kms

package
v0.0.0-...-52b58a3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 31, 2022 License: Apache-2.0, Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ProtectionLevel_name = map[int32]string{
		0: "PROTECTION_LEVEL_UNSPECIFIED",
		1: "SOFTWARE",
		2: "HSM",
		3: "EXTERNAL",
	}
	ProtectionLevel_value = map[string]int32{
		"PROTECTION_LEVEL_UNSPECIFIED": 0,
		"SOFTWARE":                     1,
		"HSM":                          2,
		"EXTERNAL":                     3,
	}
)

Enum value maps for ProtectionLevel.

View Source
var (
	CryptoKey_CryptoKeyPurpose_name = map[int32]string{
		0: "CRYPTO_KEY_PURPOSE_UNSPECIFIED",
		1: "ENCRYPT_DECRYPT",
		5: "ASYMMETRIC_SIGN",
		6: "ASYMMETRIC_DECRYPT",
		9: "MAC",
	}
	CryptoKey_CryptoKeyPurpose_value = map[string]int32{
		"CRYPTO_KEY_PURPOSE_UNSPECIFIED": 0,
		"ENCRYPT_DECRYPT":                1,
		"ASYMMETRIC_SIGN":                5,
		"ASYMMETRIC_DECRYPT":             6,
		"MAC":                            9,
	}
)

Enum value maps for CryptoKey_CryptoKeyPurpose.

View Source
var (
	KeyOperationAttestation_AttestationFormat_name = map[int32]string{
		0: "ATTESTATION_FORMAT_UNSPECIFIED",
		3: "CAVIUM_V1_COMPRESSED",
		4: "CAVIUM_V2_COMPRESSED",
	}
	KeyOperationAttestation_AttestationFormat_value = map[string]int32{
		"ATTESTATION_FORMAT_UNSPECIFIED": 0,
		"CAVIUM_V1_COMPRESSED":           3,
		"CAVIUM_V2_COMPRESSED":           4,
	}
)

Enum value maps for KeyOperationAttestation_AttestationFormat.

View Source
var (
	CryptoKeyVersion_CryptoKeyVersionAlgorithm_name = map[int32]string{
		0:  "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED",
		1:  "GOOGLE_SYMMETRIC_ENCRYPTION",
		2:  "RSA_SIGN_PSS_2048_SHA256",
		3:  "RSA_SIGN_PSS_3072_SHA256",
		4:  "RSA_SIGN_PSS_4096_SHA256",
		15: "RSA_SIGN_PSS_4096_SHA512",
		5:  "RSA_SIGN_PKCS1_2048_SHA256",
		6:  "RSA_SIGN_PKCS1_3072_SHA256",
		7:  "RSA_SIGN_PKCS1_4096_SHA256",
		16: "RSA_SIGN_PKCS1_4096_SHA512",
		28: "RSA_SIGN_RAW_PKCS1_2048",
		29: "RSA_SIGN_RAW_PKCS1_3072",
		30: "RSA_SIGN_RAW_PKCS1_4096",
		8:  "RSA_DECRYPT_OAEP_2048_SHA256",
		9:  "RSA_DECRYPT_OAEP_3072_SHA256",
		10: "RSA_DECRYPT_OAEP_4096_SHA256",
		17: "RSA_DECRYPT_OAEP_4096_SHA512",
		37: "RSA_DECRYPT_OAEP_2048_SHA1",
		38: "RSA_DECRYPT_OAEP_3072_SHA1",
		39: "RSA_DECRYPT_OAEP_4096_SHA1",
		12: "EC_SIGN_P256_SHA256",
		13: "EC_SIGN_P384_SHA384",
		31: "EC_SIGN_SECP256K1_SHA256",
		32: "HMAC_SHA256",
		18: "EXTERNAL_SYMMETRIC_ENCRYPTION",
	}
	CryptoKeyVersion_CryptoKeyVersionAlgorithm_value = map[string]int32{
		"CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED": 0,
		"GOOGLE_SYMMETRIC_ENCRYPTION":              1,
		"RSA_SIGN_PSS_2048_SHA256":                 2,
		"RSA_SIGN_PSS_3072_SHA256":                 3,
		"RSA_SIGN_PSS_4096_SHA256":                 4,
		"RSA_SIGN_PSS_4096_SHA512":                 15,
		"RSA_SIGN_PKCS1_2048_SHA256":               5,
		"RSA_SIGN_PKCS1_3072_SHA256":               6,
		"RSA_SIGN_PKCS1_4096_SHA256":               7,
		"RSA_SIGN_PKCS1_4096_SHA512":               16,
		"RSA_SIGN_RAW_PKCS1_2048":                  28,
		"RSA_SIGN_RAW_PKCS1_3072":                  29,
		"RSA_SIGN_RAW_PKCS1_4096":                  30,
		"RSA_DECRYPT_OAEP_2048_SHA256":             8,
		"RSA_DECRYPT_OAEP_3072_SHA256":             9,
		"RSA_DECRYPT_OAEP_4096_SHA256":             10,
		"RSA_DECRYPT_OAEP_4096_SHA512":             17,
		"RSA_DECRYPT_OAEP_2048_SHA1":               37,
		"RSA_DECRYPT_OAEP_3072_SHA1":               38,
		"RSA_DECRYPT_OAEP_4096_SHA1":               39,
		"EC_SIGN_P256_SHA256":                      12,
		"EC_SIGN_P384_SHA384":                      13,
		"EC_SIGN_SECP256K1_SHA256":                 31,
		"HMAC_SHA256":                              32,
		"EXTERNAL_SYMMETRIC_ENCRYPTION":            18,
	}
)

Enum value maps for CryptoKeyVersion_CryptoKeyVersionAlgorithm.

View Source
var (
	CryptoKeyVersion_CryptoKeyVersionState_name = map[int32]string{
		0: "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED",
		5: "PENDING_GENERATION",
		1: "ENABLED",
		2: "DISABLED",
		3: "DESTROYED",
		4: "DESTROY_SCHEDULED",
		6: "PENDING_IMPORT",
		7: "IMPORT_FAILED",
	}
	CryptoKeyVersion_CryptoKeyVersionState_value = map[string]int32{
		"CRYPTO_KEY_VERSION_STATE_UNSPECIFIED": 0,
		"PENDING_GENERATION":                   5,
		"ENABLED":                              1,
		"DISABLED":                             2,
		"DESTROYED":                            3,
		"DESTROY_SCHEDULED":                    4,
		"PENDING_IMPORT":                       6,
		"IMPORT_FAILED":                        7,
	}
)

Enum value maps for CryptoKeyVersion_CryptoKeyVersionState.

View Source
var (
	CryptoKeyVersion_CryptoKeyVersionView_name = map[int32]string{
		0: "CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED",
		1: "FULL",
	}
	CryptoKeyVersion_CryptoKeyVersionView_value = map[string]int32{
		"CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED": 0,
		"FULL":                                1,
	}
)

Enum value maps for CryptoKeyVersion_CryptoKeyVersionView.

View Source
var (
	ImportJob_ImportMethod_name = map[int32]string{
		0: "IMPORT_METHOD_UNSPECIFIED",
		1: "RSA_OAEP_3072_SHA1_AES_256",
		2: "RSA_OAEP_4096_SHA1_AES_256",
	}
	ImportJob_ImportMethod_value = map[string]int32{
		"IMPORT_METHOD_UNSPECIFIED":  0,
		"RSA_OAEP_3072_SHA1_AES_256": 1,
		"RSA_OAEP_4096_SHA1_AES_256": 2,
	}
)

Enum value maps for ImportJob_ImportMethod.

View Source
var (
	ImportJob_ImportJobState_name = map[int32]string{
		0: "IMPORT_JOB_STATE_UNSPECIFIED",
		1: "PENDING_GENERATION",
		2: "ACTIVE",
		3: "EXPIRED",
	}
	ImportJob_ImportJobState_value = map[string]int32{
		"IMPORT_JOB_STATE_UNSPECIFIED": 0,
		"PENDING_GENERATION":           1,
		"ACTIVE":                       2,
		"EXPIRED":                      3,
	}
)

Enum value maps for ImportJob_ImportJobState.

View Source
var File_google_cloud_kms_v1_resources_proto protoreflect.FileDescriptor
View Source
var File_google_cloud_kms_v1_service_proto protoreflect.FileDescriptor

Functions

func RegisterKeyManagementServiceServer

func RegisterKeyManagementServiceServer(s *grpc.Server, srv KeyManagementServiceServer)

Types

type AsymmetricDecryptRequest

type AsymmetricDecryptRequest struct {

	// Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
	// decryption.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. The data encrypted with the named [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s public
	// key using OAEP.
	Ciphertext []byte `protobuf:"bytes,3,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
	// Optional. An optional CRC32C checksum of the [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext].
	// If specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the
	// received [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext] using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification
	// fails. If you receive a checksum error, your client should verify that
	// CRC32C([AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]) is equal to
	// [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c], and if so, perform a
	// limited number of retries. A persistent mismatch may indicate an issue in
	// your computation of the CRC32C checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	CiphertextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,4,opt,name=ciphertext_crc32c,json=ciphertextCrc32c,proto3" json:"ciphertext_crc32c,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt].

func (*AsymmetricDecryptRequest) Descriptor deprecated

func (*AsymmetricDecryptRequest) Descriptor() ([]byte, []int)

Deprecated: Use AsymmetricDecryptRequest.ProtoReflect.Descriptor instead.

func (*AsymmetricDecryptRequest) GetCiphertext

func (x *AsymmetricDecryptRequest) GetCiphertext() []byte

func (*AsymmetricDecryptRequest) GetCiphertextCrc32C

func (x *AsymmetricDecryptRequest) GetCiphertextCrc32C() *wrapperspb.Int64Value

func (*AsymmetricDecryptRequest) GetName

func (x *AsymmetricDecryptRequest) GetName() string

func (*AsymmetricDecryptRequest) ProtoMessage

func (*AsymmetricDecryptRequest) ProtoMessage()

func (*AsymmetricDecryptRequest) ProtoReflect

func (x *AsymmetricDecryptRequest) ProtoReflect() protoreflect.Message

func (*AsymmetricDecryptRequest) Reset

func (x *AsymmetricDecryptRequest) Reset()

func (*AsymmetricDecryptRequest) String

func (x *AsymmetricDecryptRequest) String() string

type AsymmetricDecryptResponse

type AsymmetricDecryptResponse struct {

	// The decrypted data originally encrypted with the matching public key.
	Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
	// Integrity verification field. A CRC32C checksum of the returned
	// [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext]. An integrity check of
	// [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext] can be performed by computing the
	// CRC32C checksum of [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext] and comparing
	// your results to this field. Discard the response in case of non-matching
	// checksum values, and perform a limited number of retries. A persistent
	// mismatch may indicate an issue in your computation of the CRC32C checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	PlaintextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,2,opt,name=plaintext_crc32c,json=plaintextCrc32c,proto3" json:"plaintext_crc32c,omitempty"`
	// Integrity verification field. A flag indicating whether
	// [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] was received by
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the
	// [ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]. A false value of this
	// field indicates either that [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c]
	// was left unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If
	// you've set [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c] but this field is
	// still false, discard the response and perform a limited number of retries.
	VerifiedCiphertextCrc32C bool `` /* 136-byte string literal not displayed */
	// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in decryption.
	ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt].

func (*AsymmetricDecryptResponse) Descriptor deprecated

func (*AsymmetricDecryptResponse) Descriptor() ([]byte, []int)

Deprecated: Use AsymmetricDecryptResponse.ProtoReflect.Descriptor instead.

func (*AsymmetricDecryptResponse) GetPlaintext

func (x *AsymmetricDecryptResponse) GetPlaintext() []byte

func (*AsymmetricDecryptResponse) GetPlaintextCrc32C

func (x *AsymmetricDecryptResponse) GetPlaintextCrc32C() *wrapperspb.Int64Value

func (*AsymmetricDecryptResponse) GetProtectionLevel

func (x *AsymmetricDecryptResponse) GetProtectionLevel() ProtectionLevel

func (*AsymmetricDecryptResponse) GetVerifiedCiphertextCrc32C

func (x *AsymmetricDecryptResponse) GetVerifiedCiphertextCrc32C() bool

func (*AsymmetricDecryptResponse) ProtoMessage

func (*AsymmetricDecryptResponse) ProtoMessage()

func (*AsymmetricDecryptResponse) ProtoReflect

func (*AsymmetricDecryptResponse) Reset

func (x *AsymmetricDecryptResponse) Reset()

func (*AsymmetricDecryptResponse) String

func (x *AsymmetricDecryptResponse) String() string

type AsymmetricSignRequest

type AsymmetricSignRequest struct {

	// Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for signing.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. The digest of the data to sign. The digest must be produced with
	// the same digest algorithm as specified by the key version's
	// [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm].
	Digest *Digest `protobuf:"bytes,3,opt,name=digest,proto3" json:"digest,omitempty"`
	// Optional. An optional CRC32C checksum of the [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]. If
	// specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the
	// received [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest] using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification
	// fails. If you receive a checksum error, your client should verify that
	// CRC32C([AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]) is equal to
	// [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c], and if so, perform a limited
	// number of retries. A persistent mismatch may indicate an issue in your
	// computation of the CRC32C checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	DigestCrc32C *wrapperspb.Int64Value `protobuf:"bytes,4,opt,name=digest_crc32c,json=digestCrc32c,proto3" json:"digest_crc32c,omitempty"`
	// Optional. This field will only be honored for RAW_PKCS1 keys.
	// The data to sign. A digest is computed over the data that will be signed,
	// PKCS #1 padding is applied to the digest directly and then encrypted.
	Data []byte `protobuf:"bytes,6,opt,name=data,proto3" json:"data,omitempty"`
	// Optional. An optional CRC32C checksum of the [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data]. If
	// specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the
	// received [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data] using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification
	// fails. If you receive a checksum error, your client should verify that
	// CRC32C([AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data]) is equal to
	// [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c], and if so, perform a limited
	// number of retries. A persistent mismatch may indicate an issue in your
	// computation of the CRC32C checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	DataCrc32C *wrapperspb.Int64Value `protobuf:"bytes,7,opt,name=data_crc32c,json=dataCrc32c,proto3" json:"data_crc32c,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign].

func (*AsymmetricSignRequest) Descriptor deprecated

func (*AsymmetricSignRequest) Descriptor() ([]byte, []int)

Deprecated: Use AsymmetricSignRequest.ProtoReflect.Descriptor instead.

func (*AsymmetricSignRequest) GetData

func (x *AsymmetricSignRequest) GetData() []byte

func (*AsymmetricSignRequest) GetDataCrc32C

func (x *AsymmetricSignRequest) GetDataCrc32C() *wrapperspb.Int64Value

func (*AsymmetricSignRequest) GetDigest

func (x *AsymmetricSignRequest) GetDigest() *Digest

func (*AsymmetricSignRequest) GetDigestCrc32C

func (x *AsymmetricSignRequest) GetDigestCrc32C() *wrapperspb.Int64Value

func (*AsymmetricSignRequest) GetName

func (x *AsymmetricSignRequest) GetName() string

func (*AsymmetricSignRequest) ProtoMessage

func (*AsymmetricSignRequest) ProtoMessage()

func (*AsymmetricSignRequest) ProtoReflect

func (x *AsymmetricSignRequest) ProtoReflect() protoreflect.Message

func (*AsymmetricSignRequest) Reset

func (x *AsymmetricSignRequest) Reset()

func (*AsymmetricSignRequest) String

func (x *AsymmetricSignRequest) String() string

type AsymmetricSignResponse

type AsymmetricSignResponse struct {

	// The created signature.
	Signature []byte `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"`
	// Integrity verification field. A CRC32C checksum of the returned
	// [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature]. An integrity check of
	// [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature] can be performed by computing the
	// CRC32C checksum of [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature] and comparing your
	// results to this field. Discard the response in case of non-matching
	// checksum values, and perform a limited number of retries. A persistent
	// mismatch may indicate an issue in your computation of the CRC32C checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	SignatureCrc32C *wrapperspb.Int64Value `protobuf:"bytes,2,opt,name=signature_crc32c,json=signatureCrc32c,proto3" json:"signature_crc32c,omitempty"`
	// Integrity verification field. A flag indicating whether
	// [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] was received by
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the
	// [digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]. A false value of this field
	// indicates either that [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] was left
	// unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
	// set [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c] but this field is still false,
	// discard the response and perform a limited number of retries.
	VerifiedDigestCrc32C bool `protobuf:"varint,3,opt,name=verified_digest_crc32c,json=verifiedDigestCrc32c,proto3" json:"verified_digest_crc32c,omitempty"`
	// The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing. Check
	// this field to verify that the intended resource was used for signing.
	Name string `protobuf:"bytes,4,opt,name=name,proto3" json:"name,omitempty"`
	// Integrity verification field. A flag indicating whether
	// [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c] was received by
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the
	// [data][google.cloud.kms.v1.AsymmetricSignRequest.data]. A false value of this field
	// indicates either that [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c] was left
	// unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
	// set [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c] but this field is still false,
	// discard the response and perform a limited number of retries.
	VerifiedDataCrc32C bool `protobuf:"varint,5,opt,name=verified_data_crc32c,json=verifiedDataCrc32c,proto3" json:"verified_data_crc32c,omitempty"`
	// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing.
	ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign].

