google-cloud-kms-v1 0.6.1 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,14 +1,14 @@
1
1
  # Generated by the protocol buffer compiler. DO NOT EDIT!
2
2
  # source: google/cloud/kms/v1/resources.proto
3
3
 
4
- require 'google/protobuf'
5
-
6
4
  require 'google/api/field_behavior_pb'
7
5
  require 'google/api/resource_pb'
8
6
  require 'google/protobuf/duration_pb'
9
7
  require 'google/protobuf/timestamp_pb'
10
8
  require 'google/protobuf/wrappers_pb'
11
9
  require 'google/api/annotations_pb'
10
+ require 'google/protobuf'
11
+
12
12
  Google::Protobuf::DescriptorPool.generated_pool.build do
13
13
  add_file("google/cloud/kms/v1/resources.proto", :syntax => :proto3) do
14
14
  add_message "google.cloud.kms.v1.KeyRing" do
@@ -23,6 +23,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
23
23
  optional :next_rotation_time, :message, 7, "google.protobuf.Timestamp"
24
24
  optional :version_template, :message, 11, "google.cloud.kms.v1.CryptoKeyVersionTemplate"
25
25
  map :labels, :string, :string, 10
26
+ optional :import_only, :bool, 13
27
+ optional :destroy_scheduled_duration, :message, 14, "google.protobuf.Duration"
26
28
  oneof :rotation_schedule do
27
29
  optional :rotation_period, :message, 8, "google.protobuf.Duration"
28
30
  end
@@ -32,6 +34,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
32
34
  value :ENCRYPT_DECRYPT, 1
33
35
  value :ASYMMETRIC_SIGN, 5
34
36
  value :ASYMMETRIC_DECRYPT, 6
37
+ value :MAC, 9
35
38
  end
36
39
  add_message "google.cloud.kms.v1.CryptoKeyVersionTemplate" do
37
40
  optional :protection_level, :enum, 1, "google.cloud.kms.v1.ProtectionLevel"
@@ -60,6 +63,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
60
63
  optional :import_time, :message, 15, "google.protobuf.Timestamp"
61
64
  optional :import_failure_reason, :string, 16
62
65
  optional :external_protection_level_options, :message, 17, "google.cloud.kms.v1.ExternalProtectionLevelOptions"
66
+ optional :reimport_eligible, :bool, 18
63
67
  end
64
68
  add_enum "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm" do
65
69
  value :CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED, 0
@@ -76,9 +80,13 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
76
80
  value :RSA_DECRYPT_OAEP_3072_SHA256, 9
77
81
  value :RSA_DECRYPT_OAEP_4096_SHA256, 10
78
82
  value :RSA_DECRYPT_OAEP_4096_SHA512, 17
83
+ value :RSA_DECRYPT_OAEP_2048_SHA1, 37
84
+ value :RSA_DECRYPT_OAEP_3072_SHA1, 38
85
+ value :RSA_DECRYPT_OAEP_4096_SHA1, 39
79
86
  value :EC_SIGN_P256_SHA256, 12
80
87
  value :EC_SIGN_P384_SHA384, 13
81
88
  value :EC_SIGN_SECP256K1_SHA256, 31
89
+ value :HMAC_SHA256, 32
82
90
  value :EXTERNAL_SYMMETRIC_ENCRYPTION, 18
83
91
  end
84
92
  add_enum "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState" do
@@ -100,6 +108,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
100
108
  optional :algorithm, :enum, 2, "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm"
101
109
  optional :pem_crc32c, :message, 3, "google.protobuf.Int64Value"
102
110
  optional :name, :string, 4
111
+ optional :protection_level, :enum, 5, "google.cloud.kms.v1.ProtectionLevel"
103
112
  end
104
113
  add_message "google.cloud.kms.v1.ImportJob" do
105
114
  optional :name, :string, 1
@@ -1,8 +1,6 @@
1
1
  # Generated by the protocol buffer compiler. DO NOT EDIT!
2
2
  # source: google/cloud/kms/v1/service.proto
3
3
 
