kms

package
v0.0.0-...-6cb3ea0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 7, 2021 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ProtectionLevel_name = map[int32]string{
		0: "PROTECTION_LEVEL_UNSPECIFIED",
		1: "SOFTWARE",
		2: "HSM",
		3: "EXTERNAL",
	}
	ProtectionLevel_value = map[string]int32{
		"PROTECTION_LEVEL_UNSPECIFIED": 0,
		"SOFTWARE":                     1,
		"HSM":                          2,
		"EXTERNAL":                     3,
	}
)

Enum value maps for ProtectionLevel.

View Source 
var (
	CryptoKey_CryptoKeyPurpose_name = map[int32]string{
		0: "CRYPTO_KEY_PURPOSE_UNSPECIFIED",
		1: "ENCRYPT_DECRYPT",
		5: "ASYMMETRIC_SIGN",
		6: "ASYMMETRIC_DECRYPT",
	}
	CryptoKey_CryptoKeyPurpose_value = map[string]int32{
		"CRYPTO_KEY_PURPOSE_UNSPECIFIED": 0,
		"ENCRYPT_DECRYPT":                1,
		"ASYMMETRIC_SIGN":                5,
		"ASYMMETRIC_DECRYPT":             6,
	}
)

Enum value maps for CryptoKey_CryptoKeyPurpose.

View Source 
var (
	KeyOperationAttestation_AttestationFormat_name = map[int32]string{
		0: "ATTESTATION_FORMAT_UNSPECIFIED",
		3: "CAVIUM_V1_COMPRESSED",
		4: "CAVIUM_V2_COMPRESSED",
	}
	KeyOperationAttestation_AttestationFormat_value = map[string]int32{
		"ATTESTATION_FORMAT_UNSPECIFIED": 0,
		"CAVIUM_V1_COMPRESSED":           3,
		"CAVIUM_V2_COMPRESSED":           4,
	}
)

Enum value maps for KeyOperationAttestation_AttestationFormat.

View Source 
var (
	CryptoKeyVersion_CryptoKeyVersionAlgorithm_name = map[int32]string{
		0:  "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED",
		1:  "GOOGLE_SYMMETRIC_ENCRYPTION",
		2:  "RSA_SIGN_PSS_2048_SHA256",
		3:  "RSA_SIGN_PSS_3072_SHA256",
		4:  "RSA_SIGN_PSS_4096_SHA256",
		15: "RSA_SIGN_PSS_4096_SHA512",
		5:  "RSA_SIGN_PKCS1_2048_SHA256",
		6:  "RSA_SIGN_PKCS1_3072_SHA256",
		7:  "RSA_SIGN_PKCS1_4096_SHA256",
		16: "RSA_SIGN_PKCS1_4096_SHA512",
		8:  "RSA_DECRYPT_OAEP_2048_SHA256",
		9:  "RSA_DECRYPT_OAEP_3072_SHA256",
		10: "RSA_DECRYPT_OAEP_4096_SHA256",
		17: "RSA_DECRYPT_OAEP_4096_SHA512",
		12: "EC_SIGN_P256_SHA256",
		13: "EC_SIGN_P384_SHA384",
		18: "EXTERNAL_SYMMETRIC_ENCRYPTION",
	}
	CryptoKeyVersion_CryptoKeyVersionAlgorithm_value = map[string]int32{
		"CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED": 0,
		"GOOGLE_SYMMETRIC_ENCRYPTION":              1,
		"RSA_SIGN_PSS_2048_SHA256":                 2,
		"RSA_SIGN_PSS_3072_SHA256":                 3,
		"RSA_SIGN_PSS_4096_SHA256":                 4,
		"RSA_SIGN_PSS_4096_SHA512":                 15,
		"RSA_SIGN_PKCS1_2048_SHA256":               5,
		"RSA_SIGN_PKCS1_3072_SHA256":               6,
		"RSA_SIGN_PKCS1_4096_SHA256":               7,
		"RSA_SIGN_PKCS1_4096_SHA512":               16,
		"RSA_DECRYPT_OAEP_2048_SHA256":             8,
		"RSA_DECRYPT_OAEP_3072_SHA256":             9,
		"RSA_DECRYPT_OAEP_4096_SHA256":             10,
		"RSA_DECRYPT_OAEP_4096_SHA512":             17,
		"EC_SIGN_P256_SHA256":                      12,
		"EC_SIGN_P384_SHA384":                      13,
		"EXTERNAL_SYMMETRIC_ENCRYPTION":            18,
	}
)

Enum value maps for CryptoKeyVersion_CryptoKeyVersionAlgorithm.

View Source 
var (
	CryptoKeyVersion_CryptoKeyVersionState_name = map[int32]string{
		0: "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED",
		5: "PENDING_GENERATION",
		1: "ENABLED",
		2: "DISABLED",
		3: "DESTROYED",
		4: "DESTROY_SCHEDULED",
		6: "PENDING_IMPORT",
		7: "IMPORT_FAILED",
	}
	CryptoKeyVersion_CryptoKeyVersionState_value = map[string]int32{
		"CRYPTO_KEY_VERSION_STATE_UNSPECIFIED": 0,
		"PENDING_GENERATION":                   5,
		"ENABLED":                              1,
		"DISABLED":                             2,
		"DESTROYED":                            3,
		"DESTROY_SCHEDULED":                    4,
		"PENDING_IMPORT":                       6,
		"IMPORT_FAILED":                        7,
	}
)

Enum value maps for CryptoKeyVersion_CryptoKeyVersionState.

View Source 
var (
	CryptoKeyVersion_CryptoKeyVersionView_name = map[int32]string{
		0: "CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED",
		1: "FULL",
	}
	CryptoKeyVersion_CryptoKeyVersionView_value = map[string]int32{
		"CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED": 0,
		"FULL":                                1,
	}
)

Enum value maps for CryptoKeyVersion_CryptoKeyVersionView.

View Source 
var (
	ImportJob_ImportMethod_name = map[int32]string{
		0: "IMPORT_METHOD_UNSPECIFIED",
		1: "RSA_OAEP_3072_SHA1_AES_256",
		2: "RSA_OAEP_4096_SHA1_AES_256",
	}
	ImportJob_ImportMethod_value = map[string]int32{
		"IMPORT_METHOD_UNSPECIFIED":  0,
		"RSA_OAEP_3072_SHA1_AES_256": 1,
		"RSA_OAEP_4096_SHA1_AES_256": 2,
	}
)

Enum value maps for ImportJob_ImportMethod.

View Source 
var (
	ImportJob_ImportJobState_name = map[int32]string{
		0: "IMPORT_JOB_STATE_UNSPECIFIED",
		1: "PENDING_GENERATION",
		2: "ACTIVE",
		3: "EXPIRED",
	}
	ImportJob_ImportJobState_value = map[string]int32{
		"IMPORT_JOB_STATE_UNSPECIFIED": 0,
		"PENDING_GENERATION":           1,
		"ACTIVE":                       2,
		"EXPIRED":                      3,
	}
)

Enum value maps for ImportJob_ImportJobState.

View Source 
var File_google_cloud_kms_v1_resources_proto protoreflect.FileDescriptor
View Source 
var File_google_cloud_kms_v1_service_proto protoreflect.FileDescriptor

Functions

func RegisterKeyManagementServiceServer 

func RegisterKeyManagementServiceServer(s *grpc.Server, srv KeyManagementServiceServer)

Types

type AsymmetricDecryptRequest 

type AsymmetricDecryptRequest struct {

	// Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
	// decryption.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. The data encrypted with the named [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s public
	// key using OAEP.
	Ciphertext []byte `protobuf:"bytes,3,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
	// Optional. An optional CRC32C checksum of the [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext].
	// If specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the
	// received [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext] using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification
	// fails. If you receive a checksum error, your client should verify that
	// CRC32C([AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]) is equal to
	// [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c], and if so, perform a
	// limited number of retries. A persistent mismatch may indicate an issue in
	// your computation of the CRC32C checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	//
	// NOTE: This field is in Beta.
	CiphertextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,4,opt,name=ciphertext_crc32c,json=ciphertextCrc32c,proto3" json:"ciphertext_crc32c,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt].

func (*AsymmetricDecryptRequest) Descriptor deprecated 

func (*AsymmetricDecryptRequest) Descriptor() ([]byte, []int)

Deprecated: Use AsymmetricDecryptRequest.ProtoReflect.Descriptor instead.

func (*AsymmetricDecryptRequest) GetCiphertext 

func (x *AsymmetricDecryptRequest) GetCiphertext() []byte

func (*AsymmetricDecryptRequest) GetCiphertextCrc32C 

func (x *AsymmetricDecryptRequest) GetCiphertextCrc32C() *wrapperspb.Int64Value

func (*AsymmetricDecryptRequest) GetName 

func (x *AsymmetricDecryptRequest) GetName() string

func (*AsymmetricDecryptRequest) ProtoMessage 

func (*AsymmetricDecryptRequest) ProtoMessage()

func (*AsymmetricDecryptRequest) ProtoReflect 

func (x *AsymmetricDecryptRequest) ProtoReflect() protoreflect.Message

func (*AsymmetricDecryptRequest) Reset 

func (x *AsymmetricDecryptRequest) Reset()

func (*AsymmetricDecryptRequest) String 

func (x *AsymmetricDecryptRequest) String() string

type AsymmetricDecryptResponse 

type AsymmetricDecryptResponse struct {

	// The decrypted data originally encrypted with the matching public key.
	Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
	// Integrity verification field. A CRC32C checksum of the returned
	// [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext]. An integrity check of
	// [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext] can be performed by computing the
	// CRC32C checksum of [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext] and comparing
	// your results to this field. Discard the response in case of non-matching
	// checksum values, and perform a limited number of retries. A persistent
	// mismatch may indicate an issue in your computation of the CRC32C checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	//
	// NOTE: This field is in Beta.
	PlaintextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,2,opt,name=plaintext_crc32c,json=plaintextCrc32c,proto3" json:"plaintext_crc32c,omitempty"`
	// Integrity verification field. A flag indicating whether
	// [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] was received by
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the
	// [ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]. A false value of this
	// field indicates either that [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c]
	// was left unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If
	// you've set [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] but this field is
	// still false, discard the response and perform a limited number of retries.
	//
	// NOTE: This field is in Beta.
	VerifiedCiphertextCrc32C bool `` /* 136-byte string literal not displayed */
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt].

func (*AsymmetricDecryptResponse) Descriptor deprecated 

func (*AsymmetricDecryptResponse) Descriptor() ([]byte, []int)

Deprecated: Use AsymmetricDecryptResponse.ProtoReflect.Descriptor instead.

func (*AsymmetricDecryptResponse) GetPlaintext 

func (x *AsymmetricDecryptResponse) GetPlaintext() []byte

func (*AsymmetricDecryptResponse) GetPlaintextCrc32C 

func (x *AsymmetricDecryptResponse) GetPlaintextCrc32C() *wrapperspb.Int64Value

func (*AsymmetricDecryptResponse) GetVerifiedCiphertextCrc32C 

func (x *AsymmetricDecryptResponse) GetVerifiedCiphertextCrc32C() bool

func (*AsymmetricDecryptResponse) ProtoMessage 

func (*AsymmetricDecryptResponse) ProtoMessage()

func (*AsymmetricDecryptResponse) ProtoReflect 

func (x *AsymmetricDecryptResponse) ProtoReflect() protoreflect.Message

func (*AsymmetricDecryptResponse) Reset 

func (x *AsymmetricDecryptResponse) Reset()

func (*AsymmetricDecryptResponse) String 

func (x *AsymmetricDecryptResponse) String() string

type AsymmetricSignRequest 

type AsymmetricSignRequest struct {

	// Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for signing.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. The digest of the data to sign. The digest must be produced with
	// the same digest algorithm as specified by the key version's
	// [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm].
	Digest *Digest `protobuf:"bytes,3,opt,name=digest,proto3" json:"digest,omitempty"`
	// Optional. An optional CRC32C checksum of the [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]. If
	// specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the
	// received [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest] using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification
	// fails. If you receive a checksum error, your client should verify that
	// CRC32C([AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]) is equal to
	// [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c], and if so, perform a limited
	// number of retries. A persistent mismatch may indicate an issue in your
	// computation of the CRC32C checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	//
	// NOTE: This field is in Beta.
	DigestCrc32C *wrapperspb.Int64Value `protobuf:"bytes,4,opt,name=digest_crc32c,json=digestCrc32c,proto3" json:"digest_crc32c,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign].

func (*AsymmetricSignRequest) Descriptor deprecated 

func (*AsymmetricSignRequest) Descriptor() ([]byte, []int)

Deprecated: Use AsymmetricSignRequest.ProtoReflect.Descriptor instead.

func (*AsymmetricSignRequest) GetDigest 

func (x *AsymmetricSignRequest) GetDigest() *Digest

func (*AsymmetricSignRequest) GetDigestCrc32C 

func (x *AsymmetricSignRequest) GetDigestCrc32C() *wrapperspb.Int64Value

func (*AsymmetricSignRequest) GetName 

func (x *AsymmetricSignRequest) GetName() string

func (*AsymmetricSignRequest) ProtoMessage 

func (*AsymmetricSignRequest) ProtoMessage()

func (*AsymmetricSignRequest) ProtoReflect 

func (x *AsymmetricSignRequest) ProtoReflect() protoreflect.Message

func (*AsymmetricSignRequest) Reset 

func (x *AsymmetricSignRequest) Reset()

func (*AsymmetricSignRequest) String 

func (x *AsymmetricSignRequest) String() string

type AsymmetricSignResponse 

type AsymmetricSignResponse struct {

	// The created signature.
	Signature []byte `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"`
	// Integrity verification field. A CRC32C checksum of the returned
	// [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature]. An integrity check of
	// [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature] can be performed by computing the
	// CRC32C checksum of [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature] and comparing your
	// results to this field. Discard the response in case of non-matching
	// checksum values, and perform a limited number of retries. A persistent
	// mismatch may indicate an issue in your computation of the CRC32C checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	//
	// NOTE: This field is in Beta.
	SignatureCrc32C *wrapperspb.Int64Value `protobuf:"bytes,2,opt,name=signature_crc32c,json=signatureCrc32c,proto3" json:"signature_crc32c,omitempty"`
	// Integrity verification field. A flag indicating whether
	// [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] was received by
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the
	// [digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]. A false value of this field
	// indicates either that [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] was left
	// unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
	// set [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] but this field is still false,
	// discard the response and perform a limited number of retries.
	//
	// NOTE: This field is in Beta.
	VerifiedDigestCrc32C bool `protobuf:"varint,3,opt,name=verified_digest_crc32c,json=verifiedDigestCrc32c,proto3" json:"verified_digest_crc32c,omitempty"`
	// The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing. Check
	// this field to verify that the intended resource was used for signing.
	//
	// NOTE: This field is in Beta.
	Name string `protobuf:"bytes,4,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign].

func (*AsymmetricSignResponse) Descriptor deprecated 

func (*AsymmetricSignResponse) Descriptor() ([]byte, []int)

Deprecated: Use AsymmetricSignResponse.ProtoReflect.Descriptor instead.

