google-cloud-kms 0.3.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -487,7 +487,8 @@ module Google
487
487
  #
488
488
  # @param parent [String]
489
489
  # Required. The resource name of the location associated with the
490
- # {Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format `projects/*/locations/*`.
490
+ # {Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format
491
+ # `projects/*/locations/*`.
491
492
  # @param page_size [Integer]
492
493
  # The maximum number of resources contained in the underlying API
493
494
  # response. If page streaming is performed per-resource, this
@@ -541,8 +542,8 @@ module Google
541
542
  # Lists {Google::Cloud::Kms::V1::CryptoKey CryptoKeys}.
542
543
  #
543
544
  # @param parent [String]
544
- # Required. The resource name of the {Google::Cloud::Kms::V1::KeyRing KeyRing} to list, in the format
545
- # `projects/*/locations/*/keyRings/*`.
545
+ # Required. The resource name of the {Google::Cloud::Kms::V1::KeyRing KeyRing}
546
+ # to list, in the format `projects/*/locations/*/keyRings/*`.
546
547
  # @param page_size [Integer]
547
548
  # The maximum number of resources contained in the underlying API
548
549
  # response. If page streaming is performed per-resource, this
@@ -600,7 +601,8 @@ module Google
600
601
  # Lists {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}.
601
602
  #
602
603
  # @param parent [String]
603
- # Required. The resource name of the {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to list, in the format
604
+ # Required. The resource name of the
605
+ # {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to list, in the format
604
606
  # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
605
607
  # @param page_size [Integer]
606
608
  # The maximum number of resources contained in the underlying API
@@ -659,7 +661,8 @@ module Google
659
661
  # Returns metadata for a given {Google::Cloud::Kms::V1::KeyRing KeyRing}.
660
662
  #
661
663
  # @param name [String]
662
- # The {Google::Cloud::Kms::V1::KeyRing#name name} of the {Google::Cloud::Kms::V1::KeyRing KeyRing} to get.
664
+ # The {Google::Cloud::Kms::V1::KeyRing#name name} of the
665
+ # {Google::Cloud::Kms::V1::KeyRing KeyRing} to get.
663
666
  # @param options [Google::Gax::CallOptions]
664
667
  # Overrides the default settings for this call, e.g, timeout,
665
668
  # retries, etc.
@@ -686,11 +689,13 @@ module Google
686
689
  @get_key_ring.call(req, options, &block)
687
690
  end
688
691
 
689
- # Returns metadata for a given {Google::Cloud::Kms::V1::CryptoKey CryptoKey}, as well as its
690
- # {Google::Cloud::Kms::V1::CryptoKey#primary primary} {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
692
+ # Returns metadata for a given {Google::Cloud::Kms::V1::CryptoKey CryptoKey}, as
693
+ # well as its {Google::Cloud::Kms::V1::CryptoKey#primary primary}
694
+ # {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
691
695
  #
692
696
  # @param name [String]
693
- # The {Google::Cloud::Kms::V1::CryptoKey#name name} of the {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to get.
697
+ # The {Google::Cloud::Kms::V1::CryptoKey#name name} of the
698
+ # {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to get.
694
699
  # @param options [Google::Gax::CallOptions]
695
700
  # Overrides the default settings for this call, e.g, timeout,
696
701
  # retries, etc.
@@ -717,10 +722,12 @@ module Google
717
722
  @get_crypto_key.call(req, options, &block)
718
723
  end
719
724
 
720
- # Returns metadata for a given {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
725
+ # Returns metadata for a given
726
+ # {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
721
727
  #
722
728
  # @param name [String]
723
- # The {Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to get.
729
+ # The {Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the
730
+ # {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to get.
724
731
  # @param options [Google::Gax::CallOptions]
725
732
  # Overrides the default settings for this call, e.g, timeout,
726
733
  # retries, etc.
@@ -747,11 +754,13 @@ module Google
747
754
  @get_crypto_key_version.call(req, options, &block)
748
755
  end
749
756
 
750
- # Create a new {Google::Cloud::Kms::V1::KeyRing KeyRing} in a given Project and Location.
757
+ # Create a new {Google::Cloud::Kms::V1::KeyRing KeyRing} in a given Project and
758
+ # Location.
751
759
  #
752
760
  # @param parent [String]
753
761
  # Required. The resource name of the location associated with the
754
- # {Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format `projects/*/locations/*`.
762
+ # {Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format
763
+ # `projects/*/locations/*`.
755
764
  # @param key_ring_id [String]
756
765
  # Required. It must be unique within a location and match the regular
757
766
  # expression `[a-zA-Z0-9_-]{1,63}`
@@ -795,15 +804,16 @@ module Google
795
804
  @create_key_ring.call(req, options, &block)
796
805
  end
797
806
 
