Documentation ¶
Index ¶
- Variables
- func RegisterKeyManagementServiceServer(s *grpc.Server, srv KeyManagementServiceServer)
- type AsymmetricDecryptRequest
- func (*AsymmetricDecryptRequest) Descriptor() ([]byte, []int)deprecated
- func (x *AsymmetricDecryptRequest) GetCiphertext() []byte
- func (x *AsymmetricDecryptRequest) GetCiphertextCrc32C() *wrapperspb.Int64Value
- func (x *AsymmetricDecryptRequest) GetName() string
- func (*AsymmetricDecryptRequest) ProtoMessage()
- func (x *AsymmetricDecryptRequest) ProtoReflect() protoreflect.Message
- func (x *AsymmetricDecryptRequest) Reset()
- func (x *AsymmetricDecryptRequest) String() string
- type AsymmetricDecryptResponse
- func (*AsymmetricDecryptResponse) Descriptor() ([]byte, []int)deprecated
- func (x *AsymmetricDecryptResponse) GetPlaintext() []byte
- func (x *AsymmetricDecryptResponse) GetPlaintextCrc32C() *wrapperspb.Int64Value
- func (x *AsymmetricDecryptResponse) GetProtectionLevel() ProtectionLevel
- func (x *AsymmetricDecryptResponse) GetVerifiedCiphertextCrc32C() bool
- func (*AsymmetricDecryptResponse) ProtoMessage()
- func (x *AsymmetricDecryptResponse) ProtoReflect() protoreflect.Message
- func (x *AsymmetricDecryptResponse) Reset()
- func (x *AsymmetricDecryptResponse) String() string
- type AsymmetricSignRequest
- func (*AsymmetricSignRequest) Descriptor() ([]byte, []int)deprecated
- func (x *AsymmetricSignRequest) GetData() []byte
- func (x *AsymmetricSignRequest) GetDataCrc32C() *wrapperspb.Int64Value
- func (x *AsymmetricSignRequest) GetDigest() *Digest
- func (x *AsymmetricSignRequest) GetDigestCrc32C() *wrapperspb.Int64Value
- func (x *AsymmetricSignRequest) GetName() string
- func (*AsymmetricSignRequest) ProtoMessage()
- func (x *AsymmetricSignRequest) ProtoReflect() protoreflect.Message
- func (x *AsymmetricSignRequest) Reset()
- func (x *AsymmetricSignRequest) String() string
- type AsymmetricSignResponse
- func (*AsymmetricSignResponse) Descriptor() ([]byte, []int)deprecated
- func (x *AsymmetricSignResponse) GetName() string
- func (x *AsymmetricSignResponse) GetProtectionLevel() ProtectionLevel
- func (x *AsymmetricSignResponse) GetSignature() []byte
- func (x *AsymmetricSignResponse) GetSignatureCrc32C() *wrapperspb.Int64Value
- func (x *AsymmetricSignResponse) GetVerifiedDataCrc32C() bool
- func (x *AsymmetricSignResponse) GetVerifiedDigestCrc32C() bool
- func (*AsymmetricSignResponse) ProtoMessage()
- func (x *AsymmetricSignResponse) ProtoReflect() protoreflect.Message
- func (x *AsymmetricSignResponse) Reset()
- func (x *AsymmetricSignResponse) String() string
- type CreateCryptoKeyRequest
- func (*CreateCryptoKeyRequest) Descriptor() ([]byte, []int)deprecated
- func (x *CreateCryptoKeyRequest) GetCryptoKey() *CryptoKey
- func (x *CreateCryptoKeyRequest) GetCryptoKeyId() string
- func (x *CreateCryptoKeyRequest) GetParent() string
- func (x *CreateCryptoKeyRequest) GetSkipInitialVersionCreation() bool
- func (*CreateCryptoKeyRequest) ProtoMessage()
- func (x *CreateCryptoKeyRequest) ProtoReflect() protoreflect.Message
- func (x *CreateCryptoKeyRequest) Reset()
- func (x *CreateCryptoKeyRequest) String() string
- type CreateCryptoKeyVersionRequest
- func (*CreateCryptoKeyVersionRequest) Descriptor() ([]byte, []int)deprecated
- func (x *CreateCryptoKeyVersionRequest) GetCryptoKeyVersion() *CryptoKeyVersion
- func (x *CreateCryptoKeyVersionRequest) GetParent() string
- func (*CreateCryptoKeyVersionRequest) ProtoMessage()
- func (x *CreateCryptoKeyVersionRequest) ProtoReflect() protoreflect.Message
- func (x *CreateCryptoKeyVersionRequest) Reset()
- func (x *CreateCryptoKeyVersionRequest) String() string
- type CreateImportJobRequest
- func (*CreateImportJobRequest) Descriptor() ([]byte, []int)deprecated
- func (x *CreateImportJobRequest) GetImportJob() *ImportJob
- func (x *CreateImportJobRequest) GetImportJobId() string
- func (x *CreateImportJobRequest) GetParent() string
- func (*CreateImportJobRequest) ProtoMessage()
- func (x *CreateImportJobRequest) ProtoReflect() protoreflect.Message
- func (x *CreateImportJobRequest) Reset()
- func (x *CreateImportJobRequest) String() string
- type CreateKeyRingRequest
- func (*CreateKeyRingRequest) Descriptor() ([]byte, []int)deprecated
- func (x *CreateKeyRingRequest) GetKeyRing() *KeyRing
- func (x *CreateKeyRingRequest) GetKeyRingId() string
- func (x *CreateKeyRingRequest) GetParent() string
- func (*CreateKeyRingRequest) ProtoMessage()
- func (x *CreateKeyRingRequest) ProtoReflect() protoreflect.Message
- func (x *CreateKeyRingRequest) Reset()
- func (x *CreateKeyRingRequest) String() string
- type CryptoKey
- func (*CryptoKey) Descriptor() ([]byte, []int)deprecated
- func (x *CryptoKey) GetCreateTime() *timestamppb.Timestamp
- func (x *CryptoKey) GetDestroyScheduledDuration() *durationpb.Duration
- func (x *CryptoKey) GetImportOnly() bool
- func (x *CryptoKey) GetLabels() map[string]string
- func (x *CryptoKey) GetName() string
- func (x *CryptoKey) GetNextRotationTime() *timestamppb.Timestamp
- func (x *CryptoKey) GetPrimary() *CryptoKeyVersion
- func (x *CryptoKey) GetPurpose() CryptoKey_CryptoKeyPurpose
- func (x *CryptoKey) GetRotationPeriod() *durationpb.Duration
- func (m *CryptoKey) GetRotationSchedule() isCryptoKey_RotationSchedule
- func (x *CryptoKey) GetVersionTemplate() *CryptoKeyVersionTemplate
- func (*CryptoKey) ProtoMessage()
- func (x *CryptoKey) ProtoReflect() protoreflect.Message
- func (x *CryptoKey) Reset()
- func (x *CryptoKey) String() string
- type CryptoKeyVersion
- func (*CryptoKeyVersion) Descriptor() ([]byte, []int)deprecated
- func (x *CryptoKeyVersion) GetAlgorithm() CryptoKeyVersion_CryptoKeyVersionAlgorithm
- func (x *CryptoKeyVersion) GetAttestation() *KeyOperationAttestation
- func (x *CryptoKeyVersion) GetCreateTime() *timestamppb.Timestamp
- func (x *CryptoKeyVersion) GetDestroyEventTime() *timestamppb.Timestamp
- func (x *CryptoKeyVersion) GetDestroyTime() *timestamppb.Timestamp
- func (x *CryptoKeyVersion) GetExternalProtectionLevelOptions() *ExternalProtectionLevelOptions
- func (x *CryptoKeyVersion) GetGenerateTime() *timestamppb.Timestamp
- func (x *CryptoKeyVersion) GetImportFailureReason() string
- func (x *CryptoKeyVersion) GetImportJob() string
- func (x *CryptoKeyVersion) GetImportTime() *timestamppb.Timestamp
- func (x *CryptoKeyVersion) GetName() string
- func (x *CryptoKeyVersion) GetProtectionLevel() ProtectionLevel
- func (x *CryptoKeyVersion) GetReimportEligible() bool
- func (x *CryptoKeyVersion) GetState() CryptoKeyVersion_CryptoKeyVersionState
- func (*CryptoKeyVersion) ProtoMessage()
- func (x *CryptoKeyVersion) ProtoReflect() protoreflect.Message
- func (x *CryptoKeyVersion) Reset()
- func (x *CryptoKeyVersion) String() string
- type CryptoKeyVersionTemplate
- func (*CryptoKeyVersionTemplate) Descriptor() ([]byte, []int)deprecated
- func (x *CryptoKeyVersionTemplate) GetAlgorithm() CryptoKeyVersion_CryptoKeyVersionAlgorithm
- func (x *CryptoKeyVersionTemplate) GetProtectionLevel() ProtectionLevel
- func (*CryptoKeyVersionTemplate) ProtoMessage()
- func (x *CryptoKeyVersionTemplate) ProtoReflect() protoreflect.Message
- func (x *CryptoKeyVersionTemplate) Reset()
- func (x *CryptoKeyVersionTemplate) String() string
- type CryptoKeyVersion_CryptoKeyVersionAlgorithm
- func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Descriptor() protoreflect.EnumDescriptor
- func (x CryptoKeyVersion_CryptoKeyVersionAlgorithm) Enum() *CryptoKeyVersion_CryptoKeyVersionAlgorithm
- func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) EnumDescriptor() ([]byte, []int)deprecated
- func (x CryptoKeyVersion_CryptoKeyVersionAlgorithm) Number() protoreflect.EnumNumber
- func (x CryptoKeyVersion_CryptoKeyVersionAlgorithm) String() string
- func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Type() protoreflect.EnumType
- type CryptoKeyVersion_CryptoKeyVersionState
- func (CryptoKeyVersion_CryptoKeyVersionState) Descriptor() protoreflect.EnumDescriptor
- func (x CryptoKeyVersion_CryptoKeyVersionState) Enum() *CryptoKeyVersion_CryptoKeyVersionState
- func (CryptoKeyVersion_CryptoKeyVersionState) EnumDescriptor() ([]byte, []int)deprecated
- func (x CryptoKeyVersion_CryptoKeyVersionState) Number() protoreflect.EnumNumber
- func (x CryptoKeyVersion_CryptoKeyVersionState) String() string
- func (CryptoKeyVersion_CryptoKeyVersionState) Type() protoreflect.EnumType
- type CryptoKeyVersion_CryptoKeyVersionView
- func (CryptoKeyVersion_CryptoKeyVersionView) Descriptor() protoreflect.EnumDescriptor
- func (x CryptoKeyVersion_CryptoKeyVersionView) Enum() *CryptoKeyVersion_CryptoKeyVersionView
- func (CryptoKeyVersion_CryptoKeyVersionView) EnumDescriptor() ([]byte, []int)deprecated
- func (x CryptoKeyVersion_CryptoKeyVersionView) Number() protoreflect.EnumNumber
- func (x CryptoKeyVersion_CryptoKeyVersionView) String() string
- func (CryptoKeyVersion_CryptoKeyVersionView) Type() protoreflect.EnumType
- type CryptoKey_CryptoKeyPurpose
- func (CryptoKey_CryptoKeyPurpose) Descriptor() protoreflect.EnumDescriptor
- func (x CryptoKey_CryptoKeyPurpose) Enum() *CryptoKey_CryptoKeyPurpose
- func (CryptoKey_CryptoKeyPurpose) EnumDescriptor() ([]byte, []int)deprecated
- func (x CryptoKey_CryptoKeyPurpose) Number() protoreflect.EnumNumber
- func (x CryptoKey_CryptoKeyPurpose) String() string
- func (CryptoKey_CryptoKeyPurpose) Type() protoreflect.EnumType
- type CryptoKey_RotationPeriod
- type DecryptRequest
- func (*DecryptRequest) Descriptor() ([]byte, []int)deprecated
- func (x *DecryptRequest) GetAdditionalAuthenticatedData() []byte
- func (x *DecryptRequest) GetAdditionalAuthenticatedDataCrc32C() *wrapperspb.Int64Value
- func (x *DecryptRequest) GetCiphertext() []byte
- func (x *DecryptRequest) GetCiphertextCrc32C() *wrapperspb.Int64Value
- func (x *DecryptRequest) GetName() string
- func (*DecryptRequest) ProtoMessage()
- func (x *DecryptRequest) ProtoReflect() protoreflect.Message
- func (x *DecryptRequest) Reset()
- func (x *DecryptRequest) String() string
- type DecryptResponse
- func (*DecryptResponse) Descriptor() ([]byte, []int)deprecated
- func (x *DecryptResponse) GetPlaintext() []byte
- func (x *DecryptResponse) GetPlaintextCrc32C() *wrapperspb.Int64Value
- func (x *DecryptResponse) GetProtectionLevel() ProtectionLevel
- func (x *DecryptResponse) GetUsedPrimary() bool
- func (*DecryptResponse) ProtoMessage()
- func (x *DecryptResponse) ProtoReflect() protoreflect.Message
- func (x *DecryptResponse) Reset()
- func (x *DecryptResponse) String() string
- type DestroyCryptoKeyVersionRequest
- func (*DestroyCryptoKeyVersionRequest) Descriptor() ([]byte, []int)deprecated
- func (x *DestroyCryptoKeyVersionRequest) GetName() string
- func (*DestroyCryptoKeyVersionRequest) ProtoMessage()
- func (x *DestroyCryptoKeyVersionRequest) ProtoReflect() protoreflect.Message
- func (x *DestroyCryptoKeyVersionRequest) Reset()
- func (x *DestroyCryptoKeyVersionRequest) String() string
- type Digest
- func (*Digest) Descriptor() ([]byte, []int)deprecated
- func (m *Digest) GetDigest() isDigest_Digest
- func (x *Digest) GetSha256() []byte
- func (x *Digest) GetSha384() []byte
- func (x *Digest) GetSha512() []byte
- func (*Digest) ProtoMessage()
- func (x *Digest) ProtoReflect() protoreflect.Message
- func (x *Digest) Reset()
- func (x *Digest) String() string
- type Digest_Sha256
- type Digest_Sha384
- type Digest_Sha512
- type EncryptRequest
- func (*EncryptRequest) Descriptor() ([]byte, []int)deprecated
- func (x *EncryptRequest) GetAdditionalAuthenticatedData() []byte
- func (x *EncryptRequest) GetAdditionalAuthenticatedDataCrc32C() *wrapperspb.Int64Value
- func (x *EncryptRequest) GetName() string
- func (x *EncryptRequest) GetPlaintext() []byte
- func (x *EncryptRequest) GetPlaintextCrc32C() *wrapperspb.Int64Value
- func (*EncryptRequest) ProtoMessage()
- func (x *EncryptRequest) ProtoReflect() protoreflect.Message
- func (x *EncryptRequest) Reset()
- func (x *EncryptRequest) String() string
- type EncryptResponse
- func (*EncryptResponse) Descriptor() ([]byte, []int)deprecated
- func (x *EncryptResponse) GetCiphertext() []byte
- func (x *EncryptResponse) GetCiphertextCrc32C() *wrapperspb.Int64Value
- func (x *EncryptResponse) GetName() string
- func (x *EncryptResponse) GetProtectionLevel() ProtectionLevel
- func (x *EncryptResponse) GetVerifiedAdditionalAuthenticatedDataCrc32C() bool
- func (x *EncryptResponse) GetVerifiedPlaintextCrc32C() bool
- func (*EncryptResponse) ProtoMessage()
- func (x *EncryptResponse) ProtoReflect() protoreflect.Message
- func (x *EncryptResponse) Reset()
- func (x *EncryptResponse) String() string
- type ExternalProtectionLevelOptions
- func (*ExternalProtectionLevelOptions) Descriptor() ([]byte, []int)deprecated
- func (x *ExternalProtectionLevelOptions) GetExternalKeyUri() string
- func (*ExternalProtectionLevelOptions) ProtoMessage()
- func (x *ExternalProtectionLevelOptions) ProtoReflect() protoreflect.Message
- func (x *ExternalProtectionLevelOptions) Reset()
- func (x *ExternalProtectionLevelOptions) String() string
- type GenerateRandomBytesRequest
- func (*GenerateRandomBytesRequest) Descriptor() ([]byte, []int)deprecated
- func (x *GenerateRandomBytesRequest) GetLengthBytes() int32
- func (x *GenerateRandomBytesRequest) GetLocation() string
- func (x *GenerateRandomBytesRequest) GetProtectionLevel() ProtectionLevel
- func (*GenerateRandomBytesRequest) ProtoMessage()
- func (x *GenerateRandomBytesRequest) ProtoReflect() protoreflect.Message
- func (x *GenerateRandomBytesRequest) Reset()
- func (x *GenerateRandomBytesRequest) String() string
- type GenerateRandomBytesResponse
- func (*GenerateRandomBytesResponse) Descriptor() ([]byte, []int)deprecated
- func (x *GenerateRandomBytesResponse) GetData() []byte
- func (x *GenerateRandomBytesResponse) GetDataCrc32C() *wrapperspb.Int64Value
- func (*GenerateRandomBytesResponse) ProtoMessage()
- func (x *GenerateRandomBytesResponse) ProtoReflect() protoreflect.Message
- func (x *GenerateRandomBytesResponse) Reset()
- func (x *GenerateRandomBytesResponse) String() string
- type GetCryptoKeyRequest
- func (*GetCryptoKeyRequest) Descriptor() ([]byte, []int)deprecated
- func (x *GetCryptoKeyRequest) GetName() string
- func (*GetCryptoKeyRequest) ProtoMessage()
- func (x *GetCryptoKeyRequest) ProtoReflect() protoreflect.Message
- func (x *GetCryptoKeyRequest) Reset()
- func (x *GetCryptoKeyRequest) String() string
- type GetCryptoKeyVersionRequest
- func (*GetCryptoKeyVersionRequest) Descriptor() ([]byte, []int)deprecated
- func (x *GetCryptoKeyVersionRequest) GetName() string
- func (*GetCryptoKeyVersionRequest) ProtoMessage()
- func (x *GetCryptoKeyVersionRequest) ProtoReflect() protoreflect.Message
- func (x *GetCryptoKeyVersionRequest) Reset()
- func (x *GetCryptoKeyVersionRequest) String() string
- type GetImportJobRequest
- func (*GetImportJobRequest) Descriptor() ([]byte, []int)deprecated
- func (x *GetImportJobRequest) GetName() string
- func (*GetImportJobRequest) ProtoMessage()
- func (x *GetImportJobRequest) ProtoReflect() protoreflect.Message
- func (x *GetImportJobRequest) Reset()
- func (x *GetImportJobRequest) String() string
- type GetKeyRingRequest
- type GetPublicKeyRequest
- func (*GetPublicKeyRequest) Descriptor() ([]byte, []int)deprecated
- func (x *GetPublicKeyRequest) GetName() string
- func (*GetPublicKeyRequest) ProtoMessage()
- func (x *GetPublicKeyRequest) ProtoReflect() protoreflect.Message
- func (x *GetPublicKeyRequest) Reset()
- func (x *GetPublicKeyRequest) String() string
- type ImportCryptoKeyVersionRequest
- func (*ImportCryptoKeyVersionRequest) Descriptor() ([]byte, []int)deprecated
- func (x *ImportCryptoKeyVersionRequest) GetAlgorithm() CryptoKeyVersion_CryptoKeyVersionAlgorithm
- func (x *ImportCryptoKeyVersionRequest) GetCryptoKeyVersion() string
- func (x *ImportCryptoKeyVersionRequest) GetImportJob() string
- func (x *ImportCryptoKeyVersionRequest) GetParent() string
- func (x *ImportCryptoKeyVersionRequest) GetRsaAesWrappedKey() []byte
- func (m *ImportCryptoKeyVersionRequest) GetWrappedKeyMaterial() isImportCryptoKeyVersionRequest_WrappedKeyMaterial
- func (*ImportCryptoKeyVersionRequest) ProtoMessage()
- func (x *ImportCryptoKeyVersionRequest) ProtoReflect() protoreflect.Message
- func (x *ImportCryptoKeyVersionRequest) Reset()
- func (x *ImportCryptoKeyVersionRequest) String() string
- type ImportCryptoKeyVersionRequest_RsaAesWrappedKey
- type ImportJob
- func (*ImportJob) Descriptor() ([]byte, []int)deprecated
- func (x *ImportJob) GetAttestation() *KeyOperationAttestation
- func (x *ImportJob) GetCreateTime() *timestamppb.Timestamp
- func (x *ImportJob) GetExpireEventTime() *timestamppb.Timestamp
- func (x *ImportJob) GetExpireTime() *timestamppb.Timestamp
- func (x *ImportJob) GetGenerateTime() *timestamppb.Timestamp
- func (x *ImportJob) GetImportMethod() ImportJob_ImportMethod
- func (x *ImportJob) GetName() string
- func (x *ImportJob) GetProtectionLevel() ProtectionLevel
- func (x *ImportJob) GetPublicKey() *ImportJob_WrappingPublicKey
- func (x *ImportJob) GetState() ImportJob_ImportJobState
- func (*ImportJob) ProtoMessage()
- func (x *ImportJob) ProtoReflect() protoreflect.Message
- func (x *ImportJob) Reset()
- func (x *ImportJob) String() string
- type ImportJob_ImportJobState
- func (ImportJob_ImportJobState) Descriptor() protoreflect.EnumDescriptor
- func (x ImportJob_ImportJobState) Enum() *ImportJob_ImportJobState
- func (ImportJob_ImportJobState) EnumDescriptor() ([]byte, []int)deprecated
- func (x ImportJob_ImportJobState) Number() protoreflect.EnumNumber
- func (x ImportJob_ImportJobState) String() string
- func (ImportJob_ImportJobState) Type() protoreflect.EnumType
- type ImportJob_ImportMethod
- func (ImportJob_ImportMethod) Descriptor() protoreflect.EnumDescriptor
- func (x ImportJob_ImportMethod) Enum() *ImportJob_ImportMethod
- func (ImportJob_ImportMethod) EnumDescriptor() ([]byte, []int)deprecated
- func (x ImportJob_ImportMethod) Number() protoreflect.EnumNumber
- func (x ImportJob_ImportMethod) String() string
- func (ImportJob_ImportMethod) Type() protoreflect.EnumType
- type ImportJob_WrappingPublicKey
- func (*ImportJob_WrappingPublicKey) Descriptor() ([]byte, []int)deprecated
- func (x *ImportJob_WrappingPublicKey) GetPem() string
- func (*ImportJob_WrappingPublicKey) ProtoMessage()
- func (x *ImportJob_WrappingPublicKey) ProtoReflect() protoreflect.Message
- func (x *ImportJob_WrappingPublicKey) Reset()
- func (x *ImportJob_WrappingPublicKey) String() string
- type KeyManagementServiceClient
- type KeyManagementServiceServer
- type KeyOperationAttestation
- func (*KeyOperationAttestation) Descriptor() ([]byte, []int)deprecated
- func (x *KeyOperationAttestation) GetContent() []byte
- func (x *KeyOperationAttestation) GetFormat() KeyOperationAttestation_AttestationFormat
- func (*KeyOperationAttestation) ProtoMessage()