func (*AsymmetricSignResponse) Descriptor deprecated

func (*AsymmetricSignResponse) Descriptor() ([]byte, []int)

Deprecated: Use AsymmetricSignResponse.ProtoReflect.Descriptor instead.

func (*AsymmetricSignResponse) GetName

func (x *AsymmetricSignResponse) GetName() string

func (*AsymmetricSignResponse) GetProtectionLevel

func (x *AsymmetricSignResponse) GetProtectionLevel() ProtectionLevel

func (*AsymmetricSignResponse) GetSignature

func (x *AsymmetricSignResponse) GetSignature() []byte

func (*AsymmetricSignResponse) GetSignatureCrc32C

func (x *AsymmetricSignResponse) GetSignatureCrc32C() *wrapperspb.Int64Value

func (*AsymmetricSignResponse) GetVerifiedDataCrc32C

func (x *AsymmetricSignResponse) GetVerifiedDataCrc32C() bool

func (*AsymmetricSignResponse) GetVerifiedDigestCrc32C

func (x *AsymmetricSignResponse) GetVerifiedDigestCrc32C() bool

func (*AsymmetricSignResponse) ProtoMessage

func (*AsymmetricSignResponse) ProtoMessage()

func (*AsymmetricSignResponse) ProtoReflect

func (x *AsymmetricSignResponse) ProtoReflect() protoreflect.Message

func (*AsymmetricSignResponse) Reset

func (x *AsymmetricSignResponse) Reset()

func (*AsymmetricSignResponse) String

func (x *AsymmetricSignResponse) String() string

type CreateCryptoKeyRequest

type CreateCryptoKeyRequest struct {

	// Required. The [name][google.cloud.kms.v1.KeyRing.name] of the KeyRing associated with the
	// [CryptoKeys][google.cloud.kms.v1.CryptoKey].
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. It must be unique within a KeyRing and match the regular
	// expression `[a-zA-Z0-9_-]{1,63}`
	CryptoKeyId string `protobuf:"bytes,2,opt,name=crypto_key_id,json=cryptoKeyId,proto3" json:"crypto_key_id,omitempty"`
	// Required. A [CryptoKey][google.cloud.kms.v1.CryptoKey] with initial field values.
	CryptoKey *CryptoKey `protobuf:"bytes,3,opt,name=crypto_key,json=cryptoKey,proto3" json:"crypto_key,omitempty"`
	// If set to true, the request will create a [CryptoKey][google.cloud.kms.v1.CryptoKey] without any
	// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. You must manually call
	// [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or
	// [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]
	// before you can use this [CryptoKey][google.cloud.kms.v1.CryptoKey].
	SkipInitialVersionCreation bool `` /* 144-byte string literal not displayed */
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey].

func (*CreateCryptoKeyRequest) Descriptor deprecated

func (*CreateCryptoKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateCryptoKeyRequest.ProtoReflect.Descriptor instead.

func (*CreateCryptoKeyRequest) GetCryptoKey

func (x *CreateCryptoKeyRequest) GetCryptoKey() *CryptoKey

func (*CreateCryptoKeyRequest) GetCryptoKeyId

func (x *CreateCryptoKeyRequest) GetCryptoKeyId() string

func (*CreateCryptoKeyRequest) GetParent

func (x *CreateCryptoKeyRequest) GetParent() string

func (*CreateCryptoKeyRequest) GetSkipInitialVersionCreation

func (x *CreateCryptoKeyRequest) GetSkipInitialVersionCreation() bool

func (*CreateCryptoKeyRequest) ProtoMessage

func (*CreateCryptoKeyRequest) ProtoMessage()

func (*CreateCryptoKeyRequest) ProtoReflect

func (x *CreateCryptoKeyRequest) ProtoReflect() protoreflect.Message

func (*CreateCryptoKeyRequest) Reset

func (x *CreateCryptoKeyRequest) Reset()

func (*CreateCryptoKeyRequest) String

func (x *CreateCryptoKeyRequest) String() string

type CreateCryptoKeyVersionRequest

type CreateCryptoKeyVersionRequest struct {

	// Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] associated with
	// the [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with initial field values.
	CryptoKeyVersion *CryptoKeyVersion `protobuf:"bytes,2,opt,name=crypto_key_version,json=cryptoKeyVersion,proto3" json:"crypto_key_version,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion].

func (*CreateCryptoKeyVersionRequest) Descriptor deprecated

func (*CreateCryptoKeyVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.

func (*CreateCryptoKeyVersionRequest) GetCryptoKeyVersion

func (x *CreateCryptoKeyVersionRequest) GetCryptoKeyVersion() *CryptoKeyVersion

func (*CreateCryptoKeyVersionRequest) GetParent

func (x *CreateCryptoKeyVersionRequest) GetParent() string

func (*CreateCryptoKeyVersionRequest) ProtoMessage

func (*CreateCryptoKeyVersionRequest) ProtoMessage()

func (*CreateCryptoKeyVersionRequest) ProtoReflect

func (*CreateCryptoKeyVersionRequest) Reset

func (x *CreateCryptoKeyVersionRequest) Reset()

func (*CreateCryptoKeyVersionRequest) String

type CreateImportJobRequest

type CreateImportJobRequest struct {

	// Required. The [name][google.cloud.kms.v1.KeyRing.name] of the [KeyRing][google.cloud.kms.v1.KeyRing] associated with the
	// [ImportJobs][google.cloud.kms.v1.ImportJob].
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. It must be unique within a KeyRing and match the regular
	// expression `[a-zA-Z0-9_-]{1,63}`
	ImportJobId string `protobuf:"bytes,2,opt,name=import_job_id,json=importJobId,proto3" json:"import_job_id,omitempty"`
	// Required. An [ImportJob][google.cloud.kms.v1.ImportJob] with initial field values.
	ImportJob *ImportJob `protobuf:"bytes,3,opt,name=import_job,json=importJob,proto3" json:"import_job,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.CreateImportJob][google.cloud.kms.v1.KeyManagementService.CreateImportJob].

func (*CreateImportJobRequest) Descriptor deprecated

func (*CreateImportJobRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateImportJobRequest.ProtoReflect.Descriptor instead.

func (*CreateImportJobRequest) GetImportJob

func (x *CreateImportJobRequest) GetImportJob() *ImportJob

func (*CreateImportJobRequest) GetImportJobId

func (x *CreateImportJobRequest) GetImportJobId() string

func (*CreateImportJobRequest) GetParent

func (x *CreateImportJobRequest) GetParent() string

func (*CreateImportJobRequest) ProtoMessage

func (*CreateImportJobRequest) ProtoMessage()

func (*CreateImportJobRequest) ProtoReflect

func (x *CreateImportJobRequest) ProtoReflect() protoreflect.Message

func (*CreateImportJobRequest) Reset

func (x *CreateImportJobRequest) Reset()

func (*CreateImportJobRequest) String

func (x *CreateImportJobRequest) String() string

type CreateKeyRingRequest

type CreateKeyRingRequest struct {

	// Required. The resource name of the location associated with the
	// [KeyRings][google.cloud.kms.v1.KeyRing], in the format `projects/*/locations/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. It must be unique within a location and match the regular
	// expression `[a-zA-Z0-9_-]{1,63}`
	KeyRingId string `protobuf:"bytes,2,opt,name=key_ring_id,json=keyRingId,proto3" json:"key_ring_id,omitempty"`
	// Required. A [KeyRing][google.cloud.kms.v1.KeyRing] with initial field values.
	KeyRing *KeyRing `protobuf:"bytes,3,opt,name=key_ring,json=keyRing,proto3" json:"key_ring,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.CreateKeyRing][google.cloud.kms.v1.KeyManagementService.CreateKeyRing].

func (*CreateKeyRingRequest) Descriptor deprecated

func (*CreateKeyRingRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateKeyRingRequest.ProtoReflect.Descriptor instead.

func (*CreateKeyRingRequest) GetKeyRing

func (x *CreateKeyRingRequest) GetKeyRing() *KeyRing

func (*CreateKeyRingRequest) GetKeyRingId

func (x *CreateKeyRingRequest) GetKeyRingId() string

func (*CreateKeyRingRequest) GetParent

func (x *CreateKeyRingRequest) GetParent() string

func (*CreateKeyRingRequest) ProtoMessage

func (*CreateKeyRingRequest) ProtoMessage()

func (*CreateKeyRingRequest) ProtoReflect

func (x *CreateKeyRingRequest) ProtoReflect() protoreflect.Message

func (*CreateKeyRingRequest) Reset

func (x *CreateKeyRingRequest) Reset()

func (*CreateKeyRingRequest) String

func (x *CreateKeyRingRequest) String() string

type CryptoKey

type CryptoKey struct {

	// Output only. The resource name for this [CryptoKey][google.cloud.kms.v1.CryptoKey] in the format
	// `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Output only. A copy of the "primary" [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that will be used
	// by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] when this [CryptoKey][google.cloud.kms.v1.CryptoKey] is given
	// in [EncryptRequest.name][google.cloud.kms.v1.EncryptRequest.name].
	//
	// The [CryptoKey][google.cloud.kms.v1.CryptoKey]'s primary version can be updated via
	// [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion].
	//
	// Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] may have a
	// primary. For other keys, this field will be omitted.
	Primary *CryptoKeyVersion `protobuf:"bytes,2,opt,name=primary,proto3" json:"primary,omitempty"`
	// Immutable. The immutable purpose of this [CryptoKey][google.cloud.kms.v1.CryptoKey].
	Purpose CryptoKey_CryptoKeyPurpose `protobuf:"varint,3,opt,name=purpose,proto3,enum=google.cloud.kms.v1.CryptoKey_CryptoKeyPurpose" json:"purpose,omitempty"`
	// Output only. The time at which this [CryptoKey][google.cloud.kms.v1.CryptoKey] was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// At [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time], the Key Management Service will automatically:
	//
	// 1. Create a new version of this [CryptoKey][google.cloud.kms.v1.CryptoKey].
	// 2. Mark the new version as primary.
	//
	// Key rotations performed manually via
	// [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] and
	// [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion]
	// do not affect [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time].
	//
	// Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] support
	// automatic rotation. For other keys, this field must be omitted.
	NextRotationTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=next_rotation_time,json=nextRotationTime,proto3" json:"next_rotation_time,omitempty"`
	// Controls the rate of automatic rotation.
	//
	// Types that are assignable to RotationSchedule:
	//	*CryptoKey_RotationPeriod
	RotationSchedule isCryptoKey_RotationSchedule `protobuf_oneof:"rotation_schedule"`
	// A template describing settings for new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] instances.
	// The properties of new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] instances created by either
	// [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or
	// auto-rotation are controlled by this template.
	VersionTemplate *CryptoKeyVersionTemplate `protobuf:"bytes,11,opt,name=version_template,json=versionTemplate,proto3" json:"version_template,omitempty"`
	// Labels with user-defined metadata. For more information, see
	// [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys).
	Labels map[string]string `` /* 154-byte string literal not displayed */
	// Immutable. Whether this key may contain imported versions only.
	ImportOnly bool `protobuf:"varint,13,opt,name=import_only,json=importOnly,proto3" json:"import_only,omitempty"`
	// Immutable. The period of time that versions of this key spend in the
	// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
	// state before transitioning to
	// [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED]. If not
	// specified at creation time, the default duration is 24 hours.
	DestroyScheduledDuration *durationpb.Duration `` /* 136-byte string literal not displayed */
	// contains filtered or unexported fields
}

A CryptoKey[google.cloud.kms.v1.CryptoKey] represents a logical key that can be used for cryptographic operations.

A CryptoKey[google.cloud.kms.v1.CryptoKey] is made up of zero or more [versions][google.cloud.kms.v1.CryptoKeyVersion], which represent the actual key material used in cryptographic operations.

func (*CryptoKey) Descriptor deprecated

func (*CryptoKey) Descriptor() ([]byte, []int)

Deprecated: Use CryptoKey.ProtoReflect.Descriptor instead.

func (*CryptoKey) GetCreateTime

func (x *CryptoKey) GetCreateTime() *timestamppb.Timestamp

func (*CryptoKey) GetDestroyScheduledDuration

func (x *CryptoKey) GetDestroyScheduledDuration() *durationpb.Duration

func (*CryptoKey) GetImportOnly

func (x *CryptoKey) GetImportOnly() bool

func (*CryptoKey) GetLabels

func (x *CryptoKey) GetLabels() map[string]string

func (*CryptoKey) GetName

func (x *CryptoKey) GetName() string

func (*CryptoKey) GetNextRotationTime

func (x *CryptoKey) GetNextRotationTime() *timestamppb.Timestamp

func (*CryptoKey) GetPrimary

func (x *CryptoKey) GetPrimary() *CryptoKeyVersion

func (*CryptoKey) GetPurpose

func (x *CryptoKey) GetPurpose() CryptoKey_CryptoKeyPurpose

func (*CryptoKey) GetRotationPeriod

func (x *CryptoKey) GetRotationPeriod() *durationpb.Duration

func (*CryptoKey) GetRotationSchedule

func (m *CryptoKey) GetRotationSchedule() isCryptoKey_RotationSchedule

func (*CryptoKey) GetVersionTemplate

func (x *CryptoKey) GetVersionTemplate() *CryptoKeyVersionTemplate

func (*CryptoKey) ProtoMessage

func (*CryptoKey) ProtoMessage()

func (*CryptoKey) ProtoReflect

func (x *CryptoKey) ProtoReflect() protoreflect.Message

func (*CryptoKey) Reset

func (x *CryptoKey) Reset()

func (*CryptoKey) String

func (x *CryptoKey) String() string

type CryptoKeyVersion

type CryptoKeyVersion struct {

	// Output only. The resource name for this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the format
	// `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The current state of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	State CryptoKeyVersion_CryptoKeyVersionState `` /* 128-byte string literal not displayed */
	// Output only. The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] describing how crypto operations are
	// performed with this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */
	// Output only. The [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] that this
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] supports.
	Algorithm CryptoKeyVersion_CryptoKeyVersionAlgorithm `` /* 141-byte string literal not displayed */
	// Output only. Statement that was generated and signed by the HSM at key
	// creation time. Use this statement to verify attributes of the key as stored
	// on the HSM, independently of Google. Only provided for key versions with
	// [protection_level][google.cloud.kms.v1.CryptoKeyVersion.protection_level] [HSM][google.cloud.kms.v1.ProtectionLevel.HSM].
	Attestation *KeyOperationAttestation `protobuf:"bytes,8,opt,name=attestation,proto3" json:"attestation,omitempty"`
	// Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// Output only. The time this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material was
	// generated.
	GenerateTime *timestamppb.Timestamp `protobuf:"bytes,11,opt,name=generate_time,json=generateTime,proto3" json:"generate_time,omitempty"`
	// Output only. The time this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material is scheduled
	// for destruction. Only present if [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
	// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED].
	DestroyTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=destroy_time,json=destroyTime,proto3" json:"destroy_time,omitempty"`
	// Output only. The time this CryptoKeyVersion's key material was
	// destroyed. Only present if [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
	// [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED].
	DestroyEventTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=destroy_event_time,json=destroyEventTime,proto3" json:"destroy_event_time,omitempty"`
	// Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used in the most recent import of this
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Only present if the underlying key material was
	// imported.
	ImportJob string `protobuf:"bytes,14,opt,name=import_job,json=importJob,proto3" json:"import_job,omitempty"`
	// Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material
	// was most recently imported.
	ImportTime *timestamppb.Timestamp `protobuf:"bytes,15,opt,name=import_time,json=importTime,proto3" json:"import_time,omitempty"`
	// Output only. The root cause of the most recent import failure. Only present if
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
	// [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED].
	ImportFailureReason string `protobuf:"bytes,16,opt,name=import_failure_reason,json=importFailureReason,proto3" json:"import_failure_reason,omitempty"`
	// ExternalProtectionLevelOptions stores a group of additional fields for
	// configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that are specific to the
	// [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level.
	ExternalProtectionLevelOptions *ExternalProtectionLevelOptions `` /* 156-byte string literal not displayed */
	// Output only. Whether or not this key version is eligible for reimport, by being
	// specified as a target in
	// [ImportCryptoKeyVersionRequest.crypto_key_version][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.crypto_key_version].
	ReimportEligible bool `protobuf:"varint,18,opt,name=reimport_eligible,json=reimportEligible,proto3" json:"reimport_eligible,omitempty"`
	// contains filtered or unexported fields
}

A CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion] represents an individual cryptographic key, and the associated key material.

An [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] version can be used for cryptographic operations.

