctx context.Context, req *kmspb.AsymmetricDecryptRequest, ...) (*kmspb.AsymmetricDecryptResponse, error)
- func (c *KeyManagementClient) AsymmetricSign(ctx context.Context, req *kmspb.AsymmetricSignRequest, opts ...gax.CallOption) (*kmspb.AsymmetricSignResponse, error)
- func (c *KeyManagementClient) Close() error
- func (c *KeyManagementClient) Connection() *grpc.ClientConn
- func (c *KeyManagementClient) CreateCryptoKey(ctx context.Context, req *kmspb.CreateCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error)
- func (c *KeyManagementClient) CreateCryptoKeyVersion(ctx context.Context, req *kmspb.CreateCryptoKeyVersionRequest, ...) (*kmspb.CryptoKeyVersion, error)
- func (c *KeyManagementClient) CreateKeyRing(ctx context.Context, req *kmspb.CreateKeyRingRequest, opts ...gax.CallOption) (*kmspb.KeyRing, error)
- func (c *KeyManagementClient) CryptoKeyIAM(cryptoKey *kmspb.CryptoKey) *iam.Handledeprecated
- func (c *KeyManagementClient) Decrypt(ctx context.Context, req *kmspb.DecryptRequest, opts ...gax.CallOption) (*kmspb.DecryptResponse, error)
- func (c *KeyManagementClient) DestroyCryptoKeyVersion(ctx context.Context, req *kmspb.DestroyCryptoKeyVersionRequest, ...) (*kmspb.CryptoKeyVersion, error)
- func (c *KeyManagementClient) Encrypt(ctx context.Context, req *kmspb.EncryptRequest, opts ...gax.CallOption) (*kmspb.EncryptResponse, error)
- func (c *KeyManagementClient) GetCryptoKey(ctx context.Context, req *kmspb.GetCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error)
- func (c *KeyManagementClient) GetCryptoKeyVersion(ctx context.Context, req *kmspb.GetCryptoKeyVersionRequest, ...) (*kmspb.CryptoKeyVersion, error)
- func (c *KeyManagementClient) GetKeyRing(ctx context.Context, req *kmspb.GetKeyRingRequest, opts ...gax.CallOption) (*kmspb.KeyRing, error)
- func (c *KeyManagementClient) GetPublicKey(ctx context.Context, req *kmspb.GetPublicKeyRequest, opts ...gax.CallOption) (*kmspb.PublicKey, error)
- func (c *KeyManagementClient) KeyRingIAM(keyRing *kmspb.KeyRing) *iam.Handledeprecated
- func (c *KeyManagementClient) ListCryptoKeyVersions(ctx context.Context, req *kmspb.ListCryptoKeyVersionsRequest, ...) *CryptoKeyVersionIterator
- func (c *KeyManagementClient) ListCryptoKeys(ctx context.Context, req *kmspb.ListCryptoKeysRequest, opts ...gax.CallOption) *CryptoKeyIterator
- func (c *KeyManagementClient) ListKeyRings(ctx context.Context, req *kmspb.ListKeyRingsRequest, opts ...gax.CallOption) *KeyRingIterator
- func (c *KeyManagementClient) ResourceIAM(resourcePath string) *iam.Handle
- func (c *KeyManagementClient) RestoreCryptoKeyVersion(ctx context.Context, req *kmspb.RestoreCryptoKeyVersionRequest, ...) (*kmspb.CryptoKeyVersion, error)
- func (c *KeyManagementClient) UpdateCryptoKey(ctx context.Context, req *kmspb.UpdateCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error)
- func (c *KeyManagementClient) UpdateCryptoKeyPrimaryVersion(ctx context.Context, req *kmspb.UpdateCryptoKeyPrimaryVersionRequest, ...) (*kmspb.CryptoKey, error)
- func (c *KeyManagementClient) UpdateCryptoKeyVersion(ctx context.Context, req *kmspb.UpdateCryptoKeyVersionRequest, ...) (*kmspb.CryptoKeyVersion, error)
- type KeyRingIterator