- func (x *KeyOperationAttestation) ProtoReflect() protoreflect.Message
- func (x *KeyOperationAttestation) Reset()
- func (x *KeyOperationAttestation) String() string
- type KeyOperationAttestation_AttestationFormat
- func (KeyOperationAttestation_AttestationFormat) Descriptor() protoreflect.EnumDescriptor
- func (x KeyOperationAttestation_AttestationFormat) Enum() *KeyOperationAttestation_AttestationFormat
- func (KeyOperationAttestation_AttestationFormat) EnumDescriptor() ([]byte, []int)deprecated
- func (x KeyOperationAttestation_AttestationFormat) Number() protoreflect.EnumNumber
- func (x KeyOperationAttestation_AttestationFormat) String() string
- func (KeyOperationAttestation_AttestationFormat) Type() protoreflect.EnumType
- type KeyRing
- type ListCryptoKeyVersionsRequest
- func (*ListCryptoKeyVersionsRequest) Descriptor() ([]byte, []int)deprecated
- func (x *ListCryptoKeyVersionsRequest) GetFilter() string
- func (x *ListCryptoKeyVersionsRequest) GetOrderBy() string
- func (x *ListCryptoKeyVersionsRequest) GetPageSize() int32
- func (x *ListCryptoKeyVersionsRequest) GetPageToken() string
- func (x *ListCryptoKeyVersionsRequest) GetParent() string
- func (x *ListCryptoKeyVersionsRequest) GetView() CryptoKeyVersion_CryptoKeyVersionView
- func (*ListCryptoKeyVersionsRequest) ProtoMessage()
- func (x *ListCryptoKeyVersionsRequest) ProtoReflect() protoreflect.Message
- func (x *ListCryptoKeyVersionsRequest) Reset()
- func (x *ListCryptoKeyVersionsRequest) String() string
- type ListCryptoKeyVersionsResponse
- func (*ListCryptoKeyVersionsResponse) Descriptor() ([]byte, []int)deprecated
- func (x *ListCryptoKeyVersionsResponse) GetCryptoKeyVersions() []*CryptoKeyVersion
- func (x *ListCryptoKeyVersionsResponse) GetNextPageToken() string
- func (x *ListCryptoKeyVersionsResponse) GetTotalSize() int32
- func (*ListCryptoKeyVersionsResponse) ProtoMessage()
- func (x *ListCryptoKeyVersionsResponse) ProtoReflect() protoreflect.Message
- func (x *ListCryptoKeyVersionsResponse) Reset()
- func (x *ListCryptoKeyVersionsResponse) String() string
- type ListCryptoKeysRequest
- func (*ListCryptoKeysRequest) Descriptor() ([]byte, []int)deprecated
- func (x *ListCryptoKeysRequest) GetFilter() string
- func (x *ListCryptoKeysRequest) GetOrderBy() string
- func (x *ListCryptoKeysRequest) GetPageSize() int32
- func (x *ListCryptoKeysRequest) GetPageToken() string
- func (x *ListCryptoKeysRequest) GetParent() string
- func (x *ListCryptoKeysRequest) GetVersionView() CryptoKeyVersion_CryptoKeyVersionView
- func (*ListCryptoKeysRequest) ProtoMessage()
- func (x *ListCryptoKeysRequest) ProtoReflect() protoreflect.Message
- func (x *ListCryptoKeysRequest) Reset()
- func (x *ListCryptoKeysRequest) String() string
- type ListCryptoKeysResponse
- func (*ListCryptoKeysResponse) Descriptor() ([]byte, []int)deprecated
- func (x *ListCryptoKeysResponse) GetCryptoKeys() []*CryptoKey
- func (x *ListCryptoKeysResponse) GetNextPageToken() string
- func (x *ListCryptoKeysResponse) GetTotalSize() int32
- func (*ListCryptoKeysResponse) ProtoMessage()
- func (x *ListCryptoKeysResponse) ProtoReflect() protoreflect.Message
- func (x *ListCryptoKeysResponse) Reset()
- func (x *ListCryptoKeysResponse) String() string
- type ListImportJobsRequest
- func (*ListImportJobsRequest) Descriptor() ([]byte, []int)deprecated
- func (x *ListImportJobsRequest) GetFilter() string
- func (x *ListImportJobsRequest) GetOrderBy() string
- func (x *ListImportJobsRequest) GetPageSize() int32
- func (x *ListImportJobsRequest) GetPageToken() string
- func (x *ListImportJobsRequest) GetParent() string
- func (*ListImportJobsRequest) ProtoMessage()
- func (x *ListImportJobsRequest) ProtoReflect() protoreflect.Message
- func (x *ListImportJobsRequest) Reset()
- func (x *ListImportJobsRequest) String() string
- type ListImportJobsResponse
- func (*ListImportJobsResponse) Descriptor() ([]byte, []int)deprecated
- func (x *ListImportJobsResponse) GetImportJobs() []*ImportJob
- func (x *ListImportJobsResponse) GetNextPageToken() string
- func (x *ListImportJobsResponse) GetTotalSize() int32
- func (*ListImportJobsResponse) ProtoMessage()
- func (x *ListImportJobsResponse) ProtoReflect() protoreflect.Message
- func (x *ListImportJobsResponse) Reset()
- func (x *ListImportJobsResponse) String() string
- type ListKeyRingsRequest
- func (*ListKeyRingsRequest) Descriptor() ([]byte, []int)deprecated
- func (x *ListKeyRingsRequest) GetFilter() string
- func (x *ListKeyRingsRequest) GetOrderBy() string
- func (x *ListKeyRingsRequest) GetPageSize() int32
- func (x *ListKeyRingsRequest) GetPageToken() string
- func (x *ListKeyRingsRequest) GetParent() string
- func (*ListKeyRingsRequest) ProtoMessage()
- func (x *ListKeyRingsRequest) ProtoReflect() protoreflect.Message
- func (x *ListKeyRingsRequest) Reset()
- func (x *ListKeyRingsRequest) String() string
- type ListKeyRingsResponse
- func (*ListKeyRingsResponse) Descriptor() ([]byte, []int)deprecated
- func (x *ListKeyRingsResponse) GetKeyRings() []*KeyRing
- func (x *ListKeyRingsResponse) GetNextPageToken() string
- func (x *ListKeyRingsResponse) GetTotalSize() int32
- func (*ListKeyRingsResponse) ProtoMessage()
- func (x *ListKeyRingsResponse) ProtoReflect() protoreflect.Message
- func (x *ListKeyRingsResponse) Reset()
- func (x *ListKeyRingsResponse) String() string
- type LocationMetadata
- func (*LocationMetadata) Descriptor() ([]byte, []int)deprecated
- func (x *LocationMetadata) GetEkmAvailable() bool
- func (x *LocationMetadata) GetHsmAvailable() bool
- func (*LocationMetadata) ProtoMessage()
- func (x *LocationMetadata) ProtoReflect() protoreflect.Message
- func (x *LocationMetadata) Reset()
- func (x *LocationMetadata) String() string
- type MacSignRequest
- func (*MacSignRequest) Descriptor() ([]byte, []int)deprecated
- func (x *MacSignRequest) GetData() []byte
- func (x *MacSignRequest) GetDataCrc32C() *wrapperspb.Int64Value
- func (x *MacSignRequest) GetName() string
- func (*MacSignRequest) ProtoMessage()
- func (x *MacSignRequest) ProtoReflect() protoreflect.Message
- func (x *MacSignRequest) Reset()
- func (x *MacSignRequest) String() string
- type MacSignResponse
- func (*MacSignResponse) Descriptor() ([]byte, []int)deprecated
- func (x *MacSignResponse) GetMac() []byte
- func (x *MacSignResponse) GetMacCrc32C() *wrapperspb.Int64Value
- func (x *MacSignResponse) GetName() string
- func (x *MacSignResponse) GetProtectionLevel() ProtectionLevel
- func (x *MacSignResponse) GetVerifiedDataCrc32C() bool
- func (*MacSignResponse) ProtoMessage()
- func (x *MacSignResponse) ProtoReflect() protoreflect.Message
- func (x *MacSignResponse) Reset()
- func (x *MacSignResponse) String() string
- type MacVerifyRequest
- func (*MacVerifyRequest) Descriptor() ([]byte, []int)deprecated
- func (x *MacVerifyRequest) GetData() []byte
- func (x *MacVerifyRequest) GetDataCrc32C() *wrapperspb.Int64Value
- func (x *MacVerifyRequest) GetMac() []byte
- func (x *MacVerifyRequest) GetMacCrc32C() *wrapperspb.Int64Value
- func (x *MacVerifyRequest) GetName() string
- func (*MacVerifyRequest) ProtoMessage()
- func (x *MacVerifyRequest) ProtoReflect() protoreflect.Message
- func (x *MacVerifyRequest) Reset()
- func (x *MacVerifyRequest) String() string
- type MacVerifyResponse
- func (*MacVerifyResponse) Descriptor() ([]byte, []int)deprecated
- func (x *MacVerifyResponse) GetName() string
- func (x *MacVerifyResponse) GetProtectionLevel() ProtectionLevel
- func (x *MacVerifyResponse) GetSuccess() bool
- func (x *MacVerifyResponse) GetVerifiedDataCrc32C() bool
- func (x *MacVerifyResponse) GetVerifiedMacCrc32C() bool
- func (x *MacVerifyResponse) GetVerifiedSuccessIntegrity() bool
- func (*MacVerifyResponse) ProtoMessage()
- func (x *MacVerifyResponse) ProtoReflect() protoreflect.Message
- func (x *MacVerifyResponse) Reset()
- func (x *MacVerifyResponse) String() string
- type ProtectionLevel
- func (ProtectionLevel) Descriptor() protoreflect.EnumDescriptor
- func (x ProtectionLevel) Enum() *ProtectionLevel
- func (ProtectionLevel) EnumDescriptor() ([]byte, []int)deprecated
- func (x ProtectionLevel) Number() protoreflect.EnumNumber
- func (x ProtectionLevel) String() string
- func (ProtectionLevel) Type() protoreflect.EnumType
- type PublicKey
- func (*PublicKey) Descriptor() ([]byte, []int)deprecated
- func (x *PublicKey) GetAlgorithm() CryptoKeyVersion_CryptoKeyVersionAlgorithm
- func (x *PublicKey) GetName() string
- func (x *PublicKey) GetPem() string
- func (x *PublicKey) GetPemCrc32C() *wrapperspb.Int64Value
- func (x *PublicKey) GetProtectionLevel() ProtectionLevel
- func (*PublicKey) ProtoMessage()
- func (x *PublicKey) ProtoReflect() protoreflect.Message
- func (x *PublicKey) Reset()
- func (x *PublicKey) String() string
- type RestoreCryptoKeyVersionRequest
- func (*RestoreCryptoKeyVersionRequest) Descriptor() ([]byte, []int)deprecated
- func (x *RestoreCryptoKeyVersionRequest) GetName() string
- func (*RestoreCryptoKeyVersionRequest) ProtoMessage()
- func (x *RestoreCryptoKeyVersionRequest) ProtoReflect() protoreflect.Message
- func (x *RestoreCryptoKeyVersionRequest) Reset()
- func (x *RestoreCryptoKeyVersionRequest) String() string
- type UnimplementedKeyManagementServiceServer
- func (*UnimplementedKeyManagementServiceServer) AsymmetricDecrypt(context.Context, *AsymmetricDecryptRequest) (*AsymmetricDecryptResponse, error)
- func (*UnimplementedKeyManagementServiceServer) AsymmetricSign(context.Context, *AsymmetricSignRequest) (*AsymmetricSignResponse, error)
- func (*UnimplementedKeyManagementServiceServer) CreateCryptoKey(context.Context, *CreateCryptoKeyRequest) (*CryptoKey, error)
- func (*UnimplementedKeyManagementServiceServer) CreateCryptoKeyVersion(context.Context, *CreateCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
- func (*UnimplementedKeyManagementServiceServer) CreateImportJob(context.Context, *CreateImportJobRequest) (*ImportJob, error)
- func (*UnimplementedKeyManagementServiceServer) CreateKeyRing(context.Context, *CreateKeyRingRequest) (*KeyRing, error)
- func (*UnimplementedKeyManagementServiceServer) Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error)
- func (*UnimplementedKeyManagementServiceServer) DestroyCryptoKeyVersion(context.Context, *DestroyCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
- func (*UnimplementedKeyManagementServiceServer) Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error)
- func (*UnimplementedKeyManagementServiceServer) GenerateRandomBytes(context.Context, *GenerateRandomBytesRequest) (*GenerateRandomBytesResponse, error)
- func (*UnimplementedKeyManagementServiceServer) GetCryptoKey(context.Context, *GetCryptoKeyRequest) (*CryptoKey, error)
- func (*UnimplementedKeyManagementServiceServer) GetCryptoKeyVersion(context.Context, *GetCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
- func (*UnimplementedKeyManagementServiceServer) GetImportJob(context.Context, *GetImportJobRequest) (*ImportJob, error)
- func (*UnimplementedKeyManagementServiceServer) GetKeyRing(context.Context, *GetKeyRingRequest) (*KeyRing, error)
- func (*UnimplementedKeyManagementServiceServer) GetPublicKey(context.Context, *GetPublicKeyRequest) (*PublicKey, error)
- func (*UnimplementedKeyManagementServiceServer) ImportCryptoKeyVersion(context.Context, *ImportCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
- func (*UnimplementedKeyManagementServiceServer) ListCryptoKeyVersions(context.Context, *ListCryptoKeyVersionsRequest) (*ListCryptoKeyVersionsResponse, error)
- func (*UnimplementedKeyManagementServiceServer) ListCryptoKeys(context.Context, *ListCryptoKeysRequest) (*ListCryptoKeysResponse, error)
- func (*UnimplementedKeyManagementServiceServer) ListImportJobs(context.Context, *ListImportJobsRequest) (*ListImportJobsResponse, error)
- func (*UnimplementedKeyManagementServiceServer) ListKeyRings(context.Context, *ListKeyRingsRequest) (*ListKeyRingsResponse, error)
- func (*UnimplementedKeyManagementServiceServer) MacSign(context.Context, *MacSignRequest) (*MacSignResponse, error)
- func (*UnimplementedKeyManagementServiceServer) MacVerify(context.Context, *MacVerifyRequest) (*MacVerifyResponse, error)
- func (*UnimplementedKeyManagementServiceServer) RestoreCryptoKeyVersion(context.Context, *RestoreCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
- func (*UnimplementedKeyManagementServiceServer) UpdateCryptoKey(context.Context, *UpdateCryptoKeyRequest) (*CryptoKey, error)
- func (*UnimplementedKeyManagementServiceServer) UpdateCryptoKeyPrimaryVersion(context.Context, *UpdateCryptoKeyPrimaryVersionRequest) (*CryptoKey, error)
- func (*UnimplementedKeyManagementServiceServer) UpdateCryptoKeyVersion(context.Context, *UpdateCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
- type UpdateCryptoKeyPrimaryVersionRequest
- func (*UpdateCryptoKeyPrimaryVersionRequest) Descriptor() ([]byte, []int)deprecated
- func (x *UpdateCryptoKeyPrimaryVersionRequest) GetCryptoKeyVersionId() string
- func (x *UpdateCryptoKeyPrimaryVersionRequest) GetName() string
- func (*UpdateCryptoKeyPrimaryVersionRequest) ProtoMessage()
- func (x *UpdateCryptoKeyPrimaryVersionRequest) ProtoReflect() protoreflect.Message
- func (x *UpdateCryptoKeyPrimaryVersionRequest) Reset()
- func (x *UpdateCryptoKeyPrimaryVersionRequest) String() string
- type UpdateCryptoKeyRequest
- func (*UpdateCryptoKeyRequest) Descriptor() ([]byte, []int)deprecated
- func (x *UpdateCryptoKeyRequest) GetCryptoKey() *CryptoKey
- func (x *UpdateCryptoKeyRequest) GetUpdateMask() *fieldmaskpb.FieldMask
- func (*UpdateCryptoKeyRequest) ProtoMessage()
- func (x *UpdateCryptoKeyRequest) ProtoReflect() protoreflect.Message
- func (x *UpdateCryptoKeyRequest) Reset()
- func (x *UpdateCryptoKeyRequest) String() string
- type UpdateCryptoKeyVersionRequest
- func (*UpdateCryptoKeyVersionRequest) Descriptor() ([]byte, []int)deprecated
- func (x *UpdateCryptoKeyVersionRequest) GetCryptoKeyVersion() *CryptoKeyVersion
- func (x *UpdateCryptoKeyVersionRequest) GetUpdateMask() *fieldmaskpb.FieldMask
- func (*UpdateCryptoKeyVersionRequest) ProtoMessage()
- func (x *UpdateCryptoKeyVersionRequest) ProtoReflect() protoreflect.Message
- func (x *UpdateCryptoKeyVersionRequest) Reset()
- func (x *UpdateCryptoKeyVersionRequest) String() string
Constants ¶
This section is empty.
Variables ¶
var ( ProtectionLevel_name = map[int32]string{ 0: "PROTECTION_LEVEL_UNSPECIFIED", 1: "SOFTWARE", 2: "HSM", 3: "EXTERNAL", } ProtectionLevel_value = map[string]int32{ "PROTECTION_LEVEL_UNSPECIFIED": 0, "SOFTWARE": 1, "HSM": 2, "EXTERNAL": 3, } )
Enum value maps for ProtectionLevel.
var ( CryptoKey_CryptoKeyPurpose_name = map[int32]string{ 0: "CRYPTO_KEY_PURPOSE_UNSPECIFIED", 1: "ENCRYPT_DECRYPT", 5: "ASYMMETRIC_SIGN", 6: "ASYMMETRIC_DECRYPT", 9: "MAC", } CryptoKey_CryptoKeyPurpose_value = map[string]int32{ "CRYPTO_KEY_PURPOSE_UNSPECIFIED": 0, "ENCRYPT_DECRYPT": 1, "ASYMMETRIC_SIGN": 5, "ASYMMETRIC_DECRYPT": 6, "MAC": 9, } )
Enum value maps for CryptoKey_CryptoKeyPurpose.
var ( KeyOperationAttestation_AttestationFormat_name = map[int32]string{ 0: "ATTESTATION_FORMAT_UNSPECIFIED", 3: "CAVIUM_V1_COMPRESSED", 4: "CAVIUM_V2_COMPRESSED", } KeyOperationAttestation_AttestationFormat_value = map[string]int32{ "ATTESTATION_FORMAT_UNSPECIFIED": 0, "CAVIUM_V1_COMPRESSED": 3, "CAVIUM_V2_COMPRESSED": 4, } )
Enum value maps for KeyOperationAttestation_AttestationFormat.
var ( CryptoKeyVersion_CryptoKeyVersionAlgorithm_name = map[int32]string{ 0: "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED", 1: "GOOGLE_SYMMETRIC_ENCRYPTION", 2: "RSA_SIGN_PSS_2048_SHA256", 3: "RSA_SIGN_PSS_3072_SHA256", 4: "RSA_SIGN_PSS_4096_SHA256", 15: "RSA_SIGN_PSS_4096_SHA512", 5: "RSA_SIGN_PKCS1_2048_SHA256", 6: "RSA_SIGN_PKCS1_3072_SHA256", 7: "RSA_SIGN_PKCS1_4096_SHA256", 16: "RSA_SIGN_PKCS1_4096_SHA512", 28: "RSA_SIGN_RAW_PKCS1_2048", 29: "RSA_SIGN_RAW_PKCS1_3072", 30: "RSA_SIGN_RAW_PKCS1_4096", 8: "RSA_DECRYPT_OAEP_2048_SHA256", 9: "RSA_DECRYPT_OAEP_3072_SHA256", 10: "RSA_DECRYPT_OAEP_4096_SHA256", 17: "RSA_DECRYPT_OAEP_4096_SHA512", 37: "RSA_DECRYPT_OAEP_2048_SHA1", 38: "RSA_DECRYPT_OAEP_3072_SHA1", 39: "RSA_DECRYPT_OAEP_4096_SHA1", 12: "EC_SIGN_P256_SHA256", 13: "EC_SIGN_P384_SHA384", 31: "EC_SIGN_SECP256K1_SHA256", 32: "HMAC_SHA256", 18: "EXTERNAL_SYMMETRIC_ENCRYPTION", } CryptoKeyVersion_CryptoKeyVersionAlgorithm_value = map[string]int32{ "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED": 0, "GOOGLE_SYMMETRIC_ENCRYPTION": 1, "RSA_SIGN_PSS_2048_SHA256": 2, "RSA_SIGN_PSS_3072_SHA256": 3, "RSA_SIGN_PSS_4096_SHA256": 4, "RSA_SIGN_PSS_4096_SHA512": 15, "RSA_SIGN_PKCS1_2048_SHA256": 5, "RSA_SIGN_PKCS1_3072_SHA256": 6, "RSA_SIGN_PKCS1_4096_SHA256": 7, "RSA_SIGN_PKCS1_4096_SHA512": 16, "RSA_SIGN_RAW_PKCS1_2048": 28, "RSA_SIGN_RAW_PKCS1_3072": 29, "RSA_SIGN_RAW_PKCS1_4096": 30, "RSA_DECRYPT_OAEP_2048_SHA256": 8, "RSA_DECRYPT_OAEP_3072_SHA256": 9, "RSA_DECRYPT_OAEP_4096_SHA256": 10, "RSA_DECRYPT_OAEP_4096_SHA512": 17, "RSA_DECRYPT_OAEP_2048_SHA1": 37, "RSA_DECRYPT_OAEP_3072_SHA1": 38, "RSA_DECRYPT_OAEP_4096_SHA1": 39, "EC_SIGN_P256_SHA256": 12, "EC_SIGN_P384_SHA384": 13, "EC_SIGN_SECP256K1_SHA256": 31, "HMAC_SHA256": 32, "EXTERNAL_SYMMETRIC_ENCRYPTION": 18, } )
Enum value maps for CryptoKeyVersion_CryptoKeyVersionAlgorithm.
var ( CryptoKeyVersion_CryptoKeyVersionState_name = map[int32]string{ 0: "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED", 5: "PENDING_GENERATION", 1: "ENABLED", 2: "DISABLED", 3: "DESTROYED", 4: "DESTROY_SCHEDULED", 6: "PENDING_IMPORT", 7: "IMPORT_FAILED", } CryptoKeyVersion_CryptoKeyVersionState_value = map[string]int32{ "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED": 0, "PENDING_GENERATION": 5, "ENABLED": 1, "DISABLED": 2, "DESTROYED": 3, "DESTROY_SCHEDULED": 4, "PENDING_IMPORT": 6, "IMPORT_FAILED": 7, } )
Enum value maps for CryptoKeyVersion_CryptoKeyVersionState.
var ( CryptoKeyVersion_CryptoKeyVersionView_name = map[int32]string{ 0: "CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED", 1: "FULL", } CryptoKeyVersion_CryptoKeyVersionView_value = map[string]int32{ "CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED": 0, "FULL": 1, } )
Enum value maps for CryptoKeyVersion_CryptoKeyVersionView.
var ( ImportJob_ImportMethod_name = map[int32]string{ 0: "IMPORT_METHOD_UNSPECIFIED", 1: "RSA_OAEP_3072_SHA1_AES_256", 2: "RSA_OAEP_4096_SHA1_AES_256", } ImportJob_ImportMethod_value = map[string]int32{ "IMPORT_METHOD_UNSPECIFIED": 0, "RSA_OAEP_3072_SHA1_AES_256": 1, "RSA_OAEP_4096_SHA1_AES_256": 2, } )
Enum value maps for ImportJob_ImportMethod.
var ( ImportJob_ImportJobState_name = map[int32]string{ 0: "IMPORT_JOB_STATE_UNSPECIFIED", 1: "PENDING_GENERATION", 2: "ACTIVE", 3: "EXPIRED", } ImportJob_ImportJobState_value = map[string]int32{ "IMPORT_JOB_STATE_UNSPECIFIED": 0, "PENDING_GENERATION": 1, "ACTIVE": 2, "EXPIRED": 3, } )
Enum value maps for ImportJob_ImportJobState.
