google-cloud-kms-v1 0.15.0 → 0.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 546f9054cef92ac65e6f3dfbbb4b143216271890a78c5b444c7e817bc0b65f75
4
- data.tar.gz: bffdcb4e068aec1bb96999fcb513d309be1db9f8da0ba631e107a656c0c05315
3
+ metadata.gz: 88ccb6ea1616c6e3d3e167aaf3d0e81795d897a8f07922ceb7fccfe0be5c1baa
4
+ data.tar.gz: 2d635e795aef36e90ff5fa04ab772fc982e6ec30d3855a8741d358edbee26809
5
5
  SHA512:
6
- metadata.gz: ddc11f68a8c8ca566b1d74af941f034f16c7911967bf0cd41c1fc5175386f4a0f70ea1e24827a7b01a094074e86ce472f2934cdfc423f591f6ed6000eb5bb670
7
- data.tar.gz: f6ff0ad09cf0fa9a4007f5d10a904dee8c0373560facc48da2cd92e40a458e77f38f0bb6f22aaa149c92cb2c3021e48151d2da768d09854e413964fef5747cac
6
+ metadata.gz: ffcdda5aafc0cc3bef3e4b1dba6fea52819d282bf6af6a3d085802e2c447f5116c053d80fbc8978ee2540ed178ae5d9efbbf5316adf06f79ccfa641a30044e05
7
+ data.tar.gz: c16e58ed43dae8dbdafed46b687864cf1241dbc50ddec764406928cb9e702a30362d2862a63c6419f955f869bc28a8362fa1a1f51770acb79a6a075270927034
data/README.md CHANGED
@@ -46,7 +46,7 @@ for general usage information.
46
46
  ## Enabling Logging
47
47
 
48
48
  To enable logging for this library, set the logger for the underlying [gRPC](https://github.com/grpc/grpc/tree/master/src/ruby) library.
49
- The logger that you set may be a Ruby stdlib [`Logger`](https://ruby-doc.org/stdlib/libdoc/logger/rdoc/Logger.html) as shown below,
49
+ The logger that you set may be a Ruby stdlib [`Logger`](https://ruby-doc.org/current/stdlibs/logger/Logger.html) as shown below,
50
50
  or a [`Google::Cloud::Logging::Logger`](https://googleapis.dev/ruby/google-cloud-logging/latest)
51
51
  that will write logs to [Cloud Logging](https://cloud.google.com/logging/). See [grpc/logconfig.rb](https://github.com/grpc/grpc/blob/master/src/ruby/lib/grpc/logconfig.rb)
52
52
  and the gRPC [spec_helper.rb](https://github.com/grpc/grpc/blob/master/src/ruby/spec/spec_helper.rb) for additional information.
@@ -1522,7 +1522,7 @@ module Google
1522
1522
  # @param options [::Gapic::CallOptions, ::Hash]
1523
1523
  # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
1524
1524
  #
1525
- # @overload import_crypto_key_version(parent: nil, crypto_key_version: nil, algorithm: nil, import_job: nil, rsa_aes_wrapped_key: nil)
1525
+ # @overload import_crypto_key_version(parent: nil, crypto_key_version: nil, algorithm: nil, import_job: nil, wrapped_key: nil, rsa_aes_wrapped_key: nil)
1526
1526
  # Pass arguments to `import_crypto_key_version` via keyword arguments. Note that at
1527
1527
  # least one keyword argument is required. To specify no parameters, or to keep all
1528
1528
  # the default parameter values, pass an empty Hash as a request object (see above).
@@ -1564,32 +1564,52 @@ module Google
1564
1564
  # Required. The {::Google::Cloud::Kms::V1::ImportJob#name name} of the
1565
1565
  # {::Google::Cloud::Kms::V1::ImportJob ImportJob} that was used to wrap this key
1566
1566
  # material.
1567
- # @param rsa_aes_wrapped_key [::String]
1568
- # Wrapped key material produced with
1569
- # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA1_AES_256 RSA_OAEP_3072_SHA1_AES_256}
1567
+ # @param wrapped_key [::String]
1568
+ # Optional. The wrapped key material to import.
