google-cloud-kms-v1 0.10.2 → 0.13.0

data/proto_docs/google/cloud/kms/v1/service.rb

@@ -21,17 +21,22 @@ module Google
   module Cloud
     module Kms
       module V1
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#list_key_rings KeyManagementService.ListKeyRings}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#list_key_rings KeyManagementService.ListKeyRings}.
         # @!attribute [rw] parent
         #   @return [::String]
         #     Required. The resource name of the location associated with the
-        #     {::Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format `projects/*/locations/*`.
+        #     {::Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format
+        #     `projects/*/locations/*`.
         # @!attribute [rw] page_size
         #   @return [::Integer]
-        #     Optional. Optional limit on the number of {::Google::Cloud::Kms::V1::KeyRing KeyRings} to include in the
-        #     response.  Further {::Google::Cloud::Kms::V1::KeyRing KeyRings} can subsequently be obtained by
-        #     including the {::Google::Cloud::Kms::V1::ListKeyRingsResponse#next_page_token ListKeyRingsResponse.next_page_token} in a subsequent
-        #     request.  If unspecified, the server will pick an appropriate default.
+        #     Optional. Optional limit on the number of
+        #     {::Google::Cloud::Kms::V1::KeyRing KeyRings} to include in the response. Further
+        #     {::Google::Cloud::Kms::V1::KeyRing KeyRings} can subsequently be obtained by
+        #     including the
+        #     {::Google::Cloud::Kms::V1::ListKeyRingsResponse#next_page_token ListKeyRingsResponse.next_page_token}
+        #     in a subsequent request.  If unspecified, the server will pick an
+        #     appropriate default.
         # @!attribute [rw] page_token
         #   @return [::String]
         #     Optional. Optional pagination token, returned earlier via
@@ -53,17 +58,21 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#list_crypto_keys KeyManagementService.ListCryptoKeys}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#list_crypto_keys KeyManagementService.ListCryptoKeys}.
         # @!attribute [rw] parent
         #   @return [::String]
-        #     Required. The resource name of the {::Google::Cloud::Kms::V1::KeyRing KeyRing} to list, in the format
-        #     `projects/*/locations/*/keyRings/*`.
+        #     Required. The resource name of the {::Google::Cloud::Kms::V1::KeyRing KeyRing}
+        #     to list, in the format `projects/*/locations/*/keyRings/*`.
         # @!attribute [rw] page_size
         #   @return [::Integer]
-        #     Optional. Optional limit on the number of {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} to include in the
-        #     response.  Further {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} can subsequently be obtained by
-        #     including the {::Google::Cloud::Kms::V1::ListCryptoKeysResponse#next_page_token ListCryptoKeysResponse.next_page_token} in a subsequent
-        #     request.  If unspecified, the server will pick an appropriate default.
+        #     Optional. Optional limit on the number of
+        #     {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} to include in the response.
+        #     Further {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} can subsequently be
+        #     obtained by including the
+        #     {::Google::Cloud::Kms::V1::ListCryptoKeysResponse#next_page_token ListCryptoKeysResponse.next_page_token}
+        #     in a subsequent request.  If unspecified, the server will pick an
+        #     appropriate default.
         # @!attribute [rw] page_token
         #   @return [::String]
         #     Optional. Optional pagination token, returned earlier via
@@ -88,18 +97,22 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#list_crypto_key_versions KeyManagementService.ListCryptoKeyVersions}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#list_crypto_key_versions KeyManagementService.ListCryptoKeyVersions}.
         # @!attribute [rw] parent
         #   @return [::String]
-        #     Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to list, in the format
+        #     Required. The resource name of the
+        #     {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to list, in the format
         #     `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
         # @!attribute [rw] page_size
         #   @return [::Integer]
-        #     Optional. Optional limit on the number of {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} to
-        #     include in the response. Further {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} can
-        #     subsequently be obtained by including the
-        #     {::Google::Cloud::Kms::V1::ListCryptoKeyVersionsResponse#next_page_token ListCryptoKeyVersionsResponse.next_page_token} in a subsequent request.
-        #     If unspecified, the server will pick an appropriate default.
+        #     Optional. Optional limit on the number of
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} to include in the
+        #     response. Further {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}
+        #     can subsequently be obtained by including the
+        #     {::Google::Cloud::Kms::V1::ListCryptoKeyVersionsResponse#next_page_token ListCryptoKeyVersionsResponse.next_page_token}
+        #     in a subsequent request. If unspecified, the server will pick an
+        #     appropriate default.
         # @!attribute [rw] page_token
         #   @return [::String]
         #     Optional. Optional pagination token, returned earlier via
@@ -124,17 +137,21 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#list_import_jobs KeyManagementService.ListImportJobs}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#list_import_jobs KeyManagementService.ListImportJobs}.
         # @!attribute [rw] parent
         #   @return [::String]
-        #     Required. The resource name of the {::Google::Cloud::Kms::V1::KeyRing KeyRing} to list, in the format
-        #     `projects/*/locations/*/keyRings/*`.
+        #     Required. The resource name of the {::Google::Cloud::Kms::V1::KeyRing KeyRing}
+        #     to list, in the format `projects/*/locations/*/keyRings/*`.
         # @!attribute [rw] page_size
         #   @return [::Integer]
-        #     Optional. Optional limit on the number of {::Google::Cloud::Kms::V1::ImportJob ImportJobs} to include in the
-        #     response. Further {::Google::Cloud::Kms::V1::ImportJob ImportJobs} can subsequently be obtained by
-        #     including the {::Google::Cloud::Kms::V1::ListImportJobsResponse#next_page_token ListImportJobsResponse.next_page_token} in a subsequent
-        #     request. If unspecified, the server will pick an appropriate default.
+        #     Optional. Optional limit on the number of
+        #     {::Google::Cloud::Kms::V1::ImportJob ImportJobs} to include in the response.
+        #     Further {::Google::Cloud::Kms::V1::ImportJob ImportJobs} can subsequently be
+        #     obtained by including the
+        #     {::Google::Cloud::Kms::V1::ListImportJobsResponse#next_page_token ListImportJobsResponse.next_page_token}
+        #     in a subsequent request. If unspecified, the server will pick an
+        #     appropriate default.
         # @!attribute [rw] page_token
         #   @return [::String]
         #     Optional. Optional pagination token, returned earlier via
@@ -156,152 +173,180 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#list_key_rings KeyManagementService.ListKeyRings}.
+        # Response message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#list_key_rings KeyManagementService.ListKeyRings}.
         # @!attribute [rw] key_rings
         #   @return [::Array<::Google::Cloud::Kms::V1::KeyRing>]
         #     The list of {::Google::Cloud::Kms::V1::KeyRing KeyRings}.
         # @!attribute [rw] next_page_token
         #   @return [::String]
         #     A token to retrieve next page of results. Pass this value in
-        #     {::Google::Cloud::Kms::V1::ListKeyRingsRequest#page_token ListKeyRingsRequest.page_token} to retrieve the next page of results.
+        #     {::Google::Cloud::Kms::V1::ListKeyRingsRequest#page_token ListKeyRingsRequest.page_token}
+        #     to retrieve the next page of results.
         # @!attribute [rw] total_size
         #   @return [::Integer]
-        #     The total number of {::Google::Cloud::Kms::V1::KeyRing KeyRings} that matched the query.
+        #     The total number of {::Google::Cloud::Kms::V1::KeyRing KeyRings} that matched
+        #     the query.
         class ListKeyRingsResponse
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#list_crypto_keys KeyManagementService.ListCryptoKeys}.
+        # Response message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#list_crypto_keys KeyManagementService.ListCryptoKeys}.