func (*AsymmetricSignResponse) GetName 

func (x *AsymmetricSignResponse) GetName() string

func (*AsymmetricSignResponse) GetSignature 

func (x *AsymmetricSignResponse) GetSignature() []byte

func (*AsymmetricSignResponse) GetSignatureCrc32C 

func (x *AsymmetricSignResponse) GetSignatureCrc32C() *wrapperspb.Int64Value

func (*AsymmetricSignResponse) GetVerifiedDigestCrc32C 

func (x *AsymmetricSignResponse) GetVerifiedDigestCrc32C() bool

func (*AsymmetricSignResponse) ProtoMessage 

func (*AsymmetricSignResponse) ProtoMessage()

func (*AsymmetricSignResponse) ProtoReflect 

func (x *AsymmetricSignResponse) ProtoReflect() protoreflect.Message

func (*AsymmetricSignResponse) Reset 

func (x *AsymmetricSignResponse) Reset()

func (*AsymmetricSignResponse) String 

func (x *AsymmetricSignResponse) String() string

type CreateCryptoKeyRequest 

type CreateCryptoKeyRequest struct {

	// Required. The [name][google.cloud.kms.v1.KeyRing.name] of the KeyRing associated with the
	// [CryptoKeys][google.cloud.kms.v1.CryptoKey].
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. It must be unique within a KeyRing and match the regular
	// expression `[a-zA-Z0-9_-]{1,63}`
	CryptoKeyId string `protobuf:"bytes,2,opt,name=crypto_key_id,json=cryptoKeyId,proto3" json:"crypto_key_id,omitempty"`
	// Required. A [CryptoKey][google.cloud.kms.v1.CryptoKey] with initial field values.
	CryptoKey *CryptoKey `protobuf:"bytes,3,opt,name=crypto_key,json=cryptoKey,proto3" json:"crypto_key,omitempty"`
	// If set to true, the request will create a [CryptoKey][google.cloud.kms.v1.CryptoKey] without any
	// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. You must manually call
	// [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or
	// [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]
	// before you can use this [CryptoKey][google.cloud.kms.v1.CryptoKey].
	SkipInitialVersionCreation bool `` /* 144-byte string literal not displayed */
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey].

func (*CreateCryptoKeyRequest) Descriptor deprecated 

func (*CreateCryptoKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateCryptoKeyRequest.ProtoReflect.Descriptor instead.

func (*CreateCryptoKeyRequest) GetCryptoKey 

func (x *CreateCryptoKeyRequest) GetCryptoKey() *CryptoKey

func (*CreateCryptoKeyRequest) GetCryptoKeyId 

func (x *CreateCryptoKeyRequest) GetCryptoKeyId() string

func (*CreateCryptoKeyRequest) GetParent 

func (x *CreateCryptoKeyRequest) GetParent() string

func (*CreateCryptoKeyRequest) GetSkipInitialVersionCreation 

func (x *CreateCryptoKeyRequest) GetSkipInitialVersionCreation() bool

func (*CreateCryptoKeyRequest) ProtoMessage 

func (*CreateCryptoKeyRequest) ProtoMessage()

func (*CreateCryptoKeyRequest) ProtoReflect 

func (x *CreateCryptoKeyRequest) ProtoReflect() protoreflect.Message

func (*CreateCryptoKeyRequest) Reset 

func (x *CreateCryptoKeyRequest) Reset()

func (*CreateCryptoKeyRequest) String 

func (x *CreateCryptoKeyRequest) String() string

type CreateCryptoKeyVersionRequest 

type CreateCryptoKeyVersionRequest struct {

	// Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] associated with
	// the [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with initial field values.
	CryptoKeyVersion *CryptoKeyVersion `protobuf:"bytes,2,opt,name=crypto_key_version,json=cryptoKeyVersion,proto3" json:"crypto_key_version,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion].

func (*CreateCryptoKeyVersionRequest) Descriptor deprecated 

func (*CreateCryptoKeyVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.

func (*CreateCryptoKeyVersionRequest) GetCryptoKeyVersion 

func (x *CreateCryptoKeyVersionRequest) GetCryptoKeyVersion() *CryptoKeyVersion

func (*CreateCryptoKeyVersionRequest) GetParent 

func (x *CreateCryptoKeyVersionRequest) GetParent() string

func (*CreateCryptoKeyVersionRequest) ProtoMessage 

func (*CreateCryptoKeyVersionRequest) ProtoMessage()

func (*CreateCryptoKeyVersionRequest) ProtoReflect 

func (x *CreateCryptoKeyVersionRequest) ProtoReflect() protoreflect.Message

func (*CreateCryptoKeyVersionRequest) Reset 

func (x *CreateCryptoKeyVersionRequest) Reset()

func (*CreateCryptoKeyVersionRequest) String 

func (x *CreateCryptoKeyVersionRequest) String() string

type CreateImportJobRequest 

type CreateImportJobRequest struct {

	// Required. The [name][google.cloud.kms.v1.KeyRing.name] of the [KeyRing][google.cloud.kms.v1.KeyRing] associated with the
	// [ImportJobs][google.cloud.kms.v1.ImportJob].
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. It must be unique within a KeyRing and match the regular
	// expression `[a-zA-Z0-9_-]{1,63}`
	ImportJobId string `protobuf:"bytes,2,opt,name=import_job_id,json=importJobId,proto3" json:"import_job_id,omitempty"`
	// Required. An [ImportJob][google.cloud.kms.v1.ImportJob] with initial field values.
	ImportJob *ImportJob `protobuf:"bytes,3,opt,name=import_job,json=importJob,proto3" json:"import_job,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.CreateImportJob][google.cloud.kms.v1.KeyManagementService.CreateImportJob].

func (*CreateImportJobRequest) Descriptor deprecated 

func (*CreateImportJobRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateImportJobRequest.ProtoReflect.Descriptor instead.

func (*CreateImportJobRequest) GetImportJob 

func (x *CreateImportJobRequest) GetImportJob() *ImportJob

func (*CreateImportJobRequest) GetImportJobId 

func (x *CreateImportJobRequest) GetImportJobId() string

func (*CreateImportJobRequest) GetParent 

func (x *CreateImportJobRequest) GetParent() string

func (*CreateImportJobRequest) ProtoMessage 

func (*CreateImportJobRequest) ProtoMessage()

func (*CreateImportJobRequest) ProtoReflect 

func (x *CreateImportJobRequest) ProtoReflect() protoreflect.Message

func (*CreateImportJobRequest) Reset 

func (x *CreateImportJobRequest) Reset()

func (*CreateImportJobRequest) String 

func (x *CreateImportJobRequest) String() string

type CreateKeyRingRequest 

type CreateKeyRingRequest struct {

	// Required. The resource name of the location associated with the
	// [KeyRings][google.cloud.kms.v1.KeyRing], in the format `projects/*/locations/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. It must be unique within a location and match the regular
	// expression `[a-zA-Z0-9_-]{1,63}`
	KeyRingId string `protobuf:"bytes,2,opt,name=key_ring_id,json=keyRingId,proto3" json:"key_ring_id,omitempty"`
	// Required. A [KeyRing][google.cloud.kms.v1.KeyRing] with initial field values.
	KeyRing *KeyRing `protobuf:"bytes,3,opt,name=key_ring,json=keyRing,proto3" json:"key_ring,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.CreateKeyRing][google.cloud.kms.v1.KeyManagementService.CreateKeyRing].

func (*CreateKeyRingRequest) Descriptor deprecated 

func (*CreateKeyRingRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateKeyRingRequest.ProtoReflect.Descriptor instead.

func (*CreateKeyRingRequest) GetKeyRing 

func (x *CreateKeyRingRequest) GetKeyRing() *KeyRing

func (*CreateKeyRingRequest) GetKeyRingId 

func (x *CreateKeyRingRequest) GetKeyRingId() string

func (*CreateKeyRingRequest) GetParent 

func (x *CreateKeyRingRequest) GetParent() string

func (*CreateKeyRingRequest) ProtoMessage 

func (*CreateKeyRingRequest) ProtoMessage()

func (*CreateKeyRingRequest) ProtoReflect 

func (x *CreateKeyRingRequest) ProtoReflect() protoreflect.Message

func (*CreateKeyRingRequest) Reset 

func (x *CreateKeyRingRequest) Reset()

func (*CreateKeyRingRequest) String 

func (x *CreateKeyRingRequest) String() string

type CryptoKey 

type CryptoKey struct {

	// Output only. The resource name for this [CryptoKey][google.cloud.kms.v1.CryptoKey] in the format
	// `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Output only. A copy of the "primary" [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that will be used
	// by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] when this [CryptoKey][google.cloud.kms.v1.CryptoKey] is given
	// in [EncryptRequest.name][google.cloud.kms.v1.EncryptRequest.name].
	//
	// The [CryptoKey][google.cloud.kms.v1.CryptoKey]'s primary version can be updated via
	// [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion].
	//
	// Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] may have a
	// primary. For other keys, this field will be omitted.
	Primary *CryptoKeyVersion `protobuf:"bytes,2,opt,name=primary,proto3" json:"primary,omitempty"`
	// Immutable. The immutable purpose of this [CryptoKey][google.cloud.kms.v1.CryptoKey].
	Purpose CryptoKey_CryptoKeyPurpose `protobuf:"varint,3,opt,name=purpose,proto3,enum=google.cloud.kms.v1.CryptoKey_CryptoKeyPurpose" json:"purpose,omitempty"`
	// Output only. The time at which this [CryptoKey][google.cloud.kms.v1.CryptoKey] was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// At [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time], the Key Management Service will automatically:
	//
	// 1. Create a new version of this [CryptoKey][google.cloud.kms.v1.CryptoKey].
	// 2. Mark the new version as primary.
	//
	// Key rotations performed manually via
	// [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] and
	// [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion]
	// do not affect [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time].
	//
	// Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] support
	// automatic rotation. For other keys, this field must be omitted.
	NextRotationTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=next_rotation_time,json=nextRotationTime,proto3" json:"next_rotation_time,omitempty"`
	// Controls the rate of automatic rotation.
	//
	// Types that are assignable to RotationSchedule:
	//	*CryptoKey_RotationPeriod
	RotationSchedule isCryptoKey_RotationSchedule `protobuf_oneof:"rotation_schedule"`
	// A template describing settings for new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] instances.
	// The properties of new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] instances created by either
	// [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or
	// auto-rotation are controlled by this template.
	VersionTemplate *CryptoKeyVersionTemplate `protobuf:"bytes,11,opt,name=version_template,json=versionTemplate,proto3" json:"version_template,omitempty"`
	// Labels with user-defined metadata. For more information, see
	// [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys).
	Labels map[string]string `` /* 154-byte string literal not displayed */
	// contains filtered or unexported fields
}

A CryptoKey[google.cloud.kms.v1.CryptoKey] represents a logical key that can be used for cryptographic operations.

A CryptoKey[google.cloud.kms.v1.CryptoKey] is made up of zero or more [versions][google.cloud.kms.v1.CryptoKeyVersion], which represent the actual key material used in cryptographic operations.

func (*CryptoKey) Descriptor deprecated 

func (*CryptoKey) Descriptor() ([]byte, []int)

Deprecated: Use CryptoKey.ProtoReflect.Descriptor instead.

func (*CryptoKey) GetCreateTime 

func (x *CryptoKey) GetCreateTime() *timestamppb.Timestamp

func (*CryptoKey) GetLabels 

func (x *CryptoKey) GetLabels() map[string]string

func (*CryptoKey) GetName 

func (x *CryptoKey) GetName() string

func (*CryptoKey) GetNextRotationTime 

func (x *CryptoKey) GetNextRotationTime() *timestamppb.Timestamp

func (*CryptoKey) GetPrimary 

func (x *CryptoKey) GetPrimary() *CryptoKeyVersion

func (*CryptoKey) GetPurpose 

func (x *CryptoKey) GetPurpose() CryptoKey_CryptoKeyPurpose

func (*CryptoKey) GetRotationPeriod 

func (x *CryptoKey) GetRotationPeriod() *durationpb.Duration

func (*CryptoKey) GetRotationSchedule 

func (m *CryptoKey) GetRotationSchedule() isCryptoKey_RotationSchedule

func (*CryptoKey) GetVersionTemplate 

func (x *CryptoKey) GetVersionTemplate() *CryptoKeyVersionTemplate

func (*CryptoKey) ProtoMessage 

func (*CryptoKey) ProtoMessage()

func (*CryptoKey) ProtoReflect 

func (x *CryptoKey) ProtoReflect() protoreflect.Message

func (*CryptoKey) Reset 

func (x *CryptoKey) Reset()

func (*CryptoKey) String 

func (x *CryptoKey) String() string

type CryptoKeyVersion 

type CryptoKeyVersion struct {

	// Output only. The resource name for this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the format
	// `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The current state of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	State CryptoKeyVersion_CryptoKeyVersionState `` /* 128-byte string literal not displayed */
	// Output only. The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] describing how crypto operations are
	// performed with this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */
	// Output only. The [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] that this
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] supports.
	Algorithm CryptoKeyVersion_CryptoKeyVersionAlgorithm `` /* 141-byte string literal not displayed */
	// Output only. Statement that was generated and signed by the HSM at key
	// creation time. Use this statement to verify attributes of the key as stored
	// on the HSM, independently of Google. Only provided for key versions with
	// [protection_level][google.cloud.kms.v1.CryptoKeyVersion.protection_level] [HSM][google.cloud.kms.v1.ProtectionLevel.HSM].
	Attestation *KeyOperationAttestation `protobuf:"bytes,8,opt,name=attestation,proto3" json:"attestation,omitempty"`
	// Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// Output only. The time this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material was
	// generated.
	GenerateTime *timestamppb.Timestamp `protobuf:"bytes,11,opt,name=generate_time,json=generateTime,proto3" json:"generate_time,omitempty"`
	// Output only. The time this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material is scheduled
	// for destruction. Only present if [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
	// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED].
	DestroyTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=destroy_time,json=destroyTime,proto3" json:"destroy_time,omitempty"`
	// Output only. The time this CryptoKeyVersion's key material was
	// destroyed. Only present if [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
	// [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED].
	DestroyEventTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=destroy_event_time,json=destroyEventTime,proto3" json:"destroy_event_time,omitempty"`
	// Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used to import this
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Only present if the underlying key material was
	// imported.
	ImportJob string `protobuf:"bytes,14,opt,name=import_job,json=importJob,proto3" json:"import_job,omitempty"`
	// Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material
	// was imported.
	ImportTime *timestamppb.Timestamp `protobuf:"bytes,15,opt,name=import_time,json=importTime,proto3" json:"import_time,omitempty"`
	// Output only. The root cause of an import failure. Only present if
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
	// [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED].
	ImportFailureReason string `protobuf:"bytes,16,opt,name=import_failure_reason,json=importFailureReason,proto3" json:"import_failure_reason,omitempty"`
	// ExternalProtectionLevelOptions stores a group of additional fields for
	// configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that are specific to the
	// [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level.
	ExternalProtectionLevelOptions *ExternalProtectionLevelOptions `` /* 156-byte string literal not displayed */
	// contains filtered or unexported fields
}

A CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion] represents an individual cryptographic key, and the associated key material.

An [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] version can be used for cryptographic operations.

