google-cloud-kms-v1 0.10.2 → 0.13.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -299,12 +299,16 @@ module Google
299
299
  #
300
300
  # @param parent [::String]
301
301
  # Required. The resource name of the location associated with the
302
- # {::Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format `projects/*/locations/*`.
302
+ # {::Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format
303
+ # `projects/*/locations/*`.
303
304
  # @param page_size [::Integer]
304
- # Optional. Optional limit on the number of {::Google::Cloud::Kms::V1::KeyRing KeyRings} to include in the
305
- # response. Further {::Google::Cloud::Kms::V1::KeyRing KeyRings} can subsequently be obtained by
306
- # including the {::Google::Cloud::Kms::V1::ListKeyRingsResponse#next_page_token ListKeyRingsResponse.next_page_token} in a subsequent
307
- # request. If unspecified, the server will pick an appropriate default.
305
+ # Optional. Optional limit on the number of
306
+ # {::Google::Cloud::Kms::V1::KeyRing KeyRings} to include in the response. Further
307
+ # {::Google::Cloud::Kms::V1::KeyRing KeyRings} can subsequently be obtained by
308
+ # including the
309
+ # {::Google::Cloud::Kms::V1::ListKeyRingsResponse#next_page_token ListKeyRingsResponse.next_page_token}
310
+ # in a subsequent request. If unspecified, the server will pick an
311
+ # appropriate default.
308
312
  # @param page_token [::String]
309
313
  # Optional. Optional pagination token, returned earlier via
310
314
  # {::Google::Cloud::Kms::V1::ListKeyRingsResponse#next_page_token ListKeyRingsResponse.next_page_token}.
@@ -409,13 +413,16 @@ module Google
409
413
  # the default parameter values, pass an empty Hash as a request object (see above).
410
414
  #
411
415
  # @param parent [::String]
412
- # Required. The resource name of the {::Google::Cloud::Kms::V1::KeyRing KeyRing} to list, in the format
413
- # `projects/*/locations/*/keyRings/*`.
416
+ # Required. The resource name of the {::Google::Cloud::Kms::V1::KeyRing KeyRing}
417
+ # to list, in the format `projects/*/locations/*/keyRings/*`.
414
418
  # @param page_size [::Integer]
415
- # Optional. Optional limit on the number of {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} to include in the
416
- # response. Further {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} can subsequently be obtained by
417
- # including the {::Google::Cloud::Kms::V1::ListCryptoKeysResponse#next_page_token ListCryptoKeysResponse.next_page_token} in a subsequent
418
- # request. If unspecified, the server will pick an appropriate default.
419
+ # Optional. Optional limit on the number of
420
+ # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} to include in the response.
421
+ # Further {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} can subsequently be
422
+ # obtained by including the
423
+ # {::Google::Cloud::Kms::V1::ListCryptoKeysResponse#next_page_token ListCryptoKeysResponse.next_page_token}
424
+ # in a subsequent request. If unspecified, the server will pick an
425
+ # appropriate default.
419
426
  # @param page_token [::String]
420
427
  # Optional. Optional pagination token, returned earlier via
421
428
  # {::Google::Cloud::Kms::V1::ListCryptoKeysResponse#next_page_token ListCryptoKeysResponse.next_page_token}.
@@ -522,14 +529,17 @@ module Google
522
529
  # the default parameter values, pass an empty Hash as a request object (see above).
523
530
  #
524
531
  # @param parent [::String]
525
- # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to list, in the format
532
+ # Required. The resource name of the
533
+ # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to list, in the format
526
534
  # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
527
535
  # @param page_size [::Integer]
528
- # Optional. Optional limit on the number of {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} to
529
- # include in the response. Further {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} can
530
- # subsequently be obtained by including the
531
- # {::Google::Cloud::Kms::V1::ListCryptoKeyVersionsResponse#next_page_token ListCryptoKeyVersionsResponse.next_page_token} in a subsequent request.
532
- # If unspecified, the server will pick an appropriate default.
536
+ # Optional. Optional limit on the number of
537
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} to include in the
538
+ # response. Further {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}
539
+ # can subsequently be obtained by including the
540
+ # {::Google::Cloud::Kms::V1::ListCryptoKeyVersionsResponse#next_page_token ListCryptoKeyVersionsResponse.next_page_token}
541
+ # in a subsequent request. If unspecified, the server will pick an
542
+ # appropriate default.
533
543
  # @param page_token [::String]
534
544
  # Optional. Optional pagination token, returned earlier via
535
545
  # {::Google::Cloud::Kms::V1::ListCryptoKeyVersionsResponse#next_page_token ListCryptoKeyVersionsResponse.next_page_token}.
@@ -636,13 +646,16 @@ module Google
636
646
  # the default parameter values, pass an empty Hash as a request object (see above).
637
647
  #
638
648
  # @param parent [::String]
639
- # Required. The resource name of the {::Google::Cloud::Kms::V1::KeyRing KeyRing} to list, in the format
640
- # `projects/*/locations/*/keyRings/*`.
649
+ # Required. The resource name of the {::Google::Cloud::Kms::V1::KeyRing KeyRing}
650
+ # to list, in the format `projects/*/locations/*/keyRings/*`.
641
651
  # @param page_size [::Integer]
642
- # Optional. Optional limit on the number of {::Google::Cloud::Kms::V1::ImportJob ImportJobs} to include in the
643
- # response. Further {::Google::Cloud::Kms::V1::ImportJob ImportJobs} can subsequently be obtained by
644
- # including the {::Google::Cloud::Kms::V1::ListImportJobsResponse#next_page_token ListImportJobsResponse.next_page_token} in a subsequent
645
- # request. If unspecified, the server will pick an appropriate default.
652
+ # Optional. Optional limit on the number of
653
+ # {::Google::Cloud::Kms::V1::ImportJob ImportJobs} to include in the response.
654
+ # Further {::Google::Cloud::Kms::V1::ImportJob ImportJobs} can subsequently be
655
+ # obtained by including the
656
+ # {::Google::Cloud::Kms::V1::ListImportJobsResponse#next_page_token ListImportJobsResponse.next_page_token}
657
+ # in a subsequent request. If unspecified, the server will pick an
658
+ # appropriate default.
646
659
  # @param page_token [::String]
647
660
  # Optional. Optional pagination token, returned earlier via
648
661
  # {::Google::Cloud::Kms::V1::ListImportJobsResponse#next_page_token ListImportJobsResponse.next_page_token}.
@@ -747,7 +760,8 @@ module Google
747
760
  # the default parameter values, pass an empty Hash as a request object (see above).
748
761
  #
749
762
  # @param name [::String]
750
- # Required. The {::Google::Cloud::Kms::V1::KeyRing#name name} of the {::Google::Cloud::Kms::V1::KeyRing KeyRing} to get.
763
+ # Required. The {::Google::Cloud::Kms::V1::KeyRing#name name} of the
764
+ # {::Google::Cloud::Kms::V1::KeyRing KeyRing} to get.
751
765
  #
752
766
  # @yield [response, operation] Access the result along with the RPC operation
753
767
  # @yieldparam response [::Google::Cloud::Kms::V1::KeyRing]
@@ -814,8 +828,9 @@ module Google
814
828
  end
815
829
 