For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion] can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS.

func (*CryptoKeyVersion) Descriptor deprecated

func (*CryptoKeyVersion) Descriptor() ([]byte, []int)

Deprecated: Use CryptoKeyVersion.ProtoReflect.Descriptor instead.

func (*CryptoKeyVersion) GetAlgorithm

func (*CryptoKeyVersion) GetAttestation

func (x *CryptoKeyVersion) GetAttestation() *KeyOperationAttestation

func (*CryptoKeyVersion) GetCreateTime

func (x *CryptoKeyVersion) GetCreateTime() *timestamppb.Timestamp

func (*CryptoKeyVersion) GetDestroyEventTime

func (x *CryptoKeyVersion) GetDestroyEventTime() *timestamppb.Timestamp

func (*CryptoKeyVersion) GetDestroyTime

func (x *CryptoKeyVersion) GetDestroyTime() *timestamppb.Timestamp

func (*CryptoKeyVersion) GetExternalProtectionLevelOptions

func (x *CryptoKeyVersion) GetExternalProtectionLevelOptions() *ExternalProtectionLevelOptions

func (*CryptoKeyVersion) GetGenerateTime

func (x *CryptoKeyVersion) GetGenerateTime() *timestamppb.Timestamp

func (*CryptoKeyVersion) GetImportFailureReason

func (x *CryptoKeyVersion) GetImportFailureReason() string

func (*CryptoKeyVersion) GetImportJob

func (x *CryptoKeyVersion) GetImportJob() string

func (*CryptoKeyVersion) GetImportTime

func (x *CryptoKeyVersion) GetImportTime() *timestamppb.Timestamp

func (*CryptoKeyVersion) GetName

func (x *CryptoKeyVersion) GetName() string

func (*CryptoKeyVersion) GetProtectionLevel

func (x *CryptoKeyVersion) GetProtectionLevel() ProtectionLevel

func (*CryptoKeyVersion) GetReimportEligible

func (x *CryptoKeyVersion) GetReimportEligible() bool

func (*CryptoKeyVersion) GetState

func (*CryptoKeyVersion) ProtoMessage

func (*CryptoKeyVersion) ProtoMessage()

func (*CryptoKeyVersion) ProtoReflect

func (x *CryptoKeyVersion) ProtoReflect() protoreflect.Message

func (*CryptoKeyVersion) Reset

func (x *CryptoKeyVersion) Reset()

func (*CryptoKeyVersion) String

func (x *CryptoKeyVersion) String() string

type CryptoKeyVersionTemplate

type CryptoKeyVersionTemplate struct {

	// [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] to use when creating a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] based on
	// this template. Immutable. Defaults to [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE].
	ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */
	// Required. [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] to use
	// when creating a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] based on this template.
	//
	// For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both
	// this field is omitted and [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] is
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
	Algorithm CryptoKeyVersion_CryptoKeyVersionAlgorithm `` /* 140-byte string literal not displayed */
	// contains filtered or unexported fields
}

A CryptoKeyVersionTemplate[google.cloud.kms.v1.CryptoKeyVersionTemplate] specifies the properties to use when creating a new CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion], either manually with [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or automatically as a result of auto-rotation.

func (*CryptoKeyVersionTemplate) Descriptor deprecated

func (*CryptoKeyVersionTemplate) Descriptor() ([]byte, []int)

Deprecated: Use CryptoKeyVersionTemplate.ProtoReflect.Descriptor instead.

func (*CryptoKeyVersionTemplate) GetAlgorithm

func (*CryptoKeyVersionTemplate) GetProtectionLevel

func (x *CryptoKeyVersionTemplate) GetProtectionLevel() ProtectionLevel

func (*CryptoKeyVersionTemplate) ProtoMessage

func (*CryptoKeyVersionTemplate) ProtoMessage()

func (*CryptoKeyVersionTemplate) ProtoReflect

func (x *CryptoKeyVersionTemplate) ProtoReflect() protoreflect.Message

func (*CryptoKeyVersionTemplate) Reset

func (x *CryptoKeyVersionTemplate) Reset()

func (*CryptoKeyVersionTemplate) String

func (x *CryptoKeyVersionTemplate) String() string

type CryptoKeyVersion_CryptoKeyVersionAlgorithm

type CryptoKeyVersion_CryptoKeyVersionAlgorithm int32

The algorithm of the CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion], indicating what parameters must be used for each cryptographic operation.

The [GOOGLE_SYMMETRIC_ENCRYPTION][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION] algorithm is usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].

Algorithms beginning with "RSA_SIGN_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN].

The fields in the name after "RSA_SIGN_" correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm.

For PSS, the salt length used is equal to the length of digest algorithm. For example, [RSA_SIGN_PSS_2048_SHA256][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256] will use PSS with a salt length of 256 bits or 32 bytes.

Algorithms beginning with "RSA_DECRYPT_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].

The fields in the name after "RSA_DECRYPT_" correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm.

Algorithms beginning with "EC_SIGN_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN].

The fields in the name after "EC_SIGN_" correspond to the following parameters: elliptic curve, digest algorithm.

Algorithms beginning with "HMAC_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [MAC][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.MAC].

The suffix following "HMAC_" corresponds to the hash algorithm being used (eg. SHA256).

For more information, see [Key purposes and algorithms] (https://cloud.google.com/kms/docs/algorithms).

const (
	// Not specified.
	CryptoKeyVersion_CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED CryptoKeyVersion_CryptoKeyVersionAlgorithm = 0
	// Creates symmetric encryption keys.
	CryptoKeyVersion_GOOGLE_SYMMETRIC_ENCRYPTION CryptoKeyVersion_CryptoKeyVersionAlgorithm = 1
	// RSASSA-PSS 2048 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PSS_2048_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 2
	// RSASSA-PSS 3072 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PSS_3072_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 3
	// RSASSA-PSS 4096 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 4
	// RSASSA-PSS 4096 bit key with a SHA512 digest.
	CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 15
	// RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PKCS1_2048_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 5
	// RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PKCS1_3072_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 6
	// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PKCS1_4096_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 7
	// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
	CryptoKeyVersion_RSA_SIGN_PKCS1_4096_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 16
	// RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
	CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_2048 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 28
	// RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
	CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_3072 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 29
	// RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
	CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_4096 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 30
	// RSAES-OAEP 2048 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_2048_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 8
	// RSAES-OAEP 3072 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_3072_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 9
	// RSAES-OAEP 4096 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 10
	// RSAES-OAEP 4096 bit key with a SHA512 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 17
	// RSAES-OAEP 2048 bit key with a SHA1 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_2048_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 37
	// RSAES-OAEP 3072 bit key with a SHA1 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_3072_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 38
	// RSAES-OAEP 4096 bit key with a SHA1 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 39
	// ECDSA on the NIST P-256 curve with a SHA256 digest.
	CryptoKeyVersion_EC_SIGN_P256_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 12
	// ECDSA on the NIST P-384 curve with a SHA384 digest.
	CryptoKeyVersion_EC_SIGN_P384_SHA384 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 13
	// ECDSA on the non-NIST secp256k1 curve. This curve is only supported for
	// HSM protection level.
	CryptoKeyVersion_EC_SIGN_SECP256K1_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 31
	// HMAC-SHA256 signing with a 256 bit key.
	CryptoKeyVersion_HMAC_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 32
	// Algorithm representing symmetric encryption by an external key manager.
	CryptoKeyVersion_EXTERNAL_SYMMETRIC_ENCRYPTION CryptoKeyVersion_CryptoKeyVersionAlgorithm = 18
)

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Descriptor

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Enum

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) EnumDescriptor deprecated

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) EnumDescriptor() ([]byte, []int)

Deprecated: Use CryptoKeyVersion_CryptoKeyVersionAlgorithm.Descriptor instead.

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Number

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) String

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Type

type CryptoKeyVersion_CryptoKeyVersionState

type CryptoKeyVersion_CryptoKeyVersionState int32

The state of a CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion], indicating if it can be used.

const (
	// Not specified.
	CryptoKeyVersion_CRYPTO_KEY_VERSION_STATE_UNSPECIFIED CryptoKeyVersion_CryptoKeyVersionState = 0
	// This version is still being generated. It may not be used, enabled,
	// disabled, or destroyed yet. Cloud KMS will automatically mark this
	// version [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] as soon as the version is ready.
	CryptoKeyVersion_PENDING_GENERATION CryptoKeyVersion_CryptoKeyVersionState = 5
	// This version may be used for cryptographic operations.
	CryptoKeyVersion_ENABLED CryptoKeyVersion_CryptoKeyVersionState = 1
	// This version may not be used, but the key material is still available,
	// and the version can be placed back into the [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] state.
	CryptoKeyVersion_DISABLED CryptoKeyVersion_CryptoKeyVersionState = 2
	// This version is destroyed, and the key material is no longer stored.
	// This version may only become [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] again if this version is
	// [reimport_eligible][google.cloud.kms.v1.CryptoKeyVersion.reimport_eligible] and the original
	// key material is reimported with a call to
	// [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion].
	CryptoKeyVersion_DESTROYED CryptoKeyVersion_CryptoKeyVersionState = 3
	// This version is scheduled for destruction, and will be destroyed soon.
	// Call
	// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
	// to put it back into the [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] state.
	CryptoKeyVersion_DESTROY_SCHEDULED CryptoKeyVersion_CryptoKeyVersionState = 4
	// This version is still being imported. It may not be used, enabled,
	// disabled, or destroyed yet. Cloud KMS will automatically mark this
	// version [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] as soon as the version is ready.
	CryptoKeyVersion_PENDING_IMPORT CryptoKeyVersion_CryptoKeyVersionState = 6
	// This version was not imported successfully. It may not be used, enabled,
	// disabled, or destroyed. The submitted key material has been discarded.
	// Additional details can be found in
	// [CryptoKeyVersion.import_failure_reason][google.cloud.kms.v1.CryptoKeyVersion.import_failure_reason].
	CryptoKeyVersion_IMPORT_FAILED CryptoKeyVersion_CryptoKeyVersionState = 7
)

func (CryptoKeyVersion_CryptoKeyVersionState) Descriptor

func (CryptoKeyVersion_CryptoKeyVersionState) Enum

func (CryptoKeyVersion_CryptoKeyVersionState) EnumDescriptor deprecated

func (CryptoKeyVersion_CryptoKeyVersionState) EnumDescriptor() ([]byte, []int)

Deprecated: Use CryptoKeyVersion_CryptoKeyVersionState.Descriptor instead.

func (CryptoKeyVersion_CryptoKeyVersionState) Number

func (CryptoKeyVersion_CryptoKeyVersionState) String

func (CryptoKeyVersion_CryptoKeyVersionState) Type

type CryptoKeyVersion_CryptoKeyVersionView

type CryptoKeyVersion_CryptoKeyVersionView int32

A view for CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion]s. Controls the level of detail returned for [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] in [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions] and [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys].

const (
	// Default view for each [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Does not include
	// the [attestation][google.cloud.kms.v1.CryptoKeyVersion.attestation] field.
	CryptoKeyVersion_CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED CryptoKeyVersion_CryptoKeyVersionView = 0
	// Provides all fields in each [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], including the
	// [attestation][google.cloud.kms.v1.CryptoKeyVersion.attestation].
	CryptoKeyVersion_FULL CryptoKeyVersion_CryptoKeyVersionView = 1
)

func (CryptoKeyVersion_CryptoKeyVersionView) Descriptor

func (CryptoKeyVersion_CryptoKeyVersionView) Enum

func (CryptoKeyVersion_CryptoKeyVersionView) EnumDescriptor deprecated

func (CryptoKeyVersion_CryptoKeyVersionView) EnumDescriptor() ([]byte, []int)

Deprecated: Use CryptoKeyVersion_CryptoKeyVersionView.Descriptor instead.

func (CryptoKeyVersion_CryptoKeyVersionView) Number

func (CryptoKeyVersion_CryptoKeyVersionView) String

func (CryptoKeyVersion_CryptoKeyVersionView) Type

type CryptoKey_CryptoKeyPurpose

type CryptoKey_CryptoKeyPurpose int32

[CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] describes the cryptographic capabilities of a CryptoKey[google.cloud.kms.v1.CryptoKey]. A given key can only be used for the operations allowed by its purpose. For more information, see [Key purposes](https://cloud.google.com/kms/docs/algorithms#key_purposes).

const (
	// Not specified.
	CryptoKey_CRYPTO_KEY_PURPOSE_UNSPECIFIED CryptoKey_CryptoKeyPurpose = 0
	// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used with
	// [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and
	// [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
	CryptoKey_ENCRYPT_DECRYPT CryptoKey_CryptoKeyPurpose = 1
	// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used with
	// [AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign] and
	// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
	CryptoKey_ASYMMETRIC_SIGN CryptoKey_CryptoKeyPurpose = 5
	// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used with
	// [AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt] and
	// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
	CryptoKey_ASYMMETRIC_DECRYPT CryptoKey_CryptoKeyPurpose = 6
	// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used with
	// [MacSign][google.cloud.kms.v1.KeyManagementService.MacSign].
	CryptoKey_MAC CryptoKey_CryptoKeyPurpose = 9
)

func (CryptoKey_CryptoKeyPurpose) Descriptor

func (CryptoKey_CryptoKeyPurpose) Enum

func (CryptoKey_CryptoKeyPurpose) EnumDescriptor deprecated

func (CryptoKey_CryptoKeyPurpose) EnumDescriptor() ([]byte, []int)

Deprecated: Use CryptoKey_CryptoKeyPurpose.Descriptor instead.

func (CryptoKey_CryptoKeyPurpose) Number

func (CryptoKey_CryptoKeyPurpose) String

func (CryptoKey_CryptoKeyPurpose) Type

type CryptoKey_RotationPeriod

type CryptoKey_RotationPeriod struct {
	// [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time] will be advanced by this period when the service
	// automatically rotates a key. Must be at least 24 hours and at most
	// 876,000 hours.
	//
	// If [rotation_period][google.cloud.kms.v1.CryptoKey.rotation_period] is set, [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time] must also be set.
	//
	// Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] support
	// automatic rotation. For other keys, this field must be omitted.
	RotationPeriod *durationpb.Duration `protobuf:"bytes,8,opt,name=rotation_period,json=rotationPeriod,proto3,oneof"`
}

type DecryptRequest

type DecryptRequest struct {

	// Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to use for decryption.
	// The server will choose the appropriate version.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. The encrypted data originally returned in
	// [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext].
	Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
	// Optional. Optional data that must match the data originally supplied in
	// [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data].
	AdditionalAuthenticatedData []byte `` /* 144-byte string literal not displayed */
	// Optional. An optional CRC32C checksum of the [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]. If
	// specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the
	// received [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext] using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification
	// fails. If you receive a checksum error, your client should verify that
	// CRC32C([DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]) is equal to
	// [DecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.DecryptRequest.ciphertext_crc32c], and if so, perform a limited number
	// of retries. A persistent mismatch may indicate an issue in your computation
	// of the CRC32C checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	CiphertextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,5,opt,name=ciphertext_crc32c,json=ciphertextCrc32c,proto3" json:"ciphertext_crc32c,omitempty"`
	// Optional. An optional CRC32C checksum of the
	// [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]. If specified,
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received
	// [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data] using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification
	// fails. If you receive a checksum error, your client should verify that
	// CRC32C([DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]) is equal to
	// [DecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data_crc32c], and if so, perform
	// a limited number of retries. A persistent mismatch may indicate an issue in
	// your computation of the CRC32C checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	AdditionalAuthenticatedDataCrc32C *wrapperspb.Int64Value `` /* 164-byte string literal not displayed */
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].

func (*DecryptRequest) Descriptor deprecated

func (*DecryptRequest) Descriptor() ([]byte, []int)

Deprecated: Use DecryptRequest.ProtoReflect.Descriptor instead.

func (*DecryptRequest) GetAdditionalAuthenticatedData

func (x *DecryptRequest) GetAdditionalAuthenticatedData() []byte

func (*DecryptRequest) GetAdditionalAuthenticatedDataCrc32C

func (x *DecryptRequest) GetAdditionalAuthenticatedDataCrc32C() *wrapperspb.Int64Value

func (*DecryptRequest) GetCiphertext

func (x *DecryptRequest) GetCiphertext() []byte

func (*DecryptRequest) GetCiphertextCrc32C

func (x *DecryptRequest) GetCiphertextCrc32C() *wrapperspb.Int64Value

func (*DecryptRequest) GetName

func (x *DecryptRequest) GetName() string

func (*DecryptRequest) ProtoMessage

func (*DecryptRequest) ProtoMessage()

func (*DecryptRequest) ProtoReflect

func (x *DecryptRequest) ProtoReflect() protoreflect.Message

func (*DecryptRequest) Reset

func (x *DecryptRequest) Reset()

func (*DecryptRequest) String

func (x *DecryptRequest) String() string

type DecryptResponse

type DecryptResponse struct {

	// The decrypted data originally supplied in [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext].
	Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
	// Integrity verification field. A CRC32C checksum of the returned
	// [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext]. An integrity check of
	// [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext] can be performed by computing the CRC32C
	// checksum of [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext] and comparing your results to
	// this field. Discard the response in case of non-matching checksum values,
	// and perform a limited number of retries. A persistent mismatch may indicate
	// an issue in your computation of the CRC32C checksum. Note: receiving this
	// response message indicates that [KeyManagementService][google.cloud.kms.v1.KeyManagementService] is able to
	// successfully decrypt the [ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext].
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	PlaintextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,2,opt,name=plaintext_crc32c,json=plaintextCrc32c,proto3" json:"plaintext_crc32c,omitempty"`
	// Whether the Decryption was performed using the primary key version.
	UsedPrimary bool `protobuf:"varint,3,opt,name=used_primary,json=usedPrimary,proto3" json:"used_primary,omitempty"`
	// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in decryption.
	ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].