For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion] can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS.

func (*CryptoKeyVersion) Descriptor deprecated 

func (*CryptoKeyVersion) Descriptor() ([]byte, []int)

Deprecated: Use CryptoKeyVersion.ProtoReflect.Descriptor instead.

func (*CryptoKeyVersion) GetAlgorithm 

func (x *CryptoKeyVersion) GetAlgorithm() CryptoKeyVersion_CryptoKeyVersionAlgorithm

func (*CryptoKeyVersion) GetAttestation 

func (x *CryptoKeyVersion) GetAttestation() *KeyOperationAttestation

func (*CryptoKeyVersion) GetCreateTime 

func (x *CryptoKeyVersion) GetCreateTime() *timestamppb.Timestamp

func (*CryptoKeyVersion) GetDestroyEventTime 

func (x *CryptoKeyVersion) GetDestroyEventTime() *timestamppb.Timestamp

func (*CryptoKeyVersion) GetDestroyTime 

func (x *CryptoKeyVersion) GetDestroyTime() *timestamppb.Timestamp

func (*CryptoKeyVersion) GetExternalProtectionLevelOptions 

func (x *CryptoKeyVersion) GetExternalProtectionLevelOptions() *ExternalProtectionLevelOptions

func (*CryptoKeyVersion) GetGenerateTime 

func (x *CryptoKeyVersion) GetGenerateTime() *timestamppb.Timestamp

func (*CryptoKeyVersion) GetImportFailureReason 

func (x *CryptoKeyVersion) GetImportFailureReason() string

func (*CryptoKeyVersion) GetImportJob 

func (x *CryptoKeyVersion) GetImportJob() string

func (*CryptoKeyVersion) GetImportTime 

func (x *CryptoKeyVersion) GetImportTime() *timestamppb.Timestamp

func (*CryptoKeyVersion) GetName 

func (x *CryptoKeyVersion) GetName() string

func (*CryptoKeyVersion) GetProtectionLevel 

func (x *CryptoKeyVersion) GetProtectionLevel() ProtectionLevel

func (*CryptoKeyVersion) GetState 

func (x *CryptoKeyVersion) GetState() CryptoKeyVersion_CryptoKeyVersionState

func (*CryptoKeyVersion) ProtoMessage 

func (*CryptoKeyVersion) ProtoMessage()

func (*CryptoKeyVersion) ProtoReflect 

func (x *CryptoKeyVersion) ProtoReflect() protoreflect.Message

func (*CryptoKeyVersion) Reset 

func (x *CryptoKeyVersion) Reset()

func (*CryptoKeyVersion) String 

func (x *CryptoKeyVersion) String() string

type CryptoKeyVersionTemplate 

type CryptoKeyVersionTemplate struct {

	// [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] to use when creating a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] based on
	// this template. Immutable. Defaults to [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE].
	ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */
	// Required. [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] to use
	// when creating a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] based on this template.
	//
	// For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both
	// this field is omitted and [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] is
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
	Algorithm CryptoKeyVersion_CryptoKeyVersionAlgorithm `` /* 140-byte string literal not displayed */
	// contains filtered or unexported fields
}

A CryptoKeyVersionTemplate[google.cloud.kms.v1.CryptoKeyVersionTemplate] specifies the properties to use when creating a new CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion], either manually with [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or automatically as a result of auto-rotation.

func (*CryptoKeyVersionTemplate) Descriptor deprecated 

func (*CryptoKeyVersionTemplate) Descriptor() ([]byte, []int)

Deprecated: Use CryptoKeyVersionTemplate.ProtoReflect.Descriptor instead.

func (*CryptoKeyVersionTemplate) GetAlgorithm 

func (x *CryptoKeyVersionTemplate) GetAlgorithm() CryptoKeyVersion_CryptoKeyVersionAlgorithm

func (*CryptoKeyVersionTemplate) GetProtectionLevel 

func (x *CryptoKeyVersionTemplate) GetProtectionLevel() ProtectionLevel

func (*CryptoKeyVersionTemplate) ProtoMessage 

func (*CryptoKeyVersionTemplate) ProtoMessage()

func (*CryptoKeyVersionTemplate) ProtoReflect 

func (x *CryptoKeyVersionTemplate) ProtoReflect() protoreflect.Message

func (*CryptoKeyVersionTemplate) Reset 

func (x *CryptoKeyVersionTemplate) Reset()

func (*CryptoKeyVersionTemplate) String 

func (x *CryptoKeyVersionTemplate) String() string

type CryptoKeyVersion_CryptoKeyVersionAlgorithm 

type CryptoKeyVersion_CryptoKeyVersionAlgorithm int32

The algorithm of the CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion], indicating what parameters must be used for each cryptographic operation.

The [GOOGLE_SYMMETRIC_ENCRYPTION][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION] algorithm is usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].

Algorithms beginning with "RSA_SIGN_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN].

The fields in the name after "RSA_SIGN_" correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm.

For PSS, the salt length used is equal to the length of digest algorithm. For example, [RSA_SIGN_PSS_2048_SHA256][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256] will use PSS with a salt length of 256 bits or 32 bytes.

Algorithms beginning with "RSA_DECRYPT_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].

The fields in the name after "RSA_DECRYPT_" correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm.

Algorithms beginning with "EC_SIGN_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN].

The fields in the name after "EC_SIGN_" correspond to the following parameters: elliptic curve, digest algorithm.

For more information, see [Key purposes and algorithms] (https://cloud.google.com/kms/docs/algorithms). 

const (
	// Not specified.
	CryptoKeyVersion_CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED CryptoKeyVersion_CryptoKeyVersionAlgorithm = 0
	// Creates symmetric encryption keys.
	CryptoKeyVersion_GOOGLE_SYMMETRIC_ENCRYPTION CryptoKeyVersion_CryptoKeyVersionAlgorithm = 1
	// RSASSA-PSS 2048 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PSS_2048_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 2
	// RSASSA-PSS 3072 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PSS_3072_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 3
	// RSASSA-PSS 4096 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 4
	// RSASSA-PSS 4096 bit key with a SHA512 digest.
	CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 15
	// RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PKCS1_2048_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 5
	// RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PKCS1_3072_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 6
	// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PKCS1_4096_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 7
	// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
	CryptoKeyVersion_RSA_SIGN_PKCS1_4096_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 16
	// RSAES-OAEP 2048 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_2048_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 8
	// RSAES-OAEP 3072 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_3072_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 9
	// RSAES-OAEP 4096 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 10
	// RSAES-OAEP 4096 bit key with a SHA512 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 17
	// ECDSA on the NIST P-256 curve with a SHA256 digest.
	CryptoKeyVersion_EC_SIGN_P256_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 12
	// ECDSA on the NIST P-384 curve with a SHA384 digest.
	CryptoKeyVersion_EC_SIGN_P384_SHA384 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 13
	// Algorithm representing symmetric encryption by an external key manager.
	CryptoKeyVersion_EXTERNAL_SYMMETRIC_ENCRYPTION CryptoKeyVersion_CryptoKeyVersionAlgorithm = 18
)

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Descriptor 

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Descriptor() protoreflect.EnumDescriptor

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Enum 

func (x CryptoKeyVersion_CryptoKeyVersionAlgorithm) Enum() *CryptoKeyVersion_CryptoKeyVersionAlgorithm

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) EnumDescriptor deprecated 

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) EnumDescriptor() ([]byte, []int)

Deprecated: Use CryptoKeyVersion_CryptoKeyVersionAlgorithm.Descriptor instead.

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Number 

func (x CryptoKeyVersion_CryptoKeyVersionAlgorithm) Number() protoreflect.EnumNumber

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) String 

func (x CryptoKeyVersion_CryptoKeyVersionAlgorithm) String() string

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Type 

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Type() protoreflect.EnumType

type CryptoKeyVersion_CryptoKeyVersionState 

type CryptoKeyVersion_CryptoKeyVersionState int32

The state of a CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion], indicating if it can be used. 

const (
	// Not specified.
	CryptoKeyVersion_CRYPTO_KEY_VERSION_STATE_UNSPECIFIED CryptoKeyVersion_CryptoKeyVersionState = 0
	// This version is still being generated. It may not be used, enabled,
	// disabled, or destroyed yet. Cloud KMS will automatically mark this
	// version [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] as soon as the version is ready.
	CryptoKeyVersion_PENDING_GENERATION CryptoKeyVersion_CryptoKeyVersionState = 5
	// This version may be used for cryptographic operations.
	CryptoKeyVersion_ENABLED CryptoKeyVersion_CryptoKeyVersionState = 1
	// This version may not be used, but the key material is still available,
	// and the version can be placed back into the [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] state.
	CryptoKeyVersion_DISABLED CryptoKeyVersion_CryptoKeyVersionState = 2
	// This version is destroyed, and the key material is no longer stored.
	// A version may not leave this state once entered.
	CryptoKeyVersion_DESTROYED CryptoKeyVersion_CryptoKeyVersionState = 3
	// This version is scheduled for destruction, and will be destroyed soon.
	// Call
	// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
	// to put it back into the [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] state.
	CryptoKeyVersion_DESTROY_SCHEDULED CryptoKeyVersion_CryptoKeyVersionState = 4
	// This version is still being imported. It may not be used, enabled,
	// disabled, or destroyed yet. Cloud KMS will automatically mark this
	// version [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] as soon as the version is ready.
	CryptoKeyVersion_PENDING_IMPORT CryptoKeyVersion_CryptoKeyVersionState = 6
	// This version was not imported successfully. It may not be used, enabled,
	// disabled, or destroyed. The submitted key material has been discarded.
	// Additional details can be found in
	// [CryptoKeyVersion.import_failure_reason][google.cloud.kms.v1.CryptoKeyVersion.import_failure_reason].
	CryptoKeyVersion_IMPORT_FAILED CryptoKeyVersion_CryptoKeyVersionState = 7
)

func (CryptoKeyVersion_CryptoKeyVersionState) Descriptor 

func (CryptoKeyVersion_CryptoKeyVersionState) Descriptor() protoreflect.EnumDescriptor

func (CryptoKeyVersion_CryptoKeyVersionState) Enum 

func (x CryptoKeyVersion_CryptoKeyVersionState) Enum() *CryptoKeyVersion_CryptoKeyVersionState

func (CryptoKeyVersion_CryptoKeyVersionState) EnumDescriptor deprecated 

func (CryptoKeyVersion_CryptoKeyVersionState) EnumDescriptor() ([]byte, []int)

Deprecated: Use CryptoKeyVersion_CryptoKeyVersionState.Descriptor instead.

func (CryptoKeyVersion_CryptoKeyVersionState) Number 

func (x CryptoKeyVersion_CryptoKeyVersionState) Number() protoreflect.EnumNumber

func (CryptoKeyVersion_CryptoKeyVersionState) String 

func (x CryptoKeyVersion_CryptoKeyVersionState) String() string

func (CryptoKeyVersion_CryptoKeyVersionState) Type 

func (CryptoKeyVersion_CryptoKeyVersionState) Type() protoreflect.EnumType

type CryptoKeyVersion_CryptoKeyVersionView 

type CryptoKeyVersion_CryptoKeyVersionView int32

A view for CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion]s. Controls the level of detail returned for [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] in [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions] and [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys]. 

const (
	// Default view for each [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Does not include
	// the [attestation][google.cloud.kms.v1.CryptoKeyVersion.attestation] field.
	CryptoKeyVersion_CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED CryptoKeyVersion_CryptoKeyVersionView = 0
	// Provides all fields in each [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], including the
	// [attestation][google.cloud.kms.v1.CryptoKeyVersion.attestation].
	CryptoKeyVersion_FULL CryptoKeyVersion_CryptoKeyVersionView = 1
)

func (CryptoKeyVersion_CryptoKeyVersionView) Descriptor 

func (CryptoKeyVersion_CryptoKeyVersionView) Descriptor() protoreflect.EnumDescriptor

func (CryptoKeyVersion_CryptoKeyVersionView) Enum 

func (x CryptoKeyVersion_CryptoKeyVersionView) Enum() *CryptoKeyVersion_CryptoKeyVersionView

func (CryptoKeyVersion_CryptoKeyVersionView) EnumDescriptor deprecated 

func (CryptoKeyVersion_CryptoKeyVersionView) EnumDescriptor() ([]byte, []int)

Deprecated: Use CryptoKeyVersion_CryptoKeyVersionView.Descriptor instead.

func (CryptoKeyVersion_CryptoKeyVersionView) Number 

func (x CryptoKeyVersion_CryptoKeyVersionView) Number() protoreflect.EnumNumber

func (CryptoKeyVersion_CryptoKeyVersionView) String 

func (x CryptoKeyVersion_CryptoKeyVersionView) String() string

func (CryptoKeyVersion_CryptoKeyVersionView) Type 

func (CryptoKeyVersion_CryptoKeyVersionView) Type() protoreflect.EnumType

type CryptoKey_CryptoKeyPurpose 

type CryptoKey_CryptoKeyPurpose int32

[CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] describes the cryptographic capabilities of a CryptoKey[google.cloud.kms.v1.CryptoKey]. A given key can only be used for the operations allowed by its purpose. For more information, see [Key purposes](https://cloud.google.com/kms/docs/algorithms#key_purposes). 

const (
	// Not specified.
	CryptoKey_CRYPTO_KEY_PURPOSE_UNSPECIFIED CryptoKey_CryptoKeyPurpose = 0
	// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used with
	// [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and
	// [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
	CryptoKey_ENCRYPT_DECRYPT CryptoKey_CryptoKeyPurpose = 1
	// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used with
	// [AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign] and
	// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
	CryptoKey_ASYMMETRIC_SIGN CryptoKey_CryptoKeyPurpose = 5
	// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used with
	// [AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt] and
	// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
	CryptoKey_ASYMMETRIC_DECRYPT CryptoKey_CryptoKeyPurpose = 6
)

func (CryptoKey_CryptoKeyPurpose) Descriptor 

func (CryptoKey_CryptoKeyPurpose) Descriptor() protoreflect.EnumDescriptor

func (CryptoKey_CryptoKeyPurpose) Enum 

func (x CryptoKey_CryptoKeyPurpose) Enum() *CryptoKey_CryptoKeyPurpose

func (CryptoKey_CryptoKeyPurpose) EnumDescriptor deprecated 

func (CryptoKey_CryptoKeyPurpose) EnumDescriptor() ([]byte, []int)

Deprecated: Use CryptoKey_CryptoKeyPurpose.Descriptor instead.

func (CryptoKey_CryptoKeyPurpose) Number 

func (x CryptoKey_CryptoKeyPurpose) Number() protoreflect.EnumNumber

func (CryptoKey_CryptoKeyPurpose) String 

func (x CryptoKey_CryptoKeyPurpose) String() string

func (CryptoKey_CryptoKeyPurpose) Type 

func (CryptoKey_CryptoKeyPurpose) Type() protoreflect.EnumType

type CryptoKey_RotationPeriod 

type CryptoKey_RotationPeriod struct {
	// [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time] will be advanced by this period when the service
	// automatically rotates a key. Must be at least 24 hours and at most
	// 876,000 hours.
	//
	// If [rotation_period][google.cloud.kms.v1.CryptoKey.rotation_period] is set, [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time] must also be set.
	//
	// Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] support
	// automatic rotation. For other keys, this field must be omitted.
	RotationPeriod *durationpb.Duration `protobuf:"bytes,8,opt,name=rotation_period,json=rotationPeriod,proto3,oneof"`
}

type DecryptRequest 

type DecryptRequest struct {

	// Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to use for decryption.
	// The server will choose the appropriate version.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. The encrypted data originally returned in
	// [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext].
	Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
	// Optional. Optional data that must match the data originally supplied in
	// [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data].
	AdditionalAuthenticatedData []byte `` /* 144-byte string literal not displayed */
	// Optional. An optional CRC32C checksum of the [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]. If
	// specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the
	// received [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext] using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification
	// fails. If you receive a checksum error, your client should verify that
	// CRC32C([DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]) is equal to
	// [DecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.DecryptRequest.ciphertext_crc32c], and if so, perform a limited number
	// of retries. A persistent mismatch may indicate an issue in your computation
	// of the CRC32C checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	//
	// NOTE: This field is in Beta.
	CiphertextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,5,opt,name=ciphertext_crc32c,json=ciphertextCrc32c,proto3" json:"ciphertext_crc32c,omitempty"`
	// Optional. An optional CRC32C checksum of the
	// [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]. If specified,
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received
	// [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data] using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification
	// fails. If you receive a checksum error, your client should verify that
	// CRC32C([DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]) is equal to
	// [DecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data_crc32c], and if so, perform
	// a limited number of retries. A persistent mismatch may indicate an issue in
	// your computation of the CRC32C checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	//
	// NOTE: This field is in Beta.
	AdditionalAuthenticatedDataCrc32C *wrapperspb.Int64Value `` /* 164-byte string literal not displayed */
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].