var File_google_cloud_kms_v1_resources_proto protoreflect.FileDescriptor
var File_google_cloud_kms_v1_service_proto protoreflect.FileDescriptor
Functions ¶
func RegisterKeyManagementServiceServer ¶
func RegisterKeyManagementServiceServer(s *grpc.Server, srv KeyManagementServiceServer)
Types ¶
type AsymmetricDecryptRequest ¶
type AsymmetricDecryptRequest struct { // Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for // decryption. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // Required. The data encrypted with the named [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s public // key using OAEP. Ciphertext []byte `protobuf:"bytes,3,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` // Optional. An optional CRC32C checksum of the [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]. // If specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the // received [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext] using this checksum. // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification // fails. If you receive a checksum error, your client should verify that // CRC32C([AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]) is equal to // [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c], and if so, perform a // limited number of retries. A persistent mismatch may indicate an issue in // your computation of the CRC32C checksum. // Note: This field is defined as int64 for reasons of compatibility across // different languages. However, it is a non-negative integer, which will // never exceed 2^32-1, and can be safely downconverted to uint32 in languages // that support this type. CiphertextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,4,opt,name=ciphertext_crc32c,json=ciphertextCrc32c,proto3" json:"ciphertext_crc32c,omitempty"` // contains filtered or unexported fields }
Request message for [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt].
func (*AsymmetricDecryptRequest) Descriptor
deprecated
func (*AsymmetricDecryptRequest) Descriptor() ([]byte, []int)
Deprecated: Use AsymmetricDecryptRequest.ProtoReflect.Descriptor instead.
func (*AsymmetricDecryptRequest) GetCiphertext ¶
func (x *AsymmetricDecryptRequest) GetCiphertext() []byte
func (*AsymmetricDecryptRequest) GetCiphertextCrc32C ¶
func (x *AsymmetricDecryptRequest) GetCiphertextCrc32C() *wrapperspb.Int64Value
func (*AsymmetricDecryptRequest) GetName ¶
func (x *AsymmetricDecryptRequest) GetName() string
func (*AsymmetricDecryptRequest) ProtoMessage ¶
func (*AsymmetricDecryptRequest) ProtoMessage()
func (*AsymmetricDecryptRequest) ProtoReflect ¶
func (x *AsymmetricDecryptRequest) ProtoReflect() protoreflect.Message
func (*AsymmetricDecryptRequest) Reset ¶
func (x *AsymmetricDecryptRequest) Reset()
func (*AsymmetricDecryptRequest) String ¶
func (x *AsymmetricDecryptRequest) String() string
type AsymmetricDecryptResponse ¶
type AsymmetricDecryptResponse struct { // The decrypted data originally encrypted with the matching public key. Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"` // Integrity verification field. A CRC32C checksum of the returned // [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext]. An integrity check of // [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext] can be performed by computing the // CRC32C checksum of [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext] and comparing // your results to this field. Discard the response in case of non-matching // checksum values, and perform a limited number of retries. A persistent // mismatch may indicate an issue in your computation of the CRC32C checksum. // Note: This field is defined as int64 for reasons of compatibility across // different languages. However, it is a non-negative integer, which will // never exceed 2^32-1, and can be safely downconverted to uint32 in languages // that support this type. PlaintextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,2,opt,name=plaintext_crc32c,json=plaintextCrc32c,proto3" json:"plaintext_crc32c,omitempty"` // Integrity verification field. A flag indicating whether // [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] was received by // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the // [ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]. A false value of this // field indicates either that [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] // was left unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If // you've set [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] but this field is // still false, discard the response and perform a limited number of retries. VerifiedCiphertextCrc32C bool `` /* 136-byte string literal not displayed */ // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in decryption. ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */ // contains filtered or unexported fields }
Response message for [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt].
func (*AsymmetricDecryptResponse) Descriptor
deprecated
func (*AsymmetricDecryptResponse) Descriptor() ([]byte, []int)
Deprecated: Use AsymmetricDecryptResponse.ProtoReflect.Descriptor instead.
func (*AsymmetricDecryptResponse) GetPlaintext ¶
func (x *AsymmetricDecryptResponse) GetPlaintext() []byte
func (*AsymmetricDecryptResponse) GetPlaintextCrc32C ¶
func (x *AsymmetricDecryptResponse) GetPlaintextCrc32C() *wrapperspb.Int64Value
func (*AsymmetricDecryptResponse) GetProtectionLevel ¶
func (x *AsymmetricDecryptResponse) GetProtectionLevel() ProtectionLevel
func (*AsymmetricDecryptResponse) GetVerifiedCiphertextCrc32C ¶
func (x *AsymmetricDecryptResponse) GetVerifiedCiphertextCrc32C() bool
func (*AsymmetricDecryptResponse) ProtoMessage ¶
func (*AsymmetricDecryptResponse) ProtoMessage()
func (*AsymmetricDecryptResponse) ProtoReflect ¶
func (x *AsymmetricDecryptResponse) ProtoReflect() protoreflect.Message
func (*AsymmetricDecryptResponse) Reset ¶
func (x *AsymmetricDecryptResponse) Reset()
func (*AsymmetricDecryptResponse) String ¶
func (x *AsymmetricDecryptResponse) String() string
type AsymmetricSignRequest ¶
type AsymmetricSignRequest struct { // Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for signing. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // Optional. The digest of the data to sign. The digest must be produced with // the same digest algorithm as specified by the key version's // [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm]. Digest *Digest `protobuf:"bytes,3,opt,name=digest,proto3" json:"digest,omitempty"` // Optional. An optional CRC32C checksum of the [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]. If // specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the // received [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest] using this checksum. // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification // fails. If you receive a checksum error, your client should verify that // CRC32C([AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]) is equal to // [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c], and if so, perform a limited // number of retries. A persistent mismatch may indicate an issue in your // computation of the CRC32C checksum. // Note: This field is defined as int64 for reasons of compatibility across // different languages. However, it is a non-negative integer, which will // never exceed 2^32-1, and can be safely downconverted to uint32 in languages // that support this type. DigestCrc32C *wrapperspb.Int64Value `protobuf:"bytes,4,opt,name=digest_crc32c,json=digestCrc32c,proto3" json:"digest_crc32c,omitempty"` // Optional. This field will only be honored for RAW_PKCS1 keys. // The data to sign. A digest is computed over the data that will be signed, // PKCS #1 padding is applied to the digest directly and then encrypted. Data []byte `protobuf:"bytes,6,opt,name=data,proto3" json:"data,omitempty"` // Optional. An optional CRC32C checksum of the [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data]. If // specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the // received [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data] using this checksum. // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification // fails. If you receive a checksum error, your client should verify that // CRC32C([AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data]) is equal to // [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c], and if so, perform a limited // number of retries. A persistent mismatch may indicate an issue in your // computation of the CRC32C checksum. // Note: This field is defined as int64 for reasons of compatibility across // different languages. However, it is a non-negative integer, which will // never exceed 2^32-1, and can be safely downconverted to uint32 in languages // that support this type. DataCrc32C *wrapperspb.Int64Value `protobuf:"bytes,7,opt,name=data_crc32c,json=dataCrc32c,proto3" json:"data_crc32c,omitempty"` // contains filtered or unexported fields }
Request message for [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign].
func (*AsymmetricSignRequest) Descriptor
deprecated
func (*AsymmetricSignRequest) Descriptor() ([]byte, []int)
Deprecated: Use AsymmetricSignRequest.ProtoReflect.Descriptor instead.
func (*AsymmetricSignRequest) GetData ¶
func (x *AsymmetricSignRequest) GetData() []byte
func (*AsymmetricSignRequest) GetDataCrc32C ¶
func (x *AsymmetricSignRequest) GetDataCrc32C() *wrapperspb.Int64Value
func (*AsymmetricSignRequest) GetDigest ¶
func (x *AsymmetricSignRequest) GetDigest() *Digest
func (*AsymmetricSignRequest) GetDigestCrc32C ¶
func (x *AsymmetricSignRequest) GetDigestCrc32C() *wrapperspb.Int64Value
func (*AsymmetricSignRequest) GetName ¶
func (x *AsymmetricSignRequest) GetName() string
func (*AsymmetricSignRequest) ProtoMessage ¶
func (*AsymmetricSignRequest) ProtoMessage()
func (*AsymmetricSignRequest) ProtoReflect ¶
func (x *AsymmetricSignRequest) ProtoReflect() protoreflect.Message
func (*AsymmetricSignRequest) Reset ¶
func (x *AsymmetricSignRequest) Reset()
func (*AsymmetricSignRequest) String ¶
func (x *AsymmetricSignRequest) String() string
type AsymmetricSignResponse ¶
type AsymmetricSignResponse struct { // The created signature. Signature []byte `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"` // Integrity verification field. A CRC32C checksum of the returned // [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature]. An integrity check of // [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature] can be performed by computing the // CRC32C checksum of [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature] and comparing your // results to this field. Discard the response in case of non-matching // checksum values, and perform a limited number of retries. A persistent // mismatch may indicate an issue in your computation of the CRC32C checksum. // Note: This field is defined as int64 for reasons of compatibility across // different languages. However, it is a non-negative integer, which will // never exceed 2^32-1, and can be safely downconverted to uint32 in languages // that support this type. SignatureCrc32C *wrapperspb.Int64Value `protobuf:"bytes,2,opt,name=signature_crc32c,json=signatureCrc32c,proto3" json:"signature_crc32c,omitempty"` // Integrity verification field. A flag indicating whether // [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] was received by // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the // [digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]. A false value of this field // indicates either that [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] was left // unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've // set [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] but this field is still false, // discard the response and perform a limited number of retries. VerifiedDigestCrc32C bool `protobuf:"varint,3,opt,name=verified_digest_crc32c,json=verifiedDigestCrc32c,proto3" json:"verified_digest_crc32c,omitempty"` // The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing. Check // this field to verify that the intended resource was used for signing. Name string `protobuf:"bytes,4,opt,name=name,proto3" json:"name,omitempty"` // Integrity verification field. A flag indicating whether // [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c] was received by // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the // [data][google.cloud.kms.v1.AsymmetricSignRequest.data]. A false value of this field // indicates either that [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c] was left // unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've // set [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c] but this field is still false, // discard the response and perform a limited number of retries. VerifiedDataCrc32C bool `protobuf:"varint,5,opt,name=verified_data_crc32c,json=verifiedDataCrc32c,proto3" json:"verified_data_crc32c,omitempty"` // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing. ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */ // contains filtered or unexported fields }
Response message for [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign].
func (*AsymmetricSignResponse) Descriptor
deprecated
func (*AsymmetricSignResponse) Descriptor() ([]byte, []int)
Deprecated: Use AsymmetricSignResponse.ProtoReflect.Descriptor instead.
func (*AsymmetricSignResponse) GetName ¶
func (x *AsymmetricSignResponse) GetName() string
func (*AsymmetricSignResponse) GetProtectionLevel ¶
func (x *AsymmetricSignResponse) GetProtectionLevel() ProtectionLevel
func (*AsymmetricSignResponse) GetSignature ¶
func (x *AsymmetricSignResponse) GetSignature() []byte
func (*AsymmetricSignResponse) GetSignatureCrc32C ¶
func (x *AsymmetricSignResponse) GetSignatureCrc32C() *wrapperspb.Int64Value
func (*AsymmetricSignResponse) GetVerifiedDataCrc32C ¶
func (x *AsymmetricSignResponse) GetVerifiedDataCrc32C() bool
func (*AsymmetricSignResponse) GetVerifiedDigestCrc32C ¶
func (x *AsymmetricSignResponse) GetVerifiedDigestCrc32C() bool
func (*AsymmetricSignResponse) ProtoMessage ¶
func (*AsymmetricSignResponse) ProtoMessage()
func (*AsymmetricSignResponse) ProtoReflect ¶
func (x *AsymmetricSignResponse) ProtoReflect() protoreflect.Message
func (*AsymmetricSignResponse) Reset ¶
func (x *AsymmetricSignResponse) Reset()
func (*AsymmetricSignResponse) String ¶
func (x *AsymmetricSignResponse) String() string
type CreateCryptoKeyRequest ¶
type CreateCryptoKeyRequest struct { // Required. The [name][google.cloud.kms.v1.KeyRing.name] of the KeyRing associated with the // [CryptoKeys][google.cloud.kms.v1.CryptoKey]. Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"` // Required. It must be unique within a KeyRing and match the regular // expression `[a-zA-Z0-9_-]{1,63}` CryptoKeyId string `protobuf:"bytes,2,opt,name=crypto_key_id,json=cryptoKeyId,proto3" json:"crypto_key_id,omitempty"` // Required. A [CryptoKey][google.cloud.kms.v1.CryptoKey] with initial field values. CryptoKey *CryptoKey `protobuf:"bytes,3,opt,name=crypto_key,json=cryptoKey,proto3" json:"crypto_key,omitempty"` // If set to true, the request will create a [CryptoKey][google.cloud.kms.v1.CryptoKey] without any // [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. You must manually call // [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or // [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion] // before you can use this [CryptoKey][google.cloud.kms.v1.CryptoKey]. SkipInitialVersionCreation bool `` /* 144-byte string literal not displayed */ // contains filtered or unexported fields }
Request message for [KeyManagementService.CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey].
func (*CreateCryptoKeyRequest) Descriptor
deprecated
func (*CreateCryptoKeyRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreateCryptoKeyRequest.ProtoReflect.Descriptor instead.
func (*CreateCryptoKeyRequest) GetCryptoKey ¶
func (x *CreateCryptoKeyRequest) GetCryptoKey() *CryptoKey
func (*CreateCryptoKeyRequest) GetCryptoKeyId ¶
func (x *CreateCryptoKeyRequest) GetCryptoKeyId() string
func (*CreateCryptoKeyRequest) GetParent ¶
func (x *CreateCryptoKeyRequest) GetParent() string
func (*CreateCryptoKeyRequest) GetSkipInitialVersionCreation ¶
func (x *CreateCryptoKeyRequest) GetSkipInitialVersionCreation() bool
func (*CreateCryptoKeyRequest) ProtoMessage ¶
func (*CreateCryptoKeyRequest) ProtoMessage()
func (*CreateCryptoKeyRequest) ProtoReflect ¶
func (x *CreateCryptoKeyRequest) ProtoReflect() protoreflect.Message
func (*CreateCryptoKeyRequest) Reset ¶
func (x *CreateCryptoKeyRequest) Reset()
func (*CreateCryptoKeyRequest) String ¶
func (x *CreateCryptoKeyRequest) String() string
type CreateCryptoKeyVersionRequest ¶
type CreateCryptoKeyVersionRequest struct { // Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] associated with // the [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"` // Required. A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with initial field values. CryptoKeyVersion *CryptoKeyVersion `protobuf:"bytes,2,opt,name=crypto_key_version,json=cryptoKeyVersion,proto3" json:"crypto_key_version,omitempty"` // contains filtered or unexported fields }
Request message for [KeyManagementService.CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion].
func (*CreateCryptoKeyVersionRequest) Descriptor
deprecated
func (*CreateCryptoKeyVersionRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreateCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.
func (*CreateCryptoKeyVersionRequest) GetCryptoKeyVersion ¶
func (x *CreateCryptoKeyVersionRequest) GetCryptoKeyVersion() *CryptoKeyVersion
func (*CreateCryptoKeyVersionRequest) GetParent ¶
func (x *CreateCryptoKeyVersionRequest) GetParent() string
func (*CreateCryptoKeyVersionRequest) ProtoMessage ¶
func (*CreateCryptoKeyVersionRequest) ProtoMessage()
func (*CreateCryptoKeyVersionRequest) ProtoReflect ¶
func (x *CreateCryptoKeyVersionRequest) ProtoReflect() protoreflect.Message
func (*CreateCryptoKeyVersionRequest) Reset ¶
func (x *CreateCryptoKeyVersionRequest) Reset()
func (*CreateCryptoKeyVersionRequest) String ¶
func (x *CreateCryptoKeyVersionRequest) String() string
type CreateImportJobRequest ¶
type CreateImportJobRequest struct { // Required. The [name][google.cloud.kms.v1.KeyRing.name] of the [KeyRing][google.cloud.kms.v1.KeyRing] associated with the // [ImportJobs][google.cloud.kms.v1.ImportJob]. Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"` // Required. It must be unique within a KeyRing and match the regular // expression `[a-zA-Z0-9_-]{1,63}` ImportJobId string `protobuf:"bytes,2,opt,name=import_job_id,json=importJobId,proto3" json:"import_job_id,omitempty"` // Required. An [ImportJob][google.cloud.kms.v1.ImportJob] with initial field values. ImportJob *ImportJob `protobuf:"bytes,3,opt,name=import_job,json=importJob,proto3" json:"import_job,omitempty"` // contains filtered or unexported fields }
Request message for [KeyManagementService.CreateImportJob][google.cloud.kms.v1.KeyManagementService.CreateImportJob].
func (*CreateImportJobRequest) Descriptor
deprecated
func (*CreateImportJobRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreateImportJobRequest.ProtoReflect.Descriptor instead.
func (*CreateImportJobRequest) GetImportJob ¶
func (x *CreateImportJobRequest) GetImportJob() *ImportJob
func (*CreateImportJobRequest) GetImportJobId ¶
func (x *CreateImportJobRequest) GetImportJobId() string
func (*CreateImportJobRequest) GetParent ¶
func (x *CreateImportJobRequest) GetParent() string
func (*CreateImportJobRequest) ProtoMessage ¶
func (*CreateImportJobRequest) ProtoMessage()
func (*CreateImportJobRequest) ProtoReflect ¶
func (x *CreateImportJobRequest) ProtoReflect() protoreflect.Message
func (*CreateImportJobRequest) Reset ¶
func (x *CreateImportJobRequest) Reset()
func (*CreateImportJobRequest) String ¶
func (x *CreateImportJobRequest) String() string
type CreateKeyRingRequest ¶
type CreateKeyRingRequest struct { // Required. The resource name of the location associated with the // [KeyRings][google.cloud.kms.v1.KeyRing], in the format `projects/*/locations/*`. Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"` // Required. It must be unique within a location and match the regular // expression `[a-zA-Z0-9_-]{1,63}` KeyRingId string `protobuf:"bytes,2,opt,name=key_ring_id,json=keyRingId,proto3" json:"key_ring_id,omitempty"` // Required. A [KeyRing][google.cloud.kms.v1.KeyRing] with initial field values. KeyRing *KeyRing `protobuf:"bytes,3,opt,name=key_ring,json=keyRing,proto3" json:"key_ring,omitempty"` // contains filtered or unexported fields }
Request message for [KeyManagementService.CreateKeyRing][google.cloud.kms.v1.KeyManagementService.CreateKeyRing].
func (*CreateKeyRingRequest) Descriptor
deprecated
func (*CreateKeyRingRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreateKeyRingRequest.ProtoReflect.Descriptor instead.
func (*CreateKeyRingRequest) GetKeyRing ¶
func (x *CreateKeyRingRequest) GetKeyRing() *KeyRing
func (*CreateKeyRingRequest) GetKeyRingId ¶
func (x *CreateKeyRingRequest) GetKeyRingId() string
func (*CreateKeyRingRequest) GetParent ¶
func (x *CreateKeyRingRequest) GetParent() string
func (*CreateKeyRingRequest) ProtoMessage ¶
func (*CreateKeyRingRequest) ProtoMessage()
func (*CreateKeyRingRequest) ProtoReflect ¶
func (x *CreateKeyRingRequest) ProtoReflect() protoreflect.Message
func (*CreateKeyRingRequest) Reset ¶
func (x *CreateKeyRingRequest) Reset()
func (*CreateKeyRingRequest) String ¶
func (x *CreateKeyRingRequest) String() string
type CryptoKey ¶
type CryptoKey struct { // Output only. The resource name for this [CryptoKey][google.cloud.kms.v1.CryptoKey] in the format // `projects/*/locations/*/keyRings/*/cryptoKeys/*`. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // Output only. A copy of the "primary" [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that will be used // by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] when this [CryptoKey][google.cloud.kms.v1.CryptoKey] is given // in [EncryptRequest.name][google.cloud.kms.v1.EncryptRequest.name]. // // The [CryptoKey][google.cloud.kms.v1.CryptoKey]'s primary version can be updated via // [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion]. // // Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] may have a // primary. For other keys, this field will be omitted. Primary *CryptoKeyVersion `protobuf:"bytes,2,opt,name=primary,proto3" json:"primary,omitempty"` // Immutable. The immutable purpose of this [CryptoKey][google.cloud.kms.v1.CryptoKey]. Purpose CryptoKey_CryptoKeyPurpose `protobuf:"varint,3,opt,name=purpose,proto3,enum=google.cloud.kms.v1.CryptoKey_CryptoKeyPurpose" json:"purpose,omitempty"` // Output only. The time at which this [CryptoKey][google.cloud.kms.v1.CryptoKey] was created. CreateTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"` // At [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time], the Key Management Service will automatically: // // 1. Create a new version of this [CryptoKey][google.cloud.kms.v1.CryptoKey]. // 2. Mark the new version as primary. // // Key rotations performed manually via // [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] and // [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion] // do not affect [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time]. // // Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] support // automatic rotation. For other keys, this field must be omitted. NextRotationTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=next_rotation_time,json=nextRotationTime,proto3" json:"next_rotation_time,omitempty"` // Controls the rate of automatic rotation. // // Types that are assignable to RotationSchedule: // *CryptoKey_RotationPeriod RotationSchedule isCryptoKey_RotationSchedule `protobuf_oneof:"rotation_schedule"` // A template describing settings for new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] instances. // The properties of new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] instances created by either // [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or // auto-rotation are controlled by this template. VersionTemplate *CryptoKeyVersionTemplate `protobuf:"bytes,11,opt,name=version_template,json=versionTemplate,proto3" json:"version_template,omitempty"` // Labels with user-defined metadata. For more information, see // [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys). Labels map[string]string `` /* 154-byte string literal not displayed */ // Immutable. Whether this key may contain imported versions only. ImportOnly bool `protobuf:"varint,13,opt,name=import_only,json=importOnly,proto3" json:"import_only,omitempty"` // Immutable. The period of time that versions of this key spend in the // [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] // state before transitioning to // [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED]. If not // specified at creation time, the default duration is 24 hours. DestroyScheduledDuration *durationpb.Duration `` /* 136-byte string literal not displayed */ // contains filtered or unexported fields }
A CryptoKey[google.cloud.kms.v1.CryptoKey] represents a logical key that can be used for cryptographic operations.
