google-cloud-kms-v1 0.6.2 → 0.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/google/cloud/kms/v1/iam_policy/client.rb +38 -39
- data/lib/google/cloud/kms/v1/key_management_service/client.rb +535 -168
- data/lib/google/cloud/kms/v1/resources_pb.rb +14 -2
- data/lib/google/cloud/kms/v1/service_pb.rb +65 -14
- data/lib/google/cloud/kms/v1/service_services_pb.rb +37 -24
- data/lib/google/cloud/kms/v1/version.rb +1 -1
- data/proto_docs/google/cloud/kms/v1/resources.rb +56 -4
- data/proto_docs/google/cloud/kms/v1/service.rb +290 -59
- metadata +4 -4
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
|
2
2
|
# source: google/cloud/kms/v1/resources.proto
|
|
3
3
|
|
|
4
|
-
require 'google/protobuf'
|
|
5
|
-
|
|
6
4
|
require 'google/api/field_behavior_pb'
|
|
7
5
|
require 'google/api/resource_pb'
|
|
8
6
|
require 'google/protobuf/duration_pb'
|
|
9
7
|
require 'google/protobuf/timestamp_pb'
|
|
10
8
|
require 'google/protobuf/wrappers_pb'
|
|
11
9
|
require 'google/api/annotations_pb'
|
|
10
|
+
require 'google/protobuf'
|
|
11
|
+
|
|
12
12
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
13
13
|
add_file("google/cloud/kms/v1/resources.proto", :syntax => :proto3) do
|
|
14
14
|
add_message "google.cloud.kms.v1.KeyRing" do
|
|
@@ -23,6 +23,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
23
23
|
optional :next_rotation_time, :message, 7, "google.protobuf.Timestamp"
|
|
24
24
|
optional :version_template, :message, 11, "google.cloud.kms.v1.CryptoKeyVersionTemplate"
|
|
25
25
|
map :labels, :string, :string, 10
|
|
26
|
+
optional :import_only, :bool, 13
|
|
27
|
+
optional :destroy_scheduled_duration, :message, 14, "google.protobuf.Duration"
|
|
26
28
|
oneof :rotation_schedule do
|
|
27
29
|
optional :rotation_period, :message, 8, "google.protobuf.Duration"
|
|
28
30
|
end
|
|
@@ -32,6 +34,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
32
34
|
value :ENCRYPT_DECRYPT, 1
|
|
33
35
|
value :ASYMMETRIC_SIGN, 5
|
|
34
36
|
value :ASYMMETRIC_DECRYPT, 6
|
|
37
|
+
value :MAC, 9
|
|
35
38
|
end
|
|
36
39
|
add_message "google.cloud.kms.v1.CryptoKeyVersionTemplate" do
|
|
37
40
|
optional :protection_level, :enum, 1, "google.cloud.kms.v1.ProtectionLevel"
|
|
@@ -60,6 +63,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
60
63
|
optional :import_time, :message, 15, "google.protobuf.Timestamp"
|
|
61
64
|
optional :import_failure_reason, :string, 16
|
|
62
65
|
optional :external_protection_level_options, :message, 17, "google.cloud.kms.v1.ExternalProtectionLevelOptions"
|
|
66
|
+
optional :reimport_eligible, :bool, 18
|
|
63
67
|
end
|
|
64
68
|
add_enum "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm" do
|
|
65
69
|
value :CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED, 0
|
|
@@ -72,13 +76,20 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
72
76
|
value :RSA_SIGN_PKCS1_3072_SHA256, 6
|
|
73
77
|
value :RSA_SIGN_PKCS1_4096_SHA256, 7
|
|
74
78
|
value :RSA_SIGN_PKCS1_4096_SHA512, 16
|
|
79
|
+
value :RSA_SIGN_RAW_PKCS1_2048, 28
|
|
80
|
+
value :RSA_SIGN_RAW_PKCS1_3072, 29
|
|
81
|
+
value :RSA_SIGN_RAW_PKCS1_4096, 30
|
|
75
82
|
value :RSA_DECRYPT_OAEP_2048_SHA256, 8
|
|
76
83
|
value :RSA_DECRYPT_OAEP_3072_SHA256, 9
|
|
77
84
|
value :RSA_DECRYPT_OAEP_4096_SHA256, 10
