google-cloud-kms 0.3.0 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +22 -1
- data/lib/google/cloud/kms.rb +1 -1
- data/lib/google/cloud/kms/v1.rb +1 -1
- data/lib/google/cloud/kms/v1/doc/google/cloud/kms/v1/resources.rb +150 -84
- data/lib/google/cloud/kms/v1/doc/google/cloud/kms/v1/service.rb +157 -91
- data/lib/google/cloud/kms/v1/key_management_service_client.rb +128 -76
- data/lib/google/cloud/kms/v1/resources_pb.rb +1 -0
- data/lib/google/cloud/kms/v1/service_services_pb.rb +63 -34
- metadata +4 -4
|
@@ -487,7 +487,8 @@ module Google
|
|
|
487
487
|
#
|
|
488
488
|
# @param parent [String]
|
|
489
489
|
# Required. The resource name of the location associated with the
|
|
490
|
-
# {Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format
|
|
490
|
+
# {Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format
|
|
491
|
+
# `projects/*/locations/*`.
|
|
491
492
|
# @param page_size [Integer]
|
|
492
493
|
# The maximum number of resources contained in the underlying API
|
|
493
494
|
# response. If page streaming is performed per-resource, this
|
|
@@ -541,8 +542,8 @@ module Google
|
|
|
541
542
|
# Lists {Google::Cloud::Kms::V1::CryptoKey CryptoKeys}.
|
|
542
543
|
#
|
|
543
544
|
# @param parent [String]
|
|
544
|
-
# Required. The resource name of the {Google::Cloud::Kms::V1::KeyRing KeyRing}
|
|
545
|
-
# `projects/*/locations/*/keyRings/*`.
|
|
545
|
+
# Required. The resource name of the {Google::Cloud::Kms::V1::KeyRing KeyRing}
|
|
546
|
+
# to list, in the format `projects/*/locations/*/keyRings/*`.
|
|
546
547
|
# @param page_size [Integer]
|
|
547
548
|
# The maximum number of resources contained in the underlying API
|
|
548
549
|
# response. If page streaming is performed per-resource, this
|
|
@@ -600,7 +601,8 @@ module Google
|
|
|
600
601
|
# Lists {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}.
|
|
601
602
|
#
|
|
602
603
|
# @param parent [String]
|
|
603
|
-
# Required. The resource name of the
|
|
604
|
+
# Required. The resource name of the
|
|
605
|
+
# {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to list, in the format
|
|
604
606
|
# `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
|
|
605
607
|
# @param page_size [Integer]
|
|
606
608
|
# The maximum number of resources contained in the underlying API
|
|
@@ -659,7 +661,8 @@ module Google
|
|
|
659
661
|
# Returns metadata for a given {Google::Cloud::Kms::V1::KeyRing KeyRing}.
|
|
660
662
|
#
|
|
661
663
|
# @param name [String]
|
|
662
|
-
# The {Google::Cloud::Kms::V1::KeyRing#name name} of the
|
|
664
|
+
# The {Google::Cloud::Kms::V1::KeyRing#name name} of the
|
|
665
|
+
# {Google::Cloud::Kms::V1::KeyRing KeyRing} to get.
|
|
663
666
|
# @param options [Google::Gax::CallOptions]
|
|
664
667
|
# Overrides the default settings for this call, e.g, timeout,
|
|
665
668
|
# retries, etc.
|
|
@@ -686,11 +689,13 @@ module Google
|
|
|
686
689
|
@get_key_ring.call(req, options, &block)