816
830
  ##
817
- # Returns metadata for a given {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}, as well as its
818
- # {::Google::Cloud::Kms::V1::CryptoKey#primary primary} {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
831
+ # Returns metadata for a given {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}, as
832
+ # well as its {::Google::Cloud::Kms::V1::CryptoKey#primary primary}
833
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
819
834
  #
820
835
  # @overload get_crypto_key(request, options = nil)
821
836
  # Pass arguments to `get_crypto_key` via a request object, either of type
@@ -833,7 +848,8 @@ module Google
833
848
  # the default parameter values, pass an empty Hash as a request object (see above).
834
849
  #
835
850
  # @param name [::String]
836
- # Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to get.
851
+ # Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the
852
+ # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to get.
837
853
  #
838
854
  # @yield [response, operation] Access the result along with the RPC operation
839
855
  # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKey]
@@ -900,7 +916,8 @@ module Google
900
916
  end
901
917
 
902
918
  ##
903
- # Returns metadata for a given {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
919
+ # Returns metadata for a given
920
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
904
921
  #
905
922
  # @overload get_crypto_key_version(request, options = nil)
906
923
  # Pass arguments to `get_crypto_key_version` via a request object, either of type
@@ -918,7 +935,8 @@ module Google
918
935
  # the default parameter values, pass an empty Hash as a request object (see above).
919
936
  #
920
937
  # @param name [::String]
921
- # Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to get.
938
+ # Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the
939
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to get.
922
940
  #
923
941
  # @yield [response, operation] Access the result along with the RPC operation
924
942
  # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion]
@@ -985,9 +1003,11 @@ module Google
985
1003
  end
986
1004
 
987
1005
  ##
988
- # Returns the public key for the given {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. The
1006
+ # Returns the public key for the given
1007
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. The
989
1008
  # {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} must be
990
- # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ASYMMETRIC_SIGN ASYMMETRIC_SIGN} or
1009
+ # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ASYMMETRIC_SIGN ASYMMETRIC_SIGN}
1010
+ # or
991
1011
  # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ASYMMETRIC_DECRYPT ASYMMETRIC_DECRYPT}.
992
1012
  #
993
1013
  # @overload get_public_key(request, options = nil)
@@ -1006,8 +1026,8 @@ module Google
1006
1026
  # the default parameter values, pass an empty Hash as a request object (see above).
1007
1027
  #
1008
1028
  # @param name [::String]
1009
- # Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} public key to
1010
- # get.
1029
+ # Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the
1030
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} public key to get.
1011
1031
  #
1012
1032
  # @yield [response, operation] Access the result along with the RPC operation
1013
1033
  # @yieldparam response [::Google::Cloud::Kms::V1::PublicKey]
@@ -1092,7 +1112,8 @@ module Google
1092
1112
  # the default parameter values, pass an empty Hash as a request object (see above).
1093
1113
  #
1094
1114
  # @param name [::String]
1095
- # Required. The {::Google::Cloud::Kms::V1::ImportJob#name name} of the {::Google::Cloud::Kms::V1::ImportJob ImportJob} to get.
1115
+ # Required. The {::Google::Cloud::Kms::V1::ImportJob#name name} of the
1116
+ # {::Google::Cloud::Kms::V1::ImportJob ImportJob} to get.
1096
1117
  #
1097
1118
  # @yield [response, operation] Access the result along with the RPC operation
1098
1119
  # @yieldparam response [::Google::Cloud::Kms::V1::ImportJob]
@@ -1159,7 +1180,8 @@ module Google
1159
1180
  end
1160
1181
 
1161
1182
  ##
1162
- # Create a new {::Google::Cloud::Kms::V1::KeyRing KeyRing} in a given Project and Location.
1183
+ # Create a new {::Google::Cloud::Kms::V1::KeyRing KeyRing} in a given Project and
1184
+ # Location.
1163
1185
  #
1164
1186
  # @overload create_key_ring(request, options = nil)
1165
1187
  # Pass arguments to `create_key_ring` via a request object, either of type
@@ -1178,12 +1200,14 @@ module Google
1178
1200
  #
1179
1201
  # @param parent [::String]
1180
1202
  # Required. The resource name of the location associated with the
1181
- # {::Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format `projects/*/locations/*`.
1203
+ # {::Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format
1204
+ # `projects/*/locations/*`.
1182
1205
  # @param key_ring_id [::String]
1183
1206
  # Required. It must be unique within a location and match the regular
1184
1207
  # expression `[a-zA-Z0-9_-]{1,63}`
1185
1208
  # @param key_ring [::Google::Cloud::Kms::V1::KeyRing, ::Hash]
1186
- # Required. A {::Google::Cloud::Kms::V1::KeyRing KeyRing} with initial field values.
1209
+ # Required. A {::Google::Cloud::Kms::V1::KeyRing KeyRing} with initial field
1210
+ # values.
1187
1211
  #
1188
1212
  # @yield [response, operation] Access the result along with the RPC operation
1189
1213
  # @yieldparam response [::Google::Cloud::Kms::V1::KeyRing]
@@ -1250,7 +1274,8 @@ module Google
1250
1274
  end
1251
1275
 
1252
1276
  ##
1253
- # Create a new {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} within a {::Google::Cloud::Kms::V1::KeyRing KeyRing}.
1277
+ # Create a new {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} within a
1278
+ # {::Google::Cloud::Kms::V1::KeyRing KeyRing}.
1254
1279
  #
1255
1280
  # {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} and
1256
1281
  # {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#algorithm CryptoKey.version_template.algorithm}
@@ -1272,17 +1297,21 @@ module Google
1272
1297
  # the default parameter values, pass an empty Hash as a request object (see above).
1273
1298
  #
1274
1299
  # @param parent [::String]
1275
- # Required. The {::Google::Cloud::Kms::V1::KeyRing#name name} of the KeyRing associated with the
1276
- # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys}.
1300
+ # Required. The {::Google::Cloud::Kms::V1::KeyRing#name name} of the KeyRing
1301
+ # associated with the {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys}.
1277
1302
  # @param crypto_key_id [::String]
1278
1303
  # Required. It must be unique within a KeyRing and match the regular
1279
1304
  # expression `[a-zA-Z0-9_-]{1,63}`
1280
1305
  # @param crypto_key [::Google::Cloud::Kms::V1::CryptoKey, ::Hash]
1281
- # Required. A {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} with initial field values.
1306
+ # Required. A {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} with initial field
1307
+ # values.
1282
1308
  # @param skip_initial_version_creation [::Boolean]
1283
- # If set to true, the request will create a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} without any
1284
- # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}. You must manually call
1285
- # {::Google::Cloud::Kms::V1::KeyManagementService::Client#create_crypto_key_version CreateCryptoKeyVersion} or
1309
+ # If set to true, the request will create a
1310
+ # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} without any
1311
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}. You must
1312
+ # manually call
1313
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client#create_crypto_key_version CreateCryptoKeyVersion}
1314
+ # or
1286
1315
  # {::Google::Cloud::Kms::V1::KeyManagementService::Client#import_crypto_key_version ImportCryptoKeyVersion}
1287
1316
  # before you can use this {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
1288
1317
  #
@@ -1351,7 +1380,8 @@ module Google
1351
1380
  end
1352
1381
 