4
- require 'google/protobuf'
5
-
6
4
  require 'google/api/annotations_pb'
7
5
  require 'google/api/client_pb'
8
6
  require 'google/api/field_behavior_pb'
@@ -10,6 +8,8 @@ require 'google/api/resource_pb'
10
8
  require 'google/cloud/kms/v1/resources_pb'
11
9
  require 'google/protobuf/field_mask_pb'
12
10
  require 'google/protobuf/wrappers_pb'
11
+ require 'google/protobuf'
12
+
13
13
  Google::Protobuf::DescriptorPool.generated_pool.build do
14
14
  add_file("google/cloud/kms/v1/service.proto", :syntax => :proto3) do
15
15
  add_message "google.cloud.kms.v1.ListKeyRingsRequest" do
@@ -94,6 +94,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
94
94
  end
95
95
  add_message "google.cloud.kms.v1.ImportCryptoKeyVersionRequest" do
96
96
  optional :parent, :string, 1
97
+ optional :crypto_key_version, :string, 6
97
98
  optional :algorithm, :enum, 2, "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm"
98
99
  optional :import_job, :string, 4
99
100
  oneof :wrapped_key_material do
@@ -113,6 +114,16 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
113
114
  optional :crypto_key_version, :message, 1, "google.cloud.kms.v1.CryptoKeyVersion"
114
115
  optional :update_mask, :message, 2, "google.protobuf.FieldMask"
115
116
  end
117
+ add_message "google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest" do
118
+ optional :name, :string, 1
119
+ optional :crypto_key_version_id, :string, 2
120
+ end
121
+ add_message "google.cloud.kms.v1.DestroyCryptoKeyVersionRequest" do
122
+ optional :name, :string, 1
123
+ end
124
+ add_message "google.cloud.kms.v1.RestoreCryptoKeyVersionRequest" do
125
+ optional :name, :string, 1
126
+ end
116
127
  add_message "google.cloud.kms.v1.EncryptRequest" do
117
128
  optional :name, :string, 1
118
129
  optional :plaintext, :bytes, 2
@@ -137,9 +148,22 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
137
148
  optional :ciphertext, :bytes, 3
138
149
  optional :ciphertext_crc32c, :message, 4, "google.protobuf.Int64Value"
139
150
  end
140
- add_message "google.cloud.kms.v1.DecryptResponse" do
141
- optional :plaintext, :bytes, 1
142
- optional :plaintext_crc32c, :message, 2, "google.protobuf.Int64Value"
151
+ add_message "google.cloud.kms.v1.MacSignRequest" do
152
+ optional :name, :string, 1
153
+ optional :data, :bytes, 2
154
+ optional :data_crc32c, :message, 3, "google.protobuf.Int64Value"
155
+ end
156
+ add_message "google.cloud.kms.v1.MacVerifyRequest" do
157
+ optional :name, :string, 1
158
+ optional :data, :bytes, 2
159
+ optional :data_crc32c, :message, 3, "google.protobuf.Int64Value"
160
+ optional :mac, :bytes, 4
161
+ optional :mac_crc32c, :message, 5, "google.protobuf.Int64Value"
162
+ end
163
+ add_message "google.cloud.kms.v1.GenerateRandomBytesRequest" do
164
+ optional :location, :string, 1
165
+ optional :length_bytes, :int32, 2
166
+ optional :protection_level, :enum, 3, "google.cloud.kms.v1.ProtectionLevel"
143
167
  end
144
168
  add_message "google.cloud.kms.v1.EncryptResponse" do
145
169
  optional :name, :string, 1
@@ -147,27 +171,45 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
147
171
  optional :ciphertext_crc32c, :message, 4, "google.protobuf.Int64Value"
148
172
  optional :verified_plaintext_crc32c, :bool, 5
149
173
  optional :verified_additional_authenticated_data_crc32c, :bool, 6
174
+ optional :protection_level, :enum, 7, "google.cloud.kms.v1.ProtectionLevel"
175
+ end
176
+ add_message "google.cloud.kms.v1.DecryptResponse" do
177
+ optional :plaintext, :bytes, 1
178
+ optional :plaintext_crc32c, :message, 2, "google.protobuf.Int64Value"
179
+ optional :used_primary, :bool, 3
180
+ optional :protection_level, :enum, 4, "google.cloud.kms.v1.ProtectionLevel"
150
181
  end
151
182
  add_message "google.cloud.kms.v1.AsymmetricSignResponse" do
152
183
  optional :signature, :bytes, 1
153
184
  optional :signature_crc32c, :message, 2, "google.protobuf.Int64Value"
154
185
  optional :verified_digest_crc32c, :bool, 3
155
186
  optional :name, :string, 4
187
+ optional :protection_level, :enum, 6, "google.cloud.kms.v1.ProtectionLevel"
156
188
  end
157
189
  add_message "google.cloud.kms.v1.AsymmetricDecryptResponse" do
158
190
  optional :plaintext, :bytes, 1
159
191
  optional :plaintext_crc32c, :message, 2, "google.protobuf.Int64Value"
160
192
  optional :verified_ciphertext_crc32c, :bool, 3
193