|
|
78
85
|
value :RSA_DECRYPT_OAEP_4096_SHA512, 17
|
|
86
|
+
value :RSA_DECRYPT_OAEP_2048_SHA1, 37
|
|
87
|
+
value :RSA_DECRYPT_OAEP_3072_SHA1, 38
|
|
88
|
+
value :RSA_DECRYPT_OAEP_4096_SHA1, 39
|
|
79
89
|
value :EC_SIGN_P256_SHA256, 12
|
|
80
90
|
value :EC_SIGN_P384_SHA384, 13
|
|
81
91
|
value :EC_SIGN_SECP256K1_SHA256, 31
|
|
92
|
+
value :HMAC_SHA256, 32
|
|
82
93
|
value :EXTERNAL_SYMMETRIC_ENCRYPTION, 18
|
|
83
94
|
end
|
|
84
95
|
add_enum "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState" do
|
|
@@ -100,6 +111,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
100
111
|
optional :algorithm, :enum, 2, "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm"
|
|
101
112
|
optional :pem_crc32c, :message, 3, "google.protobuf.Int64Value"
|
|
102
113
|
optional :name, :string, 4
|
|
114
|
+
optional :protection_level, :enum, 5, "google.cloud.kms.v1.ProtectionLevel"
|
|
103
115
|
end
|
|
104
116
|
add_message "google.cloud.kms.v1.ImportJob" do
|
|
105
117
|
optional :name, :string, 1
|
|
@@ -1,8 +1,6 @@
|
|
|
1
1
|
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
|
2
2
|
# source: google/cloud/kms/v1/service.proto
|
|
3
3
|
|
|
4
|
-
require 'google/protobuf'
|
|
5
|
-
|
|
6
4
|
require 'google/api/annotations_pb'
|
|
7
5
|
require 'google/api/client_pb'
|
|
8
6
|
require 'google/api/field_behavior_pb'
|
|
@@ -10,6 +8,8 @@ require 'google/api/resource_pb'
|
|
|
10
8
|
require 'google/cloud/kms/v1/resources_pb'
|
|
11
9
|
require 'google/protobuf/field_mask_pb'
|
|
12
10
|
require 'google/protobuf/wrappers_pb'
|
|
11
|
+
require 'google/protobuf'
|
|
12
|
+
|
|
13
13
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
14
14
|
add_file("google/cloud/kms/v1/service.proto", :syntax => :proto3) do
|
|
15
15
|
add_message "google.cloud.kms.v1.ListKeyRingsRequest" do
|
|
@@ -94,6 +94,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
94
94
|
end
|
|
95
95
|
add_message "google.cloud.kms.v1.ImportCryptoKeyVersionRequest" do
|
|
96
96
|
optional :parent, :string, 1
|
|
97
|
+
optional :crypto_key_version, :string, 6
|
|
97
98
|
optional :algorithm, :enum, 2, "google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm"
|
|
98
99
|
optional :import_job, :string, 4
|
|
99
100
|
oneof :wrapped_key_material do
|
|
@@ -113,6 +114,16 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
113
114
|
optional :crypto_key_version, :message, 1, "google.cloud.kms.v1.CryptoKeyVersion"
|
|
114
115
|
optional :update_mask, :message, 2, "google.protobuf.FieldMask"
|
|
115
116
|
end
|
|
117
|
+
add_message "google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest" do
|
|
118
|
+
optional :name, :string, 1
|
|
119
|
+
optional :crypto_key_version_id, :string, 2
|
|
120
|
+
end
|
|
121
|
+
add_message "google.cloud.kms.v1.DestroyCryptoKeyVersionRequest" do
|
|
122
|
+
optional :name, :string, 1
|
|
123
|
+
end
|
|
124
|
+
add_message "google.cloud.kms.v1.RestoreCryptoKeyVersionRequest" do
|
|
125
|
+
optional :name, :string, 1
|
|
126
|
+
end
|
|
116
127
|
add_message "google.cloud.kms.v1.EncryptRequest" do
|
|
117
128
|
optional :name, :string, 1
|
|
118
129
|
optional :plaintext, :bytes, 2
|
|
@@ -131,15 +142,30 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
131
142
|