         # @!attribute [rw] crypto_keys
         #   @return [::Array<::Google::Cloud::Kms::V1::CryptoKey>]
         #     The list of {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys}.
         # @!attribute [rw] next_page_token
         #   @return [::String]
         #     A token to retrieve next page of results. Pass this value in
-        #     {::Google::Cloud::Kms::V1::ListCryptoKeysRequest#page_token ListCryptoKeysRequest.page_token} to retrieve the next page of results.
+        #     {::Google::Cloud::Kms::V1::ListCryptoKeysRequest#page_token ListCryptoKeysRequest.page_token}
+        #     to retrieve the next page of results.
         # @!attribute [rw] total_size
         #   @return [::Integer]
-        #     The total number of {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} that matched the query.
+        #     The total number of {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} that
+        #     matched the query.
         class ListCryptoKeysResponse
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#list_crypto_key_versions KeyManagementService.ListCryptoKeyVersions}.
+        # Response message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#list_crypto_key_versions KeyManagementService.ListCryptoKeyVersions}.
         # @!attribute [rw] crypto_key_versions
         #   @return [::Array<::Google::Cloud::Kms::V1::CryptoKeyVersion>]
         #     The list of {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}.
         # @!attribute [rw] next_page_token
         #   @return [::String]
         #     A token to retrieve next page of results. Pass this value in
-        #     {::Google::Cloud::Kms::V1::ListCryptoKeyVersionsRequest#page_token ListCryptoKeyVersionsRequest.page_token} to retrieve the next page of
-        #     results.
+        #     {::Google::Cloud::Kms::V1::ListCryptoKeyVersionsRequest#page_token ListCryptoKeyVersionsRequest.page_token}
+        #     to retrieve the next page of results.
         # @!attribute [rw] total_size
         #   @return [::Integer]
-        #     The total number of {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} that matched the
+        #     The total number of
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} that matched the
         #     query.
         class ListCryptoKeyVersionsResponse
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#list_import_jobs KeyManagementService.ListImportJobs}.
+        # Response message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#list_import_jobs KeyManagementService.ListImportJobs}.
         # @!attribute [rw] import_jobs
         #   @return [::Array<::Google::Cloud::Kms::V1::ImportJob>]
         #     The list of {::Google::Cloud::Kms::V1::ImportJob ImportJobs}.
         # @!attribute [rw] next_page_token
         #   @return [::String]
         #     A token to retrieve next page of results. Pass this value in
-        #     {::Google::Cloud::Kms::V1::ListImportJobsRequest#page_token ListImportJobsRequest.page_token} to retrieve the next page of results.
+        #     {::Google::Cloud::Kms::V1::ListImportJobsRequest#page_token ListImportJobsRequest.page_token}
+        #     to retrieve the next page of results.
         # @!attribute [rw] total_size
         #   @return [::Integer]
-        #     The total number of {::Google::Cloud::Kms::V1::ImportJob ImportJobs} that matched the query.
+        #     The total number of {::Google::Cloud::Kms::V1::ImportJob ImportJobs} that
+        #     matched the query.
         class ListImportJobsResponse
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_key_ring KeyManagementService.GetKeyRing}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_key_ring KeyManagementService.GetKeyRing}.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. The {::Google::Cloud::Kms::V1::KeyRing#name name} of the {::Google::Cloud::Kms::V1::KeyRing KeyRing} to get.
+        #     Required. The {::Google::Cloud::Kms::V1::KeyRing#name name} of the
+        #     {::Google::Cloud::Kms::V1::KeyRing KeyRing} to get.
         class GetKeyRingRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_crypto_key KeyManagementService.GetCryptoKey}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_crypto_key KeyManagementService.GetCryptoKey}.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to get.
+        #     Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the
+        #     {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to get.
         class GetCryptoKeyRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_crypto_key_version KeyManagementService.GetCryptoKeyVersion}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_crypto_key_version KeyManagementService.GetCryptoKeyVersion}.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to get.
+        #     Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to get.
         class GetCryptoKeyVersionRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key KeyManagementService.GetPublicKey}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key KeyManagementService.GetPublicKey}.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} public key to
-        #     get.
+        #     Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} public key to get.
         class GetPublicKeyRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_import_job KeyManagementService.GetImportJob}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_import_job KeyManagementService.GetImportJob}.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. The {::Google::Cloud::Kms::V1::ImportJob#name name} of the {::Google::Cloud::Kms::V1::ImportJob ImportJob} to get.
+        #     Required. The {::Google::Cloud::Kms::V1::ImportJob#name name} of the
+        #     {::Google::Cloud::Kms::V1::ImportJob ImportJob} to get.
         class GetImportJobRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#create_key_ring KeyManagementService.CreateKeyRing}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#create_key_ring KeyManagementService.CreateKeyRing}.
         # @!attribute [rw] parent
         #   @return [::String]
         #     Required. The resource name of the location associated with the
-        #     {::Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format `projects/*/locations/*`.
+        #     {::Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format
+        #     `projects/*/locations/*`.
         # @!attribute [rw] key_ring_id
         #   @return [::String]
         #     Required. It must be unique within a location and match the regular
         #     expression `[a-zA-Z0-9_-]{1,63}`
         # @!attribute [rw] key_ring
         #   @return [::Google::Cloud::Kms::V1::KeyRing]
-        #     Required. A {::Google::Cloud::Kms::V1::KeyRing KeyRing} with initial field values.
+        #     Required. A {::Google::Cloud::Kms::V1::KeyRing KeyRing} with initial field
+        #     values.
         class CreateKeyRingRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#create_crypto_key KeyManagementService.CreateCryptoKey}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#create_crypto_key KeyManagementService.CreateCryptoKey}.
         # @!attribute [rw] parent
         #   @return [::String]
-        #     Required. The {::Google::Cloud::Kms::V1::KeyRing#name name} of the KeyRing associated with the
-        #     {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys}.
+        #     Required. The {::Google::Cloud::Kms::V1::KeyRing#name name} of the KeyRing
+        #     associated with the {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys}.
         # @!attribute [rw] crypto_key_id
         #   @return [::String]
         #     Required. It must be unique within a KeyRing and match the regular
         #     expression `[a-zA-Z0-9_-]{1,63}`
         # @!attribute [rw] crypto_key
         #   @return [::Google::Cloud::Kms::V1::CryptoKey]
-        #     Required. A {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} with initial field values.
+        #     Required. A {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} with initial field
+        #     values.
         # @!attribute [rw] skip_initial_version_creation
         #   @return [::Boolean]
-        #     If set to true, the request will create a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} without any
-        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}. You must manually call
-        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client#create_crypto_key_version CreateCryptoKeyVersion} or
+        #     If set to true, the request will create a
+        #     {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} without any
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}. You must
+        #     manually call
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client#create_crypto_key_version CreateCryptoKeyVersion}
+        #     or
         #     {::Google::Cloud::Kms::V1::KeyManagementService::Client#import_crypto_key_version ImportCryptoKeyVersion}
         #     before you can use this {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
         class CreateCryptoKeyRequest
@@ -309,53 +354,65 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#create_crypto_key_version KeyManagementService.CreateCryptoKeyVersion}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#create_crypto_key_version KeyManagementService.CreateCryptoKeyVersion}.
         # @!attribute [rw] parent
         #   @return [::String]
-        #     Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} associated with
-        #     the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}.
+        #     Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the
+        #     {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} associated with the
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}.
         # @!attribute [rw] crypto_key_version
         #   @return [::Google::Cloud::Kms::V1::CryptoKeyVersion]
-        #     Required. A {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with initial field values.
+        #     Required. A {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with
+        #     initial field values.
         class CreateCryptoKeyVersionRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#import_crypto_key_version KeyManagementService.ImportCryptoKeyVersion}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#import_crypto_key_version KeyManagementService.ImportCryptoKeyVersion}.
         # @!attribute [rw] parent
         #   @return [::String]
-        #     Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to be imported into.