1353
1382
  ##
1354
- # Create a new {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} in a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
1383
+ # Create a new {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} in a
1384
+ # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
1355
1385
  #
1356
1386
  # The server will assign the next sequential id. If unset,
1357
1387
  # {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state} will be set to
@@ -1373,10 +1403,12 @@ module Google
1373
1403
  # the default parameter values, pass an empty Hash as a request object (see above).
1374
1404
  #
1375
1405
  # @param parent [::String]
1376
- # Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} associated with
1377
- # the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}.
1406
+ # Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the
1407
+ # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} associated with the
1408
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}.
1378
1409
  # @param crypto_key_version [::Google::Cloud::Kms::V1::CryptoKeyVersion, ::Hash]
1379
- # Required. A {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with initial field values.
1410
+ # Required. A {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with
1411
+ # initial field values.
1380
1412
  #
1381
1413
  # @yield [response, operation] Access the result along with the RPC operation
1382
1414
  # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion]
@@ -1443,12 +1475,14 @@ module Google
1443
1475
  end
1444
1476
 
1445
1477
  ##
1446
- # Import wrapped key material into a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
1478
+ # Import wrapped key material into a
1479
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
1447
1480
  #
1448
- # All requests must specify a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. If a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} is
1449
- # additionally specified in the request, key material will be reimported into
1450
- # that version. Otherwise, a new version will be created, and will be
1451
- # assigned the next sequential id within the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
1481
+ # All requests must specify a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. If
1482
+ # a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} is additionally
1483
+ # specified in the request, key material will be reimported into that
1484
+ # version. Otherwise, a new version will be created, and will be assigned the
1485
+ # next sequential id within the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
1452
1486
  #
1453
1487
  # @overload import_crypto_key_version(request, options = nil)
1454
1488
  # Pass arguments to `import_crypto_key_version` via a request object, either of type
@@ -1466,34 +1500,42 @@ module Google
1466
1500
  # the default parameter values, pass an empty Hash as a request object (see above).
1467
1501
  #
1468
1502
  # @param parent [::String]
1469
- # Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to be imported into.
1503
+ # Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the
1504
+ # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to be imported into.
1470
1505
  #
1471
1506
  # The create permission is only required on this key when creating a new
1472
1507
  # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
1473
1508
  # @param crypto_key_version [::String]
1474
- # Optional. The optional {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of an existing
1475
- # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to target for an import operation.
1476
- # If this field is not present, a new {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} containing the
1509
+ # Optional. The optional {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of
1510
+ # an existing {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to
1511
+ # target for an import operation. If this field is not present, a new
1512
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} containing the
1477
1513
  # supplied key material is created.
1478
1514
  #
1479
1515
  # If this field is present, the supplied key material is imported into
1480
- # the existing {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. To import into an existing
1481
- # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}, the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} must be a child of
1482
- # {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#parent ImportCryptoKeyVersionRequest.parent}, have been previously created via
1483
- # [ImportCryptoKeyVersion][], and be in
1484
- # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED} or
1516
+ # the existing {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. To
1517
+ # import into an existing
1518
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}, the
1519
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} must be a child of
1520
+ # {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#parent ImportCryptoKeyVersionRequest.parent},
1521
+ # have been previously created via [ImportCryptoKeyVersion][], and be in
1522
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED}
1523
+ # or
1485
1524
  # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::IMPORT_FAILED IMPORT_FAILED}
1486
1525
  # state. The key material and algorithm must match the previous
1487
- # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} exactly if the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} has ever contained
1526
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} exactly if the
1527
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} has ever contained
1488
1528
  # key material.
1489
1529
  # @param algorithm [::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm]
1490
- # Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm algorithm} of
1491
- # the key being imported. This does not need to match the
1492
- # {::Google::Cloud::Kms::V1::CryptoKey#version_template version_template} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} this
1493
- # version imports into.
1530
+ # Required. The
1531
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm algorithm}
1532
+ # of the key being imported. This does not need to match the
1533
+ # {::Google::Cloud::Kms::V1::CryptoKey#version_template version_template} of the
1534
+ # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} this version imports into.
1494
1535
  # @param import_job [::String]
1495
- # Required. The {::Google::Cloud::Kms::V1::ImportJob#name name} of the {::Google::Cloud::Kms::V1::ImportJob ImportJob} that was used to
1496
- # wrap this key material.
1536
+ # Required. The {::Google::Cloud::Kms::V1::ImportJob#name name} of the
1537
+ # {::Google::Cloud::Kms::V1::ImportJob ImportJob} that was used to wrap this key
1538
+ # material.
1497
1539
  # @param rsa_aes_wrapped_key [::String]
1498
1540
  # Wrapped key material produced with
1499
1541
  # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA1_AES_256 RSA_OAEP_3072_SHA1_AES_256}
@@ -1503,8 +1545,9 @@ module Google
1503
1545
  # This field contains the concatenation of two wrapped keys:
1504
1546
  # <ol>
1505
1547
  # <li>An ephemeral AES-256 wrapping key wrapped with the
1506
- # {::Google::Cloud::Kms::V1::ImportJob#public_key public_key} using RSAES-OAEP with SHA-1,
1507
- # MGF1 with SHA-1, and an empty label.
1548
+ # {::Google::Cloud::Kms::V1::ImportJob#public_key public_key} using
1549
+ # RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an
1550
+ # empty label.
1508
1551
  # </li>
1509
1552
  # <li>The key to be imported, wrapped with the ephemeral AES-256 key
1510
1553
  # using AES-KWP (RFC 5649).
@@ -1584,9 +1627,11 @@ module Google
1584
1627
  end
1585
1628
 