func (*DecryptRequest) Descriptor deprecated 

func (*DecryptRequest) Descriptor() ([]byte, []int)

Deprecated: Use DecryptRequest.ProtoReflect.Descriptor instead.

func (*DecryptRequest) GetAdditionalAuthenticatedData 

func (x *DecryptRequest) GetAdditionalAuthenticatedData() []byte

func (*DecryptRequest) GetAdditionalAuthenticatedDataCrc32C 

func (x *DecryptRequest) GetAdditionalAuthenticatedDataCrc32C() *wrapperspb.Int64Value

func (*DecryptRequest) GetCiphertext 

func (x *DecryptRequest) GetCiphertext() []byte

func (*DecryptRequest) GetCiphertextCrc32C 

func (x *DecryptRequest) GetCiphertextCrc32C() *wrapperspb.Int64Value

func (*DecryptRequest) GetName 

func (x *DecryptRequest) GetName() string

func (*DecryptRequest) ProtoMessage 

func (*DecryptRequest) ProtoMessage()

func (*DecryptRequest) ProtoReflect 

func (x *DecryptRequest) ProtoReflect() protoreflect.Message

func (*DecryptRequest) Reset 

func (x *DecryptRequest) Reset()

func (*DecryptRequest) String 

func (x *DecryptRequest) String() string

type DecryptResponse 

type DecryptResponse struct {

	// The decrypted data originally supplied in [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext].
	Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
	// Integrity verification field. A CRC32C checksum of the returned
	// [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext]. An integrity check of
	// [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext] can be performed by computing the CRC32C
	// checksum of [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext] and comparing your results to
	// this field. Discard the response in case of non-matching checksum values,
	// and perform a limited number of retries. A persistent mismatch may indicate
	// an issue in your computation of the CRC32C checksum. Note: receiving this
	// response message indicates that [KeyManagementService][google.cloud.kms.v1.KeyManagementService] is able to
	// successfully decrypt the [ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext].
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	//
	// NOTE: This field is in Beta.
	PlaintextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,2,opt,name=plaintext_crc32c,json=plaintextCrc32c,proto3" json:"plaintext_crc32c,omitempty"`
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].

func (*DecryptResponse) Descriptor deprecated 

func (*DecryptResponse) Descriptor() ([]byte, []int)

Deprecated: Use DecryptResponse.ProtoReflect.Descriptor instead.

func (*DecryptResponse) GetPlaintext 

func (x *DecryptResponse) GetPlaintext() []byte

func (*DecryptResponse) GetPlaintextCrc32C 

func (x *DecryptResponse) GetPlaintextCrc32C() *wrapperspb.Int64Value

func (*DecryptResponse) ProtoMessage 

func (*DecryptResponse) ProtoMessage()

func (*DecryptResponse) ProtoReflect 

func (x *DecryptResponse) ProtoReflect() protoreflect.Message

func (*DecryptResponse) Reset 

func (x *DecryptResponse) Reset()

func (*DecryptResponse) String 

func (x *DecryptResponse) String() string

type DestroyCryptoKeyVersionRequest 

type DestroyCryptoKeyVersionRequest struct {

	// Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to destroy.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion].

func (*DestroyCryptoKeyVersionRequest) Descriptor deprecated 

func (*DestroyCryptoKeyVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use DestroyCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.

func (*DestroyCryptoKeyVersionRequest) GetName 

func (x *DestroyCryptoKeyVersionRequest) GetName() string

func (*DestroyCryptoKeyVersionRequest) ProtoMessage 

func (*DestroyCryptoKeyVersionRequest) ProtoMessage()

func (*DestroyCryptoKeyVersionRequest) ProtoReflect 

func (x *DestroyCryptoKeyVersionRequest) ProtoReflect() protoreflect.Message

func (*DestroyCryptoKeyVersionRequest) Reset 

func (x *DestroyCryptoKeyVersionRequest) Reset()

func (*DestroyCryptoKeyVersionRequest) String 

func (x *DestroyCryptoKeyVersionRequest) String() string

type Digest 

type Digest struct {

	// Required. The message digest.
	//
	// Types that are assignable to Digest:
	//	*Digest_Sha256
	//	*Digest_Sha384
	//	*Digest_Sha512
	Digest isDigest_Digest `protobuf_oneof:"digest"`
	// contains filtered or unexported fields
}

A Digest[google.cloud.kms.v1.Digest] holds a cryptographic message digest.

func (*Digest) Descriptor deprecated 

func (*Digest) Descriptor() ([]byte, []int)

Deprecated: Use Digest.ProtoReflect.Descriptor instead.

func (*Digest) GetDigest 

func (m *Digest) GetDigest() isDigest_Digest

func (*Digest) GetSha256 

func (x *Digest) GetSha256() []byte

func (*Digest) GetSha384 

func (x *Digest) GetSha384() []byte

func (*Digest) GetSha512 

func (x *Digest) GetSha512() []byte

func (*Digest) ProtoMessage 

func (*Digest) ProtoMessage()

func (*Digest) ProtoReflect 

func (x *Digest) ProtoReflect() protoreflect.Message

func (*Digest) Reset 

func (x *Digest) Reset()

func (*Digest) String 

func (x *Digest) String() string

type Digest_Sha256 

type Digest_Sha256 struct {
	// A message digest produced with the SHA-256 algorithm.
	Sha256 []byte `protobuf:"bytes,1,opt,name=sha256,proto3,oneof"`
}

type Digest_Sha384 

type Digest_Sha384 struct {
	// A message digest produced with the SHA-384 algorithm.
	Sha384 []byte `protobuf:"bytes,2,opt,name=sha384,proto3,oneof"`
}

type Digest_Sha512 

type Digest_Sha512 struct {
	// A message digest produced with the SHA-512 algorithm.
	Sha512 []byte `protobuf:"bytes,3,opt,name=sha512,proto3,oneof"`
}

type EncryptRequest 

type EncryptRequest struct {

	// Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] or [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
	// to use for encryption.
	//
	// If a [CryptoKey][google.cloud.kms.v1.CryptoKey] is specified, the server will use its
	// [primary version][google.cloud.kms.v1.CryptoKey.primary].
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. The data to encrypt. Must be no larger than 64KiB.
	//
	// The maximum size depends on the key version's
	// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. For
	// [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the plaintext must be no larger
	// than 64KiB. For [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of the
	// plaintext and additional_authenticated_data fields must be no larger than
	// 8KiB.
	Plaintext []byte `protobuf:"bytes,2,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
	// Optional. Optional data that, if specified, must also be provided during decryption
	// through [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data].
	//
	// The maximum size depends on the key version's
	// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. For
	// [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the AAD must be no larger than
	// 64KiB. For [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of the
	// plaintext and additional_authenticated_data fields must be no larger than
	// 8KiB.
	AdditionalAuthenticatedData []byte `` /* 144-byte string literal not displayed */
	// Optional. An optional CRC32C checksum of the [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. If
	// specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the
	// received [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext] using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification
	// fails. If you receive a checksum error, your client should verify that
	// CRC32C([EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]) is equal to
	// [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c], and if so, perform a limited number of
	// retries. A persistent mismatch may indicate an issue in your computation of
	// the CRC32C checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	//
	// NOTE: This field is in Beta.
	PlaintextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,7,opt,name=plaintext_crc32c,json=plaintextCrc32c,proto3" json:"plaintext_crc32c,omitempty"`
	// Optional. An optional CRC32C checksum of the
	// [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. If specified,
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received
	// [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data] using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification
	// fails. If you receive a checksum error, your client should verify that
	// CRC32C([EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]) is equal to
	// [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c], and if so, perform
	// a limited number of retries. A persistent mismatch may indicate an issue in
	// your computation of the CRC32C checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	//
	// NOTE: This field is in Beta.
	AdditionalAuthenticatedDataCrc32C *wrapperspb.Int64Value `` /* 164-byte string literal not displayed */
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].

func (*EncryptRequest) Descriptor deprecated 

func (*EncryptRequest) Descriptor() ([]byte, []int)

Deprecated: Use EncryptRequest.ProtoReflect.Descriptor instead.

func (*EncryptRequest) GetAdditionalAuthenticatedData 

func (x *EncryptRequest) GetAdditionalAuthenticatedData() []byte

func (*EncryptRequest) GetAdditionalAuthenticatedDataCrc32C 

func (x *EncryptRequest) GetAdditionalAuthenticatedDataCrc32C() *wrapperspb.Int64Value

func (*EncryptRequest) GetName 

func (x *EncryptRequest) GetName() string

func (*EncryptRequest) GetPlaintext 

func (x *EncryptRequest) GetPlaintext() []byte

func (*EncryptRequest) GetPlaintextCrc32C 

func (x *EncryptRequest) GetPlaintextCrc32C() *wrapperspb.Int64Value

func (*EncryptRequest) ProtoMessage 

func (*EncryptRequest) ProtoMessage()

func (*EncryptRequest) ProtoReflect 

func (x *EncryptRequest) ProtoReflect() protoreflect.Message

func (*EncryptRequest) Reset 

func (x *EncryptRequest) Reset()

func (*EncryptRequest) String 

func (x *EncryptRequest) String() string

type EncryptResponse 

type EncryptResponse struct {

	// The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in encryption. Check
	// this field to verify that the intended resource was used for encryption.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The encrypted data.
	Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
	// Integrity verification field. A CRC32C checksum of the returned
	// [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext]. An integrity check of
	// [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext] can be performed by computing the CRC32C
	// checksum of [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext] and comparing your results to
	// this field. Discard the response in case of non-matching checksum values,
	// and perform a limited number of retries. A persistent mismatch may indicate
	// an issue in your computation of the CRC32C checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	//
	// NOTE: This field is in Beta.
	CiphertextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,4,opt,name=ciphertext_crc32c,json=ciphertextCrc32c,proto3" json:"ciphertext_crc32c,omitempty"`
	// Integrity verification field. A flag indicating whether
	// [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] was received by
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the
	// [plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. A false value of this field
	// indicates either that [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] was left unset or
	// that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've set
	// [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] but this field is still false, discard
	// the response and perform a limited number of retries.
	//
	// NOTE: This field is in Beta.
	VerifiedPlaintextCrc32C bool `` /* 133-byte string literal not displayed */
	// Integrity verification field. A flag indicating whether
	// [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] was received by
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the
	// [AAD][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. A false value of this
	// field indicates either that
	// [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] was left unset or
	// that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've set
	// [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] but this field is
	// still false, discard the response and perform a limited number of retries.
	//
	// NOTE: This field is in Beta.
	VerifiedAdditionalAuthenticatedDataCrc32C bool `` /* 191-byte string literal not displayed */
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].

func (*EncryptResponse) Descriptor deprecated 

func (*EncryptResponse) Descriptor() ([]byte, []int)

Deprecated: Use EncryptResponse.ProtoReflect.Descriptor instead.

func (*EncryptResponse) GetCiphertext 

func (x *EncryptResponse) GetCiphertext() []byte

func (*EncryptResponse) GetCiphertextCrc32C 

func (x *EncryptResponse) GetCiphertextCrc32C() *wrapperspb.Int64Value

func (*EncryptResponse) GetName 

func (x *EncryptResponse) GetName() string

func (*EncryptResponse) GetVerifiedAdditionalAuthenticatedDataCrc32C 

func (x *EncryptResponse) GetVerifiedAdditionalAuthenticatedDataCrc32C() bool

func (*EncryptResponse) GetVerifiedPlaintextCrc32C 

func (x *EncryptResponse) GetVerifiedPlaintextCrc32C() bool

func (*EncryptResponse) ProtoMessage 

func (*EncryptResponse) ProtoMessage()

func (*EncryptResponse) ProtoReflect 

func (x *EncryptResponse) ProtoReflect() protoreflect.Message

func (*EncryptResponse) Reset 

func (x *EncryptResponse) Reset()

func (*EncryptResponse) String 

func (x *EncryptResponse) String() string

type ExternalProtectionLevelOptions 

type ExternalProtectionLevelOptions struct {

	// The URI for an external resource that this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] represents.
	ExternalKeyUri string `protobuf:"bytes,1,opt,name=external_key_uri,json=externalKeyUri,proto3" json:"external_key_uri,omitempty"`
	// contains filtered or unexported fields
}

ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion] that are specific to the [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level.

func (*ExternalProtectionLevelOptions) Descriptor deprecated 

func (*ExternalProtectionLevelOptions) Descriptor() ([]byte, []int)

Deprecated: Use ExternalProtectionLevelOptions.ProtoReflect.Descriptor instead.

func (*ExternalProtectionLevelOptions) GetExternalKeyUri 

func (x *ExternalProtectionLevelOptions) GetExternalKeyUri() string

func (*ExternalProtectionLevelOptions) ProtoMessage 

func (*ExternalProtectionLevelOptions) ProtoMessage()

func (*ExternalProtectionLevelOptions) ProtoReflect 

func (x *ExternalProtectionLevelOptions) ProtoReflect() protoreflect.Message

func (*ExternalProtectionLevelOptions) Reset 

func (x *ExternalProtectionLevelOptions) Reset()

func (*ExternalProtectionLevelOptions) String 

func (x *ExternalProtectionLevelOptions) String() string

type GetCryptoKeyRequest 

type GetCryptoKeyRequest struct {

	// Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetCryptoKey][google.cloud.kms.v1.KeyManagementService.GetCryptoKey].

func (*GetCryptoKeyRequest) Descriptor deprecated 

func (*GetCryptoKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetCryptoKeyRequest.ProtoReflect.Descriptor instead.

func (*GetCryptoKeyRequest) GetName 

func (x *GetCryptoKeyRequest) GetName() string

func (*GetCryptoKeyRequest) ProtoMessage 

func (*GetCryptoKeyRequest) ProtoMessage()

func (*GetCryptoKeyRequest) ProtoReflect 

func (x *GetCryptoKeyRequest) ProtoReflect() protoreflect.Message

func (*GetCryptoKeyRequest) Reset 

func (x *GetCryptoKeyRequest) Reset()

func (*GetCryptoKeyRequest) String 

func (x *GetCryptoKeyRequest) String() string

type GetCryptoKeyVersionRequest 

type GetCryptoKeyVersionRequest struct {

	// Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.GetCryptoKeyVersion].

func (*GetCryptoKeyVersionRequest) Descriptor deprecated 

func (*GetCryptoKeyVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.

func (*GetCryptoKeyVersionRequest) GetName 

func (x *GetCryptoKeyVersionRequest) GetName() string

func (*GetCryptoKeyVersionRequest) ProtoMessage 

func (*GetCryptoKeyVersionRequest) ProtoMessage()

func (*GetCryptoKeyVersionRequest) ProtoReflect 

func (x *GetCryptoKeyVersionRequest) ProtoReflect() protoreflect.Message

func (*GetCryptoKeyVersionRequest) Reset 

func (x *GetCryptoKeyVersionRequest) Reset()

func (*GetCryptoKeyVersionRequest) String 

func (x *GetCryptoKeyVersionRequest) String() string

type GetImportJobRequest 

type GetImportJobRequest struct {

	// Required. The [name][google.cloud.kms.v1.ImportJob.name] of the [ImportJob][google.cloud.kms.v1.ImportJob] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetImportJob][google.cloud.kms.v1.KeyManagementService.GetImportJob].

func (*GetImportJobRequest) Descriptor deprecated 

func (*GetImportJobRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetImportJobRequest.ProtoReflect.Descriptor instead.