+        #     Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the
+        #     {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to be imported into.
         #
         #     The create permission is only required on this key when creating a new
         #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
         # @!attribute [rw] crypto_key_version
         #   @return [::String]
-        #     Optional. The optional {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of an existing
-        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to target for an import operation.
-        #     If this field is not present, a new {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} containing the
+        #     Optional. The optional {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of
+        #     an existing {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to
+        #     target for an import operation. If this field is not present, a new
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} containing the
         #     supplied key material is created.
         #
         #     If this field is present, the supplied key material is imported into
-        #     the existing {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. To import into an existing
-        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}, the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} must be a child of
-        #     {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#parent ImportCryptoKeyVersionRequest.parent}, have been previously created via
-        #     [ImportCryptoKeyVersion][], and be in
-        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED} or
+        #     the existing {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. To
+        #     import into an existing
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}, the
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} must be a child of
+        #     {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#parent ImportCryptoKeyVersionRequest.parent},
+        #     have been previously created via [ImportCryptoKeyVersion][], and be in
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED}
+        #     or
         #     {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::IMPORT_FAILED IMPORT_FAILED}
         #     state. The key material and algorithm must match the previous
-        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} exactly if the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} has ever contained
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} exactly if the
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} has ever contained
         #     key material.
         # @!attribute [rw] algorithm
         #   @return [::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm]
-        #     Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm algorithm} of
-        #     the key being imported. This does not need to match the
-        #     {::Google::Cloud::Kms::V1::CryptoKey#version_template version_template} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} this
-        #     version imports into.
+        #     Required. The
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm algorithm}
+        #     of the key being imported. This does not need to match the
+        #     {::Google::Cloud::Kms::V1::CryptoKey#version_template version_template} of the
+        #     {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} this version imports into.
         # @!attribute [rw] import_job
         #   @return [::String]
-        #     Required. The {::Google::Cloud::Kms::V1::ImportJob#name name} of the {::Google::Cloud::Kms::V1::ImportJob ImportJob} that was used to
-        #     wrap this key material.
+        #     Required. The {::Google::Cloud::Kms::V1::ImportJob#name name} of the
+        #     {::Google::Cloud::Kms::V1::ImportJob ImportJob} that was used to wrap this key
+        #     material.
         # @!attribute [rw] rsa_aes_wrapped_key
         #   @return [::String]
         #     Wrapped key material produced with
@@ -366,8 +423,9 @@ module Google
         #     This field contains the concatenation of two wrapped keys:
         #     <ol>
         #       <li>An ephemeral AES-256 wrapping key wrapped with the
-        #           {::Google::Cloud::Kms::V1::ImportJob#public_key public_key} using RSAES-OAEP with SHA-1,
-        #           MGF1 with SHA-1, and an empty label.
+        #           {::Google::Cloud::Kms::V1::ImportJob#public_key public_key} using
+        #           RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an
+        #           empty label.
         #       </li>
         #       <li>The key to be imported, wrapped with the ephemeral AES-256 key
         #           using AES-KWP (RFC 5649).
@@ -386,10 +444,12 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#create_import_job KeyManagementService.CreateImportJob}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#create_import_job KeyManagementService.CreateImportJob}.
         # @!attribute [rw] parent
         #   @return [::String]
-        #     Required. The {::Google::Cloud::Kms::V1::KeyRing#name name} of the {::Google::Cloud::Kms::V1::KeyRing KeyRing} associated with the
+        #     Required. The {::Google::Cloud::Kms::V1::KeyRing#name name} of the
+        #     {::Google::Cloud::Kms::V1::KeyRing KeyRing} associated with the
         #     {::Google::Cloud::Kms::V1::ImportJob ImportJobs}.
         # @!attribute [rw] import_job_id
         #   @return [::String]
@@ -397,13 +457,15 @@ module Google
         #     expression `[a-zA-Z0-9_-]{1,63}`
         # @!attribute [rw] import_job
         #   @return [::Google::Cloud::Kms::V1::ImportJob]
-        #     Required. An {::Google::Cloud::Kms::V1::ImportJob ImportJob} with initial field values.
+        #     Required. An {::Google::Cloud::Kms::V1::ImportJob ImportJob} with initial field
+        #     values.
         class CreateImportJobRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#update_crypto_key KeyManagementService.UpdateCryptoKey}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#update_crypto_key KeyManagementService.UpdateCryptoKey}.
         # @!attribute [rw] crypto_key
         #   @return [::Google::Cloud::Kms::V1::CryptoKey]
         #     Required. {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} with updated values.
@@ -415,10 +477,12 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#update_crypto_key_version KeyManagementService.UpdateCryptoKeyVersion}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#update_crypto_key_version KeyManagementService.UpdateCryptoKeyVersion}.
         # @!attribute [rw] crypto_key_version
         #   @return [::Google::Cloud::Kms::V1::CryptoKeyVersion]
-        #     Required. {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with updated values.
+        #     Required. {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with
+        #     updated values.
         # @!attribute [rw] update_mask
         #   @return [::Google::Protobuf::FieldMask]
         #     Required. List of fields to be updated in this request.
@@ -427,106 +491,132 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#update_crypto_key_primary_version KeyManagementService.UpdateCryptoKeyPrimaryVersion}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#update_crypto_key_primary_version KeyManagementService.UpdateCryptoKeyPrimaryVersion}.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to update.
+        #     Required. The resource name of the
+        #     {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to update.
         # @!attribute [rw] crypto_key_version_id
         #   @return [::String]
-        #     Required. The id of the child {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use as primary.
+        #     Required. The id of the child
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use as primary.
         class UpdateCryptoKeyPrimaryVersionRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#destroy_crypto_key_version KeyManagementService.DestroyCryptoKeyVersion}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#destroy_crypto_key_version KeyManagementService.DestroyCryptoKeyVersion}.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to destroy.
+        #     Required. The resource name of the
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to destroy.
         class DestroyCryptoKeyVersionRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#restore_crypto_key_version KeyManagementService.RestoreCryptoKeyVersion}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#restore_crypto_key_version KeyManagementService.RestoreCryptoKeyVersion}.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to restore.
+        #     Required. The resource name of the
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to restore.
         class RestoreCryptoKeyVersionRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt KeyManagementService.Encrypt}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt KeyManagementService.Encrypt}.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} or {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
-        #     to use for encryption.
+        #     Required. The resource name of the
+        #     {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} or
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
+        #     encryption.
         #
-        #     If a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} is specified, the server will use its
-        #     {::Google::Cloud::Kms::V1::CryptoKey#primary primary version}.
+        #     If a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} is specified, the server
+        #     will use its {::Google::Cloud::Kms::V1::CryptoKey#primary primary version}.
         # @!attribute [rw] plaintext
         #   @return [::String]
         #     Required. The data to encrypt. Must be no larger than 64KiB.
         #
         #     The maximum size depends on the key version's
-        #     {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}. For
-        #     {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the plaintext must be no larger
-        #     than 64KiB. For {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of the
-        #     plaintext and additional_authenticated_data fields must be no larger than
-        #     8KiB.
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
+        #     For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the
+        #     plaintext must be no larger than 64KiB. For
+        #     {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
+        #     the plaintext and additional_authenticated_data fields must be no larger
+        #     than 8KiB.
         # @!attribute [rw] additional_authenticated_data
         #   @return [::String]
-        #     Optional. Optional data that, if specified, must also be provided during decryption
-        #     through {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}.
+        #     Optional. Optional data that, if specified, must also be provided during
+        #     decryption through
+        #     {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}.
         #
         #     The maximum size depends on the key version's
-        #     {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}. For
-        #     {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the AAD must be no larger than
-        #     64KiB. For {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of the
-        #     plaintext and additional_authenticated_data fields must be no larger than
-        #     8KiB.