optional :name, :string, 1
|
|
132
143
|
optional :digest, :message, 3, "google.cloud.kms.v1.Digest"
|
|
133
144
|
optional :digest_crc32c, :message, 4, "google.protobuf.Int64Value"
|
|
145
|
+
optional :data, :bytes, 6
|
|
146
|
+
optional :data_crc32c, :message, 7, "google.protobuf.Int64Value"
|
|
134
147
|
end
|
|
135
148
|
add_message "google.cloud.kms.v1.AsymmetricDecryptRequest" do
|
|
136
149
|
optional :name, :string, 1
|
|
137
150
|
optional :ciphertext, :bytes, 3
|
|
138
151
|
optional :ciphertext_crc32c, :message, 4, "google.protobuf.Int64Value"
|
|
139
152
|
end
|
|
140
|
-
add_message "google.cloud.kms.v1.
|
|
141
|
-
optional :
|
|
142
|
-
optional :
|
|
153
|
+
add_message "google.cloud.kms.v1.MacSignRequest" do
|
|
154
|
+
optional :name, :string, 1
|
|
155
|
+
optional :data, :bytes, 2
|
|
156
|
+
optional :data_crc32c, :message, 3, "google.protobuf.Int64Value"
|
|
157
|
+
end
|
|
158
|
+
add_message "google.cloud.kms.v1.MacVerifyRequest" do
|
|
159
|
+
optional :name, :string, 1
|
|
160
|
+
optional :data, :bytes, 2
|
|
161
|
+
optional :data_crc32c, :message, 3, "google.protobuf.Int64Value"
|
|
162
|
+
optional :mac, :bytes, 4
|
|
163
|
+
optional :mac_crc32c, :message, 5, "google.protobuf.Int64Value"
|
|
164
|
+
end
|
|
165
|
+
add_message "google.cloud.kms.v1.GenerateRandomBytesRequest" do
|
|
166
|
+
optional :location, :string, 1
|
|
167
|
+
optional :length_bytes, :int32, 2
|
|
168
|
+
optional :protection_level, :enum, 3, "google.cloud.kms.v1.ProtectionLevel"
|
|
143
169
|
end
|
|
144
170
|
add_message "google.cloud.kms.v1.EncryptResponse" do
|
|
145
171
|
optional :name, :string, 1
|
|
@@ -147,27 +173,46 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
147
173
|
optional :ciphertext_crc32c, :message, 4, "google.protobuf.Int64Value"
|
|
148
174
|
optional :verified_plaintext_crc32c, :bool, 5
|
|
149
175
|
optional :verified_additional_authenticated_data_crc32c, :bool, 6
|
|
176
|
+
optional :protection_level, :enum, 7, "google.cloud.kms.v1.ProtectionLevel"
|
|
177
|
+
end
|
|
178
|
+
add_message "google.cloud.kms.v1.DecryptResponse" do
|
|
179
|
+
optional :plaintext, :bytes, 1
|
|
180
|
+
optional :plaintext_crc32c, :message, 2, "google.protobuf.Int64Value"
|
|
181
|
+
optional :used_primary, :bool, 3
|
|
182
|
+
optional :protection_level, :enum, 4, "google.cloud.kms.v1.ProtectionLevel"
|
|
150
183
|
end
|
|
151
184
|
add_message "google.cloud.kms.v1.AsymmetricSignResponse" do
|
|
152
185
|
optional :signature, :bytes, 1
|
|
153
186
|
optional :signature_crc32c, :message, 2, "google.protobuf.Int64Value"
|
|
154
187
|
optional :verified_digest_crc32c, :bool, 3
|
|
155
188
|
optional :name, :string, 4
|
|
189
|
+
optional :verified_data_crc32c, :bool, 5
|
|
190
|
+
optional :protection_level, :enum, 6, "google.cloud.kms.v1.ProtectionLevel"
|
|
156
191
|
end
|
|
157
192
|
add_message "google.cloud.kms.v1.AsymmetricDecryptResponse" do
|
|
158
193
|
optional :plaintext, :bytes, 1
|
|
159
194
|
optional :plaintext_crc32c, :message, 2, "google.protobuf.Int64Value"
|
|
160
195
|
optional :verified_ciphertext_crc32c, :bool, 3
|
|
196
|
+
optional :protection_level, :enum, 4, "google.cloud.kms.v1.ProtectionLevel"
|
|
161
197
|
end
|
|
162
|
-
add_message "google.cloud.kms.v1.