A CryptoKey[google.cloud.kms.v1.CryptoKey] is made up of zero or more [versions][google.cloud.kms.v1.CryptoKeyVersion], which represent the actual key material used in cryptographic operations.
func (*CryptoKey) Descriptor
deprecated
func (*CryptoKey) GetCreateTime ¶
func (x *CryptoKey) GetCreateTime() *timestamppb.Timestamp
func (*CryptoKey) GetDestroyScheduledDuration ¶
func (x *CryptoKey) GetDestroyScheduledDuration() *durationpb.Duration
func (*CryptoKey) GetImportOnly ¶
func (*CryptoKey) GetNextRotationTime ¶
func (x *CryptoKey) GetNextRotationTime() *timestamppb.Timestamp
func (*CryptoKey) GetPrimary ¶
func (x *CryptoKey) GetPrimary() *CryptoKeyVersion
func (*CryptoKey) GetPurpose ¶
func (x *CryptoKey) GetPurpose() CryptoKey_CryptoKeyPurpose
func (*CryptoKey) GetRotationPeriod ¶
func (x *CryptoKey) GetRotationPeriod() *durationpb.Duration
func (*CryptoKey) GetRotationSchedule ¶
func (m *CryptoKey) GetRotationSchedule() isCryptoKey_RotationSchedule
func (*CryptoKey) GetVersionTemplate ¶
func (x *CryptoKey) GetVersionTemplate() *CryptoKeyVersionTemplate
func (*CryptoKey) ProtoMessage ¶
func (*CryptoKey) ProtoMessage()
func (*CryptoKey) ProtoReflect ¶
func (x *CryptoKey) ProtoReflect() protoreflect.Message
type CryptoKeyVersion ¶
type CryptoKeyVersion struct { // Output only. The resource name for this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the format // `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // The current state of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. State CryptoKeyVersion_CryptoKeyVersionState `` /* 128-byte string literal not displayed */ // Output only. The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] describing how crypto operations are // performed with this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */ // Output only. The [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] that this // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] supports. Algorithm CryptoKeyVersion_CryptoKeyVersionAlgorithm `` /* 141-byte string literal not displayed */ // Output only. Statement that was generated and signed by the HSM at key // creation time. Use this statement to verify attributes of the key as stored // on the HSM, independently of Google. Only provided for key versions with // [protection_level][google.cloud.kms.v1.CryptoKeyVersion.protection_level] [HSM][google.cloud.kms.v1.ProtectionLevel.HSM]. Attestation *KeyOperationAttestation `protobuf:"bytes,8,opt,name=attestation,proto3" json:"attestation,omitempty"` // Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] was created. CreateTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"` // Output only. The time this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material was // generated. GenerateTime *timestamppb.Timestamp `protobuf:"bytes,11,opt,name=generate_time,json=generateTime,proto3" json:"generate_time,omitempty"` // Output only. The time this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material is scheduled // for destruction. Only present if [state][google.cloud.kms.v1.CryptoKeyVersion.state] is // [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]. DestroyTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=destroy_time,json=destroyTime,proto3" json:"destroy_time,omitempty"` // Output only. The time this CryptoKeyVersion's key material was // destroyed. Only present if [state][google.cloud.kms.v1.CryptoKeyVersion.state] is // [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED]. DestroyEventTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=destroy_event_time,json=destroyEventTime,proto3" json:"destroy_event_time,omitempty"` // Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used in the most recent import of this // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Only present if the underlying key material was // imported. ImportJob string `protobuf:"bytes,14,opt,name=import_job,json=importJob,proto3" json:"import_job,omitempty"` // Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material // was most recently imported. ImportTime *timestamppb.Timestamp `protobuf:"bytes,15,opt,name=import_time,json=importTime,proto3" json:"import_time,omitempty"` // Output only. The root cause of the most recent import failure. Only present if // [state][google.cloud.kms.v1.CryptoKeyVersion.state] is // [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED]. ImportFailureReason string `protobuf:"bytes,16,opt,name=import_failure_reason,json=importFailureReason,proto3" json:"import_failure_reason,omitempty"` // ExternalProtectionLevelOptions stores a group of additional fields for // configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that are specific to the // [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level. ExternalProtectionLevelOptions *ExternalProtectionLevelOptions `` /* 156-byte string literal not displayed */ // Output only. Whether or not this key version is eligible for reimport, by being // specified as a target in // [ImportCryptoKeyVersionRequest.crypto_key_version][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.crypto_key_version]. ReimportEligible bool `protobuf:"varint,18,opt,name=reimport_eligible,json=reimportEligible,proto3" json:"reimport_eligible,omitempty"` // contains filtered or unexported fields }
A CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion] represents an individual cryptographic key, and the associated key material.
An [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] version can be used for cryptographic operations.
For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion] can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS.
func (*CryptoKeyVersion) Descriptor
deprecated
func (*CryptoKeyVersion) Descriptor() ([]byte, []int)
Deprecated: Use CryptoKeyVersion.ProtoReflect.Descriptor instead.
func (*CryptoKeyVersion) GetAlgorithm ¶
func (x *CryptoKeyVersion) GetAlgorithm() CryptoKeyVersion_CryptoKeyVersionAlgorithm
func (*CryptoKeyVersion) GetAttestation ¶
func (x *CryptoKeyVersion) GetAttestation() *KeyOperationAttestation
func (*CryptoKeyVersion) GetCreateTime ¶
func (x *CryptoKeyVersion) GetCreateTime() *timestamppb.Timestamp
func (*CryptoKeyVersion) GetDestroyEventTime ¶
func (x *CryptoKeyVersion) GetDestroyEventTime() *timestamppb.Timestamp
func (*CryptoKeyVersion) GetDestroyTime ¶
func (x *CryptoKeyVersion) GetDestroyTime() *timestamppb.Timestamp
func (*CryptoKeyVersion) GetExternalProtectionLevelOptions ¶
func (x *CryptoKeyVersion) GetExternalProtectionLevelOptions() *ExternalProtectionLevelOptions
func (*CryptoKeyVersion) GetGenerateTime ¶
func (x *CryptoKeyVersion) GetGenerateTime() *timestamppb.Timestamp
func (*CryptoKeyVersion) GetImportFailureReason ¶
func (x *CryptoKeyVersion) GetImportFailureReason() string
func (*CryptoKeyVersion) GetImportJob ¶
func (x *CryptoKeyVersion) GetImportJob() string
func (*CryptoKeyVersion) GetImportTime ¶
func (x *CryptoKeyVersion) GetImportTime() *timestamppb.Timestamp
func (*CryptoKeyVersion) GetName ¶
func (x *CryptoKeyVersion) GetName() string
func (*CryptoKeyVersion) GetProtectionLevel ¶
func (x *CryptoKeyVersion) GetProtectionLevel() ProtectionLevel
func (*CryptoKeyVersion) GetReimportEligible ¶
func (x *CryptoKeyVersion) GetReimportEligible() bool
func (*CryptoKeyVersion) GetState ¶
func (x *CryptoKeyVersion) GetState() CryptoKeyVersion_CryptoKeyVersionState
func (*CryptoKeyVersion) ProtoMessage ¶
func (*CryptoKeyVersion) ProtoMessage()
func (*CryptoKeyVersion) ProtoReflect ¶
func (x *CryptoKeyVersion) ProtoReflect() protoreflect.Message
func (*CryptoKeyVersion) Reset ¶
func (x *CryptoKeyVersion) Reset()
func (*CryptoKeyVersion) String ¶
func (x *CryptoKeyVersion) String() string
type CryptoKeyVersionTemplate ¶
type CryptoKeyVersionTemplate struct { // [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] to use when creating a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] based on // this template. Immutable. Defaults to [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE]. ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */ // Required. [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] to use // when creating a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] based on this template. // // For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both // this field is omitted and [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] is // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. Algorithm CryptoKeyVersion_CryptoKeyVersionAlgorithm `` /* 140-byte string literal not displayed */ // contains filtered or unexported fields }
A CryptoKeyVersionTemplate[google.cloud.kms.v1.CryptoKeyVersionTemplate] specifies the properties to use when creating a new CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion], either manually with [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or automatically as a result of auto-rotation.
func (*CryptoKeyVersionTemplate) Descriptor
deprecated
func (*CryptoKeyVersionTemplate) Descriptor() ([]byte, []int)
Deprecated: Use CryptoKeyVersionTemplate.ProtoReflect.Descriptor instead.
func (*CryptoKeyVersionTemplate) GetAlgorithm ¶
func (x *CryptoKeyVersionTemplate) GetAlgorithm() CryptoKeyVersion_CryptoKeyVersionAlgorithm
func (*CryptoKeyVersionTemplate) GetProtectionLevel ¶
func (x *CryptoKeyVersionTemplate) GetProtectionLevel() ProtectionLevel
func (*CryptoKeyVersionTemplate) ProtoMessage ¶
func (*CryptoKeyVersionTemplate) ProtoMessage()
func (*CryptoKeyVersionTemplate) ProtoReflect ¶
func (x *CryptoKeyVersionTemplate) ProtoReflect() protoreflect.Message
func (*CryptoKeyVersionTemplate) Reset ¶
func (x *CryptoKeyVersionTemplate) Reset()
func (*CryptoKeyVersionTemplate) String ¶
func (x *CryptoKeyVersionTemplate) String() string
type CryptoKeyVersion_CryptoKeyVersionAlgorithm ¶
type CryptoKeyVersion_CryptoKeyVersionAlgorithm int32
The algorithm of the CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion], indicating what parameters must be used for each cryptographic operation.
The [GOOGLE_SYMMETRIC_ENCRYPTION][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION] algorithm is usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
Algorithms beginning with "RSA_SIGN_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN].
The fields in the name after "RSA_SIGN_" correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm.
For PSS, the salt length used is equal to the length of digest algorithm. For example, [RSA_SIGN_PSS_2048_SHA256][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256] will use PSS with a salt length of 256 bits or 32 bytes.
Algorithms beginning with "RSA_DECRYPT_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
The fields in the name after "RSA_DECRYPT_" correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm.
Algorithms beginning with "EC_SIGN_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN].
The fields in the name after "EC_SIGN_" correspond to the following parameters: elliptic curve, digest algorithm.
Algorithms beginning with "HMAC_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [MAC][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.MAC].
The suffix following "HMAC_" corresponds to the hash algorithm being used (eg. SHA256).
For more information, see [Key purposes and algorithms] (https://cloud.google.com/kms/docs/algorithms).
const ( // Not specified. CryptoKeyVersion_CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED CryptoKeyVersion_CryptoKeyVersionAlgorithm = 0 // Creates symmetric encryption keys. CryptoKeyVersion_GOOGLE_SYMMETRIC_ENCRYPTION CryptoKeyVersion_CryptoKeyVersionAlgorithm = 1 // RSASSA-PSS 2048 bit key with a SHA256 digest. CryptoKeyVersion_RSA_SIGN_PSS_2048_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 2 // RSASSA-PSS 3072 bit key with a SHA256 digest. CryptoKeyVersion_RSA_SIGN_PSS_3072_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 3 // RSASSA-PSS 4096 bit key with a SHA256 digest. CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 4 // RSASSA-PSS 4096 bit key with a SHA512 digest. CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 15 // RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest. CryptoKeyVersion_RSA_SIGN_PKCS1_2048_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 5 // RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest. CryptoKeyVersion_RSA_SIGN_PKCS1_3072_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 6 // RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest. CryptoKeyVersion_RSA_SIGN_PKCS1_4096_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 7 // RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest. CryptoKeyVersion_RSA_SIGN_PKCS1_4096_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 16 // RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key. CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_2048 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 28 // RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key. CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_3072 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 29 // RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key. CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_4096 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 30 // RSAES-OAEP 2048 bit key with a SHA256 digest. CryptoKeyVersion_RSA_DECRYPT_OAEP_2048_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 8 // RSAES-OAEP 3072 bit key with a SHA256 digest. CryptoKeyVersion_RSA_DECRYPT_OAEP_3072_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 9 // RSAES-OAEP 4096 bit key with a SHA256 digest. CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 10 // RSAES-OAEP 4096 bit key with a SHA512 digest. CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 17 // RSAES-OAEP 2048 bit key with a SHA1 digest. CryptoKeyVersion_RSA_DECRYPT_OAEP_2048_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 37 // RSAES-OAEP 3072 bit key with a SHA1 digest. CryptoKeyVersion_RSA_DECRYPT_OAEP_3072_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 38 // RSAES-OAEP 4096 bit key with a SHA1 digest. CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 39 // ECDSA on the NIST P-256 curve with a SHA256 digest. CryptoKeyVersion_EC_SIGN_P256_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 12 // ECDSA on the NIST P-384 curve with a SHA384 digest. CryptoKeyVersion_EC_SIGN_P384_SHA384 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 13 // ECDSA on the non-NIST secp256k1 curve. This curve is only supported for // HSM protection level. CryptoKeyVersion_EC_SIGN_SECP256K1_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 31 // HMAC-SHA256 signing with a 256 bit key. CryptoKeyVersion_HMAC_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 32 // Algorithm representing symmetric encryption by an external key manager. CryptoKeyVersion_EXTERNAL_SYMMETRIC_ENCRYPTION CryptoKeyVersion_CryptoKeyVersionAlgorithm = 18 )
func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Descriptor ¶
func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Descriptor() protoreflect.EnumDescriptor
func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) EnumDescriptor
deprecated
func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) EnumDescriptor() ([]byte, []int)
Deprecated: Use CryptoKeyVersion_CryptoKeyVersionAlgorithm.Descriptor instead.
func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Number ¶
func (x CryptoKeyVersion_CryptoKeyVersionAlgorithm) Number() protoreflect.EnumNumber
func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) String ¶
func (x CryptoKeyVersion_CryptoKeyVersionAlgorithm) String() string
func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Type ¶
func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Type() protoreflect.EnumType
type CryptoKeyVersion_CryptoKeyVersionState ¶
type CryptoKeyVersion_CryptoKeyVersionState int32
The state of a CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion], indicating if it can be used.
const ( // Not specified. CryptoKeyVersion_CRYPTO_KEY_VERSION_STATE_UNSPECIFIED CryptoKeyVersion_CryptoKeyVersionState = 0 // This version is still being generated. It may not be used, enabled, // disabled, or destroyed yet. Cloud KMS will automatically mark this // version [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] as soon as the version is ready. CryptoKeyVersion_PENDING_GENERATION CryptoKeyVersion_CryptoKeyVersionState = 5 // This version may be used for cryptographic operations. CryptoKeyVersion_ENABLED CryptoKeyVersion_CryptoKeyVersionState = 1 // This version may not be used, but the key material is still available, // and the version can be placed back into the [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] state. CryptoKeyVersion_DISABLED CryptoKeyVersion_CryptoKeyVersionState = 2 // This version is destroyed, and the key material is no longer stored. // This version may only become [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] again if this version is // [reimport_eligible][google.cloud.kms.v1.CryptoKeyVersion.reimport_eligible] and the original // key material is reimported with a call to // [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. CryptoKeyVersion_DESTROYED CryptoKeyVersion_CryptoKeyVersionState = 3 // This version is scheduled for destruction, and will be destroyed soon. // Call // [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] // to put it back into the [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] state. CryptoKeyVersion_DESTROY_SCHEDULED CryptoKeyVersion_CryptoKeyVersionState = 4 // This version is still being imported. It may not be used, enabled, // disabled, or destroyed yet. Cloud KMS will automatically mark this // version [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] as soon as the version is ready. CryptoKeyVersion_PENDING_IMPORT CryptoKeyVersion_CryptoKeyVersionState = 6 // This version was not imported successfully. It may not be used, enabled, // disabled, or destroyed. The submitted key material has been discarded. // Additional details can be found in // [CryptoKeyVersion.import_failure_reason][google.cloud.kms.v1.CryptoKeyVersion.import_failure_reason]. CryptoKeyVersion_IMPORT_FAILED CryptoKeyVersion_CryptoKeyVersionState = 7 )
func (CryptoKeyVersion_CryptoKeyVersionState) Descriptor ¶
func (CryptoKeyVersion_CryptoKeyVersionState) Descriptor() protoreflect.EnumDescriptor
func (CryptoKeyVersion_CryptoKeyVersionState) EnumDescriptor
deprecated
func (CryptoKeyVersion_CryptoKeyVersionState) EnumDescriptor() ([]byte, []int)
Deprecated: Use CryptoKeyVersion_CryptoKeyVersionState.Descriptor instead.
func (CryptoKeyVersion_CryptoKeyVersionState) Number ¶
func (x CryptoKeyVersion_CryptoKeyVersionState) Number() protoreflect.EnumNumber
func (CryptoKeyVersion_CryptoKeyVersionState) String ¶
func (x CryptoKeyVersion_CryptoKeyVersionState) String() string
func (CryptoKeyVersion_CryptoKeyVersionState) Type ¶
func (CryptoKeyVersion_CryptoKeyVersionState) Type() protoreflect.EnumType
type CryptoKeyVersion_CryptoKeyVersionView ¶
type CryptoKeyVersion_CryptoKeyVersionView int32
A view for CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion]s. Controls the level of detail returned for [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] in [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions] and [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys].
const ( // Default view for each [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Does not include // the [attestation][google.cloud.kms.v1.CryptoKeyVersion.attestation] field. CryptoKeyVersion_CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED CryptoKeyVersion_CryptoKeyVersionView = 0 // Provides all fields in each [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], including the // [attestation][google.cloud.kms.v1.CryptoKeyVersion.attestation]. CryptoKeyVersion_FULL CryptoKeyVersion_CryptoKeyVersionView = 1 )
func (CryptoKeyVersion_CryptoKeyVersionView) Descriptor ¶
func (CryptoKeyVersion_CryptoKeyVersionView) Descriptor() protoreflect.EnumDescriptor
func (CryptoKeyVersion_CryptoKeyVersionView) EnumDescriptor
deprecated
func (CryptoKeyVersion_CryptoKeyVersionView) EnumDescriptor() ([]byte, []int)
Deprecated: Use CryptoKeyVersion_CryptoKeyVersionView.Descriptor instead.
func (CryptoKeyVersion_CryptoKeyVersionView) Number ¶
func (x CryptoKeyVersion_CryptoKeyVersionView) Number() protoreflect.EnumNumber
func (CryptoKeyVersion_CryptoKeyVersionView) String ¶
func (x CryptoKeyVersion_CryptoKeyVersionView) String() string
func (CryptoKeyVersion_CryptoKeyVersionView) Type ¶
func (CryptoKeyVersion_CryptoKeyVersionView) Type() protoreflect.EnumType
type CryptoKey_CryptoKeyPurpose ¶
type CryptoKey_CryptoKeyPurpose int32
[CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] describes the cryptographic capabilities of a CryptoKey[google.cloud.kms.v1.CryptoKey]. A given key can only be used for the operations allowed by its purpose. For more information, see [Key purposes](https://cloud.google.com/kms/docs/algorithms#key_purposes).
const ( // Not specified. CryptoKey_CRYPTO_KEY_PURPOSE_UNSPECIFIED CryptoKey_CryptoKeyPurpose = 0 // [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used with // [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and // [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. CryptoKey_ENCRYPT_DECRYPT CryptoKey_CryptoKeyPurpose = 1 // [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used with // [AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign] and // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. CryptoKey_ASYMMETRIC_SIGN CryptoKey_CryptoKeyPurpose = 5 // [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used with // [AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt] and // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. CryptoKey_ASYMMETRIC_DECRYPT CryptoKey_CryptoKeyPurpose = 6 // [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used with // [MacSign][google.cloud.kms.v1.KeyManagementService.MacSign]. CryptoKey_MAC CryptoKey_CryptoKeyPurpose = 9 )
func (CryptoKey_CryptoKeyPurpose) Descriptor ¶
func (CryptoKey_CryptoKeyPurpose) Descriptor() protoreflect.EnumDescriptor
func (CryptoKey_CryptoKeyPurpose) Enum ¶
func (x CryptoKey_CryptoKeyPurpose) Enum() *CryptoKey_CryptoKeyPurpose
func (CryptoKey_CryptoKeyPurpose) EnumDescriptor
deprecated
func (CryptoKey_CryptoKeyPurpose) EnumDescriptor() ([]byte, []int)
Deprecated: Use CryptoKey_CryptoKeyPurpose.Descriptor instead.
func (CryptoKey_CryptoKeyPurpose) Number ¶
func (x CryptoKey_CryptoKeyPurpose) Number() protoreflect.EnumNumber
func (CryptoKey_CryptoKeyPurpose) String ¶
func (x CryptoKey_CryptoKeyPurpose) String() string
func (CryptoKey_CryptoKeyPurpose) Type ¶
func (CryptoKey_CryptoKeyPurpose) Type() protoreflect.EnumType
type CryptoKey_RotationPeriod ¶
type CryptoKey_RotationPeriod struct { // [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time] will be advanced by this period when the service // automatically rotates a key. Must be at least 24 hours and at most // 876,000 hours. // // If [rotation_period][google.cloud.kms.v1.CryptoKey.rotation_period] is set, [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time] must also be set. // // Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] support // automatic rotation. For other keys, this field must be omitted. RotationPeriod *durationpb.Duration `protobuf:"bytes,8,opt,name=rotation_period,json=rotationPeriod,proto3,oneof"` }
type DecryptRequest ¶
type DecryptRequest struct { // Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to use for decryption. // The server will choose the appropriate version. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // Required. The encrypted data originally returned in // [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext]. Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` // Optional. Optional data that must match the data originally supplied in // [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. AdditionalAuthenticatedData []byte `` /* 144-byte string literal not displayed */ // Optional. An optional CRC32C checksum of the [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]. If // specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the // received [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext] using this checksum. // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification // fails. If you receive a checksum error, your client should verify that // CRC32C([DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]) is equal to // [DecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.DecryptRequest.ciphertext_crc32c], and if so, perform a limited number // of retries. A persistent mismatch may indicate an issue in your computation // of the CRC32C checksum. // Note: This field is defined as int64 for reasons of compatibility across // different languages. However, it is a non-negative integer, which will // never exceed 2^32-1, and can be safely downconverted to uint32 in languages // that support this type. CiphertextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,5,opt,name=ciphertext_crc32c,json=ciphertextCrc32c,proto3" json:"ciphertext_crc32c,omitempty"` // Optional. An optional CRC32C checksum of the // [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]. If specified, // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received // [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data] using this checksum. // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification // fails. If you receive a checksum error, your client should verify that // CRC32C([DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]) is equal to // [DecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data_crc32c], and if so, perform // a limited number of retries. A persistent mismatch may indicate an issue in // your computation of the CRC32C checksum. // Note: This field is defined as int64 for reasons of compatibility across // different languages. However, it is a non-negative integer, which will // never exceed 2^32-1, and can be safely downconverted to uint32 in languages // that support this type. AdditionalAuthenticatedDataCrc32C *wrapperspb.Int64Value `` /* 164-byte string literal not displayed */ // contains filtered or unexported fields }
Request message for [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
func (*DecryptRequest) Descriptor
deprecated
func (*DecryptRequest) Descriptor() ([]byte, []int)
Deprecated: Use DecryptRequest.ProtoReflect.Descriptor instead.
func (*DecryptRequest) GetAdditionalAuthenticatedData ¶
func (x *DecryptRequest) GetAdditionalAuthenticatedData() []byte
func (*DecryptRequest) GetAdditionalAuthenticatedDataCrc32C ¶
func (x *DecryptRequest) GetAdditionalAuthenticatedDataCrc32C() *wrapperspb.Int64Value
func (*DecryptRequest) GetCiphertext ¶
func (x *DecryptRequest) GetCiphertext() []byte
func (*DecryptRequest) GetCiphertextCrc32C ¶
func (x *DecryptRequest) GetCiphertextCrc32C() *wrapperspb.Int64Value
func (*DecryptRequest) GetName ¶
func (x *DecryptRequest) GetName() string
func (*DecryptRequest) ProtoMessage ¶
func (*DecryptRequest) ProtoMessage()
func (*DecryptRequest) ProtoReflect ¶
func (x *DecryptRequest) ProtoReflect() protoreflect.Message
func (*DecryptRequest) Reset ¶
func (x *DecryptRequest) Reset()
func (*DecryptRequest) String ¶
func (x *DecryptRequest) String() string
type DecryptResponse ¶
type DecryptResponse struct { // The decrypted data originally supplied in [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"` // Integrity verification field. A CRC32C checksum of the returned // [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext]. An integrity check of // [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext] can be performed by computing the CRC32C // checksum of [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext] and comparing your results to // this field. Discard the response in case of non-matching checksum values, // and perform a limited number of retries. A persistent mismatch may indicate // an issue in your computation of the CRC32C checksum. Note: receiving this // response message indicates that [KeyManagementService][google.cloud.kms.v1.KeyManagementService] is able to // successfully decrypt the [ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]. // Note: This field is defined as int64 for reasons of compatibility across // different languages. However, it is a non-negative integer, which will // never exceed 2^32-1, and can be safely downconverted to uint32 in languages // that support this type. PlaintextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,2,opt,name=plaintext_crc32c,json=plaintextCrc32c,proto3" json:"plaintext_crc32c,omitempty"` // Whether the Decryption was performed using the primary key version. UsedPrimary bool `protobuf:"varint,3,opt,name=used_primary,json=usedPrimary,proto3" json:"used_primary,omitempty"` // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in decryption. ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */ // contains filtered or unexported fields }
Response message for [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
func (*DecryptResponse) Descriptor
deprecated
func (*DecryptResponse) Descriptor() ([]byte, []int)
Deprecated: Use DecryptResponse.ProtoReflect.Descriptor instead.