Examples ¶
- KeyManagementClient.AsymmetricDecrypt
- KeyManagementClient.AsymmetricSign
- KeyManagementClient.CreateCryptoKey
- KeyManagementClient.CreateCryptoKeyVersion
- KeyManagementClient.CreateKeyRing
- KeyManagementClient.Decrypt
- KeyManagementClient.DestroyCryptoKeyVersion
- KeyManagementClient.Encrypt
- KeyManagementClient.GetCryptoKey
- KeyManagementClient.GetCryptoKeyVersion
- KeyManagementClient.GetKeyRing
- KeyManagementClient.GetPublicKey
- KeyManagementClient.ListCryptoKeyVersions
- KeyManagementClient.ListCryptoKeys
- KeyManagementClient.ListKeyRings
- KeyManagementClient.ResourceIAM
- KeyManagementClient.RestoreCryptoKeyVersion
- KeyManagementClient.UpdateCryptoKey
- KeyManagementClient.UpdateCryptoKeyPrimaryVersion
- KeyManagementClient.UpdateCryptoKeyVersion
- NewKeyManagementClient
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DefaultAuthScopes ¶
func DefaultAuthScopes() []string
DefaultAuthScopes reports the default set of authentication scopes to use with this package.
Types ¶
type CryptoKeyIterator ¶
type CryptoKeyIterator struct { // InternalFetch is for use by the Google Cloud Libraries only. // It is not part of the stable interface of this package. // // InternalFetch returns results from a single call to the underlying RPC. // The number of results is no greater than pageSize. // If there are no more results, nextPageToken is empty and err is nil. InternalFetch func(pageSize int, pageToken string) (results []*kmspb.CryptoKey, nextPageToken string, err error) // contains filtered or unexported fields }
CryptoKeyIterator manages a stream of *kmspb.CryptoKey.
func (*CryptoKeyIterator) Next ¶
func (it *CryptoKeyIterator) Next() (*kmspb.CryptoKey, error)
Next returns the next result. Its second return value is iterator.Done if there are no more results. Once Next returns Done, all subsequent calls will return Done.
func (*CryptoKeyIterator) PageInfo ¶
func (it *CryptoKeyIterator) PageInfo() *iterator.PageInfo
PageInfo supports pagination. See the google.golang.org/api/iterator package for details.
type CryptoKeyVersionIterator ¶
type CryptoKeyVersionIterator struct { // InternalFetch is for use by the Google Cloud Libraries only. // It is not part of the stable interface of this package. // // InternalFetch returns results from a single call to the underlying RPC. // The number of results is no greater than pageSize. // If there are no more results, nextPageToken is empty and err is nil. InternalFetch func(pageSize int, pageToken string) (results []*kmspb.CryptoKeyVersion, nextPageToken string, err error) // contains filtered or unexported fields }
CryptoKeyVersionIterator manages a stream of *kmspb.CryptoKeyVersion.
func (*CryptoKeyVersionIterator) Next ¶
func (it *CryptoKeyVersionIterator) Next() (*kmspb.CryptoKeyVersion, error)
Next returns the next result. Its second return value is iterator.Done if there are no more results. Once Next returns Done, all subsequent calls will return Done.
func (*CryptoKeyVersionIterator) PageInfo ¶
func (it *CryptoKeyVersionIterator) PageInfo() *iterator.PageInfo
PageInfo supports pagination. See the google.golang.org/api/iterator package for details.