1569
+ #
1570
+ # Before wrapping, key material must be formatted. If importing symmetric key
1571
+ # material, the expected key material format is plain bytes. If importing
1572
+ # asymmetric key material, the expected key material format is PKCS#8-encoded
1573
+ # DER (the PrivateKeyInfo structure from RFC 5208).
1574
+ #
1575
+ # When wrapping with import methods
1576
+ # ({::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA1_AES_256 RSA_OAEP_3072_SHA1_AES_256}
1577
+ # or
1578
+ # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA1_AES_256 RSA_OAEP_4096_SHA1_AES_256}
1579
+ # or
1580
+ # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA256_AES_256 RSA_OAEP_3072_SHA256_AES_256}
1570
1581
  # or
1571
- # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA1_AES_256 RSA_OAEP_4096_SHA1_AES_256}.
1582
+ # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA256_AES_256 RSA_OAEP_4096_SHA256_AES_256}),
1572
1583
  #
1573
- # This field contains the concatenation of two wrapped keys:
1584
+ # this field must contain the concatenation of:
1574
1585
  # <ol>
1575
1586
  # <li>An ephemeral AES-256 wrapping key wrapped with the
1576
1587
  # {::Google::Cloud::Kms::V1::ImportJob#public_key public_key} using
1577
- # RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an
1578
- # empty label.
1588
+ # RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty
1589
+ # label.
1579
1590
  # </li>
1580
- # <li>The key to be imported, wrapped with the ephemeral AES-256 key
1581
- # using AES-KWP (RFC 5649).
1591
+ # <li>The formatted key to be imported, wrapped with the ephemeral AES-256
1592
+ # key using AES-KWP (RFC 5649).
1582
1593
  # </li>
1583
1594
  # </ol>
1584
1595
  #
1585
- # If importing symmetric key material, it is expected that the unwrapped
1586
- # key contains plain bytes. If importing asymmetric key material, it is
1587
- # expected that the unwrapped key is in PKCS#8-encoded DER format (the
1588
- # PrivateKeyInfo structure from RFC 5208).
1589
- #
1590
1596
  # This format is the same as the format produced by PKCS#11 mechanism
1591
1597
  # CKM_RSA_AES_KEY_WRAP.
1592
1598
  #
1599
+ # When wrapping with import methods
1600
+ # ({::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA256 RSA_OAEP_3072_SHA256}
1601
+ # or
1602
+ # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA256 RSA_OAEP_4096_SHA256}),
1603
+ #
1604
+ # this field must contain the formatted key to be imported, wrapped with the
1605
+ # {::Google::Cloud::Kms::V1::ImportJob#public_key public_key} using RSAES-OAEP
1606
+ # with SHA-256, MGF1 with SHA-256, and an empty label.
1607
+ # @param rsa_aes_wrapped_key [::String]
1608
+ # Optional. This field has the same meaning as
1609
+ # {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#wrapped_key wrapped_key}.
1610
+ # Prefer to use that field in new work. Either that field or this field
1611
+ # (but not both) must be specified.
1612
+ #
1593
1613
  # @yield [response, operation] Access the result along with the RPC operation
1594
1614
  # @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion]
1595
1615
  # @yieldparam operation [::GRPC::ActiveCall::Operation]
@@ -2265,7 +2285,9 @@ module Google
2265
2285
  #
2266
2286
  # The maximum size depends on the key version's
2267
2287
  # {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
2268
- # For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the
2288
+ # For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE},
2289
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL EXTERNAL}, and
2290
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL_VPC EXTERNAL_VPC} keys, the
2269
2291
  # plaintext must be no larger than 64KiB. For
2270
2292
  # {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
2271
2293
  # the plaintext and additional_authenticated_data fields must be no larger
@@ -2277,8 +2299,10 @@ module Google
2277
2299
  #
2278
2300
  # The maximum size depends on the key version's
2279
2301
  # {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
2280
- # For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the AAD
2281
- # must be no larger than 64KiB. For
2302
+ # For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE},
2303
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL EXTERNAL}, and
2304
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL_VPC EXTERNAL_VPC} keys the
