google-cloud-kms 0.3.0 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +22 -1
- data/lib/google/cloud/kms.rb +1 -1
- data/lib/google/cloud/kms/v1.rb +1 -1
- data/lib/google/cloud/kms/v1/doc/google/cloud/kms/v1/resources.rb +150 -84
- data/lib/google/cloud/kms/v1/doc/google/cloud/kms/v1/service.rb +157 -91
- data/lib/google/cloud/kms/v1/key_management_service_client.rb +128 -76
- data/lib/google/cloud/kms/v1/resources_pb.rb +1 -0
- data/lib/google/cloud/kms/v1/service_services_pb.rb +63 -34
- metadata +4 -4
|
@@ -487,7 +487,8 @@ module Google
|
|
|
487
487
|
#
|
|
488
488
|
# @param parent [String]
|
|
489
489
|
# Required. The resource name of the location associated with the
|
|
490
|
-
# {Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format
|
|
490
|
+
# {Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format
|
|
491
|
+
# `projects/*/locations/*`.
|
|
491
492
|
# @param page_size [Integer]
|
|
492
493
|
# The maximum number of resources contained in the underlying API
|
|
493
494
|
# response. If page streaming is performed per-resource, this
|
|
@@ -541,8 +542,8 @@ module Google
|
|
|
541
542
|
# Lists {Google::Cloud::Kms::V1::CryptoKey CryptoKeys}.
|
|
542
543
|
#
|
|
543
544
|
# @param parent [String]
|
|
544
|
-
# Required. The resource name of the {Google::Cloud::Kms::V1::KeyRing KeyRing}
|
|
545
|
-
# `projects/*/locations/*/keyRings/*`.
|
|
545
|
+
# Required. The resource name of the {Google::Cloud::Kms::V1::KeyRing KeyRing}
|
|
546
|
+
# to list, in the format `projects/*/locations/*/keyRings/*`.
|
|
546
547
|
# @param page_size [Integer]
|
|
547
548
|
# The maximum number of resources contained in the underlying API
|
|
548
549
|
# response. If page streaming is performed per-resource, this
|
|
@@ -600,7 +601,8 @@ module Google
|
|
|
600
601
|
# Lists {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}.
|
|
601
602
|
#
|
|
602
603
|
# @param parent [String]
|
|
603
|
-
# Required. The resource name of the
|
|
604
|
+
# Required. The resource name of the
|
|
605
|
+
# {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to list, in the format
|
|
604
606
|
# `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
|
|
605
607
|
# @param page_size [Integer]
|
|
606
608
|
# The maximum number of resources contained in the underlying API
|
|
@@ -659,7 +661,8 @@ module Google
|
|
|
659
661
|
# Returns metadata for a given {Google::Cloud::Kms::V1::KeyRing KeyRing}.
|
|
660
662
|
#
|
|
661
663
|
# @param name [String]
|
|
662
|
-
# The {Google::Cloud::Kms::V1::KeyRing#name name} of the
|
|
664
|
+
# The {Google::Cloud::Kms::V1::KeyRing#name name} of the
|
|
665
|
+
# {Google::Cloud::Kms::V1::KeyRing KeyRing} to get.
|
|
663
666
|
# @param options [Google::Gax::CallOptions]
|
|
664
667
|
# Overrides the default settings for this call, e.g, timeout,
|
|
665
668
|
# retries, etc.
|
|
@@ -686,11 +689,13 @@ module Google
|
|
|
686
689
|
@get_key_ring.call(req, options, &block)