type KeyManagementCallOptions ¶
type KeyManagementCallOptions struct { ListKeyRings []gax.CallOption ListCryptoKeys []gax.CallOption ListCryptoKeyVersions []gax.CallOption GetKeyRing []gax.CallOption GetCryptoKey []gax.CallOption GetCryptoKeyVersion []gax.CallOption CreateKeyRing []gax.CallOption CreateCryptoKey []gax.CallOption CreateCryptoKeyVersion []gax.CallOption UpdateCryptoKey []gax.CallOption UpdateCryptoKeyVersion []gax.CallOption Encrypt []gax.CallOption Decrypt []gax.CallOption UpdateCryptoKeyPrimaryVersion []gax.CallOption DestroyCryptoKeyVersion []gax.CallOption RestoreCryptoKeyVersion []gax.CallOption GetPublicKey []gax.CallOption AsymmetricDecrypt []gax.CallOption AsymmetricSign []gax.CallOption }
KeyManagementCallOptions contains the retry settings for each method of KeyManagementClient.
type KeyManagementClient ¶
type KeyManagementClient struct { // The call options for this service. CallOptions *KeyManagementCallOptions // contains filtered or unexported fields }
KeyManagementClient is a client for interacting with Cloud Key Management Service (KMS) API.
Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
func NewKeyManagementClient ¶
func NewKeyManagementClient(ctx context.Context, opts ...option.ClientOption) (*KeyManagementClient, error)
NewKeyManagementClient creates a new key management service client.
Google Cloud Key Management Service ¶
Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:
[KeyRing][google.cloud.kms.v1.KeyRing] [CryptoKey][google.cloud.kms.v1.CryptoKey] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
If you are using manual gRPC libraries, see Using gRPC with Cloud KMS (at https://cloud.google.com/kms/docs/grpc).
Example ¶
package main import ( "context" kms "cloud.google.com/go/kms/apiv1" ) func main() { ctx := context.Background() c, err := kms.NewKeyManagementClient(ctx) if err != nil { // TODO: Handle error. } // TODO: Use client. _ = c }
Output:
func (*KeyManagementClient) AsymmetricDecrypt ¶ added in v0.28.0
func (c *KeyManagementClient) AsymmetricDecrypt(ctx context.Context, req *kmspb.AsymmetricDecryptRequest, opts ...gax.CallOption) (*kmspb.AsymmetricDecryptResponse, error)
AsymmetricDecrypt decrypts data that was encrypted with a public key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
Example ¶
package main import ( "context" kms "cloud.google.com/go/kms/apiv1" kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1" ) func main() { ctx := context.Background() c, err := kms.NewKeyManagementClient(ctx) if err != nil { // TODO: Handle error. } req := &kmspb.AsymmetricDecryptRequest{ // TODO: Fill request struct fields. } resp, err := c.AsymmetricDecrypt(ctx, req) if err != nil { // TODO: Handle error. } // TODO: Use resp. _ = resp }
Output:
func (*KeyManagementClient) AsymmetricSign ¶ added in v0.28.0
func (c *KeyManagementClient) AsymmetricSign(ctx context.Context, req *kmspb.AsymmetricSignRequest, opts ...gax.CallOption) (*kmspb.AsymmetricSignResponse, error)
AsymmetricSign signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
Example ¶
package main import ( "context" kms "cloud.google.com/go/kms/apiv1" kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1" ) func main() { ctx := context.Background() c, err := kms.NewKeyManagementClient(ctx) if err != nil { // TODO: Handle error. } req := &kmspb.AsymmetricSignRequest{ // TODO: Fill request struct fields. } resp, err := c.AsymmetricSign(ctx, req) if err != nil { // TODO: Handle error. } // TODO: Use resp. _ = resp }
Output:
func (*KeyManagementClient) Close ¶
func (c *KeyManagementClient) Close() error
Close closes the connection to the API service. The user should invoke this when the client is no longer required.
func (*KeyManagementClient) Connection ¶
func (c *KeyManagementClient) Connection() *grpc.ClientConn
Connection returns the client's connection to the API service.
func (*KeyManagementClient) CreateCryptoKey ¶
func (c *KeyManagementClient) CreateCryptoKey(ctx context.Context, req *kmspb.CreateCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error)
CreateCryptoKey create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing].
[CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm] are required.