|
|
198
|
+
add_message "google.cloud.kms.v1.MacSignResponse" do
|
|
163
199
|
optional :name, :string, 1
|
|
164
|
-
optional :
|
|
200
|
+
optional :mac, :bytes, 2
|
|
201
|
+
optional :mac_crc32c, :message, 3, "google.protobuf.Int64Value"
|
|
202
|
+
optional :verified_data_crc32c, :bool, 4
|
|
203
|
+
optional :protection_level, :enum, 5, "google.cloud.kms.v1.ProtectionLevel"
|
|
165
204
|
end
|
|
166
|
-
add_message "google.cloud.kms.v1.
|
|
205
|
+
add_message "google.cloud.kms.v1.MacVerifyResponse" do
|
|
167
206
|
optional :name, :string, 1
|
|
207
|
+
optional :success, :bool, 2
|
|
208
|
+
optional :verified_data_crc32c, :bool, 3
|
|
209
|
+
optional :verified_mac_crc32c, :bool, 4
|
|
210
|
+
optional :verified_success_integrity, :bool, 5
|
|
211
|
+
optional :protection_level, :enum, 6, "google.cloud.kms.v1.ProtectionLevel"
|
|
168
212
|
end
|
|
169
|
-
add_message "google.cloud.kms.v1.
|
|
170
|
-
optional :
|
|
213
|
+
add_message "google.cloud.kms.v1.GenerateRandomBytesResponse" do
|
|
214
|
+
optional :data, :bytes, 1
|
|
215
|
+
optional :data_crc32c, :message, 3, "google.protobuf.Int64Value"
|
|
171
216
|
end
|
|
172
217
|
add_message "google.cloud.kms.v1.Digest" do
|
|
173
218
|
oneof :digest do
|
|
@@ -207,17 +252,23 @@ module Google
|
|
|
207
252
|
CreateImportJobRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.CreateImportJobRequest").msgclass
|
|
208
253
|
UpdateCryptoKeyRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.UpdateCryptoKeyRequest").msgclass
|
|
209
254
|
UpdateCryptoKeyVersionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.UpdateCryptoKeyVersionRequest").msgclass
|
|
255
|
+
UpdateCryptoKeyPrimaryVersionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest").msgclass
|
|
256
|
+
DestroyCryptoKeyVersionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.DestroyCryptoKeyVersionRequest").msgclass
|
|
257
|
+
RestoreCryptoKeyVersionRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.RestoreCryptoKeyVersionRequest").msgclass
|
|
210
258
|
EncryptRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.EncryptRequest").msgclass
|
|
211
259
|
DecryptRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.DecryptRequest").msgclass
|
|
212
260
|
AsymmetricSignRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.AsymmetricSignRequest").msgclass
|
|
213
261
|
AsymmetricDecryptRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.AsymmetricDecryptRequest").msgclass
|
|
214
|
-
|
|
262
|
+
MacSignRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.MacSignRequest").msgclass
|
|
263
|
+
MacVerifyRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.MacVerifyRequest").msgclass
|
|
264
|
+
GenerateRandomBytesRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.GenerateRandomBytesRequest").msgclass
|
|
215
265
|
EncryptResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.EncryptResponse").msgclass
|
|
266
|
+
DecryptResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.DecryptResponse").msgclass
|
|
216
267
|
AsymmetricSignResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.AsymmetricSignResponse").msgclass
|
|
217
268
|
AsymmetricDecryptResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.AsymmetricDecryptResponse").msgclass
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
269
|
+
MacSignResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.MacSignResponse").msgclass
|
|
270
|
+
MacVerifyResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.MacVerifyResponse").msgclass
|
|
271
|
+
GenerateRandomBytesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.GenerateRandomBytesResponse").msgclass
|
|
221
272
|
Digest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.Digest").msgclass
|
|
222
273
|
LocationMetadata = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.kms.v1.LocationMetadata").msgclass