798
- # Create a new {Google::Cloud::Kms::V1::CryptoKey CryptoKey} within a {Google::Cloud::Kms::V1::KeyRing KeyRing}.
807
+ # Create a new {Google::Cloud::Kms::V1::CryptoKey CryptoKey} within a
808
+ # {Google::Cloud::Kms::V1::KeyRing KeyRing}.
799
809
  #
800
810
  # {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose} and
801
811
  # {Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#algorithm CryptoKey#version_template#algorithm}
802
812
  # are required.
803
813
  #
804
814
  # @param parent [String]
805
- # Required. The {Google::Cloud::Kms::V1::KeyRing#name name} of the KeyRing associated with the
806
- # {Google::Cloud::Kms::V1::CryptoKey CryptoKeys}.
815
+ # Required. The {Google::Cloud::Kms::V1::KeyRing#name name} of the KeyRing
816
+ # associated with the {Google::Cloud::Kms::V1::CryptoKey CryptoKeys}.
807
817
  # @param crypto_key_id [String]
808
818
  # Required. It must be unique within a KeyRing and match the regular
809
819
  # expression `[a-zA-Z0-9_-]{1,63}`
@@ -852,17 +862,20 @@ module Google
852
862
  @create_crypto_key.call(req, options, &block)
853
863
  end
854
864
 
855
- # Create a new {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} in a {Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
865
+ # Create a new {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} in a
866
+ # {Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
856
867
  #
857
868
  # The server will assign the next sequential id. If unset,
858
869
  # {Google::Cloud::Kms::V1::CryptoKeyVersion#state state} will be set to
859
870
  # {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED}.
860
871
  #
861
872
  # @param parent [String]
862
- # Required. The {Google::Cloud::Kms::V1::CryptoKey#name name} of the {Google::Cloud::Kms::V1::CryptoKey CryptoKey} associated with
863
- # the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}.
873
+ # Required. The {Google::Cloud::Kms::V1::CryptoKey#name name} of the
874
+ # {Google::Cloud::Kms::V1::CryptoKey CryptoKey} associated with the
875
+ # {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}.
864
876
  # @param crypto_key_version [Google::Cloud::Kms::V1::CryptoKeyVersion | Hash]
865
- # A {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with initial field values.
877
+ # A {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with initial
878
+ # field values.
866
879
  # A hash of the same form as `Google::Cloud::Kms::V1::CryptoKeyVersion`
867
880
  # can also be provided.
868
881
  # @param options [Google::Gax::CallOptions]
@@ -939,16 +952,22 @@ module Google
939
952
  @update_crypto_key.call(req, options, &block)
940
953
  end
941
954
 
942
- # Update a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s metadata.
955
+ # Update a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s
956
+ # metadata.
943
957
  #
944
958
  # {Google::Cloud::Kms::V1::CryptoKeyVersion#state state} may be changed between
945
- # {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED} and
946
- # {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DISABLED DISABLED} using this
947
- # method. See {Google::Cloud::Kms::V1::KeyManagementService::DestroyCryptoKeyVersion DestroyCryptoKeyVersion} and {Google::Cloud::Kms::V1::KeyManagementService::RestoreCryptoKeyVersion RestoreCryptoKeyVersion} to
948
- # move between other states.
959
+ # {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED}
960
+ # and
961
+ # {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DISABLED DISABLED}
962
+ # using this method. See
963
+ # {Google::Cloud::Kms::V1::KeyManagementService::DestroyCryptoKeyVersion DestroyCryptoKeyVersion}
964
+ # and
965
+ # {Google::Cloud::Kms::V1::KeyManagementService::RestoreCryptoKeyVersion RestoreCryptoKeyVersion}
966
+ # to move between other states.
949
967
  #
950
968
  # @param crypto_key_version [Google::Cloud::Kms::V1::CryptoKeyVersion | Hash]
951
- # {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with updated values.
969
+ # {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with updated
970
+ # values.
952
971
  # A hash of the same form as `Google::Cloud::Kms::V1::CryptoKeyVersion`
953
972
  # can also be provided.
954
973
  # @param update_mask [Google::Protobuf::FieldMask | Hash]
@@ -988,35 +1007,41 @@ module Google
988
1007
  @update_crypto_key_version.call(req, options, &block)
989
1008
  end
990
1009
 