+ optional :protection_level, :enum, 4, "google.cloud.kms.v1.ProtectionLevel"
161
194
  end
162
- add_message "google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest" do
195
+ add_message "google.cloud.kms.v1.MacSignResponse" do
163
196
  optional :name, :string, 1
164
- optional :crypto_key_version_id, :string, 2
197
+ optional :mac, :bytes, 2
198
+ optional :mac_crc32c, :message, 3, "google.protobuf.Int64Value"
199
+ optional :verified_data_crc32c, :bool, 4
200
+ optional :protection_level, :enum, 5, "google.cloud.kms.v1.ProtectionLevel"
165
201
  end
166
- add_message "google.cloud.kms.v1.DestroyCryptoKeyVersionRequest" do
202
+ add_message "google.cloud.kms.v1.MacVerifyResponse" do
167
203
  optional :name, :string, 1
204
+ optional :success, :bool, 2
205
+ optional :verified_data_crc32c, :bool, 3
206
+ optional :verified_mac_crc32c, :bool, 4
207
+ optional :verified_success_integrity, :bool, 5
208
+ optional :protection_level, :enum, 6, "google.cloud.kms.v1.ProtectionLevel"
168
209
  end
169
- add_message "google.cloud.kms.v1.RestoreCryptoKeyVersionRequest" do
170
- optional :name, :string, 1
210
+ add_message "google.cloud.kms.v1.GenerateRandomBytesResponse" do
211
+ optional :data, :bytes, 1
212
+ optional :data_crc32c, :message, 3, "google.protobuf.Int64Value"
171
213
  end
172
214
  add_message "google.cloud.kms.v1.Digest" do
173
215
  oneof :digest do
@@ -207,17 +249,23 @@ module Google
207
249
  CreateImportJobRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CreateImportJobRequest").msgclass
208
250
  UpdateCryptoKeyRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.UpdateCryptoKeyRequest").msgclass
209
251
  UpdateCryptoKeyVersionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.UpdateCryptoKeyVersionRequest").msgclass
252
+ UpdateCryptoKeyPrimaryVersionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest").msgclass
253
+ DestroyCryptoKeyVersionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.DestroyCryptoKeyVersionRequest").msgclass
254
+ RestoreCryptoKeyVersionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.RestoreCryptoKeyVersionRequest").msgclass
210
255
  EncryptRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.EncryptRequest").msgclass
211
256
  DecryptRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.DecryptRequest").msgclass
212
257
  AsymmetricSignRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.AsymmetricSignRequest").msgclass
213
258
  AsymmetricDecryptRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.AsymmetricDecryptRequest").msgclass
214
- DecryptResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.DecryptResponse").msgclass
259
+ MacSignRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.MacSignRequest").msgclass
260
+ MacVerifyRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.MacVerifyRequest").msgclass
261
+ GenerateRandomBytesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.GenerateRandomBytesRequest").msgclass
215
262
  EncryptResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.EncryptResponse").msgclass
263
+ DecryptResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.DecryptResponse").msgclass
216
264
  AsymmetricSignResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.AsymmetricSignResponse").msgclass
217
265
  AsymmetricDecryptResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.AsymmetricDecryptResponse").msgclass
218
- UpdateCryptoKeyPrimaryVersionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest").msgclass
219
- DestroyCryptoKeyVersionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.DestroyCryptoKeyVersionRequest").msgclass
220
- RestoreCryptoKeyVersionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.RestoreCryptoKeyVersionRequest").msgclass
266
+ MacSignResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.MacSignResponse").msgclass
267
+ MacVerifyResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.MacVerifyResponse").msgclass
268
+ GenerateRandomBytesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.GenerateRandomBytesResponse").msgclass
221
269
  Digest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.Digest").msgclass
222
270
  LocationMetadata = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.LocationMetadata").msgclass
223
271
  end
@@ -38,7 +38,7 @@ module Google
38
38
  # [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc).
39
39
  class Service
40
40
 