|
|
687
690
|
end
|
|
688
691
|
|
|
689
|
-
# Returns metadata for a given {Google::Cloud::Kms::V1::CryptoKey CryptoKey}, as
|
|
690
|
-
# {Google::Cloud::Kms::V1::CryptoKey#primary primary}
|
|
692
|
+
# Returns metadata for a given {Google::Cloud::Kms::V1::CryptoKey CryptoKey}, as
|
|
693
|
+
# well as its {Google::Cloud::Kms::V1::CryptoKey#primary primary}
|
|
694
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
|
|
691
695
|
#
|
|
692
696
|
# @param name [String]
|
|
693
|
-
# The {Google::Cloud::Kms::V1::CryptoKey#name name} of the
|
|
697
|
+
# The {Google::Cloud::Kms::V1::CryptoKey#name name} of the
|
|
698
|
+
# {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to get.
|
|
694
699
|
# @param options [Google::Gax::CallOptions]
|
|
695
700
|
# Overrides the default settings for this call, e.g, timeout,
|
|
696
701
|
# retries, etc.
|
|
@@ -717,10 +722,12 @@ module Google
|
|
|
717
722
|
@get_crypto_key.call(req, options, &block)
|
|
718
723
|
end
|
|
719
724
|
|
|
720
|
-
# Returns metadata for a given
|
|
725
|
+
# Returns metadata for a given
|
|
726
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
|
|
721
727
|
#
|
|
722
728
|
# @param name [String]
|
|
723
|
-
# The {Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the
|
|
729
|
+
# The {Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the
|
|
730
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to get.
|
|
724
731
|
# @param options [Google::Gax::CallOptions]
|
|
725
732
|
# Overrides the default settings for this call, e.g, timeout,
|
|
726
733
|
# retries, etc.
|
|
@@ -747,11 +754,13 @@ module Google
|
|
|
747
754
|
@get_crypto_key_version.call(req, options, &block)
|
|
748
755
|
end
|
|
749
756
|
|
|
750
|
-
# Create a new {Google::Cloud::Kms::V1::KeyRing KeyRing} in a given Project and
|
|
757
|
+
# Create a new {Google::Cloud::Kms::V1::KeyRing KeyRing} in a given Project and
|
|
758
|
+
# Location.
|
|
751
759
|
#
|
|
752
760
|
# @param parent [String]
|
|
753
761
|
# Required. The resource name of the location associated with the
|
|
754
|
-
# {Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format
|
|
762
|
+
# {Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format
|
|
763
|
+
# `projects/*/locations/*`.
|
|
755
764
|
# @param key_ring_id [String]
|
|
756
765
|
# Required. It must be unique within a location and match the regular
|
|
757
766
|
# expression `[a-zA-Z0-9_-]{1,63}`
|
|
@@ -795,15 +804,16 @@ module Google
|
|
|
795
804
|
@create_key_ring.call(req, options, &block)
|
|
796
805
|
end
|
|
797
806
|
|
|
798
|
-
# Create a new {Google::Cloud::Kms::V1::CryptoKey CryptoKey} within a
|
|
807
|
+
# Create a new {Google::Cloud::Kms::V1::CryptoKey CryptoKey} within a
|
|
808
|
+
# {Google::Cloud::Kms::V1::KeyRing KeyRing}.
|
|
799
809
|
#
|
|
800
810
|
# {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose} and
|
|
801
811
|
# {Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#algorithm CryptoKey#version_template#algorithm}
|
|
802
812
|
# are required.
|
|
803
813
|
#
|
|
804
814
|
# @param parent [String]
|
|
805
|
-
# Required. The {Google::Cloud::Kms::V1::KeyRing#name name} of the KeyRing
|
|
806
|
-
# {Google::Cloud::Kms::V1::CryptoKey CryptoKeys}.
|
|
815
|
+
# Required. The {Google::Cloud::Kms::V1::KeyRing#name name} of the KeyRing
|
|
816
|
+
# associated with the {Google::Cloud::Kms::V1::CryptoKey CryptoKeys}.
|
|
807
817
|
# @param crypto_key_id [String]
|
|
808
818
|
# Required. It must be unique within a KeyRing and match the regular
|
|
809
819
|
# expression `[a-zA-Z0-9_-]{1,63}`
|
|
@@ -852,17 +862,20 @@ module Google
|
|
|
852
862
|
@create_crypto_key.call(req, options, &block)
|
|
853
863
|
end
|
|
854
864
|
|
|
855
|
-
# Create a new {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} in a
|
|
865
|
+
# Create a new {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} in a
|
|
866
|
+
# {Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
|
|
856
867
|
#
|
|
857
868
|
# The server will assign the next sequential id. If unset,
|
|
858
869
|
# {Google::Cloud::Kms::V1::CryptoKeyVersion#state state} will be set to
|
|
859
870
|
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED}.
|
|
860
871
|
#
|
|
861
872
|
# @param parent [String]
|
|
862
|
-
# Required. The {Google::Cloud::Kms::V1::CryptoKey#name name} of the
|
|
863
|
-
#
|
|
873
|
+
# Required. The {Google::Cloud::Kms::V1::CryptoKey#name name} of the
|
|
874
|
+
# {Google::Cloud::Kms::V1::CryptoKey CryptoKey} associated with the
|
|
875
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}.
|
|
864
876
|
# @param crypto_key_version [Google::Cloud::Kms::V1::CryptoKeyVersion | Hash]
|
|
865
|
-
# A {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with initial
|
|
877
|
+
# A {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with initial
|
|
878
|
+
# field values.
|
|
866
879
|
# A hash of the same form as `Google::Cloud::Kms::V1::CryptoKeyVersion`
|
|
867
880
|
# can also be provided.
|
|
868
881
|
# @param options [Google::Gax::CallOptions]
|
|
@@ -939,16 +952,22 @@ module Google
|
|
|
939
952
|
@update_crypto_key.call(req, options, &block)
|
|
940
953
|
end
|
|
941
954
|
|
|
942
|
-
# Update a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s
|
|
955
|
+
# Update a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s
|
|
956
|
+
# metadata.
|
|
943
957
|
#
|
|
944
958
|
# {Google::Cloud::Kms::V1::CryptoKeyVersion#state state} may be changed between
|
|
945
|
-
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED}
|
|
946
|
-
#
|
|
947
|
-
#
|
|
948
|
-
#
|
|
959
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED}
|
|
960
|
+
# and
|
|
961
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DISABLED DISABLED}
|
|
962
|
+
# using this method. See
|
|
963
|
+
# {Google::Cloud::Kms::V1::KeyManagementService::DestroyCryptoKeyVersion DestroyCryptoKeyVersion}
|
|
964
|
+
# and
|
|
965
|
+
# {Google::Cloud::Kms::V1::KeyManagementService::RestoreCryptoKeyVersion RestoreCryptoKeyVersion}
|
|
966
|
+
# to move between other states.
|
|
949
967
|
#
|
|
950
968
|
# @param crypto_key_version [Google::Cloud::Kms::V1::CryptoKeyVersion | Hash]
|
|
951
|
-
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with updated
|
|
969
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with updated
|
|
970
|
+
# values.
|
|
952
971
|
# A hash of the same form as `Google::Cloud::Kms::V1::CryptoKeyVersion`
|
|
953
972
|
# can also be provided.
|
|
954
973
|
# @param update_mask [Google::Protobuf::FieldMask | Hash]
|
|
@@ -988,35 +1007,41 @@ module Google
|
|
|
988
1007
|
@update_crypto_key_version.call(req, options, &block)
|
|
989
1008
|
end
|
|
990
1009
|
|
|
991
|
-
# Encrypts data, so that it can only be recovered by a call to
|
|
992
|
-
#
|
|
1010
|
+
# Encrypts data, so that it can only be recovered by a call to
|
|
1011
|
+
# {Google::Cloud::Kms::V1::KeyManagementService::Decrypt Decrypt}. The
|
|
1012
|
+
# {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose} must be
|
|
993
1013
|
# {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.
|
|
994
1014
|
#
|
|
995
1015
|
# @param name [String]
|
|
996
|
-
# Required. The resource name of the
|
|
997
|
-
#
|
|
1016
|
+
# Required. The resource name of the
|
|
1017
|
+
# {Google::Cloud::Kms::V1::CryptoKey CryptoKey} or
|
|
1018
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
|
|
1019
|
+
# encryption.
|
|
998
1020
|
#
|
|
999
|
-
# If a {Google::Cloud::Kms::V1::CryptoKey CryptoKey} is specified, the server
|
|
1000
|
-
# {Google::Cloud::Kms::V1::CryptoKey#primary primary version}.
|
|
1021
|
+
# If a {Google::Cloud::Kms::V1::CryptoKey CryptoKey} is specified, the server
|
|
1022
|
+
# will use its {Google::Cloud::Kms::V1::CryptoKey#primary primary version}.
|
|
1001
1023
|
# @param plaintext [String]
|
|
1002
1024
|
# Required. The data to encrypt. Must be no larger than 64KiB.
|
|
1003
1025
|
#
|
|
1004
1026
|
# The maximum size depends on the key version's
|
|
1005
|
-
# {Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
|
|
1006
|
-
# {Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the
|
|
1007
|
-
#
|
|
1008
|
-
#
|
|
1009
|
-
#
|
|
1027
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
|
|
1028
|
+
# For {Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the
|
|
1029
|
+
# plaintext must be no larger than 64KiB. For
|
|
1030
|
+
# {Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
|
|
1031
|
+
# the plaintext and additional_authenticated_data fields must be no larger
|
|
1032
|
+
# than 8KiB.
|
|
1010
1033
|
# @param additional_authenticated_data [String]
|
|
1011
1034
|
# Optional data that, if specified, must also be provided during decryption
|
|
1012
|
-
# through
|
|
1035
|
+
# through
|
|
1036
|
+
# {Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest#additional_authenticated_data}.
|
|
1013
1037
|
#
|
|
1014
1038
|
# The maximum size depends on the key version's
|
|
1015
|
-
# {Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
|
|
1016
|
-
# {Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the AAD
|
|
1017
|
-
#
|
|
1018
|
-
#
|
|
1019
|
-
#
|
|
1039
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
|
|
1040
|
+
# For {Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the AAD
|
|
1041
|
+
# must be no larger than 64KiB. For
|
|
1042
|
+
# {Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
|
|
1043
|
+
# the plaintext and additional_authenticated_data fields must be no larger
|
|
1044
|
+
# than 8KiB.
|
|
1020
1045
|
# @param options [Google::Gax::CallOptions]
|
|
1021
1046
|
# Overrides the default settings for this call, e.g, timeout,
|
|
1022
1047
|
# retries, etc.
|
|
@@ -1050,12 +1075,15 @@ module Google
|
|
|
1050
1075
|
@encrypt.call(req, options, &block)
|
|
1051
1076
|
end
|
|
1052
1077
|
|
|
1053
|
-
# Decrypts data that was protected by
|
|
1054
|
-
#
|
|
1078
|
+
# Decrypts data that was protected by
|
|
1079
|
+
# {Google::Cloud::Kms::V1::KeyManagementService::Encrypt Encrypt}. The
|
|
1080
|
+
# {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose} must be
|
|
1081
|
+
# {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.
|
|
1055
1082
|
#
|
|
1056
1083
|
# @param name [String]
|
|
1057
|
-
# Required. The resource name of the
|
|
1058
|
-
#
|
|
1084
|
+
# Required. The resource name of the
|
|
1085
|
+
# {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to use for decryption. The
|
|
1086
|
+
# server will choose the appropriate version.
|
|
1059
1087
|
# @param ciphertext [String]
|
|
1060
1088
|
# Required. The encrypted data originally returned in
|
|
1061
1089
|
# {Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse#ciphertext}.
|
|
@@ -1095,14 +1123,18 @@ module Google
|
|
|
1095
1123
|
@decrypt.call(req, options, &block)
|
|
1096
1124
|
end
|
|
1097
1125
|
|
|
1098
|
-
# Update the version of a {Google::Cloud::Kms::V1::CryptoKey CryptoKey} that
|
|
1126
|
+
# Update the version of a {Google::Cloud::Kms::V1::CryptoKey CryptoKey} that
|
|
1127
|
+
# will be used in
|
|
1128
|
+
# {Google::Cloud::Kms::V1::KeyManagementService::Encrypt Encrypt}.
|
|
1099
1129
|
#
|
|
1100
1130
|
# Returns an error if called on an asymmetric key.
|
|
1101
1131
|
#
|
|
1102
1132
|
# @param name [String]
|
|
1103
|
-
# The resource name of the {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to
|
|
1133
|
+
# The resource name of the {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to
|
|
1134
|
+
# update.
|
|
1104
1135
|
# @param crypto_key_version_id [String]
|
|
1105
|
-
# The id of the child
|
|
1136
|
+
# The id of the child
|
|
1137
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use as primary.
|
|
1106
1138
|
# @param options [Google::Gax::CallOptions]
|
|
1107
1139
|
# Overrides the default settings for this call, e.g, timeout,
|
|
1108
1140
|
# retries, etc.
|
|
@@ -1134,21 +1166,28 @@ module Google
|
|
|
1134
1166
|
@update_crypto_key_primary_version.call(req, options, &block)
|
|
1135
1167
|
end
|
|
1136
1168
|
|
|
1137
|
-
# Schedule a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} for
|
|
1169
|
+
# Schedule a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} for
|
|
1170
|
+
# destruction.
|
|
1138
1171
|
#
|
|
1139
|
-
# Upon calling this method,
|
|
1172
|
+
# Upon calling this method,
|
|
1173
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion#state CryptoKeyVersion#state} will
|
|
1174
|
+
# be set to
|
|
1140
1175
|
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED}
|
|
1141
|
-
# and {Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will
|
|
1142
|
-
# hours in the future, at which point the
|
|
1143
|
-
# will be changed to
|
|
1144
|
-
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED},
|
|
1145
|
-
# material will be irrevocably destroyed.
|
|
1146
|
-
#
|
|
1147
|
-
# Before the
|
|
1148
|
-
# {Google::Cloud::Kms::V1::
|
|
1176
|
+
# and {Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will
|
|
1177
|
+
# be set to a time 24 hours in the future, at which point the
|
|
1178
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion#state state} will be changed to
|
|
1179
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED},
|
|
1180
|
+
# and the key material will be irrevocably destroyed.
|
|
1181
|
+
#
|
|
1182
|
+
# Before the
|
|
1183
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} is
|
|
1184
|
+
# reached,
|
|
1185
|
+
# {Google::Cloud::Kms::V1::KeyManagementService::RestoreCryptoKeyVersion RestoreCryptoKeyVersion}
|
|
1186
|
+
# may be called to reverse the process.
|
|
1149
1187
|
#
|
|
1150
1188
|
# @param name [String]
|
|
1151
|
-
# The resource name of the
|
|
1189
|
+
# The resource name of the
|
|
1190
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to destroy.
|
|
1152
1191
|
# @param options [Google::Gax::CallOptions]
|
|
1153
1192
|
# Overrides the default settings for this call, e.g, timeout,
|
|
1154
1193
|
# retries, etc.
|
|
@@ -1179,12 +1218,15 @@ module Google
|
|
|
1179
1218
|
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED}
|
|
1180
1219
|
# state.
|
|
1181
1220
|
#
|
|
1182
|
-
# Upon restoration of the CryptoKeyVersion,
|
|
1183
|
-
#
|
|
1184
|
-
#
|
|
1221
|
+
# Upon restoration of the CryptoKeyVersion,
|
|
1222
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion#state state} will be set to
|
|
1223
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DISABLED DISABLED},
|
|
1224
|
+
# and {Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will
|
|
1225
|
+
# be cleared.
|
|
1185
1226
|
#
|
|
1186
1227
|
# @param name [String]
|
|
1187
|
-
# The resource name of the
|
|
1228
|
+
# The resource name of the
|
|
1229
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to restore.
|
|
1188
1230
|
# @param options [Google::Gax::CallOptions]
|
|
1189
1231
|
# Overrides the default settings for this call, e.g, timeout,
|
|
1190
1232
|
# retries, etc.
|
|
@@ -1211,14 +1253,16 @@ module Google
|
|
|
1211
1253
|
@restore_crypto_key_version.call(req, options, &block)
|
|
1212
1254
|
end
|
|
1213
1255
|
|
|
1214
|
-
# Returns the public key for the given
|
|
1256
|
+
# Returns the public key for the given
|
|
1257
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. The
|
|
1215
1258
|
# {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose} must be
|
|
1216
|
-
# {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ASYMMETRIC_SIGN ASYMMETRIC_SIGN}
|
|
1259
|
+
# {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ASYMMETRIC_SIGN ASYMMETRIC_SIGN}
|
|
1260
|
+
# or
|
|
1217
1261
|
# {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ASYMMETRIC_DECRYPT ASYMMETRIC_DECRYPT}.
|
|
1218
1262
|
#
|
|
1219
1263
|
# @param name [String]
|
|
1220
|
-
# The {Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the
|
|
1221
|
-
# get.
|
|
1264
|
+
# The {Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the
|
|
1265
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} public key to get.
|
|
1222
1266
|
# @param options [Google::Gax::CallOptions]
|
|
1223
1267
|
# Overrides the default settings for this call, e.g, timeout,
|
|
1224
1268
|
# retries, etc.
|
|
@@ -1246,15 +1290,19 @@ module Google
|
|
|
1246
1290
|
end
|
|
1247
1291
|
|
|
1248
1292
|
# Decrypts data that was encrypted with a public key retrieved from
|
|
1249
|
-
# {Google::Cloud::Kms::V1::KeyManagementService::GetPublicKey GetPublicKey}
|
|
1250
|
-
# {Google::Cloud::Kms::V1::
|
|
1293
|
+
# {Google::Cloud::Kms::V1::KeyManagementService::GetPublicKey GetPublicKey}
|
|
1294
|
+
# corresponding to a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
|
|
1295
|
+
# with {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose}
|
|
1296
|
+
# ASYMMETRIC_DECRYPT.
|
|
1251
1297
|
#
|
|
1252
1298
|
# @param name [String]
|
|
1253
|
-
# Required. The resource name of the
|
|
1299
|
+
# Required. The resource name of the
|
|
1300
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
|
|
1254
1301
|
# decryption.
|
|
1255
1302
|
# @param ciphertext [String]
|
|
1256
|
-
# Required. The data encrypted with the named
|
|
1257
|
-
# key using
|
|
1303
|
+
# Required. The data encrypted with the named
|
|
1304
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s public key using
|
|
1305
|
+
# OAEP.
|
|
1258
1306
|
# @param options [Google::Gax::CallOptions]
|
|
1259
1307
|
# Overrides the default settings for this call, e.g, timeout,
|
|
1260
1308
|
# retries, etc.
|
|
@@ -1286,12 +1334,16 @@ module Google
|
|
|
1286
1334
|
@asymmetric_decrypt.call(req, options, &block)
|
|
1287
1335
|
end
|
|
1288
1336
|
|
|
1289
|
-
# Signs data using a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
|
|
1337
|
+
# Signs data using a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
|
|
1338
|
+
# with {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose}
|
|
1290
1339
|
# ASYMMETRIC_SIGN, producing a signature that can be verified with the public
|
|
1291
|
-
# key retrieved from
|
|
1340
|
+
# key retrieved from
|
|
1341
|
+
# {Google::Cloud::Kms::V1::KeyManagementService::GetPublicKey GetPublicKey}.
|
|
1292
1342
|
#
|
|
1293
1343
|
# @param name [String]
|
|
1294
|
-
# Required. The resource name of the
|
|
1344
|
+
# Required. The resource name of the
|
|
1345
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
|
|
1346
|
+
# signing.
|
|
1295
1347
|
# @param digest [Google::Cloud::Kms::V1::Digest | Hash]
|
|
1296
1348
|
# Required. The digest of the data to sign. The digest must be produced with
|
|
1297
1349
|
# the same digest algorithm as specified by the key version's
|
|
@@ -41,6 +41,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
41
41
|
add_enum "google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat" do
|
|
42
42
|
value :ATTESTATION_FORMAT_UNSPECIFIED, 0
|
|
43
43
|
value :CAVIUM_V1_COMPRESSED, 3
|
|
44
|
+
value :CAVIUM_V2_COMPRESSED, 4
|
|
44
45
|
end
|
|
45
46
|
add_message "google.cloud.kms.v1.CryptoKeyVersion" do
|
|
46
47
|
optional :name, :string, 1
|
|
@@ -53,25 +53,32 @@ module Google
|
|
|
53
53
|
rpc :ListCryptoKeyVersions, ListCryptoKeyVersionsRequest, ListCryptoKeyVersionsResponse
|
|
54
54
|
# Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
|
|
55
55
|
rpc :GetKeyRing, GetKeyRingRequest, KeyRing
|
|
56
|
-
# Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as
|
|
57
|
-
# [primary][google.cloud.kms.v1.CryptoKey.primary]
|
|
56
|
+
# Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as
|
|
57
|
+
# well as its [primary][google.cloud.kms.v1.CryptoKey.primary]
|
|
58
|
+
# [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
|
|
58
59
|
rpc :GetCryptoKey, GetCryptoKeyRequest, CryptoKey
|
|
59
|
-
# Returns metadata for a given
|
|
60
|
+
# Returns metadata for a given
|
|
61
|
+
# [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
|
|
60
62
|
rpc :GetCryptoKeyVersion, GetCryptoKeyVersionRequest, CryptoKeyVersion
|
|
61
|
-
# Returns the public key for the given
|
|
63
|
+
# Returns the public key for the given
|
|
64
|
+
# [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
|
|
62
65
|
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
|
|
63
|
-
# [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]
|
|
66
|
+
# [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]
|
|
67
|
+
# or
|
|
64
68
|
# [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
|
|
65
69
|
rpc :GetPublicKey, GetPublicKeyRequest, PublicKey
|
|
66
|
-
# Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and
|
|
70
|
+
# Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and
|
|
71
|
+
# Location.
|
|
67
72
|
rpc :CreateKeyRing, CreateKeyRingRequest, KeyRing
|
|
68
|
-
# Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a
|
|
73
|
+
# Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a
|
|
74
|
+
# [KeyRing][google.cloud.kms.v1.KeyRing].
|
|
69
75
|
#
|
|
70
76
|
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
|
|
71
77
|
# [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
|
|
72
78
|
# are required.
|
|
73
79
|
rpc :CreateCryptoKey, CreateCryptoKeyRequest, CryptoKey
|
|
74
|
-
# Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a
|
|
80
|
+
# Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a
|
|
81
|
+
# [CryptoKey][google.cloud.kms.v1.CryptoKey].
|
|
75
82
|
#
|
|
76
83
|
# The server will assign the next sequential id. If unset,
|
|
77
84
|
# [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
|
|
@@ -79,53 +86,75 @@ module Google
|
|
|
79
86
|
rpc :CreateCryptoKeyVersion, CreateCryptoKeyVersionRequest, CryptoKeyVersion
|
|
80
87
|
# Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
|
|
81
88
|
rpc :UpdateCryptoKey, UpdateCryptoKeyRequest, CryptoKey
|
|
82
|
-
# Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
|
|
89
|
+
# Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
|
|
90
|
+
# metadata.
|
|
83
91
|
#
|
|
84
92
|
# [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
|
|
85
|
-
# [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
|
|
86
|
-
#
|
|
87
|
-
#
|
|
88
|
-
#
|
|
93
|
+
# [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
|
|
94
|
+
# and
|
|
95
|
+
# [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]
|
|
96
|
+
# using this method. See
|
|
97
|
+
# [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]
|
|
98
|
+
# and
|
|
99
|
+
# [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
|
|
100
|
+
# to move between other states.
|
|
89
101
|
rpc :UpdateCryptoKeyVersion, UpdateCryptoKeyVersionRequest, CryptoKeyVersion
|
|
90
|
-
# Encrypts data, so that it can only be recovered by a call to
|
|
91
|
-
#
|
|
102
|
+
# Encrypts data, so that it can only be recovered by a call to
|
|
103
|
+
# [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The
|
|
104
|
+
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
|
|
92
105
|
# [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
|
93
106
|
rpc :Encrypt, EncryptRequest, EncryptResponse
|
|
94
|
-
# Decrypts data that was protected by
|
|
95
|
-
#
|
|
107
|
+
# Decrypts data that was protected by
|
|
108
|
+
# [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The
|
|
109
|
+
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
|
|
110
|
+
# [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
|
96
111
|
rpc :Decrypt, DecryptRequest, DecryptResponse
|
|
97
|
-
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
|
|
112
|
+
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
|
|
113
|
+
# with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
|
98
114
|
# ASYMMETRIC_SIGN, producing a signature that can be verified with the public
|
|
99
|
-
# key retrieved from
|
|
115
|
+
# key retrieved from
|
|
116
|
+
# [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
|
|
100
117
|
rpc :AsymmetricSign, AsymmetricSignRequest, AsymmetricSignResponse
|
|
101
118
|
# Decrypts data that was encrypted with a public key retrieved from
|
|
102
|
-
# [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
|
|
103
|
-
# [
|
|
119
|
+
# [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
|
|
120
|
+
# corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
|
|
121
|
+
# with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
|
122
|
+
# ASYMMETRIC_DECRYPT.
|
|
104
123
|
rpc :AsymmetricDecrypt, AsymmetricDecryptRequest, AsymmetricDecryptResponse
|
|
105
|
-
# Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that
|
|
124
|
+
# Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that
|
|
125
|
+
# will be used in
|
|
126
|
+
# [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
|
|
106
127
|
#
|
|
107
128
|
# Returns an error if called on an asymmetric key.
|
|
108
129
|
rpc :UpdateCryptoKeyPrimaryVersion, UpdateCryptoKeyPrimaryVersionRequest, CryptoKey
|
|
109
|
-
# Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for
|
|
130
|
+
# Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for
|
|
131
|
+
# destruction.
|
|
110
132
|
#
|
|
111
|
-
# Upon calling this method,
|
|
133
|
+
# Upon calling this method,
|
|
134
|
+
# [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will
|
|
135
|
+
# be set to
|
|
112
136
|
# [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
|
|
113
|
-
# and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
|
|
114
|
-
# hours in the future, at which point the
|
|
115
|
-
# will be changed to
|
|
116
|
-
# [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
|
|
117
|
-
# material will be irrevocably destroyed.
|
|
137
|
+
# and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
|
|
138
|
+
# be set to a time 24 hours in the future, at which point the
|
|
139
|
+
# [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be changed to
|
|
140
|
+
# [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
|
|
141
|
+
# and the key material will be irrevocably destroyed.
|
|
118
142
|
#
|
|
119
|
-
# Before the
|
|
120
|
-
# [
|
|
143
|
+
# Before the
|
|
144
|
+
# [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is
|
|
145
|
+
# reached,
|
|
146
|
+
# [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
|
|
147
|
+
# may be called to reverse the process.
|
|
121
148
|
rpc :DestroyCryptoKeyVersion, DestroyCryptoKeyVersionRequest, CryptoKeyVersion
|
|
122
149
|
# Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
|
|
123
150
|
# [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
|
|
124
151
|
# state.
|
|
125
152
|
#
|
|
126
|
-
# Upon restoration of the CryptoKeyVersion,
|
|
127
|
-
#
|
|
128
|
-
#
|
|
153
|
+
# Upon restoration of the CryptoKeyVersion,
|
|
154
|
+
# [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
|
|
155
|
+
# [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
|
|
156
|
+
# and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
|
|
157
|
+
# be cleared.
|
|
129
158
|
rpc :RestoreCryptoKeyVersion, RestoreCryptoKeyVersionRequest, CryptoKeyVersion
|
|
130
159
|
end
|
|
131
160
|
|