Example ¶
package main import ( "context" kms "cloud.google.com/go/kms/apiv1" kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1" ) func main() { ctx := context.Background() c, err := kms.NewKeyManagementClient(ctx) if err != nil { // TODO: Handle error. } req := &kmspb.CreateCryptoKeyRequest{ // TODO: Fill request struct fields. } resp, err := c.CreateCryptoKey(ctx, req) if err != nil { // TODO: Handle error. } // TODO: Use resp. _ = resp }
Output:
func (*KeyManagementClient) CreateCryptoKeyVersion ¶
func (c *KeyManagementClient) CreateCryptoKeyVersion(ctx context.Context, req *kmspb.CreateCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error)
CreateCryptoKeyVersion create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey].
The server will assign the next sequential id. If unset, [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
Example ¶
package main import ( "context" kms "cloud.google.com/go/kms/apiv1" kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1" ) func main() { ctx := context.Background() c, err := kms.NewKeyManagementClient(ctx) if err != nil { // TODO: Handle error. } req := &kmspb.CreateCryptoKeyVersionRequest{ // TODO: Fill request struct fields. } resp, err := c.CreateCryptoKeyVersion(ctx, req) if err != nil { // TODO: Handle error. } // TODO: Use resp. _ = resp }
Output:
func (*KeyManagementClient) CreateKeyRing ¶
func (c *KeyManagementClient) CreateKeyRing(ctx context.Context, req *kmspb.CreateKeyRingRequest, opts ...gax.CallOption) (*kmspb.KeyRing, error)
CreateKeyRing create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location.
Example ¶
package main import ( "context" kms "cloud.google.com/go/kms/apiv1" kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1" ) func main() { ctx := context.Background() c, err := kms.NewKeyManagementClient(ctx) if err != nil { // TODO: Handle error. } req := &kmspb.CreateKeyRingRequest{ // TODO: Fill request struct fields. } resp, err := c.CreateKeyRing(ctx, req) if err != nil { // TODO: Handle error. } // TODO: Use resp. _ = resp }
Output:
func (*KeyManagementClient) CryptoKeyIAM
deprecated
added in
v0.33.0
func (c *KeyManagementClient) CryptoKeyIAM(cryptoKey *kmspb.CryptoKey) *iam.Handle
CryptoKeyIAM returns a handle to inspect and change permissions of a CryptoKey.
Deprecated: Please use ResourceIAM and provide the CryptoKey.Name as input.
func (*KeyManagementClient) Decrypt ¶
func (c *KeyManagementClient) Decrypt(ctx context.Context, req *kmspb.DecryptRequest, opts ...gax.CallOption) (*kmspb.DecryptResponse, error)
Decrypt decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
Example ¶
package main import ( "context" kms "cloud.google.com/go/kms/apiv1" kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1" ) func main() { ctx := context.Background() c, err := kms.NewKeyManagementClient(ctx) if err != nil { // TODO: Handle error. } req := &kmspb.DecryptRequest{ // TODO: Fill request struct fields. } resp, err := c.Decrypt(ctx, req) if err != nil { // TODO: Handle error. } // TODO: Use resp. _ = resp }
Output:
func (*KeyManagementClient) DestroyCryptoKeyVersion ¶
func (c *KeyManagementClient) DestroyCryptoKeyVersion(ctx context.Context, req *kmspb.DestroyCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error)
DestroyCryptoKeyVersion schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to a time 24 hours in the future, at which point the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be changed to [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key material will be irrevocably destroyed.
Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached, [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process.