1586
1629
  ##
1587
- # Create a new {::Google::Cloud::Kms::V1::ImportJob ImportJob} within a {::Google::Cloud::Kms::V1::KeyRing KeyRing}.
1630
+ # Create a new {::Google::Cloud::Kms::V1::ImportJob ImportJob} within a
1631
+ # {::Google::Cloud::Kms::V1::KeyRing KeyRing}.
1588
1632
  #
1589
- # {::Google::Cloud::Kms::V1::ImportJob#import_method ImportJob.import_method} is required.
1633
+ # {::Google::Cloud::Kms::V1::ImportJob#import_method ImportJob.import_method} is
1634
+ # required.
1590
1635
  #
1591
1636
  # @overload create_import_job(request, options = nil)
1592
1637
  # Pass arguments to `create_import_job` via a request object, either of type
@@ -1604,13 +1649,15 @@ module Google
1604
1649
  # the default parameter values, pass an empty Hash as a request object (see above).
1605
1650
  #
1606
1651
  # @param parent [::String]
1607
- # Required. The {::Google::Cloud::Kms::V1::KeyRing#name name} of the {::Google::Cloud::Kms::V1::KeyRing KeyRing} associated with the
1652
+ # Required. The {::Google::Cloud::Kms::V1::KeyRing#name name} of the
1653
+ # {::Google::Cloud::Kms::V1::KeyRing KeyRing} associated with the
1608
1654
  # {::Google::Cloud::Kms::V1::ImportJob ImportJobs}.
1609
1655
  # @param import_job_id [::String]
1610
1656
  # Required. It must be unique within a KeyRing and match the regular
1611
1657
  # expression `[a-zA-Z0-9_-]{1,63}`
1612
1658
  # @param import_job [::Google::Cloud::Kms::V1::ImportJob, ::Hash]
1613
- # Required. An {::Google::Cloud::Kms::V1::ImportJob ImportJob} with initial field values.
1659
+ # Required. An {::Google::Cloud::Kms::V1::ImportJob ImportJob} with initial field
1660
+ # values.
1614
1661
  #
1615
1662
  # @yield [response, operation] Access the result along with the RPC operation
1616
1663
  # @yieldparam response [::Google::Cloud::Kms::V1::ImportJob]
@@ -1764,13 +1811,18 @@ module Google
1764
1811
  end
1765
1812
 
1766
1813
  ##
1767
- # Update a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s metadata.
1814
+ # Update a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s
1815
+ # metadata.
1768
1816
  #
1769
1817
  # {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state} may be changed between
1770
- # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED} and
1771
- # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DISABLED DISABLED} using this
1772
- # method. See {::Google::Cloud::Kms::V1::KeyManagementService::Client#destroy_crypto_key_version DestroyCryptoKeyVersion} and {::Google::Cloud::Kms::V1::KeyManagementService::Client#restore_crypto_key_version RestoreCryptoKeyVersion} to
1773
- # move between other states.
1818
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED}
1819
+ # and
1820
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DISABLED DISABLED}
1821
+ # using this method. See
1822
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client#destroy_crypto_key_version DestroyCryptoKeyVersion}
1823
+ # and
1824
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client#restore_crypto_key_version RestoreCryptoKeyVersion}
1825
+ # to move between other states.
1774
1826
  #
1775
1827
  # @overload update_crypto_key_version(request, options = nil)
1776
1828
  # Pass arguments to `update_crypto_key_version` via a request object, either of type
@@ -1788,7 +1840,8 @@ module Google
1788
1840
  # the default parameter values, pass an empty Hash as a request object (see above).
1789
1841
  #
1790
1842
  # @param crypto_key_version [::Google::Cloud::Kms::V1::CryptoKeyVersion, ::Hash]
1791
- # Required. {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with updated values.
1843
+ # Required. {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with
1844
+ # updated values.
1792
1845
  # @param update_mask [::Google::Protobuf::FieldMask, ::Hash]
1793
1846
  # Required. List of fields to be updated in this request.
1794
1847
  #
@@ -1857,7 +1910,9 @@ module Google
1857
1910
  end
1858
1911
 
1859
1912
  ##
1860
- # Update the version of a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} that will be used in {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt}.
1913
+ # Update the version of a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} that
1914
+ # will be used in
1915
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt}.
1861
1916
  #
1862
1917
  # Returns an error if called on a key whose purpose is not
1863
1918
  # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.
@@ -1878,9 +1933,11 @@ module Google
1878
1933
  # the default parameter values, pass an empty Hash as a request object (see above).
1879
1934
  #
1880
1935
  # @param name [::String]
1881
- # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to update.
1936
+ # Required. The resource name of the
1937
+ # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to update.
1882
1938
  # @param crypto_key_version_id [::String]
1883
- # Required. The id of the child {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use as primary.
1939
+ # Required. The id of the child
1940
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use as primary.
1884
1941
  #
1885
1942
  # @yield [response, operation] Access the result along with the RPC operation
1886
1943
  # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKey]
@@ -1947,19 +2004,27 @@ module Google
1947
2004
  end
1948
2005
 
1949
2006
  ##
1950
- # Schedule a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} for destruction.
2007
+ # Schedule a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} for
2008
+ # destruction.
1951
2009
  #
1952
- # Upon calling this method, {::Google::Cloud::Kms::V1::CryptoKeyVersion#state CryptoKeyVersion.state} will be set to
2010
+ # Upon calling this method,
2011
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion#state CryptoKeyVersion.state} will
2012
+ # be set to
1953
2013
  # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED},
1954
- # and {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will be set to the time
1955
- # {::Google::Cloud::Kms::V1::CryptoKey#destroy_scheduled_duration destroy_scheduled_duration} in the
1956
- # future. At that time, the {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state} will
1957
- # automatically change to
1958
- # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED}, and the key
1959
- # material will be irrevocably destroyed.
1960
- #
1961
- # Before the {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} is reached,
1962
- # {::Google::Cloud::Kms::V1::KeyManagementService::Client#restore_crypto_key_version RestoreCryptoKeyVersion} may be called to reverse the process.
2014
+ # and {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will
2015
+ # be set to the time
2016
+ # {::Google::Cloud::Kms::V1::CryptoKey#destroy_scheduled_duration destroy_scheduled_duration}
2017
+ # in the future. At that time, the
2018
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state} will automatically
2019
+ # change to
2020
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED},
2021
+ # and the key material will be irrevocably destroyed.
2022
+ #
2023
+ # Before the
2024
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} is
2025
+ # reached,
2026
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client#restore_crypto_key_version RestoreCryptoKeyVersion}
2027
+ # may be called to reverse the process.
1963
2028
  #
1964
2029
  # @overload destroy_crypto_key_version(request, options = nil)
1965
2030
  # Pass arguments to `destroy_crypto_key_version` via a request object, either of type
@@ -1977,7 +2042,8 @@ module Google
1977
2042
  # the default parameter values, pass an empty Hash as a request object (see above).
1978
2043
  #
1979
2044
  # @param name [::String]
1980
- # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to destroy.
2045
+ # Required. The resource name of the
2046
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to destroy.
1981
2047
  #
1982
2048
  # @yield [response, operation] Access the result along with the RPC operation
1983
2049
  # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion]
@@ -2048,9 +2114,11 @@ module Google
2048
2114
  # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED}
2049
2115
  # state.
2050
2116
  #
2051
- # Upon restoration of the CryptoKeyVersion, {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state}
2052
- # will be set to {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DISABLED DISABLED},
2053
- # and {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will be cleared.
2117
+ # Upon restoration of the CryptoKeyVersion,
2118
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state} will be set to
2119
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DISABLED DISABLED},
2120
+ # and {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will
2121
+ # be cleared.
2054
2122
  #
2055
2123
  # @overload restore_crypto_key_version(request, options = nil)
2056
2124
  # Pass arguments to `restore_crypto_key_version` via a request object, either of type
@@ -2068,7 +2136,8 @@ module Google
2068
2136
  # the default parameter values, pass an empty Hash as a request object (see above).
2069
2137
  #
2070
2138
  # @param name [::String]
2071
- # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to restore.
2139
+ # Required. The resource name of the
2140
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to restore.
2072
2141
  #
2073
2142
  # @yield [response, operation] Access the result along with the RPC operation
2074
2143
  # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion]
@@ -2135,8 +2204,9 @@ module Google
2135
2204
  end
2136
2205
 