func (*GetImportJobRequest) GetName 

func (x *GetImportJobRequest) GetName() string

func (*GetImportJobRequest) ProtoMessage 

func (*GetImportJobRequest) ProtoMessage()

func (*GetImportJobRequest) ProtoReflect 

func (x *GetImportJobRequest) ProtoReflect() protoreflect.Message

func (*GetImportJobRequest) Reset 

func (x *GetImportJobRequest) Reset()

func (*GetImportJobRequest) String 

func (x *GetImportJobRequest) String() string

type GetKeyRingRequest 

type GetKeyRingRequest struct {

	// Required. The [name][google.cloud.kms.v1.KeyRing.name] of the [KeyRing][google.cloud.kms.v1.KeyRing] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetKeyRing][google.cloud.kms.v1.KeyManagementService.GetKeyRing].

func (*GetKeyRingRequest) Descriptor deprecated 

func (*GetKeyRingRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetKeyRingRequest.ProtoReflect.Descriptor instead.

func (*GetKeyRingRequest) GetName 

func (x *GetKeyRingRequest) GetName() string

func (*GetKeyRingRequest) ProtoMessage 

func (*GetKeyRingRequest) ProtoMessage()

func (*GetKeyRingRequest) ProtoReflect 

func (x *GetKeyRingRequest) ProtoReflect() protoreflect.Message

func (*GetKeyRingRequest) Reset 

func (x *GetKeyRingRequest) Reset()

func (*GetKeyRingRequest) String 

func (x *GetKeyRingRequest) String() string

type GetPublicKeyRequest 

type GetPublicKeyRequest struct {

	// Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key to
	// get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].

func (*GetPublicKeyRequest) Descriptor deprecated 

func (*GetPublicKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetPublicKeyRequest.ProtoReflect.Descriptor instead.

func (*GetPublicKeyRequest) GetName 

func (x *GetPublicKeyRequest) GetName() string

func (*GetPublicKeyRequest) ProtoMessage 

func (*GetPublicKeyRequest) ProtoMessage()

func (*GetPublicKeyRequest) ProtoReflect 

func (x *GetPublicKeyRequest) ProtoReflect() protoreflect.Message

func (*GetPublicKeyRequest) Reset 

func (x *GetPublicKeyRequest) Reset()

func (*GetPublicKeyRequest) String 

func (x *GetPublicKeyRequest) String() string

type ImportCryptoKeyVersionRequest 

type ImportCryptoKeyVersionRequest struct {

	// Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to
	// be imported into.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. The [algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] of
	// the key being imported. This does not need to match the
	// [version_template][google.cloud.kms.v1.CryptoKey.version_template] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] this
	// version imports into.
	Algorithm CryptoKeyVersion_CryptoKeyVersionAlgorithm `` /* 140-byte string literal not displayed */
	// Required. The [name][google.cloud.kms.v1.ImportJob.name] of the [ImportJob][google.cloud.kms.v1.ImportJob] that was used to
	// wrap this key material.
	ImportJob string `protobuf:"bytes,4,opt,name=import_job,json=importJob,proto3" json:"import_job,omitempty"`
	// Required. The incoming wrapped key material that is to be imported.
	//
	// Types that are assignable to WrappedKeyMaterial:
	//	*ImportCryptoKeyVersionRequest_RsaAesWrappedKey
	WrappedKeyMaterial isImportCryptoKeyVersionRequest_WrappedKeyMaterial `protobuf_oneof:"wrapped_key_material"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion].

func (*ImportCryptoKeyVersionRequest) Descriptor deprecated 

func (*ImportCryptoKeyVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use ImportCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.

func (*ImportCryptoKeyVersionRequest) GetAlgorithm 

func (x *ImportCryptoKeyVersionRequest) GetAlgorithm() CryptoKeyVersion_CryptoKeyVersionAlgorithm

func (*ImportCryptoKeyVersionRequest) GetImportJob 

func (x *ImportCryptoKeyVersionRequest) GetImportJob() string

func (*ImportCryptoKeyVersionRequest) GetParent 

func (x *ImportCryptoKeyVersionRequest) GetParent() string

func (*ImportCryptoKeyVersionRequest) GetRsaAesWrappedKey 

func (x *ImportCryptoKeyVersionRequest) GetRsaAesWrappedKey() []byte

func (*ImportCryptoKeyVersionRequest) GetWrappedKeyMaterial 

func (m *ImportCryptoKeyVersionRequest) GetWrappedKeyMaterial() isImportCryptoKeyVersionRequest_WrappedKeyMaterial

func (*ImportCryptoKeyVersionRequest) ProtoMessage 

func (*ImportCryptoKeyVersionRequest) ProtoMessage()

func (*ImportCryptoKeyVersionRequest) ProtoReflect 

func (x *ImportCryptoKeyVersionRequest) ProtoReflect() protoreflect.Message

func (*ImportCryptoKeyVersionRequest) Reset 

func (x *ImportCryptoKeyVersionRequest) Reset()

func (*ImportCryptoKeyVersionRequest) String 

func (x *ImportCryptoKeyVersionRequest) String() string

type ImportCryptoKeyVersionRequest_RsaAesWrappedKey 

type ImportCryptoKeyVersionRequest_RsaAesWrappedKey struct {
	// Wrapped key material produced with
	// [RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256]
	// or
	// [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256].
	//
	// This field contains the concatenation of two wrapped keys:
	// <ol>
	//   <li>An ephemeral AES-256 wrapping key wrapped with the
	//       [public_key][google.cloud.kms.v1.ImportJob.public_key] using RSAES-OAEP with SHA-1,
	//       MGF1 with SHA-1, and an empty label.
	//   </li>
	//   <li>The key to be imported, wrapped with the ephemeral AES-256 key
	//       using AES-KWP (RFC 5649).
	//   </li>
	// </ol>
	//
	// If importing symmetric key material, it is expected that the unwrapped
	// key contains plain bytes. If importing asymmetric key material, it is
	// expected that the unwrapped key is in PKCS#8-encoded DER format (the
	// PrivateKeyInfo structure from RFC 5208).
	//
	// This format is the same as the format produced by PKCS#11 mechanism
	// CKM_RSA_AES_KEY_WRAP.
	RsaAesWrappedKey []byte `protobuf:"bytes,5,opt,name=rsa_aes_wrapped_key,json=rsaAesWrappedKey,proto3,oneof"`
}

type ImportJob 

type ImportJob struct {

	// Output only. The resource name for this [ImportJob][google.cloud.kms.v1.ImportJob] in the format
	// `projects/*/locations/*/keyRings/*/importJobs/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. Immutable. The wrapping method to be used for incoming key material.
	ImportMethod ImportJob_ImportMethod `` /* 146-byte string literal not displayed */
	// Required. Immutable. The protection level of the [ImportJob][google.cloud.kms.v1.ImportJob]. This must match the
	// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level] of the
	// [version_template][google.cloud.kms.v1.CryptoKey.version_template] on the [CryptoKey][google.cloud.kms.v1.CryptoKey] you
	// attempt to import into.
	ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */
	// Output only. The time at which this [ImportJob][google.cloud.kms.v1.ImportJob] was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// Output only. The time this [ImportJob][google.cloud.kms.v1.ImportJob]'s key material was generated.
	GenerateTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=generate_time,json=generateTime,proto3" json:"generate_time,omitempty"`
	// Output only. The time at which this [ImportJob][google.cloud.kms.v1.ImportJob] is scheduled for
	// expiration and can no longer be used to import key material.
	ExpireTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=expire_time,json=expireTime,proto3" json:"expire_time,omitempty"`
	// Output only. The time this [ImportJob][google.cloud.kms.v1.ImportJob] expired. Only present if
	// [state][google.cloud.kms.v1.ImportJob.state] is [EXPIRED][google.cloud.kms.v1.ImportJob.ImportJobState.EXPIRED].
	ExpireEventTime *timestamppb.Timestamp `protobuf:"bytes,10,opt,name=expire_event_time,json=expireEventTime,proto3" json:"expire_event_time,omitempty"`
	// Output only. The current state of the [ImportJob][google.cloud.kms.v1.ImportJob], indicating if it can
	// be used.
	State ImportJob_ImportJobState `protobuf:"varint,6,opt,name=state,proto3,enum=google.cloud.kms.v1.ImportJob_ImportJobState" json:"state,omitempty"`
	// Output only. The public key with which to wrap key material prior to
	// import. Only returned if [state][google.cloud.kms.v1.ImportJob.state] is
	// [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE].
	PublicKey *ImportJob_WrappingPublicKey `protobuf:"bytes,7,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
	// Output only. Statement that was generated and signed by the key creator
	// (for example, an HSM) at key creation time. Use this statement to verify
	// attributes of the key as stored on the HSM, independently of Google.
	// Only present if the chosen [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod] is one with a protection
	// level of [HSM][google.cloud.kms.v1.ProtectionLevel.HSM].
	Attestation *KeyOperationAttestation `protobuf:"bytes,8,opt,name=attestation,proto3" json:"attestation,omitempty"`
	// contains filtered or unexported fields
}

An ImportJob[google.cloud.kms.v1.ImportJob] can be used to create [CryptoKeys][google.cloud.kms.v1.CryptoKey] and [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] using pre-existing key material, generated outside of Cloud KMS.

When an ImportJob[google.cloud.kms.v1.ImportJob] is created, Cloud KMS will generate a "wrapping key", which is a public/private key pair. You use the wrapping key to encrypt (also known as wrap) the pre-existing key material to protect it during the import process. The nature of the wrapping key depends on the choice of [import_method][google.cloud.kms.v1.ImportJob.import_method]. When the wrapping key generation is complete, the [state][google.cloud.kms.v1.ImportJob.state] will be set to [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] and the [public_key][google.cloud.kms.v1.ImportJob.public_key] can be fetched. The fetched public key can then be used to wrap your pre-existing key material.

Once the key material is wrapped, it can be imported into a new CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion] in an existing CryptoKey[google.cloud.kms.v1.CryptoKey] by calling [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. Multiple [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] can be imported with a single ImportJob[google.cloud.kms.v1.ImportJob]. Cloud KMS uses the private key portion of the wrapping key to unwrap the key material. Only Cloud KMS has access to the private key.

An ImportJob[google.cloud.kms.v1.ImportJob] expires 3 days after it is created. Once expired, Cloud KMS will no longer be able to import or unwrap any key material that was wrapped with the ImportJob[google.cloud.kms.v1.ImportJob]'s public key.

For more information, see [Importing a key](https://cloud.google.com/kms/docs/importing-a-key).

func (*ImportJob) Descriptor deprecated 

func (*ImportJob) Descriptor() ([]byte, []int)

Deprecated: Use ImportJob.ProtoReflect.Descriptor instead.

func (*ImportJob) GetAttestation 

func (x *ImportJob) GetAttestation() *KeyOperationAttestation

func (*ImportJob) GetCreateTime 

func (x *ImportJob) GetCreateTime() *timestamppb.Timestamp

func (*ImportJob) GetExpireEventTime 

func (x *ImportJob) GetExpireEventTime() *timestamppb.Timestamp

func (*ImportJob) GetExpireTime 

func (x *ImportJob) GetExpireTime() *timestamppb.Timestamp

func (*ImportJob) GetGenerateTime 

func (x *ImportJob) GetGenerateTime() *timestamppb.Timestamp

func (*ImportJob) GetImportMethod 

func (x *ImportJob) GetImportMethod() ImportJob_ImportMethod

func (*ImportJob) GetName 

func (x *ImportJob) GetName() string

func (*ImportJob) GetProtectionLevel 

func (x *ImportJob) GetProtectionLevel() ProtectionLevel

func (*ImportJob) GetPublicKey 

func (x *ImportJob) GetPublicKey() *ImportJob_WrappingPublicKey

func (*ImportJob) GetState 

func (x *ImportJob) GetState() ImportJob_ImportJobState

func (*ImportJob) ProtoMessage 

func (*ImportJob) ProtoMessage()

func (*ImportJob) ProtoReflect 

func (x *ImportJob) ProtoReflect() protoreflect.Message

func (*ImportJob) Reset 

func (x *ImportJob) Reset()

func (*ImportJob) String 

func (x *ImportJob) String() string

type ImportJob_ImportJobState 

type ImportJob_ImportJobState int32

The state of the ImportJob[google.cloud.kms.v1.ImportJob], indicating if it can be used. 

const (
	// Not specified.
	ImportJob_IMPORT_JOB_STATE_UNSPECIFIED ImportJob_ImportJobState = 0
	// The wrapping key for this job is still being generated. It may not be
	// used. Cloud KMS will automatically mark this job as
	// [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] as soon as the wrapping key is generated.
	ImportJob_PENDING_GENERATION ImportJob_ImportJobState = 1
	// This job may be used in
	// [CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey] and
	// [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]
	// requests.
	ImportJob_ACTIVE ImportJob_ImportJobState = 2
	// This job can no longer be used and may not leave this state once entered.
	ImportJob_EXPIRED ImportJob_ImportJobState = 3
)

func (ImportJob_ImportJobState) Descriptor 

func (ImportJob_ImportJobState) Descriptor() protoreflect.EnumDescriptor

func (ImportJob_ImportJobState) Enum 

func (x ImportJob_ImportJobState) Enum() *ImportJob_ImportJobState

func (ImportJob_ImportJobState) EnumDescriptor deprecated 

func (ImportJob_ImportJobState) EnumDescriptor() ([]byte, []int)

Deprecated: Use ImportJob_ImportJobState.Descriptor instead.

func (ImportJob_ImportJobState) Number 

func (x ImportJob_ImportJobState) Number() protoreflect.EnumNumber

func (ImportJob_ImportJobState) String 

func (x ImportJob_ImportJobState) String() string

func (ImportJob_ImportJobState) Type 

func (ImportJob_ImportJobState) Type() protoreflect.EnumType

type ImportJob_ImportMethod 

type ImportJob_ImportMethod int32

[ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod] describes the key wrapping method chosen for this ImportJob[google.cloud.kms.v1.ImportJob]. 

const (
	// Not specified.
	ImportJob_IMPORT_METHOD_UNSPECIFIED ImportJob_ImportMethod = 0
	// This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
	// scheme defined in the PKCS #11 standard. In summary, this involves
	// wrapping the raw key with an ephemeral AES key, and wrapping the
	// ephemeral AES key with a 3072 bit RSA key. For more details, see
	// [RSA AES key wrap
	// mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
	ImportJob_RSA_OAEP_3072_SHA1_AES_256 ImportJob_ImportMethod = 1
	// This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
	// scheme defined in the PKCS #11 standard. In summary, this involves
	// wrapping the raw key with an ephemeral AES key, and wrapping the
	// ephemeral AES key with a 4096 bit RSA key. For more details, see
	// [RSA AES key wrap
	// mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
	ImportJob_RSA_OAEP_4096_SHA1_AES_256 ImportJob_ImportMethod = 2
)

func (ImportJob_ImportMethod) Descriptor 

func (ImportJob_ImportMethod) Descriptor() protoreflect.EnumDescriptor

func (ImportJob_ImportMethod) Enum 

func (x ImportJob_ImportMethod) Enum() *ImportJob_ImportMethod

func (ImportJob_ImportMethod) EnumDescriptor deprecated 

func (ImportJob_ImportMethod) EnumDescriptor() ([]byte, []int)

Deprecated: Use ImportJob_ImportMethod.Descriptor instead.