func (*DecryptResponse) Descriptor deprecated

func (*DecryptResponse) Descriptor() ([]byte, []int)

Deprecated: Use DecryptResponse.ProtoReflect.Descriptor instead.

func (*DecryptResponse) GetPlaintext

func (x *DecryptResponse) GetPlaintext() []byte

func (*DecryptResponse) GetPlaintextCrc32C

func (x *DecryptResponse) GetPlaintextCrc32C() *wrapperspb.Int64Value

func (*DecryptResponse) GetProtectionLevel

func (x *DecryptResponse) GetProtectionLevel() ProtectionLevel

func (*DecryptResponse) GetUsedPrimary

func (x *DecryptResponse) GetUsedPrimary() bool

func (*DecryptResponse) ProtoMessage

func (*DecryptResponse) ProtoMessage()

func (*DecryptResponse) ProtoReflect

func (x *DecryptResponse) ProtoReflect() protoreflect.Message

func (*DecryptResponse) Reset

func (x *DecryptResponse) Reset()

func (*DecryptResponse) String

func (x *DecryptResponse) String() string

type DestroyCryptoKeyVersionRequest

type DestroyCryptoKeyVersionRequest struct {

	// Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to destroy.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion].

func (*DestroyCryptoKeyVersionRequest) Descriptor deprecated

func (*DestroyCryptoKeyVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use DestroyCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.

func (*DestroyCryptoKeyVersionRequest) GetName

func (*DestroyCryptoKeyVersionRequest) ProtoMessage

func (*DestroyCryptoKeyVersionRequest) ProtoMessage()

func (*DestroyCryptoKeyVersionRequest) ProtoReflect

func (*DestroyCryptoKeyVersionRequest) Reset

func (x *DestroyCryptoKeyVersionRequest) Reset()

func (*DestroyCryptoKeyVersionRequest) String

type Digest

type Digest struct {

	// Required. The message digest.
	//
	// Types that are assignable to Digest:
	//	*Digest_Sha256
	//	*Digest_Sha384
	//	*Digest_Sha512
	Digest isDigest_Digest `protobuf_oneof:"digest"`
	// contains filtered or unexported fields
}

A Digest[google.cloud.kms.v1.Digest] holds a cryptographic message digest.

func (*Digest) Descriptor deprecated

func (*Digest) Descriptor() ([]byte, []int)

Deprecated: Use Digest.ProtoReflect.Descriptor instead.

func (*Digest) GetDigest

func (m *Digest) GetDigest() isDigest_Digest

func (*Digest) GetSha256

func (x *Digest) GetSha256() []byte

func (*Digest) GetSha384

func (x *Digest) GetSha384() []byte

func (*Digest) GetSha512

func (x *Digest) GetSha512() []byte

func (*Digest) ProtoMessage

func (*Digest) ProtoMessage()

func (*Digest) ProtoReflect

func (x *Digest) ProtoReflect() protoreflect.Message

func (*Digest) Reset

func (x *Digest) Reset()

func (*Digest) String

func (x *Digest) String() string

type Digest_Sha256

type Digest_Sha256 struct {
	// A message digest produced with the SHA-256 algorithm.
	Sha256 []byte `protobuf:"bytes,1,opt,name=sha256,proto3,oneof"`
}

type Digest_Sha384

type Digest_Sha384 struct {
	// A message digest produced with the SHA-384 algorithm.
	Sha384 []byte `protobuf:"bytes,2,opt,name=sha384,proto3,oneof"`
}

type Digest_Sha512

type Digest_Sha512 struct {
	// A message digest produced with the SHA-512 algorithm.
	Sha512 []byte `protobuf:"bytes,3,opt,name=sha512,proto3,oneof"`
}

type EncryptRequest

type EncryptRequest struct {

	// Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] or [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
	// to use for encryption.
	//
	// If a [CryptoKey][google.cloud.kms.v1.CryptoKey] is specified, the server will use its
	// [primary version][google.cloud.kms.v1.CryptoKey.primary].
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. The data to encrypt. Must be no larger than 64KiB.
	//
	// The maximum size depends on the key version's
	// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. For
	// [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the plaintext must be no larger
	// than 64KiB. For [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of the
	// plaintext and additional_authenticated_data fields must be no larger than
	// 8KiB.
	Plaintext []byte `protobuf:"bytes,2,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
	// Optional. Optional data that, if specified, must also be provided during decryption
	// through [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data].
	//
	// The maximum size depends on the key version's
	// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]. For
	// [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the AAD must be no larger than
	// 64KiB. For [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of the
	// plaintext and additional_authenticated_data fields must be no larger than
	// 8KiB.
	AdditionalAuthenticatedData []byte `` /* 144-byte string literal not displayed */
	// Optional. An optional CRC32C checksum of the [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. If
	// specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the
	// received [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext] using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification
	// fails. If you receive a checksum error, your client should verify that
	// CRC32C([EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]) is equal to
	// [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c], and if so, perform a limited number of
	// retries. A persistent mismatch may indicate an issue in your computation of
	// the CRC32C checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	PlaintextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,7,opt,name=plaintext_crc32c,json=plaintextCrc32c,proto3" json:"plaintext_crc32c,omitempty"`
	// Optional. An optional CRC32C checksum of the
	// [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. If specified,
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the received
	// [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data] using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification
	// fails. If you receive a checksum error, your client should verify that
	// CRC32C([EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]) is equal to
	// [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c], and if so, perform
	// a limited number of retries. A persistent mismatch may indicate an issue in
	// your computation of the CRC32C checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	AdditionalAuthenticatedDataCrc32C *wrapperspb.Int64Value `` /* 164-byte string literal not displayed */
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].

func (*EncryptRequest) Descriptor deprecated

func (*EncryptRequest) Descriptor() ([]byte, []int)

Deprecated: Use EncryptRequest.ProtoReflect.Descriptor instead.

func (*EncryptRequest) GetAdditionalAuthenticatedData

func (x *EncryptRequest) GetAdditionalAuthenticatedData() []byte

func (*EncryptRequest) GetAdditionalAuthenticatedDataCrc32C

func (x *EncryptRequest) GetAdditionalAuthenticatedDataCrc32C() *wrapperspb.Int64Value

func (*EncryptRequest) GetName

func (x *EncryptRequest) GetName() string

func (*EncryptRequest) GetPlaintext

func (x *EncryptRequest) GetPlaintext() []byte

func (*EncryptRequest) GetPlaintextCrc32C

func (x *EncryptRequest) GetPlaintextCrc32C() *wrapperspb.Int64Value

func (*EncryptRequest) ProtoMessage

func (*EncryptRequest) ProtoMessage()

func (*EncryptRequest) ProtoReflect

func (x *EncryptRequest) ProtoReflect() protoreflect.Message

func (*EncryptRequest) Reset

func (x *EncryptRequest) Reset()

func (*EncryptRequest) String

func (x *EncryptRequest) String() string

type EncryptResponse

type EncryptResponse struct {

	// The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in encryption. Check
	// this field to verify that the intended resource was used for encryption.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The encrypted data.
	Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
	// Integrity verification field. A CRC32C checksum of the returned
	// [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext]. An integrity check of
	// [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext] can be performed by computing the CRC32C
	// checksum of [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext] and comparing your results to
	// this field. Discard the response in case of non-matching checksum values,
	// and perform a limited number of retries. A persistent mismatch may indicate
	// an issue in your computation of the CRC32C checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	CiphertextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,4,opt,name=ciphertext_crc32c,json=ciphertextCrc32c,proto3" json:"ciphertext_crc32c,omitempty"`
	// Integrity verification field. A flag indicating whether
	// [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] was received by
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the
	// [plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. A false value of this field
	// indicates either that [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] was left unset or
	// that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've set
	// [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c] but this field is still false, discard
	// the response and perform a limited number of retries.
	VerifiedPlaintextCrc32C bool `` /* 133-byte string literal not displayed */
	// Integrity verification field. A flag indicating whether
	// [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] was received by
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the
	// [AAD][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. A false value of this
	// field indicates either that
	// [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] was left unset or
	// that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've set
	// [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c] but this field is
	// still false, discard the response and perform a limited number of retries.
	VerifiedAdditionalAuthenticatedDataCrc32C bool `` /* 191-byte string literal not displayed */
	// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in encryption.
	ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].

func (*EncryptResponse) Descriptor deprecated

func (*EncryptResponse) Descriptor() ([]byte, []int)

Deprecated: Use EncryptResponse.ProtoReflect.Descriptor instead.

func (*EncryptResponse) GetCiphertext

func (x *EncryptResponse) GetCiphertext() []byte

func (*EncryptResponse) GetCiphertextCrc32C

func (x *EncryptResponse) GetCiphertextCrc32C() *wrapperspb.Int64Value

func (*EncryptResponse) GetName

func (x *EncryptResponse) GetName() string

func (*EncryptResponse) GetProtectionLevel

func (x *EncryptResponse) GetProtectionLevel() ProtectionLevel

func (*EncryptResponse) GetVerifiedAdditionalAuthenticatedDataCrc32C

func (x *EncryptResponse) GetVerifiedAdditionalAuthenticatedDataCrc32C() bool

func (*EncryptResponse) GetVerifiedPlaintextCrc32C

func (x *EncryptResponse) GetVerifiedPlaintextCrc32C() bool

func (*EncryptResponse) ProtoMessage

func (*EncryptResponse) ProtoMessage()

func (*EncryptResponse) ProtoReflect

func (x *EncryptResponse) ProtoReflect() protoreflect.Message

func (*EncryptResponse) Reset

func (x *EncryptResponse) Reset()

func (*EncryptResponse) String

func (x *EncryptResponse) String() string

type ExternalProtectionLevelOptions

type ExternalProtectionLevelOptions struct {

	// The URI for an external resource that this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] represents.
	ExternalKeyUri string `protobuf:"bytes,1,opt,name=external_key_uri,json=externalKeyUri,proto3" json:"external_key_uri,omitempty"`
	// contains filtered or unexported fields
}

ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion] that are specific to the [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level.

func (*ExternalProtectionLevelOptions) Descriptor deprecated

func (*ExternalProtectionLevelOptions) Descriptor() ([]byte, []int)

Deprecated: Use ExternalProtectionLevelOptions.ProtoReflect.Descriptor instead.

func (*ExternalProtectionLevelOptions) GetExternalKeyUri

func (x *ExternalProtectionLevelOptions) GetExternalKeyUri() string

func (*ExternalProtectionLevelOptions) ProtoMessage

func (*ExternalProtectionLevelOptions) ProtoMessage()

func (*ExternalProtectionLevelOptions) ProtoReflect

func (*ExternalProtectionLevelOptions) Reset

func (x *ExternalProtectionLevelOptions) Reset()

func (*ExternalProtectionLevelOptions) String

type GenerateRandomBytesRequest

type GenerateRandomBytesRequest struct {

	// The project-specific location in which to generate random bytes.
	// For example, "projects/my-project/locations/us-central1".
	Location string `protobuf:"bytes,1,opt,name=location,proto3" json:"location,omitempty"`
	// The length in bytes of the amount of randomness to retrieve.  Minimum 8
	// bytes, maximum 1024 bytes.
	LengthBytes int32 `protobuf:"varint,2,opt,name=length_bytes,json=lengthBytes,proto3" json:"length_bytes,omitempty"`
	// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] to use when generating the random data. Defaults to
	// [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE].
	ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes].

func (*GenerateRandomBytesRequest) Descriptor deprecated

func (*GenerateRandomBytesRequest) Descriptor() ([]byte, []int)

Deprecated: Use GenerateRandomBytesRequest.ProtoReflect.Descriptor instead.

func (*GenerateRandomBytesRequest) GetLengthBytes

func (x *GenerateRandomBytesRequest) GetLengthBytes() int32

func (*GenerateRandomBytesRequest) GetLocation

func (x *GenerateRandomBytesRequest) GetLocation() string

func (*GenerateRandomBytesRequest) GetProtectionLevel

func (x *GenerateRandomBytesRequest) GetProtectionLevel() ProtectionLevel

func (*GenerateRandomBytesRequest) ProtoMessage

func (*GenerateRandomBytesRequest) ProtoMessage()

func (*GenerateRandomBytesRequest) ProtoReflect

func (*GenerateRandomBytesRequest) Reset

func (x *GenerateRandomBytesRequest) Reset()

func (*GenerateRandomBytesRequest) String

func (x *GenerateRandomBytesRequest) String() string

type GenerateRandomBytesResponse

type GenerateRandomBytesResponse struct {

	// The generated data.
	Data []byte `protobuf:"bytes,1,opt,name=data,proto3" json:"data,omitempty"`
	// Integrity verification field. A CRC32C checksum of the returned
	// [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data]. An integrity check of
	// [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data] can be performed by computing the
	// CRC32C checksum of [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data] and comparing your
	// results to this field. Discard the response in case of non-matching
	// checksum values, and perform a limited number of retries. A persistent
	// mismatch may indicate an issue in your computation of the CRC32C checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	DataCrc32C *wrapperspb.Int64Value `protobuf:"bytes,3,opt,name=data_crc32c,json=dataCrc32c,proto3" json:"data_crc32c,omitempty"`
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes].

func (*GenerateRandomBytesResponse) Descriptor deprecated

func (*GenerateRandomBytesResponse) Descriptor() ([]byte, []int)

Deprecated: Use GenerateRandomBytesResponse.ProtoReflect.Descriptor instead.

func (*GenerateRandomBytesResponse) GetData

func (x *GenerateRandomBytesResponse) GetData() []byte

func (*GenerateRandomBytesResponse) GetDataCrc32C

func (*GenerateRandomBytesResponse) ProtoMessage

func (*GenerateRandomBytesResponse) ProtoMessage()

func (*GenerateRandomBytesResponse) ProtoReflect

func (*GenerateRandomBytesResponse) Reset

func (x *GenerateRandomBytesResponse) Reset()

func (*GenerateRandomBytesResponse) String

func (x *GenerateRandomBytesResponse) String() string

type GetCryptoKeyRequest

type GetCryptoKeyRequest struct {

	// Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetCryptoKey][google.cloud.kms.v1.KeyManagementService.GetCryptoKey].

func (*GetCryptoKeyRequest) Descriptor deprecated

func (*GetCryptoKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetCryptoKeyRequest.ProtoReflect.Descriptor instead.

func (*GetCryptoKeyRequest) GetName

func (x *GetCryptoKeyRequest) GetName() string

func (*GetCryptoKeyRequest) ProtoMessage

func (*GetCryptoKeyRequest) ProtoMessage()

func (*GetCryptoKeyRequest) ProtoReflect

func (x *GetCryptoKeyRequest) ProtoReflect() protoreflect.Message

func (*GetCryptoKeyRequest) Reset

func (x *GetCryptoKeyRequest) Reset()

func (*GetCryptoKeyRequest) String

func (x *GetCryptoKeyRequest) String() string

type GetCryptoKeyVersionRequest

type GetCryptoKeyVersionRequest struct {

	// Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.GetCryptoKeyVersion].

func (*GetCryptoKeyVersionRequest) Descriptor deprecated

func (*GetCryptoKeyVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.

func (*GetCryptoKeyVersionRequest) GetName

func (x *GetCryptoKeyVersionRequest) GetName() string

func (*GetCryptoKeyVersionRequest) ProtoMessage

func (*GetCryptoKeyVersionRequest) ProtoMessage()

func (*GetCryptoKeyVersionRequest) ProtoReflect

func (*GetCryptoKeyVersionRequest) Reset

func (x *GetCryptoKeyVersionRequest) Reset()

func (*GetCryptoKeyVersionRequest) String

func (x *GetCryptoKeyVersionRequest) String() string

type GetImportJobRequest

type GetImportJobRequest struct {

	// Required. The [name][google.cloud.kms.v1.ImportJob.name] of the [ImportJob][google.cloud.kms.v1.ImportJob] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetImportJob][google.cloud.kms.v1.KeyManagementService.GetImportJob].

func (*GetImportJobRequest) Descriptor deprecated

func (*GetImportJobRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetImportJobRequest.ProtoReflect.Descriptor instead.