41
- include GRPC::GenericService
41
+ include ::GRPC::GenericService
42
42
 
43
43
  self.marshal_class_method = :encode
44
44
  self.unmarshal_class_method = :decode
@@ -80,11 +80,12 @@ module Google
80
80
  # [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
81
81
  # [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
82
82
  rpc :CreateCryptoKeyVersion, ::Google::Cloud::Kms::V1::CreateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
83
- # Imports a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the
84
- # wrapped key material provided in the request.
83
+ # Import wrapped key material into a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
85
84
  #
86
- # The version ID will be assigned the next sequential id within the
87
- # [CryptoKey][google.cloud.kms.v1.CryptoKey].
85
+ # All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is
86
+ # additionally specified in the request, key material will be reimported into
87
+ # that version. Otherwise, a new version will be created, and will be
88
+ # assigned the next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
88
89
  rpc :ImportCryptoKeyVersion, ::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
89
90
  # Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing].
90
91
  #
@@ -100,21 +101,6 @@ module Google
100
101
  # method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to
101
102
  # move between other states.
102
103
  rpc :UpdateCryptoKeyVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
103
- # Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
104
- # The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
105
- # [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
106
- rpc :Encrypt, ::Google::Cloud::Kms::V1::EncryptRequest, ::Google::Cloud::Kms::V1::EncryptResponse
107
- # Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
108
- # must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
109
- rpc :Decrypt, ::Google::Cloud::Kms::V1::DecryptRequest, ::Google::Cloud::Kms::V1::DecryptResponse
110
- # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
111
- # ASYMMETRIC_SIGN, producing a signature that can be verified with the public
112
- # key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
113
- rpc :AsymmetricSign, ::Google::Cloud::Kms::V1::AsymmetricSignRequest, ::Google::Cloud::Kms::V1::AsymmetricSignResponse
114
- # Decrypts data that was encrypted with a public key retrieved from
115
- # [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
116
- # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
117
- rpc :AsymmetricDecrypt, ::Google::Cloud::Kms::V1::AsymmetricDecryptRequest, ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse
118
104
  # Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
119
105
  #
120
106
  # Returns an error if called on a key whose purpose is not
@@ -123,10 +109,11 @@ module Google
123
109
  # Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
124
110
  #
125
111
  # Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
126
- # [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
127
- # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to a time 24
128
- # hours in the future, at which point the [state][google.cloud.kms.v1.CryptoKeyVersion.state]
129
- # will be changed to
112
+ # [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
113
+ # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time
114
+ # [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the
115
+ # future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will
116
+ # automatically change to
130
117
  # [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key
131
118
  # material will be irrevocably destroyed.
132
119
  #
@@ -141,6 +128,32 @@ module Google
141
128
  # will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
142
129
  # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared.
143
130
  rpc :RestoreCryptoKeyVersion, ::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
131
+ # Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
132
+ # The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
133
+ # [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
134
+ rpc :Encrypt, ::Google::Cloud::Kms::V1::EncryptRequest, ::Google::Cloud::Kms::V1::EncryptResponse
135
+ # Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
136
+ # must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
137
+ rpc :Decrypt, ::Google::Cloud::Kms::V1::DecryptRequest, ::Google::Cloud::Kms::V1::DecryptResponse
138
+ # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
139
+ # ASYMMETRIC_SIGN, producing a signature that can be verified with the public
140
+ # key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
141
+ rpc :AsymmetricSign, ::Google::Cloud::Kms::V1::AsymmetricSignRequest, ::Google::Cloud::Kms::V1::AsymmetricSignResponse
142
+ # Decrypts data that was encrypted with a public key retrieved from
143
+ # [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
144
+ # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
145
+ rpc :AsymmetricDecrypt, ::Google::Cloud::Kms::V1::AsymmetricDecryptRequest, ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse
146
+ # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
147
+ # MAC, producing a tag that can be verified by another source with the
148
+ # same key.
149
+ rpc :MacSign, ::Google::Cloud::Kms::V1::MacSignRequest, ::Google::Cloud::Kms::V1::MacSignResponse
150
+ # Verifies MAC tag using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
151
+ # MAC, and returns a response that indicates whether or not the verification
152
+ # was successful.
153
+ rpc :MacVerify, ::Google::Cloud::Kms::V1::MacVerifyRequest, ::Google::Cloud::Kms::V1::MacVerifyResponse
154
+ # Generate random bytes using the Cloud KMS randomness source in the provided
155
+ # location.
156
+ rpc :GenerateRandomBytes, ::Google::Cloud::Kms::V1::GenerateRandomBytesRequest, ::Google::Cloud::Kms::V1::GenerateRandomBytesResponse
144
157
  end
145
158
 