func (*DecryptResponse) GetPlaintext ¶
func (x *DecryptResponse) GetPlaintext() []byte
func (*DecryptResponse) GetPlaintextCrc32C ¶
func (x *DecryptResponse) GetPlaintextCrc32C() *wrapperspb.Int64Value
func (*DecryptResponse) GetProtectionLevel ¶
func (x *DecryptResponse) GetProtectionLevel() ProtectionLevel
func (*DecryptResponse) GetUsedPrimary ¶
func (x *DecryptResponse) GetUsedPrimary() bool
func (*DecryptResponse) ProtoMessage ¶
func (*DecryptResponse) ProtoMessage()
func (*DecryptResponse) ProtoReflect ¶
func (x *DecryptResponse) ProtoReflect() protoreflect.Message
func (*DecryptResponse) Reset ¶
func (x *DecryptResponse) Reset()
func (*DecryptResponse) String ¶
func (x *DecryptResponse) String() string
type DestroyCryptoKeyVersionRequest ¶
type DestroyCryptoKeyVersionRequest struct { // Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to destroy. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // contains filtered or unexported fields }
Request message for [KeyManagementService.DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion].
func (*DestroyCryptoKeyVersionRequest) Descriptor
deprecated
func (*DestroyCryptoKeyVersionRequest) Descriptor() ([]byte, []int)
Deprecated: Use DestroyCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.
func (*DestroyCryptoKeyVersionRequest) GetName ¶
func (x *DestroyCryptoKeyVersionRequest) GetName() string
func (*DestroyCryptoKeyVersionRequest) ProtoMessage ¶
func (*DestroyCryptoKeyVersionRequest) ProtoMessage()
func (*DestroyCryptoKeyVersionRequest) ProtoReflect ¶
func (x *DestroyCryptoKeyVersionRequest) ProtoReflect() protoreflect.Message
func (*DestroyCryptoKeyVersionRequest) Reset ¶
func (x *DestroyCryptoKeyVersionRequest) Reset()
func (*DestroyCryptoKeyVersionRequest) String ¶
func (x *DestroyCryptoKeyVersionRequest) String() string
type Digest ¶
type Digest struct { // Required. The message digest. // // Types that are assignable to Digest: // *Digest_Sha256 // *Digest_Sha384 // *Digest_Sha512 Digest isDigest_Digest `protobuf_oneof:"digest"` // contains filtered or unexported fields }
A Digest[google.cloud.kms.v1.Digest] holds a cryptographic message digest.
func (*Digest) Descriptor
deprecated
func (*Digest) ProtoMessage ¶
func (*Digest) ProtoMessage()
func (*Digest) ProtoReflect ¶
func (x *Digest) ProtoReflect() protoreflect.Message
type Digest_Sha256 ¶
type Digest_Sha256 struct { // A message digest produced with the SHA-256 algorithm. Sha256 []byte `protobuf:"bytes,1,opt,name=sha256,proto3,oneof"` }
type Digest_Sha384 ¶
type Digest_Sha384 struct { // A message digest produced with the SHA-384 algorithm. Sha384 []byte `protobuf:"bytes,2,opt,name=sha384,proto3,oneof"` }
type Digest_Sha512 ¶
type Digest_Sha512 struct { // A message digest produced with the SHA-512 algorithm. Sha512 []byte `protobuf:"bytes,3,opt,name=sha512,proto3,oneof"` }
type EncryptRequest ¶
type EncryptRequest struct { // Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] or [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] // to use for encryption. // // If a [CryptoKey][google.cloud.kms.v1.CryptoKey] is specified, the server will use its // [primary version][google.cloud.kms.v1.CryptoKey.primary]. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // Required. The data to encrypt. Must be no larger than 64KiB. // // The maximum size depends on the key version's // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. For // [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the plaintext must be no larger // than 64KiB. For [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of the // plaintext and additional_authenticated_data fields must be no larger than // 8KiB. Plaintext []byte `protobuf:"bytes,2,opt,name=plaintext,proto3" json:"plaintext,omitempty"` // Optional. Optional data that, if specified, must also be provided during decryption // through [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]. // // The maximum size depends on the key version's // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. For // [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the AAD must be no larger than // 64KiB. For [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of the // plaintext and additional_authenticated_data fields must be no larger than // 8KiB. AdditionalAuthenticatedData []byte `` /* 144-byte string literal not displayed */ // Optional. An optional CRC32C checksum of the [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. If // specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the // received [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext] using this checksum. // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification // fails. If you receive a checksum error, your client should verify that // CRC32C([EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]) is equal to // [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c], and if so, perform a limited number of // retries. A persistent mismatch may indicate an issue in your computation of // the CRC32C checksum. // Note: This field is defined as int64 for reasons of compatibility across // different languages. However, it is a non-negative integer, which will // never exceed 2^32-1, and can be safely downconverted to uint32 in languages // that support this type. PlaintextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,7,opt,name=plaintext_crc32c,json=plaintextCrc32c,proto3" json:"plaintext_crc32c,omitempty"` // Optional. An optional CRC32C checksum of the // [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. If specified, // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received // [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data] using this checksum. // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification // fails. If you receive a checksum error, your client should verify that // CRC32C([EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]) is equal to // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c], and if so, perform // a limited number of retries. A persistent mismatch may indicate an issue in // your computation of the CRC32C checksum. // Note: This field is defined as int64 for reasons of compatibility across // different languages. However, it is a non-negative integer, which will // never exceed 2^32-1, and can be safely downconverted to uint32 in languages // that support this type. AdditionalAuthenticatedDataCrc32C *wrapperspb.Int64Value `` /* 164-byte string literal not displayed */ // contains filtered or unexported fields }
Request message for [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
func (*EncryptRequest) Descriptor
deprecated
func (*EncryptRequest) Descriptor() ([]byte, []int)
Deprecated: Use EncryptRequest.ProtoReflect.Descriptor instead.
func (*EncryptRequest) GetAdditionalAuthenticatedData ¶
func (x *EncryptRequest) GetAdditionalAuthenticatedData() []byte
func (*EncryptRequest) GetAdditionalAuthenticatedDataCrc32C ¶
func (x *EncryptRequest) GetAdditionalAuthenticatedDataCrc32C() *wrapperspb.Int64Value
func (*EncryptRequest) GetName ¶
func (x *EncryptRequest) GetName() string
func (*EncryptRequest) GetPlaintext ¶
func (x *EncryptRequest) GetPlaintext() []byte
func (*EncryptRequest) GetPlaintextCrc32C ¶
func (x *EncryptRequest) GetPlaintextCrc32C() *wrapperspb.Int64Value
func (*EncryptRequest) ProtoMessage ¶
func (*EncryptRequest) ProtoMessage()
func (*EncryptRequest) ProtoReflect ¶
func (x *EncryptRequest) ProtoReflect() protoreflect.Message
func (*EncryptRequest) Reset ¶
func (x *EncryptRequest) Reset()
func (*EncryptRequest) String ¶
func (x *EncryptRequest) String() string
type EncryptResponse ¶
type EncryptResponse struct { // The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in encryption. Check // this field to verify that the intended resource was used for encryption. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // The encrypted data. Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` // Integrity verification field. A CRC32C checksum of the returned // [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext]. An integrity check of // [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext] can be performed by computing the CRC32C // checksum of [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext] and comparing your results to // this field. Discard the response in case of non-matching checksum values, // and perform a limited number of retries. A persistent mismatch may indicate // an issue in your computation of the CRC32C checksum. // Note: This field is defined as int64 for reasons of compatibility across // different languages. However, it is a non-negative integer, which will // never exceed 2^32-1, and can be safely downconverted to uint32 in languages // that support this type. CiphertextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,4,opt,name=ciphertext_crc32c,json=ciphertextCrc32c,proto3" json:"ciphertext_crc32c,omitempty"` // Integrity verification field. A flag indicating whether // [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] was received by // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the // [plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. A false value of this field // indicates either that [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] was left unset or // that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've set // [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] but this field is still false, discard // the response and perform a limited number of retries. VerifiedPlaintextCrc32C bool `` /* 133-byte string literal not displayed */ // Integrity verification field. A flag indicating whether // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] was received by // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the // [AAD][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. A false value of this // field indicates either that // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] was left unset or // that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've set // [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] but this field is // still false, discard the response and perform a limited number of retries. VerifiedAdditionalAuthenticatedDataCrc32C bool `` /* 191-byte string literal not displayed */ // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in encryption. ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */ // contains filtered or unexported fields }
Response message for [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
func (*EncryptResponse) Descriptor
deprecated
func (*EncryptResponse) Descriptor() ([]byte, []int)
Deprecated: Use EncryptResponse.ProtoReflect.Descriptor instead.
func (*EncryptResponse) GetCiphertext ¶
func (x *EncryptResponse) GetCiphertext() []byte
func (*EncryptResponse) GetCiphertextCrc32C ¶
func (x *EncryptResponse) GetCiphertextCrc32C() *wrapperspb.Int64Value
func (*EncryptResponse) GetName ¶
func (x *EncryptResponse) GetName() string
func (*EncryptResponse) GetProtectionLevel ¶
func (x *EncryptResponse) GetProtectionLevel() ProtectionLevel
func (*EncryptResponse) GetVerifiedAdditionalAuthenticatedDataCrc32C ¶
func (x *EncryptResponse) GetVerifiedAdditionalAuthenticatedDataCrc32C() bool
func (*EncryptResponse) GetVerifiedPlaintextCrc32C ¶
func (x *EncryptResponse) GetVerifiedPlaintextCrc32C() bool
func (*EncryptResponse) ProtoMessage ¶
func (*EncryptResponse) ProtoMessage()
func (*EncryptResponse) ProtoReflect ¶
func (x *EncryptResponse) ProtoReflect() protoreflect.Message
func (*EncryptResponse) Reset ¶
func (x *EncryptResponse) Reset()
func (*EncryptResponse) String ¶
func (x *EncryptResponse) String() string
type ExternalProtectionLevelOptions ¶
type ExternalProtectionLevelOptions struct { // The URI for an external resource that this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] represents. ExternalKeyUri string `protobuf:"bytes,1,opt,name=external_key_uri,json=externalKeyUri,proto3" json:"external_key_uri,omitempty"` // contains filtered or unexported fields }
ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion] that are specific to the [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level.
func (*ExternalProtectionLevelOptions) Descriptor
deprecated
func (*ExternalProtectionLevelOptions) Descriptor() ([]byte, []int)
Deprecated: Use ExternalProtectionLevelOptions.ProtoReflect.Descriptor instead.
func (*ExternalProtectionLevelOptions) GetExternalKeyUri ¶
func (x *ExternalProtectionLevelOptions) GetExternalKeyUri() string
func (*ExternalProtectionLevelOptions) ProtoMessage ¶
func (*ExternalProtectionLevelOptions) ProtoMessage()
func (*ExternalProtectionLevelOptions) ProtoReflect ¶
func (x *ExternalProtectionLevelOptions) ProtoReflect() protoreflect.Message
func (*ExternalProtectionLevelOptions) Reset ¶
func (x *ExternalProtectionLevelOptions) Reset()
func (*ExternalProtectionLevelOptions) String ¶
func (x *ExternalProtectionLevelOptions) String() string
type GenerateRandomBytesRequest ¶
type GenerateRandomBytesRequest struct { // The project-specific location in which to generate random bytes. // For example, "projects/my-project/locations/us-central1". Location string `protobuf:"bytes,1,opt,name=location,proto3" json:"location,omitempty"` // The length in bytes of the amount of randomness to retrieve. Minimum 8 // bytes, maximum 1024 bytes. LengthBytes int32 `protobuf:"varint,2,opt,name=length_bytes,json=lengthBytes,proto3" json:"length_bytes,omitempty"` // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] to use when generating the random data. Defaults to // [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE]. ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */ // contains filtered or unexported fields }
Request message for [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes].
func (*GenerateRandomBytesRequest) Descriptor
deprecated
func (*GenerateRandomBytesRequest) Descriptor() ([]byte, []int)
Deprecated: Use GenerateRandomBytesRequest.ProtoReflect.Descriptor instead.
func (*GenerateRandomBytesRequest) GetLengthBytes ¶
func (x *GenerateRandomBytesRequest) GetLengthBytes() int32
func (*GenerateRandomBytesRequest) GetLocation ¶
func (x *GenerateRandomBytesRequest) GetLocation() string
func (*GenerateRandomBytesRequest) GetProtectionLevel ¶
func (x *GenerateRandomBytesRequest) GetProtectionLevel() ProtectionLevel
func (*GenerateRandomBytesRequest) ProtoMessage ¶
func (*GenerateRandomBytesRequest) ProtoMessage()
func (*GenerateRandomBytesRequest) ProtoReflect ¶
func (x *GenerateRandomBytesRequest) ProtoReflect() protoreflect.Message
func (*GenerateRandomBytesRequest) Reset ¶
func (x *GenerateRandomBytesRequest) Reset()
func (*GenerateRandomBytesRequest) String ¶
func (x *GenerateRandomBytesRequest) String() string
type GenerateRandomBytesResponse ¶
type GenerateRandomBytesResponse struct { // The generated data. Data []byte `protobuf:"bytes,1,opt,name=data,proto3" json:"data,omitempty"` // Integrity verification field. A CRC32C checksum of the returned // [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data]. An integrity check of // [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data] can be performed by computing the // CRC32C checksum of [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data] and comparing your // results to this field. Discard the response in case of non-matching // checksum values, and perform a limited number of retries. A persistent // mismatch may indicate an issue in your computation of the CRC32C checksum. // Note: This field is defined as int64 for reasons of compatibility across // different languages. However, it is a non-negative integer, which will // never exceed 2^32-1, and can be safely downconverted to uint32 in languages // that support this type. DataCrc32C *wrapperspb.Int64Value `protobuf:"bytes,3,opt,name=data_crc32c,json=dataCrc32c,proto3" json:"data_crc32c,omitempty"` // contains filtered or unexported fields }
Response message for [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes].
func (*GenerateRandomBytesResponse) Descriptor
deprecated
func (*GenerateRandomBytesResponse) Descriptor() ([]byte, []int)
Deprecated: Use GenerateRandomBytesResponse.ProtoReflect.Descriptor instead.
func (*GenerateRandomBytesResponse) GetData ¶
func (x *GenerateRandomBytesResponse) GetData() []byte
func (*GenerateRandomBytesResponse) GetDataCrc32C ¶
func (x *GenerateRandomBytesResponse) GetDataCrc32C() *wrapperspb.Int64Value
func (*GenerateRandomBytesResponse) ProtoMessage ¶
func (*GenerateRandomBytesResponse) ProtoMessage()
func (*GenerateRandomBytesResponse) ProtoReflect ¶
func (x *GenerateRandomBytesResponse) ProtoReflect() protoreflect.Message
func (*GenerateRandomBytesResponse) Reset ¶
func (x *GenerateRandomBytesResponse) Reset()
func (*GenerateRandomBytesResponse) String ¶
func (x *GenerateRandomBytesResponse) String() string
type GetCryptoKeyRequest ¶
type GetCryptoKeyRequest struct { // Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to get. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // contains filtered or unexported fields }
Request message for [KeyManagementService.GetCryptoKey][google.cloud.kms.v1.KeyManagementService.GetCryptoKey].
func (*GetCryptoKeyRequest) Descriptor
deprecated
func (*GetCryptoKeyRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetCryptoKeyRequest.ProtoReflect.Descriptor instead.
func (*GetCryptoKeyRequest) GetName ¶
func (x *GetCryptoKeyRequest) GetName() string
func (*GetCryptoKeyRequest) ProtoMessage ¶
func (*GetCryptoKeyRequest) ProtoMessage()
func (*GetCryptoKeyRequest) ProtoReflect ¶
func (x *GetCryptoKeyRequest) ProtoReflect() protoreflect.Message
func (*GetCryptoKeyRequest) Reset ¶
func (x *GetCryptoKeyRequest) Reset()
func (*GetCryptoKeyRequest) String ¶
func (x *GetCryptoKeyRequest) String() string
type GetCryptoKeyVersionRequest ¶
type GetCryptoKeyVersionRequest struct { // Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to get. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // contains filtered or unexported fields }
Request message for [KeyManagementService.GetCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.GetCryptoKeyVersion].
func (*GetCryptoKeyVersionRequest) Descriptor
deprecated
func (*GetCryptoKeyVersionRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.
func (*GetCryptoKeyVersionRequest) GetName ¶
func (x *GetCryptoKeyVersionRequest) GetName() string
func (*GetCryptoKeyVersionRequest) ProtoMessage ¶
func (*GetCryptoKeyVersionRequest) ProtoMessage()
func (*GetCryptoKeyVersionRequest) ProtoReflect ¶
func (x *GetCryptoKeyVersionRequest) ProtoReflect() protoreflect.Message
func (*GetCryptoKeyVersionRequest) Reset ¶
func (x *GetCryptoKeyVersionRequest) Reset()
func (*GetCryptoKeyVersionRequest) String ¶
func (x *GetCryptoKeyVersionRequest) String() string
type GetImportJobRequest ¶
type GetImportJobRequest struct { // Required. The [name][google.cloud.kms.v1.ImportJob.name] of the [ImportJob][google.cloud.kms.v1.ImportJob] to get. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // contains filtered or unexported fields }
Request message for [KeyManagementService.GetImportJob][google.cloud.kms.v1.KeyManagementService.GetImportJob].
func (*GetImportJobRequest) Descriptor
deprecated
func (*GetImportJobRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetImportJobRequest.ProtoReflect.Descriptor instead.
func (*GetImportJobRequest) GetName ¶
func (x *GetImportJobRequest) GetName() string
func (*GetImportJobRequest) ProtoMessage ¶
func (*GetImportJobRequest) ProtoMessage()
func (*GetImportJobRequest) ProtoReflect ¶
func (x *GetImportJobRequest) ProtoReflect() protoreflect.Message
func (*GetImportJobRequest) Reset ¶
func (x *GetImportJobRequest) Reset()
func (*GetImportJobRequest) String ¶
func (x *GetImportJobRequest) String() string
type GetKeyRingRequest ¶
type GetKeyRingRequest struct { // Required. The [name][google.cloud.kms.v1.KeyRing.name] of the [KeyRing][google.cloud.kms.v1.KeyRing] to get. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // contains filtered or unexported fields }
Request message for [KeyManagementService.GetKeyRing][google.cloud.kms.v1.KeyManagementService.GetKeyRing].
func (*GetKeyRingRequest) Descriptor
deprecated
func (*GetKeyRingRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetKeyRingRequest.ProtoReflect.Descriptor instead.
func (*GetKeyRingRequest) GetName ¶
func (x *GetKeyRingRequest) GetName() string
func (*GetKeyRingRequest) ProtoMessage ¶
func (*GetKeyRingRequest) ProtoMessage()
func (*GetKeyRingRequest) ProtoReflect ¶
func (x *GetKeyRingRequest) ProtoReflect() protoreflect.Message
func (*GetKeyRingRequest) Reset ¶
func (x *GetKeyRingRequest) Reset()
func (*GetKeyRingRequest) String ¶
func (x *GetKeyRingRequest) String() string
type GetPublicKeyRequest ¶
type GetPublicKeyRequest struct { // Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key to // get. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // contains filtered or unexported fields }
Request message for [KeyManagementService.GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
func (*GetPublicKeyRequest) Descriptor
deprecated
func (*GetPublicKeyRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetPublicKeyRequest.ProtoReflect.Descriptor instead.
func (*GetPublicKeyRequest) GetName ¶
func (x *GetPublicKeyRequest) GetName() string
func (*GetPublicKeyRequest) ProtoMessage ¶
func (*GetPublicKeyRequest) ProtoMessage()
func (*GetPublicKeyRequest) ProtoReflect ¶
func (x *GetPublicKeyRequest) ProtoReflect() protoreflect.Message
func (*GetPublicKeyRequest) Reset ¶
func (x *GetPublicKeyRequest) Reset()
func (*GetPublicKeyRequest) String ¶
func (x *GetPublicKeyRequest) String() string
type ImportCryptoKeyVersionRequest ¶
type ImportCryptoKeyVersionRequest struct { // Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to be imported into. // // The create permission is only required on this key when creating a new // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"` // Optional. The optional [name][google.cloud.kms.v1.CryptoKeyVersion.name] of an existing // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to target for an import operation. // If this field is not present, a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] containing the // supplied key material is created. // // If this field is present, the supplied key material is imported into // the existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. To import into an existing // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] must be a child of // [ImportCryptoKeyVersionRequest.parent][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent], have been previously created via // [ImportCryptoKeyVersion][], and be in // [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED] or // [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED] // state. The key material and algorithm must match the previous // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] exactly if the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] has ever contained // key material. CryptoKeyVersion string `protobuf:"bytes,6,opt,name=crypto_key_version,json=cryptoKeyVersion,proto3" json:"crypto_key_version,omitempty"` // Required. The [algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] of // the key being imported. This does not need to match the // [version_template][google.cloud.kms.v1.CryptoKey.version_template] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] this // version imports into. Algorithm CryptoKeyVersion_CryptoKeyVersionAlgorithm `` /* 140-byte string literal not displayed */ // Required. The [name][google.cloud.kms.v1.ImportJob.name] of the [ImportJob][google.cloud.kms.v1.ImportJob] that was used to // wrap this key material. ImportJob string `protobuf:"bytes,4,opt,name=import_job,json=importJob,proto3" json:"import_job,omitempty"` // Required. The incoming wrapped key material that is to be imported. // // Types that are assignable to WrappedKeyMaterial: // *ImportCryptoKeyVersionRequest_RsaAesWrappedKey WrappedKeyMaterial isImportCryptoKeyVersionRequest_WrappedKeyMaterial `protobuf_oneof:"wrapped_key_material"` // contains filtered or unexported fields }
Request message for [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion].
func (*ImportCryptoKeyVersionRequest) Descriptor
deprecated
func (*ImportCryptoKeyVersionRequest) Descriptor() ([]byte, []int)
Deprecated: Use ImportCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.