|
|
687
690
|
end
|
|
688
691
|
|
|
689
|
-
# Returns metadata for a given {Google::Cloud::Kms::V1::CryptoKey CryptoKey}, as
|
|
690
|
-
# {Google::Cloud::Kms::V1::CryptoKey#primary primary}
|
|
692
|
+
# Returns metadata for a given {Google::Cloud::Kms::V1::CryptoKey CryptoKey}, as
|
|
693
|
+
# well as its {Google::Cloud::Kms::V1::CryptoKey#primary primary}
|
|
694
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
|
|
691
695
|
#
|
|
692
696
|
# @param name [String]
|
|
693
|
-
# The {Google::Cloud::Kms::V1::CryptoKey#name name} of the
|
|
697
|
+
# The {Google::Cloud::Kms::V1::CryptoKey#name name} of the
|
|
698
|
+
# {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to get.
|
|
694
699
|
# @param options [Google::Gax::CallOptions]
|
|
695
700
|
# Overrides the default settings for this call, e.g, timeout,
|
|
696
701
|
# retries, etc.
|
|
@@ -717,10 +722,12 @@ module Google
|
|
|
717
722
|
@get_crypto_key.call(req, options, &block)
|
|
718
723
|
end
|
|
719
724
|
|
|
720
|
-
# Returns metadata for a given
|
|
725
|
+
# Returns metadata for a given
|
|
726
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
|
|
721
727
|
#
|
|
722
728
|
# @param name [String]
|
|
723
|
-
# The {Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the
|
|
729
|
+
# The {Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the
|
|
730
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to get.
|
|
724
731
|
# @param options [Google::Gax::CallOptions]
|
|
725
732
|
# Overrides the default settings for this call, e.g, timeout,
|
|
726
733
|
# retries, etc.
|
|
@@ -747,11 +754,13 @@ module Google
|
|
|
747
754
|
@get_crypto_key_version.call(req, options, &block)
|
|
748
755
|
end
|
|
749
756
|
|
|
750
|
-
# Create a new {Google::Cloud::Kms::V1::KeyRing KeyRing} in a given Project and
|
|
757
|
+
# Create a new {Google::Cloud::Kms::V1::KeyRing KeyRing} in a given Project and
|
|
758
|
+
# Location.
|
|
751
759
|
#
|
|
752
760
|
# @param parent [String]
|
|
753
761
|
# Required. The resource name of the location associated with the
|
|
754
|
-
# {Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format
|
|
762
|
+
# {Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format
|
|
763
|
+
# `projects/*/locations/*`.
|
|
755
764
|
# @param key_ring_id [String]
|
|
756
765
|
# Required. It must be unique within a location and match the regular
|
|
757
766
|
# expression `[a-zA-Z0-9_-]{1,63}`
|
|
@@ -795,15 +804,16 @@ module Google
|
|
|
795
804
|
@create_key_ring.call(req, options, &block)
|
|
796
805
|
end
|
|
797
806
|
|
|
798
|
-
# Create a new {Google::Cloud::Kms::V1::CryptoKey CryptoKey} within a
|
|
807
|
+
# Create a new {Google::Cloud::Kms::V1::CryptoKey CryptoKey} within a
|
|
808
|
+
# {Google::Cloud::Kms::V1::KeyRing KeyRing}.
|
|
799
809
|
#
|
|
800
810
|
# {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose} and
|
|
801
811
|
# {Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#algorithm CryptoKey#version_template#algorithm}
|
|
802
812
|
# are required.
|
|
803
813
|
#
|
|
804
814
|
# @param parent [String]
|
|
805
|
-
# Required. The {Google::Cloud::Kms::V1::KeyRing#name name} of the KeyRing
|
|
806
|
-
# {Google::Cloud::Kms::V1::CryptoKey CryptoKeys}.
|
|
815
|
+
# Required. The {Google::Cloud::Kms::V1::KeyRing#name name} of the KeyRing
|
|
816
|
+
# associated with the {Google::Cloud::Kms::V1::CryptoKey CryptoKeys}.
|
|
807
817
|
# @param crypto_key_id [String]
|
|
808
818
|
# Required. It must be unique within a KeyRing and match the regular
|
|
809
819
|
# expression `[a-zA-Z0-9_-]{1,63}`
|
|
@@ -852,17 +862,20 @@ module Google
|
|
|
852
862
|
@create_crypto_key.call(req, options, &block)
|
|
853
863
|
end
|
|
854
864
|
|
|
855
|
-
# Create a new {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} in a
|
|
865
|
+
# Create a new {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} in a
|
|
866
|
+
# {Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
|
|
856
867
|
#
|
|
857
868
|
# The server will assign the next sequential id. If unset,
|
|
858
869
|
# {Google::Cloud::Kms::V1::CryptoKeyVersion#state state} will be set to
|
|
859
870
|
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED}.