991
- # Encrypts data, so that it can only be recovered by a call to {Google::Cloud::Kms::V1::KeyManagementService::Decrypt Decrypt}.
992
- # The {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose} must be
1010
+ # Encrypts data, so that it can only be recovered by a call to
1011
+ # {Google::Cloud::Kms::V1::KeyManagementService::Decrypt Decrypt}. The
1012
+ # {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose} must be
993
1013
  # {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.
994
1014
  #
995
1015
  # @param name [String]
996
- # Required. The resource name of the {Google::Cloud::Kms::V1::CryptoKey CryptoKey} or {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
997
- # to use for encryption.
1016
+ # Required. The resource name of the
1017
+ # {Google::Cloud::Kms::V1::CryptoKey CryptoKey} or
1018
+ # {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
1019
+ # encryption.
998
1020
  #
999
- # If a {Google::Cloud::Kms::V1::CryptoKey CryptoKey} is specified, the server will use its
1000
- # {Google::Cloud::Kms::V1::CryptoKey#primary primary version}.
1021
+ # If a {Google::Cloud::Kms::V1::CryptoKey CryptoKey} is specified, the server
1022
+ # will use its {Google::Cloud::Kms::V1::CryptoKey#primary primary version}.
1001
1023
  # @param plaintext [String]
1002
1024
  # Required. The data to encrypt. Must be no larger than 64KiB.
1003
1025
  #
1004
1026
  # The maximum size depends on the key version's
1005
- # {Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}. For
1006
- # {Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the plaintext must be no larger
1007
- # than 64KiB. For {Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of the
1008
- # plaintext and additional_authenticated_data fields must be no larger than
1009
- # 8KiB.
1027
+ # {Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
1028
+ # For {Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the
1029
+ # plaintext must be no larger than 64KiB. For
1030
+ # {Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
1031
+ # the plaintext and additional_authenticated_data fields must be no larger
1032
+ # than 8KiB.
1010
1033
  # @param additional_authenticated_data [String]
1011
1034
  # Optional data that, if specified, must also be provided during decryption
1012
- # through {Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest#additional_authenticated_data}.
1035
+ # through
1036
+ # {Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest#additional_authenticated_data}.
1013
1037
  #
1014
1038
  # The maximum size depends on the key version's
1015
- # {Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}. For
1016
- # {Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the AAD must be no larger than
1017
- # 64KiB. For {Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of the
1018
- # plaintext and additional_authenticated_data fields must be no larger than
1019
- # 8KiB.
1039
+ # {Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
1040
+ # For {Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the AAD
1041
+ # must be no larger than 64KiB. For
1042
+ # {Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
1043
+ # the plaintext and additional_authenticated_data fields must be no larger
1044
+ # than 8KiB.
1020
1045
  # @param options [Google::Gax::CallOptions]
1021
1046
  # Overrides the default settings for this call, e.g, timeout,
1022
1047
  # retries, etc.
@@ -1050,12 +1075,15 @@ module Google
1050
1075
  @encrypt.call(req, options, &block)
1051
1076
  end
1052
1077
 
1053
- # Decrypts data that was protected by {Google::Cloud::Kms::V1::KeyManagementService::Encrypt Encrypt}. The {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose}
1054
- # must be {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.
1078
+ # Decrypts data that was protected by
1079
+ # {Google::Cloud::Kms::V1::KeyManagementService::Encrypt Encrypt}. The
1080
+ # {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose} must be
1081
+ # {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.
1055
1082
  #
1056
1083
  # @param name [String]
1057
- # Required. The resource name of the {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to use for decryption.
1058
- # The server will choose the appropriate version.
1084
+ # Required. The resource name of the
1085
+ # {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to use for decryption. The
1086
+ # server will choose the appropriate version.
1059
1087
  # @param ciphertext [String]
1060
1088
  # Required. The encrypted data originally returned in
1061
1089
  # {Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse#ciphertext}.
@@ -1095,14 +1123,18 @@ module Google
1095
1123
  @decrypt.call(req, options, &block)
1096
1124
  end
1097
1125
 