func (*ImportCryptoKeyVersionRequest) GetAlgorithm ¶
func (x *ImportCryptoKeyVersionRequest) GetAlgorithm() CryptoKeyVersion_CryptoKeyVersionAlgorithm
func (*ImportCryptoKeyVersionRequest) GetCryptoKeyVersion ¶
func (x *ImportCryptoKeyVersionRequest) GetCryptoKeyVersion() string
func (*ImportCryptoKeyVersionRequest) GetImportJob ¶
func (x *ImportCryptoKeyVersionRequest) GetImportJob() string
func (*ImportCryptoKeyVersionRequest) GetParent ¶
func (x *ImportCryptoKeyVersionRequest) GetParent() string
func (*ImportCryptoKeyVersionRequest) GetRsaAesWrappedKey ¶
func (x *ImportCryptoKeyVersionRequest) GetRsaAesWrappedKey() []byte
func (*ImportCryptoKeyVersionRequest) GetWrappedKeyMaterial ¶
func (m *ImportCryptoKeyVersionRequest) GetWrappedKeyMaterial() isImportCryptoKeyVersionRequest_WrappedKeyMaterial
func (*ImportCryptoKeyVersionRequest) ProtoMessage ¶
func (*ImportCryptoKeyVersionRequest) ProtoMessage()
func (*ImportCryptoKeyVersionRequest) ProtoReflect ¶
func (x *ImportCryptoKeyVersionRequest) ProtoReflect() protoreflect.Message
func (*ImportCryptoKeyVersionRequest) Reset ¶
func (x *ImportCryptoKeyVersionRequest) Reset()
func (*ImportCryptoKeyVersionRequest) String ¶
func (x *ImportCryptoKeyVersionRequest) String() string
type ImportCryptoKeyVersionRequest_RsaAesWrappedKey ¶
type ImportCryptoKeyVersionRequest_RsaAesWrappedKey struct { // Wrapped key material produced with // [RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256] // or // [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256]. // // This field contains the concatenation of two wrapped keys: // <ol> // <li>An ephemeral AES-256 wrapping key wrapped with the // [public_key][google.cloud.kms.v1.ImportJob.public_key] using RSAES-OAEP with SHA-1, // MGF1 with SHA-1, and an empty label. // </li> // <li>The key to be imported, wrapped with the ephemeral AES-256 key // using AES-KWP (RFC 5649). // </li> // </ol> // // If importing symmetric key material, it is expected that the unwrapped // key contains plain bytes. If importing asymmetric key material, it is // expected that the unwrapped key is in PKCS#8-encoded DER format (the // PrivateKeyInfo structure from RFC 5208). // // This format is the same as the format produced by PKCS#11 mechanism // CKM_RSA_AES_KEY_WRAP. RsaAesWrappedKey []byte `protobuf:"bytes,5,opt,name=rsa_aes_wrapped_key,json=rsaAesWrappedKey,proto3,oneof"` }
type ImportJob ¶
type ImportJob struct { // Output only. The resource name for this [ImportJob][google.cloud.kms.v1.ImportJob] in the format // `projects/*/locations/*/keyRings/*/importJobs/*`. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // Required. Immutable. The wrapping method to be used for incoming key material. ImportMethod ImportJob_ImportMethod `` /* 146-byte string literal not displayed */ // Required. Immutable. The protection level of the [ImportJob][google.cloud.kms.v1.ImportJob]. This must match the // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level] of the // [version_template][google.cloud.kms.v1.CryptoKey.version_template] on the [CryptoKey][google.cloud.kms.v1.CryptoKey] you // attempt to import into. ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */ // Output only. The time at which this [ImportJob][google.cloud.kms.v1.ImportJob] was created. CreateTime *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"` // Output only. The time this [ImportJob][google.cloud.kms.v1.ImportJob]'s key material was generated. GenerateTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=generate_time,json=generateTime,proto3" json:"generate_time,omitempty"` // Output only. The time at which this [ImportJob][google.cloud.kms.v1.ImportJob] is scheduled for // expiration and can no longer be used to import key material. ExpireTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=expire_time,json=expireTime,proto3" json:"expire_time,omitempty"` // Output only. The time this [ImportJob][google.cloud.kms.v1.ImportJob] expired. Only present if // [state][google.cloud.kms.v1.ImportJob.state] is [EXPIRED][google.cloud.kms.v1.ImportJob.ImportJobState.EXPIRED]. ExpireEventTime *timestamppb.Timestamp `protobuf:"bytes,10,opt,name=expire_event_time,json=expireEventTime,proto3" json:"expire_event_time,omitempty"` // Output only. The current state of the [ImportJob][google.cloud.kms.v1.ImportJob], indicating if it can // be used. State ImportJob_ImportJobState `protobuf:"varint,6,opt,name=state,proto3,enum=google.cloud.kms.v1.ImportJob_ImportJobState" json:"state,omitempty"` // Output only. The public key with which to wrap key material prior to // import. Only returned if [state][google.cloud.kms.v1.ImportJob.state] is // [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE]. PublicKey *ImportJob_WrappingPublicKey `protobuf:"bytes,7,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` // Output only. Statement that was generated and signed by the key creator // (for example, an HSM) at key creation time. Use this statement to verify // attributes of the key as stored on the HSM, independently of Google. // Only present if the chosen [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod] is one with a protection // level of [HSM][google.cloud.kms.v1.ProtectionLevel.HSM]. Attestation *KeyOperationAttestation `protobuf:"bytes,8,opt,name=attestation,proto3" json:"attestation,omitempty"` // contains filtered or unexported fields }
An ImportJob[google.cloud.kms.v1.ImportJob] can be used to create [CryptoKeys][google.cloud.kms.v1.CryptoKey] and [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] using pre-existing key material, generated outside of Cloud KMS.
When an ImportJob[google.cloud.kms.v1.ImportJob] is created, Cloud KMS will generate a "wrapping key", which is a public/private key pair. You use the wrapping key to encrypt (also known as wrap) the pre-existing key material to protect it during the import process. The nature of the wrapping key depends on the choice of [import_method][google.cloud.kms.v1.ImportJob.import_method]. When the wrapping key generation is complete, the [state][google.cloud.kms.v1.ImportJob.state] will be set to [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] and the [public_key][google.cloud.kms.v1.ImportJob.public_key] can be fetched. The fetched public key can then be used to wrap your pre-existing key material.
Once the key material is wrapped, it can be imported into a new CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion] in an existing CryptoKey[google.cloud.kms.v1.CryptoKey] by calling [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. Multiple [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] can be imported with a single ImportJob[google.cloud.kms.v1.ImportJob]. Cloud KMS uses the private key portion of the wrapping key to unwrap the key material. Only Cloud KMS has access to the private key.
An ImportJob[google.cloud.kms.v1.ImportJob] expires 3 days after it is created. Once expired, Cloud KMS will no longer be able to import or unwrap any key material that was wrapped with the ImportJob[google.cloud.kms.v1.ImportJob]'s public key.
For more information, see [Importing a key](https://cloud.google.com/kms/docs/importing-a-key).
func (*ImportJob) Descriptor
deprecated
func (*ImportJob) GetAttestation ¶
func (x *ImportJob) GetAttestation() *KeyOperationAttestation
func (*ImportJob) GetCreateTime ¶
func (x *ImportJob) GetCreateTime() *timestamppb.Timestamp
func (*ImportJob) GetExpireEventTime ¶
func (x *ImportJob) GetExpireEventTime() *timestamppb.Timestamp
func (*ImportJob) GetExpireTime ¶
func (x *ImportJob) GetExpireTime() *timestamppb.Timestamp
func (*ImportJob) GetGenerateTime ¶
func (x *ImportJob) GetGenerateTime() *timestamppb.Timestamp
func (*ImportJob) GetImportMethod ¶
func (x *ImportJob) GetImportMethod() ImportJob_ImportMethod
func (*ImportJob) GetProtectionLevel ¶
func (x *ImportJob) GetProtectionLevel() ProtectionLevel
func (*ImportJob) GetPublicKey ¶
func (x *ImportJob) GetPublicKey() *ImportJob_WrappingPublicKey
func (*ImportJob) GetState ¶
func (x *ImportJob) GetState() ImportJob_ImportJobState
func (*ImportJob) ProtoMessage ¶
func (*ImportJob) ProtoMessage()
func (*ImportJob) ProtoReflect ¶
func (x *ImportJob) ProtoReflect() protoreflect.Message
type ImportJob_ImportJobState ¶
type ImportJob_ImportJobState int32
The state of the ImportJob[google.cloud.kms.v1.ImportJob], indicating if it can be used.
const ( // Not specified. ImportJob_IMPORT_JOB_STATE_UNSPECIFIED ImportJob_ImportJobState = 0 // The wrapping key for this job is still being generated. It may not be // used. Cloud KMS will automatically mark this job as // [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] as soon as the wrapping key is generated. ImportJob_PENDING_GENERATION ImportJob_ImportJobState = 1 // This job may be used in // [CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey] and // [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] // requests. ImportJob_ACTIVE ImportJob_ImportJobState = 2 // This job can no longer be used and may not leave this state once entered. ImportJob_EXPIRED ImportJob_ImportJobState = 3 )
func (ImportJob_ImportJobState) Descriptor ¶
func (ImportJob_ImportJobState) Descriptor() protoreflect.EnumDescriptor
func (ImportJob_ImportJobState) Enum ¶
func (x ImportJob_ImportJobState) Enum() *ImportJob_ImportJobState
func (ImportJob_ImportJobState) EnumDescriptor
deprecated
func (ImportJob_ImportJobState) EnumDescriptor() ([]byte, []int)
Deprecated: Use ImportJob_ImportJobState.Descriptor instead.
func (ImportJob_ImportJobState) Number ¶
func (x ImportJob_ImportJobState) Number() protoreflect.EnumNumber
func (ImportJob_ImportJobState) String ¶
func (x ImportJob_ImportJobState) String() string
func (ImportJob_ImportJobState) Type ¶
func (ImportJob_ImportJobState) Type() protoreflect.EnumType
type ImportJob_ImportMethod ¶
type ImportJob_ImportMethod int32
[ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod] describes the key wrapping method chosen for this ImportJob[google.cloud.kms.v1.ImportJob].
const ( // Not specified. ImportJob_IMPORT_METHOD_UNSPECIFIED ImportJob_ImportMethod = 0 // This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping // scheme defined in the PKCS #11 standard. In summary, this involves // wrapping the raw key with an ephemeral AES key, and wrapping the // ephemeral AES key with a 3072 bit RSA key. For more details, see // [RSA AES key wrap // mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908). ImportJob_RSA_OAEP_3072_SHA1_AES_256 ImportJob_ImportMethod = 1 // This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping // scheme defined in the PKCS #11 standard. In summary, this involves // wrapping the raw key with an ephemeral AES key, and wrapping the // ephemeral AES key with a 4096 bit RSA key. For more details, see // [RSA AES key wrap // mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908). ImportJob_RSA_OAEP_4096_SHA1_AES_256 ImportJob_ImportMethod = 2 )
func (ImportJob_ImportMethod) Descriptor ¶
func (ImportJob_ImportMethod) Descriptor() protoreflect.EnumDescriptor
func (ImportJob_ImportMethod) Enum ¶
func (x ImportJob_ImportMethod) Enum() *ImportJob_ImportMethod
func (ImportJob_ImportMethod) EnumDescriptor
deprecated
func (ImportJob_ImportMethod) EnumDescriptor() ([]byte, []int)
Deprecated: Use ImportJob_ImportMethod.Descriptor instead.
func (ImportJob_ImportMethod) Number ¶
func (x ImportJob_ImportMethod) Number() protoreflect.EnumNumber
func (ImportJob_ImportMethod) String ¶
func (x ImportJob_ImportMethod) String() string
func (ImportJob_ImportMethod) Type ¶
func (ImportJob_ImportMethod) Type() protoreflect.EnumType
type ImportJob_WrappingPublicKey ¶
type ImportJob_WrappingPublicKey struct { // The public key, encoded in PEM format. For more information, see the [RFC // 7468](https://tools.ietf.org/html/rfc7468) sections for [General // Considerations](https://tools.ietf.org/html/rfc7468#section-2) and // [Textual Encoding of Subject Public Key Info] // (https://tools.ietf.org/html/rfc7468#section-13). Pem string `protobuf:"bytes,1,opt,name=pem,proto3" json:"pem,omitempty"` // contains filtered or unexported fields }
The public key component of the wrapping key. For details of the type of key this public key corresponds to, see the [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod].
func (*ImportJob_WrappingPublicKey) Descriptor
deprecated
func (*ImportJob_WrappingPublicKey) Descriptor() ([]byte, []int)
Deprecated: Use ImportJob_WrappingPublicKey.ProtoReflect.Descriptor instead.
func (*ImportJob_WrappingPublicKey) GetPem ¶
func (x *ImportJob_WrappingPublicKey) GetPem() string
func (*ImportJob_WrappingPublicKey) ProtoMessage ¶
func (*ImportJob_WrappingPublicKey) ProtoMessage()
func (*ImportJob_WrappingPublicKey) ProtoReflect ¶
func (x *ImportJob_WrappingPublicKey) ProtoReflect() protoreflect.Message
func (*ImportJob_WrappingPublicKey) Reset ¶
func (x *ImportJob_WrappingPublicKey) Reset()
func (*ImportJob_WrappingPublicKey) String ¶
func (x *ImportJob_WrappingPublicKey) String() string
type KeyManagementServiceClient ¶
type KeyManagementServiceClient interface { // Lists [KeyRings][google.cloud.kms.v1.KeyRing]. ListKeyRings(ctx context.Context, in *ListKeyRingsRequest, opts ...grpc.CallOption) (*ListKeyRingsResponse, error) // Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey]. ListCryptoKeys(ctx context.Context, in *ListCryptoKeysRequest, opts ...grpc.CallOption) (*ListCryptoKeysResponse, error) // Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. ListCryptoKeyVersions(ctx context.Context, in *ListCryptoKeyVersionsRequest, opts ...grpc.CallOption) (*ListCryptoKeyVersionsResponse, error) // Lists [ImportJobs][google.cloud.kms.v1.ImportJob]. ListImportJobs(ctx context.Context, in *ListImportJobsRequest, opts ...grpc.CallOption) (*ListImportJobsResponse, error) // Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing]. GetKeyRing(ctx context.Context, in *GetKeyRingRequest, opts ...grpc.CallOption) (*KeyRing, error) // Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its // [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. GetCryptoKey(ctx context.Context, in *GetCryptoKeyRequest, opts ...grpc.CallOption) (*CryptoKey, error) // Returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. GetCryptoKeyVersion(ctx context.Context, in *GetCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error) // Returns the public key for the given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be // [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or // [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT]. GetPublicKey(ctx context.Context, in *GetPublicKeyRequest, opts ...grpc.CallOption) (*PublicKey, error) // Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob]. GetImportJob(ctx context.Context, in *GetImportJobRequest, opts ...grpc.CallOption) (*ImportJob, error) // Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location. CreateKeyRing(ctx context.Context, in *CreateKeyRingRequest, opts ...grpc.CallOption) (*KeyRing, error) // Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing]. // // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and // [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm] // are required. CreateCryptoKey(ctx context.Context, in *CreateCryptoKeyRequest, opts ...grpc.CallOption) (*CryptoKey, error) // Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey]. // // The server will assign the next sequential id. If unset, // [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to // [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]. CreateCryptoKeyVersion(ctx context.Context, in *CreateCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error) // Import wrapped key material into a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. // // All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is // additionally specified in the request, key material will be reimported into // that version. Otherwise, a new version will be created, and will be // assigned the next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey]. ImportCryptoKeyVersion(ctx context.Context, in *ImportCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error) // Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing]. // // [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is required. CreateImportJob(ctx context.Context, in *CreateImportJobRequest, opts ...grpc.CallOption) (*ImportJob, error) // Update a [CryptoKey][google.cloud.kms.v1.CryptoKey]. UpdateCryptoKey(ctx context.Context, in *UpdateCryptoKeyRequest, opts ...grpc.CallOption) (*CryptoKey, error) // Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata. // // [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between // [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] and // [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this // method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to // move between other states. UpdateCryptoKeyVersion(ctx context.Context, in *UpdateCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error) // Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. // // Returns an error if called on a key whose purpose is not // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. UpdateCryptoKeyPrimaryVersion(ctx context.Context, in *UpdateCryptoKeyPrimaryVersionRequest, opts ...grpc.CallOption) (*CryptoKey, error) // Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction. // // Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to // [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED], // and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time // [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the // future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will // automatically change to // [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key // material will be irrevocably destroyed. // // Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached, // [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process. DestroyCryptoKeyVersion(ctx context.Context, in *DestroyCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error) // Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the // [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] // state. // // Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state] // will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED], // and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared. RestoreCryptoKeyVersion(ctx context.Context, in *RestoreCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error) // Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. // The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error) // Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] // must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error) // Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] // ASYMMETRIC_SIGN, producing a signature that can be verified with the public // key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. AsymmetricSign(ctx context.Context, in *AsymmetricSignRequest, opts ...grpc.CallOption) (*AsymmetricSignResponse, error) // Decrypts data that was encrypted with a public key retrieved from // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT. AsymmetricDecrypt(ctx context.Context, in *AsymmetricDecryptRequest, opts ...grpc.CallOption) (*AsymmetricDecryptResponse, error) // Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] // MAC, producing a tag that can be verified by another source with the // same key. MacSign(ctx context.Context, in *MacSignRequest, opts ...grpc.CallOption) (*MacSignResponse, error) // Verifies MAC tag using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] // MAC, and returns a response that indicates whether or not the verification // was successful. MacVerify(ctx context.Context, in *MacVerifyRequest, opts ...grpc.CallOption) (*MacVerifyResponse, error) // Generate random bytes using the Cloud KMS randomness source in the provided // location. GenerateRandomBytes(ctx context.Context, in *GenerateRandomBytesRequest, opts ...grpc.CallOption) (*GenerateRandomBytesResponse, error) }
KeyManagementServiceClient is the client API for KeyManagementService service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
func NewKeyManagementServiceClient ¶
func NewKeyManagementServiceClient(cc grpc.ClientConnInterface) KeyManagementServiceClient
type KeyManagementServiceServer ¶
type KeyManagementServiceServer interface { // Lists [KeyRings][google.cloud.kms.v1.KeyRing]. ListKeyRings(context.Context, *ListKeyRingsRequest) (*ListKeyRingsResponse, error) // Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey]. ListCryptoKeys(context.Context, *ListCryptoKeysRequest) (*ListCryptoKeysResponse, error) // Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. ListCryptoKeyVersions(context.Context, *ListCryptoKeyVersionsRequest) (*ListCryptoKeyVersionsResponse, error) // Lists [ImportJobs][google.cloud.kms.v1.ImportJob]. ListImportJobs(context.Context, *ListImportJobsRequest) (*ListImportJobsResponse, error) // Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing]. GetKeyRing(context.Context, *GetKeyRingRequest) (*KeyRing, error) // Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its // [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. GetCryptoKey(context.Context, *GetCryptoKeyRequest) (*CryptoKey, error) // Returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. GetCryptoKeyVersion(context.Context, *GetCryptoKeyVersionRequest) (*CryptoKeyVersion, error) // Returns the public key for the given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be // [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or // [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT]. GetPublicKey(context.Context, *GetPublicKeyRequest) (*PublicKey, error) // Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob]. GetImportJob(context.Context, *GetImportJobRequest) (*ImportJob, error) // Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location. CreateKeyRing(context.Context, *CreateKeyRingRequest) (*KeyRing, error) // Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing]. // // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and // [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm] // are required. CreateCryptoKey(context.Context, *CreateCryptoKeyRequest) (*CryptoKey, error) // Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey]. // // The server will assign the next sequential id. If unset, // [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to // [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]. CreateCryptoKeyVersion(context.Context, *CreateCryptoKeyVersionRequest) (*CryptoKeyVersion, error) // Import wrapped key material into a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. // // All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is // additionally specified in the request, key material will be reimported into // that version. Otherwise, a new version will be created, and will be // assigned the next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey]. ImportCryptoKeyVersion(context.Context, *ImportCryptoKeyVersionRequest) (*CryptoKeyVersion, error) // Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing]. // // [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is required. CreateImportJob(context.Context, *CreateImportJobRequest) (*ImportJob, error) // Update a [CryptoKey][google.cloud.kms.v1.CryptoKey]. UpdateCryptoKey(context.Context, *UpdateCryptoKeyRequest) (*CryptoKey, error) // Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata. // // [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between // [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] and // [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this // method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to // move between other states. UpdateCryptoKeyVersion(context.Context, *UpdateCryptoKeyVersionRequest) (*CryptoKeyVersion, error) // Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. // // Returns an error if called on a key whose purpose is not // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. UpdateCryptoKeyPrimaryVersion(context.Context, *UpdateCryptoKeyPrimaryVersionRequest) (*CryptoKey, error) // Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction. // // Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to // [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED], // and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time // [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the // future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will // automatically change to // [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key // material will be irrevocably destroyed. // // Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached, // [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process. DestroyCryptoKeyVersion(context.Context, *DestroyCryptoKeyVersionRequest) (*CryptoKeyVersion, error) // Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the // [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] // state. // // Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state] // will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED], // and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared. RestoreCryptoKeyVersion(context.Context, *RestoreCryptoKeyVersionRequest) (*CryptoKeyVersion, error) // Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. // The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error) // Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] // must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]. Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error) // Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] // ASYMMETRIC_SIGN, producing a signature that can be verified with the public // key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]. AsymmetricSign(context.Context, *AsymmetricSignRequest) (*AsymmetricSignResponse, error) // Decrypts data that was encrypted with a public key retrieved from // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with // [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT. AsymmetricDecrypt(context.Context, *AsymmetricDecryptRequest) (*AsymmetricDecryptResponse, error) // Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] // MAC, producing a tag that can be verified by another source with the // same key. MacSign(context.Context, *MacSignRequest) (*MacSignResponse, error) // Verifies MAC tag using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] // MAC, and returns a response that indicates whether or not the verification // was successful. MacVerify(context.Context, *MacVerifyRequest) (*MacVerifyResponse, error) // Generate random bytes using the Cloud KMS randomness source in the provided // location. GenerateRandomBytes(context.Context, *GenerateRandomBytesRequest) (*GenerateRandomBytesResponse, error) }
KeyManagementServiceServer is the server API for KeyManagementService service.
type KeyOperationAttestation ¶
type KeyOperationAttestation struct { // Output only. The format of the attestation data. Format KeyOperationAttestation_AttestationFormat `` /* 133-byte string literal not displayed */ // Output only. The attestation data provided by the HSM when the key // operation was performed. Content []byte `protobuf:"bytes,5,opt,name=content,proto3" json:"content,omitempty"` // contains filtered or unexported fields }
Contains an HSM-generated attestation about a key operation. For more information, see [Verifying attestations] (https://cloud.google.com/kms/docs/attest-key).
func (*KeyOperationAttestation) Descriptor
deprecated
func (*KeyOperationAttestation) Descriptor() ([]byte, []int)
Deprecated: Use KeyOperationAttestation.ProtoReflect.Descriptor instead.
func (*KeyOperationAttestation) GetContent ¶
func (x *KeyOperationAttestation) GetContent() []byte
func (*KeyOperationAttestation) GetFormat ¶
func (x *KeyOperationAttestation) GetFormat() KeyOperationAttestation_AttestationFormat
func (*KeyOperationAttestation) ProtoMessage ¶
func (*KeyOperationAttestation) ProtoMessage()
func (*KeyOperationAttestation) ProtoReflect ¶
func (x *KeyOperationAttestation) ProtoReflect() protoreflect.Message
func (*KeyOperationAttestation) Reset ¶
func (x *KeyOperationAttestation) Reset()
func (*KeyOperationAttestation) String ¶
func (x *KeyOperationAttestation) String() string
type KeyOperationAttestation_AttestationFormat ¶
type KeyOperationAttestation_AttestationFormat int32
Attestation formats provided by the HSM.
const ( // Not specified. KeyOperationAttestation_ATTESTATION_FORMAT_UNSPECIFIED KeyOperationAttestation_AttestationFormat = 0 // Cavium HSM attestation compressed with gzip. Note that this format is // defined by Cavium and subject to change at any time. KeyOperationAttestation_CAVIUM_V1_COMPRESSED KeyOperationAttestation_AttestationFormat = 3 // Cavium HSM attestation V2 compressed with gzip. This is a new format // introduced in Cavium's version 3.2-08. KeyOperationAttestation_CAVIUM_V2_COMPRESSED KeyOperationAttestation_AttestationFormat = 4 )
func (KeyOperationAttestation_AttestationFormat) Descriptor ¶
func (KeyOperationAttestation_AttestationFormat) Descriptor() protoreflect.EnumDescriptor
func (KeyOperationAttestation_AttestationFormat) EnumDescriptor
deprecated
func (KeyOperationAttestation_AttestationFormat) EnumDescriptor() ([]byte, []int)
Deprecated: Use KeyOperationAttestation_AttestationFormat.Descriptor instead.
func (KeyOperationAttestation_AttestationFormat) Number ¶
func (x KeyOperationAttestation_AttestationFormat) Number() protoreflect.EnumNumber
func (KeyOperationAttestation_AttestationFormat) String ¶
func (x KeyOperationAttestation_AttestationFormat) String() string
func (KeyOperationAttestation_AttestationFormat) Type ¶
func (KeyOperationAttestation_AttestationFormat) Type() protoreflect.EnumType
type KeyRing ¶
type KeyRing struct { // Output only. The resource name for the [KeyRing][google.cloud.kms.v1.KeyRing] in the format // `projects/*/locations/*/keyRings/*`. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // Output only. The time at which this [KeyRing][google.cloud.kms.v1.KeyRing] was created. CreateTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"` // contains filtered or unexported fields }
A KeyRing[google.cloud.kms.v1.KeyRing] is a toplevel logical grouping of [CryptoKeys][google.cloud.kms.v1.CryptoKey].