2137
2206
  ##
2138
- # Encrypts data, so that it can only be recovered by a call to {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt Decrypt}.
2139
- # The {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} must be
2207
+ # Encrypts data, so that it can only be recovered by a call to
2208
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt Decrypt}. The
2209
+ # {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} must be
2140
2210
  # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.
2141
2211
  #
2142
2212
  # @overload encrypt(request, options = nil)
@@ -2155,59 +2225,75 @@ module Google
2155
2225
  # the default parameter values, pass an empty Hash as a request object (see above).
2156
2226
  #
2157
2227
  # @param name [::String]
2158
- # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} or {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
2159
- # to use for encryption.
2228
+ # Required. The resource name of the
2229
+ # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} or
2230
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
2231
+ # encryption.
2160
2232
  #
2161
- # If a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} is specified, the server will use its
2162
- # {::Google::Cloud::Kms::V1::CryptoKey#primary primary version}.
2233
+ # If a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} is specified, the server
2234
+ # will use its {::Google::Cloud::Kms::V1::CryptoKey#primary primary version}.
2163
2235
  # @param plaintext [::String]
2164
2236
  # Required. The data to encrypt. Must be no larger than 64KiB.
2165
2237
  #
2166
2238
  # The maximum size depends on the key version's
2167
- # {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}. For
2168
- # {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the plaintext must be no larger
2169
- # than 64KiB. For {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of the
2170
- # plaintext and additional_authenticated_data fields must be no larger than
2171
- # 8KiB.
2239
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
2240
+ # For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the
2241
+ # plaintext must be no larger than 64KiB. For
2242
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
2243
+ # the plaintext and additional_authenticated_data fields must be no larger
2244
+ # than 8KiB.
2172
2245
  # @param additional_authenticated_data [::String]
2173
- # Optional. Optional data that, if specified, must also be provided during decryption
2174
- # through {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}.
2246
+ # Optional. Optional data that, if specified, must also be provided during
2247
+ # decryption through
2248
+ # {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}.
2175
2249
  #
2176
2250
  # The maximum size depends on the key version's
2177
- # {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}. For
2178
- # {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the AAD must be no larger than
2179
- # 64KiB. For {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of the
2180
- # plaintext and additional_authenticated_data fields must be no larger than
2181
- # 8KiB.
2251
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
2252
+ # For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the AAD
2253
+ # must be no larger than 64KiB. For
2254
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
2255
+ # the plaintext and additional_authenticated_data fields must be no larger
2256
+ # than 8KiB.
2182
2257
  # @param plaintext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
2183
- # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}. If
2184
- # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
2185
- # received {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext} using this checksum.
2186
- # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
2187
- # fails. If you receive a checksum error, your client should verify that
2188
- # CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}) is equal to
2189
- # {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c}, and if so, perform a limited number of
2190
- # retries. A persistent mismatch may indicate an issue in your computation of
2191
- # the CRC32C checksum.
2192
- # Note: This field is defined as int64 for reasons of compatibility across
2193
- # different languages. However, it is a non-negative integer, which will
2194
- # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
2195
- # that support this type.
2258
+ # Optional. An optional CRC32C checksum of the
2259
+ # {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}.
2260
+ # If specified,
2261
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
2262
+ # verify the integrity of the received
2263
+ # {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}
2264
+ # using this checksum.
2265
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
2266
+ # report an error if the checksum verification fails. If you receive a
2267
+ # checksum error, your client should verify that
2268
+ # CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext})
2269
+ # is equal to
2270
+ # {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c},
2271
+ # and if so, perform a limited number of retries. A persistent mismatch may
2272
+ # indicate an issue in your computation of the CRC32C checksum. Note: This
2273
+ # field is defined as int64 for reasons of compatibility across different
2274
+ # languages. However, it is a non-negative integer, which will never exceed
2275
+ # 2^32-1, and can be safely downconverted to uint32 in languages that support
2276
+ # this type.
2196
2277
  # @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
2197
2278
  # Optional. An optional CRC32C checksum of the
2198
- # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}. If specified,
2199
- # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
2200
- # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data} using this checksum.
2201
- # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
2202
- # fails. If you receive a checksum error, your client should verify that
2203
- # CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}) is equal to
2204
- # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c}, and if so, perform
2205
- # a limited number of retries. A persistent mismatch may indicate an issue in
2206
- # your computation of the CRC32C checksum.
2207
- # Note: This field is defined as int64 for reasons of compatibility across
2208
- # different languages. However, it is a non-negative integer, which will
2209
- # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
2210
- # that support this type.
2279
+ # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}.
2280
+ # If specified,
2281
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
2282
+ # verify the integrity of the received
2283
+ # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}
2284
+ # using this checksum.
2285
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
2286
+ # report an error if the checksum verification fails. If you receive a
2287
+ # checksum error, your client should verify that
2288
+ # CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data})
2289
+ # is equal to
2290
+ # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c},
2291
+ # and if so, perform a limited number of retries. A persistent mismatch may
2292
+ # indicate an issue in your computation of the CRC32C checksum. Note: This
2293
+ # field is defined as int64 for reasons of compatibility across different
2294
+ # languages. However, it is a non-negative integer, which will never exceed
2295
+ # 2^32-1, and can be safely downconverted to uint32 in languages that support
2296
+ # this type.
2211
2297
  #
2212
2298
  # @yield [response, operation] Access the result along with the RPC operation
2213
2299
  # @yieldparam response [::Google::Cloud::Kms::V1::EncryptResponse]
@@ -2274,8 +2360,10 @@ module Google
2274
2360
  end
2275
2361
 