Example ¶
package main import ( "context" kms "cloud.google.com/go/kms/apiv1" kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1" ) func main() { ctx := context.Background() c, err := kms.NewKeyManagementClient(ctx) if err != nil { // TODO: Handle error. } req := &kmspb.DestroyCryptoKeyVersionRequest{ // TODO: Fill request struct fields. } resp, err := c.DestroyCryptoKeyVersion(ctx, req) if err != nil { // TODO: Handle error. } // TODO: Use resp. _ = resp }
Output:
func (*KeyManagementClient) Encrypt ¶
func (c *KeyManagementClient) Encrypt(ctx context.Context, req *kmspb.EncryptRequest, opts ...gax.CallOption) (*kmspb.EncryptResponse, error)
Encrypt encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
Example ¶
package main import ( "context" kms "cloud.google.com/go/kms/apiv1" kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1" ) func main() { ctx := context.Background() c, err := kms.NewKeyManagementClient(ctx) if err != nil { // TODO: Handle error. } req := &kmspb.EncryptRequest{ // TODO: Fill request struct fields. } resp, err := c.Encrypt(ctx, req) if err != nil { // TODO: Handle error. } // TODO: Use resp. _ = resp }
Output:
func (*KeyManagementClient) GetCryptoKey ¶
func (c *KeyManagementClient) GetCryptoKey(ctx context.Context, req *kmspb.GetCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error)
GetCryptoKey returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
Example ¶
package main import ( "context" kms "cloud.google.com/go/kms/apiv1" kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1" ) func main() { ctx := context.Background() c, err := kms.NewKeyManagementClient(ctx) if err != nil { // TODO: Handle error. } req := &kmspb.GetCryptoKeyRequest{ // TODO: Fill request struct fields. } resp, err := c.GetCryptoKey(ctx, req) if err != nil { // TODO: Handle error. } // TODO: Use resp. _ = resp }
Output:
func (*KeyManagementClient) GetCryptoKeyVersion ¶
func (c *KeyManagementClient) GetCryptoKeyVersion(ctx context.Context, req *kmspb.GetCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error)
GetCryptoKeyVersion returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
Example ¶
package main import ( "context" kms "cloud.google.com/go/kms/apiv1" kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1" ) func main() { ctx := context.Background() c, err := kms.NewKeyManagementClient(ctx) if err != nil { // TODO: Handle error. } req := &kmspb.GetCryptoKeyVersionRequest{ // TODO: Fill request struct fields. } resp, err := c.GetCryptoKeyVersion(ctx, req) if err != nil { // TODO: Handle error. } // TODO: Use resp. _ = resp }
Output:
func (*KeyManagementClient) GetKeyRing ¶
func (c *KeyManagementClient) GetKeyRing(ctx context.Context, req *kmspb.GetKeyRingRequest, opts ...gax.CallOption) (*kmspb.KeyRing, error)
GetKeyRing returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
Example ¶
package main import ( "context" kms "cloud.google.com/go/kms/apiv1" kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1" ) func main() { ctx := context.Background() c, err := kms.NewKeyManagementClient(ctx) if err != nil { // TODO: Handle error. } req := &kmspb.GetKeyRingRequest{ // TODO: Fill request struct fields. } resp, err := c.GetKeyRing(ctx, req) if err != nil { // TODO: Handle error. } // TODO: Use resp. _ = resp }
Output:
func (*KeyManagementClient) GetPublicKey ¶ added in v0.28.0
func (c *KeyManagementClient) GetPublicKey(ctx context.Context, req *kmspb.GetPublicKeyRequest, opts ...gax.CallOption) (*kmspb.PublicKey, error)
GetPublicKey returns the public key for the given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
Example ¶
package main import ( "context" kms "cloud.google.com/go/kms/apiv1" kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1" ) func main() { ctx := context.Background() c, err := kms.NewKeyManagementClient(ctx) if err != nil { // TODO: Handle error. } req := &kmspb.GetPublicKeyRequest{ // TODO: Fill request struct fields. } resp, err := c.GetPublicKey(ctx, req) if err != nil { // TODO: Handle error. } // TODO: Use resp. _ = resp }
Output:
func (*KeyManagementClient) KeyRingIAM
deprecated
added in
v0.33.0
func (c *KeyManagementClient) KeyRingIAM(keyRing *kmspb.KeyRing) *iam.Handle
KeyRingIAM returns a handle to inspect and change permissions of a KeyRing.