|
|
223
274
|
end
|
|
@@ -38,7 +38,7 @@ module Google
|
|
|
38
38
|
# [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc).
|
|
39
39
|
class Service
|
|
40
40
|
|
|
41
|
-
include GRPC::GenericService
|
|
41
|
+
include ::GRPC::GenericService
|
|
42
42
|
|
|
43
43
|
self.marshal_class_method = :encode
|
|
44
44
|
self.unmarshal_class_method = :decode
|
|
@@ -80,11 +80,12 @@ module Google
|
|
|
80
80
|
# [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
|
|
81
81
|
# [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
|
|
82
82
|
rpc :CreateCryptoKeyVersion, ::Google::Cloud::Kms::V1::CreateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
|
83
|
-
#
|
|
84
|
-
# wrapped key material provided in the request.
|
|
83
|
+
# Import wrapped key material into a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
|
|
85
84
|
#
|
|
86
|
-
#
|
|
87
|
-
#
|
|
85
|
+
# All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is
|
|
86
|
+
# additionally specified in the request, key material will be reimported into
|
|
87
|
+
# that version. Otherwise, a new version will be created, and will be
|
|
88
|
+
# assigned the next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
|
|
88
89
|
rpc :ImportCryptoKeyVersion, ::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
|
89
90
|
# Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing].
|
|
90
91
|
#
|
|
@@ -100,21 +101,6 @@ module Google
|
|
|
100
101
|
# method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to
|
|
101
102
|
# move between other states.
|
|
102
103
|
rpc :UpdateCryptoKeyVersion, ::Google::Cloud::Kms::V1::UpdateCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
|
103
|
-
# Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
|
|
104
|
-
# The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
|
|
105
|
-
# [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
|
106
|
-
rpc :Encrypt, ::Google::Cloud::Kms::V1::EncryptRequest, ::Google::Cloud::Kms::V1::EncryptResponse
|
|
107
|
-
# Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
|
108
|
-
# must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
|
109
|
-
rpc :Decrypt, ::Google::Cloud::Kms::V1::DecryptRequest, ::Google::Cloud::Kms::V1::DecryptResponse
|
|
110
|
-
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
|
111
|
-
# ASYMMETRIC_SIGN, producing a signature that can be verified with the public
|
|
112
|
-
# key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
|
|
113
|
-
rpc :AsymmetricSign, ::Google::Cloud::Kms::V1::AsymmetricSignRequest, ::Google::Cloud::Kms::V1::AsymmetricSignResponse
|
|
114
|
-
# Decrypts data that was encrypted with a public key retrieved from
|
|
115
|
-
# [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
|
|
116
|
-
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
|
|
117
|
-
rpc :AsymmetricDecrypt, ::Google::Cloud::Kms::V1::AsymmetricDecryptRequest, ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse
|
|
118
104
|
# Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
|
|
119
105
|
#
|
|
120
106
|
# Returns an error if called on a key whose purpose is not
|
|
@@ -123,10 +109,11 @@ module Google
|
|
|
123
109
|
# Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
|
|
124
110
|
#
|
|
125
111
|
# Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
|
|
126
|
-
# [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
|
|
127
|
-
# and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to
|
|
128
|
-
#
|
|
129
|
-
#
|
|
112
|
+
# [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
|
|
113
|
+
# and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time
|
|
114
|
+
# [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the
|
|
115
|
+
# future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will
|
|
116
|
+
# automatically change to
|
|
130
117
|
# [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key
|
|
131
118
|
# material will be irrevocably destroyed.
|
|
132
119
|
#
|
|
@@ -141,6 +128,32 @@ module Google
|
|
|
141
128
|
# will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
|
|
142
129
|
# and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared.
|
|
143
130
|
rpc :RestoreCryptoKeyVersion, ::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest, ::Google::Cloud::Kms::V1::CryptoKeyVersion
|
|
131
|
+
# Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
|
|
132
|
+
# The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
|
|
133
|
+
# [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
|
134
|
+
rpc :Encrypt, ::Google::Cloud::Kms::V1::EncryptRequest, ::Google::Cloud::Kms::V1::EncryptResponse
|
|
135
|
+
# Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
|
136
|
+
# must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
|
137
|
+
rpc :Decrypt, ::Google::Cloud::Kms::V1::DecryptRequest, ::Google::Cloud::Kms::V1::DecryptResponse
|
|
138
|
+
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
|
139
|
+
# ASYMMETRIC_SIGN, producing a signature that can be verified with the public
|
|
140
|
+
# key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
|
|
141
|
+
rpc :AsymmetricSign, ::Google::Cloud::Kms::V1::AsymmetricSignRequest, ::Google::Cloud::Kms::V1::AsymmetricSignResponse
|
|
142
|
+
# Decrypts data that was encrypted with a public key retrieved from
|
|
143
|
+
# [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
|
|
144
|
+
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
|
|
145
|
+
rpc :AsymmetricDecrypt, ::Google::Cloud::Kms::V1::AsymmetricDecryptRequest, ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse
|
|
146
|
+
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
|
147
|
+
# MAC, producing a tag that can be verified by another source with the
|
|
148
|
+
# same key.
|
|
149
|
+
rpc :MacSign, ::Google::Cloud::Kms::V1::MacSignRequest, ::Google::Cloud::Kms::V1::MacSignResponse
|
|
150
|
+
# Verifies MAC tag using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
|
151
|
+
# MAC, and returns a response that indicates whether or not the verification
|
|
152
|
+
# was successful.
|
|
153
|
+
rpc :MacVerify, ::Google::Cloud::Kms::V1::MacVerifyRequest, ::Google::Cloud::Kms::V1::MacVerifyResponse
|
|
154
|
+
# Generate random bytes using the Cloud KMS randomness source in the provided
|
|
155
|
+
# location.
|
|
156
|
+
rpc :GenerateRandomBytes, ::Google::Cloud::Kms::V1::GenerateRandomBytesRequest, ::Google::Cloud::Kms::V1::GenerateRandomBytesResponse