func (*KeyRing) Descriptor
deprecated
func (*KeyRing) GetCreateTime ¶
func (x *KeyRing) GetCreateTime() *timestamppb.Timestamp
func (*KeyRing) ProtoMessage ¶
func (*KeyRing) ProtoMessage()
func (*KeyRing) ProtoReflect ¶
func (x *KeyRing) ProtoReflect() protoreflect.Message
type ListCryptoKeyVersionsRequest ¶
type ListCryptoKeyVersionsRequest struct { // Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to list, in the format // `projects/*/locations/*/keyRings/*/cryptoKeys/*`. Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"` // Optional. Optional limit on the number of [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] to // include in the response. Further [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] can // subsequently be obtained by including the // [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token] in a subsequent request. // If unspecified, the server will pick an appropriate default. PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"` // Optional. Optional pagination token, returned earlier via // [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token]. PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"` // The fields to include in the response. View CryptoKeyVersion_CryptoKeyVersionView `protobuf:"varint,4,opt,name=view,proto3,enum=google.cloud.kms.v1.CryptoKeyVersion_CryptoKeyVersionView" json:"view,omitempty"` // Optional. Only include resources that match the filter in the response. For // more information, see // [Sorting and filtering list // results](https://cloud.google.com/kms/docs/sorting-and-filtering). Filter string `protobuf:"bytes,5,opt,name=filter,proto3" json:"filter,omitempty"` // Optional. Specify how the results should be sorted. If not specified, the // results will be sorted in the default order. For more information, see // [Sorting and filtering list // results](https://cloud.google.com/kms/docs/sorting-and-filtering). OrderBy string `protobuf:"bytes,6,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"` // contains filtered or unexported fields }
Request message for [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions].
func (*ListCryptoKeyVersionsRequest) Descriptor
deprecated
func (*ListCryptoKeyVersionsRequest) Descriptor() ([]byte, []int)
Deprecated: Use ListCryptoKeyVersionsRequest.ProtoReflect.Descriptor instead.
func (*ListCryptoKeyVersionsRequest) GetFilter ¶
func (x *ListCryptoKeyVersionsRequest) GetFilter() string
func (*ListCryptoKeyVersionsRequest) GetOrderBy ¶
func (x *ListCryptoKeyVersionsRequest) GetOrderBy() string
func (*ListCryptoKeyVersionsRequest) GetPageSize ¶
func (x *ListCryptoKeyVersionsRequest) GetPageSize() int32
func (*ListCryptoKeyVersionsRequest) GetPageToken ¶
func (x *ListCryptoKeyVersionsRequest) GetPageToken() string
func (*ListCryptoKeyVersionsRequest) GetParent ¶
func (x *ListCryptoKeyVersionsRequest) GetParent() string
func (*ListCryptoKeyVersionsRequest) GetView ¶
func (x *ListCryptoKeyVersionsRequest) GetView() CryptoKeyVersion_CryptoKeyVersionView
func (*ListCryptoKeyVersionsRequest) ProtoMessage ¶
func (*ListCryptoKeyVersionsRequest) ProtoMessage()
func (*ListCryptoKeyVersionsRequest) ProtoReflect ¶
func (x *ListCryptoKeyVersionsRequest) ProtoReflect() protoreflect.Message
func (*ListCryptoKeyVersionsRequest) Reset ¶
func (x *ListCryptoKeyVersionsRequest) Reset()
func (*ListCryptoKeyVersionsRequest) String ¶
func (x *ListCryptoKeyVersionsRequest) String() string
type ListCryptoKeyVersionsResponse ¶
type ListCryptoKeyVersionsResponse struct { // The list of [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. CryptoKeyVersions []*CryptoKeyVersion `protobuf:"bytes,1,rep,name=crypto_key_versions,json=cryptoKeyVersions,proto3" json:"crypto_key_versions,omitempty"` // A token to retrieve next page of results. Pass this value in // [ListCryptoKeyVersionsRequest.page_token][google.cloud.kms.v1.ListCryptoKeyVersionsRequest.page_token] to retrieve the next page of // results. NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"` // The total number of [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] that matched the // query. TotalSize int32 `protobuf:"varint,3,opt,name=total_size,json=totalSize,proto3" json:"total_size,omitempty"` // contains filtered or unexported fields }
Response message for [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions].
func (*ListCryptoKeyVersionsResponse) Descriptor
deprecated
func (*ListCryptoKeyVersionsResponse) Descriptor() ([]byte, []int)
Deprecated: Use ListCryptoKeyVersionsResponse.ProtoReflect.Descriptor instead.
func (*ListCryptoKeyVersionsResponse) GetCryptoKeyVersions ¶
func (x *ListCryptoKeyVersionsResponse) GetCryptoKeyVersions() []*CryptoKeyVersion
func (*ListCryptoKeyVersionsResponse) GetNextPageToken ¶
func (x *ListCryptoKeyVersionsResponse) GetNextPageToken() string
func (*ListCryptoKeyVersionsResponse) GetTotalSize ¶
func (x *ListCryptoKeyVersionsResponse) GetTotalSize() int32
func (*ListCryptoKeyVersionsResponse) ProtoMessage ¶
func (*ListCryptoKeyVersionsResponse) ProtoMessage()
func (*ListCryptoKeyVersionsResponse) ProtoReflect ¶
func (x *ListCryptoKeyVersionsResponse) ProtoReflect() protoreflect.Message
func (*ListCryptoKeyVersionsResponse) Reset ¶
func (x *ListCryptoKeyVersionsResponse) Reset()
func (*ListCryptoKeyVersionsResponse) String ¶
func (x *ListCryptoKeyVersionsResponse) String() string
type ListCryptoKeysRequest ¶
type ListCryptoKeysRequest struct { // Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing] to list, in the format // `projects/*/locations/*/keyRings/*`. Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"` // Optional. Optional limit on the number of [CryptoKeys][google.cloud.kms.v1.CryptoKey] to include in the // response. Further [CryptoKeys][google.cloud.kms.v1.CryptoKey] can subsequently be obtained by // including the [ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token] in a subsequent // request. If unspecified, the server will pick an appropriate default. PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"` // Optional. Optional pagination token, returned earlier via // [ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token]. PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"` // The fields of the primary version to include in the response. VersionView CryptoKeyVersion_CryptoKeyVersionView `` /* 158-byte string literal not displayed */ // Optional. Only include resources that match the filter in the response. For // more information, see // [Sorting and filtering list // results](https://cloud.google.com/kms/docs/sorting-and-filtering). Filter string `protobuf:"bytes,5,opt,name=filter,proto3" json:"filter,omitempty"` // Optional. Specify how the results should be sorted. If not specified, the // results will be sorted in the default order. For more information, see // [Sorting and filtering list // results](https://cloud.google.com/kms/docs/sorting-and-filtering). OrderBy string `protobuf:"bytes,6,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"` // contains filtered or unexported fields }
Request message for [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys].
func (*ListCryptoKeysRequest) Descriptor
deprecated
func (*ListCryptoKeysRequest) Descriptor() ([]byte, []int)
Deprecated: Use ListCryptoKeysRequest.ProtoReflect.Descriptor instead.
func (*ListCryptoKeysRequest) GetFilter ¶
func (x *ListCryptoKeysRequest) GetFilter() string
func (*ListCryptoKeysRequest) GetOrderBy ¶
func (x *ListCryptoKeysRequest) GetOrderBy() string
func (*ListCryptoKeysRequest) GetPageSize ¶
func (x *ListCryptoKeysRequest) GetPageSize() int32
func (*ListCryptoKeysRequest) GetPageToken ¶
func (x *ListCryptoKeysRequest) GetPageToken() string
func (*ListCryptoKeysRequest) GetParent ¶
func (x *ListCryptoKeysRequest) GetParent() string
func (*ListCryptoKeysRequest) GetVersionView ¶
func (x *ListCryptoKeysRequest) GetVersionView() CryptoKeyVersion_CryptoKeyVersionView
func (*ListCryptoKeysRequest) ProtoMessage ¶
func (*ListCryptoKeysRequest) ProtoMessage()
func (*ListCryptoKeysRequest) ProtoReflect ¶
func (x *ListCryptoKeysRequest) ProtoReflect() protoreflect.Message
func (*ListCryptoKeysRequest) Reset ¶
func (x *ListCryptoKeysRequest) Reset()
func (*ListCryptoKeysRequest) String ¶
func (x *ListCryptoKeysRequest) String() string
type ListCryptoKeysResponse ¶
type ListCryptoKeysResponse struct { // The list of [CryptoKeys][google.cloud.kms.v1.CryptoKey]. CryptoKeys []*CryptoKey `protobuf:"bytes,1,rep,name=crypto_keys,json=cryptoKeys,proto3" json:"crypto_keys,omitempty"` // A token to retrieve next page of results. Pass this value in // [ListCryptoKeysRequest.page_token][google.cloud.kms.v1.ListCryptoKeysRequest.page_token] to retrieve the next page of results. NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"` // The total number of [CryptoKeys][google.cloud.kms.v1.CryptoKey] that matched the query. TotalSize int32 `protobuf:"varint,3,opt,name=total_size,json=totalSize,proto3" json:"total_size,omitempty"` // contains filtered or unexported fields }
Response message for [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys].
func (*ListCryptoKeysResponse) Descriptor
deprecated
func (*ListCryptoKeysResponse) Descriptor() ([]byte, []int)
Deprecated: Use ListCryptoKeysResponse.ProtoReflect.Descriptor instead.
func (*ListCryptoKeysResponse) GetCryptoKeys ¶
func (x *ListCryptoKeysResponse) GetCryptoKeys() []*CryptoKey
func (*ListCryptoKeysResponse) GetNextPageToken ¶
func (x *ListCryptoKeysResponse) GetNextPageToken() string
func (*ListCryptoKeysResponse) GetTotalSize ¶
func (x *ListCryptoKeysResponse) GetTotalSize() int32
func (*ListCryptoKeysResponse) ProtoMessage ¶
func (*ListCryptoKeysResponse) ProtoMessage()
func (*ListCryptoKeysResponse) ProtoReflect ¶
func (x *ListCryptoKeysResponse) ProtoReflect() protoreflect.Message
func (*ListCryptoKeysResponse) Reset ¶
func (x *ListCryptoKeysResponse) Reset()
func (*ListCryptoKeysResponse) String ¶
func (x *ListCryptoKeysResponse) String() string
type ListImportJobsRequest ¶
type ListImportJobsRequest struct { // Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing] to list, in the format // `projects/*/locations/*/keyRings/*`. Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"` // Optional. Optional limit on the number of [ImportJobs][google.cloud.kms.v1.ImportJob] to include in the // response. Further [ImportJobs][google.cloud.kms.v1.ImportJob] can subsequently be obtained by // including the [ListImportJobsResponse.next_page_token][google.cloud.kms.v1.ListImportJobsResponse.next_page_token] in a subsequent // request. If unspecified, the server will pick an appropriate default. PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"` // Optional. Optional pagination token, returned earlier via // [ListImportJobsResponse.next_page_token][google.cloud.kms.v1.ListImportJobsResponse.next_page_token]. PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"` // Optional. Only include resources that match the filter in the response. For // more information, see // [Sorting and filtering list // results](https://cloud.google.com/kms/docs/sorting-and-filtering). Filter string `protobuf:"bytes,4,opt,name=filter,proto3" json:"filter,omitempty"` // Optional. Specify how the results should be sorted. If not specified, the // results will be sorted in the default order. For more information, see // [Sorting and filtering list // results](https://cloud.google.com/kms/docs/sorting-and-filtering). OrderBy string `protobuf:"bytes,5,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"` // contains filtered or unexported fields }
Request message for [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs].
func (*ListImportJobsRequest) Descriptor
deprecated
func (*ListImportJobsRequest) Descriptor() ([]byte, []int)
Deprecated: Use ListImportJobsRequest.ProtoReflect.Descriptor instead.
func (*ListImportJobsRequest) GetFilter ¶
func (x *ListImportJobsRequest) GetFilter() string
func (*ListImportJobsRequest) GetOrderBy ¶
func (x *ListImportJobsRequest) GetOrderBy() string
func (*ListImportJobsRequest) GetPageSize ¶
func (x *ListImportJobsRequest) GetPageSize() int32
func (*ListImportJobsRequest) GetPageToken ¶
func (x *ListImportJobsRequest) GetPageToken() string
func (*ListImportJobsRequest) GetParent ¶
func (x *ListImportJobsRequest) GetParent() string
func (*ListImportJobsRequest) ProtoMessage ¶
func (*ListImportJobsRequest) ProtoMessage()
func (*ListImportJobsRequest) ProtoReflect ¶
func (x *ListImportJobsRequest) ProtoReflect() protoreflect.Message
func (*ListImportJobsRequest) Reset ¶
func (x *ListImportJobsRequest) Reset()
func (*ListImportJobsRequest) String ¶
func (x *ListImportJobsRequest) String() string
type ListImportJobsResponse ¶
type ListImportJobsResponse struct { // The list of [ImportJobs][google.cloud.kms.v1.ImportJob]. ImportJobs []*ImportJob `protobuf:"bytes,1,rep,name=import_jobs,json=importJobs,proto3" json:"import_jobs,omitempty"` // A token to retrieve next page of results. Pass this value in // [ListImportJobsRequest.page_token][google.cloud.kms.v1.ListImportJobsRequest.page_token] to retrieve the next page of results. NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"` // The total number of [ImportJobs][google.cloud.kms.v1.ImportJob] that matched the query. TotalSize int32 `protobuf:"varint,3,opt,name=total_size,json=totalSize,proto3" json:"total_size,omitempty"` // contains filtered or unexported fields }
Response message for [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs].
func (*ListImportJobsResponse) Descriptor
deprecated
func (*ListImportJobsResponse) Descriptor() ([]byte, []int)
Deprecated: Use ListImportJobsResponse.ProtoReflect.Descriptor instead.
func (*ListImportJobsResponse) GetImportJobs ¶
func (x *ListImportJobsResponse) GetImportJobs() []*ImportJob
func (*ListImportJobsResponse) GetNextPageToken ¶
func (x *ListImportJobsResponse) GetNextPageToken() string
func (*ListImportJobsResponse) GetTotalSize ¶
func (x *ListImportJobsResponse) GetTotalSize() int32
func (*ListImportJobsResponse) ProtoMessage ¶
func (*ListImportJobsResponse) ProtoMessage()
func (*ListImportJobsResponse) ProtoReflect ¶
func (x *ListImportJobsResponse) ProtoReflect() protoreflect.Message
func (*ListImportJobsResponse) Reset ¶
func (x *ListImportJobsResponse) Reset()
func (*ListImportJobsResponse) String ¶
func (x *ListImportJobsResponse) String() string
type ListKeyRingsRequest ¶
type ListKeyRingsRequest struct { // Required. The resource name of the location associated with the // [KeyRings][google.cloud.kms.v1.KeyRing], in the format `projects/*/locations/*`. Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"` // Optional. Optional limit on the number of [KeyRings][google.cloud.kms.v1.KeyRing] to include in the // response. Further [KeyRings][google.cloud.kms.v1.KeyRing] can subsequently be obtained by // including the [ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token] in a subsequent // request. If unspecified, the server will pick an appropriate default. PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"` // Optional. Optional pagination token, returned earlier via // [ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token]. PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"` // Optional. Only include resources that match the filter in the response. For // more information, see // [Sorting and filtering list // results](https://cloud.google.com/kms/docs/sorting-and-filtering). Filter string `protobuf:"bytes,4,opt,name=filter,proto3" json:"filter,omitempty"` // Optional. Specify how the results should be sorted. If not specified, the // results will be sorted in the default order. For more information, see // [Sorting and filtering list // results](https://cloud.google.com/kms/docs/sorting-and-filtering). OrderBy string `protobuf:"bytes,5,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"` // contains filtered or unexported fields }
Request message for [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings].
func (*ListKeyRingsRequest) Descriptor
deprecated
func (*ListKeyRingsRequest) Descriptor() ([]byte, []int)
Deprecated: Use ListKeyRingsRequest.ProtoReflect.Descriptor instead.
func (*ListKeyRingsRequest) GetFilter ¶
func (x *ListKeyRingsRequest) GetFilter() string
func (*ListKeyRingsRequest) GetOrderBy ¶
func (x *ListKeyRingsRequest) GetOrderBy() string
func (*ListKeyRingsRequest) GetPageSize ¶
func (x *ListKeyRingsRequest) GetPageSize() int32
func (*ListKeyRingsRequest) GetPageToken ¶
func (x *ListKeyRingsRequest) GetPageToken() string
func (*ListKeyRingsRequest) GetParent ¶
func (x *ListKeyRingsRequest) GetParent() string
func (*ListKeyRingsRequest) ProtoMessage ¶
func (*ListKeyRingsRequest) ProtoMessage()
func (*ListKeyRingsRequest) ProtoReflect ¶
func (x *ListKeyRingsRequest) ProtoReflect() protoreflect.Message
func (*ListKeyRingsRequest) Reset ¶
func (x *ListKeyRingsRequest) Reset()
func (*ListKeyRingsRequest) String ¶
func (x *ListKeyRingsRequest) String() string
type ListKeyRingsResponse ¶
type ListKeyRingsResponse struct { // The list of [KeyRings][google.cloud.kms.v1.KeyRing]. KeyRings []*KeyRing `protobuf:"bytes,1,rep,name=key_rings,json=keyRings,proto3" json:"key_rings,omitempty"` // A token to retrieve next page of results. Pass this value in // [ListKeyRingsRequest.page_token][google.cloud.kms.v1.ListKeyRingsRequest.page_token] to retrieve the next page of results. NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"` // The total number of [KeyRings][google.cloud.kms.v1.KeyRing] that matched the query. TotalSize int32 `protobuf:"varint,3,opt,name=total_size,json=totalSize,proto3" json:"total_size,omitempty"` // contains filtered or unexported fields }
Response message for [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings].
func (*ListKeyRingsResponse) Descriptor
deprecated
func (*ListKeyRingsResponse) Descriptor() ([]byte, []int)
Deprecated: Use ListKeyRingsResponse.ProtoReflect.Descriptor instead.
func (*ListKeyRingsResponse) GetKeyRings ¶
func (x *ListKeyRingsResponse) GetKeyRings() []*KeyRing
func (*ListKeyRingsResponse) GetNextPageToken ¶
func (x *ListKeyRingsResponse) GetNextPageToken() string
func (*ListKeyRingsResponse) GetTotalSize ¶
func (x *ListKeyRingsResponse) GetTotalSize() int32
func (*ListKeyRingsResponse) ProtoMessage ¶
func (*ListKeyRingsResponse) ProtoMessage()
func (*ListKeyRingsResponse) ProtoReflect ¶
func (x *ListKeyRingsResponse) ProtoReflect() protoreflect.Message
func (*ListKeyRingsResponse) Reset ¶
func (x *ListKeyRingsResponse) Reset()
func (*ListKeyRingsResponse) String ¶
func (x *ListKeyRingsResponse) String() string
type LocationMetadata ¶
type LocationMetadata struct { // Indicates whether [CryptoKeys][google.cloud.kms.v1.CryptoKey] with // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level] // [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] can be created in this location. HsmAvailable bool `protobuf:"varint,1,opt,name=hsm_available,json=hsmAvailable,proto3" json:"hsm_available,omitempty"` // Indicates whether [CryptoKeys][google.cloud.kms.v1.CryptoKey] with // [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level] // [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] can be created in this location. EkmAvailable bool `protobuf:"varint,2,opt,name=ekm_available,json=ekmAvailable,proto3" json:"ekm_available,omitempty"` // contains filtered or unexported fields }
Cloud KMS metadata for the given [google.cloud.location.Location][google.cloud.location.Location].
func (*LocationMetadata) Descriptor
deprecated
func (*LocationMetadata) Descriptor() ([]byte, []int)
Deprecated: Use LocationMetadata.ProtoReflect.Descriptor instead.
func (*LocationMetadata) GetEkmAvailable ¶
func (x *LocationMetadata) GetEkmAvailable() bool
func (*LocationMetadata) GetHsmAvailable ¶
func (x *LocationMetadata) GetHsmAvailable() bool
func (*LocationMetadata) ProtoMessage ¶
func (*LocationMetadata) ProtoMessage()
func (*LocationMetadata) ProtoReflect ¶
func (x *LocationMetadata) ProtoReflect() protoreflect.Message
func (*LocationMetadata) Reset ¶
func (x *LocationMetadata) Reset()
func (*LocationMetadata) String ¶
func (x *LocationMetadata) String() string
type MacSignRequest ¶
type MacSignRequest struct { // Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for signing. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // Required. The data to sign. The MAC tag is computed over this data field based on // the specific algorithm. Data []byte `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"` // Optional. An optional CRC32C checksum of the [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data]. If // specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the // received [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data] using this checksum. // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification // fails. If you receive a checksum error, your client should verify that // CRC32C([MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data]) is equal to // [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c], and if so, perform a limited // number of retries. A persistent mismatch may indicate an issue in your // computation of the CRC32C checksum. // Note: This field is defined as int64 for reasons of compatibility across // different languages. However, it is a non-negative integer, which will // never exceed 2^32-1, and can be safely downconverted to uint32 in languages // that support this type. DataCrc32C *wrapperspb.Int64Value `protobuf:"bytes,3,opt,name=data_crc32c,json=dataCrc32c,proto3" json:"data_crc32c,omitempty"` // contains filtered or unexported fields }
Request message for [KeyManagementService.MacSign][google.cloud.kms.v1.KeyManagementService.MacSign].
func (*MacSignRequest) Descriptor
deprecated
func (*MacSignRequest) Descriptor() ([]byte, []int)
Deprecated: Use MacSignRequest.ProtoReflect.Descriptor instead.
func (*MacSignRequest) GetData ¶
func (x *MacSignRequest) GetData() []byte
func (*MacSignRequest) GetDataCrc32C ¶
func (x *MacSignRequest) GetDataCrc32C() *wrapperspb.Int64Value
func (*MacSignRequest) GetName ¶
func (x *MacSignRequest) GetName() string
func (*MacSignRequest) ProtoMessage ¶
func (*MacSignRequest) ProtoMessage()
func (*MacSignRequest) ProtoReflect ¶
func (x *MacSignRequest) ProtoReflect() protoreflect.Message
func (*MacSignRequest) Reset ¶
func (x *MacSignRequest) Reset()
func (*MacSignRequest) String ¶
func (x *MacSignRequest) String() string
type MacSignResponse ¶
type MacSignResponse struct { // The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing. Check // this field to verify that the intended resource was used for signing. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // The created signature. Mac []byte `protobuf:"bytes,2,opt,name=mac,proto3" json:"mac,omitempty"` // Integrity verification field. A CRC32C checksum of the returned // [MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac]. An integrity check of // [MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac] can be performed by computing the // CRC32C checksum of [MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac] and comparing your // results to this field. Discard the response in case of non-matching // checksum values, and perform a limited number of retries. A persistent // mismatch may indicate an issue in your computation of the CRC32C checksum. // Note: This field is defined as int64 for reasons of compatibility across // different languages. However, it is a non-negative integer, which will // never exceed 2^32-1, and can be safely downconverted to uint32 in languages // that support this type. MacCrc32C *wrapperspb.Int64Value `protobuf:"bytes,3,opt,name=mac_crc32c,json=macCrc32c,proto3" json:"mac_crc32c,omitempty"` // Integrity verification field. A flag indicating whether // [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c] was received by // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the // [data][google.cloud.kms.v1.MacSignRequest.data]. A false value of this field // indicates either that [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c] was left // unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've // set [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c] but this field is still false, // discard the response and perform a limited number of retries. VerifiedDataCrc32C bool `protobuf:"varint,4,opt,name=verified_data_crc32c,json=verifiedDataCrc32c,proto3" json:"verified_data_crc32c,omitempty"` // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing. ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */ // contains filtered or unexported fields }
Response message for [KeyManagementService.MacSign][google.cloud.kms.v1.KeyManagementService.MacSign].