2305
+ # AAD must be no larger than 64KiB. For
2282
2306
  # {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
2283
2307
  # the plaintext and additional_authenticated_data fields must be no larger
2284
2308
  # than 8KiB.
@@ -143,6 +143,10 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
143
143
  value :IMPORT_METHOD_UNSPECIFIED, 0
144
144
  value :RSA_OAEP_3072_SHA1_AES_256, 1
145
145
  value :RSA_OAEP_4096_SHA1_AES_256, 2
146
+ value :RSA_OAEP_3072_SHA256_AES_256, 3
147
+ value :RSA_OAEP_4096_SHA256_AES_256, 4
148
+ value :RSA_OAEP_3072_SHA256, 5
149
+ value :RSA_OAEP_4096_SHA256, 6
146
150
  end
147
151
  add_enum "google.cloud.kms.v1.ImportJob.ImportJobState" do
148
152
  value :IMPORT_JOB_STATE_UNSPECIFIED, 0
@@ -98,6 +98,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
98
98
  optional :crypto_key_version, :string, 6
99
99
  optional :algorithm, :enum, 2, "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm"
100
100
  optional :import_job, :string, 4
101
+ optional :wrapped_key, :bytes, 8
101
102
  oneof :wrapped_key_material do
102
103
  optional :rsa_aes_wrapped_key, :bytes, 5
103
104
  end
@@ -21,7 +21,7 @@ module Google
21
21
  module Cloud
22
22
  module Kms
23
23
  module V1
24
- VERSION = "0.15.0"
24
+ VERSION = "0.16.0"
25
25
  end
26
26
  end
27
27
  end
@@ -21,7 +21,8 @@ module Google
21
21
  module Cloud
22
22
  module Kms
23
23
  module V1
24
- # Request message for [KeyManagementService.ListEkmConnections][].
24
+ # Request message for
25
+ # {::Google::Cloud::Kms::V1::EkmService::Client#list_ekm_connections EkmService.ListEkmConnections}.
25
26
  # @!attribute [rw] parent
26
27
  # @return [::String]
27
28
  # Required. The resource name of the location associated with the
@@ -57,7 +58,8 @@ module Google
57
58
  extend ::Google::Protobuf::MessageExts::ClassMethods
58
59
  end
59
60
 
60
- # Response message for [KeyManagementService.ListEkmConnections][].
61
+ # Response message for
62
+ # {::Google::Cloud::Kms::V1::EkmService::Client#list_ekm_connections EkmService.ListEkmConnections}.
61
63
  # @!attribute [rw] ekm_connections
62
64
  # @return [::Array<::Google::Cloud::Kms::V1::EkmConnection>]
63
65
  # The list of {::Google::Cloud::Kms::V1::EkmConnection EkmConnections}.
@@ -75,7 +77,8 @@ module Google
75
77
  extend ::Google::Protobuf::MessageExts::ClassMethods
76
78
  end
77
79
 
78
- # Request message for [KeyManagementService.GetEkmConnection][].
80
+ # Request message for
81
+ # {::Google::Cloud::Kms::V1::EkmService::Client#get_ekm_connection EkmService.GetEkmConnection}.
79
82
  # @!attribute [rw] name
80
83
  # @return [::String]
81
84
  # Required. The {::Google::Cloud::Kms::V1::EkmConnection#name name} of the
@@ -85,7 +88,8 @@ module Google
85
88
  extend ::Google::Protobuf::MessageExts::ClassMethods
86
89
  end
87
90
 
88
- # Request message for [KeyManagementService.CreateEkmConnection][].
91
+ # Request message for
92
+ # {::Google::Cloud::Kms::V1::EkmService::Client#create_ekm_connection EkmService.CreateEkmConnection}.
89
93
  # @!attribute [rw] parent
90
94
  # @return [::String]
91
95
  # Required. The resource name of the location associated with the
@@ -104,7 +108,8 @@ module Google
104
108
  extend ::Google::Protobuf::MessageExts::ClassMethods
105
109
  end
106
110
 
107
- # Request message for [KeyManagementService.UpdateEkmConnection][].
111
+ # Request message for
112
+ # {::Google::Cloud::Kms::V1::EkmService::Client#update_ekm_connection EkmService.UpdateEkmConnection}.