|
|
860
871
|
#
|
|
861
872
|
# @param parent [String]
|
|
862
|
-
# Required. The {Google::Cloud::Kms::V1::CryptoKey#name name} of the
|
|
863
|
-
#
|
|
873
|
+
# Required. The {Google::Cloud::Kms::V1::CryptoKey#name name} of the
|
|
874
|
+
# {Google::Cloud::Kms::V1::CryptoKey CryptoKey} associated with the
|
|
875
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}.
|
|
864
876
|
# @param crypto_key_version [Google::Cloud::Kms::V1::CryptoKeyVersion | Hash]
|
|
865
|
-
# A {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with initial
|
|
877
|
+
# A {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with initial
|
|
878
|
+
# field values.
|
|
866
879
|
# A hash of the same form as `Google::Cloud::Kms::V1::CryptoKeyVersion`
|
|
867
880
|
# can also be provided.
|
|
868
881
|
# @param options [Google::Gax::CallOptions]
|
|
@@ -939,16 +952,22 @@ module Google
|
|
|
939
952
|
@update_crypto_key.call(req, options, &block)
|
|
940
953
|
end
|
|
941
954
|
|
|
942
|
-
# Update a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s
|
|
955
|
+
# Update a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s
|
|
956
|
+
# metadata.
|
|
943
957
|
#
|
|
944
958
|
# {Google::Cloud::Kms::V1::CryptoKeyVersion#state state} may be changed between
|
|
945
|
-
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED}
|
|
946
|
-
#
|
|
947
|
-
#
|
|
948
|
-
#
|
|
959
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED}
|
|
960
|
+
# and
|
|
961
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DISABLED DISABLED}
|
|
962
|
+
# using this method. See
|
|
963
|
+
# {Google::Cloud::Kms::V1::KeyManagementService::DestroyCryptoKeyVersion DestroyCryptoKeyVersion}
|
|
964
|
+
# and
|
|
965
|
+
# {Google::Cloud::Kms::V1::KeyManagementService::RestoreCryptoKeyVersion RestoreCryptoKeyVersion}
|
|
966
|
+
# to move between other states.
|
|
949
967
|
#
|
|
950
968
|
# @param crypto_key_version [Google::Cloud::Kms::V1::CryptoKeyVersion | Hash]
|
|
951
|
-
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with updated
|
|
969
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with updated
|
|
970
|
+
# values.
|
|
952
971
|
# A hash of the same form as `Google::Cloud::Kms::V1::CryptoKeyVersion`
|
|
953
972
|
# can also be provided.
|
|
954
973
|
# @param update_mask [Google::Protobuf::FieldMask | Hash]
|
|
@@ -988,35 +1007,41 @@ module Google
|
|
|
988
1007
|
@update_crypto_key_version.call(req, options, &block)