2276
2362
  ##
2277
- # Decrypts data that was protected by {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt}. The {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose}
2278
- # must be {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.
2363
+ # Decrypts data that was protected by
2364
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt}. The
2365
+ # {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} must be
2366
+ # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.
2279
2367
  #
2280
2368
  # @overload decrypt(request, options = nil)
2281
2369
  # Pass arguments to `decrypt` via a request object, either of type
@@ -2293,8 +2381,9 @@ module Google
2293
2381
  # the default parameter values, pass an empty Hash as a request object (see above).
2294
2382
  #
2295
2383
  # @param name [::String]
2296
- # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to use for decryption.
2297
- # The server will choose the appropriate version.
2384
+ # Required. The resource name of the
2385
+ # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to use for decryption. The
2386
+ # server will choose the appropriate version.
2298
2387
  # @param ciphertext [::String]
2299
2388
  # Required. The encrypted data originally returned in
2300
2389
  # {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext}.
@@ -2302,34 +2391,45 @@ module Google
2302
2391
  # Optional. Optional data that must match the data originally supplied in
2303
2392
  # {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}.
2304
2393
  # @param ciphertext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
2305
- # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}. If
2306
- # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
2307
- # received {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext} using this checksum.
2308
- # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
2309
- # fails. If you receive a checksum error, your client should verify that
2310
- # CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}) is equal to
2311
- # {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext_crc32c DecryptRequest.ciphertext_crc32c}, and if so, perform a limited number
2312
- # of retries. A persistent mismatch may indicate an issue in your computation
2313
- # of the CRC32C checksum.
2314
- # Note: This field is defined as int64 for reasons of compatibility across
2315
- # different languages. However, it is a non-negative integer, which will
2316
- # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
2317
- # that support this type.
2394
+ # Optional. An optional CRC32C checksum of the
2395
+ # {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}.
2396
+ # If specified,
2397
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
2398
+ # verify the integrity of the received
2399
+ # {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}
2400
+ # using this checksum.
2401
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
2402
+ # report an error if the checksum verification fails. If you receive a
2403
+ # checksum error, your client should verify that
2404
+ # CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext})
2405
+ # is equal to
2406
+ # {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext_crc32c DecryptRequest.ciphertext_crc32c},
2407
+ # and if so, perform a limited number of retries. A persistent mismatch may
2408
+ # indicate an issue in your computation of the CRC32C checksum. Note: This
2409
+ # field is defined as int64 for reasons of compatibility across different
2410
+ # languages. However, it is a non-negative integer, which will never exceed
2411
+ # 2^32-1, and can be safely downconverted to uint32 in languages that support
2412
+ # this type.
2318
2413
  # @param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
2319
2414
  # Optional. An optional CRC32C checksum of the
2320
- # {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}. If specified,
2321
- # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
2322
- # {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data} using this checksum.
2323
- # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
2324
- # fails. If you receive a checksum error, your client should verify that
2325
- # CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}) is equal to
2326
- # {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data_crc32c DecryptRequest.additional_authenticated_data_crc32c}, and if so, perform
2327
- # a limited number of retries. A persistent mismatch may indicate an issue in
2328
- # your computation of the CRC32C checksum.
2329
- # Note: This field is defined as int64 for reasons of compatibility across
2330
- # different languages. However, it is a non-negative integer, which will
2331
- # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
2332
- # that support this type.
2415
+ # {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}.
2416
+ # If specified,
2417
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
2418
+ # verify the integrity of the received
2419
+ # {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}
2420
+ # using this checksum.
2421
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
2422
+ # report an error if the checksum verification fails. If you receive a
2423
+ # checksum error, your client should verify that
2424
+ # CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data})
2425
+ # is equal to
2426
+ # {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data_crc32c DecryptRequest.additional_authenticated_data_crc32c},
2427
+ # and if so, perform a limited number of retries. A persistent mismatch may
2428
+ # indicate an issue in your computation of the CRC32C checksum. Note: This
2429
+ # field is defined as int64 for reasons of compatibility across different
2430
+ # languages. However, it is a non-negative integer, which will never exceed
2431
+ # 2^32-1, and can be safely downconverted to uint32 in languages that support
2432
+ # this type.
2333
2433
  #
2334
2434
  # @yield [response, operation] Access the result along with the RPC operation
2335
2435
  # @yieldparam response [::Google::Cloud::Kms::V1::DecryptResponse]
@@ -2396,9 +2496,11 @@ module Google
2396
2496
  end
2397
2497
 