|
|
144
157
|
end
|
|
145
158
|
|
|
146
159
|
Stub = Service.rpc_stub_class
|
|
@@ -97,6 +97,16 @@ module Google
|
|
|
97
97
|
# @return [::Google::Protobuf::Map{::String => ::String}]
|
|
98
98
|
# Labels with user-defined metadata. For more information, see
|
|
99
99
|
# [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys).
|
|
100
|
+
# @!attribute [rw] import_only
|
|
101
|
+
# @return [::Boolean]
|
|
102
|
+
# Immutable. Whether this key may contain imported versions only.
|
|
103
|
+
# @!attribute [rw] destroy_scheduled_duration
|
|
104
|
+
# @return [::Google::Protobuf::Duration]
|
|
105
|
+
# Immutable. The period of time that versions of this key spend in the
|
|
106
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED}
|
|
107
|
+
# state before transitioning to
|
|
108
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED}. If not
|
|
109
|
+
# specified at creation time, the default duration is 24 hours.
|
|
100
110
|
class CryptoKey
|
|
101
111
|
include ::Google::Protobuf::MessageExts
|
|
102
112
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -132,6 +142,10 @@ module Google
|
|
|
132
142
|
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_decrypt AsymmetricDecrypt} and
|
|
133
143
|
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
|
|
134
144
|
ASYMMETRIC_DECRYPT = 6
|
|
145
|
+
|
|
146
|
+
# {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used with
|
|
147
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign MacSign}.
|
|
148
|
+
MAC = 9
|
|
135
149
|
end
|
|
136
150
|
end
|
|
137
151
|
|
|
@@ -235,16 +249,16 @@ module Google
|
|
|
235
249
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED}.
|
|
236
250
|
# @!attribute [r] import_job
|
|
237
251
|
# @return [::String]
|
|
238
|
-
# Output only. The name of the {::Google::Cloud::Kms::V1::ImportJob ImportJob} used
|
|
252
|
+
# Output only. The name of the {::Google::Cloud::Kms::V1::ImportJob ImportJob} used in the most recent import of this
|
|
239
253
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. Only present if the underlying key material was
|
|
240
254
|
# imported.
|
|
241
255
|
# @!attribute [r] import_time
|
|
242
256
|
# @return [::Google::Protobuf::Timestamp]
|
|
243
257
|
# Output only. The time at which this {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s key material
|
|
244
|
-
# was imported.
|
|
258
|
+
# was most recently imported.
|
|
245
259
|
# @!attribute [r] import_failure_reason
|
|
246
260
|
# @return [::String]
|
|
247
|
-
# Output only. The root cause of
|
|
261
|
+
# Output only. The root cause of the most recent import failure. Only present if
|
|
248
262
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state} is
|
|
249
263
|
# {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::IMPORT_FAILED IMPORT_FAILED}.
|
|
250
264
|
# @!attribute [rw] external_protection_level_options
|
|
@@ -252,6 +266,11 @@ module Google
|
|
|
252
266
|
# ExternalProtectionLevelOptions stores a group of additional fields for
|
|
253
267
|
# configuring a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} that are specific to the
|
|
254
268
|
# {::Google::Cloud::Kms::V1::ProtectionLevel::EXTERNAL EXTERNAL} protection level.
|
|
269
|
+
# @!attribute [r] reimport_eligible
|
|
270
|
+
# @return [::Boolean]
|
|
271
|
+
# Output only. Whether or not this key version is eligible for reimport, by being
|
|
272
|
+
# specified as a target in
|
|
273
|
+
# {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#crypto_key_version ImportCryptoKeyVersionRequest.crypto_key_version}.