1098
- # Update the version of a {Google::Cloud::Kms::V1::CryptoKey CryptoKey} that will be used in {Google::Cloud::Kms::V1::KeyManagementService::Encrypt Encrypt}.
1126
+ # Update the version of a {Google::Cloud::Kms::V1::CryptoKey CryptoKey} that
1127
+ # will be used in
1128
+ # {Google::Cloud::Kms::V1::KeyManagementService::Encrypt Encrypt}.
1099
1129
  #
1100
1130
  # Returns an error if called on an asymmetric key.
1101
1131
  #
1102
1132
  # @param name [String]
1103
- # The resource name of the {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to update.
1133
+ # The resource name of the {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to
1134
+ # update.
1104
1135
  # @param crypto_key_version_id [String]
1105
- # The id of the child {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use as primary.
1136
+ # The id of the child
1137
+ # {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use as primary.
1106
1138
  # @param options [Google::Gax::CallOptions]
1107
1139
  # Overrides the default settings for this call, e.g, timeout,
1108
1140
  # retries, etc.
@@ -1134,21 +1166,28 @@ module Google
1134
1166
  @update_crypto_key_primary_version.call(req, options, &block)
1135
1167
  end
1136
1168
 
1137
- # Schedule a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} for destruction.
1169
+ # Schedule a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} for
1170
+ # destruction.
1138
1171
  #
1139
- # Upon calling this method, {Google::Cloud::Kms::V1::CryptoKeyVersion#state CryptoKeyVersion#state} will be set to
1172
+ # Upon calling this method,
1173
+ # {Google::Cloud::Kms::V1::CryptoKeyVersion#state CryptoKeyVersion#state} will
1174
+ # be set to
1140
1175
  # {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED}
1141
- # and {Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will be set to a time 24
1142
- # hours in the future, at which point the {Google::Cloud::Kms::V1::CryptoKeyVersion#state state}
1143
- # will be changed to
1144
- # {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED}, and the key
1145
- # material will be irrevocably destroyed.
1146
- #
1147
- # Before the {Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} is reached,
1148
- # {Google::Cloud::Kms::V1::KeyManagementService::RestoreCryptoKeyVersion RestoreCryptoKeyVersion} may be called to reverse the process.
1176
+ # and {Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will
1177
+ # be set to a time 24 hours in the future, at which point the
1178
+ # {Google::Cloud::Kms::V1::CryptoKeyVersion#state state} will be changed to
1179
+ # {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED},
1180
+ # and the key material will be irrevocably destroyed.
1181
+ #
1182
+ # Before the
1183
+ # {Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} is
1184
+ # reached,
1185
+ # {Google::Cloud::Kms::V1::KeyManagementService::RestoreCryptoKeyVersion RestoreCryptoKeyVersion}
1186
+ # may be called to reverse the process.
1149
1187
  #
1150
1188
  # @param name [String]
1151
- # The resource name of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to destroy.
1189
+ # The resource name of the
1190
+ # {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to destroy.
1152
1191
  # @param options [Google::Gax::CallOptions]
1153
1192
  # Overrides the default settings for this call, e.g, timeout,
1154
1193
  # retries, etc.
@@ -1179,12 +1218,15 @@ module Google
1179
1218
  # {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED}
1180
1219
  # state.
1181
1220
  #
1182
- # Upon restoration of the CryptoKeyVersion, {Google::Cloud::Kms::V1::CryptoKeyVersion#state state}
1183
- # will be set to {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DISABLED DISABLED},
1184
- # and {Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will be cleared.
1221
+ # Upon restoration of the CryptoKeyVersion,
1222
+ # {Google::Cloud::Kms::V1::CryptoKeyVersion#state state} will be set to
1223
+ # {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DISABLED DISABLED},
1224
+ # and {Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will
1225
+ # be cleared.
1185
1226
  #
1186
1227
  # @param name [String]
1187
- # The resource name of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to restore.
1228
+ # The resource name of the
1229
+ # {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to restore.
1188
1230
  # @param options [Google::Gax::CallOptions]
1189
1231
  # Overrides the default settings for this call, e.g, timeout,
1190
1232
  # retries, etc.
@@ -1211,14 +1253,16 @@ module Google
1211
1253
  @restore_crypto_key_version.call(req, options, &block)
1212
1254
  end
1213
1255
 