146
159
  Stub = Service.rpc_stub_class
@@ -21,7 +21,7 @@ module Google
21
21
  module Cloud
22
22
  module Kms
23
23
  module V1
24
- VERSION = "0.6.1"
24
+ VERSION = "0.9.0"
25
25
  end
26
26
  end
27
27
  end
@@ -97,6 +97,16 @@ module Google
97
97
  # @return [::Google::Protobuf::Map{::String => ::String}]
98
98
  # Labels with user-defined metadata. For more information, see
99
99
  # [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys).
100
+ # @!attribute [rw] import_only
101
+ # @return [::Boolean]
102
+ # Immutable. Whether this key may contain imported versions only.
103
+ # @!attribute [rw] destroy_scheduled_duration
104
+ # @return [::Google::Protobuf::Duration]
105
+ # Immutable. The period of time that versions of this key spend in the
106
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED}
107
+ # state before transitioning to
108
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED}. If not
109
+ # specified at creation time, the default duration is 24 hours.
100
110
  class CryptoKey
101
111
  include ::Google::Protobuf::MessageExts
102
112
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -132,6 +142,10 @@ module Google
132
142
  # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_decrypt AsymmetricDecrypt} and
133
143
  # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
134
144
  ASYMMETRIC_DECRYPT = 6
145
+
146
+ # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used with
147
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign MacSign}.
148
+ MAC = 9
135
149
  end
136
150
  end
137
151
 