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
+        #     For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the AAD
+        #     must be no larger than 64KiB. For
+        #     {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
+        #     the plaintext and additional_authenticated_data fields must be no larger
+        #     than 8KiB.
         # @!attribute [rw] plaintext_crc32c
         #   @return [::Google::Protobuf::Int64Value]
-        #     Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}. If
-        #     specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
-        #     received {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext} using this checksum.
-        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
-        #     fails. If you receive a checksum error, your client should verify that
-        #     CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}) is equal to
-        #     {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c}, and if so, perform a limited number of
-        #     retries. A persistent mismatch may indicate an issue in your computation of
-        #     the CRC32C checksum.
-        #     Note: This field is defined as int64 for reasons of compatibility across
-        #     different languages. However, it is a non-negative integer, which will
-        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
-        #     that support this type.
+        #     Optional. An optional CRC32C checksum of the
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}.
+        #     If specified,
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+        #     verify the integrity of the received
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}
+        #     using this checksum.
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+        #     report an error if the checksum verification fails. If you receive a
+        #     checksum error, your client should verify that
+        #     CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext})
+        #     is equal to
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c},
+        #     and if so, perform a limited number of retries. A persistent mismatch may
+        #     indicate an issue in your computation of the CRC32C checksum. Note: This
+        #     field is defined as int64 for reasons of compatibility across different
+        #     languages. However, it is a non-negative integer, which will never exceed
+        #     2^32-1, and can be safely downconverted to uint32 in languages that support
+        #     this type.
         # @!attribute [rw] additional_authenticated_data_crc32c
         #   @return [::Google::Protobuf::Int64Value]
         #     Optional. An optional CRC32C checksum of the
-        #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}. If specified,
-        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
-        #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data} using this checksum.
-        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
-        #     fails. If you receive a checksum error, your client should verify that
-        #     CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}) is equal to
-        #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c}, and if so, perform
-        #     a limited number of retries. A persistent mismatch may indicate an issue in
-        #     your computation of the CRC32C checksum.
-        #     Note: This field is defined as int64 for reasons of compatibility across
-        #     different languages. However, it is a non-negative integer, which will
-        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
-        #     that support this type.
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}.
+        #     If specified,
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+        #     verify the integrity of the received
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}
+        #     using this checksum.
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+        #     report an error if the checksum verification fails. If you receive a
+        #     checksum error, your client should verify that
+        #     CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data})
+        #     is equal to
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c},
+        #     and if so, perform a limited number of retries. A persistent mismatch may
+        #     indicate an issue in your computation of the CRC32C checksum. Note: This
+        #     field is defined as int64 for reasons of compatibility across different
+        #     languages. However, it is a non-negative integer, which will never exceed
+        #     2^32-1, and can be safely downconverted to uint32 in languages that support
+        #     this type.
         class EncryptRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt KeyManagementService.Decrypt}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt KeyManagementService.Decrypt}.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to use for decryption.
-        #     The server will choose the appropriate version.
+        #     Required. The resource name of the
+        #     {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to use for decryption. The
+        #     server will choose the appropriate version.
         # @!attribute [rw] ciphertext
         #   @return [::String]
         #     Required. The encrypted data originally returned in
@@ -537,193 +627,253 @@ module Google
         #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}.
         # @!attribute [rw] ciphertext_crc32c
         #   @return [::Google::Protobuf::Int64Value]
-        #     Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}. If
-        #     specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
-        #     received {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext} using this checksum.
-        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
-        #     fails. If you receive a checksum error, your client should verify that
-        #     CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}) is equal to
-        #     {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext_crc32c DecryptRequest.ciphertext_crc32c}, and if so, perform a limited number
-        #     of retries. A persistent mismatch may indicate an issue in your computation
-        #     of the CRC32C checksum.
-        #     Note: This field is defined as int64 for reasons of compatibility across
-        #     different languages. However, it is a non-negative integer, which will
-        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
-        #     that support this type.
+        #     Optional. An optional CRC32C checksum of the
+        #     {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}.
+        #     If specified,
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+        #     verify the integrity of the received
+        #     {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}
+        #     using this checksum.
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+        #     report an error if the checksum verification fails. If you receive a
+        #     checksum error, your client should verify that
+        #     CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext})
+        #     is equal to
+        #     {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext_crc32c DecryptRequest.ciphertext_crc32c},
+        #     and if so, perform a limited number of retries. A persistent mismatch may
+        #     indicate an issue in your computation of the CRC32C checksum. Note: This
+        #     field is defined as int64 for reasons of compatibility across different
+        #     languages. However, it is a non-negative integer, which will never exceed
+        #     2^32-1, and can be safely downconverted to uint32 in languages that support
+        #     this type.
         # @!attribute [rw] additional_authenticated_data_crc32c
         #   @return [::Google::Protobuf::Int64Value]
         #     Optional. An optional CRC32C checksum of the
-        #     {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}. If specified,
-        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
-        #     {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data} using this checksum.
-        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
-        #     fails. If you receive a checksum error, your client should verify that
-        #     CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}) is equal to
-        #     {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data_crc32c DecryptRequest.additional_authenticated_data_crc32c}, and if so, perform
-        #     a limited number of retries. A persistent mismatch may indicate an issue in
-        #     your computation of the CRC32C checksum.
-        #     Note: This field is defined as int64 for reasons of compatibility across
-        #     different languages. However, it is a non-negative integer, which will
-        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
-        #     that support this type.
+        #     {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}.
+        #     If specified,
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+        #     verify the integrity of the received
+        #     {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}
+        #     using this checksum.
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+        #     report an error if the checksum verification fails. If you receive a
+        #     checksum error, your client should verify that
+        #     CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data})
+        #     is equal to
+        #     {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data_crc32c DecryptRequest.additional_authenticated_data_crc32c},
+        #     and if so, perform a limited number of retries. A persistent mismatch may
+        #     indicate an issue in your computation of the CRC32C checksum. Note: This
+        #     field is defined as int64 for reasons of compatibility across different
+        #     languages. However, it is a non-negative integer, which will never exceed
+        #     2^32-1, and can be safely downconverted to uint32 in languages that support
+        #     this type.
         class DecryptRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_sign KeyManagementService.AsymmetricSign}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_sign KeyManagementService.AsymmetricSign}.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for signing.
+        #     Required. The resource name of the
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
+        #     signing.
         # @!attribute [rw] digest
         #   @return [::Google::Cloud::Kms::V1::Digest]
         #     Optional. The digest of the data to sign. The digest must be produced with
         #     the same digest algorithm as specified by the key version's
         #     {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm}.
+        #
+        #     This field may not be supplied if
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}
+        #     is supplied.
         # @!attribute [rw] digest_crc32c
         #   @return [::Google::Protobuf::Int64Value]
-        #     Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}. If
-        #     specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
-        #     received {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest} using this checksum.
-        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
-        #     fails. If you receive a checksum error, your client should verify that
-        #     CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}) is equal to
-        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c}, and if so, perform a limited
-        #     number of retries. A persistent mismatch may indicate an issue in your
-        #     computation of the CRC32C checksum.
-        #     Note: This field is defined as int64 for reasons of compatibility across
-        #     different languages. However, it is a non-negative integer, which will
-        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
-        #     that support this type.
+        #     Optional. An optional CRC32C checksum of the
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}.
+        #     If specified,
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+        #     verify the integrity of the received
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}
+        #     using this checksum.
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+        #     report an error if the checksum verification fails. If you receive a
+        #     checksum error, your client should verify that
+        #     CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest})
+        #     is equal to
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c},
+        #     and if so, perform a limited number of retries. A persistent mismatch may
+        #     indicate an issue in your computation of the CRC32C checksum. Note: This
+        #     field is defined as int64 for reasons of compatibility across different
+        #     languages. However, it is a non-negative integer, which will never exceed
+        #     2^32-1, and can be safely downconverted to uint32 in languages that support
+        #     this type.