1214
- # Returns the public key for the given {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. The
1256
+ # Returns the public key for the given
1257
+ # {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. The
1215
1258
  # {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose} must be
1216
- # {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ASYMMETRIC_SIGN ASYMMETRIC_SIGN} or
1259
+ # {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ASYMMETRIC_SIGN ASYMMETRIC_SIGN}
1260
+ # or
1217
1261
  # {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ASYMMETRIC_DECRYPT ASYMMETRIC_DECRYPT}.
1218
1262
  #
1219
1263
  # @param name [String]
1220
- # The {Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} public key to
1221
- # get.
1264
+ # The {Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the
1265
+ # {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} public key to get.
1222
1266
  # @param options [Google::Gax::CallOptions]
1223
1267
  # Overrides the default settings for this call, e.g, timeout,
1224
1268
  # retries, etc.
@@ -1246,15 +1290,19 @@ module Google
1246
1290
  end
1247
1291
 
1248
1292
  # Decrypts data that was encrypted with a public key retrieved from
1249
- # {Google::Cloud::Kms::V1::KeyManagementService::GetPublicKey GetPublicKey} corresponding to a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with
1250
- # {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose} ASYMMETRIC_DECRYPT.
1293
+ # {Google::Cloud::Kms::V1::KeyManagementService::GetPublicKey GetPublicKey}
1294
+ # corresponding to a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
1295
+ # with {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose}
1296
+ # ASYMMETRIC_DECRYPT.
1251
1297
  #
1252
1298
  # @param name [String]
1253
- # Required. The resource name of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
1299
+ # Required. The resource name of the
1300
+ # {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
1254
1301
  # decryption.
1255
1302
  # @param ciphertext [String]
1256
- # Required. The data encrypted with the named {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s public
1257
- # key using OAEP.
1303
+ # Required. The data encrypted with the named
1304
+ # {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s public key using
1305
+ # OAEP.
1258
1306
  # @param options [Google::Gax::CallOptions]
1259
1307
  # Overrides the default settings for this call, e.g, timeout,
1260
1308
  # retries, etc.
@@ -1286,12 +1334,16 @@ module Google
1286
1334
  @asymmetric_decrypt.call(req, options, &block)
1287
1335
  end
1288
1336
 