func (*GetImportJobRequest) GetName

func (x *GetImportJobRequest) GetName() string

func (*GetImportJobRequest) ProtoMessage

func (*GetImportJobRequest) ProtoMessage()

func (*GetImportJobRequest) ProtoReflect

func (x *GetImportJobRequest) ProtoReflect() protoreflect.Message

func (*GetImportJobRequest) Reset

func (x *GetImportJobRequest) Reset()

func (*GetImportJobRequest) String

func (x *GetImportJobRequest) String() string

type GetKeyRingRequest

type GetKeyRingRequest struct {

	// Required. The [name][google.cloud.kms.v1.KeyRing.name] of the [KeyRing][google.cloud.kms.v1.KeyRing] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetKeyRing][google.cloud.kms.v1.KeyManagementService.GetKeyRing].

func (*GetKeyRingRequest) Descriptor deprecated

func (*GetKeyRingRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetKeyRingRequest.ProtoReflect.Descriptor instead.

func (*GetKeyRingRequest) GetName

func (x *GetKeyRingRequest) GetName() string

func (*GetKeyRingRequest) ProtoMessage

func (*GetKeyRingRequest) ProtoMessage()

func (*GetKeyRingRequest) ProtoReflect

func (x *GetKeyRingRequest) ProtoReflect() protoreflect.Message

func (*GetKeyRingRequest) Reset

func (x *GetKeyRingRequest) Reset()

func (*GetKeyRingRequest) String

func (x *GetKeyRingRequest) String() string

type GetPublicKeyRequest

type GetPublicKeyRequest struct {

	// Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key to
	// get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].

func (*GetPublicKeyRequest) Descriptor deprecated

func (*GetPublicKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetPublicKeyRequest.ProtoReflect.Descriptor instead.

func (*GetPublicKeyRequest) GetName

func (x *GetPublicKeyRequest) GetName() string

func (*GetPublicKeyRequest) ProtoMessage

func (*GetPublicKeyRequest) ProtoMessage()

func (*GetPublicKeyRequest) ProtoReflect

func (x *GetPublicKeyRequest) ProtoReflect() protoreflect.Message

func (*GetPublicKeyRequest) Reset

func (x *GetPublicKeyRequest) Reset()

func (*GetPublicKeyRequest) String

func (x *GetPublicKeyRequest) String() string

type ImportCryptoKeyVersionRequest

type ImportCryptoKeyVersionRequest struct {

	// Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to be imported into.
	//
	// The create permission is only required on this key when creating a new
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. The optional [name][google.cloud.kms.v1.CryptoKeyVersion.name] of an existing
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to target for an import operation.
	// If this field is not present, a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] containing the
	// supplied key material is created.
	//
	// If this field is present, the supplied key material is imported into
	// the existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. To import into an existing
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] must be a child of
	// [ImportCryptoKeyVersionRequest.parent][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent], have been previously created via
	// [ImportCryptoKeyVersion][], and be in
	// [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED] or
	// [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED]
	// state. The key material and algorithm must match the previous
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] exactly if the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] has ever contained
	// key material.
	CryptoKeyVersion string `protobuf:"bytes,6,opt,name=crypto_key_version,json=cryptoKeyVersion,proto3" json:"crypto_key_version,omitempty"`
	// Required. The [algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] of
	// the key being imported. This does not need to match the
	// [version_template][google.cloud.kms.v1.CryptoKey.version_template] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] this
	// version imports into.
	Algorithm CryptoKeyVersion_CryptoKeyVersionAlgorithm `` /* 140-byte string literal not displayed */
	// Required. The [name][google.cloud.kms.v1.ImportJob.name] of the [ImportJob][google.cloud.kms.v1.ImportJob] that was used to
	// wrap this key material.
	ImportJob string `protobuf:"bytes,4,opt,name=import_job,json=importJob,proto3" json:"import_job,omitempty"`
	// Required. The incoming wrapped key material that is to be imported.
	//
	// Types that are assignable to WrappedKeyMaterial:
	//	*ImportCryptoKeyVersionRequest_RsaAesWrappedKey
	WrappedKeyMaterial isImportCryptoKeyVersionRequest_WrappedKeyMaterial `protobuf_oneof:"wrapped_key_material"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion].

func (*ImportCryptoKeyVersionRequest) Descriptor deprecated

func (*ImportCryptoKeyVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use ImportCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.

func (*ImportCryptoKeyVersionRequest) GetAlgorithm

func (*ImportCryptoKeyVersionRequest) GetCryptoKeyVersion

func (x *ImportCryptoKeyVersionRequest) GetCryptoKeyVersion() string

func (*ImportCryptoKeyVersionRequest) GetImportJob

func (x *ImportCryptoKeyVersionRequest) GetImportJob() string

func (*ImportCryptoKeyVersionRequest) GetParent

func (x *ImportCryptoKeyVersionRequest) GetParent() string

func (*ImportCryptoKeyVersionRequest) GetRsaAesWrappedKey

func (x *ImportCryptoKeyVersionRequest) GetRsaAesWrappedKey() []byte

func (*ImportCryptoKeyVersionRequest) GetWrappedKeyMaterial

func (m *ImportCryptoKeyVersionRequest) GetWrappedKeyMaterial() isImportCryptoKeyVersionRequest_WrappedKeyMaterial

func (*ImportCryptoKeyVersionRequest) ProtoMessage

func (*ImportCryptoKeyVersionRequest) ProtoMessage()

func (*ImportCryptoKeyVersionRequest) ProtoReflect

func (*ImportCryptoKeyVersionRequest) Reset

func (x *ImportCryptoKeyVersionRequest) Reset()

func (*ImportCryptoKeyVersionRequest) String

type ImportCryptoKeyVersionRequest_RsaAesWrappedKey

type ImportCryptoKeyVersionRequest_RsaAesWrappedKey struct {
	// Wrapped key material produced with
	// [RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256]
	// or
	// [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256].
	//
	// This field contains the concatenation of two wrapped keys:
	// <ol>
	//   <li>An ephemeral AES-256 wrapping key wrapped with the
	//       [public_key][google.cloud.kms.v1.ImportJob.public_key] using RSAES-OAEP with SHA-1,
	//       MGF1 with SHA-1, and an empty label.
	//   </li>
	//   <li>The key to be imported, wrapped with the ephemeral AES-256 key
	//       using AES-KWP (RFC 5649).
	//   </li>
	// </ol>
	//
	// If importing symmetric key material, it is expected that the unwrapped
	// key contains plain bytes. If importing asymmetric key material, it is
	// expected that the unwrapped key is in PKCS#8-encoded DER format (the
	// PrivateKeyInfo structure from RFC 5208).
	//
	// This format is the same as the format produced by PKCS#11 mechanism
	// CKM_RSA_AES_KEY_WRAP.
	RsaAesWrappedKey []byte `protobuf:"bytes,5,opt,name=rsa_aes_wrapped_key,json=rsaAesWrappedKey,proto3,oneof"`
}

type ImportJob

type ImportJob struct {

	// Output only. The resource name for this [ImportJob][google.cloud.kms.v1.ImportJob] in the format
	// `projects/*/locations/*/keyRings/*/importJobs/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. Immutable. The wrapping method to be used for incoming key material.
	ImportMethod ImportJob_ImportMethod `` /* 146-byte string literal not displayed */
	// Required. Immutable. The protection level of the [ImportJob][google.cloud.kms.v1.ImportJob]. This must match the
	// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level] of the
	// [version_template][google.cloud.kms.v1.CryptoKey.version_template] on the [CryptoKey][google.cloud.kms.v1.CryptoKey] you
	// attempt to import into.
	ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */
	// Output only. The time at which this [ImportJob][google.cloud.kms.v1.ImportJob] was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// Output only. The time this [ImportJob][google.cloud.kms.v1.ImportJob]'s key material was generated.
	GenerateTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=generate_time,json=generateTime,proto3" json:"generate_time,omitempty"`
	// Output only. The time at which this [ImportJob][google.cloud.kms.v1.ImportJob] is scheduled for
	// expiration and can no longer be used to import key material.
	ExpireTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=expire_time,json=expireTime,proto3" json:"expire_time,omitempty"`
	// Output only. The time this [ImportJob][google.cloud.kms.v1.ImportJob] expired. Only present if
	// [state][google.cloud.kms.v1.ImportJob.state] is [EXPIRED][google.cloud.kms.v1.ImportJob.ImportJobState.EXPIRED].
	ExpireEventTime *timestamppb.Timestamp `protobuf:"bytes,10,opt,name=expire_event_time,json=expireEventTime,proto3" json:"expire_event_time,omitempty"`
	// Output only. The current state of the [ImportJob][google.cloud.kms.v1.ImportJob], indicating if it can
	// be used.
	State ImportJob_ImportJobState `protobuf:"varint,6,opt,name=state,proto3,enum=google.cloud.kms.v1.ImportJob_ImportJobState" json:"state,omitempty"`
	// Output only. The public key with which to wrap key material prior to
	// import. Only returned if [state][google.cloud.kms.v1.ImportJob.state] is
	// [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE].
	PublicKey *ImportJob_WrappingPublicKey `protobuf:"bytes,7,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
	// Output only. Statement that was generated and signed by the key creator
	// (for example, an HSM) at key creation time. Use this statement to verify
	// attributes of the key as stored on the HSM, independently of Google.
	// Only present if the chosen [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod] is one with a protection
	// level of [HSM][google.cloud.kms.v1.ProtectionLevel.HSM].
	Attestation *KeyOperationAttestation `protobuf:"bytes,8,opt,name=attestation,proto3" json:"attestation,omitempty"`
	// contains filtered or unexported fields
}

An ImportJob[google.cloud.kms.v1.ImportJob] can be used to create [CryptoKeys][google.cloud.kms.v1.CryptoKey] and [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] using pre-existing key material, generated outside of Cloud KMS.

When an ImportJob[google.cloud.kms.v1.ImportJob] is created, Cloud KMS will generate a "wrapping key", which is a public/private key pair. You use the wrapping key to encrypt (also known as wrap) the pre-existing key material to protect it during the import process. The nature of the wrapping key depends on the choice of [import_method][google.cloud.kms.v1.ImportJob.import_method]. When the wrapping key generation is complete, the [state][google.cloud.kms.v1.ImportJob.state] will be set to [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] and the [public_key][google.cloud.kms.v1.ImportJob.public_key] can be fetched. The fetched public key can then be used to wrap your pre-existing key material.

Once the key material is wrapped, it can be imported into a new CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion] in an existing CryptoKey[google.cloud.kms.v1.CryptoKey] by calling [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. Multiple [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] can be imported with a single ImportJob[google.cloud.kms.v1.ImportJob]. Cloud KMS uses the private key portion of the wrapping key to unwrap the key material. Only Cloud KMS has access to the private key.

An ImportJob[google.cloud.kms.v1.ImportJob] expires 3 days after it is created. Once expired, Cloud KMS will no longer be able to import or unwrap any key material that was wrapped with the ImportJob[google.cloud.kms.v1.ImportJob]'s public key.

For more information, see [Importing a key](https://cloud.google.com/kms/docs/importing-a-key).

func (*ImportJob) Descriptor deprecated

func (*ImportJob) Descriptor() ([]byte, []int)

Deprecated: Use ImportJob.ProtoReflect.Descriptor instead.

func (*ImportJob) GetAttestation

func (x *ImportJob) GetAttestation() *KeyOperationAttestation

func (*ImportJob) GetCreateTime

func (x *ImportJob) GetCreateTime() *timestamppb.Timestamp

func (*ImportJob) GetExpireEventTime

func (x *ImportJob) GetExpireEventTime() *timestamppb.Timestamp

func (*ImportJob) GetExpireTime

func (x *ImportJob) GetExpireTime() *timestamppb.Timestamp

func (*ImportJob) GetGenerateTime

func (x *ImportJob) GetGenerateTime() *timestamppb.Timestamp

func (*ImportJob) GetImportMethod

func (x *ImportJob) GetImportMethod() ImportJob_ImportMethod

func (*ImportJob) GetName

func (x *ImportJob) GetName() string

func (*ImportJob) GetProtectionLevel

func (x *ImportJob) GetProtectionLevel() ProtectionLevel

func (*ImportJob) GetPublicKey

func (x *ImportJob) GetPublicKey() *ImportJob_WrappingPublicKey

func (*ImportJob) GetState

func (x *ImportJob) GetState() ImportJob_ImportJobState

func (*ImportJob) ProtoMessage

func (*ImportJob) ProtoMessage()

func (*ImportJob) ProtoReflect

func (x *ImportJob) ProtoReflect() protoreflect.Message

func (*ImportJob) Reset

func (x *ImportJob) Reset()

func (*ImportJob) String

func (x *ImportJob) String() string

type ImportJob_ImportJobState

type ImportJob_ImportJobState int32

The state of the ImportJob[google.cloud.kms.v1.ImportJob], indicating if it can be used.

const (
	// Not specified.
	ImportJob_IMPORT_JOB_STATE_UNSPECIFIED ImportJob_ImportJobState = 0
	// The wrapping key for this job is still being generated. It may not be
	// used. Cloud KMS will automatically mark this job as
	// [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] as soon as the wrapping key is generated.
	ImportJob_PENDING_GENERATION ImportJob_ImportJobState = 1
	// This job may be used in
	// [CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey] and
	// [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]
	// requests.
	ImportJob_ACTIVE ImportJob_ImportJobState = 2
	// This job can no longer be used and may not leave this state once entered.
	ImportJob_EXPIRED ImportJob_ImportJobState = 3
)

func (ImportJob_ImportJobState) Descriptor

func (ImportJob_ImportJobState) Enum

func (ImportJob_ImportJobState) EnumDescriptor deprecated

func (ImportJob_ImportJobState) EnumDescriptor() ([]byte, []int)

Deprecated: Use ImportJob_ImportJobState.Descriptor instead.

func (ImportJob_ImportJobState) Number

func (ImportJob_ImportJobState) String

func (x ImportJob_ImportJobState) String() string

func (ImportJob_ImportJobState) Type

type ImportJob_ImportMethod

type ImportJob_ImportMethod int32

[ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod] describes the key wrapping method chosen for this ImportJob[google.cloud.kms.v1.ImportJob].

const (
	// Not specified.
	ImportJob_IMPORT_METHOD_UNSPECIFIED ImportJob_ImportMethod = 0
	// This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
	// scheme defined in the PKCS #11 standard. In summary, this involves
	// wrapping the raw key with an ephemeral AES key, and wrapping the
	// ephemeral AES key with a 3072 bit RSA key. For more details, see
	// [RSA AES key wrap
	// mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
	ImportJob_RSA_OAEP_3072_SHA1_AES_256 ImportJob_ImportMethod = 1
	// This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
	// scheme defined in the PKCS #11 standard. In summary, this involves
	// wrapping the raw key with an ephemeral AES key, and wrapping the
	// ephemeral AES key with a 4096 bit RSA key. For more details, see
	// [RSA AES key wrap
	// mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
	ImportJob_RSA_OAEP_4096_SHA1_AES_256 ImportJob_ImportMethod = 2
)

func (ImportJob_ImportMethod) Descriptor

func (ImportJob_ImportMethod) Enum

func (ImportJob_ImportMethod) EnumDescriptor deprecated

func (ImportJob_ImportMethod) EnumDescriptor() ([]byte, []int)

Deprecated: Use ImportJob_ImportMethod.Descriptor instead.

func (ImportJob_ImportMethod) Number

func (ImportJob_ImportMethod) String

func (x ImportJob_ImportMethod) String() string

func (ImportJob_ImportMethod) Type

type ImportJob_WrappingPublicKey

type ImportJob_WrappingPublicKey struct {

	// The public key, encoded in PEM format. For more information, see the [RFC
	// 7468](https://tools.ietf.org/html/rfc7468) sections for [General
	// Considerations](https://tools.ietf.org/html/rfc7468#section-2) and
	// [Textual Encoding of Subject Public Key Info]
	// (https://tools.ietf.org/html/rfc7468#section-13).
	Pem string `protobuf:"bytes,1,opt,name=pem,proto3" json:"pem,omitempty"`
	// contains filtered or unexported fields
}

The public key component of the wrapping key. For details of the type of key this public key corresponds to, see the [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod].

func (*ImportJob_WrappingPublicKey) Descriptor deprecated

func (*ImportJob_WrappingPublicKey) Descriptor() ([]byte, []int)

Deprecated: Use ImportJob_WrappingPublicKey.ProtoReflect.Descriptor instead.