         # @!attribute [rw] data
         #   @return [::String]
-        #     Optional. This field will only be honored for RAW_PKCS1 keys.
-        #     The data to sign. A digest is computed over the data that will be signed,
-        #     PKCS #1 padding is applied to the digest directly and then encrypted.
+        #     Optional. The data to sign.
+        #     It can't be supplied if
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}
+        #     is supplied.
         # @!attribute [rw] data_crc32c
         #   @return [::Google::Protobuf::Int64Value]
-        #     Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}. If
-        #     specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
-        #     received {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data} using this checksum.
-        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
-        #     fails. If you receive a checksum error, your client should verify that
-        #     CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}) is equal to
-        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c}, and if so, perform a limited
-        #     number of retries. A persistent mismatch may indicate an issue in your
-        #     computation of the CRC32C checksum.
-        #     Note: This field is defined as int64 for reasons of compatibility across
-        #     different languages. However, it is a non-negative integer, which will
-        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
-        #     that support this type.
+        #     Optional. An optional CRC32C checksum of the
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}.
+        #     If specified,
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+        #     verify the integrity of the received
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}
+        #     using this checksum.
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+        #     report an error if the checksum verification fails. If you receive a
+        #     checksum error, your client should verify that
+        #     CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data})
+        #     is equal to
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c},
+        #     and if so, perform a limited number of retries. A persistent mismatch may
+        #     indicate an issue in your computation of the CRC32C checksum. Note: This
+        #     field is defined as int64 for reasons of compatibility across different
+        #     languages. However, it is a non-negative integer, which will never exceed
+        #     2^32-1, and can be safely downconverted to uint32 in languages that support
+        #     this type.
         class AsymmetricSignRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_decrypt KeyManagementService.AsymmetricDecrypt}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_decrypt KeyManagementService.AsymmetricDecrypt}.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
+        #     Required. The resource name of the
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
         #     decryption.
         # @!attribute [rw] ciphertext
         #   @return [::String]
-        #     Required. The data encrypted with the named {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s public
-        #     key using OAEP.
+        #     Required. The data encrypted with the named
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s public key using
+        #     OAEP.
         # @!attribute [rw] ciphertext_crc32c
         #   @return [::Google::Protobuf::Int64Value]
-        #     Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}.
-        #     If specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
-        #     received {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext} using this checksum.
-        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
-        #     fails. If you receive a checksum error, your client should verify that
-        #     CRC32C({::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}) is equal to
-        #     {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c}, and if so, perform a
-        #     limited number of retries. A persistent mismatch may indicate an issue in
-        #     your computation of the CRC32C checksum.
-        #     Note: This field is defined as int64 for reasons of compatibility across
-        #     different languages. However, it is a non-negative integer, which will
-        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
-        #     that support this type.
+        #     Optional. An optional CRC32C checksum of the
+        #     {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}.
+        #     If specified,
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+        #     verify the integrity of the received
+        #     {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}
+        #     using this checksum.
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+        #     report an error if the checksum verification fails. If you receive a
+        #     checksum error, your client should verify that
+        #     CRC32C({::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext})
+        #     is equal to
+        #     {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c},
+        #     and if so, perform a limited number of retries. A persistent mismatch may
+        #     indicate an issue in your computation of the CRC32C checksum. Note: This
+        #     field is defined as int64 for reasons of compatibility across different
+        #     languages. However, it is a non-negative integer, which will never exceed
+        #     2^32-1, and can be safely downconverted to uint32 in languages that support
+        #     this type.
         class AsymmetricDecryptRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign KeyManagementService.MacSign}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign KeyManagementService.MacSign}.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for signing.
+        #     Required. The resource name of the
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
+        #     signing.
         # @!attribute [rw] data
         #   @return [::String]
-        #     Required. The data to sign. The MAC tag is computed over this data field based on
-        #     the specific algorithm.
+        #     Required. The data to sign. The MAC tag is computed over this data field
+        #     based on the specific algorithm.
         # @!attribute [rw] data_crc32c
         #   @return [::Google::Protobuf::Int64Value]
-        #     Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}. If
-        #     specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
-        #     received {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} using this checksum.
-        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
-        #     fails. If you receive a checksum error, your client should verify that
-        #     CRC32C({::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}) is equal to
-        #     {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c}, and if so, perform a limited
-        #     number of retries. A persistent mismatch may indicate an issue in your
-        #     computation of the CRC32C checksum.
-        #     Note: This field is defined as int64 for reasons of compatibility across
-        #     different languages. However, it is a non-negative integer, which will
-        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
-        #     that support this type.
+        #     Optional. An optional CRC32C checksum of the
+        #     {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}. If
+        #     specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}
+        #     will verify the integrity of the received
+        #     {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} using this
+        #     checksum. {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}
+        #     will report an error if the checksum verification fails. If you receive a
+        #     checksum error, your client should verify that
+        #     CRC32C({::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}) is
+        #     equal to
+        #     {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c},
+        #     and if so, perform a limited number of retries. A persistent mismatch may
+        #     indicate an issue in your computation of the CRC32C checksum. Note: This
+        #     field is defined as int64 for reasons of compatibility across different
+        #     languages. However, it is a non-negative integer, which will never exceed
+        #     2^32-1, and can be safely downconverted to uint32 in languages that support
+        #     this type.
         class MacSignRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_verify KeyManagementService.MacVerify}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_verify KeyManagementService.MacVerify}.
         # @!attribute [rw] name
         #   @return [::String]
-        #     Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for verification.
+        #     Required. The resource name of the
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
+        #     verification.
         # @!attribute [rw] data
         #   @return [::String]
-        #     Required. The data used previously as a {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} to generate the MAC
-        #     tag.
+        #     Required. The data used previously as a
+        #     {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} to generate
+        #     the MAC tag.
         # @!attribute [rw] data_crc32c
         #   @return [::Google::Protobuf::Int64Value]
-        #     Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data}. If
-        #     specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
-        #     received {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data} using this checksum.
-        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
-        #     fails. If you receive a checksum error, your client should verify that
-        #     CRC32C({::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data}) is equal to
-        #     {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c}, and if so, perform a limited
-        #     number of retries. A persistent mismatch may indicate an issue in your
-        #     computation of the CRC32C checksum.
-        #     Note: This field is defined as int64 for reasons of compatibility across
-        #     different languages. However, it is a non-negative integer, which will
-        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
-        #     that support this type.
+        #     Optional. An optional CRC32C checksum of the
+        #     {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data}. If
+        #     specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}
+        #     will verify the integrity of the received
+        #     {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data} using
+        #     this checksum.
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will
+        #     report an error if the checksum verification fails. If you receive a
+        #     checksum error, your client should verify that
+        #     CRC32C({::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data})
+        #     is equal to
+        #     {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c},
+        #     and if so, perform a limited number of retries. A persistent mismatch may
+        #     indicate an issue in your computation of the CRC32C checksum. Note: This
+        #     field is defined as int64 for reasons of compatibility across different
+        #     languages. However, it is a non-negative integer, which will never exceed
+        #     2^32-1, and can be safely downconverted to uint32 in languages that support
+        #     this type.
         # @!attribute [rw] mac
         #   @return [::String]
         #     Required. The signature to verify.
         # @!attribute [rw] mac_crc32c
         #   @return [::Google::Protobuf::Int64Value]
-        #     Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac}. If
-        #     specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
-        #     received {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac} using this checksum.