|
|
255
274
|
class CryptoKeyVersion
|
|
256
275
|
include ::Google::Protobuf::MessageExts
|
|
257
276
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|
|
@@ -288,6 +307,12 @@ module Google
|
|
|
288
307
|
# The fields in the name after "EC_SIGN_" correspond to the following
|
|
289
308
|
# parameters: elliptic curve, digest algorithm.
|
|
290
309
|
#
|
|
310
|
+
# Algorithms beginning with "HMAC_" are usable with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose}
|
|
311
|
+
# {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::MAC MAC}.
|
|
312
|
+
#
|
|
313
|
+
# The suffix following "HMAC_" corresponds to the hash algorithm being used
|
|
314
|
+
# (eg. SHA256).
|
|
315
|
+
#
|
|
291
316
|
# For more information, see [Key purposes and algorithms]
|
|
292
317
|
# (https://cloud.google.com/kms/docs/algorithms).
|
|
293
318
|
module CryptoKeyVersionAlgorithm
|
|
@@ -321,6 +346,15 @@ module Google
|
|
|
321
346
|
# RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
|
|
322
347
|
RSA_SIGN_PKCS1_4096_SHA512 = 16
|
|
323
348
|
|
|
349
|
+
# RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
|
|
350
|
+
RSA_SIGN_RAW_PKCS1_2048 = 28
|
|
351
|
+
|
|
352
|
+
# RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
|
|
353
|
+
RSA_SIGN_RAW_PKCS1_3072 = 29
|
|
354
|
+
|
|
355
|
+
# RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
|
|
356
|
+
RSA_SIGN_RAW_PKCS1_4096 = 30
|
|
357
|
+
|
|
324
358
|
# RSAES-OAEP 2048 bit key with a SHA256 digest.
|
|
325
359
|
RSA_DECRYPT_OAEP_2048_SHA256 = 8
|
|
326
360
|
|
|
@@ -333,6 +367,15 @@ module Google
|
|
|
333
367
|
# RSAES-OAEP 4096 bit key with a SHA512 digest.
|
|
334
368
|
RSA_DECRYPT_OAEP_4096_SHA512 = 17
|
|
335
369
|
|
|
370
|
+
# RSAES-OAEP 2048 bit key with a SHA1 digest.
|
|
371
|
+
RSA_DECRYPT_OAEP_2048_SHA1 = 37
|
|
372
|
+
|
|
373
|
+
# RSAES-OAEP 3072 bit key with a SHA1 digest.
|
|
374
|
+
RSA_DECRYPT_OAEP_3072_SHA1 = 38
|
|
375
|
+
|
|
376
|
+
# RSAES-OAEP 4096 bit key with a SHA1 digest.
|
|
377
|
+
RSA_DECRYPT_OAEP_4096_SHA1 = 39
|
|
378
|
+
|
|
336
379
|
# ECDSA on the NIST P-256 curve with a SHA256 digest.
|
|
337
380
|
EC_SIGN_P256_SHA256 = 12
|
|
338
381
|
|
|
@@ -343,6 +386,9 @@ module Google
|
|
|
343
386
|
# HSM protection level.
|
|
344
387
|
EC_SIGN_SECP256K1_SHA256 = 31
|
|
345
388
|
|
|
389
|
+
# HMAC-SHA256 signing with a 256 bit key.
|
|
390
|
+
HMAC_SHA256 = 32
|
|
391
|
+
|
|
346
392
|
# Algorithm representing symmetric encryption by an external key manager.
|
|
347
393
|
EXTERNAL_SYMMETRIC_ENCRYPTION = 18
|
|
348
394
|
end
|
|
@@ -365,7 +411,10 @@ module Google
|
|
|
365
411
|
DISABLED = 2
|
|
366
412
|
|
|
367
413
|
# This version is destroyed, and the key material is no longer stored.
|
|
368
|
-
#
|
|
414
|
+
# This version may only become {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED} again if this version is
|
|
415
|
+
# {::Google::Cloud::Kms::V1::CryptoKeyVersion#reimport_eligible reimport_eligible} and the original
|
|
416
|
+
# key material is reimported with a call to
|
|
417
|
+
# {::Google::Cloud::Kms::V1::KeyManagementService::Client#import_crypto_key_version KeyManagementService.ImportCryptoKeyVersion}.
|
|
369
418
|
DESTROYED = 3
|
|
370
419
|
|
|
371
420
|
# This version is scheduled for destruction, and will be destroyed soon.
|
|
@@ -435,6 +484,9 @@ module Google
|
|
|
435
484
|
# Provided here for verification.
|
|
436
485
|
#
|
|
437
486
|
# NOTE: This field is in Beta.
|
|
487
|
+
# @!attribute [rw] protection_level
|
|
488
|
+
# @return [::Google::Cloud::Kms::V1::ProtectionLevel]
|
|
489
|
+
# The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} public key.
|
|
438
490
|
class PublicKey
|
|
439
491
|
include ::Google::Protobuf::MessageExts
|
|
440
492
|
extend ::Google::Protobuf::MessageExts::ClassMethods
|