func (*ImportJob_WrappingPublicKey) GetPem

func (x *ImportJob_WrappingPublicKey) GetPem() string

func (*ImportJob_WrappingPublicKey) ProtoMessage

func (*ImportJob_WrappingPublicKey) ProtoMessage()

func (*ImportJob_WrappingPublicKey) ProtoReflect

func (*ImportJob_WrappingPublicKey) Reset

func (x *ImportJob_WrappingPublicKey) Reset()

func (*ImportJob_WrappingPublicKey) String

func (x *ImportJob_WrappingPublicKey) String() string

type KeyManagementServiceClient

type KeyManagementServiceClient interface {
	// Lists [KeyRings][google.cloud.kms.v1.KeyRing].
	ListKeyRings(ctx context.Context, in *ListKeyRingsRequest, opts ...grpc.CallOption) (*ListKeyRingsResponse, error)
	// Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey].
	ListCryptoKeys(ctx context.Context, in *ListCryptoKeysRequest, opts ...grpc.CallOption) (*ListCryptoKeysResponse, error)
	// Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
	ListCryptoKeyVersions(ctx context.Context, in *ListCryptoKeyVersionsRequest, opts ...grpc.CallOption) (*ListCryptoKeyVersionsResponse, error)
	// Lists [ImportJobs][google.cloud.kms.v1.ImportJob].
	ListImportJobs(ctx context.Context, in *ListImportJobsRequest, opts ...grpc.CallOption) (*ListImportJobsResponse, error)
	// Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
	GetKeyRing(ctx context.Context, in *GetKeyRingRequest, opts ...grpc.CallOption) (*KeyRing, error)
	// Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its
	// [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	GetCryptoKey(ctx context.Context, in *GetCryptoKeyRequest, opts ...grpc.CallOption) (*CryptoKey, error)
	// Returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	GetCryptoKeyVersion(ctx context.Context, in *GetCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error)
	// Returns the public key for the given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
	// [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or
	// [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
	GetPublicKey(ctx context.Context, in *GetPublicKeyRequest, opts ...grpc.CallOption) (*PublicKey, error)
	// Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].
	GetImportJob(ctx context.Context, in *GetImportJobRequest, opts ...grpc.CallOption) (*ImportJob, error)
	// Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location.
	CreateKeyRing(ctx context.Context, in *CreateKeyRingRequest, opts ...grpc.CallOption) (*KeyRing, error)
	// Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing].
	//
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
	// [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
	// are required.
	CreateCryptoKey(ctx context.Context, in *CreateCryptoKeyRequest, opts ...grpc.CallOption) (*CryptoKey, error)
	// Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey].
	//
	// The server will assign the next sequential id. If unset,
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
	CreateCryptoKeyVersion(ctx context.Context, in *CreateCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error)
	// Import wrapped key material into a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	//
	// All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is
	// additionally specified in the request, key material will be reimported into
	// that version. Otherwise, a new version will be created, and will be
	// assigned the next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
	ImportCryptoKeyVersion(ctx context.Context, in *ImportCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error)
	// Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing].
	//
	// [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is required.
	CreateImportJob(ctx context.Context, in *CreateImportJobRequest, opts ...grpc.CallOption) (*ImportJob, error)
	// Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
	UpdateCryptoKey(ctx context.Context, in *UpdateCryptoKeyRequest, opts ...grpc.CallOption) (*CryptoKey, error)
	// Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata.
	//
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] and
	// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this
	// method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to
	// move between other states.
	UpdateCryptoKeyVersion(ctx context.Context, in *UpdateCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error)
	// Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
	//
	// Returns an error if called on a key whose purpose is not
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
	UpdateCryptoKeyPrimaryVersion(ctx context.Context, in *UpdateCryptoKeyPrimaryVersionRequest, opts ...grpc.CallOption) (*CryptoKey, error)
	// Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
	//
	// Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
	// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
	// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time
	// [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the
	// future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will
	// automatically change to
	// [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key
	// material will be irrevocably destroyed.
	//
	// Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached,
	// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process.
	DestroyCryptoKeyVersion(ctx context.Context, in *DestroyCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error)
	// Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
	// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
	// state.
	//
	// Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state]
	// will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
	// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared.
	RestoreCryptoKeyVersion(ctx context.Context, in *RestoreCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error)
	// Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
	// The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
	Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error)
	// Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
	Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error)
	// Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// ASYMMETRIC_SIGN, producing a signature that can be verified with the public
	// key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
	AsymmetricSign(ctx context.Context, in *AsymmetricSignRequest, opts ...grpc.CallOption) (*AsymmetricSignResponse, error)
	// Decrypts data that was encrypted with a public key retrieved from
	// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
	AsymmetricDecrypt(ctx context.Context, in *AsymmetricDecryptRequest, opts ...grpc.CallOption) (*AsymmetricDecryptResponse, error)
	// Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// MAC, producing a tag that can be verified by another source with the
	// same key.
	MacSign(ctx context.Context, in *MacSignRequest, opts ...grpc.CallOption) (*MacSignResponse, error)
	// Verifies MAC tag using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// MAC, and returns a response that indicates whether or not the verification
	// was successful.
	MacVerify(ctx context.Context, in *MacVerifyRequest, opts ...grpc.CallOption) (*MacVerifyResponse, error)
	// Generate random bytes using the Cloud KMS randomness source in the provided
	// location.
	GenerateRandomBytes(ctx context.Context, in *GenerateRandomBytesRequest, opts ...grpc.CallOption) (*GenerateRandomBytesResponse, error)
}

KeyManagementServiceClient is the client API for KeyManagementService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

type KeyManagementServiceServer

type KeyManagementServiceServer interface {
	// Lists [KeyRings][google.cloud.kms.v1.KeyRing].
	ListKeyRings(context.Context, *ListKeyRingsRequest) (*ListKeyRingsResponse, error)
	// Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey].
	ListCryptoKeys(context.Context, *ListCryptoKeysRequest) (*ListCryptoKeysResponse, error)
	// Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
	ListCryptoKeyVersions(context.Context, *ListCryptoKeyVersionsRequest) (*ListCryptoKeyVersionsResponse, error)
	// Lists [ImportJobs][google.cloud.kms.v1.ImportJob].
	ListImportJobs(context.Context, *ListImportJobsRequest) (*ListImportJobsResponse, error)
	// Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
	GetKeyRing(context.Context, *GetKeyRingRequest) (*KeyRing, error)
	// Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its
	// [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	GetCryptoKey(context.Context, *GetCryptoKeyRequest) (*CryptoKey, error)
	// Returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	GetCryptoKeyVersion(context.Context, *GetCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
	// Returns the public key for the given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
	// [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or
	// [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
	GetPublicKey(context.Context, *GetPublicKeyRequest) (*PublicKey, error)
	// Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].
	GetImportJob(context.Context, *GetImportJobRequest) (*ImportJob, error)
	// Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location.
	CreateKeyRing(context.Context, *CreateKeyRingRequest) (*KeyRing, error)
	// Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing].
	//
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
	// [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
	// are required.
	CreateCryptoKey(context.Context, *CreateCryptoKeyRequest) (*CryptoKey, error)
	// Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey].
	//
	// The server will assign the next sequential id. If unset,
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
	CreateCryptoKeyVersion(context.Context, *CreateCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
	// Import wrapped key material into a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	//
	// All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is
	// additionally specified in the request, key material will be reimported into
	// that version. Otherwise, a new version will be created, and will be
	// assigned the next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
	ImportCryptoKeyVersion(context.Context, *ImportCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
	// Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing].
	//
	// [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is required.
	CreateImportJob(context.Context, *CreateImportJobRequest) (*ImportJob, error)
	// Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
	UpdateCryptoKey(context.Context, *UpdateCryptoKeyRequest) (*CryptoKey, error)
	// Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata.
	//
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] and
	// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this
	// method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to
	// move between other states.
	UpdateCryptoKeyVersion(context.Context, *UpdateCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
	// Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
	//
	// Returns an error if called on a key whose purpose is not
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
	UpdateCryptoKeyPrimaryVersion(context.Context, *UpdateCryptoKeyPrimaryVersionRequest) (*CryptoKey, error)
	// Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
	//
	// Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
	// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
	// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time
	// [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the
	// future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will
	// automatically change to
	// [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key
	// material will be irrevocably destroyed.
	//
	// Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached,
	// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process.
	DestroyCryptoKeyVersion(context.Context, *DestroyCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
	// Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
	// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
	// state.
	//
	// Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state]
	// will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
	// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared.
	RestoreCryptoKeyVersion(context.Context, *RestoreCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
	// Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
	// The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
	Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error)
	// Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
	Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error)
	// Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// ASYMMETRIC_SIGN, producing a signature that can be verified with the public
	// key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
	AsymmetricSign(context.Context, *AsymmetricSignRequest) (*AsymmetricSignResponse, error)
	// Decrypts data that was encrypted with a public key retrieved from
	// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
	AsymmetricDecrypt(context.Context, *AsymmetricDecryptRequest) (*AsymmetricDecryptResponse, error)
	// Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// MAC, producing a tag that can be verified by another source with the
	// same key.
	MacSign(context.Context, *MacSignRequest) (*MacSignResponse, error)
	// Verifies MAC tag using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// MAC, and returns a response that indicates whether or not the verification
	// was successful.
	MacVerify(context.Context, *MacVerifyRequest) (*MacVerifyResponse, error)
	// Generate random bytes using the Cloud KMS randomness source in the provided
	// location.
	GenerateRandomBytes(context.Context, *GenerateRandomBytesRequest) (*GenerateRandomBytesResponse, error)
}

KeyManagementServiceServer is the server API for KeyManagementService service.

type KeyOperationAttestation

type KeyOperationAttestation struct {

	// Output only. The format of the attestation data.
	Format KeyOperationAttestation_AttestationFormat `` /* 133-byte string literal not displayed */
	// Output only. The attestation data provided by the HSM when the key
	// operation was performed.
	Content []byte `protobuf:"bytes,5,opt,name=content,proto3" json:"content,omitempty"`
	// contains filtered or unexported fields
}

Contains an HSM-generated attestation about a key operation. For more information, see [Verifying attestations] (https://cloud.google.com/kms/docs/attest-key).

func (*KeyOperationAttestation) Descriptor deprecated

func (*KeyOperationAttestation) Descriptor() ([]byte, []int)

Deprecated: Use KeyOperationAttestation.ProtoReflect.Descriptor instead.

func (*KeyOperationAttestation) GetContent

func (x *KeyOperationAttestation) GetContent() []byte

func (*KeyOperationAttestation) GetFormat

func (*KeyOperationAttestation) ProtoMessage

func (*KeyOperationAttestation) ProtoMessage()

func (*KeyOperationAttestation) ProtoReflect

func (x *KeyOperationAttestation) ProtoReflect() protoreflect.Message

func (*KeyOperationAttestation) Reset

func (x *KeyOperationAttestation) Reset()

func (*KeyOperationAttestation) String

func (x *KeyOperationAttestation) String() string

type KeyOperationAttestation_AttestationFormat

type KeyOperationAttestation_AttestationFormat int32

Attestation formats provided by the HSM.

const (
	// Not specified.
	KeyOperationAttestation_ATTESTATION_FORMAT_UNSPECIFIED KeyOperationAttestation_AttestationFormat = 0
	// Cavium HSM attestation compressed with gzip. Note that this format is
	// defined by Cavium and subject to change at any time.
	KeyOperationAttestation_CAVIUM_V1_COMPRESSED KeyOperationAttestation_AttestationFormat = 3
	// Cavium HSM attestation V2 compressed with gzip. This is a new format
	// introduced in Cavium's version 3.2-08.
	KeyOperationAttestation_CAVIUM_V2_COMPRESSED KeyOperationAttestation_AttestationFormat = 4
)

func (KeyOperationAttestation_AttestationFormat) Descriptor

func (KeyOperationAttestation_AttestationFormat) Enum

func (KeyOperationAttestation_AttestationFormat) EnumDescriptor deprecated

func (KeyOperationAttestation_AttestationFormat) EnumDescriptor() ([]byte, []int)

Deprecated: Use KeyOperationAttestation_AttestationFormat.Descriptor instead.

func (KeyOperationAttestation_AttestationFormat) Number

func (KeyOperationAttestation_AttestationFormat) String

func (KeyOperationAttestation_AttestationFormat) Type

type KeyRing

type KeyRing struct {

	// Output only. The resource name for the [KeyRing][google.cloud.kms.v1.KeyRing] in the format
	// `projects/*/locations/*/keyRings/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Output only. The time at which this [KeyRing][google.cloud.kms.v1.KeyRing] was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// contains filtered or unexported fields
}

A KeyRing[google.cloud.kms.v1.KeyRing] is a toplevel logical grouping of [CryptoKeys][google.cloud.kms.v1.CryptoKey].

func (*KeyRing) Descriptor deprecated

func (*KeyRing) Descriptor() ([]byte, []int)

Deprecated: Use KeyRing.ProtoReflect.Descriptor instead.

func (*KeyRing) GetCreateTime

func (x *KeyRing) GetCreateTime() *timestamppb.Timestamp

func (*KeyRing) GetName

func (x *KeyRing) GetName() string

func (*KeyRing) ProtoMessage

func (*KeyRing) ProtoMessage()

func (*KeyRing) ProtoReflect

func (x *KeyRing) ProtoReflect() protoreflect.Message

func (*KeyRing) Reset

func (x *KeyRing) Reset()

func (*KeyRing) String

func (x *KeyRing) String() string

type ListCryptoKeyVersionsRequest

type ListCryptoKeyVersionsRequest struct {

	// Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to list, in the format
	// `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. Optional limit on the number of [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] to
	// include in the response. Further [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] can
	// subsequently be obtained by including the
	// [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token] in a subsequent request.
	// If unspecified, the server will pick an appropriate default.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. Optional pagination token, returned earlier via
	// [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token].
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// The fields to include in the response.
	View CryptoKeyVersion_CryptoKeyVersionView `protobuf:"varint,4,opt,name=view,proto3,enum=google.cloud.kms.v1.CryptoKeyVersion_CryptoKeyVersionView" json:"view,omitempty"`
	// Optional. Only include resources that match the filter in the response. For
	// more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	Filter string `protobuf:"bytes,5,opt,name=filter,proto3" json:"filter,omitempty"`
	// Optional. Specify how the results should be sorted. If not specified, the
	// results will be sorted in the default order. For more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	OrderBy string `protobuf:"bytes,6,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions].

func (*ListCryptoKeyVersionsRequest) Descriptor deprecated

func (*ListCryptoKeyVersionsRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListCryptoKeyVersionsRequest.ProtoReflect.Descriptor instead.

func (*ListCryptoKeyVersionsRequest) GetFilter

func (x *ListCryptoKeyVersionsRequest) GetFilter() string

func (*ListCryptoKeyVersionsRequest) GetOrderBy

func (x *ListCryptoKeyVersionsRequest) GetOrderBy() string

func (*ListCryptoKeyVersionsRequest) GetPageSize

func (x *ListCryptoKeyVersionsRequest) GetPageSize() int32

func (*ListCryptoKeyVersionsRequest) GetPageToken

func (x *ListCryptoKeyVersionsRequest) GetPageToken() string

func (*ListCryptoKeyVersionsRequest) GetParent

func (x *ListCryptoKeyVersionsRequest) GetParent() string

func (*ListCryptoKeyVersionsRequest) GetView

func (*ListCryptoKeyVersionsRequest) ProtoMessage

func (*ListCryptoKeyVersionsRequest) ProtoMessage()

func (*ListCryptoKeyVersionsRequest) ProtoReflect

func (*ListCryptoKeyVersionsRequest) Reset

func (x *ListCryptoKeyVersionsRequest) Reset()

func (*ListCryptoKeyVersionsRequest) String

type ListCryptoKeyVersionsResponse

type ListCryptoKeyVersionsResponse struct {

	// The list of [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
	CryptoKeyVersions []*CryptoKeyVersion `protobuf:"bytes,1,rep,name=crypto_key_versions,json=cryptoKeyVersions,proto3" json:"crypto_key_versions,omitempty"`
	// A token to retrieve next page of results. Pass this value in
	// [ListCryptoKeyVersionsRequest.page_token][google.cloud.kms.v1.ListCryptoKeyVersionsRequest.page_token] to retrieve the next page of
	// results.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// The total number of [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] that matched the
	// query.
	TotalSize int32 `protobuf:"varint,3,opt,name=total_size,json=totalSize,proto3" json:"total_size,omitempty"`
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions].

func (*ListCryptoKeyVersionsResponse) Descriptor deprecated

func (*ListCryptoKeyVersionsResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListCryptoKeyVersionsResponse.ProtoReflect.Descriptor instead.