func (ImportJob_ImportMethod) Number 

func (x ImportJob_ImportMethod) Number() protoreflect.EnumNumber

func (ImportJob_ImportMethod) String 

func (x ImportJob_ImportMethod) String() string

func (ImportJob_ImportMethod) Type 

func (ImportJob_ImportMethod) Type() protoreflect.EnumType

type ImportJob_WrappingPublicKey 

type ImportJob_WrappingPublicKey struct {

	// The public key, encoded in PEM format. For more information, see the [RFC
	// 7468](https://tools.ietf.org/html/rfc7468) sections for [General
	// Considerations](https://tools.ietf.org/html/rfc7468#section-2) and
	// [Textual Encoding of Subject Public Key Info]
	// (https://tools.ietf.org/html/rfc7468#section-13).
	Pem string `protobuf:"bytes,1,opt,name=pem,proto3" json:"pem,omitempty"`
	// contains filtered or unexported fields
}

The public key component of the wrapping key. For details of the type of key this public key corresponds to, see the [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod].

func (*ImportJob_WrappingPublicKey) Descriptor deprecated 

func (*ImportJob_WrappingPublicKey) Descriptor() ([]byte, []int)

Deprecated: Use ImportJob_WrappingPublicKey.ProtoReflect.Descriptor instead.

func (*ImportJob_WrappingPublicKey) GetPem 

func (x *ImportJob_WrappingPublicKey) GetPem() string

func (*ImportJob_WrappingPublicKey) ProtoMessage 

func (*ImportJob_WrappingPublicKey) ProtoMessage()

func (*ImportJob_WrappingPublicKey) ProtoReflect 

func (x *ImportJob_WrappingPublicKey) ProtoReflect() protoreflect.Message

func (*ImportJob_WrappingPublicKey) Reset 

func (x *ImportJob_WrappingPublicKey) Reset()

func (*ImportJob_WrappingPublicKey) String 

func (x *ImportJob_WrappingPublicKey) String() string

type KeyManagementServiceClient 

type KeyManagementServiceClient interface {
	// Lists [KeyRings][google.cloud.kms.v1.KeyRing].
	ListKeyRings(ctx context.Context, in *ListKeyRingsRequest, opts ...grpc.CallOption) (*ListKeyRingsResponse, error)
	// Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey].
	ListCryptoKeys(ctx context.Context, in *ListCryptoKeysRequest, opts ...grpc.CallOption) (*ListCryptoKeysResponse, error)
	// Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
	ListCryptoKeyVersions(ctx context.Context, in *ListCryptoKeyVersionsRequest, opts ...grpc.CallOption) (*ListCryptoKeyVersionsResponse, error)
	// Lists [ImportJobs][google.cloud.kms.v1.ImportJob].
	ListImportJobs(ctx context.Context, in *ListImportJobsRequest, opts ...grpc.CallOption) (*ListImportJobsResponse, error)
	// Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
	GetKeyRing(ctx context.Context, in *GetKeyRingRequest, opts ...grpc.CallOption) (*KeyRing, error)
	// Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its
	// [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	GetCryptoKey(ctx context.Context, in *GetCryptoKeyRequest, opts ...grpc.CallOption) (*CryptoKey, error)
	// Returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	GetCryptoKeyVersion(ctx context.Context, in *GetCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error)
	// Returns the public key for the given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
	// [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or
	// [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
	GetPublicKey(ctx context.Context, in *GetPublicKeyRequest, opts ...grpc.CallOption) (*PublicKey, error)
	// Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].
	GetImportJob(ctx context.Context, in *GetImportJobRequest, opts ...grpc.CallOption) (*ImportJob, error)
	// Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location.
	CreateKeyRing(ctx context.Context, in *CreateKeyRingRequest, opts ...grpc.CallOption) (*KeyRing, error)
	// Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing].
	//
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
	// [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
	// are required.
	CreateCryptoKey(ctx context.Context, in *CreateCryptoKeyRequest, opts ...grpc.CallOption) (*CryptoKey, error)
	// Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey].
	//
	// The server will assign the next sequential id. If unset,
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
	CreateCryptoKeyVersion(ctx context.Context, in *CreateCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error)
	// Imports a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the
	// wrapped key material provided in the request.
	//
	// The version ID will be assigned the next sequential id within the
	// [CryptoKey][google.cloud.kms.v1.CryptoKey].
	ImportCryptoKeyVersion(ctx context.Context, in *ImportCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error)
	// Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing].
	//
	// [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is required.
	CreateImportJob(ctx context.Context, in *CreateImportJobRequest, opts ...grpc.CallOption) (*ImportJob, error)
	// Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
	UpdateCryptoKey(ctx context.Context, in *UpdateCryptoKeyRequest, opts ...grpc.CallOption) (*CryptoKey, error)
	// Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata.
	//
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] and
	// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this
	// method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to
	// move between other states.
	UpdateCryptoKeyVersion(ctx context.Context, in *UpdateCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error)
	// Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
	// The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
	Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error)
	// Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
	Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error)
	// Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// ASYMMETRIC_SIGN, producing a signature that can be verified with the public
	// key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
	AsymmetricSign(ctx context.Context, in *AsymmetricSignRequest, opts ...grpc.CallOption) (*AsymmetricSignResponse, error)
	// Decrypts data that was encrypted with a public key retrieved from
	// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
	AsymmetricDecrypt(ctx context.Context, in *AsymmetricDecryptRequest, opts ...grpc.CallOption) (*AsymmetricDecryptResponse, error)
	// Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
	//
	// Returns an error if called on an asymmetric key.
	UpdateCryptoKeyPrimaryVersion(ctx context.Context, in *UpdateCryptoKeyPrimaryVersionRequest, opts ...grpc.CallOption) (*CryptoKey, error)
	// Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
	//
	// Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
	// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
	// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to a time 24
	// hours in the future, at which point the [state][google.cloud.kms.v1.CryptoKeyVersion.state]
	// will be changed to
	// [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key
	// material will be irrevocably destroyed.
	//
	// Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached,
	// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process.
	DestroyCryptoKeyVersion(ctx context.Context, in *DestroyCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error)
	// Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
	// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
	// state.
	//
	// Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state]
	// will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
	// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared.
	RestoreCryptoKeyVersion(ctx context.Context, in *RestoreCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error)
}

KeyManagementServiceClient is the client API for KeyManagementService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewKeyManagementServiceClient 

func NewKeyManagementServiceClient(cc grpc.ClientConnInterface) KeyManagementServiceClient

type KeyManagementServiceServer 

type KeyManagementServiceServer interface {
	// Lists [KeyRings][google.cloud.kms.v1.KeyRing].
	ListKeyRings(context.Context, *ListKeyRingsRequest) (*ListKeyRingsResponse, error)
	// Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey].
	ListCryptoKeys(context.Context, *ListCryptoKeysRequest) (*ListCryptoKeysResponse, error)
	// Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
	ListCryptoKeyVersions(context.Context, *ListCryptoKeyVersionsRequest) (*ListCryptoKeyVersionsResponse, error)
	// Lists [ImportJobs][google.cloud.kms.v1.ImportJob].
	ListImportJobs(context.Context, *ListImportJobsRequest) (*ListImportJobsResponse, error)
	// Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
	GetKeyRing(context.Context, *GetKeyRingRequest) (*KeyRing, error)
	// Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its
	// [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	GetCryptoKey(context.Context, *GetCryptoKeyRequest) (*CryptoKey, error)
	// Returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	GetCryptoKeyVersion(context.Context, *GetCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
	// Returns the public key for the given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
	// [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or
	// [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
	GetPublicKey(context.Context, *GetPublicKeyRequest) (*PublicKey, error)
	// Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].
	GetImportJob(context.Context, *GetImportJobRequest) (*ImportJob, error)
	// Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location.
	CreateKeyRing(context.Context, *CreateKeyRingRequest) (*KeyRing, error)
	// Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing].
	//
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
	// [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
	// are required.
	CreateCryptoKey(context.Context, *CreateCryptoKeyRequest) (*CryptoKey, error)
	// Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey].
	//
	// The server will assign the next sequential id. If unset,
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
	CreateCryptoKeyVersion(context.Context, *CreateCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
	// Imports a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the
	// wrapped key material provided in the request.
	//
	// The version ID will be assigned the next sequential id within the
	// [CryptoKey][google.cloud.kms.v1.CryptoKey].
	ImportCryptoKeyVersion(context.Context, *ImportCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
	// Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing].
	//
	// [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is required.
	CreateImportJob(context.Context, *CreateImportJobRequest) (*ImportJob, error)
	// Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
	UpdateCryptoKey(context.Context, *UpdateCryptoKeyRequest) (*CryptoKey, error)
	// Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata.
	//
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] and
	// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this
	// method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to
	// move between other states.
	UpdateCryptoKeyVersion(context.Context, *UpdateCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
	// Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
	// The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
	Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error)
	// Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
	Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error)
	// Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// ASYMMETRIC_SIGN, producing a signature that can be verified with the public
	// key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
	AsymmetricSign(context.Context, *AsymmetricSignRequest) (*AsymmetricSignResponse, error)
	// Decrypts data that was encrypted with a public key retrieved from
	// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
	AsymmetricDecrypt(context.Context, *AsymmetricDecryptRequest) (*AsymmetricDecryptResponse, error)
	// Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
	//
	// Returns an error if called on an asymmetric key.
	UpdateCryptoKeyPrimaryVersion(context.Context, *UpdateCryptoKeyPrimaryVersionRequest) (*CryptoKey, error)
	// Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
	//
	// Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
	// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
	// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to a time 24
	// hours in the future, at which point the [state][google.cloud.kms.v1.CryptoKeyVersion.state]
	// will be changed to
	// [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key
	// material will be irrevocably destroyed.
	//
	// Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached,
	// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process.
	DestroyCryptoKeyVersion(context.Context, *DestroyCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
	// Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
	// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
	// state.
	//
	// Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state]
	// will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
	// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared.
	RestoreCryptoKeyVersion(context.Context, *RestoreCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
}

KeyManagementServiceServer is the server API for KeyManagementService service.

type KeyOperationAttestation 

type KeyOperationAttestation struct {

	// Output only. The format of the attestation data.
	Format KeyOperationAttestation_AttestationFormat `` /* 133-byte string literal not displayed */
	// Output only. The attestation data provided by the HSM when the key
	// operation was performed.
	Content []byte `protobuf:"bytes,5,opt,name=content,proto3" json:"content,omitempty"`
	// contains filtered or unexported fields
}

Contains an HSM-generated attestation about a key operation. For more information, see [Verifying attestations] (https://cloud.google.com/kms/docs/attest-key).

func (*KeyOperationAttestation) Descriptor deprecated 

func (*KeyOperationAttestation) Descriptor() ([]byte, []int)

Deprecated: Use KeyOperationAttestation.ProtoReflect.Descriptor instead.

func (*KeyOperationAttestation) GetContent 

func (x *KeyOperationAttestation) GetContent() []byte

func (*KeyOperationAttestation) GetFormat 

func (x *KeyOperationAttestation) GetFormat() KeyOperationAttestation_AttestationFormat

func (*KeyOperationAttestation) ProtoMessage 

func (*KeyOperationAttestation) ProtoMessage()

func (*KeyOperationAttestation) ProtoReflect 

func (x *KeyOperationAttestation) ProtoReflect() protoreflect.Message

func (*KeyOperationAttestation) Reset 

func (x *KeyOperationAttestation) Reset()

func (*KeyOperationAttestation) String 

func (x *KeyOperationAttestation) String() string

type KeyOperationAttestation_AttestationFormat 

type KeyOperationAttestation_AttestationFormat int32

Attestation formats provided by the HSM. 

const (
	// Not specified.
	KeyOperationAttestation_ATTESTATION_FORMAT_UNSPECIFIED KeyOperationAttestation_AttestationFormat = 0
	// Cavium HSM attestation compressed with gzip. Note that this format is
	// defined by Cavium and subject to change at any time.
	KeyOperationAttestation_CAVIUM_V1_COMPRESSED KeyOperationAttestation_AttestationFormat = 3
	// Cavium HSM attestation V2 compressed with gzip. This is a new format
	// introduced in Cavium's version 3.2-08.
	KeyOperationAttestation_CAVIUM_V2_COMPRESSED KeyOperationAttestation_AttestationFormat = 4
)

func (KeyOperationAttestation_AttestationFormat) Descriptor 

func (KeyOperationAttestation_AttestationFormat) Descriptor() protoreflect.EnumDescriptor

func (KeyOperationAttestation_AttestationFormat) Enum 

func (x KeyOperationAttestation_AttestationFormat) Enum() *KeyOperationAttestation_AttestationFormat

func (KeyOperationAttestation_AttestationFormat) EnumDescriptor deprecated 

func (KeyOperationAttestation_AttestationFormat) EnumDescriptor() ([]byte, []int)

Deprecated: Use KeyOperationAttestation_AttestationFormat.Descriptor instead.

func (KeyOperationAttestation_AttestationFormat) Number 

func (x KeyOperationAttestation_AttestationFormat) Number() protoreflect.EnumNumber

func (KeyOperationAttestation_AttestationFormat) String 

func (x KeyOperationAttestation_AttestationFormat) String() string

func (KeyOperationAttestation_AttestationFormat) Type 

func (KeyOperationAttestation_AttestationFormat) Type() protoreflect.EnumType

type KeyRing 

type KeyRing struct {

	// Output only. The resource name for the [KeyRing][google.cloud.kms.v1.KeyRing] in the format
	// `projects/*/locations/*/keyRings/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Output only. The time at which this [KeyRing][google.cloud.kms.v1.KeyRing] was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// contains filtered or unexported fields
}

A KeyRing[google.cloud.kms.v1.KeyRing] is a toplevel logical grouping of [CryptoKeys][google.cloud.kms.v1.CryptoKey].

func (*KeyRing) Descriptor deprecated 

func (*KeyRing) Descriptor() ([]byte, []int)

Deprecated: Use KeyRing.ProtoReflect.Descriptor instead.

func (*KeyRing) GetCreateTime 

func (x *KeyRing) GetCreateTime() *timestamppb.Timestamp

func (*KeyRing) GetName 

func (x *KeyRing) GetName() string

func (*KeyRing) ProtoMessage 

func (*KeyRing) ProtoMessage()

func (*KeyRing) ProtoReflect 

func (x *KeyRing) ProtoReflect() protoreflect.Message

func (*KeyRing) Reset 

func (x *KeyRing) Reset()

func (*KeyRing) String 

func (x *KeyRing) String() string

type ListCryptoKeyVersionsRequest 

type ListCryptoKeyVersionsRequest struct {

	// Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to list, in the format
	// `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. Optional limit on the number of [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] to
	// include in the response. Further [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] can
	// subsequently be obtained by including the
	// [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token] in a subsequent request.
	// If unspecified, the server will pick an appropriate default.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. Optional pagination token, returned earlier via
	// [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token].
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// The fields to include in the response.
	View CryptoKeyVersion_CryptoKeyVersionView `protobuf:"varint,4,opt,name=view,proto3,enum=google.cloud.kms.v1.CryptoKeyVersion_CryptoKeyVersionView" json:"view,omitempty"`
	// Optional. Only include resources that match the filter in the response. For
	// more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	Filter string `protobuf:"bytes,5,opt,name=filter,proto3" json:"filter,omitempty"`
	// Optional. Specify how the results should be sorted. If not specified, the
	// results will be sorted in the default order. For more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	OrderBy string `protobuf:"bytes,6,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions].

func (*ListCryptoKeyVersionsRequest) Descriptor deprecated 

func (*ListCryptoKeyVersionsRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListCryptoKeyVersionsRequest.ProtoReflect.Descriptor instead.