-        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
-        #     fails. If you receive a checksum error, your client should verify that
+        #     Optional. An optional CRC32C checksum of the
+        #     {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac}. If
+        #     specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}
+        #     will verify the integrity of the received
+        #     {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac} using this
+        #     checksum. {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}
+        #     will report an error if the checksum verification fails. If you receive a
+        #     checksum error, your client should verify that
         #     CRC32C([MacVerifyRequest.tag][]) is equal to
-        #     {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c}, and if so, perform a limited
-        #     number of retries. A persistent mismatch may indicate an issue in your
-        #     computation of the CRC32C checksum.
-        #     Note: This field is defined as int64 for reasons of compatibility across
-        #     different languages. However, it is a non-negative integer, which will
-        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
-        #     that support this type.
+        #     {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c},
+        #     and if so, perform a limited number of retries. A persistent mismatch may
+        #     indicate an issue in your computation of the CRC32C checksum. Note: This
+        #     field is defined as int64 for reasons of compatibility across different
+        #     languages. However, it is a non-negative integer, which will never exceed
+        #     2^32-1, and can be safely downconverted to uint32 in languages that support
+        #     this type.
         class MacVerifyRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Request message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#generate_random_bytes KeyManagementService.GenerateRandomBytes}.
+        # Request message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#generate_random_bytes KeyManagementService.GenerateRandomBytes}.
         # @!attribute [rw] location
         #   @return [::String]
         #     The project-specific location in which to generate random bytes.
@@ -734,246 +884,329 @@ module Google
         #     bytes, maximum 1024 bytes.
         # @!attribute [rw] protection_level
         #   @return [::Google::Cloud::Kms::V1::ProtectionLevel]
-        #     The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} to use when generating the random data. Defaults to
-        #     {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE}.
+        #     The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} to use when
+        #     generating the random data. Currently, only
+        #     {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} protection level is
+        #     supported.
         class GenerateRandomBytesRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt KeyManagementService.Encrypt}.
+        # Response message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt KeyManagementService.Encrypt}.
         # @!attribute [rw] name
         #   @return [::String]
-        #     The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in encryption. Check
-        #     this field to verify that the intended resource was used for encryption.
+        #     The resource name of the
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in
+        #     encryption. Check this field to verify that the intended resource was used
+        #     for encryption.
         # @!attribute [rw] ciphertext
         #   @return [::String]
         #     The encrypted data.
         # @!attribute [rw] ciphertext_crc32c
         #   @return [::Google::Protobuf::Int64Value]
         #     Integrity verification field. A CRC32C checksum of the returned
-        #     {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext}. An integrity check of
-        #     {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext} can be performed by computing the CRC32C
-        #     checksum of {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext} and comparing your results to
-        #     this field. Discard the response in case of non-matching checksum values,
-        #     and perform a limited number of retries. A persistent mismatch may indicate
-        #     an issue in your computation of the CRC32C checksum.
-        #     Note: This field is defined as int64 for reasons of compatibility across
-        #     different languages. However, it is a non-negative integer, which will
-        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
-        #     that support this type.
+        #     {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext}.
+        #     An integrity check of
+        #     {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext}
+        #     can be performed by computing the CRC32C checksum of
+        #     {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext}
+        #     and comparing your results to this field. Discard the response in case of
+        #     non-matching checksum values, and perform a limited number of retries. A
+        #     persistent mismatch may indicate an issue in your computation of the CRC32C
+        #     checksum. Note: This field is defined as int64 for reasons of compatibility
+        #     across different languages. However, it is a non-negative integer, which
+        #     will never exceed 2^32-1, and can be safely downconverted to uint32 in
+        #     languages that support this type.
         # @!attribute [rw] verified_plaintext_crc32c
         #   @return [::Boolean]
         #     Integrity verification field. A flag indicating whether
-        #     {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c} was received by
-        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
-        #     {::Google::Cloud::Kms::V1::EncryptRequest#plaintext plaintext}. A false value of this field
-        #     indicates either that {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c} was left unset or
-        #     that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've set
-        #     {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c} but this field is still false, discard
-        #     the response and perform a limited number of retries.
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c}
+        #     was received by
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used
+        #     for the integrity verification of the
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#plaintext plaintext}. A false value of
+        #     this field indicates either that
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c}
+        #     was left unset or that it was not delivered to
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
+        #     set
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c}
+        #     but this field is still false, discard the response and perform a limited
+        #     number of retries.
         # @!attribute [rw] verified_additional_authenticated_data_crc32c
         #   @return [::Boolean]
         #     Integrity verification field. A flag indicating whether
-        #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c} was received by
-        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
-        #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data AAD}. A false value of this
-        #     field indicates either that
-        #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c} was left unset or
-        #     that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've set
-        #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c} but this field is
-        #     still false, discard the response and perform a limited number of retries.
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c}
+        #     was received by
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used
+        #     for the integrity verification of the
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data AAD}. A
+        #     false value of this field indicates either that
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c}
+        #     was left unset or that it was not delivered to
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
+        #     set
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c}
+        #     but this field is still false, discard the response and perform a limited
+        #     number of retries.
         # @!attribute [rw] protection_level
         #   @return [::Google::Cloud::Kms::V1::ProtectionLevel]
-        #     The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in encryption.
+        #     The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in
+        #     encryption.
         class EncryptResponse
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt KeyManagementService.Decrypt}.
+        # Response message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt KeyManagementService.Decrypt}.
         # @!attribute [rw] plaintext
         #   @return [::String]
-        #     The decrypted data originally supplied in {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}.
+        #     The decrypted data originally supplied in
+        #     {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}.
         # @!attribute [rw] plaintext_crc32c
         #   @return [::Google::Protobuf::Int64Value]
         #     Integrity verification field. A CRC32C checksum of the returned
-        #     {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext}. An integrity check of
-        #     {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext} can be performed by computing the CRC32C
-        #     checksum of {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext} and comparing your results to
-        #     this field. Discard the response in case of non-matching checksum values,
-        #     and perform a limited number of retries. A persistent mismatch may indicate
-        #     an issue in your computation of the CRC32C checksum. Note: receiving this
-        #     response message indicates that {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} is able to
-        #     successfully decrypt the {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext ciphertext}.
-        #     Note: This field is defined as int64 for reasons of compatibility across
-        #     different languages. However, it is a non-negative integer, which will
-        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
-        #     that support this type.
+        #     {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext}.
+        #     An integrity check of
+        #     {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext}
+        #     can be performed by computing the CRC32C checksum of
+        #     {::Google::Cloud::Kms::V1::DecryptResponse#plaintext DecryptResponse.plaintext}
+        #     and comparing your results to this field. Discard the response in case of
+        #     non-matching checksum values, and perform a limited number of retries. A
+        #     persistent mismatch may indicate an issue in your computation of the CRC32C
+        #     checksum. Note: receiving this response message indicates that
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} is able to
+        #     successfully decrypt the
+        #     {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext ciphertext}. Note: This
+        #     field is defined as int64 for reasons of compatibility across different
+        #     languages. However, it is a non-negative integer, which will never exceed
+        #     2^32-1, and can be safely downconverted to uint32 in languages that support
+        #     this type.
         # @!attribute [rw] used_primary
         #   @return [::Boolean]
         #     Whether the Decryption was performed using the primary key version.
         # @!attribute [rw] protection_level
         #   @return [::Google::Cloud::Kms::V1::ProtectionLevel]
-        #     The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in decryption.
+        #     The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in
+        #     decryption.
         class DecryptResponse
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_sign KeyManagementService.AsymmetricSign}.
+        # Response message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_sign KeyManagementService.AsymmetricSign}.