108
113
  # @!attribute [rw] ekm_connection
109
114
  # @return [::Google::Cloud::Kms::V1::EkmConnection]
110
115
  # Required. {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} with updated
@@ -185,9 +190,8 @@ module Google
185
190
  # supported.
186
191
  # @!attribute [rw] etag
187
192
  # @return [::String]
188
- # This checksum is computed by the server based on the value of other fields,
189
- # and may be sent on update requests to ensure the client has an up-to-date
190
- # value before proceeding.
193
+ # Optional. Etag of the currently stored
194
+ # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}.
191
195
  class EkmConnection
192
196
  include ::Google::Protobuf::MessageExts
193
197
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -214,7 +218,8 @@ module Google
214
218
  # @!attribute [rw] server_certificates
215
219
  # @return [::Array<::Google::Cloud::Kms::V1::Certificate>]
216
220
  # Required. A list of leaf server certificates used to authenticate HTTPS
217
- # connections to the EKM replica.
221
+ # connections to the EKM replica. Currently, a maximum of 10
222
+ # {::Google::Cloud::Kms::V1::Certificate Certificate} is supported.
218
223
  class ServiceResolver
219
224
  include ::Google::Protobuf::MessageExts
220
225
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -254,6 +254,9 @@ module Google
254
254
 
255
255
  # Cavium HSM attestation compressed with gzip. Note that this format is
256
256
  # defined by Cavium and subject to change at any time.
257
+ #
258
+ # See
259
+ # https://www.marvell.com/products/security-solutions/nitrox-hs-adapters/software-key-attestation.html.
257
260
  CAVIUM_V1_COMPRESSED = 3
258
261
 
259
262
  # Cavium HSM attestation V2 compressed with gzip. This is a new format
@@ -736,6 +739,34 @@ module Google
736
739
  # [RSA AES key wrap
737
740
  # mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
738
741
  RSA_OAEP_4096_SHA1_AES_256 = 2
742
+
743
+ # This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
744
+ # scheme defined in the PKCS #11 standard. In summary, this involves
745
+ # wrapping the raw key with an ephemeral AES key, and wrapping the
746
+ # ephemeral AES key with a 3072 bit RSA key. For more details, see
747
+ # [RSA AES key wrap
748
+ # mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
749
+ RSA_OAEP_3072_SHA256_AES_256 = 3
750
+
751
+ # This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
752
+ # scheme defined in the PKCS #11 standard. In summary, this involves
753
+ # wrapping the raw key with an ephemeral AES key, and wrapping the
754
+ # ephemeral AES key with a 4096 bit RSA key. For more details, see
755
+ # [RSA AES key wrap
756
+ # mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
757
+ RSA_OAEP_4096_SHA256_AES_256 = 4
758
+
759
+ # This ImportMethod represents RSAES-OAEP with a 3072 bit RSA key. The
760
+ # key material to be imported is wrapped directly with the RSA key. Due
761
+ # to technical limitations of RSA wrapping, this method cannot be used to
762
+ # wrap RSA keys for import.
763
+ RSA_OAEP_3072_SHA256 = 5
764
+
765
+ # This ImportMethod represents RSAES-OAEP with a 4096 bit RSA key. The
766
+ # key material to be imported is wrapped directly with the RSA key. Due
767
+ # to technical limitations of RSA wrapping, this method cannot be used to
768
+ # wrap RSA keys for import.
769
+ RSA_OAEP_4096_SHA256 = 6
739
770
  end
740
771
 
741
772
  # The state of the {::Google::Cloud::Kms::V1::ImportJob ImportJob}, indicating if
@@ -413,32 +413,53 @@ module Google
413
413
  # Required. The {::Google::Cloud::Kms::V1::ImportJob#name name} of the
414
414
  # {::Google::Cloud::Kms::V1::ImportJob ImportJob} that was used to wrap this key
415
415
  # material.
416
- # @!attribute [rw] rsa_aes_wrapped_key
416
+ # @!attribute [rw] wrapped_key
417
417
  # @return [::String]
418
- # Wrapped key material produced with
419
- # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA1_AES_256 RSA_OAEP_3072_SHA1_AES_256}
418
+ # Optional. The wrapped key material to import.
419
+ #
420
+ # Before wrapping, key material must be formatted. If importing symmetric key
421
+ # material, the expected key material format is plain bytes. If importing
422
+ # asymmetric key material, the expected key material format is PKCS#8-encoded
423
+ # DER (the PrivateKeyInfo structure from RFC 5208).
424
+ #
425
+ # When wrapping with import methods
426
+ # ({::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA1_AES_256 RSA_OAEP_3072_SHA1_AES_256}
420
427
  # or
421
- # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA1_AES_256 RSA_OAEP_4096_SHA1_AES_256}.
428
+ # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA1_AES_256 RSA_OAEP_4096_SHA1_AES_256}
429
+ # or
430
+ # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA256_AES_256 RSA_OAEP_3072_SHA256_AES_256}
431
+ # or
432
+ # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA256_AES_256 RSA_OAEP_4096_SHA256_AES_256}),
422
433
  #
423
- # This field contains the concatenation of two wrapped keys:
434
+ # this field must contain the concatenation of:
424
435
  # <ol>
425
436
  # <li>An ephemeral AES-256 wrapping key wrapped with the
426
437
  # {::Google::Cloud::Kms::V1::ImportJob#public_key public_key} using
427
- # RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an
428
- # empty label.
438
+ # RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty
439
+ # label.
429
440
  # </li>
430
- # <li>The key to be imported, wrapped with the ephemeral AES-256 key
431
- # using AES-KWP (RFC 5649).
441
+ # <li>The formatted key to be imported, wrapped with the ephemeral AES-256
442
+ # key using AES-KWP (RFC 5649).
432
443
  # </li>
433
444
  # </ol>
434
445
  #
435
- # If importing symmetric key material, it is expected that the unwrapped
436
- # key contains plain bytes. If importing asymmetric key material, it is
437
- # expected that the unwrapped key is in PKCS#8-encoded DER format (the
438
- # PrivateKeyInfo structure from RFC 5208).
439
- #
440
446
  # This format is the same as the format produced by PKCS#11 mechanism
441
447
  # CKM_RSA_AES_KEY_WRAP.
448
+ #
449
+ # When wrapping with import methods
450
+ # ({::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA256 RSA_OAEP_3072_SHA256}
451
+ # or
452
+ # {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA256 RSA_OAEP_4096_SHA256}),
453
+ #
454
+ # this field must contain the formatted key to be imported, wrapped with the
455
+ # {::Google::Cloud::Kms::V1::ImportJob#public_key public_key} using RSAES-OAEP
456
+ # with SHA-256, MGF1 with SHA-256, and an empty label.
457
+ # @!attribute [rw] rsa_aes_wrapped_key
458
+ # @return [::String]
459
+ # Optional. This field has the same meaning as
460
+ # {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#wrapped_key wrapped_key}.
461
+ # Prefer to use that field in new work. Either that field or this field
462
+ # (but not both) must be specified.
442
463
  class ImportCryptoKeyVersionRequest
443
464
  include ::Google::Protobuf::MessageExts
444
465
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -545,7 +566,9 @@ module Google
545
566
  #
546
567
  # The maximum size depends on the key version's
547
568
  # {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
548
- # For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the
569
+ # For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE},
570
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL EXTERNAL}, and
571
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL_VPC EXTERNAL_VPC} keys, the
549
572
  # plaintext must be no larger than 64KiB. For
550
573
  # {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
551
574
  # the plaintext and additional_authenticated_data fields must be no larger
@@ -558,8 +581,10 @@ module Google
558
581
  #
559
582
  # The maximum size depends on the key version's
560
583
  # {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
561
- # For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the AAD
562
- # must be no larger than 64KiB. For
584
+ # For {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE},
585
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL EXTERNAL}, and
586
+ # {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL_VPC EXTERNAL_VPC} keys the
587
+ # AAD must be no larger than 64KiB. For
563
588
  # {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
564
589
  # the plaintext and additional_authenticated_data fields must be no larger
565
590
  # than 8KiB.
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: google-cloud-kms-v1
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.15.0
4
+ version: 0.16.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Google LLC
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-11-16 00:00:00.000000000 Z
11
+ date: 2022-12-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gapic-common