func (*ListCryptoKeyVersionsRequest) GetFilter 

func (x *ListCryptoKeyVersionsRequest) GetFilter() string

func (*ListCryptoKeyVersionsRequest) GetOrderBy 

func (x *ListCryptoKeyVersionsRequest) GetOrderBy() string

func (*ListCryptoKeyVersionsRequest) GetPageSize 

func (x *ListCryptoKeyVersionsRequest) GetPageSize() int32

func (*ListCryptoKeyVersionsRequest) GetPageToken 

func (x *ListCryptoKeyVersionsRequest) GetPageToken() string

func (*ListCryptoKeyVersionsRequest) GetParent 

func (x *ListCryptoKeyVersionsRequest) GetParent() string

func (*ListCryptoKeyVersionsRequest) GetView 

func (x *ListCryptoKeyVersionsRequest) GetView() CryptoKeyVersion_CryptoKeyVersionView

func (*ListCryptoKeyVersionsRequest) ProtoMessage 

func (*ListCryptoKeyVersionsRequest) ProtoMessage()

func (*ListCryptoKeyVersionsRequest) ProtoReflect 

func (x *ListCryptoKeyVersionsRequest) ProtoReflect() protoreflect.Message

func (*ListCryptoKeyVersionsRequest) Reset 

func (x *ListCryptoKeyVersionsRequest) Reset()

func (*ListCryptoKeyVersionsRequest) String 

func (x *ListCryptoKeyVersionsRequest) String() string

type ListCryptoKeyVersionsResponse 

type ListCryptoKeyVersionsResponse struct {

	// The list of [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
	CryptoKeyVersions []*CryptoKeyVersion `protobuf:"bytes,1,rep,name=crypto_key_versions,json=cryptoKeyVersions,proto3" json:"crypto_key_versions,omitempty"`
	// A token to retrieve next page of results. Pass this value in
	// [ListCryptoKeyVersionsRequest.page_token][google.cloud.kms.v1.ListCryptoKeyVersionsRequest.page_token] to retrieve the next page of
	// results.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// The total number of [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] that matched the
	// query.
	TotalSize int32 `protobuf:"varint,3,opt,name=total_size,json=totalSize,proto3" json:"total_size,omitempty"`
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions].

func (*ListCryptoKeyVersionsResponse) Descriptor deprecated 

func (*ListCryptoKeyVersionsResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListCryptoKeyVersionsResponse.ProtoReflect.Descriptor instead.

func (*ListCryptoKeyVersionsResponse) GetCryptoKeyVersions 

func (x *ListCryptoKeyVersionsResponse) GetCryptoKeyVersions() []*CryptoKeyVersion

func (*ListCryptoKeyVersionsResponse) GetNextPageToken 

func (x *ListCryptoKeyVersionsResponse) GetNextPageToken() string

func (*ListCryptoKeyVersionsResponse) GetTotalSize 

func (x *ListCryptoKeyVersionsResponse) GetTotalSize() int32

func (*ListCryptoKeyVersionsResponse) ProtoMessage 

func (*ListCryptoKeyVersionsResponse) ProtoMessage()

func (*ListCryptoKeyVersionsResponse) ProtoReflect 

func (x *ListCryptoKeyVersionsResponse) ProtoReflect() protoreflect.Message

func (*ListCryptoKeyVersionsResponse) Reset 

func (x *ListCryptoKeyVersionsResponse) Reset()

func (*ListCryptoKeyVersionsResponse) String 

func (x *ListCryptoKeyVersionsResponse) String() string

type ListCryptoKeysRequest 

type ListCryptoKeysRequest struct {

	// Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing] to list, in the format
	// `projects/*/locations/*/keyRings/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. Optional limit on the number of [CryptoKeys][google.cloud.kms.v1.CryptoKey] to include in the
	// response.  Further [CryptoKeys][google.cloud.kms.v1.CryptoKey] can subsequently be obtained by
	// including the [ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token] in a subsequent
	// request.  If unspecified, the server will pick an appropriate default.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. Optional pagination token, returned earlier via
	// [ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token].
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// The fields of the primary version to include in the response.
	VersionView CryptoKeyVersion_CryptoKeyVersionView `` /* 158-byte string literal not displayed */
	// Optional. Only include resources that match the filter in the response. For
	// more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	Filter string `protobuf:"bytes,5,opt,name=filter,proto3" json:"filter,omitempty"`
	// Optional. Specify how the results should be sorted. If not specified, the
	// results will be sorted in the default order. For more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	OrderBy string `protobuf:"bytes,6,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys].

func (*ListCryptoKeysRequest) Descriptor deprecated 

func (*ListCryptoKeysRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListCryptoKeysRequest.ProtoReflect.Descriptor instead.

func (*ListCryptoKeysRequest) GetFilter 

func (x *ListCryptoKeysRequest) GetFilter() string

func (*ListCryptoKeysRequest) GetOrderBy 

func (x *ListCryptoKeysRequest) GetOrderBy() string

func (*ListCryptoKeysRequest) GetPageSize 

func (x *ListCryptoKeysRequest) GetPageSize() int32

func (*ListCryptoKeysRequest) GetPageToken 

func (x *ListCryptoKeysRequest) GetPageToken() string

func (*ListCryptoKeysRequest) GetParent 

func (x *ListCryptoKeysRequest) GetParent() string

func (*ListCryptoKeysRequest) GetVersionView 

func (x *ListCryptoKeysRequest) GetVersionView() CryptoKeyVersion_CryptoKeyVersionView

func (*ListCryptoKeysRequest) ProtoMessage 

func (*ListCryptoKeysRequest) ProtoMessage()

func (*ListCryptoKeysRequest) ProtoReflect 

func (x *ListCryptoKeysRequest) ProtoReflect() protoreflect.Message

func (*ListCryptoKeysRequest) Reset 

func (x *ListCryptoKeysRequest) Reset()

func (*ListCryptoKeysRequest) String 

func (x *ListCryptoKeysRequest) String() string

type ListCryptoKeysResponse 

type ListCryptoKeysResponse struct {

	// The list of [CryptoKeys][google.cloud.kms.v1.CryptoKey].
	CryptoKeys []*CryptoKey `protobuf:"bytes,1,rep,name=crypto_keys,json=cryptoKeys,proto3" json:"crypto_keys,omitempty"`
	// A token to retrieve next page of results. Pass this value in
	// [ListCryptoKeysRequest.page_token][google.cloud.kms.v1.ListCryptoKeysRequest.page_token] to retrieve the next page of results.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// The total number of [CryptoKeys][google.cloud.kms.v1.CryptoKey] that matched the query.
	TotalSize int32 `protobuf:"varint,3,opt,name=total_size,json=totalSize,proto3" json:"total_size,omitempty"`
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys].

func (*ListCryptoKeysResponse) Descriptor deprecated 

func (*ListCryptoKeysResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListCryptoKeysResponse.ProtoReflect.Descriptor instead.

func (*ListCryptoKeysResponse) GetCryptoKeys 

func (x *ListCryptoKeysResponse) GetCryptoKeys() []*CryptoKey

func (*ListCryptoKeysResponse) GetNextPageToken 

func (x *ListCryptoKeysResponse) GetNextPageToken() string

func (*ListCryptoKeysResponse) GetTotalSize 

func (x *ListCryptoKeysResponse) GetTotalSize() int32

func (*ListCryptoKeysResponse) ProtoMessage 

func (*ListCryptoKeysResponse) ProtoMessage()

func (*ListCryptoKeysResponse) ProtoReflect 

func (x *ListCryptoKeysResponse) ProtoReflect() protoreflect.Message

func (*ListCryptoKeysResponse) Reset 

func (x *ListCryptoKeysResponse) Reset()

func (*ListCryptoKeysResponse) String 

func (x *ListCryptoKeysResponse) String() string

type ListImportJobsRequest 

type ListImportJobsRequest struct {

	// Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing] to list, in the format
	// `projects/*/locations/*/keyRings/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. Optional limit on the number of [ImportJobs][google.cloud.kms.v1.ImportJob] to include in the
	// response. Further [ImportJobs][google.cloud.kms.v1.ImportJob] can subsequently be obtained by
	// including the [ListImportJobsResponse.next_page_token][google.cloud.kms.v1.ListImportJobsResponse.next_page_token] in a subsequent
	// request. If unspecified, the server will pick an appropriate default.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. Optional pagination token, returned earlier via
	// [ListImportJobsResponse.next_page_token][google.cloud.kms.v1.ListImportJobsResponse.next_page_token].
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// Optional. Only include resources that match the filter in the response. For
	// more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	Filter string `protobuf:"bytes,4,opt,name=filter,proto3" json:"filter,omitempty"`
	// Optional. Specify how the results should be sorted. If not specified, the
	// results will be sorted in the default order. For more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	OrderBy string `protobuf:"bytes,5,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs].

func (*ListImportJobsRequest) Descriptor deprecated 

func (*ListImportJobsRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListImportJobsRequest.ProtoReflect.Descriptor instead.

func (*ListImportJobsRequest) GetFilter 

func (x *ListImportJobsRequest) GetFilter() string

func (*ListImportJobsRequest) GetOrderBy 

func (x *ListImportJobsRequest) GetOrderBy() string

func (*ListImportJobsRequest) GetPageSize 

func (x *ListImportJobsRequest) GetPageSize() int32

func (*ListImportJobsRequest) GetPageToken 

func (x *ListImportJobsRequest) GetPageToken() string

func (*ListImportJobsRequest) GetParent 

func (x *ListImportJobsRequest) GetParent() string

func (*ListImportJobsRequest) ProtoMessage 

func (*ListImportJobsRequest) ProtoMessage()

func (*ListImportJobsRequest) ProtoReflect 

func (x *ListImportJobsRequest) ProtoReflect() protoreflect.Message

func (*ListImportJobsRequest) Reset 

func (x *ListImportJobsRequest) Reset()

func (*ListImportJobsRequest) String 

func (x *ListImportJobsRequest) String() string

type ListImportJobsResponse 

type ListImportJobsResponse struct {

	// The list of [ImportJobs][google.cloud.kms.v1.ImportJob].
	ImportJobs []*ImportJob `protobuf:"bytes,1,rep,name=import_jobs,json=importJobs,proto3" json:"import_jobs,omitempty"`
	// A token to retrieve next page of results. Pass this value in
	// [ListImportJobsRequest.page_token][google.cloud.kms.v1.ListImportJobsRequest.page_token] to retrieve the next page of results.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// The total number of [ImportJobs][google.cloud.kms.v1.ImportJob] that matched the query.
	TotalSize int32 `protobuf:"varint,3,opt,name=total_size,json=totalSize,proto3" json:"total_size,omitempty"`
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs].

func (*ListImportJobsResponse) Descriptor deprecated 

func (*ListImportJobsResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListImportJobsResponse.ProtoReflect.Descriptor instead.

func (*ListImportJobsResponse) GetImportJobs 

func (x *ListImportJobsResponse) GetImportJobs() []*ImportJob

func (*ListImportJobsResponse) GetNextPageToken 

func (x *ListImportJobsResponse) GetNextPageToken() string

func (*ListImportJobsResponse) GetTotalSize 

func (x *ListImportJobsResponse) GetTotalSize() int32

func (*ListImportJobsResponse) ProtoMessage 

func (*ListImportJobsResponse) ProtoMessage()

func (*ListImportJobsResponse) ProtoReflect 

func (x *ListImportJobsResponse) ProtoReflect() protoreflect.Message

func (*ListImportJobsResponse) Reset 

func (x *ListImportJobsResponse) Reset()

func (*ListImportJobsResponse) String 

func (x *ListImportJobsResponse) String() string

type ListKeyRingsRequest 

type ListKeyRingsRequest struct {

	// Required. The resource name of the location associated with the
	// [KeyRings][google.cloud.kms.v1.KeyRing], in the format `projects/*/locations/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. Optional limit on the number of [KeyRings][google.cloud.kms.v1.KeyRing] to include in the
	// response.  Further [KeyRings][google.cloud.kms.v1.KeyRing] can subsequently be obtained by
	// including the [ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token] in a subsequent
	// request.  If unspecified, the server will pick an appropriate default.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. Optional pagination token, returned earlier via
	// [ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token].
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// Optional. Only include resources that match the filter in the response. For
	// more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	Filter string `protobuf:"bytes,4,opt,name=filter,proto3" json:"filter,omitempty"`
	// Optional. Specify how the results should be sorted. If not specified, the
	// results will be sorted in the default order.  For more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	OrderBy string `protobuf:"bytes,5,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings].

func (*ListKeyRingsRequest) Descriptor deprecated 

func (*ListKeyRingsRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListKeyRingsRequest.ProtoReflect.Descriptor instead.

func (*ListKeyRingsRequest) GetFilter 

func (x *ListKeyRingsRequest) GetFilter() string

func (*ListKeyRingsRequest) GetOrderBy 

func (x *ListKeyRingsRequest) GetOrderBy() string

func (*ListKeyRingsRequest) GetPageSize 

func (x *ListKeyRingsRequest) GetPageSize() int32

func (*ListKeyRingsRequest) GetPageToken 

func (x *ListKeyRingsRequest) GetPageToken() string

func (*ListKeyRingsRequest) GetParent 

func (x *ListKeyRingsRequest) GetParent() string

func (*ListKeyRingsRequest) ProtoMessage 

func (*ListKeyRingsRequest) ProtoMessage()

func (*ListKeyRingsRequest) ProtoReflect 

func (x *ListKeyRingsRequest) ProtoReflect() protoreflect.Message

func (*ListKeyRingsRequest) Reset 

func (x *ListKeyRingsRequest) Reset()

func (*ListKeyRingsRequest) String 

func (x *ListKeyRingsRequest) String() string

type ListKeyRingsResponse 

type ListKeyRingsResponse struct {

	// The list of [KeyRings][google.cloud.kms.v1.KeyRing].
	KeyRings []*KeyRing `protobuf:"bytes,1,rep,name=key_rings,json=keyRings,proto3" json:"key_rings,omitempty"`
	// A token to retrieve next page of results. Pass this value in
	// [ListKeyRingsRequest.page_token][google.cloud.kms.v1.ListKeyRingsRequest.page_token] to retrieve the next page of results.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// The total number of [KeyRings][google.cloud.kms.v1.KeyRing] that matched the query.
	TotalSize int32 `protobuf:"varint,3,opt,name=total_size,json=totalSize,proto3" json:"total_size,omitempty"`
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings].

func (*ListKeyRingsResponse) Descriptor deprecated 

func (*ListKeyRingsResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListKeyRingsResponse.ProtoReflect.Descriptor instead.

func (*ListKeyRingsResponse) GetKeyRings 

func (x *ListKeyRingsResponse) GetKeyRings() []*KeyRing

func (*ListKeyRingsResponse) GetNextPageToken 

func (x *ListKeyRingsResponse) GetNextPageToken() string

func (*ListKeyRingsResponse) GetTotalSize 

func (x *ListKeyRingsResponse) GetTotalSize() int32

func (*ListKeyRingsResponse) ProtoMessage 

func (*ListKeyRingsResponse) ProtoMessage()

func (*ListKeyRingsResponse) ProtoReflect 

func (x *ListKeyRingsResponse) ProtoReflect() protoreflect.Message

func (*ListKeyRingsResponse) Reset 

func (x *ListKeyRingsResponse) Reset()

func (*ListKeyRingsResponse) String 

func (x *ListKeyRingsResponse) String() string

type LocationMetadata 

type LocationMetadata struct {

	// Indicates whether [CryptoKeys][google.cloud.kms.v1.CryptoKey] with
	// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]
	// [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] can be created in this location.
	HsmAvailable bool `protobuf:"varint,1,opt,name=hsm_available,json=hsmAvailable,proto3" json:"hsm_available,omitempty"`
	// Indicates whether [CryptoKeys][google.cloud.kms.v1.CryptoKey] with
	// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]
	// [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] can be created in this location.
	EkmAvailable bool `protobuf:"varint,2,opt,name=ekm_available,json=ekmAvailable,proto3" json:"ekm_available,omitempty"`
	// contains filtered or unexported fields
}

Cloud KMS metadata for the given [google.cloud.location.Location][google.cloud.location.Location].