1289
- # Signs data using a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose}
1337
+ # Signs data using a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
1338
+ # with {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose}
1290
1339
  # ASYMMETRIC_SIGN, producing a signature that can be verified with the public
1291
- # key retrieved from {Google::Cloud::Kms::V1::KeyManagementService::GetPublicKey GetPublicKey}.
1340
+ # key retrieved from
1341
+ # {Google::Cloud::Kms::V1::KeyManagementService::GetPublicKey GetPublicKey}.
1292
1342
  #
1293
1343
  # @param name [String]
1294
- # Required. The resource name of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for signing.
1344
+ # Required. The resource name of the
1345
+ # {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
1346
+ # signing.
1295
1347
  # @param digest [Google::Cloud::Kms::V1::Digest | Hash]
1296
1348
  # Required. The digest of the data to sign. The digest must be produced with
1297
1349
  # the same digest algorithm as specified by the key version's
@@ -41,6 +41,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
41
41
  add_enum "google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat" do
42
42
  value :ATTESTATION_FORMAT_UNSPECIFIED, 0
43
43
  value :CAVIUM_V1_COMPRESSED, 3
44
+ value :CAVIUM_V2_COMPRESSED, 4
44
45
  end
45
46
  add_message "google.cloud.kms.v1.CryptoKeyVersion" do
46
47
  optional :name, :string, 1
@@ -53,25 +53,32 @@ module Google
53
53
  rpc :ListCryptoKeyVersions, ListCryptoKeyVersionsRequest, ListCryptoKeyVersionsResponse
54
54
  # Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
55
55
  rpc :GetKeyRing, GetKeyRingRequest, KeyRing
56
- # Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its
57
- # [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
56
+ # Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as
57
+ # well as its [primary][google.cloud.kms.v1.CryptoKey.primary]
58
+ # [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
58
59
  rpc :GetCryptoKey, GetCryptoKeyRequest, CryptoKey
59
- # Returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
60
+ # Returns metadata for a given
61
+ # [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
60
62
  rpc :GetCryptoKeyVersion, GetCryptoKeyVersionRequest, CryptoKeyVersion
61
- # Returns the public key for the given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
63
+ # Returns the public key for the given
64
+ # [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
62
65
  # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
63
- # [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or
66
+ # [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]
67
+ # or
64
68
  # [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
65
69
  rpc :GetPublicKey, GetPublicKeyRequest, PublicKey
66
- # Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location.
70
+ # Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and
71
+ # Location.
67
72
  rpc :CreateKeyRing, CreateKeyRingRequest, KeyRing
68
- # Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing].
73
+ # Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a
74
+ # [KeyRing][google.cloud.kms.v1.KeyRing].
69
75
  #
70
76
  # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
71
77
  # [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
72
78
  # are required.
73
79
  rpc :CreateCryptoKey, CreateCryptoKeyRequest, CryptoKey
74
- # Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey].
80
+ # Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a
81
+ # [CryptoKey][google.cloud.kms.v1.CryptoKey].
75
82
  #
76
83
  # The server will assign the next sequential id. If unset,
77
84
  # [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
@@ -79,53 +86,75 @@ module Google
79
86
  rpc :CreateCryptoKeyVersion, CreateCryptoKeyVersionRequest, CryptoKeyVersion
80
87
  # Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
81
88
  rpc :UpdateCryptoKey, UpdateCryptoKeyRequest, CryptoKey
82
- # Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata.
89
+ # Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
90
+ # metadata.
83
91
  #
84
92
  # [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
85
- # [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] and
86
- # [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this
87
- # method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to
88
- # move between other states.
93
+ # [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
94
+ # and
95
+ # [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]
96
+ # using this method. See
97
+ # [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]
98
+ # and
99
+ # [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
100
+ # to move between other states.
89
101
  rpc :UpdateCryptoKeyVersion, UpdateCryptoKeyVersionRequest, CryptoKeyVersion
90
- # Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
91
- # The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
102
+ # Encrypts data, so that it can only be recovered by a call to
103
+ # [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The
104
+ # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
92
105
  # [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
93
106
  rpc :Encrypt, EncryptRequest, EncryptResponse
94
- # Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
95
- # must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
107
+ # Decrypts data that was protected by
108
+ # [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The
109
+ # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
110
+ # [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
96
111
  rpc :Decrypt, DecryptRequest, DecryptResponse
97
- # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
112
+ # Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
113
+ # with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
98
114
  # ASYMMETRIC_SIGN, producing a signature that can be verified with the public
99
- # key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
115
+ # key retrieved from
116
+ # [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
100
117
  rpc :AsymmetricSign, AsymmetricSignRequest, AsymmetricSignResponse
101
118
  # Decrypts data that was encrypted with a public key retrieved from
102
- # [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
103
- # [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
119
+ # [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
120
+ # corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
121
+ # with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
122
+ # ASYMMETRIC_DECRYPT.
104
123
  rpc :AsymmetricDecrypt, AsymmetricDecryptRequest, AsymmetricDecryptResponse
105
- # Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
124
+ # Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that
125
+ # will be used in
126
+ # [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
106
127
  #
107
128
  # Returns an error if called on an asymmetric key.
108
129
  rpc :UpdateCryptoKeyPrimaryVersion, UpdateCryptoKeyPrimaryVersionRequest, CryptoKey
109
- # Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
130
+ # Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for
131
+ # destruction.
110
132
  #
111
- # Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
133
+ # Upon calling this method,
134
+ # [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will
135
+ # be set to
112
136
  # [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
113
- # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to a time 24
114
- # hours in the future, at which point the [state][google.cloud.kms.v1.CryptoKeyVersion.state]
115
- # will be changed to
116
- # [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key
117
- # material will be irrevocably destroyed.
137
+ # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
138
+ # be set to a time 24 hours in the future, at which point the
139
+ # [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be changed to
140
+ # [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
141
+ # and the key material will be irrevocably destroyed.
118
142
  #
119
- # Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached,
120
- # [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process.
143
+ # Before the
144
+ # [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is
145
+ # reached,
146
+ # [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
147
+ # may be called to reverse the process.
121
148
  rpc :DestroyCryptoKeyVersion, DestroyCryptoKeyVersionRequest, CryptoKeyVersion
122
149
  # Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
123
150
  # [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
124
151
  # state.
125
152
  #
126
- # Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state]
127
- # will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
128
- # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared.
153
+ # Upon restoration of the CryptoKeyVersion,
154
+ # [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
155
+ # [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
156
+ # and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
157
+ # be cleared.
129
158
  rpc :RestoreCryptoKeyVersion, RestoreCryptoKeyVersionRequest, CryptoKeyVersion
130
159
  end
131
160