         # @!attribute [rw] signature
         #   @return [::String]
         #     The created signature.
         # @!attribute [rw] signature_crc32c
         #   @return [::Google::Protobuf::Int64Value]
         #     Integrity verification field. A CRC32C checksum of the returned
-        #     {::Google::Cloud::Kms::V1::AsymmetricSignResponse#signature AsymmetricSignResponse.signature}. An integrity check of
-        #     {::Google::Cloud::Kms::V1::AsymmetricSignResponse#signature AsymmetricSignResponse.signature} can be performed by computing the
-        #     CRC32C checksum of {::Google::Cloud::Kms::V1::AsymmetricSignResponse#signature AsymmetricSignResponse.signature} and comparing your
-        #     results to this field. Discard the response in case of non-matching
-        #     checksum values, and perform a limited number of retries. A persistent
-        #     mismatch may indicate an issue in your computation of the CRC32C checksum.
-        #     Note: This field is defined as int64 for reasons of compatibility across
-        #     different languages. However, it is a non-negative integer, which will
-        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
-        #     that support this type.
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignResponse#signature AsymmetricSignResponse.signature}.
+        #     An integrity check of
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignResponse#signature AsymmetricSignResponse.signature}
+        #     can be performed by computing the CRC32C checksum of
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignResponse#signature AsymmetricSignResponse.signature}
+        #     and comparing your results to this field. Discard the response in case of
+        #     non-matching checksum values, and perform a limited number of retries. A
+        #     persistent mismatch may indicate an issue in your computation of the CRC32C
+        #     checksum. Note: This field is defined as int64 for reasons of compatibility
+        #     across different languages. However, it is a non-negative integer, which
+        #     will never exceed 2^32-1, and can be safely downconverted to uint32 in
+        #     languages that support this type.
         # @!attribute [rw] verified_digest_crc32c
         #   @return [::Boolean]
         #     Integrity verification field. A flag indicating whether
-        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c} was received by
-        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
-        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest digest}. A false value of this field
-        #     indicates either that {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c} was left
-        #     unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
-        #     set {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c} but this field is still false,
-        #     discard the response and perform a limited number of retries.
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c}
+        #     was received by
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used
+        #     for the integrity verification of the
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest digest}. A false value
+        #     of this field indicates either that
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c}
+        #     was left unset or that it was not delivered to
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
+        #     set
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c}
+        #     but this field is still false, discard the response and perform a limited
+        #     number of retries.
         # @!attribute [rw] name
         #   @return [::String]
-        #     The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing. Check
-        #     this field to verify that the intended resource was used for signing.
+        #     The resource name of the
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing.
+        #     Check this field to verify that the intended resource was used for signing.
         # @!attribute [rw] verified_data_crc32c
         #   @return [::Boolean]
         #     Integrity verification field. A flag indicating whether
-        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c} was received by
-        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
-        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data data}. A false value of this field
-        #     indicates either that {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c} was left
-        #     unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
-        #     set {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c} but this field is still false,
-        #     discard the response and perform a limited number of retries.
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c}
+        #     was received by
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used
+        #     for the integrity verification of the
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data data}. A false value of
+        #     this field indicates either that
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c}
+        #     was left unset or that it was not delivered to
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
+        #     set
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c}
+        #     but this field is still false, discard the response and perform a limited
+        #     number of retries.
         # @!attribute [rw] protection_level
         #   @return [::Google::Cloud::Kms::V1::ProtectionLevel]
-        #     The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing.
+        #     The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing.
         class AsymmetricSignResponse
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_decrypt KeyManagementService.AsymmetricDecrypt}.
+        # Response message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_decrypt KeyManagementService.AsymmetricDecrypt}.
         # @!attribute [rw] plaintext
         #   @return [::String]
         #     The decrypted data originally encrypted with the matching public key.
         # @!attribute [rw] plaintext_crc32c
         #   @return [::Google::Protobuf::Int64Value]
         #     Integrity verification field. A CRC32C checksum of the returned
-        #     {::Google::Cloud::Kms::V1::AsymmetricDecryptResponse#plaintext AsymmetricDecryptResponse.plaintext}. An integrity check of
-        #     {::Google::Cloud::Kms::V1::AsymmetricDecryptResponse#plaintext AsymmetricDecryptResponse.plaintext} can be performed by computing the
-        #     CRC32C checksum of {::Google::Cloud::Kms::V1::AsymmetricDecryptResponse#plaintext AsymmetricDecryptResponse.plaintext} and comparing
-        #     your results to this field. Discard the response in case of non-matching
-        #     checksum values, and perform a limited number of retries. A persistent
-        #     mismatch may indicate an issue in your computation of the CRC32C checksum.
-        #     Note: This field is defined as int64 for reasons of compatibility across
-        #     different languages. However, it is a non-negative integer, which will
-        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
-        #     that support this type.
+        #     {::Google::Cloud::Kms::V1::AsymmetricDecryptResponse#plaintext AsymmetricDecryptResponse.plaintext}.
+        #     An integrity check of
+        #     {::Google::Cloud::Kms::V1::AsymmetricDecryptResponse#plaintext AsymmetricDecryptResponse.plaintext}
+        #     can be performed by computing the CRC32C checksum of
+        #     {::Google::Cloud::Kms::V1::AsymmetricDecryptResponse#plaintext AsymmetricDecryptResponse.plaintext}
+        #     and comparing your results to this field. Discard the response in case of
+        #     non-matching checksum values, and perform a limited number of retries. A
+        #     persistent mismatch may indicate an issue in your computation of the CRC32C
+        #     checksum. Note: This field is defined as int64 for reasons of compatibility
+        #     across different languages. However, it is a non-negative integer, which
+        #     will never exceed 2^32-1, and can be safely downconverted to uint32 in
+        #     languages that support this type.
         # @!attribute [rw] verified_ciphertext_crc32c
         #   @return [::Boolean]
         #     Integrity verification field. A flag indicating whether
-        #     {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c} was received by
-        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
-        #     {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext ciphertext}. A false value of this
-        #     field indicates either that {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c}
-        #     was left unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If
-        #     you've set {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c} but this field is
-        #     still false, discard the response and perform a limited number of retries.
+        #     {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c}
+        #     was received by
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used
+        #     for the integrity verification of the
+        #     {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext ciphertext}. A
+        #     false value of this field indicates either that
+        #     {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c}
+        #     was left unset or that it was not delivered to
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
+        #     set
+        #     {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c}
+        #     but this field is still false, discard the response and perform a limited
+        #     number of retries.
         # @!attribute [rw] protection_level
         #   @return [::Google::Cloud::Kms::V1::ProtectionLevel]
-        #     The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in decryption.
+        #     The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used in
+        #     decryption.
         class AsymmetricDecryptResponse
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign KeyManagementService.MacSign}.
+        # Response message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign KeyManagementService.MacSign}.
         # @!attribute [rw] name
         #   @return [::String]
-        #     The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing. Check
-        #     this field to verify that the intended resource was used for signing.
+        #     The resource name of the
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing.
+        #     Check this field to verify that the intended resource was used for signing.
         # @!attribute [rw] mac
         #   @return [::String]
         #     The created signature.
         # @!attribute [rw] mac_crc32c
         #   @return [::Google::Protobuf::Int64Value]
         #     Integrity verification field. A CRC32C checksum of the returned
-        #     {::Google::Cloud::Kms::V1::MacSignResponse#mac MacSignResponse.mac}. An integrity check of
-        #     {::Google::Cloud::Kms::V1::MacSignResponse#mac MacSignResponse.mac} can be performed by computing the
-        #     CRC32C checksum of {::Google::Cloud::Kms::V1::MacSignResponse#mac MacSignResponse.mac} and comparing your
-        #     results to this field. Discard the response in case of non-matching
-        #     checksum values, and perform a limited number of retries. A persistent
-        #     mismatch may indicate an issue in your computation of the CRC32C checksum.
-        #     Note: This field is defined as int64 for reasons of compatibility across
-        #     different languages. However, it is a non-negative integer, which will
-        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
-        #     that support this type.