|
|
989
1008
|
end
|
|
990
1009
|
|
|
991
|
-
# Encrypts data, so that it can only be recovered by a call to
|
|
992
|
-
#
|
|
1010
|
+
# Encrypts data, so that it can only be recovered by a call to
|
|
1011
|
+
# {Google::Cloud::Kms::V1::KeyManagementService::Decrypt Decrypt}. The
|
|
1012
|
+
# {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose} must be
|
|
993
1013
|
# {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.
|
|
994
1014
|
#
|
|
995
1015
|
# @param name [String]
|
|
996
|
-
# Required. The resource name of the
|
|
997
|
-
#
|
|
1016
|
+
# Required. The resource name of the
|
|
1017
|
+
# {Google::Cloud::Kms::V1::CryptoKey CryptoKey} or
|
|
1018
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
|
|
1019
|
+
# encryption.
|
|
998
1020
|
#
|
|
999
|
-
# If a {Google::Cloud::Kms::V1::CryptoKey CryptoKey} is specified, the server
|
|
1000
|
-
# {Google::Cloud::Kms::V1::CryptoKey#primary primary version}.
|
|
1021
|
+
# If a {Google::Cloud::Kms::V1::CryptoKey CryptoKey} is specified, the server
|
|
1022
|
+
# will use its {Google::Cloud::Kms::V1::CryptoKey#primary primary version}.
|
|
1001
1023
|
# @param plaintext [String]
|
|
1002
1024
|
# Required. The data to encrypt. Must be no larger than 64KiB.
|
|
1003
1025
|
#
|
|
1004
1026
|
# The maximum size depends on the key version's
|
|
1005
|
-
# {Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
|
|
1006
|
-
# {Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the
|
|
1007
|
-
#
|
|
1008
|
-
#
|
|
1009
|
-
#
|
|
1027
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
|
|
1028
|
+
# For {Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the
|
|
1029
|
+
# plaintext must be no larger than 64KiB. For
|
|
1030
|
+
# {Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
|
|
1031
|
+
# the plaintext and additional_authenticated_data fields must be no larger
|
|
1032
|
+
# than 8KiB.
|
|
1010
1033
|
# @param additional_authenticated_data [String]
|
|
1011
1034
|
# Optional data that, if specified, must also be provided during decryption
|
|
1012
|
-
# through
|
|
1035
|
+
# through
|
|
1036
|
+
# {Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest#additional_authenticated_data}.
|
|
1013
1037
|
#
|
|
1014
1038
|
# The maximum size depends on the key version's
|
|
1015
|
-
# {Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
|
|
1016
|
-
# {Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the AAD
|
|
1017
|
-
#
|
|
1018
|
-
#
|
|
1019
|
-
#
|
|
1039
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}.
|
|
1040
|
+
# For {Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the AAD
|
|
1041
|
+
# must be no larger than 64KiB. For
|
|
1042
|
+
# {Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of
|
|
1043
|
+
# the plaintext and additional_authenticated_data fields must be no larger
|
|
1044
|
+
# than 8KiB.
|
|
1020
1045
|
# @param options [Google::Gax::CallOptions]
|
|
1021
1046
|
# Overrides the default settings for this call, e.g, timeout,
|
|
1022
1047
|
# retries, etc.
|
|
@@ -1050,12 +1075,15 @@ module Google
|
|
|
1050
1075
|
@encrypt.call(req, options, &block)
|
|
1051
1076
|
end
|
|
1052
1077
|
|
|
1053
|
-
# Decrypts data that was protected by
|
|
1054
|
-
#
|
|
1078
|
+
# Decrypts data that was protected by
|
|
1079
|
+
# {Google::Cloud::Kms::V1::KeyManagementService::Encrypt Encrypt}. The
|
|
1080
|
+
# {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose} must be
|
|
1081
|
+
# {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.
|
|
1055
1082
|
#
|
|
1056
1083
|
# @param name [String]
|
|
1057
|
-
# Required. The resource name of the
|
|
1058
|
-
#
|
|
1084
|
+
# Required. The resource name of the
|
|
1085
|
+
# {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to use for decryption. The
|
|
1086
|
+
# server will choose the appropriate version.
|
|
1059
1087
|
# @param ciphertext [String]
|
|
1060
1088
|
# Required. The encrypted data originally returned in
|
|
1061
1089
|
# {Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse#ciphertext}.
|
|
@@ -1095,14 +1123,18 @@ module Google
|
|
|
1095
1123
|
@decrypt.call(req, options, &block)
|
|
1096
1124
|
end
|
|
1097
1125
|
|
|
1098
|
-
# Update the version of a {Google::Cloud::Kms::V1::CryptoKey CryptoKey} that
|
|
1126
|
+
# Update the version of a {Google::Cloud::Kms::V1::CryptoKey CryptoKey} that
|
|
1127
|
+
# will be used in
|
|
1128
|
+
# {Google::Cloud::Kms::V1::KeyManagementService::Encrypt Encrypt}.
|
|
1099
1129
|
#
|
|
1100
1130
|
# Returns an error if called on an asymmetric key.
|
|
1101
1131
|
#
|
|
1102
1132
|
# @param name [String]
|
|
1103
|
-
# The resource name of the {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to
|
|
1133
|
+
# The resource name of the {Google::Cloud::Kms::V1::CryptoKey CryptoKey} to
|
|
1134
|
+
# update.
|
|
1104
1135
|
# @param crypto_key_version_id [String]
|
|
1105
|
-
# The id of the child
|
|
1136
|
+
# The id of the child
|
|
1137
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use as primary.
|
|
1106
1138
|
# @param options [Google::Gax::CallOptions]
|
|
1107
1139
|
# Overrides the default settings for this call, e.g, timeout,
|
|
1108
1140
|
# retries, etc.
|
|
@@ -1134,21 +1166,28 @@ module Google
|
|
|
1134
1166
|
@update_crypto_key_primary_version.call(req, options, &block)
|
|
1135
1167
|
end
|
|
1136
1168
|
|
|
1137
|
-
# Schedule a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} for
|
|
1169
|
+
# Schedule a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} for
|
|
1170
|
+
# destruction.
|
|
1138
1171
|
#
|
|
1139
|
-
# Upon calling this method,
|
|
1172
|
+
# Upon calling this method,
|
|
1173
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion#state CryptoKeyVersion#state} will
|
|
1174
|
+
# be set to
|
|
1140
1175
|
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED}
|
|
1141
|
-
# and {Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will
|
|
1142
|
-
# hours in the future, at which point the
|
|
1143
|
-
# will be changed to
|
|
1144
|
-
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED},
|
|
1145
|
-
# material will be irrevocably destroyed.
|
|
1146
|
-
#
|
|
1147
|
-
# Before the
|
|
1148
|
-
# {Google::Cloud::Kms::V1::
|
|
1176
|
+
# and {Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will
|
|
1177
|
+
# be set to a time 24 hours in the future, at which point the
|
|
1178
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion#state state} will be changed to
|
|
1179
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED},
|
|
1180
|
+
# and the key material will be irrevocably destroyed.
|
|
1181
|
+
#
|
|
1182
|
+
# Before the
|
|
1183
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} is
|
|
1184
|
+
# reached,
|
|
1185
|
+
# {Google::Cloud::Kms::V1::KeyManagementService::RestoreCryptoKeyVersion RestoreCryptoKeyVersion}
|
|
1186
|
+
# may be called to reverse the process.
|
|
1149
1187
|
#
|
|
1150
1188
|
# @param name [String]
|
|
1151
|
-
# The resource name of the
|
|
1189
|
+
# The resource name of the
|
|
1190
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to destroy.
|
|
1152
1191
|
# @param options [Google::Gax::CallOptions]
|
|
1153
1192
|
# Overrides the default settings for this call, e.g, timeout,
|
|
1154
1193
|
# retries, etc.
|
|
@@ -1179,12 +1218,15 @@ module Google
|
|
|
1179
1218
|
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED}
|
|
1180
1219
|
# state.
|
|
1181
1220
|
#
|
|
1182
|
-
# Upon restoration of the CryptoKeyVersion,
|
|
1183
|
-
#
|
|
1184
|
-
#
|
|
1221
|
+
# Upon restoration of the CryptoKeyVersion,
|
|
1222
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion#state state} will be set to
|
|
1223
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DISABLED DISABLED},
|
|
1224
|
+
# and {Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will
|
|
1225
|
+
# be cleared.
|
|
1185
1226
|
#
|
|
1186
1227
|
# @param name [String]
|
|
1187
|
-
# The resource name of the
|
|
1228
|
+
# The resource name of the
|
|
1229
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to restore.
|
|
1188
1230
|
# @param options [Google::Gax::CallOptions]
|
|
1189
1231
|
# Overrides the default settings for this call, e.g, timeout,
|
|
1190
1232
|
# retries, etc.
|
|
@@ -1211,14 +1253,16 @@ module Google
|
|
|
1211
1253
|
@restore_crypto_key_version.call(req, options, &block)
|
|
1212
1254
|
end
|
|
1213
1255
|
|
|
1214
|
-
# Returns the public key for the given
|
|
1256
|
+
# Returns the public key for the given
|
|
1257
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. The
|
|
1215
1258
|
# {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose} must be
|
|
1216
|
-
# {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ASYMMETRIC_SIGN ASYMMETRIC_SIGN}
|
|
1259
|
+
# {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ASYMMETRIC_SIGN ASYMMETRIC_SIGN}
|
|
1260
|
+
# or
|
|
1217
1261
|
# {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ASYMMETRIC_DECRYPT ASYMMETRIC_DECRYPT}.
|
|
1218
1262
|
#
|
|
1219
1263
|
# @param name [String]
|
|
1220
|
-
# The {Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the
|
|
1221
|
-
# get.
|
|
1264
|
+
# The {Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the
|
|
1265
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} public key to get.
|
|
1222
1266
|
# @param options [Google::Gax::CallOptions]
|
|
1223
1267
|
# Overrides the default settings for this call, e.g, timeout,
|
|
1224
1268
|
# retries, etc.
|
|
@@ -1246,15 +1290,19 @@ module Google
|
|
|
1246
1290
|
end
|
|
1247
1291
|
|
|
1248
1292
|
# Decrypts data that was encrypted with a public key retrieved from
|
|
1249
|
-
# {Google::Cloud::Kms::V1::KeyManagementService::GetPublicKey GetPublicKey}
|
|
1250
|
-
# {Google::Cloud::Kms::V1::
|
|
1293
|
+
# {Google::Cloud::Kms::V1::KeyManagementService::GetPublicKey GetPublicKey}
|
|
1294
|
+
# corresponding to a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
|
|
1295
|
+
# with {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose}
|
|
1296
|
+
# ASYMMETRIC_DECRYPT.
|
|
1251
1297
|
#
|
|
1252
1298
|
# @param name [String]
|
|
1253
|
-
# Required. The resource name of the
|
|
1299
|
+
# Required. The resource name of the
|
|
1300
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
|
|
1254
1301
|
# decryption.
|
|
1255
1302
|
# @param ciphertext [String]
|
|
1256
|
-
# Required. The data encrypted with the named
|
|
1257
|
-
# key using
|
|
1303
|
+
# Required. The data encrypted with the named
|
|
1304
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s public key using
|
|
1305
|
+
# OAEP.
|
|
1258
1306
|
# @param options [Google::Gax::CallOptions]
|
|
1259
1307
|
# Overrides the default settings for this call, e.g, timeout,
|
|
1260
1308
|
# retries, etc.
|
|
@@ -1286,12 +1334,16 @@ module Google
|
|
|
1286
1334
|
@asymmetric_decrypt.call(req, options, &block)
|
|
1287
1335
|
end
|
|
1288
1336
|
|
|
1289
|
-
# Signs data using a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
|
|
1337
|
+
# Signs data using a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
|
|
1338
|
+
# with {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose}
|
|
1290
1339
|
# ASYMMETRIC_SIGN, producing a signature that can be verified with the public
|
|
1291
|
-
# key retrieved from
|
|
1340
|
+
# key retrieved from
|
|
1341
|
+
# {Google::Cloud::Kms::V1::KeyManagementService::GetPublicKey GetPublicKey}.
|
|
1292
1342
|
#
|
|
1293
1343
|
# @param name [String]
|
|
1294
|
-
# Required. The resource name of the
|
|
1344
|
+
# Required. The resource name of the
|
|
1345
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
|
|
1346
|
+
# signing.
|
|
1295
1347
|
# @param digest [Google::Cloud::Kms::V1::Digest | Hash]
|
|
1296
1348
|
# Required. The digest of the data to sign. The digest must be produced with
|
|
1297
1349
|
# the same digest algorithm as specified by the key version's
|
|
@@ -41,6 +41,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
|
41
41
|
add_enum "google.cloud.kms.v1.KeyOperationAttestation.AttestationFormat" do
|
|
42
42
|
value :ATTESTATION_FORMAT_UNSPECIFIED, 0
|
|
43
43
|
value :CAVIUM_V1_COMPRESSED, 3
|
|
44
|
+
value :CAVIUM_V2_COMPRESSED, 4
|
|
44
45
|
end
|
|
45
46
|
add_message "google.cloud.kms.v1.CryptoKeyVersion" do
|
|
46
47
|
optional :name, :string, 1
|
|
@@ -53,25 +53,32 @@ module Google
|
|
|
53
53
|
rpc :ListCryptoKeyVersions, ListCryptoKeyVersionsRequest, ListCryptoKeyVersionsResponse
|
|
54
54
|
# Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
|
|
55
55
|
rpc :GetKeyRing, GetKeyRingRequest, KeyRing
|
|
56
|
-
# Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as
|
|
57
|
-
# [primary][google.cloud.kms.v1.CryptoKey.primary]
|
|
56
|
+
# Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as
|
|
57
|
+
# well as its [primary][google.cloud.kms.v1.CryptoKey.primary]
|
|
58
|
+
# [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
|
|
58
59
|
rpc :GetCryptoKey, GetCryptoKeyRequest, CryptoKey
|
|
59
|
-
# Returns metadata for a given
|
|
60
|
+
# Returns metadata for a given
|
|
61
|
+
# [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
|
|
60
62
|
rpc :GetCryptoKeyVersion, GetCryptoKeyVersionRequest, CryptoKeyVersion
|
|
61
|
-
# Returns the public key for the given
|
|
63
|
+
# Returns the public key for the given
|
|
64
|
+
# [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
|
|
62
65
|
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
|
|
63
|
-
# [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]
|
|
66
|
+
# [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]
|
|
67
|
+
# or
|
|
64
68
|
# [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
|
|
65
69
|
rpc :GetPublicKey, GetPublicKeyRequest, PublicKey
|
|
66
|
-
# Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and
|
|
70
|
+
# Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and
|
|
71
|
+
# Location.
|
|
67
72
|
rpc :CreateKeyRing, CreateKeyRingRequest, KeyRing
|
|
68
|
-
# Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a
|
|
73
|
+
# Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a
|
|
74
|
+
# [KeyRing][google.cloud.kms.v1.KeyRing].
|
|
69
75
|
#
|
|
70
76
|
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
|
|
71
77
|
# [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
|
|
72
78
|
# are required.
|
|
73
79
|
rpc :CreateCryptoKey, CreateCryptoKeyRequest, CryptoKey
|
|
74
|
-
# Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a
|
|
80
|
+
# Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a
|
|
81
|
+
# [CryptoKey][google.cloud.kms.v1.CryptoKey].
|
|
75
82
|
#
|
|
76
83
|
# The server will assign the next sequential id. If unset,
|
|
77
84
|
# [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
|
|
@@ -79,53 +86,75 @@ module Google
|
|
|
79
86
|
rpc :CreateCryptoKeyVersion, CreateCryptoKeyVersionRequest, CryptoKeyVersion
|
|
80
87
|
# Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
|
|
81
88
|
rpc :UpdateCryptoKey, UpdateCryptoKeyRequest, CryptoKey
|
|
82
|
-
# Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
|
|
89
|
+
# Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
|
|
90
|
+
# metadata.
|
|
83
91
|
#
|
|
84
92
|
# [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
|
|
85
|
-
# [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
|
|
86
|
-
#
|
|
87
|
-
#
|
|
88
|
-
#
|
|
93
|
+
# [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
|
|
94
|
+
# and
|
|
95
|
+
# [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]
|
|
96
|
+
# using this method. See
|
|
97
|
+
# [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]
|
|
98
|
+
# and
|
|
99
|
+
# [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
|
|
100
|
+
# to move between other states.
|
|
89
101
|
rpc :UpdateCryptoKeyVersion, UpdateCryptoKeyVersionRequest, CryptoKeyVersion
|
|
90
|
-
# Encrypts data, so that it can only be recovered by a call to
|
|
91
|
-
#
|
|
102
|
+
# Encrypts data, so that it can only be recovered by a call to
|
|
103
|
+
# [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The
|
|
104
|
+
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
|
|
92
105
|
# [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
|
93
106
|
rpc :Encrypt, EncryptRequest, EncryptResponse
|
|
94
|
-
# Decrypts data that was protected by
|
|
95
|
-
#
|
|
107
|
+
# Decrypts data that was protected by
|
|
108
|
+
# [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The
|
|
109
|
+
# [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
|
|
110
|
+
# [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
|
|
96
111
|
rpc :Decrypt, DecryptRequest, DecryptResponse
|
|
97
|
-
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
|
|
112
|
+
# Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
|
|
113
|
+
# with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
|
98
114
|
# ASYMMETRIC_SIGN, producing a signature that can be verified with the public
|
|
99
|
-
# key retrieved from
|
|
115
|
+
# key retrieved from
|
|
116
|
+
# [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
|
|
100
117
|
rpc :AsymmetricSign, AsymmetricSignRequest, AsymmetricSignResponse
|
|
101
118
|
# Decrypts data that was encrypted with a public key retrieved from
|
|
102
|
-
# [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
|
|
103
|
-
# [
|
|
119
|
+
# [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
|
|
120
|
+
# corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
|
|
121
|
+
# with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
|
|
122
|
+
# ASYMMETRIC_DECRYPT.
|
|
104
123
|
rpc :AsymmetricDecrypt, AsymmetricDecryptRequest, AsymmetricDecryptResponse
|
|
105
|
-
# Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that
|
|
124
|
+
# Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that
|
|
125
|
+
# will be used in
|
|
126
|
+
# [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
|
|
106
127
|
#
|
|
107
128
|
# Returns an error if called on an asymmetric key.
|
|
108
129
|
rpc :UpdateCryptoKeyPrimaryVersion, UpdateCryptoKeyPrimaryVersionRequest, CryptoKey
|
|
109
|
-
# Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for
|
|
130
|
+
# Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for
|
|
131
|
+
# destruction.
|
|
110
132
|
#
|
|
111
|
-
# Upon calling this method,
|
|
133
|
+
# Upon calling this method,
|
|
134
|
+
# [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will
|
|
135
|
+
# be set to
|
|
112
136
|
# [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
|
|
113
|
-
# and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
|
|
114
|
-
# hours in the future, at which point the
|
|
115
|
-
# will be changed to
|
|
116
|
-
# [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
|
|
117
|
-
# material will be irrevocably destroyed.
|
|
137
|
+
# and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
|
|
138
|
+
# be set to a time 24 hours in the future, at which point the
|
|
139
|
+
# [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be changed to
|
|
140
|
+
# [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
|
|
141
|
+
# and the key material will be irrevocably destroyed.
|
|
118
142
|
#
|
|
119
|
-
# Before the
|
|
120
|
-
# [
|
|
143
|
+
# Before the
|
|
144
|
+
# [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is
|
|
145
|
+
# reached,
|
|
146
|
+
# [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
|
|
147
|
+
# may be called to reverse the process.
|
|
121
148
|
rpc :DestroyCryptoKeyVersion, DestroyCryptoKeyVersionRequest, CryptoKeyVersion
|
|
122
149
|
# Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
|
|
123
150
|
# [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
|
|
124
151
|
# state.
|
|
125
152
|
#
|
|
126
|
-
# Upon restoration of the CryptoKeyVersion,
|
|
127
|
-
#
|
|
128
|
-
#
|
|
153
|
+
# Upon restoration of the CryptoKeyVersion,
|
|
154
|
+
# [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
|
|
155
|
+
# [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
|
|
156
|
+
# and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
|
|
157
|
+
# be cleared.
|
|
129
158
|
rpc :RestoreCryptoKeyVersion, RestoreCryptoKeyVersionRequest, CryptoKeyVersion
|
|
130
159
|
end
|
|
131
160
|
|