2398
2498
  ##
2399
- # Signs data using a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose}
2499
+ # Signs data using a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
2500
+ # with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose}
2400
2501
  # ASYMMETRIC_SIGN, producing a signature that can be verified with the public
2401
- # key retrieved from {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
2502
+ # key retrieved from
2503
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
2402
2504
  #
2403
2505
  # @overload asymmetric_sign(request, options = nil)
2404
2506
  # Pass arguments to `asymmetric_sign` via a request object, either of type
@@ -2416,43 +2518,62 @@ module Google
2416
2518
  # the default parameter values, pass an empty Hash as a request object (see above).
2417
2519
  #
2418
2520
  # @param name [::String]
2419
- # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for signing.
2521
+ # Required. The resource name of the
2522
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
2523
+ # signing.
2420
2524
  # @param digest [::Google::Cloud::Kms::V1::Digest, ::Hash]
2421
2525
  # Optional. The digest of the data to sign. The digest must be produced with
2422
2526
  # the same digest algorithm as specified by the key version's
2423
2527
  # {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm}.
2528
+ #
2529
+ # This field may not be supplied if
2530
+ # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}
2531
+ # is supplied.
2424
2532
  # @param digest_crc32c [::Google::Protobuf::Int64Value, ::Hash]
2425
- # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}. If
2426
- # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
2427
- # received {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest} using this checksum.
2428
- # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
2429
- # fails. If you receive a checksum error, your client should verify that
2430
- # CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}) is equal to
2431
- # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c}, and if so, perform a limited
2432
- # number of retries. A persistent mismatch may indicate an issue in your
2433
- # computation of the CRC32C checksum.
2434
- # Note: This field is defined as int64 for reasons of compatibility across
2435
- # different languages. However, it is a non-negative integer, which will
2436
- # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
2437
- # that support this type.
2533
+ # Optional. An optional CRC32C checksum of the
2534
+ # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}.
2535
+ # If specified,
2536
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
2537
+ # verify the integrity of the received
2538
+ # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}
2539
+ # using this checksum.
2540
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
2541
+ # report an error if the checksum verification fails. If you receive a
2542
+ # checksum error, your client should verify that
2543
+ # CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest})
2544
+ # is equal to
2545
+ # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c},
2546
+ # and if so, perform a limited number of retries. A persistent mismatch may
2547
+ # indicate an issue in your computation of the CRC32C checksum. Note: This
2548
+ # field is defined as int64 for reasons of compatibility across different
2549
+ # languages. However, it is a non-negative integer, which will never exceed
2550
+ # 2^32-1, and can be safely downconverted to uint32 in languages that support
2551
+ # this type.
2438
2552
  # @param data [::String]
2439
- # Optional. This field will only be honored for RAW_PKCS1 keys.
2440
- # The data to sign. A digest is computed over the data that will be signed,
2441
- # PKCS #1 padding is applied to the digest directly and then encrypted.
2553
+ # Optional. The data to sign.
2554
+ # It can't be supplied if
2555
+ # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}
2556
+ # is supplied.
2442
2557
  # @param data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
2443
- # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}. If
2444
- # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
2445
- # received {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data} using this checksum.
2446
- # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
2447
- # fails. If you receive a checksum error, your client should verify that
2448
- # CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}) is equal to
2449
- # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c}, and if so, perform a limited
2450
- # number of retries. A persistent mismatch may indicate an issue in your
2451
- # computation of the CRC32C checksum.
2452
- # Note: This field is defined as int64 for reasons of compatibility across
2453
- # different languages. However, it is a non-negative integer, which will
2454
- # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
2455
- # that support this type.
2558
+ # Optional. An optional CRC32C checksum of the
2559
+ # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}.
2560
+ # If specified,
2561
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
2562
+ # verify the integrity of the received
2563
+ # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}
2564
+ # using this checksum.
2565
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
2566
+ # report an error if the checksum verification fails. If you receive a
2567
+ # checksum error, your client should verify that
2568
+ # CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data})
2569
+ # is equal to
2570
+ # {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c},
2571
+ # and if so, perform a limited number of retries. A persistent mismatch may
2572
+ # indicate an issue in your computation of the CRC32C checksum. Note: This
2573
+ # field is defined as int64 for reasons of compatibility across different
2574
+ # languages. However, it is a non-negative integer, which will never exceed
2575
+ # 2^32-1, and can be safely downconverted to uint32 in languages that support
2576
+ # this type.
2456
2577
  #
2457
2578
  # @yield [response, operation] Access the result along with the RPC operation
2458
2579
  # @yieldparam response [::Google::Cloud::Kms::V1::AsymmetricSignResponse]
@@ -2520,8 +2641,10 @@ module Google
2520
2641
 
2521
2642
  ##
2522
2643
  # Decrypts data that was encrypted with a public key retrieved from
2523
- # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey} corresponding to a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with
2524
- # {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} ASYMMETRIC_DECRYPT.
2644
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}
2645
+ # corresponding to a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
2646
+ # with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose}
2647
+ # ASYMMETRIC_DECRYPT.
2525
2648
  #
2526
2649
  # @overload asymmetric_decrypt(request, options = nil)
2527
2650
  # Pass arguments to `asymmetric_decrypt` via a request object, either of type
@@ -2539,25 +2662,33 @@ module Google
2539
2662
  # the default parameter values, pass an empty Hash as a request object (see above).
2540
2663
  #
2541
2664
  # @param name [::String]
2542
- # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
2665
+ # Required. The resource name of the
2666
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
2543
2667
  # decryption.
2544
2668
  # @param ciphertext [::String]
2545
- # Required. The data encrypted with the named {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s public
2546
- # key using OAEP.
2669
+ # Required. The data encrypted with the named
2670
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s public key using
2671
+ # OAEP.
2547
2672
  # @param ciphertext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
2548
- # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}.
2549
- # If specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
2550
- # received {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext} using this checksum.
2551
- # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
2552
- # fails. If you receive a checksum error, your client should verify that
2553
- # CRC32C({::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}) is equal to
2554
- # {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c}, and if so, perform a
2555
- # limited number of retries. A persistent mismatch may indicate an issue in
2556
- # your computation of the CRC32C checksum.
2557
- # Note: This field is defined as int64 for reasons of compatibility across
2558
- # different languages. However, it is a non-negative integer, which will
2559
- # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
2560
- # that support this type.
2673
+ # Optional. An optional CRC32C checksum of the
2674
+ # {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}.
2675
+ # If specified,
2676
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
2677
+ # verify the integrity of the received
2678
+ # {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}
2679
+ # using this checksum.
2680
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
2681
+ # report an error if the checksum verification fails. If you receive a
2682
+ # checksum error, your client should verify that
2683
+ # CRC32C({::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext})
2684
+ # is equal to
2685
+ # {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c},
2686
+ # and if so, perform a limited number of retries. A persistent mismatch may
2687
+ # indicate an issue in your computation of the CRC32C checksum. Note: This
2688
+ # field is defined as int64 for reasons of compatibility across different
2689
+ # languages. However, it is a non-negative integer, which will never exceed
2690
+ # 2^32-1, and can be safely downconverted to uint32 in languages that support
2691
+ # this type.
2561
2692
  #
2562
2693
  # @yield [response, operation] Access the result along with the RPC operation
2563
2694
  # @yieldparam response [::Google::Cloud::Kms::V1::AsymmetricDecryptResponse]
@@ -2624,9 +2755,9 @@ module Google
2624
2755
  end
2625
2756
 