Deprecated: Please use ResourceIAM and provide the KeyRing.Name as input.
func (*KeyManagementClient) ListCryptoKeyVersions ¶
func (c *KeyManagementClient) ListCryptoKeyVersions(ctx context.Context, req *kmspb.ListCryptoKeyVersionsRequest, opts ...gax.CallOption) *CryptoKeyVersionIterator
ListCryptoKeyVersions lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
Example ¶
package main import ( "context" kms "cloud.google.com/go/kms/apiv1" "google.golang.org/api/iterator" kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1" ) func main() { ctx := context.Background() c, err := kms.NewKeyManagementClient(ctx) if err != nil { // TODO: Handle error. } req := &kmspb.ListCryptoKeyVersionsRequest{ // TODO: Fill request struct fields. } it := c.ListCryptoKeyVersions(ctx, req) for { resp, err := it.Next() if err == iterator.Done { break } if err != nil { // TODO: Handle error. } // TODO: Use resp. _ = resp } }
Output:
func (*KeyManagementClient) ListCryptoKeys ¶
func (c *KeyManagementClient) ListCryptoKeys(ctx context.Context, req *kmspb.ListCryptoKeysRequest, opts ...gax.CallOption) *CryptoKeyIterator
ListCryptoKeys lists [CryptoKeys][google.cloud.kms.v1.CryptoKey].
Example ¶
package main import ( "context" kms "cloud.google.com/go/kms/apiv1" "google.golang.org/api/iterator" kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1" ) func main() { ctx := context.Background() c, err := kms.NewKeyManagementClient(ctx) if err != nil { // TODO: Handle error. } req := &kmspb.ListCryptoKeysRequest{ // TODO: Fill request struct fields. } it := c.ListCryptoKeys(ctx, req) for { resp, err := it.Next() if err == iterator.Done { break } if err != nil { // TODO: Handle error. } // TODO: Use resp. _ = resp } }
Output:
func (*KeyManagementClient) ListKeyRings ¶
func (c *KeyManagementClient) ListKeyRings(ctx context.Context, req *kmspb.ListKeyRingsRequest, opts ...gax.CallOption) *KeyRingIterator
ListKeyRings lists [KeyRings][google.cloud.kms.v1.KeyRing].
Example ¶
package main import ( "context" kms "cloud.google.com/go/kms/apiv1" "google.golang.org/api/iterator" kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1" ) func main() { ctx := context.Background() c, err := kms.NewKeyManagementClient(ctx) if err != nil { // TODO: Handle error. } req := &kmspb.ListKeyRingsRequest{ // TODO: Fill request struct fields. } it := c.ListKeyRings(ctx, req) for { resp, err := it.Next() if err == iterator.Done { break } if err != nil { // TODO: Handle error. } // TODO: Use resp. _ = resp } }
Output:
func (*KeyManagementClient) ResourceIAM ¶ added in v0.36.0
func (c *KeyManagementClient) ResourceIAM(resourcePath string) *iam.Handle
ResourceIAM returns a handle to inspect and change permissions of the resource indicated by the given resource path.
Example ¶
package main import ( "context" kms "cloud.google.com/go/kms/apiv1" ) func main() { ctx := context.Background() c, err := kms.NewKeyManagementClient(ctx) if err != nil { // TODO: Handle error. } // TODO: fill in key ring resource path keyRing := "projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEY_RING]" handle := c.ResourceIAM(keyRing) policy, err := handle.Policy(ctx) if err != nil { // TODO: Handle error. } // TODO: Use policy. _ = policy }
Output:
func (*KeyManagementClient) RestoreCryptoKeyVersion ¶
func (c *KeyManagementClient) RestoreCryptoKeyVersion(ctx context.Context, req *kmspb.RestoreCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error)
RestoreCryptoKeyVersion restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] state.
Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED], and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared.