@@ -235,16 +249,16 @@ module Google
235
249
  # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED}.
236
250
  # @!attribute [r] import_job
237
251
  # @return [::String]
238
- # Output only. The name of the {::Google::Cloud::Kms::V1::ImportJob ImportJob} used to import this
252
+ # Output only. The name of the {::Google::Cloud::Kms::V1::ImportJob ImportJob} used in the most recent import of this
239
253
  # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. Only present if the underlying key material was
240
254
  # imported.
241
255
  # @!attribute [r] import_time
242
256
  # @return [::Google::Protobuf::Timestamp]
243
257
  # Output only. The time at which this {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s key material
244
- # was imported.
258
+ # was most recently imported.
245
259
  # @!attribute [r] import_failure_reason
246
260
  # @return [::String]
247
- # Output only. The root cause of an import failure. Only present if
261
+ # Output only. The root cause of the most recent import failure. Only present if
248
262
  # {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state} is
249
263
  # {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::IMPORT_FAILED IMPORT_FAILED}.
250
264
  # @!attribute [rw] external_protection_level_options
@@ -252,6 +266,11 @@ module Google
252
266
  # ExternalProtectionLevelOptions stores a group of additional fields for
253
267
  # configuring a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} that are specific to the
254
268
  # {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL EXTERNAL} protection level.
269
+ # @!attribute [r] reimport_eligible
270
+ # @return [::Boolean]
271
+ # Output only. Whether or not this key version is eligible for reimport, by being
272
+ # specified as a target in
273
+ # {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#crypto_key_version ImportCryptoKeyVersionRequest.crypto_key_version}.
255
274
  class CryptoKeyVersion
256
275
  include ::Google::Protobuf::MessageExts
257
276
  extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -288,6 +307,12 @@ module Google
288
307
  # The fields in the name after "EC_SIGN_" correspond to the following
289
308
  # parameters: elliptic curve, digest algorithm.
290
309
  #
310
+ # Algorithms beginning with "HMAC_" are usable with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose}
311
+ # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::MAC MAC}.
312
+ #
313
+ # The suffix following "HMAC_" corresponds to the hash algorithm being used
314
+ # (eg. SHA256).
315
+ #
291
316
  # For more information, see [Key purposes and algorithms]
292
317
  # (https://cloud.google.com/kms/docs/algorithms).
293
318
  module CryptoKeyVersionAlgorithm
@@ -333,6 +358,15 @@ module Google
333
358
  # RSAES-OAEP 4096 bit key with a SHA512 digest.
334
359
  RSA_DECRYPT_OAEP_4096_SHA512 = 17
335
360
 
361
+ # RSAES-OAEP 2048 bit key with a SHA1 digest.
362
+ RSA_DECRYPT_OAEP_2048_SHA1 = 37
363
+
364
+ # RSAES-OAEP 3072 bit key with a SHA1 digest.
365
+ RSA_DECRYPT_OAEP_3072_SHA1 = 38
366
+
367
+ # RSAES-OAEP 4096 bit key with a SHA1 digest.
368
+ RSA_DECRYPT_OAEP_4096_SHA1 = 39
369
+
336
370
  # ECDSA on the NIST P-256 curve with a SHA256 digest.
337
371
  EC_SIGN_P256_SHA256 = 12
338
372
 
@@ -343,6 +377,9 @@ module Google
343
377
  # HSM protection level.
344
378
  EC_SIGN_SECP256K1_SHA256 = 31
345
379
 
380
+ # HMAC-SHA256 signing with a 256 bit key.
381
+ HMAC_SHA256 = 32
382
+
346
383
  # Algorithm representing symmetric encryption by an external key manager.
347
384
  EXTERNAL_SYMMETRIC_ENCRYPTION = 18
348
385
  end
@@ -365,7 +402,10 @@ module Google
365
402
  DISABLED = 2
366
403
 
367
404
  # This version is destroyed, and the key material is no longer stored.
368
- # A version may not leave this state once entered.
405
+ # This version may only become {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED} again if this version is
406
+ # {::Google::Cloud::Kms::V1::CryptoKeyVersion#reimport_eligible reimport_eligible} and the original
407
+ # key material is reimported with a call to
408
+ # {::Google::Cloud::Kms::V1::KeyManagementService::Client#import_crypto_key_version KeyManagementService.ImportCryptoKeyVersion}.
369
409
  DESTROYED = 3
370
410
 
371
411
  # This version is scheduled for destruction, and will be destroyed soon.
@@ -435,6 +475,9 @@ module Google
435
475
  # Provided here for verification.
436
476
  #
437
477
  # NOTE: This field is in Beta.
478
+ # @!attribute [rw] protection_level
479
+ # @return [::Google::Cloud::Kms::V1::ProtectionLevel]
480
+ # The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} public key.
438
481
  class PublicKey
439
482
  include ::Google::Protobuf::MessageExts
440
483
  extend ::Google::Protobuf::MessageExts::ClassMethods