2626
2757
  ##
2627
- # Signs data using a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose}
2628
- # MAC, producing a tag that can be verified by another source with the
2629
- # same key.
2758
+ # Signs data using a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
2759
+ # with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} MAC,
2760
+ # producing a tag that can be verified by another source with the same key.
2630
2761
  #
2631
2762
  # @overload mac_sign(request, options = nil)
2632
2763
  # Pass arguments to `mac_sign` via a request object, either of type
@@ -2644,24 +2775,30 @@ module Google
2644
2775
  # the default parameter values, pass an empty Hash as a request object (see above).
2645
2776
  #
2646
2777
  # @param name [::String]
2647
- # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for signing.
2778
+ # Required. The resource name of the
2779
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
2780
+ # signing.
2648
2781
  # @param data [::String]
2649
- # Required. The data to sign. The MAC tag is computed over this data field based on
2650
- # the specific algorithm.
2782
+ # Required. The data to sign. The MAC tag is computed over this data field
2783
+ # based on the specific algorithm.
2651
2784
  # @param data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
2652
- # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}. If
2653
- # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
2654
- # received {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} using this checksum.
2655
- # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
2656
- # fails. If you receive a checksum error, your client should verify that
2657
- # CRC32C({::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}) is equal to
2658
- # {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c}, and if so, perform a limited
2659
- # number of retries. A persistent mismatch may indicate an issue in your
2660
- # computation of the CRC32C checksum.
2661
- # Note: This field is defined as int64 for reasons of compatibility across
2662
- # different languages. However, it is a non-negative integer, which will
2663
- # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
2664
- # that support this type.
2785
+ # Optional. An optional CRC32C checksum of the
2786
+ # {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}. If
2787
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}
2788
+ # will verify the integrity of the received
2789
+ # {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} using this
2790
+ # checksum. {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}
2791
+ # will report an error if the checksum verification fails. If you receive a
2792
+ # checksum error, your client should verify that
2793
+ # CRC32C({::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}) is
2794
+ # equal to
2795
+ # {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c},
2796
+ # and if so, perform a limited number of retries. A persistent mismatch may
2797
+ # indicate an issue in your computation of the CRC32C checksum. Note: This
2798
+ # field is defined as int64 for reasons of compatibility across different
2799
+ # languages. However, it is a non-negative integer, which will never exceed
2800
+ # 2^32-1, and can be safely downconverted to uint32 in languages that support
2801
+ # this type.
2665
2802
  #
2666
2803
  # @yield [response, operation] Access the result along with the RPC operation
2667
2804
  # @yieldparam response [::Google::Cloud::Kms::V1::MacSignResponse]
@@ -2728,9 +2865,10 @@ module Google
2728
2865
  end
2729
2866
 
2730
2867
  ##
2731
- # Verifies MAC tag using a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose}
2732
- # MAC, and returns a response that indicates whether or not the verification
2733
- # was successful.
2868
+ # Verifies MAC tag using a
2869
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with
2870
+ # {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} MAC, and returns
2871
+ # a response that indicates whether or not the verification was successful.
2734
2872
  #
2735
2873
  # @overload mac_verify(request, options = nil)
2736
2874
  # Pass arguments to `mac_verify` via a request object, either of type
@@ -2748,40 +2886,51 @@ module Google
2748
2886
  # the default parameter values, pass an empty Hash as a request object (see above).
2749
2887
  #
2750
2888
  # @param name [::String]
2751
- # Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for verification.
2889
+ # Required. The resource name of the
2890
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
2891
+ # verification.
2752
2892
  # @param data [::String]
2753
- # Required. The data used previously as a {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} to generate the MAC
2754
- # tag.
2893
+ # Required. The data used previously as a
2894
+ # {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} to generate
2895
+ # the MAC tag.
2755
2896
  # @param data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
2756
- # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data}. If
2757
- # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
2758
- # received {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data} using this checksum.
2759
- # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
2760
- # fails. If you receive a checksum error, your client should verify that
2761
- # CRC32C({::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data}) is equal to
2762
- # {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c}, and if so, perform a limited
2763
- # number of retries. A persistent mismatch may indicate an issue in your
2764
- # computation of the CRC32C checksum.
2765
- # Note: This field is defined as int64 for reasons of compatibility across
2766
- # different languages. However, it is a non-negative integer, which will
2767
- # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
2768
- # that support this type.
2897
+ # Optional. An optional CRC32C checksum of the
2898
+ # {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data}. If
2899
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}
2900
+ # will verify the integrity of the received
2901
+ # {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data} using
2902
+ # this checksum.
2903
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
2904
+ # report an error if the checksum verification fails. If you receive a
2905
+ # checksum error, your client should verify that
2906
+ # CRC32C({::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data})
2907
+ # is equal to
2908
+ # {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c},
2909
+ # and if so, perform a limited number of retries. A persistent mismatch may
2910
+ # indicate an issue in your computation of the CRC32C checksum. Note: This
2911
+ # field is defined as int64 for reasons of compatibility across different
2912
+ # languages. However, it is a non-negative integer, which will never exceed
2913
+ # 2^32-1, and can be safely downconverted to uint32 in languages that support
2914
+ # this type.
2769
2915
  # @param mac [::String]
2770
2916
  # Required. The signature to verify.
2771
2917
  # @param mac_crc32c [::Google::Protobuf::Int64Value, ::Hash]
2772
- # Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac}. If
2773
- # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
2774
- # received {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac} using this checksum.
2775
- # {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
2776
- # fails. If you receive a checksum error, your client should verify that
2918
+ # Optional. An optional CRC32C checksum of the
2919
+ # {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac}. If
2920
+ # specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}
2921
+ # will verify the integrity of the received
2922
+ # {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac} using this
2923
+ # checksum. {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}
2924
+ # will report an error if the checksum verification fails. If you receive a
2925
+ # checksum error, your client should verify that
2777
2926
  # CRC32C([MacVerifyRequest.tag][]) is equal to
2778
- # {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c}, and if so, perform a limited
2779
- # number of retries. A persistent mismatch may indicate an issue in your
2780
- # computation of the CRC32C checksum.
2781
- # Note: This field is defined as int64 for reasons of compatibility across
2782
- # different languages. However, it is a non-negative integer, which will
2783
- # never exceed 2^32-1, and can be safely downconverted to uint32 in languages
2784
- # that support this type.
2927
+ # {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c},
2928
+ # and if so, perform a limited number of retries. A persistent mismatch may
2929
+ # indicate an issue in your computation of the CRC32C checksum. Note: This
2930
+ # field is defined as int64 for reasons of compatibility across different
2931
+ # languages. However, it is a non-negative integer, which will never exceed
2932
+ # 2^32-1, and can be safely downconverted to uint32 in languages that support
2933
+ # this type.
2785
2934
  #
2786
2935
  # @yield [response, operation] Access the result along with the RPC operation
2787
2936
  # @yieldparam response [::Google::Cloud::Kms::V1::MacVerifyResponse]
@@ -2873,8 +3022,10 @@ module Google
2873
3022
  # The length in bytes of the amount of randomness to retrieve. Minimum 8
2874
3023
  # bytes, maximum 1024 bytes.
2875
3024
  # @param protection_level [::Google::Cloud::Kms::V1::ProtectionLevel]
2876
- # The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} to use when generating the random data. Defaults to
2877
- # {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE}.
3025
+ # The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} to use when
3026
+ # generating the random data. Currently, only
3027
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} protection level is
3028
+ # supported.
2878
3029
  #
2879
3030
  # @yield [response, operation] Access the result along with the RPC operation
2880
3031
  # @yieldparam response [::Google::Cloud::Kms::V1::GenerateRandomBytesResponse]