func (*MacSignResponse) Descriptor
deprecated
func (*MacSignResponse) Descriptor() ([]byte, []int)
Deprecated: Use MacSignResponse.ProtoReflect.Descriptor instead.
func (*MacSignResponse) GetMac ¶
func (x *MacSignResponse) GetMac() []byte
func (*MacSignResponse) GetMacCrc32C ¶
func (x *MacSignResponse) GetMacCrc32C() *wrapperspb.Int64Value
func (*MacSignResponse) GetName ¶
func (x *MacSignResponse) GetName() string
func (*MacSignResponse) GetProtectionLevel ¶
func (x *MacSignResponse) GetProtectionLevel() ProtectionLevel
func (*MacSignResponse) GetVerifiedDataCrc32C ¶
func (x *MacSignResponse) GetVerifiedDataCrc32C() bool
func (*MacSignResponse) ProtoMessage ¶
func (*MacSignResponse) ProtoMessage()
func (*MacSignResponse) ProtoReflect ¶
func (x *MacSignResponse) ProtoReflect() protoreflect.Message
func (*MacSignResponse) Reset ¶
func (x *MacSignResponse) Reset()
func (*MacSignResponse) String ¶
func (x *MacSignResponse) String() string
type MacVerifyRequest ¶
type MacVerifyRequest struct { // Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for verification. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // Required. The data used previously as a [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data] to generate the MAC // tag. Data []byte `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"` // Optional. An optional CRC32C checksum of the [MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data]. If // specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the // received [MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data] using this checksum. // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification // fails. If you receive a checksum error, your client should verify that // CRC32C([MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data]) is equal to // [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c], and if so, perform a limited // number of retries. A persistent mismatch may indicate an issue in your // computation of the CRC32C checksum. // Note: This field is defined as int64 for reasons of compatibility across // different languages. However, it is a non-negative integer, which will // never exceed 2^32-1, and can be safely downconverted to uint32 in languages // that support this type. DataCrc32C *wrapperspb.Int64Value `protobuf:"bytes,3,opt,name=data_crc32c,json=dataCrc32c,proto3" json:"data_crc32c,omitempty"` // Required. The signature to verify. Mac []byte `protobuf:"bytes,4,opt,name=mac,proto3" json:"mac,omitempty"` // Optional. An optional CRC32C checksum of the [MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac]. If // specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the // received [MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac] using this checksum. // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification // fails. If you receive a checksum error, your client should verify that // CRC32C([MacVerifyRequest.tag][]) is equal to // [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c], and if so, perform a limited // number of retries. A persistent mismatch may indicate an issue in your // computation of the CRC32C checksum. // Note: This field is defined as int64 for reasons of compatibility across // different languages. However, it is a non-negative integer, which will // never exceed 2^32-1, and can be safely downconverted to uint32 in languages // that support this type. MacCrc32C *wrapperspb.Int64Value `protobuf:"bytes,5,opt,name=mac_crc32c,json=macCrc32c,proto3" json:"mac_crc32c,omitempty"` // contains filtered or unexported fields }
Request message for [KeyManagementService.MacVerify][google.cloud.kms.v1.KeyManagementService.MacVerify].
func (*MacVerifyRequest) Descriptor
deprecated
func (*MacVerifyRequest) Descriptor() ([]byte, []int)
Deprecated: Use MacVerifyRequest.ProtoReflect.Descriptor instead.
func (*MacVerifyRequest) GetData ¶
func (x *MacVerifyRequest) GetData() []byte
func (*MacVerifyRequest) GetDataCrc32C ¶
func (x *MacVerifyRequest) GetDataCrc32C() *wrapperspb.Int64Value
func (*MacVerifyRequest) GetMac ¶
func (x *MacVerifyRequest) GetMac() []byte
func (*MacVerifyRequest) GetMacCrc32C ¶
func (x *MacVerifyRequest) GetMacCrc32C() *wrapperspb.Int64Value
func (*MacVerifyRequest) GetName ¶
func (x *MacVerifyRequest) GetName() string
func (*MacVerifyRequest) ProtoMessage ¶
func (*MacVerifyRequest) ProtoMessage()
func (*MacVerifyRequest) ProtoReflect ¶
func (x *MacVerifyRequest) ProtoReflect() protoreflect.Message
func (*MacVerifyRequest) Reset ¶
func (x *MacVerifyRequest) Reset()
func (*MacVerifyRequest) String ¶
func (x *MacVerifyRequest) String() string
type MacVerifyResponse ¶
type MacVerifyResponse struct { // The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for verification. // Check this field to verify that the intended resource was used for // verification. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // This field indicates whether or not the verification operation for // [MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac] over [MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data] was successful. Success bool `protobuf:"varint,2,opt,name=success,proto3" json:"success,omitempty"` // Integrity verification field. A flag indicating whether // [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c] was received by // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the // [data][google.cloud.kms.v1.MacVerifyRequest.data]. A false value of this field // indicates either that [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c] was left // unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've // set [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c] but this field is still false, // discard the response and perform a limited number of retries. VerifiedDataCrc32C bool `protobuf:"varint,3,opt,name=verified_data_crc32c,json=verifiedDataCrc32c,proto3" json:"verified_data_crc32c,omitempty"` // Integrity verification field. A flag indicating whether // [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c] was received by // [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the // [data][google.cloud.kms.v1.MacVerifyRequest.mac]. A false value of this field // indicates either that [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c] was left // unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've // set [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c] but this field is still false, // discard the response and perform a limited number of retries. VerifiedMacCrc32C bool `protobuf:"varint,4,opt,name=verified_mac_crc32c,json=verifiedMacCrc32c,proto3" json:"verified_mac_crc32c,omitempty"` // Integrity verification field. This value is used for the integrity // verification of [MacVerifyResponse.success]. If the value of this field // contradicts the value of [MacVerifyResponse.success], discard the response // and perform a limited number of retries. VerifiedSuccessIntegrity bool `` /* 136-byte string literal not displayed */ // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for verification. ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */ // contains filtered or unexported fields }
Response message for [KeyManagementService.MacVerify][google.cloud.kms.v1.KeyManagementService.MacVerify].
func (*MacVerifyResponse) Descriptor
deprecated
func (*MacVerifyResponse) Descriptor() ([]byte, []int)
Deprecated: Use MacVerifyResponse.ProtoReflect.Descriptor instead.
func (*MacVerifyResponse) GetName ¶
func (x *MacVerifyResponse) GetName() string
func (*MacVerifyResponse) GetProtectionLevel ¶
func (x *MacVerifyResponse) GetProtectionLevel() ProtectionLevel
func (*MacVerifyResponse) GetSuccess ¶
func (x *MacVerifyResponse) GetSuccess() bool
func (*MacVerifyResponse) GetVerifiedDataCrc32C ¶
func (x *MacVerifyResponse) GetVerifiedDataCrc32C() bool
func (*MacVerifyResponse) GetVerifiedMacCrc32C ¶
func (x *MacVerifyResponse) GetVerifiedMacCrc32C() bool
func (*MacVerifyResponse) GetVerifiedSuccessIntegrity ¶
func (x *MacVerifyResponse) GetVerifiedSuccessIntegrity() bool
func (*MacVerifyResponse) ProtoMessage ¶
func (*MacVerifyResponse) ProtoMessage()
func (*MacVerifyResponse) ProtoReflect ¶
func (x *MacVerifyResponse) ProtoReflect() protoreflect.Message
func (*MacVerifyResponse) Reset ¶
func (x *MacVerifyResponse) Reset()
func (*MacVerifyResponse) String ¶
func (x *MacVerifyResponse) String() string
type ProtectionLevel ¶
type ProtectionLevel int32
ProtectionLevel[google.cloud.kms.v1.ProtectionLevel] specifies how cryptographic operations are performed. For more information, see [Protection levels] (https://cloud.google.com/kms/docs/algorithms#protection_levels).
const ( // Not specified. ProtectionLevel_PROTECTION_LEVEL_UNSPECIFIED ProtectionLevel = 0 // Crypto operations are performed in software. ProtectionLevel_SOFTWARE ProtectionLevel = 1 // Crypto operations are performed in a Hardware Security Module. ProtectionLevel_HSM ProtectionLevel = 2 // Crypto operations are performed by an external key manager. ProtectionLevel_EXTERNAL ProtectionLevel = 3 )
func (ProtectionLevel) Descriptor ¶
func (ProtectionLevel) Descriptor() protoreflect.EnumDescriptor
func (ProtectionLevel) Enum ¶
func (x ProtectionLevel) Enum() *ProtectionLevel
func (ProtectionLevel) EnumDescriptor
deprecated
func (ProtectionLevel) EnumDescriptor() ([]byte, []int)
Deprecated: Use ProtectionLevel.Descriptor instead.
func (ProtectionLevel) Number ¶
func (x ProtectionLevel) Number() protoreflect.EnumNumber
func (ProtectionLevel) String ¶
func (x ProtectionLevel) String() string
func (ProtectionLevel) Type ¶
func (ProtectionLevel) Type() protoreflect.EnumType
type PublicKey ¶
type PublicKey struct { // The public key, encoded in PEM format. For more information, see the // [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for // [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and // [Textual Encoding of Subject Public Key Info] // (https://tools.ietf.org/html/rfc7468#section-13). Pem string `protobuf:"bytes,1,opt,name=pem,proto3" json:"pem,omitempty"` // The [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] associated // with this key. Algorithm CryptoKeyVersion_CryptoKeyVersionAlgorithm `` /* 140-byte string literal not displayed */ // Integrity verification field. A CRC32C checksum of the returned // [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem]. An integrity check of [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem] can be performed // by computing the CRC32C checksum of [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem] and // comparing your results to this field. Discard the response in case of // non-matching checksum values, and perform a limited number of retries. A // persistent mismatch may indicate an issue in your computation of the CRC32C // checksum. // Note: This field is defined as int64 for reasons of compatibility across // different languages. However, it is a non-negative integer, which will // never exceed 2^32-1, and can be safely downconverted to uint32 in languages // that support this type. // // NOTE: This field is in Beta. PemCrc32C *wrapperspb.Int64Value `protobuf:"bytes,3,opt,name=pem_crc32c,json=pemCrc32c,proto3" json:"pem_crc32c,omitempty"` // The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key. // Provided here for verification. // // NOTE: This field is in Beta. Name string `protobuf:"bytes,4,opt,name=name,proto3" json:"name,omitempty"` // The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key. ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */ // contains filtered or unexported fields }
The public key for a given CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion]. Obtained via [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
func (*PublicKey) Descriptor
deprecated
func (*PublicKey) GetAlgorithm ¶
func (x *PublicKey) GetAlgorithm() CryptoKeyVersion_CryptoKeyVersionAlgorithm
func (*PublicKey) GetPemCrc32C ¶
func (x *PublicKey) GetPemCrc32C() *wrapperspb.Int64Value
func (*PublicKey) GetProtectionLevel ¶
func (x *PublicKey) GetProtectionLevel() ProtectionLevel
func (*PublicKey) ProtoMessage ¶
func (*PublicKey) ProtoMessage()
func (*PublicKey) ProtoReflect ¶
func (x *PublicKey) ProtoReflect() protoreflect.Message
type RestoreCryptoKeyVersionRequest ¶
type RestoreCryptoKeyVersionRequest struct { // Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to restore. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // contains filtered or unexported fields }
Request message for [KeyManagementService.RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion].
func (*RestoreCryptoKeyVersionRequest) Descriptor
deprecated
func (*RestoreCryptoKeyVersionRequest) Descriptor() ([]byte, []int)
Deprecated: Use RestoreCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.
func (*RestoreCryptoKeyVersionRequest) GetName ¶
func (x *RestoreCryptoKeyVersionRequest) GetName() string
func (*RestoreCryptoKeyVersionRequest) ProtoMessage ¶
func (*RestoreCryptoKeyVersionRequest) ProtoMessage()
func (*RestoreCryptoKeyVersionRequest) ProtoReflect ¶
func (x *RestoreCryptoKeyVersionRequest) ProtoReflect() protoreflect.Message
func (*RestoreCryptoKeyVersionRequest) Reset ¶
func (x *RestoreCryptoKeyVersionRequest) Reset()
func (*RestoreCryptoKeyVersionRequest) String ¶
func (x *RestoreCryptoKeyVersionRequest) String() string
type UnimplementedKeyManagementServiceServer ¶
type UnimplementedKeyManagementServiceServer struct { }
UnimplementedKeyManagementServiceServer can be embedded to have forward compatible implementations.
func (*UnimplementedKeyManagementServiceServer) AsymmetricDecrypt ¶
func (*UnimplementedKeyManagementServiceServer) AsymmetricDecrypt(context.Context, *AsymmetricDecryptRequest) (*AsymmetricDecryptResponse, error)
func (*UnimplementedKeyManagementServiceServer) AsymmetricSign ¶
func (*UnimplementedKeyManagementServiceServer) AsymmetricSign(context.Context, *AsymmetricSignRequest) (*AsymmetricSignResponse, error)
func (*UnimplementedKeyManagementServiceServer) CreateCryptoKey ¶
func (*UnimplementedKeyManagementServiceServer) CreateCryptoKey(context.Context, *CreateCryptoKeyRequest) (*CryptoKey, error)
func (*UnimplementedKeyManagementServiceServer) CreateCryptoKeyVersion ¶
func (*UnimplementedKeyManagementServiceServer) CreateCryptoKeyVersion(context.Context, *CreateCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
func (*UnimplementedKeyManagementServiceServer) CreateImportJob ¶
func (*UnimplementedKeyManagementServiceServer) CreateImportJob(context.Context, *CreateImportJobRequest) (*ImportJob, error)
func (*UnimplementedKeyManagementServiceServer) CreateKeyRing ¶
func (*UnimplementedKeyManagementServiceServer) CreateKeyRing(context.Context, *CreateKeyRingRequest) (*KeyRing, error)
func (*UnimplementedKeyManagementServiceServer) Decrypt ¶
func (*UnimplementedKeyManagementServiceServer) Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error)
func (*UnimplementedKeyManagementServiceServer) DestroyCryptoKeyVersion ¶
func (*UnimplementedKeyManagementServiceServer) DestroyCryptoKeyVersion(context.Context, *DestroyCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
func (*UnimplementedKeyManagementServiceServer) Encrypt ¶
func (*UnimplementedKeyManagementServiceServer) Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error)
func (*UnimplementedKeyManagementServiceServer) GenerateRandomBytes ¶
func (*UnimplementedKeyManagementServiceServer) GenerateRandomBytes(context.Context, *GenerateRandomBytesRequest) (*GenerateRandomBytesResponse, error)
func (*UnimplementedKeyManagementServiceServer) GetCryptoKey ¶
func (*UnimplementedKeyManagementServiceServer) GetCryptoKey(context.Context, *GetCryptoKeyRequest) (*CryptoKey, error)
func (*UnimplementedKeyManagementServiceServer) GetCryptoKeyVersion ¶
func (*UnimplementedKeyManagementServiceServer) GetCryptoKeyVersion(context.Context, *GetCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
func (*UnimplementedKeyManagementServiceServer) GetImportJob ¶
func (*UnimplementedKeyManagementServiceServer) GetImportJob(context.Context, *GetImportJobRequest) (*ImportJob, error)
func (*UnimplementedKeyManagementServiceServer) GetKeyRing ¶
func (*UnimplementedKeyManagementServiceServer) GetKeyRing(context.Context, *GetKeyRingRequest) (*KeyRing, error)
func (*UnimplementedKeyManagementServiceServer) GetPublicKey ¶
func (*UnimplementedKeyManagementServiceServer) GetPublicKey(context.Context, *GetPublicKeyRequest) (*PublicKey, error)
func (*UnimplementedKeyManagementServiceServer) ImportCryptoKeyVersion ¶
func (*UnimplementedKeyManagementServiceServer) ImportCryptoKeyVersion(context.Context, *ImportCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
func (*UnimplementedKeyManagementServiceServer) ListCryptoKeyVersions ¶
func (*UnimplementedKeyManagementServiceServer) ListCryptoKeyVersions(context.Context, *ListCryptoKeyVersionsRequest) (*ListCryptoKeyVersionsResponse, error)
func (*UnimplementedKeyManagementServiceServer) ListCryptoKeys ¶
func (*UnimplementedKeyManagementServiceServer) ListCryptoKeys(context.Context, *ListCryptoKeysRequest) (*ListCryptoKeysResponse, error)
func (*UnimplementedKeyManagementServiceServer) ListImportJobs ¶
func (*UnimplementedKeyManagementServiceServer) ListImportJobs(context.Context, *ListImportJobsRequest) (*ListImportJobsResponse, error)
func (*UnimplementedKeyManagementServiceServer) ListKeyRings ¶
func (*UnimplementedKeyManagementServiceServer) ListKeyRings(context.Context, *ListKeyRingsRequest) (*ListKeyRingsResponse, error)
func (*UnimplementedKeyManagementServiceServer) MacSign ¶
func (*UnimplementedKeyManagementServiceServer) MacSign(context.Context, *MacSignRequest) (*MacSignResponse, error)
func (*UnimplementedKeyManagementServiceServer) MacVerify ¶
func (*UnimplementedKeyManagementServiceServer) MacVerify(context.Context, *MacVerifyRequest) (*MacVerifyResponse, error)
func (*UnimplementedKeyManagementServiceServer) RestoreCryptoKeyVersion ¶
func (*UnimplementedKeyManagementServiceServer) RestoreCryptoKeyVersion(context.Context, *RestoreCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
func (*UnimplementedKeyManagementServiceServer) UpdateCryptoKey ¶
func (*UnimplementedKeyManagementServiceServer) UpdateCryptoKey(context.Context, *UpdateCryptoKeyRequest) (*CryptoKey, error)
func (*UnimplementedKeyManagementServiceServer) UpdateCryptoKeyPrimaryVersion ¶
func (*UnimplementedKeyManagementServiceServer) UpdateCryptoKeyPrimaryVersion(context.Context, *UpdateCryptoKeyPrimaryVersionRequest) (*CryptoKey, error)
func (*UnimplementedKeyManagementServiceServer) UpdateCryptoKeyVersion ¶
func (*UnimplementedKeyManagementServiceServer) UpdateCryptoKeyVersion(context.Context, *UpdateCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
type UpdateCryptoKeyPrimaryVersionRequest ¶
type UpdateCryptoKeyPrimaryVersionRequest struct { // Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to update. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // Required. The id of the child [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use as primary. CryptoKeyVersionId string `protobuf:"bytes,2,opt,name=crypto_key_version_id,json=cryptoKeyVersionId,proto3" json:"crypto_key_version_id,omitempty"` // contains filtered or unexported fields }
Request message for [KeyManagementService.UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion].
func (*UpdateCryptoKeyPrimaryVersionRequest) Descriptor
deprecated
func (*UpdateCryptoKeyPrimaryVersionRequest) Descriptor() ([]byte, []int)
Deprecated: Use UpdateCryptoKeyPrimaryVersionRequest.ProtoReflect.Descriptor instead.
func (*UpdateCryptoKeyPrimaryVersionRequest) GetCryptoKeyVersionId ¶
func (x *UpdateCryptoKeyPrimaryVersionRequest) GetCryptoKeyVersionId() string
func (*UpdateCryptoKeyPrimaryVersionRequest) GetName ¶
func (x *UpdateCryptoKeyPrimaryVersionRequest) GetName() string
func (*UpdateCryptoKeyPrimaryVersionRequest) ProtoMessage ¶
func (*UpdateCryptoKeyPrimaryVersionRequest) ProtoMessage()
func (*UpdateCryptoKeyPrimaryVersionRequest) ProtoReflect ¶
func (x *UpdateCryptoKeyPrimaryVersionRequest) ProtoReflect() protoreflect.Message
func (*UpdateCryptoKeyPrimaryVersionRequest) Reset ¶
func (x *UpdateCryptoKeyPrimaryVersionRequest) Reset()
func (*UpdateCryptoKeyPrimaryVersionRequest) String ¶
func (x *UpdateCryptoKeyPrimaryVersionRequest) String() string
type UpdateCryptoKeyRequest ¶
type UpdateCryptoKeyRequest struct { // Required. [CryptoKey][google.cloud.kms.v1.CryptoKey] with updated values. CryptoKey *CryptoKey `protobuf:"bytes,1,opt,name=crypto_key,json=cryptoKey,proto3" json:"crypto_key,omitempty"` // Required. List of fields to be updated in this request. UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"` // contains filtered or unexported fields }
Request message for [KeyManagementService.UpdateCryptoKey][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKey].
func (*UpdateCryptoKeyRequest) Descriptor
deprecated
func (*UpdateCryptoKeyRequest) Descriptor() ([]byte, []int)
Deprecated: Use UpdateCryptoKeyRequest.ProtoReflect.Descriptor instead.
func (*UpdateCryptoKeyRequest) GetCryptoKey ¶
func (x *UpdateCryptoKeyRequest) GetCryptoKey() *CryptoKey
func (*UpdateCryptoKeyRequest) GetUpdateMask ¶
func (x *UpdateCryptoKeyRequest) GetUpdateMask() *fieldmaskpb.FieldMask
func (*UpdateCryptoKeyRequest) ProtoMessage ¶
func (*UpdateCryptoKeyRequest) ProtoMessage()
func (*UpdateCryptoKeyRequest) ProtoReflect ¶
func (x *UpdateCryptoKeyRequest) ProtoReflect() protoreflect.Message
func (*UpdateCryptoKeyRequest) Reset ¶
func (x *UpdateCryptoKeyRequest) Reset()
func (*UpdateCryptoKeyRequest) String ¶
func (x *UpdateCryptoKeyRequest) String() string
type UpdateCryptoKeyVersionRequest ¶
type UpdateCryptoKeyVersionRequest struct { // Required. [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with updated values. CryptoKeyVersion *CryptoKeyVersion `protobuf:"bytes,1,opt,name=crypto_key_version,json=cryptoKeyVersion,proto3" json:"crypto_key_version,omitempty"` // Required. List of fields to be updated in this request. UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"` // contains filtered or unexported fields }
Request message for [KeyManagementService.UpdateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyVersion].
func (*UpdateCryptoKeyVersionRequest) Descriptor
deprecated
func (*UpdateCryptoKeyVersionRequest) Descriptor() ([]byte, []int)
Deprecated: Use UpdateCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.
func (*UpdateCryptoKeyVersionRequest) GetCryptoKeyVersion ¶
func (x *UpdateCryptoKeyVersionRequest) GetCryptoKeyVersion() *CryptoKeyVersion
func (*UpdateCryptoKeyVersionRequest) GetUpdateMask ¶
func (x *UpdateCryptoKeyVersionRequest) GetUpdateMask() *fieldmaskpb.FieldMask
func (*UpdateCryptoKeyVersionRequest) ProtoMessage ¶
func (*UpdateCryptoKeyVersionRequest) ProtoMessage()
func (*UpdateCryptoKeyVersionRequest) ProtoReflect ¶
func (x *UpdateCryptoKeyVersionRequest) ProtoReflect() protoreflect.Message
func (*UpdateCryptoKeyVersionRequest) Reset ¶
func (x *UpdateCryptoKeyVersionRequest) Reset()
func (*UpdateCryptoKeyVersionRequest) String ¶
func (x *UpdateCryptoKeyVersionRequest) String() string