+        #     {::Google::Cloud::Kms::V1::MacSignResponse#mac MacSignResponse.mac}. An
+        #     integrity check of
+        #     {::Google::Cloud::Kms::V1::MacSignResponse#mac MacSignResponse.mac} can be
+        #     performed by computing the CRC32C checksum of
+        #     {::Google::Cloud::Kms::V1::MacSignResponse#mac MacSignResponse.mac} and
+        #     comparing your results to this field. Discard the response in case of
+        #     non-matching checksum values, and perform a limited number of retries. A
+        #     persistent mismatch may indicate an issue in your computation of the CRC32C
+        #     checksum. Note: This field is defined as int64 for reasons of compatibility
+        #     across different languages. However, it is a non-negative integer, which
+        #     will never exceed 2^32-1, and can be safely downconverted to uint32 in
+        #     languages that support this type.
         # @!attribute [rw] verified_data_crc32c
         #   @return [::Boolean]
         #     Integrity verification field. A flag indicating whether
-        #     {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c} was received by
-        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
-        #     {::Google::Cloud::Kms::V1::MacSignRequest#data data}. A false value of this field
-        #     indicates either that {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c} was left
-        #     unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
-        #     set {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c} but this field is still false,
-        #     discard the response and perform a limited number of retries.
+        #     {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c}
+        #     was received by
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used
+        #     for the integrity verification of the
+        #     {::Google::Cloud::Kms::V1::MacSignRequest#data data}. A false value of this
+        #     field indicates either that
+        #     {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c}
+        #     was left unset or that it was not delivered to
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
+        #     set
+        #     {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c}
+        #     but this field is still false, discard the response and perform a limited
+        #     number of retries.
         # @!attribute [rw] protection_level
         #   @return [::Google::Cloud::Kms::V1::ProtectionLevel]
-        #     The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing.
+        #     The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing.
         class MacSignResponse
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_verify KeyManagementService.MacVerify}.
+        # Response message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_verify KeyManagementService.MacVerify}.
         # @!attribute [rw] name
         #   @return [::String]
-        #     The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for verification.
-        #     Check this field to verify that the intended resource was used for
-        #     verification.
+        #     The resource name of the
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for
+        #     verification. Check this field to verify that the intended resource was
+        #     used for verification.
         # @!attribute [rw] success
         #   @return [::Boolean]
         #     This field indicates whether or not the verification operation for
-        #     {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac} over {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data} was successful.
+        #     {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac} over
+        #     {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data} was
+        #     successful.
         # @!attribute [rw] verified_data_crc32c
         #   @return [::Boolean]
         #     Integrity verification field. A flag indicating whether
-        #     {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c} was received by
-        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
-        #     {::Google::Cloud::Kms::V1::MacVerifyRequest#data data}. A false value of this field
-        #     indicates either that {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c} was left
-        #     unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
-        #     set {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c} but this field is still false,
-        #     discard the response and perform a limited number of retries.
+        #     {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c}
+        #     was received by
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used
+        #     for the integrity verification of the
+        #     {::Google::Cloud::Kms::V1::MacVerifyRequest#data data}. A false value of this
+        #     field indicates either that
+        #     {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c}
+        #     was left unset or that it was not delivered to
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
+        #     set
+        #     {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c}
+        #     but this field is still false, discard the response and perform a limited
+        #     number of retries.
         # @!attribute [rw] verified_mac_crc32c
         #   @return [::Boolean]
         #     Integrity verification field. A flag indicating whether
-        #     {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c} was received by
-        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
-        #     {::Google::Cloud::Kms::V1::MacVerifyRequest#mac data}. A false value of this field
-        #     indicates either that {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c} was left
-        #     unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
-        #     set {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c} but this field is still false,
-        #     discard the response and perform a limited number of retries.
+        #     {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c}
+        #     was received by
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used
+        #     for the integrity verification of the
+        #     {::Google::Cloud::Kms::V1::MacVerifyRequest#mac data}. A false value of this
+        #     field indicates either that
+        #     {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c}
+        #     was left unset or that it was not delivered to
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
+        #     set
+        #     {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c}
+        #     but this field is still false, discard the response and perform a limited
+        #     number of retries.
         # @!attribute [rw] verified_success_integrity
         #   @return [::Boolean]
         #     Integrity verification field. This value is used for the integrity
@@ -982,29 +1215,34 @@ module Google
         #     and perform a limited number of retries.
         # @!attribute [rw] protection_level
         #   @return [::Google::Cloud::Kms::V1::ProtectionLevel]
-        #     The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for verification.
+        #     The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the
+        #     {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for
+        #     verification.
         class MacVerifyResponse
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Response message for {::Google::Cloud::Kms::V1::KeyManagementService::Client#generate_random_bytes KeyManagementService.GenerateRandomBytes}.
+        # Response message for
+        # {::Google::Cloud::Kms::V1::KeyManagementService::Client#generate_random_bytes KeyManagementService.GenerateRandomBytes}.
         # @!attribute [rw] data
         #   @return [::String]
         #     The generated data.
         # @!attribute [rw] data_crc32c
         #   @return [::Google::Protobuf::Int64Value]
         #     Integrity verification field. A CRC32C checksum of the returned
-        #     {::Google::Cloud::Kms::V1::GenerateRandomBytesResponse#data GenerateRandomBytesResponse.data}. An integrity check of
-        #     {::Google::Cloud::Kms::V1::GenerateRandomBytesResponse#data GenerateRandomBytesResponse.data} can be performed by computing the
-        #     CRC32C checksum of {::Google::Cloud::Kms::V1::GenerateRandomBytesResponse#data GenerateRandomBytesResponse.data} and comparing your
-        #     results to this field. Discard the response in case of non-matching
-        #     checksum values, and perform a limited number of retries. A persistent
-        #     mismatch may indicate an issue in your computation of the CRC32C checksum.
-        #     Note: This field is defined as int64 for reasons of compatibility across
-        #     different languages. However, it is a non-negative integer, which will
-        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
-        #     that support this type.
+        #     {::Google::Cloud::Kms::V1::GenerateRandomBytesResponse#data GenerateRandomBytesResponse.data}.
+        #     An integrity check of
+        #     {::Google::Cloud::Kms::V1::GenerateRandomBytesResponse#data GenerateRandomBytesResponse.data}
+        #     can be performed by computing the CRC32C checksum of
+        #     {::Google::Cloud::Kms::V1::GenerateRandomBytesResponse#data GenerateRandomBytesResponse.data}
+        #     and comparing your results to this field. Discard the response in case of
+        #     non-matching checksum values, and perform a limited number of retries. A
+        #     persistent mismatch may indicate an issue in your computation of the CRC32C
+        #     checksum. Note: This field is defined as int64 for reasons of compatibility
+        #     across different languages. However, it is a non-negative integer, which
+        #     will never exceed 2^32-1, and can be safely downconverted to uint32 in
+        #     languages that support this type.
         class GenerateRandomBytesResponse
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -1025,17 +1263,20 @@ module Google
           extend ::Google::Protobuf::MessageExts::ClassMethods
         end
 
-        # Cloud KMS metadata for the given [google.cloud.location.Location][google.cloud.location.Location].
+        # Cloud KMS metadata for the given
+        # [google.cloud.location.Location][google.cloud.location.Location].
         # @!attribute [rw] hsm_available
         #   @return [::Boolean]
         #     Indicates whether {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with
         #     {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}
-        #     {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} can be created in this location.
+        #     {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} can be created in this
+        #     location.
         # @!attribute [rw] ekm_available
         #   @return [::Boolean]
         #     Indicates whether {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with
         #     {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}
-        #     {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL EXTERNAL} can be created in this location.
+        #     {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL EXTERNAL} can be created in
+        #     this location.
         class LocationMetadata
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods