google-cloud-kms-v1 0.6.1 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/AUTHENTICATION.md +3 -3
- data/lib/google/cloud/kms/v1/iam_policy/client.rb +38 -39
- data/lib/google/cloud/kms/v1/key_management_service/client.rb +515 -166
- data/lib/google/cloud/kms/v1/resources_pb.rb +11 -2
- data/lib/google/cloud/kms/v1/service_pb.rb +62 -14
- data/lib/google/cloud/kms/v1/service_services_pb.rb +37 -24
- data/lib/google/cloud/kms/v1/version.rb +1 -1
- data/proto_docs/google/cloud/kms/v1/resources.rb +47 -4
- data/proto_docs/google/cloud/kms/v1/service.rb +259 -58
- metadata +4 -4
@@ -1,14 +1,14 @@
|
|
1
1
|
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
2
|
# source: google/cloud/kms/v1/resources.proto
|
3
3
|
|
4
|
-
require 'google/protobuf'
|
5
|
-
|
6
4
|
require 'google/api/field_behavior_pb'
|
7
5
|
require 'google/api/resource_pb'
|
8
6
|
require 'google/protobuf/duration_pb'
|
9
7
|
require 'google/protobuf/timestamp_pb'
|
10
8
|
require 'google/protobuf/wrappers_pb'
|
11
9
|
require 'google/api/annotations_pb'
|
10
|
+
require 'google/protobuf'
|
11
|
+
|
12
12
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
13
13
|
add_file("google/cloud/kms/v1/resources.proto", :syntax => :proto3) do
|
14
14
|
add_message "google.cloud.kms.v1.KeyRing" do
|
@@ -23,6 +23,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
23
23
|
optional :next_rotation_time, :message, 7, "google.protobuf.Timestamp"
|
24
24
|
optional :version_template, :message, 11, "google.cloud.kms.v1.CryptoKeyVersionTemplate"
|
25
25
|
map :labels, :string, :string, 10
|
26
|
+
optional :import_only, :bool, 13
|
27
|
+
optional :destroy_scheduled_duration, :message, 14, "google.protobuf.Duration"
|
26
28
|
oneof :rotation_schedule do
|
27
29
|
optional :rotation_period, :message, 8, "google.protobuf.Duration"
|
28
30
|
end
|
@@ -32,6 +34,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
32
34
|
value :ENCRYPT_DECRYPT, 1
|
33
35
|
value :ASYMMETRIC_SIGN, 5
|
34
36
|
value :ASYMMETRIC_DECRYPT, 6
|
37
|
+
value :MAC, 9
|
35
38
|
end
|
36
39
|
add_message "google.cloud.kms.v1.CryptoKeyVersionTemplate" do
|
37
40
|
optional :protection_level, :enum, 1, "google.cloud.kms.v1.ProtectionLevel"
|
@@ -60,6 +63,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
60
63
|
optional :import_time, :message, 15, "google.protobuf.Timestamp"
|
61
64
|
optional :import_failure_reason, :string, 16
|
62
65
|
optional :external_protection_level_options, :message, 17, "google.cloud.kms.v1.ExternalProtectionLevelOptions"
|
66
|
+
optional :reimport_eligible, :bool, 18
|
63
67
|
end
|
64
68
|
add_enum "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm" do
|
65
69
|
value :CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED, 0
|
@@ -76,9 +80,13 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
76
80
|
value :RSA_DECRYPT_OAEP_3072_SHA256, 9
|
77
81
|
value :RSA_DECRYPT_OAEP_4096_SHA256, 10
|
78
82
|
value :RSA_DECRYPT_OAEP_4096_SHA512, 17
|
83
|
+
value :RSA_DECRYPT_OAEP_2048_SHA1, 37
|
84
|
+
value :RSA_DECRYPT_OAEP_3072_SHA1, 38
|
85
|
+
value :RSA_DECRYPT_OAEP_4096_SHA1, 39
|
79
86
|
value :EC_SIGN_P256_SHA256, 12
|
80
87
|
value :EC_SIGN_P384_SHA384, 13
|
81
88
|
value :EC_SIGN_SECP256K1_SHA256, 31
|
89
|
+
value :HMAC_SHA256, 32
|
82
90
|
value :EXTERNAL_SYMMETRIC_ENCRYPTION, 18
|
83
91
|
end
|
84
92
|
add_enum "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState" do
|
@@ -100,6 +108,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
100
108
|
optional :algorithm, :enum, 2, "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm"
|
101
109
|
optional :pem_crc32c, :message, 3, "google.protobuf.Int64Value"
|
102
110
|
optional :name, :string, 4
|
111
|
+
optional :protection_level, :enum, 5, "google.cloud.kms.v1.ProtectionLevel"
|
103
112
|
end
|
104
113
|
add_message "google.cloud.kms.v1.ImportJob" do
|
105
114
|
optional :name, :string, 1
|
@@ -1,8 +1,6 @@
|
|
1
1
|
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
2
|
# source: google/cloud/kms/v1/service.proto
|
3
3
|
|
4
|
-
require 'google/protobuf'
|
5
|
-
|
6
4
|
require 'google/api/annotations_pb'
|
7
5
|
require 'google/api/client_pb'
|
8
6
|
require 'google/api/field_behavior_pb'
|
@@ -10,6 +8,8 @@ require 'google/api/resource_pb'
|
|
10
8
|
require 'google/cloud/kms/v1/resources_pb'
|
11
9
|
require 'google/protobuf/field_mask_pb'
|
12
10
|
require 'google/protobuf/wrappers_pb'
|
11
|
+
require 'google/protobuf'
|
12
|
+
|
13
13
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
14
14
|
add_file("google/cloud/kms/v1/service.proto", :syntax => :proto3) do
|
15
15
|
add_message "google.cloud.kms.v1.ListKeyRingsRequest" do
|
@@ -94,6 +94,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
94
94
|
end
|
95
95
|
add_message "google.cloud.kms.v1.ImportCryptoKeyVersionRequest" do
|
96
96
|
optional :parent, :string, 1
|
97
|
+
optional :crypto_key_version, :string, 6
|
97
98
|
optional :algorithm, :enum, 2, "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm"
|
98
99
|
optional :import_job, :string, 4
|
99
100
|
oneof :wrapped_key_material do
|
@@ -113,6 +114,16 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
113
114
|
optional :crypto_key_version, :message, 1, "google.cloud.kms.v1.CryptoKeyVersion"
|
114
115
|
optional :update_mask, :message, 2, "google.protobuf.FieldMask"
|
115
116
|
end
|
117
|
+
add_message "google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest" do
|
118
|
+
optional :name, :string, 1
|
119
|
+
optional :crypto_key_version_id, :string, 2
|
120
|
+
end
|
121
|
+
add_message "google.cloud.kms.v1.DestroyCryptoKeyVersionRequest" do
|
122
|
+
optional :name, :string, 1
|
123
|
+
end
|
124
|
+
add_message "google.cloud.kms.v1.RestoreCryptoKeyVersionRequest" do
|
125
|
+
optional :name, :string, 1
|
126
|
+
end
|
116
127
|
add_message "google.cloud.kms.v1.EncryptRequest" do
|
117
128
|
optional :name, :string, 1
|
118
129
|
optional :plaintext, :bytes, 2
|
@@ -137,9 +148,22 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
137
148
|
optional :ciphertext, :bytes, 3
|
138
149
|
optional :ciphertext_crc32c, :message, 4, "google.protobuf.Int64Value"
|
139
150
|
end
|
140
|
-
add_message "google.cloud.kms.v1.
|
141
|
-
optional :
|
142
|
-
optional :
|
151
|
+
add_message "google.cloud.kms.v1.MacSignRequest" do
|
152
|
+
optional :name, :string, 1
|
153
|
+
optional :data, :bytes, 2
|
154
|
+
optional :data_crc32c, :message, 3, "google.protobuf.Int64Value"
|
155
|
+
end
|
156
|
+
add_message "google.cloud.kms.v1.MacVerifyRequest" do
|
157
|
+
optional :name, :string, 1
|
158
|
+
optional :data, :bytes, 2
|
159
|
+
optional :data_crc32c, :message, 3, "google.protobuf.Int64Value"
|
160
|
+
optional :mac, :bytes, 4
|
161
|
+
optional :mac_crc32c, :message, 5, "google.protobuf.Int64Value"
|
162
|
+
end
|
163
|
+
add_message "google.cloud.kms.v1.GenerateRandomBytesRequest" do
|
164
|
+
optional :location, :string, 1
|
165
|
+
optional :length_bytes, :int32, 2
|
166
|
+
optional :protection_level, :enum, 3, "google.cloud.kms.v1.ProtectionLevel"
|
143
167
|
end
|
144
168
|
add_message "google.cloud.kms.v1.EncryptResponse" do
|
145
169
|
optional :name, :string, 1
|
@@ -147,27 +171,45 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
147
171
|
optional :ciphertext_crc32c, :message, 4, "google.protobuf.Int64Value"
|
148
172
|
optional :verified_plaintext_crc32c, :bool, 5
|
149
173
|
optional :verified_additional_authenticated_data_crc32c, :bool, 6
|
174
|
+
optional :protection_level, :enum, 7, "google.cloud.kms.v1.ProtectionLevel"
|
175
|
+
end
|
176
|
+
add_message "google.cloud.kms.v1.DecryptResponse" do
|
177
|
+
optional :plaintext, :bytes, 1
|
178
|
+
optional :plaintext_crc32c, :message, 2, "google.protobuf.Int64Value"
|
179
|
+
optional :used_primary, :bool, 3
|
180
|
+
optional :protection_level, :enum, 4, "google.cloud.kms.v1.ProtectionLevel"
|
150
181
|
end
|
151
182
|
add_message "google.cloud.kms.v1.AsymmetricSignResponse" do
|
152
183
|
optional :signature, :bytes, 1
|
153
184
|
optional :signature_crc32c, :message, 2, "google.protobuf.Int64Value"
|
154
185
|
optional :verified_digest_crc32c, :bool, 3
|
155
186
|
optional :name, :string, 4
|
187
|
+
optional :protection_level, :enum, 6, "google.cloud.kms.v1.ProtectionLevel"
|
156
188
|
end
|
157
189
|
add_message "google.cloud.kms.v1.AsymmetricDecryptResponse" do
|
158
190
|
optional :plaintext, :bytes, 1
|
159
191
|
optional :plaintext_crc32c, :message, 2, "google.protobuf.Int64Value"
|
160
192
|
optional :verified_ciphertext_crc32c, :bool, 3
|
193
|
+
optional :protection_level, :enum, 4, "google.cloud.kms.v1.ProtectionLevel"
|
161
194
|
end
|
162
|
-
add_message "google.cloud.kms.v1.
|
195
|
+
add_message "google.cloud.kms.v1.MacSignResponse" do
|
163
196
|
optional :name, :string, 1
|
164
|
-
optional :
|
197
|
+
optional :mac, :bytes, 2
|
198
|
+
optional :mac_crc32c, :message, 3, "google.protobuf.Int64Value"
|
199
|
+
optional :verified_data_crc32c, :bool, 4
|
200
|
+
optional :protection_level, :enum, 5, "google.cloud.kms.v1.ProtectionLevel"
|
165
201
|
end
|
166
|
-
add_message "google.cloud.kms.v1.
|
202
|
+
add_message "google.cloud.kms.v1.MacVerifyResponse" do
|
167
203
|
optional :name, :string, 1
|
204
|
+
optional :success, :bool, 2
|
205
|
+
optional :verified_data_crc32c, :bool, 3
|
206
|
+
optional :verified_mac_crc32c, :bool, 4
|
207
|
+
optional :verified_success_integrity, :bool, 5
|
208
|
+
optional :protection_level, :enum, 6, "google.cloud.kms.v1.ProtectionLevel"
|
168
209
|
end
|
169
|
-
add_message "google.cloud.kms.v1.
|
170
|
-
optional :
|
210
|
+
add_message "google.cloud.kms.v1.GenerateRandomBytesResponse" do
|
211
|
+
optional :data, :bytes, 1
|
212
|
+
optional :data_crc32c, :message, 3, "google.protobuf.Int64Value"
|
171
213
|
end
|
172
214
|
add_message "google.cloud.kms.v1.Digest" do
|
173
215
|
oneof :digest do
|
@@ -207,17 +249,23 @@ module Google
|
|
207
249
|
CreateImportJobRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CreateImportJobRequest").msgclass
|
208
250
|
UpdateCryptoKeyRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.UpdateCryptoKeyRequest").msgclass
|
209
251
|
UpdateCryptoKeyVersionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.UpdateCryptoKeyVersionRequest").msgclass
|
252
|
+
UpdateCryptoKeyPrimaryVersionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest").msgclass
|
253
|
+
DestroyCryptoKeyVersionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.DestroyCryptoKeyVersionRequest").msgclass
|
254
|
+
RestoreCryptoKeyVersionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.RestoreCryptoKeyVersionRequest").msgclass
|
210
255
|
EncryptRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.EncryptRequest").msgclass
|
211
256
|
DecryptRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.DecryptRequest").msgclass
|
212
257
|
AsymmetricSignRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.AsymmetricSignRequest").msgclass
|
213
258
|
AsymmetricDecryptRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.AsymmetricDecryptRequest").msgclass
|
214
|
-
|
259
|
+
MacSignRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.MacSignRequest").msgclass
|
260
|
+
MacVerifyRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.MacVerifyRequest").msgclass
|
261
|
+
GenerateRandomBytesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.GenerateRandomBytesRequest").msgclass
|
215
262
|
EncryptResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.EncryptResponse").msgclass
|
263
|
+
DecryptResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.DecryptResponse").msgclass
|
216
264
|
AsymmetricSignResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.AsymmetricSignResponse").msgclass
|
217
265
|
AsymmetricDecryptResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.AsymmetricDecryptResponse").msgclass
|
218
|
-
|
219
|
-
|
220
|
-
|
266
|
+
MacSignResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.MacSignResponse").msgclass
|
267
|
+
MacVerifyResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.MacVerifyResponse").msgclass
|
268
|
+
GenerateRandomBytesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.GenerateRandomBytesResponse").msgclass
|
221
269
|
Digest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.Digest").msgclass
|
222
270
|
LocationMetadata = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.LocationMetadata").msgclass
|
223
271
|
end
|
@@ -38,7 +38,7 @@ module Google
|
|
38
38
|
# [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc).
|
39
39
|
class Service
|
40
40
|
|
41
|
-
include GRPC::GenericService
|
41
|
+
include ::GRPC::GenericService
|
42
42
|
|
43
43
|
self.marshal_class_method = :encode
|
44
44
|
self.unmarshal_class_method = :decode
|
@@ -80,11 +80,12 @@ module Google
|
|
80
80
|
# [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
|
81
81
|
# [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
|
82
82
|
rpc :CreateCryptoKeyVersion, ::Google::Cloud::Kms::V1::CreateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
83
|
-
#
|
84
|
-
# wrapped key material provided in the request.
|
83
|
+
# Import wrapped key material into a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
|
85
84
|
#
|
86
|
-
#
|
87
|
-
#
|
85
|
+
# All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is
|
86
|
+
# additionally specified in the request, key material will be reimported into
|
87
|
+
# that version. Otherwise, a new version will be created, and will be
|
88
|
+
# assigned the next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
|
88
89
|
rpc :ImportCryptoKeyVersion, ::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
89
90
|
# Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing].
|
90
91
|
#
|
@@ -100,21 +101,6 @@ module Google
|
|
100
101
|
# method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to
|
101
102
|
# move between other states.
|
102
103
|
rpc :UpdateCryptoKeyVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
103
|
-
# Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
|
104
|
-
# The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
|
105
|
-
# [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
106
|
-
rpc :Encrypt, ::Google::Cloud::Kms::V1::EncryptRequest, ::Google::Cloud::Kms::V1::EncryptResponse
|
107
|
-
# Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
108
|
-
# must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
109
|
-
rpc :Decrypt, ::Google::Cloud::Kms::V1::DecryptRequest, ::Google::Cloud::Kms::V1::DecryptResponse
|
110
|
-
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
111
|
-
# ASYMMETRIC_SIGN, producing a signature that can be verified with the public
|
112
|
-
# key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
|
113
|
-
rpc :AsymmetricSign, ::Google::Cloud::Kms::V1::AsymmetricSignRequest, ::Google::Cloud::Kms::V1::AsymmetricSignResponse
|
114
|
-
# Decrypts data that was encrypted with a public key retrieved from
|
115
|
-
# [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
|
116
|
-
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
|
117
|
-
rpc :AsymmetricDecrypt, ::Google::Cloud::Kms::V1::AsymmetricDecryptRequest, ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse
|
118
104
|
# Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
|
119
105
|
#
|
120
106
|
# Returns an error if called on a key whose purpose is not
|
@@ -123,10 +109,11 @@ module Google
|
|
123
109
|
# Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
|
124
110
|
#
|
125
111
|
# Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
|
126
|
-
# [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
|
127
|
-
# and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to
|
128
|
-
#
|
129
|
-
#
|
112
|
+
# [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
|
113
|
+
# and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time
|
114
|
+
# [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the
|
115
|
+
# future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will
|
116
|
+
# automatically change to
|
130
117
|
# [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key
|
131
118
|
# material will be irrevocably destroyed.
|
132
119
|
#
|
@@ -141,6 +128,32 @@ module Google
|
|
141
128
|
# will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
|
142
129
|
# and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared.
|
143
130
|
rpc :RestoreCryptoKeyVersion, ::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
131
|
+
# Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
|
132
|
+
# The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
|
133
|
+
# [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
134
|
+
rpc :Encrypt, ::Google::Cloud::Kms::V1::EncryptRequest, ::Google::Cloud::Kms::V1::EncryptResponse
|
135
|
+
# Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
136
|
+
# must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
137
|
+
rpc :Decrypt, ::Google::Cloud::Kms::V1::DecryptRequest, ::Google::Cloud::Kms::V1::DecryptResponse
|
138
|
+
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
139
|
+
# ASYMMETRIC_SIGN, producing a signature that can be verified with the public
|
140
|
+
# key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
|
141
|
+
rpc :AsymmetricSign, ::Google::Cloud::Kms::V1::AsymmetricSignRequest, ::Google::Cloud::Kms::V1::AsymmetricSignResponse
|
142
|
+
# Decrypts data that was encrypted with a public key retrieved from
|
143
|
+
# [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
|
144
|
+
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
|
145
|
+
rpc :AsymmetricDecrypt, ::Google::Cloud::Kms::V1::AsymmetricDecryptRequest, ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse
|
146
|
+
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
147
|
+
# MAC, producing a tag that can be verified by another source with the
|
148
|
+
# same key.
|
149
|
+
rpc :MacSign, ::Google::Cloud::Kms::V1::MacSignRequest, ::Google::Cloud::Kms::V1::MacSignResponse
|
150
|
+
# Verifies MAC tag using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
151
|
+
# MAC, and returns a response that indicates whether or not the verification
|
152
|
+
# was successful.
|
153
|
+
rpc :MacVerify, ::Google::Cloud::Kms::V1::MacVerifyRequest, ::Google::Cloud::Kms::V1::MacVerifyResponse
|
154
|
+
# Generate random bytes using the Cloud KMS randomness source in the provided
|
155
|
+
# location.
|
156
|
+
rpc :GenerateRandomBytes, ::Google::Cloud::Kms::V1::GenerateRandomBytesRequest, ::Google::Cloud::Kms::V1::GenerateRandomBytesResponse
|
144
157
|
end
|
145
158
|
|
146
159
|
Stub = Service.rpc_stub_class
|
@@ -97,6 +97,16 @@ module Google
|
|
97
97
|
# @return [::Google::Protobuf::Map{::String => ::String}]
|
98
98
|
# Labels with user-defined metadata. For more information, see
|
99
99
|
# [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys).
|
100
|
+
# @!attribute [rw] import_only
|
101
|
+
# @return [::Boolean]
|
102
|
+
# Immutable. Whether this key may contain imported versions only.
|
103
|
+
# @!attribute [rw] destroy_scheduled_duration
|
104
|
+
# @return [::Google::Protobuf::Duration]
|
105
|
+
# Immutable. The period of time that versions of this key spend in the
|
106
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED}
|
107
|
+
# state before transitioning to
|
108
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED}. If not
|
109
|
+
# specified at creation time, the default duration is 24 hours.
|
100
110
|
class CryptoKey
|
101
111
|
include ::Google::Protobuf::MessageExts
|
102
112
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -132,6 +142,10 @@ module Google
|
|
132
142
|
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_decrypt AsymmetricDecrypt} and
|
133
143
|
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
|
134
144
|
ASYMMETRIC_DECRYPT = 6
|
145
|
+
|
146
|
+
# {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used with
|
147
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign MacSign}.
|
148
|
+
MAC = 9
|
135
149
|
end
|
136
150
|
end
|
137
151
|
|
@@ -235,16 +249,16 @@ module Google
|
|
235
249
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED}.
|
236
250
|
# @!attribute [r] import_job
|
237
251
|
# @return [::String]
|
238
|
-
# Output only. The name of the {::Google::Cloud::Kms::V1::ImportJob ImportJob} used
|
252
|
+
# Output only. The name of the {::Google::Cloud::Kms::V1::ImportJob ImportJob} used in the most recent import of this
|
239
253
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. Only present if the underlying key material was
|
240
254
|
# imported.
|
241
255
|
# @!attribute [r] import_time
|
242
256
|
# @return [::Google::Protobuf::Timestamp]
|
243
257
|
# Output only. The time at which this {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s key material
|
244
|
-
# was imported.
|
258
|
+
# was most recently imported.
|
245
259
|
# @!attribute [r] import_failure_reason
|
246
260
|
# @return [::String]
|
247
|
-
# Output only. The root cause of
|
261
|
+
# Output only. The root cause of the most recent import failure. Only present if
|
248
262
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state} is
|
249
263
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::IMPORT_FAILED IMPORT_FAILED}.
|
250
264
|
# @!attribute [rw] external_protection_level_options
|
@@ -252,6 +266,11 @@ module Google
|
|
252
266
|
# ExternalProtectionLevelOptions stores a group of additional fields for
|
253
267
|
# configuring a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} that are specific to the
|
254
268
|
# {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL EXTERNAL} protection level.
|
269
|
+
# @!attribute [r] reimport_eligible
|
270
|
+
# @return [::Boolean]
|
271
|
+
# Output only. Whether or not this key version is eligible for reimport, by being
|
272
|
+
# specified as a target in
|
273
|
+
# {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#crypto_key_version ImportCryptoKeyVersionRequest.crypto_key_version}.
|
255
274
|
class CryptoKeyVersion
|
256
275
|
include ::Google::Protobuf::MessageExts
|
257
276
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
@@ -288,6 +307,12 @@ module Google
|
|
288
307
|
# The fields in the name after "EC_SIGN_" correspond to the following
|
289
308
|
# parameters: elliptic curve, digest algorithm.
|
290
309
|
#
|
310
|
+
# Algorithms beginning with "HMAC_" are usable with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose}
|
311
|
+
# {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::MAC MAC}.
|
312
|
+
#
|
313
|
+
# The suffix following "HMAC_" corresponds to the hash algorithm being used
|
314
|
+
# (eg. SHA256).
|
315
|
+
#
|
291
316
|
# For more information, see [Key purposes and algorithms]
|
292
317
|
# (https://cloud.google.com/kms/docs/algorithms).
|
293
318
|
module CryptoKeyVersionAlgorithm
|
@@ -333,6 +358,15 @@ module Google
|
|
333
358
|
# RSAES-OAEP 4096 bit key with a SHA512 digest.
|
334
359
|
RSA_DECRYPT_OAEP_4096_SHA512 = 17
|
335
360
|
|
361
|
+
# RSAES-OAEP 2048 bit key with a SHA1 digest.
|
362
|
+
RSA_DECRYPT_OAEP_2048_SHA1 = 37
|
363
|
+
|
364
|
+
# RSAES-OAEP 3072 bit key with a SHA1 digest.
|
365
|
+
RSA_DECRYPT_OAEP_3072_SHA1 = 38
|
366
|
+
|
367
|
+
# RSAES-OAEP 4096 bit key with a SHA1 digest.
|
368
|
+
RSA_DECRYPT_OAEP_4096_SHA1 = 39
|
369
|
+
|
336
370
|
# ECDSA on the NIST P-256 curve with a SHA256 digest.
|
337
371
|
EC_SIGN_P256_SHA256 = 12
|
338
372
|
|
@@ -343,6 +377,9 @@ module Google
|
|
343
377
|
# HSM protection level.
|
344
378
|
EC_SIGN_SECP256K1_SHA256 = 31
|
345
379
|
|
380
|
+
# HMAC-SHA256 signing with a 256 bit key.
|
381
|
+
HMAC_SHA256 = 32
|
382
|
+
|
346
383
|
# Algorithm representing symmetric encryption by an external key manager.
|
347
384
|
EXTERNAL_SYMMETRIC_ENCRYPTION = 18
|
348
385
|
end
|
@@ -365,7 +402,10 @@ module Google
|
|
365
402
|
DISABLED = 2
|
366
403
|
|
367
404
|
# This version is destroyed, and the key material is no longer stored.
|
368
|
-
#
|
405
|
+
# This version may only become {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED} again if this version is
|
406
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion#reimport_eligible reimport_eligible} and the original
|
407
|
+
# key material is reimported with a call to
|
408
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#import_crypto_key_version KeyManagementService.ImportCryptoKeyVersion}.
|
369
409
|
DESTROYED = 3
|
370
410
|
|
371
411
|
# This version is scheduled for destruction, and will be destroyed soon.
|
@@ -435,6 +475,9 @@ module Google
|
|
435
475
|
# Provided here for verification.
|
436
476
|
#
|
437
477
|
# NOTE: This field is in Beta.
|
478
|
+
# @!attribute [rw] protection_level
|
479
|
+
# @return [::Google::Cloud::Kms::V1::ProtectionLevel]
|
480
|
+
# The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} public key.
|
438
481
|
class PublicKey
|
439
482
|
include ::Google::Protobuf::MessageExts
|
440
483
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|