func (*ListCryptoKeyVersionsResponse) GetCryptoKeyVersions

func (x *ListCryptoKeyVersionsResponse) GetCryptoKeyVersions() []*CryptoKeyVersion

func (*ListCryptoKeyVersionsResponse) GetNextPageToken

func (x *ListCryptoKeyVersionsResponse) GetNextPageToken() string

func (*ListCryptoKeyVersionsResponse) GetTotalSize

func (x *ListCryptoKeyVersionsResponse) GetTotalSize() int32

func (*ListCryptoKeyVersionsResponse) ProtoMessage

func (*ListCryptoKeyVersionsResponse) ProtoMessage()

func (*ListCryptoKeyVersionsResponse) ProtoReflect

func (*ListCryptoKeyVersionsResponse) Reset

func (x *ListCryptoKeyVersionsResponse) Reset()

func (*ListCryptoKeyVersionsResponse) String

type ListCryptoKeysRequest

type ListCryptoKeysRequest struct {

	// Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing] to list, in the format
	// `projects/*/locations/*/keyRings/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. Optional limit on the number of [CryptoKeys][google.cloud.kms.v1.CryptoKey] to include in the
	// response.  Further [CryptoKeys][google.cloud.kms.v1.CryptoKey] can subsequently be obtained by
	// including the [ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token] in a subsequent
	// request.  If unspecified, the server will pick an appropriate default.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. Optional pagination token, returned earlier via
	// [ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token].
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// The fields of the primary version to include in the response.
	VersionView CryptoKeyVersion_CryptoKeyVersionView `` /* 158-byte string literal not displayed */
	// Optional. Only include resources that match the filter in the response. For
	// more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	Filter string `protobuf:"bytes,5,opt,name=filter,proto3" json:"filter,omitempty"`
	// Optional. Specify how the results should be sorted. If not specified, the
	// results will be sorted in the default order. For more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	OrderBy string `protobuf:"bytes,6,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys].

func (*ListCryptoKeysRequest) Descriptor deprecated

func (*ListCryptoKeysRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListCryptoKeysRequest.ProtoReflect.Descriptor instead.

func (*ListCryptoKeysRequest) GetFilter

func (x *ListCryptoKeysRequest) GetFilter() string

func (*ListCryptoKeysRequest) GetOrderBy

func (x *ListCryptoKeysRequest) GetOrderBy() string

func (*ListCryptoKeysRequest) GetPageSize

func (x *ListCryptoKeysRequest) GetPageSize() int32

func (*ListCryptoKeysRequest) GetPageToken

func (x *ListCryptoKeysRequest) GetPageToken() string

func (*ListCryptoKeysRequest) GetParent

func (x *ListCryptoKeysRequest) GetParent() string

func (*ListCryptoKeysRequest) GetVersionView

func (*ListCryptoKeysRequest) ProtoMessage

func (*ListCryptoKeysRequest) ProtoMessage()

func (*ListCryptoKeysRequest) ProtoReflect

func (x *ListCryptoKeysRequest) ProtoReflect() protoreflect.Message

func (*ListCryptoKeysRequest) Reset

func (x *ListCryptoKeysRequest) Reset()

func (*ListCryptoKeysRequest) String

func (x *ListCryptoKeysRequest) String() string

type ListCryptoKeysResponse

type ListCryptoKeysResponse struct {

	// The list of [CryptoKeys][google.cloud.kms.v1.CryptoKey].
	CryptoKeys []*CryptoKey `protobuf:"bytes,1,rep,name=crypto_keys,json=cryptoKeys,proto3" json:"crypto_keys,omitempty"`
	// A token to retrieve next page of results. Pass this value in
	// [ListCryptoKeysRequest.page_token][google.cloud.kms.v1.ListCryptoKeysRequest.page_token] to retrieve the next page of results.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// The total number of [CryptoKeys][google.cloud.kms.v1.CryptoKey] that matched the query.
	TotalSize int32 `protobuf:"varint,3,opt,name=total_size,json=totalSize,proto3" json:"total_size,omitempty"`
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys].

func (*ListCryptoKeysResponse) Descriptor deprecated

func (*ListCryptoKeysResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListCryptoKeysResponse.ProtoReflect.Descriptor instead.

func (*ListCryptoKeysResponse) GetCryptoKeys

func (x *ListCryptoKeysResponse) GetCryptoKeys() []*CryptoKey

func (*ListCryptoKeysResponse) GetNextPageToken

func (x *ListCryptoKeysResponse) GetNextPageToken() string

func (*ListCryptoKeysResponse) GetTotalSize

func (x *ListCryptoKeysResponse) GetTotalSize() int32

func (*ListCryptoKeysResponse) ProtoMessage

func (*ListCryptoKeysResponse) ProtoMessage()

func (*ListCryptoKeysResponse) ProtoReflect

func (x *ListCryptoKeysResponse) ProtoReflect() protoreflect.Message

func (*ListCryptoKeysResponse) Reset

func (x *ListCryptoKeysResponse) Reset()

func (*ListCryptoKeysResponse) String

func (x *ListCryptoKeysResponse) String() string

type ListImportJobsRequest

type ListImportJobsRequest struct {

	// Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing] to list, in the format
	// `projects/*/locations/*/keyRings/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. Optional limit on the number of [ImportJobs][google.cloud.kms.v1.ImportJob] to include in the
	// response. Further [ImportJobs][google.cloud.kms.v1.ImportJob] can subsequently be obtained by
	// including the [ListImportJobsResponse.next_page_token][google.cloud.kms.v1.ListImportJobsResponse.next_page_token] in a subsequent
	// request. If unspecified, the server will pick an appropriate default.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. Optional pagination token, returned earlier via
	// [ListImportJobsResponse.next_page_token][google.cloud.kms.v1.ListImportJobsResponse.next_page_token].
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// Optional. Only include resources that match the filter in the response. For
	// more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	Filter string `protobuf:"bytes,4,opt,name=filter,proto3" json:"filter,omitempty"`
	// Optional. Specify how the results should be sorted. If not specified, the
	// results will be sorted in the default order. For more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	OrderBy string `protobuf:"bytes,5,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs].

func (*ListImportJobsRequest) Descriptor deprecated

func (*ListImportJobsRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListImportJobsRequest.ProtoReflect.Descriptor instead.

func (*ListImportJobsRequest) GetFilter

func (x *ListImportJobsRequest) GetFilter() string

func (*ListImportJobsRequest) GetOrderBy

func (x *ListImportJobsRequest) GetOrderBy() string

func (*ListImportJobsRequest) GetPageSize

func (x *ListImportJobsRequest) GetPageSize() int32

func (*ListImportJobsRequest) GetPageToken

func (x *ListImportJobsRequest) GetPageToken() string

func (*ListImportJobsRequest) GetParent

func (x *ListImportJobsRequest) GetParent() string

func (*ListImportJobsRequest) ProtoMessage

func (*ListImportJobsRequest) ProtoMessage()

func (*ListImportJobsRequest) ProtoReflect

func (x *ListImportJobsRequest) ProtoReflect() protoreflect.Message

func (*ListImportJobsRequest) Reset

func (x *ListImportJobsRequest) Reset()

func (*ListImportJobsRequest) String

func (x *ListImportJobsRequest) String() string

type ListImportJobsResponse

type ListImportJobsResponse struct {

	// The list of [ImportJobs][google.cloud.kms.v1.ImportJob].
	ImportJobs []*ImportJob `protobuf:"bytes,1,rep,name=import_jobs,json=importJobs,proto3" json:"import_jobs,omitempty"`
	// A token to retrieve next page of results. Pass this value in
	// [ListImportJobsRequest.page_token][google.cloud.kms.v1.ListImportJobsRequest.page_token] to retrieve the next page of results.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// The total number of [ImportJobs][google.cloud.kms.v1.ImportJob] that matched the query.
	TotalSize int32 `protobuf:"varint,3,opt,name=total_size,json=totalSize,proto3" json:"total_size,omitempty"`
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs].

func (*ListImportJobsResponse) Descriptor deprecated

func (*ListImportJobsResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListImportJobsResponse.ProtoReflect.Descriptor instead.

func (*ListImportJobsResponse) GetImportJobs

func (x *ListImportJobsResponse) GetImportJobs() []*ImportJob

func (*ListImportJobsResponse) GetNextPageToken

func (x *ListImportJobsResponse) GetNextPageToken() string

func (*ListImportJobsResponse) GetTotalSize

func (x *ListImportJobsResponse) GetTotalSize() int32

func (*ListImportJobsResponse) ProtoMessage

func (*ListImportJobsResponse) ProtoMessage()

func (*ListImportJobsResponse) ProtoReflect

func (x *ListImportJobsResponse) ProtoReflect() protoreflect.Message

func (*ListImportJobsResponse) Reset

func (x *ListImportJobsResponse) Reset()

func (*ListImportJobsResponse) String

func (x *ListImportJobsResponse) String() string

type ListKeyRingsRequest

type ListKeyRingsRequest struct {

	// Required. The resource name of the location associated with the
	// [KeyRings][google.cloud.kms.v1.KeyRing], in the format `projects/*/locations/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. Optional limit on the number of [KeyRings][google.cloud.kms.v1.KeyRing] to include in the
	// response.  Further [KeyRings][google.cloud.kms.v1.KeyRing] can subsequently be obtained by
	// including the [ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token] in a subsequent
	// request.  If unspecified, the server will pick an appropriate default.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. Optional pagination token, returned earlier via
	// [ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token].
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// Optional. Only include resources that match the filter in the response. For
	// more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	Filter string `protobuf:"bytes,4,opt,name=filter,proto3" json:"filter,omitempty"`
	// Optional. Specify how the results should be sorted. If not specified, the
	// results will be sorted in the default order.  For more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	OrderBy string `protobuf:"bytes,5,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings].

func (*ListKeyRingsRequest) Descriptor deprecated

func (*ListKeyRingsRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListKeyRingsRequest.ProtoReflect.Descriptor instead.

func (*ListKeyRingsRequest) GetFilter

func (x *ListKeyRingsRequest) GetFilter() string

func (*ListKeyRingsRequest) GetOrderBy

func (x *ListKeyRingsRequest) GetOrderBy() string

func (*ListKeyRingsRequest) GetPageSize

func (x *ListKeyRingsRequest) GetPageSize() int32

func (*ListKeyRingsRequest) GetPageToken

func (x *ListKeyRingsRequest) GetPageToken() string

func (*ListKeyRingsRequest) GetParent

func (x *ListKeyRingsRequest) GetParent() string

func (*ListKeyRingsRequest) ProtoMessage

func (*ListKeyRingsRequest) ProtoMessage()

func (*ListKeyRingsRequest) ProtoReflect

func (x *ListKeyRingsRequest) ProtoReflect() protoreflect.Message

func (*ListKeyRingsRequest) Reset

func (x *ListKeyRingsRequest) Reset()

func (*ListKeyRingsRequest) String

func (x *ListKeyRingsRequest) String() string

type ListKeyRingsResponse

type ListKeyRingsResponse struct {

	// The list of [KeyRings][google.cloud.kms.v1.KeyRing].
	KeyRings []*KeyRing `protobuf:"bytes,1,rep,name=key_rings,json=keyRings,proto3" json:"key_rings,omitempty"`
	// A token to retrieve next page of results. Pass this value in
	// [ListKeyRingsRequest.page_token][google.cloud.kms.v1.ListKeyRingsRequest.page_token] to retrieve the next page of results.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// The total number of [KeyRings][google.cloud.kms.v1.KeyRing] that matched the query.
	TotalSize int32 `protobuf:"varint,3,opt,name=total_size,json=totalSize,proto3" json:"total_size,omitempty"`
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings].

func (*ListKeyRingsResponse) Descriptor deprecated

func (*ListKeyRingsResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListKeyRingsResponse.ProtoReflect.Descriptor instead.

func (*ListKeyRingsResponse) GetKeyRings

func (x *ListKeyRingsResponse) GetKeyRings() []*KeyRing

func (*ListKeyRingsResponse) GetNextPageToken

func (x *ListKeyRingsResponse) GetNextPageToken() string

func (*ListKeyRingsResponse) GetTotalSize

func (x *ListKeyRingsResponse) GetTotalSize() int32

func (*ListKeyRingsResponse) ProtoMessage

func (*ListKeyRingsResponse) ProtoMessage()

func (*ListKeyRingsResponse) ProtoReflect

func (x *ListKeyRingsResponse) ProtoReflect() protoreflect.Message

func (*ListKeyRingsResponse) Reset

func (x *ListKeyRingsResponse) Reset()

func (*ListKeyRingsResponse) String

func (x *ListKeyRingsResponse) String() string

type LocationMetadata

type LocationMetadata struct {

	// Indicates whether [CryptoKeys][google.cloud.kms.v1.CryptoKey] with
	// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]
	// [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] can be created in this location.
	HsmAvailable bool `protobuf:"varint,1,opt,name=hsm_available,json=hsmAvailable,proto3" json:"hsm_available,omitempty"`
	// Indicates whether [CryptoKeys][google.cloud.kms.v1.CryptoKey] with
	// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]
	// [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] can be created in this location.
	EkmAvailable bool `protobuf:"varint,2,opt,name=ekm_available,json=ekmAvailable,proto3" json:"ekm_available,omitempty"`
	// contains filtered or unexported fields
}

Cloud KMS metadata for the given [google.cloud.location.Location][google.cloud.location.Location].

func (*LocationMetadata) Descriptor deprecated

func (*LocationMetadata) Descriptor() ([]byte, []int)

Deprecated: Use LocationMetadata.ProtoReflect.Descriptor instead.

func (*LocationMetadata) GetEkmAvailable

func (x *LocationMetadata) GetEkmAvailable() bool

func (*LocationMetadata) GetHsmAvailable

func (x *LocationMetadata) GetHsmAvailable() bool

func (*LocationMetadata) ProtoMessage

func (*LocationMetadata) ProtoMessage()

func (*LocationMetadata) ProtoReflect

func (x *LocationMetadata) ProtoReflect() protoreflect.Message

func (*LocationMetadata) Reset

func (x *LocationMetadata) Reset()

func (*LocationMetadata) String

func (x *LocationMetadata) String() string

type MacSignRequest

type MacSignRequest struct {

	// Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for signing.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. The data to sign. The MAC tag is computed over this data field based on
	// the specific algorithm.
	Data []byte `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`
	// Optional. An optional CRC32C checksum of the [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data]. If
	// specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the
	// received [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data] using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification
	// fails. If you receive a checksum error, your client should verify that
	// CRC32C([MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data]) is equal to
	// [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c], and if so, perform a limited
	// number of retries. A persistent mismatch may indicate an issue in your
	// computation of the CRC32C checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	DataCrc32C *wrapperspb.Int64Value `protobuf:"bytes,3,opt,name=data_crc32c,json=dataCrc32c,proto3" json:"data_crc32c,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.MacSign][google.cloud.kms.v1.KeyManagementService.MacSign].

func (*MacSignRequest) Descriptor deprecated

func (*MacSignRequest) Descriptor() ([]byte, []int)

Deprecated: Use MacSignRequest.ProtoReflect.Descriptor instead.

func (*MacSignRequest) GetData

func (x *MacSignRequest) GetData() []byte

func (*MacSignRequest) GetDataCrc32C

func (x *MacSignRequest) GetDataCrc32C() *wrapperspb.Int64Value

func (*MacSignRequest) GetName

func (x *MacSignRequest) GetName() string

func (*MacSignRequest) ProtoMessage

func (*MacSignRequest) ProtoMessage()

func (*MacSignRequest) ProtoReflect

func (x *MacSignRequest) ProtoReflect() protoreflect.Message

func (*MacSignRequest) Reset

func (x *MacSignRequest) Reset()

func (*MacSignRequest) String

func (x *MacSignRequest) String() string

type MacSignResponse

type MacSignResponse struct {

	// The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing. Check
	// this field to verify that the intended resource was used for signing.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The created signature.
	Mac []byte `protobuf:"bytes,2,opt,name=mac,proto3" json:"mac,omitempty"`
	// Integrity verification field. A CRC32C checksum of the returned
	// [MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac]. An integrity check of
	// [MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac] can be performed by computing the
	// CRC32C checksum of [MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac] and comparing your
	// results to this field. Discard the response in case of non-matching
	// checksum values, and perform a limited number of retries. A persistent
	// mismatch may indicate an issue in your computation of the CRC32C checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	MacCrc32C *wrapperspb.Int64Value `protobuf:"bytes,3,opt,name=mac_crc32c,json=macCrc32c,proto3" json:"mac_crc32c,omitempty"`
	// Integrity verification field. A flag indicating whether
	// [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c] was received by
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the
	// [data][google.cloud.kms.v1.MacSignRequest.data]. A false value of this field
	// indicates either that [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c] was left
	// unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
	// set [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c] but this field is still false,
	// discard the response and perform a limited number of retries.
	VerifiedDataCrc32C bool `protobuf:"varint,4,opt,name=verified_data_crc32c,json=verifiedDataCrc32c,proto3" json:"verified_data_crc32c,omitempty"`
	// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing.
	ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.MacSign][google.cloud.kms.v1.KeyManagementService.MacSign].

func (*MacSignResponse) Descriptor deprecated

func (*MacSignResponse) Descriptor() ([]byte, []int)

Deprecated: Use MacSignResponse.ProtoReflect.Descriptor instead.