func (*LocationMetadata) Descriptor deprecated 

func (*LocationMetadata) Descriptor() ([]byte, []int)

Deprecated: Use LocationMetadata.ProtoReflect.Descriptor instead.

func (*LocationMetadata) GetEkmAvailable 

func (x *LocationMetadata) GetEkmAvailable() bool

func (*LocationMetadata) GetHsmAvailable 

func (x *LocationMetadata) GetHsmAvailable() bool

func (*LocationMetadata) ProtoMessage 

func (*LocationMetadata) ProtoMessage()

func (*LocationMetadata) ProtoReflect 

func (x *LocationMetadata) ProtoReflect() protoreflect.Message

func (*LocationMetadata) Reset 

func (x *LocationMetadata) Reset()

func (*LocationMetadata) String 

func (x *LocationMetadata) String() string

type ProtectionLevel 

type ProtectionLevel int32

ProtectionLevel[google.cloud.kms.v1.ProtectionLevel] specifies how cryptographic operations are performed. For more information, see [Protection levels] (https://cloud.google.com/kms/docs/algorithms#protection_levels). 

const (
	// Not specified.
	ProtectionLevel_PROTECTION_LEVEL_UNSPECIFIED ProtectionLevel = 0
	// Crypto operations are performed in software.
	ProtectionLevel_SOFTWARE ProtectionLevel = 1
	// Crypto operations are performed in a Hardware Security Module.
	ProtectionLevel_HSM ProtectionLevel = 2
	// Crypto operations are performed by an external key manager.
	ProtectionLevel_EXTERNAL ProtectionLevel = 3
)

func (ProtectionLevel) Descriptor 

func (ProtectionLevel) Descriptor() protoreflect.EnumDescriptor

func (ProtectionLevel) Enum 

func (x ProtectionLevel) Enum() *ProtectionLevel

func (ProtectionLevel) EnumDescriptor deprecated 

func (ProtectionLevel) EnumDescriptor() ([]byte, []int)

Deprecated: Use ProtectionLevel.Descriptor instead.

func (ProtectionLevel) Number 

func (x ProtectionLevel) Number() protoreflect.EnumNumber

func (ProtectionLevel) String 

func (x ProtectionLevel) String() string

func (ProtectionLevel) Type 

func (ProtectionLevel) Type() protoreflect.EnumType

type PublicKey 

type PublicKey struct {

	// The public key, encoded in PEM format. For more information, see the
	// [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for
	// [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and
	// [Textual Encoding of Subject Public Key Info]
	// (https://tools.ietf.org/html/rfc7468#section-13).
	Pem string `protobuf:"bytes,1,opt,name=pem,proto3" json:"pem,omitempty"`
	// The [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] associated
	// with this key.
	Algorithm CryptoKeyVersion_CryptoKeyVersionAlgorithm `` /* 140-byte string literal not displayed */
	// Integrity verification field. A CRC32C checksum of the returned
	// [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem]. An integrity check of [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem] can be performed
	// by computing the CRC32C checksum of [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem] and
	// comparing your results to this field. Discard the response in case of
	// non-matching checksum values, and perform a limited number of retries. A
	// persistent mismatch may indicate an issue in your computation of the CRC32C
	// checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	//
	// NOTE: This field is in Beta.
	PemCrc32C *wrapperspb.Int64Value `protobuf:"bytes,3,opt,name=pem_crc32c,json=pemCrc32c,proto3" json:"pem_crc32c,omitempty"`
	// The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key.
	// Provided here for verification.
	//
	// NOTE: This field is in Beta.
	Name string `protobuf:"bytes,4,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

The public key for a given CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion]. Obtained via [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].

func (*PublicKey) Descriptor deprecated 

func (*PublicKey) Descriptor() ([]byte, []int)

Deprecated: Use PublicKey.ProtoReflect.Descriptor instead.

func (*PublicKey) GetAlgorithm 

func (x *PublicKey) GetAlgorithm() CryptoKeyVersion_CryptoKeyVersionAlgorithm

func (*PublicKey) GetName 

func (x *PublicKey) GetName() string

func (*PublicKey) GetPem 

func (x *PublicKey) GetPem() string

func (*PublicKey) GetPemCrc32C 

func (x *PublicKey) GetPemCrc32C() *wrapperspb.Int64Value

func (*PublicKey) ProtoMessage 

func (*PublicKey) ProtoMessage()

func (*PublicKey) ProtoReflect 

func (x *PublicKey) ProtoReflect() protoreflect.Message

func (*PublicKey) Reset 

func (x *PublicKey) Reset()

func (*PublicKey) String 

func (x *PublicKey) String() string

type RestoreCryptoKeyVersionRequest 

type RestoreCryptoKeyVersionRequest struct {

	// Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to restore.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion].

func (*RestoreCryptoKeyVersionRequest) Descriptor deprecated 

func (*RestoreCryptoKeyVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use RestoreCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.

func (*RestoreCryptoKeyVersionRequest) GetName 

func (x *RestoreCryptoKeyVersionRequest) GetName() string

func (*RestoreCryptoKeyVersionRequest) ProtoMessage 

func (*RestoreCryptoKeyVersionRequest) ProtoMessage()

func (*RestoreCryptoKeyVersionRequest) ProtoReflect 

func (x *RestoreCryptoKeyVersionRequest) ProtoReflect() protoreflect.Message

func (*RestoreCryptoKeyVersionRequest) Reset 

func (x *RestoreCryptoKeyVersionRequest) Reset()

func (*RestoreCryptoKeyVersionRequest) String 

func (x *RestoreCryptoKeyVersionRequest) String() string

type UnimplementedKeyManagementServiceServer 

type UnimplementedKeyManagementServiceServer struct {
}

UnimplementedKeyManagementServiceServer can be embedded to have forward compatible implementations.

func (*UnimplementedKeyManagementServiceServer) AsymmetricDecrypt 

func (*UnimplementedKeyManagementServiceServer) AsymmetricDecrypt(context.Context, *AsymmetricDecryptRequest) (*AsymmetricDecryptResponse, error)

func (*UnimplementedKeyManagementServiceServer) AsymmetricSign 

func (*UnimplementedKeyManagementServiceServer) AsymmetricSign(context.Context, *AsymmetricSignRequest) (*AsymmetricSignResponse, error)

func (*UnimplementedKeyManagementServiceServer) CreateCryptoKey 

func (*UnimplementedKeyManagementServiceServer) CreateCryptoKey(context.Context, *CreateCryptoKeyRequest) (*CryptoKey, error)

func (*UnimplementedKeyManagementServiceServer) CreateCryptoKeyVersion 

func (*UnimplementedKeyManagementServiceServer) CreateCryptoKeyVersion(context.Context, *CreateCryptoKeyVersionRequest) (*CryptoKeyVersion, error)

func (*UnimplementedKeyManagementServiceServer) CreateImportJob 

func (*UnimplementedKeyManagementServiceServer) CreateImportJob(context.Context, *CreateImportJobRequest) (*ImportJob, error)

func (*UnimplementedKeyManagementServiceServer) CreateKeyRing 

func (*UnimplementedKeyManagementServiceServer) CreateKeyRing(context.Context, *CreateKeyRingRequest) (*KeyRing, error)

func (*UnimplementedKeyManagementServiceServer) Decrypt 

func (*UnimplementedKeyManagementServiceServer) Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error)

func (*UnimplementedKeyManagementServiceServer) DestroyCryptoKeyVersion 

func (*UnimplementedKeyManagementServiceServer) DestroyCryptoKeyVersion(context.Context, *DestroyCryptoKeyVersionRequest) (*CryptoKeyVersion, error)

func (*UnimplementedKeyManagementServiceServer) Encrypt 

func (*UnimplementedKeyManagementServiceServer) Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error)

func (*UnimplementedKeyManagementServiceServer) GetCryptoKey 

func (*UnimplementedKeyManagementServiceServer) GetCryptoKey(context.Context, *GetCryptoKeyRequest) (*CryptoKey, error)

func (*UnimplementedKeyManagementServiceServer) GetCryptoKeyVersion 

func (*UnimplementedKeyManagementServiceServer) GetCryptoKeyVersion(context.Context, *GetCryptoKeyVersionRequest) (*CryptoKeyVersion, error)

func (*UnimplementedKeyManagementServiceServer) GetImportJob 

func (*UnimplementedKeyManagementServiceServer) GetImportJob(context.Context, *GetImportJobRequest) (*ImportJob, error)

func (*UnimplementedKeyManagementServiceServer) GetKeyRing 

func (*UnimplementedKeyManagementServiceServer) GetKeyRing(context.Context, *GetKeyRingRequest) (*KeyRing, error)

func (*UnimplementedKeyManagementServiceServer) GetPublicKey 

func (*UnimplementedKeyManagementServiceServer) GetPublicKey(context.Context, *GetPublicKeyRequest) (*PublicKey, error)

func (*UnimplementedKeyManagementServiceServer) ImportCryptoKeyVersion 

func (*UnimplementedKeyManagementServiceServer) ImportCryptoKeyVersion(context.Context, *ImportCryptoKeyVersionRequest) (*CryptoKeyVersion, error)

func (*UnimplementedKeyManagementServiceServer) ListCryptoKeyVersions 

func (*UnimplementedKeyManagementServiceServer) ListCryptoKeyVersions(context.Context, *ListCryptoKeyVersionsRequest) (*ListCryptoKeyVersionsResponse, error)

func (*UnimplementedKeyManagementServiceServer) ListCryptoKeys 

func (*UnimplementedKeyManagementServiceServer) ListCryptoKeys(context.Context, *ListCryptoKeysRequest) (*ListCryptoKeysResponse, error)

func (*UnimplementedKeyManagementServiceServer) ListImportJobs 

func (*UnimplementedKeyManagementServiceServer) ListImportJobs(context.Context, *ListImportJobsRequest) (*ListImportJobsResponse, error)

func (*UnimplementedKeyManagementServiceServer) ListKeyRings 

func (*UnimplementedKeyManagementServiceServer) ListKeyRings(context.Context, *ListKeyRingsRequest) (*ListKeyRingsResponse, error)

func (*UnimplementedKeyManagementServiceServer) RestoreCryptoKeyVersion 

func (*UnimplementedKeyManagementServiceServer) RestoreCryptoKeyVersion(context.Context, *RestoreCryptoKeyVersionRequest) (*CryptoKeyVersion, error)

func (*UnimplementedKeyManagementServiceServer) UpdateCryptoKey 

func (*UnimplementedKeyManagementServiceServer) UpdateCryptoKey(context.Context, *UpdateCryptoKeyRequest) (*CryptoKey, error)

func (*UnimplementedKeyManagementServiceServer) UpdateCryptoKeyPrimaryVersion 

func (*UnimplementedKeyManagementServiceServer) UpdateCryptoKeyPrimaryVersion(context.Context, *UpdateCryptoKeyPrimaryVersionRequest) (*CryptoKey, error)

func (*UnimplementedKeyManagementServiceServer) UpdateCryptoKeyVersion 

func (*UnimplementedKeyManagementServiceServer) UpdateCryptoKeyVersion(context.Context, *UpdateCryptoKeyVersionRequest) (*CryptoKeyVersion, error)

type UpdateCryptoKeyPrimaryVersionRequest 

type UpdateCryptoKeyPrimaryVersionRequest struct {

	// Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to update.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. The id of the child [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use as primary.
	CryptoKeyVersionId string `protobuf:"bytes,2,opt,name=crypto_key_version_id,json=cryptoKeyVersionId,proto3" json:"crypto_key_version_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion].

func (*UpdateCryptoKeyPrimaryVersionRequest) Descriptor deprecated 

func (*UpdateCryptoKeyPrimaryVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use UpdateCryptoKeyPrimaryVersionRequest.ProtoReflect.Descriptor instead.

func (*UpdateCryptoKeyPrimaryVersionRequest) GetCryptoKeyVersionId 

func (x *UpdateCryptoKeyPrimaryVersionRequest) GetCryptoKeyVersionId() string

func (*UpdateCryptoKeyPrimaryVersionRequest) GetName 

func (x *UpdateCryptoKeyPrimaryVersionRequest) GetName() string

func (*UpdateCryptoKeyPrimaryVersionRequest) ProtoMessage 

func (*UpdateCryptoKeyPrimaryVersionRequest) ProtoMessage()

func (*UpdateCryptoKeyPrimaryVersionRequest) ProtoReflect 

func (x *UpdateCryptoKeyPrimaryVersionRequest) ProtoReflect() protoreflect.Message

func (*UpdateCryptoKeyPrimaryVersionRequest) Reset 

func (x *UpdateCryptoKeyPrimaryVersionRequest) Reset()

func (*UpdateCryptoKeyPrimaryVersionRequest) String 

func (x *UpdateCryptoKeyPrimaryVersionRequest) String() string

type UpdateCryptoKeyRequest 

type UpdateCryptoKeyRequest struct {

	// Required. [CryptoKey][google.cloud.kms.v1.CryptoKey] with updated values.
	CryptoKey *CryptoKey `protobuf:"bytes,1,opt,name=crypto_key,json=cryptoKey,proto3" json:"crypto_key,omitempty"`
	// Required. List of fields to be updated in this request.
	UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.UpdateCryptoKey][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKey].

func (*UpdateCryptoKeyRequest) Descriptor deprecated 

func (*UpdateCryptoKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use UpdateCryptoKeyRequest.ProtoReflect.Descriptor instead.

func (*UpdateCryptoKeyRequest) GetCryptoKey 

func (x *UpdateCryptoKeyRequest) GetCryptoKey() *CryptoKey

func (*UpdateCryptoKeyRequest) GetUpdateMask 

func (x *UpdateCryptoKeyRequest) GetUpdateMask() *fieldmaskpb.FieldMask

func (*UpdateCryptoKeyRequest) ProtoMessage 

func (*UpdateCryptoKeyRequest) ProtoMessage()

func (*UpdateCryptoKeyRequest) ProtoReflect 

func (x *UpdateCryptoKeyRequest) ProtoReflect() protoreflect.Message

func (*UpdateCryptoKeyRequest) Reset 

func (x *UpdateCryptoKeyRequest) Reset()

func (*UpdateCryptoKeyRequest) String 

func (x *UpdateCryptoKeyRequest) String() string

type UpdateCryptoKeyVersionRequest 

type UpdateCryptoKeyVersionRequest struct {

	// Required. [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with updated values.
	CryptoKeyVersion *CryptoKeyVersion `protobuf:"bytes,1,opt,name=crypto_key_version,json=cryptoKeyVersion,proto3" json:"crypto_key_version,omitempty"`
	// Required. List of fields to be updated in this request.
	UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.UpdateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyVersion].

func (*UpdateCryptoKeyVersionRequest) Descriptor deprecated 

func (*UpdateCryptoKeyVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use UpdateCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.

func (*UpdateCryptoKeyVersionRequest) GetCryptoKeyVersion 

func (x *UpdateCryptoKeyVersionRequest) GetCryptoKeyVersion() *CryptoKeyVersion

func (*UpdateCryptoKeyVersionRequest) GetUpdateMask 

func (x *UpdateCryptoKeyVersionRequest) GetUpdateMask() *fieldmaskpb.FieldMask

func (*UpdateCryptoKeyVersionRequest) ProtoMessage 

func (*UpdateCryptoKeyVersionRequest) ProtoMessage()

func (*UpdateCryptoKeyVersionRequest) ProtoReflect 

func (x *UpdateCryptoKeyVersionRequest) ProtoReflect() protoreflect.Message

func (*UpdateCryptoKeyVersionRequest) Reset 

func (x *UpdateCryptoKeyVersionRequest) Reset()

func (*UpdateCryptoKeyVersionRequest) String 

func (x *UpdateCryptoKeyVersionRequest) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.