Example ¶
package main import ( "context" kms "cloud.google.com/go/kms/apiv1" kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1" ) func main() { ctx := context.Background() c, err := kms.NewKeyManagementClient(ctx) if err != nil { // TODO: Handle error. } req := &kmspb.RestoreCryptoKeyVersionRequest{ // TODO: Fill request struct fields. } resp, err := c.RestoreCryptoKeyVersion(ctx, req) if err != nil { // TODO: Handle error. } // TODO: Use resp. _ = resp }
Output:
func (*KeyManagementClient) UpdateCryptoKey ¶
func (c *KeyManagementClient) UpdateCryptoKey(ctx context.Context, req *kmspb.UpdateCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error)
UpdateCryptoKey update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
Example ¶
package main import ( "context" kms "cloud.google.com/go/kms/apiv1" kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1" ) func main() { ctx := context.Background() c, err := kms.NewKeyManagementClient(ctx) if err != nil { // TODO: Handle error. } req := &kmspb.UpdateCryptoKeyRequest{ // TODO: Fill request struct fields. } resp, err := c.UpdateCryptoKey(ctx, req) if err != nil { // TODO: Handle error. } // TODO: Use resp. _ = resp }
Output:
func (*KeyManagementClient) UpdateCryptoKeyPrimaryVersion ¶
func (c *KeyManagementClient) UpdateCryptoKeyPrimaryVersion(ctx context.Context, req *kmspb.UpdateCryptoKeyPrimaryVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error)
UpdateCryptoKeyPrimaryVersion update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
Returns an error if called on an asymmetric key.
Example ¶
package main import ( "context" kms "cloud.google.com/go/kms/apiv1" kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1" ) func main() { ctx := context.Background() c, err := kms.NewKeyManagementClient(ctx) if err != nil { // TODO: Handle error. } req := &kmspb.UpdateCryptoKeyPrimaryVersionRequest{ // TODO: Fill request struct fields. } resp, err := c.UpdateCryptoKeyPrimaryVersion(ctx, req) if err != nil { // TODO: Handle error. } // TODO: Use resp. _ = resp }
Output:
func (*KeyManagementClient) UpdateCryptoKeyVersion ¶
func (c *KeyManagementClient) UpdateCryptoKeyVersion(ctx context.Context, req *kmspb.UpdateCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error)
UpdateCryptoKeyVersion update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata.
[state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] and [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to move between other states.
Example ¶
package main import ( "context" kms "cloud.google.com/go/kms/apiv1" kmspb "google.golang.org/genproto/googleapis/cloud/kms/v1" ) func main() { ctx := context.Background() c, err := kms.NewKeyManagementClient(ctx) if err != nil { // TODO: Handle error. } req := &kmspb.UpdateCryptoKeyVersionRequest{ // TODO: Fill request struct fields. } resp, err := c.UpdateCryptoKeyVersion(ctx, req) if err != nil { // TODO: Handle error. } // TODO: Use resp. _ = resp }
Output:
type KeyRingIterator ¶
type KeyRingIterator struct { // InternalFetch is for use by the Google Cloud Libraries only. // It is not part of the stable interface of this package. // // InternalFetch returns results from a single call to the underlying RPC. // The number of results is no greater than pageSize. // If there are no more results, nextPageToken is empty and err is nil. InternalFetch func(pageSize int, pageToken string) (results []*kmspb.KeyRing, nextPageToken string, err error) // contains filtered or unexported fields }
KeyRingIterator manages a stream of *kmspb.KeyRing.
func (*KeyRingIterator) Next ¶
func (it *KeyRingIterator) Next() (*kmspb.KeyRing, error)
Next returns the next result. Its second return value is iterator.Done if there are no more results. Once Next returns Done, all subsequent calls will return Done.
func (*KeyRingIterator) PageInfo ¶
func (it *KeyRingIterator) PageInfo() *iterator.PageInfo
PageInfo supports pagination. See the google.golang.org/api/iterator package for details.