func (*MacSignResponse) GetMac

func (x *MacSignResponse) GetMac() []byte

func (*MacSignResponse) GetMacCrc32C

func (x *MacSignResponse) GetMacCrc32C() *wrapperspb.Int64Value

func (*MacSignResponse) GetName

func (x *MacSignResponse) GetName() string

func (*MacSignResponse) GetProtectionLevel

func (x *MacSignResponse) GetProtectionLevel() ProtectionLevel

func (*MacSignResponse) GetVerifiedDataCrc32C

func (x *MacSignResponse) GetVerifiedDataCrc32C() bool

func (*MacSignResponse) ProtoMessage

func (*MacSignResponse) ProtoMessage()

func (*MacSignResponse) ProtoReflect

func (x *MacSignResponse) ProtoReflect() protoreflect.Message

func (*MacSignResponse) Reset

func (x *MacSignResponse) Reset()

func (*MacSignResponse) String

func (x *MacSignResponse) String() string

type MacVerifyRequest

type MacVerifyRequest struct {

	// Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for verification.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. The data used previously as a [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data] to generate the MAC
	// tag.
	Data []byte `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`
	// Optional. An optional CRC32C checksum of the [MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data]. If
	// specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the
	// received [MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data] using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification
	// fails. If you receive a checksum error, your client should verify that
	// CRC32C([MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data]) is equal to
	// [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c], and if so, perform a limited
	// number of retries. A persistent mismatch may indicate an issue in your
	// computation of the CRC32C checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	DataCrc32C *wrapperspb.Int64Value `protobuf:"bytes,3,opt,name=data_crc32c,json=dataCrc32c,proto3" json:"data_crc32c,omitempty"`
	// Required. The signature to verify.
	Mac []byte `protobuf:"bytes,4,opt,name=mac,proto3" json:"mac,omitempty"`
	// Optional. An optional CRC32C checksum of the [MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac]. If
	// specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will verify the integrity of the
	// received [MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac] using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will report an error if the checksum verification
	// fails. If you receive a checksum error, your client should verify that
	// CRC32C([MacVerifyRequest.tag][]) is equal to
	// [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c], and if so, perform a limited
	// number of retries. A persistent mismatch may indicate an issue in your
	// computation of the CRC32C checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	MacCrc32C *wrapperspb.Int64Value `protobuf:"bytes,5,opt,name=mac_crc32c,json=macCrc32c,proto3" json:"mac_crc32c,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.MacVerify][google.cloud.kms.v1.KeyManagementService.MacVerify].

func (*MacVerifyRequest) Descriptor deprecated

func (*MacVerifyRequest) Descriptor() ([]byte, []int)

Deprecated: Use MacVerifyRequest.ProtoReflect.Descriptor instead.

func (*MacVerifyRequest) GetData

func (x *MacVerifyRequest) GetData() []byte

func (*MacVerifyRequest) GetDataCrc32C

func (x *MacVerifyRequest) GetDataCrc32C() *wrapperspb.Int64Value

func (*MacVerifyRequest) GetMac

func (x *MacVerifyRequest) GetMac() []byte

func (*MacVerifyRequest) GetMacCrc32C

func (x *MacVerifyRequest) GetMacCrc32C() *wrapperspb.Int64Value

func (*MacVerifyRequest) GetName

func (x *MacVerifyRequest) GetName() string

func (*MacVerifyRequest) ProtoMessage

func (*MacVerifyRequest) ProtoMessage()

func (*MacVerifyRequest) ProtoReflect

func (x *MacVerifyRequest) ProtoReflect() protoreflect.Message

func (*MacVerifyRequest) Reset

func (x *MacVerifyRequest) Reset()

func (*MacVerifyRequest) String

func (x *MacVerifyRequest) String() string

type MacVerifyResponse

type MacVerifyResponse struct {

	// The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for verification.
	// Check this field to verify that the intended resource was used for
	// verification.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// This field indicates whether or not the verification operation for
	// [MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac] over [MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data] was successful.
	Success bool `protobuf:"varint,2,opt,name=success,proto3" json:"success,omitempty"`
	// Integrity verification field. A flag indicating whether
	// [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c] was received by
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the
	// [data][google.cloud.kms.v1.MacVerifyRequest.data]. A false value of this field
	// indicates either that [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c] was left
	// unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
	// set [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c] but this field is still false,
	// discard the response and perform a limited number of retries.
	VerifiedDataCrc32C bool `protobuf:"varint,3,opt,name=verified_data_crc32c,json=verifiedDataCrc32c,proto3" json:"verified_data_crc32c,omitempty"`
	// Integrity verification field. A flag indicating whether
	// [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c] was received by
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used for the integrity verification of the
	// [data][google.cloud.kms.v1.MacVerifyRequest.mac]. A false value of this field
	// indicates either that [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c] was left
	// unset or that it was not delivered to [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
	// set [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c] but this field is still false,
	// discard the response and perform a limited number of retries.
	VerifiedMacCrc32C bool `protobuf:"varint,4,opt,name=verified_mac_crc32c,json=verifiedMacCrc32c,proto3" json:"verified_mac_crc32c,omitempty"`
	// Integrity verification field. This value is used for the integrity
	// verification of [MacVerifyResponse.success]. If the value of this field
	// contradicts the value of [MacVerifyResponse.success], discard the response
	// and perform a limited number of retries.
	VerifiedSuccessIntegrity bool `` /* 136-byte string literal not displayed */
	// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for verification.
	ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.MacVerify][google.cloud.kms.v1.KeyManagementService.MacVerify].

func (*MacVerifyResponse) Descriptor deprecated

func (*MacVerifyResponse) Descriptor() ([]byte, []int)

Deprecated: Use MacVerifyResponse.ProtoReflect.Descriptor instead.

func (*MacVerifyResponse) GetName

func (x *MacVerifyResponse) GetName() string

func (*MacVerifyResponse) GetProtectionLevel

func (x *MacVerifyResponse) GetProtectionLevel() ProtectionLevel

func (*MacVerifyResponse) GetSuccess

func (x *MacVerifyResponse) GetSuccess() bool

func (*MacVerifyResponse) GetVerifiedDataCrc32C

func (x *MacVerifyResponse) GetVerifiedDataCrc32C() bool

func (*MacVerifyResponse) GetVerifiedMacCrc32C

func (x *MacVerifyResponse) GetVerifiedMacCrc32C() bool

func (*MacVerifyResponse) GetVerifiedSuccessIntegrity

func (x *MacVerifyResponse) GetVerifiedSuccessIntegrity() bool

func (*MacVerifyResponse) ProtoMessage

func (*MacVerifyResponse) ProtoMessage()

func (*MacVerifyResponse) ProtoReflect

func (x *MacVerifyResponse) ProtoReflect() protoreflect.Message

func (*MacVerifyResponse) Reset

func (x *MacVerifyResponse) Reset()

func (*MacVerifyResponse) String

func (x *MacVerifyResponse) String() string

type ProtectionLevel

type ProtectionLevel int32

ProtectionLevel[google.cloud.kms.v1.ProtectionLevel] specifies how cryptographic operations are performed. For more information, see [Protection levels] (https://cloud.google.com/kms/docs/algorithms#protection_levels).

const (
	// Not specified.
	ProtectionLevel_PROTECTION_LEVEL_UNSPECIFIED ProtectionLevel = 0
	// Crypto operations are performed in software.
	ProtectionLevel_SOFTWARE ProtectionLevel = 1
	// Crypto operations are performed in a Hardware Security Module.
	ProtectionLevel_HSM ProtectionLevel = 2
	// Crypto operations are performed by an external key manager.
	ProtectionLevel_EXTERNAL ProtectionLevel = 3
)

func (ProtectionLevel) Descriptor

func (ProtectionLevel) Enum

func (x ProtectionLevel) Enum() *ProtectionLevel

func (ProtectionLevel) EnumDescriptor deprecated

func (ProtectionLevel) EnumDescriptor() ([]byte, []int)

Deprecated: Use ProtectionLevel.Descriptor instead.

func (ProtectionLevel) Number

func (ProtectionLevel) String

func (x ProtectionLevel) String() string

func (ProtectionLevel) Type

type PublicKey

type PublicKey struct {

	// The public key, encoded in PEM format. For more information, see the
	// [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for
	// [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and
	// [Textual Encoding of Subject Public Key Info]
	// (https://tools.ietf.org/html/rfc7468#section-13).
	Pem string `protobuf:"bytes,1,opt,name=pem,proto3" json:"pem,omitempty"`
	// The [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] associated
	// with this key.
	Algorithm CryptoKeyVersion_CryptoKeyVersionAlgorithm `` /* 140-byte string literal not displayed */
	// Integrity verification field. A CRC32C checksum of the returned
	// [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem]. An integrity check of [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem] can be performed
	// by computing the CRC32C checksum of [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem] and
	// comparing your results to this field. Discard the response in case of
	// non-matching checksum values, and perform a limited number of retries. A
	// persistent mismatch may indicate an issue in your computation of the CRC32C
	// checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	//
	// NOTE: This field is in Beta.
	PemCrc32C *wrapperspb.Int64Value `protobuf:"bytes,3,opt,name=pem_crc32c,json=pemCrc32c,proto3" json:"pem_crc32c,omitempty"`
	// The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key.
	// Provided here for verification.
	//
	// NOTE: This field is in Beta.
	Name string `protobuf:"bytes,4,opt,name=name,proto3" json:"name,omitempty"`
	// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key.
	ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */
	// contains filtered or unexported fields
}

The public key for a given CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion]. Obtained via [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].

func (*PublicKey) Descriptor deprecated

func (*PublicKey) Descriptor() ([]byte, []int)

Deprecated: Use PublicKey.ProtoReflect.Descriptor instead.

func (*PublicKey) GetAlgorithm

func (*PublicKey) GetName

func (x *PublicKey) GetName() string

func (*PublicKey) GetPem

func (x *PublicKey) GetPem() string

func (*PublicKey) GetPemCrc32C

func (x *PublicKey) GetPemCrc32C() *wrapperspb.Int64Value

func (*PublicKey) GetProtectionLevel

func (x *PublicKey) GetProtectionLevel() ProtectionLevel

func (*PublicKey) ProtoMessage

func (*PublicKey) ProtoMessage()

func (*PublicKey) ProtoReflect

func (x *PublicKey) ProtoReflect() protoreflect.Message

func (*PublicKey) Reset

func (x *PublicKey) Reset()

func (*PublicKey) String

func (x *PublicKey) String() string

type RestoreCryptoKeyVersionRequest

type RestoreCryptoKeyVersionRequest struct {

	// Required. The resource name of the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to restore.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion].

func (*RestoreCryptoKeyVersionRequest) Descriptor deprecated

func (*RestoreCryptoKeyVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use RestoreCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.

func (*RestoreCryptoKeyVersionRequest) GetName

func (*RestoreCryptoKeyVersionRequest) ProtoMessage

func (*RestoreCryptoKeyVersionRequest) ProtoMessage()

func (*RestoreCryptoKeyVersionRequest) ProtoReflect

func (*RestoreCryptoKeyVersionRequest) Reset

func (x *RestoreCryptoKeyVersionRequest) Reset()

func (*RestoreCryptoKeyVersionRequest) String

type UnimplementedKeyManagementServiceServer

type UnimplementedKeyManagementServiceServer struct {
}

UnimplementedKeyManagementServiceServer can be embedded to have forward compatible implementations.

func (*UnimplementedKeyManagementServiceServer) AsymmetricDecrypt

func (*UnimplementedKeyManagementServiceServer) AsymmetricSign

func (*UnimplementedKeyManagementServiceServer) CreateCryptoKey

func (*UnimplementedKeyManagementServiceServer) CreateCryptoKeyVersion

func (*UnimplementedKeyManagementServiceServer) CreateImportJob

func (*UnimplementedKeyManagementServiceServer) CreateKeyRing

func (*UnimplementedKeyManagementServiceServer) Decrypt

func (*UnimplementedKeyManagementServiceServer) DestroyCryptoKeyVersion

func (*UnimplementedKeyManagementServiceServer) Encrypt

func (*UnimplementedKeyManagementServiceServer) GenerateRandomBytes

func (*UnimplementedKeyManagementServiceServer) GetCryptoKey

func (*UnimplementedKeyManagementServiceServer) GetCryptoKeyVersion

func (*UnimplementedKeyManagementServiceServer) GetImportJob

func (*UnimplementedKeyManagementServiceServer) GetKeyRing

func (*UnimplementedKeyManagementServiceServer) GetPublicKey

func (*UnimplementedKeyManagementServiceServer) ImportCryptoKeyVersion

func (*UnimplementedKeyManagementServiceServer) ListCryptoKeyVersions

func (*UnimplementedKeyManagementServiceServer) ListCryptoKeys

func (*UnimplementedKeyManagementServiceServer) ListImportJobs

func (*UnimplementedKeyManagementServiceServer) ListKeyRings

func (*UnimplementedKeyManagementServiceServer) MacSign

func (*UnimplementedKeyManagementServiceServer) MacVerify

func (*UnimplementedKeyManagementServiceServer) RestoreCryptoKeyVersion

func (*UnimplementedKeyManagementServiceServer) UpdateCryptoKey

func (*UnimplementedKeyManagementServiceServer) UpdateCryptoKeyPrimaryVersion

func (*UnimplementedKeyManagementServiceServer) UpdateCryptoKeyVersion

type UpdateCryptoKeyPrimaryVersionRequest

type UpdateCryptoKeyPrimaryVersionRequest struct {

	// Required. The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to update.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. The id of the child [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use as primary.
	CryptoKeyVersionId string `protobuf:"bytes,2,opt,name=crypto_key_version_id,json=cryptoKeyVersionId,proto3" json:"crypto_key_version_id,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion].

func (*UpdateCryptoKeyPrimaryVersionRequest) Descriptor deprecated

func (*UpdateCryptoKeyPrimaryVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use UpdateCryptoKeyPrimaryVersionRequest.ProtoReflect.Descriptor instead.

func (*UpdateCryptoKeyPrimaryVersionRequest) GetCryptoKeyVersionId

func (x *UpdateCryptoKeyPrimaryVersionRequest) GetCryptoKeyVersionId() string

func (*UpdateCryptoKeyPrimaryVersionRequest) GetName

func (*UpdateCryptoKeyPrimaryVersionRequest) ProtoMessage

func (*UpdateCryptoKeyPrimaryVersionRequest) ProtoMessage()

func (*UpdateCryptoKeyPrimaryVersionRequest) ProtoReflect

func (*UpdateCryptoKeyPrimaryVersionRequest) Reset

func (*UpdateCryptoKeyPrimaryVersionRequest) String

type UpdateCryptoKeyRequest

type UpdateCryptoKeyRequest struct {

	// Required. [CryptoKey][google.cloud.kms.v1.CryptoKey] with updated values.
	CryptoKey *CryptoKey `protobuf:"bytes,1,opt,name=crypto_key,json=cryptoKey,proto3" json:"crypto_key,omitempty"`
	// Required. List of fields to be updated in this request.
	UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.UpdateCryptoKey][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKey].

func (*UpdateCryptoKeyRequest) Descriptor deprecated

func (*UpdateCryptoKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use UpdateCryptoKeyRequest.ProtoReflect.Descriptor instead.

func (*UpdateCryptoKeyRequest) GetCryptoKey

func (x *UpdateCryptoKeyRequest) GetCryptoKey() *CryptoKey

func (*UpdateCryptoKeyRequest) GetUpdateMask

func (x *UpdateCryptoKeyRequest) GetUpdateMask() *fieldmaskpb.FieldMask

func (*UpdateCryptoKeyRequest) ProtoMessage

func (*UpdateCryptoKeyRequest) ProtoMessage()

func (*UpdateCryptoKeyRequest) ProtoReflect

func (x *UpdateCryptoKeyRequest) ProtoReflect() protoreflect.Message

func (*UpdateCryptoKeyRequest) Reset

func (x *UpdateCryptoKeyRequest) Reset()

func (*UpdateCryptoKeyRequest) String

func (x *UpdateCryptoKeyRequest) String() string

type UpdateCryptoKeyVersionRequest

type UpdateCryptoKeyVersionRequest struct {

	// Required. [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with updated values.
	CryptoKeyVersion *CryptoKeyVersion `protobuf:"bytes,1,opt,name=crypto_key_version,json=cryptoKeyVersion,proto3" json:"crypto_key_version,omitempty"`
	// Required. List of fields to be updated in this request.
	UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.UpdateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyVersion].

func (*UpdateCryptoKeyVersionRequest) Descriptor deprecated

func (*UpdateCryptoKeyVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use UpdateCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.

func (*UpdateCryptoKeyVersionRequest) GetCryptoKeyVersion

func (x *UpdateCryptoKeyVersionRequest) GetCryptoKeyVersion() *CryptoKeyVersion

func (*UpdateCryptoKeyVersionRequest) GetUpdateMask

func (*UpdateCryptoKeyVersionRequest) ProtoMessage

func (*UpdateCryptoKeyVersionRequest) ProtoMessage()

func (*UpdateCryptoKeyVersionRequest) ProtoReflect

func (*UpdateCryptoKeyVersionRequest) Reset

func (x *UpdateCryptoKeyVersionRequest) Reset()

func (*UpdateCryptoKeyVersionRequest) String

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL