google-cloud-kms 1.5.0 → 2.0.2

Sign up to get free protection for your applications and to get access to all the features.
data/LICENSE DELETED
@@ -1,201 +0,0 @@
1
- Apache License
2
- Version 2.0, January 2004
3
- https://www.apache.org/licenses/
4
-
5
- TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6
-
7
- 1. Definitions.
8
-
9
- "License" shall mean the terms and conditions for use, reproduction,
10
- and distribution as defined by Sections 1 through 9 of this document.
11
-
12
- "Licensor" shall mean the copyright owner or entity authorized by
13
- the copyright owner that is granting the License.
14
-
15
- "Legal Entity" shall mean the union of the acting entity and all
16
- other entities that control, are controlled by, or are under common
17
- control with that entity. For the purposes of this definition,
18
- "control" means (i) the power, direct or indirect, to cause the
19
- direction or management of such entity, whether by contract or
20
- otherwise, or (ii) ownership of fifty percent (50%) or more of the
21
- outstanding shares, or (iii) beneficial ownership of such entity.
22
-
23
- "You" (or "Your") shall mean an individual or Legal Entity
24
- exercising permissions granted by this License.
25
-
26
- "Source" form shall mean the preferred form for making modifications,
27
- including but not limited to software source code, documentation
28
- source, and configuration files.
29
-
30
- "Object" form shall mean any form resulting from mechanical
31
- transformation or translation of a Source form, including but
32
- not limited to compiled object code, generated documentation,
33
- and conversions to other media types.
34
-
35
- "Work" shall mean the work of authorship, whether in Source or
36
- Object form, made available under the License, as indicated by a
37
- copyright notice that is included in or attached to the work
38
- (an example is provided in the Appendix below).
39
-
40
- "Derivative Works" shall mean any work, whether in Source or Object
41
- form, that is based on (or derived from) the Work and for which the
42
- editorial revisions, annotations, elaborations, or other modifications
43
- represent, as a whole, an original work of authorship. For the purposes
44
- of this License, Derivative Works shall not include works that remain
45
- separable from, or merely link (or bind by name) to the interfaces of,
46
- the Work and Derivative Works thereof.
47
-
48
- "Contribution" shall mean any work of authorship, including
49
- the original version of the Work and any modifications or additions
50
- to that Work or Derivative Works thereof, that is intentionally
51
- submitted to Licensor for inclusion in the Work by the copyright owner
52
- or by an individual or Legal Entity authorized to submit on behalf of
53
- the copyright owner. For the purposes of this definition, "submitted"
54
- means any form of electronic, verbal, or written communication sent
55
- to the Licensor or its representatives, including but not limited to
56
- communication on electronic mailing lists, source code control systems,
57
- and issue tracking systems that are managed by, or on behalf of, the
58
- Licensor for the purpose of discussing and improving the Work, but
59
- excluding communication that is conspicuously marked or otherwise
60
- designated in writing by the copyright owner as "Not a Contribution."
61
-
62
- "Contributor" shall mean Licensor and any individual or Legal Entity
63
- on behalf of whom a Contribution has been received by Licensor and
64
- subsequently incorporated within the Work.
65
-
66
- 2. Grant of Copyright License. Subject to the terms and conditions of
67
- this License, each Contributor hereby grants to You a perpetual,
68
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69
- copyright license to reproduce, prepare Derivative Works of,
70
- publicly display, publicly perform, sublicense, and distribute the
71
- Work and such Derivative Works in Source or Object form.
72
-
73
- 3. Grant of Patent License. Subject to the terms and conditions of
74
- this License, each Contributor hereby grants to You a perpetual,
75
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76
- (except as stated in this section) patent license to make, have made,
77
- use, offer to sell, sell, import, and otherwise transfer the Work,
78
- where such license applies only to those patent claims licensable
79
- by such Contributor that are necessarily infringed by their
80
- Contribution(s) alone or by combination of their Contribution(s)
81
- with the Work to which such Contribution(s) was submitted. If You
82
- institute patent litigation against any entity (including a
83
- cross-claim or counterclaim in a lawsuit) alleging that the Work
84
- or a Contribution incorporated within the Work constitutes direct
85
- or contributory patent infringement, then any patent licenses
86
- granted to You under this License for that Work shall terminate
87
- as of the date such litigation is filed.
88
-
89
- 4. Redistribution. You may reproduce and distribute copies of the
90
- Work or Derivative Works thereof in any medium, with or without
91
- modifications, and in Source or Object form, provided that You
92
- meet the following conditions:
93
-
94
- (a) You must give any other recipients of the Work or
95
- Derivative Works a copy of this License; and
96
-
97
- (b) You must cause any modified files to carry prominent notices
98
- stating that You changed the files; and
99
-
100
- (c) You must retain, in the Source form of any Derivative Works
101
- that You distribute, all copyright, patent, trademark, and
102
- attribution notices from the Source form of the Work,
103
- excluding those notices that do not pertain to any part of
104
- the Derivative Works; and
105
-
106
- (d) If the Work includes a "NOTICE" text file as part of its
107
- distribution, then any Derivative Works that You distribute must
108
- include a readable copy of the attribution notices contained
109
- within such NOTICE file, excluding those notices that do not
110
- pertain to any part of the Derivative Works, in at least one
111
- of the following places: within a NOTICE text file distributed
112
- as part of the Derivative Works; within the Source form or
113
- documentation, if provided along with the Derivative Works; or,
114
- within a display generated by the Derivative Works, if and
115
- wherever such third-party notices normally appear. The contents
116
- of the NOTICE file are for informational purposes only and
117
- do not modify the License. You may add Your own attribution
118
- notices within Derivative Works that You distribute, alongside
119
- or as an addendum to the NOTICE text from the Work, provided
120
- that such additional attribution notices cannot be construed
121
- as modifying the License.
122
-
123
- You may add Your own copyright statement to Your modifications and
124
- may provide additional or different license terms and conditions
125
- for use, reproduction, or distribution of Your modifications, or
126
- for any such Derivative Works as a whole, provided Your use,
127
- reproduction, and distribution of the Work otherwise complies with
128
- the conditions stated in this License.
129
-
130
- 5. Submission of Contributions. Unless You explicitly state otherwise,
131
- any Contribution intentionally submitted for inclusion in the Work
132
- by You to the Licensor shall be under the terms and conditions of
133
- this License, without any additional terms or conditions.
134
- Notwithstanding the above, nothing herein shall supersede or modify
135
- the terms of any separate license agreement you may have executed
136
- with Licensor regarding such Contributions.
137
-
138
- 6. Trademarks. This License does not grant permission to use the trade
139
- names, trademarks, service marks, or product names of the Licensor,
140
- except as required for reasonable and customary use in describing the
141
- origin of the Work and reproducing the content of the NOTICE file.
142
-
143
- 7. Disclaimer of Warranty. Unless required by applicable law or
144
- agreed to in writing, Licensor provides the Work (and each
145
- Contributor provides its Contributions) on an "AS IS" BASIS,
146
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147
- implied, including, without limitation, any warranties or conditions
148
- of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149
- PARTICULAR PURPOSE. You are solely responsible for determining the
150
- appropriateness of using or redistributing the Work and assume any
151
- risks associated with Your exercise of permissions under this License.
152
-
153
- 8. Limitation of Liability. In no event and under no legal theory,
154
- whether in tort (including negligence), contract, or otherwise,
155
- unless required by applicable law (such as deliberate and grossly
156
- negligent acts) or agreed to in writing, shall any Contributor be
157
- liable to You for damages, including any direct, indirect, special,
158
- incidental, or consequential damages of any character arising as a
159
- result of this License or out of the use or inability to use the
160
- Work (including but not limited to damages for loss of goodwill,
161
- work stoppage, computer failure or malfunction, or any and all
162
- other commercial damages or losses), even if such Contributor
163
- has been advised of the possibility of such damages.
164
-
165
- 9. Accepting Warranty or Additional Liability. While redistributing
166
- the Work or Derivative Works thereof, You may choose to offer,
167
- and charge a fee for, acceptance of support, warranty, indemnity,
168
- or other liability obligations and/or rights consistent with this
169
- License. However, in accepting such obligations, You may act only
170
- on Your own behalf and on Your sole responsibility, not on behalf
171
- of any other Contributor, and only if You agree to indemnify,
172
- defend, and hold each Contributor harmless for any liability
173
- incurred by, or claims asserted against, such Contributor by reason
174
- of your accepting any such warranty or additional liability.
175
-
176
- END OF TERMS AND CONDITIONS
177
-
178
- APPENDIX: How to apply the Apache License to your work.
179
-
180
- To apply the Apache License to your work, attach the following
181
- boilerplate notice, with the fields enclosed by brackets "[]"
182
- replaced with your own identifying information. (Don't include
183
- the brackets!) The text should be enclosed in the appropriate
184
- comment syntax for the file format. We also recommend that a
185
- file or class name and description of purpose be included on the
186
- same "printed page" as the copyright notice for easier
187
- identification within third-party archives.
188
-
189
- Copyright [yyyy] [name of copyright owner]
190
-
191
- Licensed under the Apache License, Version 2.0 (the "License");
192
- you may not use this file except in compliance with the License.
193
- You may obtain a copy of the License at
194
-
195
- https://www.apache.org/licenses/LICENSE-2.0
196
-
197
- Unless required by applicable law or agreed to in writing, software
198
- distributed under the License is distributed on an "AS IS" BASIS,
199
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200
- See the License for the specific language governing permissions and
201
- limitations under the License.
@@ -1,159 +0,0 @@
1
- # Copyright 2020 Google LLC
2
- #
3
- # Licensed under the Apache License, Version 2.0 (the "License");
4
- # you may not use this file except in compliance with the License.
5
- # You may obtain a copy of the License at
6
- #
7
- # https://www.apache.org/licenses/LICENSE-2.0
8
- #
9
- # Unless required by applicable law or agreed to in writing, software
10
- # distributed under the License is distributed on an "AS IS" BASIS,
11
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
- # See the License for the specific language governing permissions and
13
- # limitations under the License.
14
-
15
-
16
- require "google/cloud/kms/v1/key_management_service_client"
17
- require "google/cloud/kms/v1/helpers"
18
- require "google/cloud/kms/v1/service_pb"
19
-
20
- module Google
21
- module Cloud
22
- module Kms
23
- # rubocop:disable LineLength
24
-
25
- ##
26
- # # Ruby Client for Cloud Key Management Service (KMS) API
27
- #
28
- # [Cloud Key Management Service (KMS) API][Product Documentation]:
29
- # Manages keys and performs cryptographic operations in a central cloud
30
- # service, for direct use by other cloud resources and applications.
31
- # - [Product Documentation][]
32
- #
33
- # ## Quick Start
34
- # In order to use this library, you first need to go through the following
35
- # steps:
36
- #
37
- # 1. [Select or create a Cloud Platform project.](https://console.cloud.google.com/project)
38
- # 2. [Enable billing for your project.](https://cloud.google.com/billing/docs/how-to/modify-project#enable_billing_for_a_project)
39
- # 3. [Enable the Cloud Key Management Service (KMS) API.](https://console.cloud.google.com/apis/library/cloudkms.googleapis.com)
40
- # 4. [Setup Authentication.](https://googleapis.dev/ruby/google-cloud-kms/latest/file.AUTHENTICATION.html)
41
- #
42
- # ### Installation
43
- # ```
44
- # $ gem install google-cloud-kms
45
- # ```
46
- #
47
- # ### Next Steps
48
- # - Read the [Cloud Key Management Service (KMS) API Product documentation][Product Documentation]
49
- # to learn more about the product and see How-to Guides.
50
- # - View this [repository's main README](https://github.com/googleapis/google-cloud-ruby/blob/master/README.md)
51
- # to see the full list of Cloud APIs that we cover.
52
- #
53
- # [Product Documentation]: https://cloud.google.com/kms
54
- #
55
- # ## Enabling Logging
56
- #
57
- # To enable logging for this library, set the logger for the underlying [gRPC](https://github.com/grpc/grpc/tree/master/src/ruby) library.
58
- # The logger that you set may be a Ruby stdlib [`Logger`](https://ruby-doc.org/stdlib-2.5.0/libdoc/logger/rdoc/Logger.html) as shown below,
59
- # or a [`Google::Cloud::Logging::Logger`](https://googleapis.dev/ruby/google-cloud-logging/latest)
60
- # that will write logs to [Stackdriver Logging](https://cloud.google.com/logging/). See [grpc/logconfig.rb](https://github.com/grpc/grpc/blob/master/src/ruby/lib/grpc/logconfig.rb)
61
- # and the gRPC [spec_helper.rb](https://github.com/grpc/grpc/blob/master/src/ruby/spec/spec_helper.rb) for additional information.
62
- #
63
- # Configuring a Ruby stdlib logger:
64
- #
65
- # ```ruby
66
- # require "logger"
67
- #
68
- # module MyLogger
69
- # LOGGER = Logger.new $stderr, level: Logger::WARN
70
- # def logger
71
- # LOGGER
72
- # end
73
- # end
74
- #
75
- # # Define a gRPC module-level logger method before grpc/logconfig.rb loads.
76
- # module GRPC
77
- # extend MyLogger
78
- # end
79
- # ```
80
- #
81
- module V1
82
- # rubocop:enable LineLength
83
-
84
- ##
85
- # Google Cloud Key Management Service
86
- #
87
- # Manages cryptographic keys and operations using those keys. Implements a REST
88
- # model with the following objects:
89
- #
90
- # * {Google::Cloud::Kms::V1::KeyRing KeyRing}
91
- # * {Google::Cloud::Kms::V1::CryptoKey CryptoKey}
92
- # * {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
93
- # * {Google::Cloud::Kms::V1::ImportJob ImportJob}
94
- #
95
- # If you are using manual gRPC libraries, see
96
- # [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc).
97
- #
98
- # @param credentials [Google::Auth::Credentials, String, Hash, GRPC::Core::Channel, GRPC::Core::ChannelCredentials, Proc]
99
- # Provides the means for authenticating requests made by the client. This parameter can
100
- # be many types.
101
- # A `Google::Auth::Credentials` uses a the properties of its represented keyfile for
102
- # authenticating requests made by this client.
103
- # A `String` will be treated as the path to the keyfile to be used for the construction of
104
- # credentials for this client.
105
- # A `Hash` will be treated as the contents of a keyfile to be used for the construction of
106
- # credentials for this client.
107
- # A `GRPC::Core::Channel` will be used to make calls through.
108
- # A `GRPC::Core::ChannelCredentials` for the setting up the RPC client. The channel credentials
109
- # should already be composed with a `GRPC::Core::CallCredentials` object.
110
- # A `Proc` will be used as an updater_proc for the Grpc channel. The proc transforms the
111
- # metadata for requests, generally, to give OAuth credentials.
112
- # @param scopes [Array<String>]
113
- # The OAuth scopes for this service. This parameter is ignored if
114
- # an updater_proc is supplied.
115
- # @param client_config [Hash]
116
- # A Hash for call options for each method. See
117
- # Google::Gax#construct_settings for the structure of
118
- # this data. Falls back to the default config if not specified
119
- # or the specified config is missing data points.
120
- # @param timeout [Numeric]
121
- # The default timeout, in seconds, for calls made through this client.
122
- # @param metadata [Hash]
123
- # Default metadata to be sent with each request. This can be overridden on a per call basis.
124
- # @param service_address [String]
125
- # Override for the service hostname, or `nil` to leave as the default.
126
- # @param service_port [Integer]
127
- # Override for the service port, or `nil` to leave as the default.
128
- # @param exception_transformer [Proc]
129
- # An optional proc that intercepts any exceptions raised during an API call to inject
130
- # custom error handling.
131
- def self.new \
132
- credentials: nil,
133
- scopes: nil,
134
- client_config: nil,
135
- timeout: nil,
136
- metadata: nil,
137
- service_address: nil,
138
- service_port: nil,
139
- exception_transformer: nil,
140
- lib_name: nil,
141
- lib_version: nil
142
- kwargs = {
143
- credentials: credentials,
144
- scopes: scopes,
145
- client_config: client_config,
146
- timeout: timeout,
147
- metadata: metadata,
148
- exception_transformer: exception_transformer,
149
- lib_name: lib_name,
150
- service_address: service_address,
151
- service_port: service_port,
152
- lib_version: lib_version
153
- }.select { |_, v| v != nil }
154
- Google::Cloud::Kms::V1::KeyManagementServiceClient.new(**kwargs)
155
- end
156
- end
157
- end
158
- end
159
- end
@@ -1,42 +0,0 @@
1
- # Copyright 2020 Google LLC
2
- #
3
- # Licensed under the Apache License, Version 2.0 (the "License");
4
- # you may not use this file except in compliance with the License.
5
- # You may obtain a copy of the License at
6
- #
7
- # https://www.apache.org/licenses/LICENSE-2.0
8
- #
9
- # Unless required by applicable law or agreed to in writing, software
10
- # distributed under the License is distributed on an "AS IS" BASIS,
11
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
- # See the License for the specific language governing permissions and
13
- # limitations under the License.
14
-
15
-
16
- require "googleauth"
17
-
18
- module Google
19
- module Cloud
20
- module Kms
21
- module V1
22
- class Credentials < Google::Auth::Credentials
23
- SCOPE = [
24
- "https://www.googleapis.com/auth/cloud-platform",
25
- "https://www.googleapis.com/auth/cloudkms"
26
- ].freeze
27
- PATH_ENV_VARS = %w(KMS_CREDENTIALS
28
- KMS_KEYFILE
29
- GOOGLE_CLOUD_CREDENTIALS
30
- GOOGLE_CLOUD_KEYFILE
31
- GCLOUD_KEYFILE)
32
- JSON_ENV_VARS = %w(KMS_CREDENTIALS_JSON
33
- KMS_KEYFILE_JSON
34
- GOOGLE_CLOUD_CREDENTIALS_JSON
35
- GOOGLE_CLOUD_KEYFILE_JSON
36
- GCLOUD_KEYFILE_JSON)
37
- DEFAULT_PATHS = ["~/.config/gcloud/application_default_credentials.json"]
38
- end
39
- end
40
- end
41
- end
42
- end
@@ -1,524 +0,0 @@
1
- # Copyright 2020 Google LLC
2
- #
3
- # Licensed under the Apache License, Version 2.0 (the "License");
4
- # you may not use this file except in compliance with the License.
5
- # You may obtain a copy of the License at
6
- #
7
- # https://www.apache.org/licenses/LICENSE-2.0
8
- #
9
- # Unless required by applicable law or agreed to in writing, software
10
- # distributed under the License is distributed on an "AS IS" BASIS,
11
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
- # See the License for the specific language governing permissions and
13
- # limitations under the License.
14
-
15
-
16
- module Google
17
- module Cloud
18
- module Kms
19
- module V1
20
- # A {Google::Cloud::Kms::V1::KeyRing KeyRing} is a toplevel logical grouping of {Google::Cloud::Kms::V1::CryptoKey CryptoKeys}.
21
- # @!attribute [rw] name
22
- # @return [String]
23
- # Output only. The resource name for the {Google::Cloud::Kms::V1::KeyRing KeyRing} in the format
24
- # `projects/*/locations/*/keyRings/*`.
25
- # @!attribute [rw] create_time
26
- # @return [Google::Protobuf::Timestamp]
27
- # Output only. The time at which this {Google::Cloud::Kms::V1::KeyRing KeyRing} was created.
28
- class KeyRing; end
29
-
30
- # A {Google::Cloud::Kms::V1::CryptoKey CryptoKey} represents a logical key that can be used for cryptographic
31
- # operations.
32
- #
33
- # A {Google::Cloud::Kms::V1::CryptoKey CryptoKey} is made up of one or more {Google::Cloud::Kms::V1::CryptoKeyVersion versions}, which
34
- # represent the actual key material used in cryptographic operations.
35
- # @!attribute [rw] name
36
- # @return [String]
37
- # Output only. The resource name for this {Google::Cloud::Kms::V1::CryptoKey CryptoKey} in the format
38
- # `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
39
- # @!attribute [rw] primary
40
- # @return [Google::Cloud::Kms::V1::CryptoKeyVersion]
41
- # Output only. A copy of the "primary" {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} that will be used
42
- # by {Google::Cloud::Kms::V1::KeyManagementService::Encrypt Encrypt} when this {Google::Cloud::Kms::V1::CryptoKey CryptoKey} is given
43
- # in {Google::Cloud::Kms::V1::EncryptRequest#name EncryptRequest#name}.
44
- #
45
- # The {Google::Cloud::Kms::V1::CryptoKey CryptoKey}'s primary version can be updated via
46
- # {Google::Cloud::Kms::V1::KeyManagementService::UpdateCryptoKeyPrimaryVersion UpdateCryptoKeyPrimaryVersion}.
47
- #
48
- # Keys with {Google::Cloud::Kms::V1::CryptoKey#purpose purpose}
49
- # {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT} may have a
50
- # primary. For other keys, this field will be omitted.
51
- # @!attribute [rw] purpose
52
- # @return [Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose]
53
- # Immutable. The immutable purpose of this {Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
54
- # @!attribute [rw] create_time
55
- # @return [Google::Protobuf::Timestamp]
56
- # Output only. The time at which this {Google::Cloud::Kms::V1::CryptoKey CryptoKey} was created.
57
- # @!attribute [rw] next_rotation_time
58
- # @return [Google::Protobuf::Timestamp]
59
- # At {Google::Cloud::Kms::V1::CryptoKey#next_rotation_time next_rotation_time}, the Key Management Service will automatically:
60
- #
61
- # 1. Create a new version of this {Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
62
- # 2. Mark the new version as primary.
63
- #
64
- # Key rotations performed manually via
65
- # {Google::Cloud::Kms::V1::KeyManagementService::CreateCryptoKeyVersion CreateCryptoKeyVersion} and
66
- # {Google::Cloud::Kms::V1::KeyManagementService::UpdateCryptoKeyPrimaryVersion UpdateCryptoKeyPrimaryVersion}
67
- # do not affect {Google::Cloud::Kms::V1::CryptoKey#next_rotation_time next_rotation_time}.
68
- #
69
- # Keys with {Google::Cloud::Kms::V1::CryptoKey#purpose purpose}
70
- # {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT} support
71
- # automatic rotation. For other keys, this field must be omitted.
72
- # @!attribute [rw] rotation_period
73
- # @return [Google::Protobuf::Duration]
74
- # {Google::Cloud::Kms::V1::CryptoKey#next_rotation_time next_rotation_time} will be advanced by this period when the service
75
- # automatically rotates a key. Must be at least 24 hours and at most
76
- # 876,000 hours.
77
- #
78
- # If {Google::Cloud::Kms::V1::CryptoKey#rotation_period rotation_period} is set, {Google::Cloud::Kms::V1::CryptoKey#next_rotation_time next_rotation_time} must also be set.
79
- #
80
- # Keys with {Google::Cloud::Kms::V1::CryptoKey#purpose purpose}
81
- # {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT} support
82
- # automatic rotation. For other keys, this field must be omitted.
83
- # @!attribute [rw] version_template
84
- # @return [Google::Cloud::Kms::V1::CryptoKeyVersionTemplate]
85
- # A template describing settings for new {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} instances.
86
- # The properties of new {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} instances created by either
87
- # {Google::Cloud::Kms::V1::KeyManagementService::CreateCryptoKeyVersion CreateCryptoKeyVersion} or
88
- # auto-rotation are controlled by this template.
89
- # @!attribute [rw] labels
90
- # @return [Hash{String => String}]
91
- # Labels with user-defined metadata. For more information, see
92
- # [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys).
93
- class CryptoKey
94
- # {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose CryptoKeyPurpose} describes the cryptographic capabilities of a
95
- # {Google::Cloud::Kms::V1::CryptoKey CryptoKey}. A given key can only be used for the operations allowed by
96
- # its purpose. For more information, see
97
- # [Key purposes](https://cloud.google.com/kms/docs/algorithms#key_purposes).
98
- module CryptoKeyPurpose
99
- # Not specified.
100
- CRYPTO_KEY_PURPOSE_UNSPECIFIED = 0
101
-
102
- # {Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used with
103
- # {Google::Cloud::Kms::V1::KeyManagementService::Encrypt Encrypt} and
104
- # {Google::Cloud::Kms::V1::KeyManagementService::Decrypt Decrypt}.
105
- ENCRYPT_DECRYPT = 1
106
-
107
- # {Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used with
108
- # {Google::Cloud::Kms::V1::KeyManagementService::AsymmetricSign AsymmetricSign} and
109
- # {Google::Cloud::Kms::V1::KeyManagementService::GetPublicKey GetPublicKey}.
110
- ASYMMETRIC_SIGN = 5
111
-
112
- # {Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used with
113
- # {Google::Cloud::Kms::V1::KeyManagementService::AsymmetricDecrypt AsymmetricDecrypt} and
114
- # {Google::Cloud::Kms::V1::KeyManagementService::GetPublicKey GetPublicKey}.
115
- ASYMMETRIC_DECRYPT = 6
116
- end
117
- end
118
-
119
- # A {Google::Cloud::Kms::V1::CryptoKeyVersionTemplate CryptoKeyVersionTemplate} specifies the properties to use when creating
120
- # a new {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}, either manually with
121
- # {Google::Cloud::Kms::V1::KeyManagementService::CreateCryptoKeyVersion CreateCryptoKeyVersion} or
122
- # automatically as a result of auto-rotation.
123
- # @!attribute [rw] protection_level
124
- # @return [Google::Cloud::Kms::V1::ProtectionLevel]
125
- # {Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} to use when creating a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} based on
126
- # this template. Immutable. Defaults to {Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE}.
127
- # @!attribute [rw] algorithm
128
- # @return [Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm]
129
- # Required. {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm Algorithm} to use
130
- # when creating a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} based on this template.
131
- #
132
- # For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both
133
- # this field is omitted and {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose} is
134
- # {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.
135
- class CryptoKeyVersionTemplate; end
136
-
137
- # Contains an HSM-generated attestation about a key operation. For more
138
- # information, see [Verifying attestations]
139
- # (https://cloud.google.com/kms/docs/attest-key).
140
- # @!attribute [rw] format
141
- # @return [Google::Cloud::Kms::V1::KeyOperationAttestation::AttestationFormat]
142
- # Output only. The format of the attestation data.
143
- # @!attribute [rw] content
144
- # @return [String]
145
- # Output only. The attestation data provided by the HSM when the key
146
- # operation was performed.
147
- class KeyOperationAttestation
148
- # Attestation formats provided by the HSM.
149
- module AttestationFormat
150
- # Not specified.
151
- ATTESTATION_FORMAT_UNSPECIFIED = 0
152
-
153
- # Cavium HSM attestation compressed with gzip. Note that this format is
154
- # defined by Cavium and subject to change at any time.
155
- CAVIUM_V1_COMPRESSED = 3
156
-
157
- # Cavium HSM attestation V2 compressed with gzip. This is a new format
158
- # introduced in Cavium's version 3.2-08.
159
- CAVIUM_V2_COMPRESSED = 4
160
- end
161
- end
162
-
163
- # A {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} represents an individual cryptographic key, and the
164
- # associated key material.
165
- #
166
- # An {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED} version can be
167
- # used for cryptographic operations.
168
- #
169
- # For security reasons, the raw cryptographic key material represented by a
170
- # {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} can never be viewed or exported. It can only be used to
171
- # encrypt, decrypt, or sign data when an authorized user or application invokes
172
- # Cloud KMS.
173
- # @!attribute [rw] name
174
- # @return [String]
175
- # Output only. The resource name for this {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} in the format
176
- # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
177
- # @!attribute [rw] state
178
- # @return [Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState]
179
- # The current state of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
180
- # @!attribute [rw] protection_level
181
- # @return [Google::Cloud::Kms::V1::ProtectionLevel]
182
- # Output only. The {Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} describing how crypto operations are
183
- # performed with this {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
184
- # @!attribute [rw] algorithm
185
- # @return [Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm]
186
- # Output only. The {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm CryptoKeyVersionAlgorithm} that this
187
- # {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} supports.
188
- # @!attribute [rw] attestation
189
- # @return [Google::Cloud::Kms::V1::KeyOperationAttestation]
190
- # Output only. Statement that was generated and signed by the HSM at key
191
- # creation time. Use this statement to verify attributes of the key as stored
192
- # on the HSM, independently of Google. Only provided for key versions with
193
- # {Google::Cloud::Kms::V1::CryptoKeyVersion#protection_level protection_level} {Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM}.
194
- # @!attribute [rw] create_time
195
- # @return [Google::Protobuf::Timestamp]
196
- # Output only. The time at which this {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} was created.
197
- # @!attribute [rw] generate_time
198
- # @return [Google::Protobuf::Timestamp]
199
- # Output only. The time this {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s key material was
200
- # generated.
201
- # @!attribute [rw] destroy_time
202
- # @return [Google::Protobuf::Timestamp]
203
- # Output only. The time this {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s key material is scheduled
204
- # for destruction. Only present if {Google::Cloud::Kms::V1::CryptoKeyVersion#state state} is
205
- # {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED}.
206
- # @!attribute [rw] destroy_event_time
207
- # @return [Google::Protobuf::Timestamp]
208
- # Output only. The time this CryptoKeyVersion's key material was
209
- # destroyed. Only present if {Google::Cloud::Kms::V1::CryptoKeyVersion#state state} is
210
- # {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED}.
211
- # @!attribute [rw] import_job
212
- # @return [String]
213
- # Output only. The name of the {Google::Cloud::Kms::V1::ImportJob ImportJob} used to import this
214
- # {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. Only present if the underlying key material was
215
- # imported.
216
- # @!attribute [rw] import_time
217
- # @return [Google::Protobuf::Timestamp]
218
- # Output only. The time at which this {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s key material
219
- # was imported.
220
- # @!attribute [rw] import_failure_reason
221
- # @return [String]
222
- # Output only. The root cause of an import failure. Only present if
223
- # {Google::Cloud::Kms::V1::CryptoKeyVersion#state state} is
224
- # {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::IMPORT_FAILED IMPORT_FAILED}.
225
- class CryptoKeyVersion
226
- # The algorithm of the {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}, indicating what
227
- # parameters must be used for each cryptographic operation.
228
- #
229
- # The
230
- # {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm::GOOGLE_SYMMETRIC_ENCRYPTION GOOGLE_SYMMETRIC_ENCRYPTION}
231
- # algorithm is usable with {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose}
232
- # {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.
233
- #
234
- # Algorithms beginning with "RSA_SIGN_" are usable with {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose}
235
- # {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ASYMMETRIC_SIGN ASYMMETRIC_SIGN}.
236
- #
237
- # The fields in the name after "RSA_SIGN_" correspond to the following
238
- # parameters: padding algorithm, modulus bit length, and digest algorithm.
239
- #
240
- # For PSS, the salt length used is equal to the length of digest
241
- # algorithm. For example,
242
- # {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm::RSA_SIGN_PSS_2048_SHA256 RSA_SIGN_PSS_2048_SHA256}
243
- # will use PSS with a salt length of 256 bits or 32 bytes.
244
- #
245
- # Algorithms beginning with "RSA_DECRYPT_" are usable with
246
- # {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose}
247
- # {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ASYMMETRIC_DECRYPT ASYMMETRIC_DECRYPT}.
248
- #
249
- # The fields in the name after "RSA_DECRYPT_" correspond to the following
250
- # parameters: padding algorithm, modulus bit length, and digest algorithm.
251
- #
252
- # Algorithms beginning with "EC_SIGN_" are usable with {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose}
253
- # {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ASYMMETRIC_SIGN ASYMMETRIC_SIGN}.
254
- #
255
- # The fields in the name after "EC_SIGN_" correspond to the following
256
- # parameters: elliptic curve, digest algorithm.
257
- #
258
- # For more information, see [Key purposes and algorithms]
259
- # (https://cloud.google.com/kms/docs/algorithms).
260
- module CryptoKeyVersionAlgorithm
261
- # Not specified.
262
- CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED = 0
263
-
264
- # Creates symmetric encryption keys.
265
- GOOGLE_SYMMETRIC_ENCRYPTION = 1
266
-
267
- # RSASSA-PSS 2048 bit key with a SHA256 digest.
268
- RSA_SIGN_PSS_2048_SHA256 = 2
269
-
270
- # RSASSA-PSS 3072 bit key with a SHA256 digest.
271
- RSA_SIGN_PSS_3072_SHA256 = 3
272
-
273
- # RSASSA-PSS 4096 bit key with a SHA256 digest.
274
- RSA_SIGN_PSS_4096_SHA256 = 4
275
-
276
- # RSASSA-PSS 4096 bit key with a SHA512 digest.
277
- RSA_SIGN_PSS_4096_SHA512 = 15
278
-
279
- # RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
280
- RSA_SIGN_PKCS1_2048_SHA256 = 5
281
-
282
- # RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
283
- RSA_SIGN_PKCS1_3072_SHA256 = 6
284
-
285
- # RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
286
- RSA_SIGN_PKCS1_4096_SHA256 = 7
287
-
288
- # RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
289
- RSA_SIGN_PKCS1_4096_SHA512 = 16
290
-
291
- # RSAES-OAEP 2048 bit key with a SHA256 digest.
292
- RSA_DECRYPT_OAEP_2048_SHA256 = 8
293
-
294
- # RSAES-OAEP 3072 bit key with a SHA256 digest.
295
- RSA_DECRYPT_OAEP_3072_SHA256 = 9
296
-
297
- # RSAES-OAEP 4096 bit key with a SHA256 digest.
298
- RSA_DECRYPT_OAEP_4096_SHA256 = 10
299
-
300
- # RSAES-OAEP 4096 bit key with a SHA512 digest.
301
- RSA_DECRYPT_OAEP_4096_SHA512 = 17
302
-
303
- # ECDSA on the NIST P-256 curve with a SHA256 digest.
304
- EC_SIGN_P256_SHA256 = 12
305
-
306
- # ECDSA on the NIST P-384 curve with a SHA384 digest.
307
- EC_SIGN_P384_SHA384 = 13
308
- end
309
-
310
- # The state of a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}, indicating if it can be used.
311
- module CryptoKeyVersionState
312
- # Not specified.
313
- CRYPTO_KEY_VERSION_STATE_UNSPECIFIED = 0
314
-
315
- # This version is still being generated. It may not be used, enabled,
316
- # disabled, or destroyed yet. Cloud KMS will automatically mark this
317
- # version {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED} as soon as the version is ready.
318
- PENDING_GENERATION = 5
319
-
320
- # This version may be used for cryptographic operations.
321
- ENABLED = 1
322
-
323
- # This version may not be used, but the key material is still available,
324
- # and the version can be placed back into the {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED} state.
325
- DISABLED = 2
326
-
327
- # This version is destroyed, and the key material is no longer stored.
328
- # A version may not leave this state once entered.
329
- DESTROYED = 3
330
-
331
- # This version is scheduled for destruction, and will be destroyed soon.
332
- # Call
333
- # {Google::Cloud::Kms::V1::KeyManagementService::RestoreCryptoKeyVersion RestoreCryptoKeyVersion}
334
- # to put it back into the {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DISABLED DISABLED} state.
335
- DESTROY_SCHEDULED = 4
336
-
337
- # This version is still being imported. It may not be used, enabled,
338
- # disabled, or destroyed yet. Cloud KMS will automatically mark this
339
- # version {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED} as soon as the version is ready.
340
- PENDING_IMPORT = 6
341
-
342
- # This version was not imported successfully. It may not be used, enabled,
343
- # disabled, or destroyed. The submitted key material has been discarded.
344
- # Additional details can be found in
345
- # {Google::Cloud::Kms::V1::CryptoKeyVersion#import_failure_reason CryptoKeyVersion#import_failure_reason}.
346
- IMPORT_FAILED = 7
347
- end
348
-
349
- # A view for {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}s. Controls the level of detail returned
350
- # for {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} in
351
- # {Google::Cloud::Kms::V1::KeyManagementService::ListCryptoKeyVersions KeyManagementService::ListCryptoKeyVersions} and
352
- # {Google::Cloud::Kms::V1::KeyManagementService::ListCryptoKeys KeyManagementService::ListCryptoKeys}.
353
- module CryptoKeyVersionView
354
- # Default view for each {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. Does not include
355
- # the {Google::Cloud::Kms::V1::CryptoKeyVersion#attestation attestation} field.
356
- CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED = 0
357
-
358
- # Provides all fields in each {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}, including the
359
- # {Google::Cloud::Kms::V1::CryptoKeyVersion#attestation attestation}.
360
- FULL = 1
361
- end
362
- end
363
-
364
- # The public key for a given {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. Obtained via
365
- # {Google::Cloud::Kms::V1::KeyManagementService::GetPublicKey GetPublicKey}.
366
- # @!attribute [rw] pem
367
- # @return [String]
368
- # The public key, encoded in PEM format. For more information, see the
369
- # [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for
370
- # [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and
371
- # [Textual Encoding of Subject Public Key Info]
372
- # (https://tools.ietf.org/html/rfc7468#section-13).
373
- # @!attribute [rw] algorithm
374
- # @return [Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm]
375
- # The {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm Algorithm} associated
376
- # with this key.
377
- class PublicKey; end
378
-
379
- # An {Google::Cloud::Kms::V1::ImportJob ImportJob} can be used to create {Google::Cloud::Kms::V1::CryptoKey CryptoKeys} and
380
- # {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} using pre-existing key material,
381
- # generated outside of Cloud KMS.
382
- #
383
- # When an {Google::Cloud::Kms::V1::ImportJob ImportJob} is created, Cloud KMS will generate a "wrapping key",
384
- # which is a public/private key pair. You use the wrapping key to encrypt (also
385
- # known as wrap) the pre-existing key material to protect it during the import
386
- # process. The nature of the wrapping key depends on the choice of
387
- # {Google::Cloud::Kms::V1::ImportJob#import_method import_method}. When the wrapping key generation
388
- # is complete, the {Google::Cloud::Kms::V1::ImportJob#state state} will be set to
389
- # {Google::Cloud::Kms::V1::ImportJob::ImportJobState::ACTIVE ACTIVE} and the {Google::Cloud::Kms::V1::ImportJob#public_key public_key}
390
- # can be fetched. The fetched public key can then be used to wrap your
391
- # pre-existing key material.
392
- #
393
- # Once the key material is wrapped, it can be imported into a new
394
- # {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} in an existing {Google::Cloud::Kms::V1::CryptoKey CryptoKey} by calling
395
- # {Google::Cloud::Kms::V1::KeyManagementService::ImportCryptoKeyVersion ImportCryptoKeyVersion}.
396
- # Multiple {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} can be imported with a single
397
- # {Google::Cloud::Kms::V1::ImportJob ImportJob}. Cloud KMS uses the private key portion of the wrapping key to
398
- # unwrap the key material. Only Cloud KMS has access to the private key.
399
- #
400
- # An {Google::Cloud::Kms::V1::ImportJob ImportJob} expires 3 days after it is created. Once expired, Cloud KMS
401
- # will no longer be able to import or unwrap any key material that was wrapped
402
- # with the {Google::Cloud::Kms::V1::ImportJob ImportJob}'s public key.
403
- #
404
- # For more information, see
405
- # [Importing a key](https://cloud.google.com/kms/docs/importing-a-key).
406
- # @!attribute [rw] name
407
- # @return [String]
408
- # Output only. The resource name for this {Google::Cloud::Kms::V1::ImportJob ImportJob} in the format
409
- # `projects/*/locations/*/keyRings/*/importJobs/*`.
410
- # @!attribute [rw] import_method
411
- # @return [Google::Cloud::Kms::V1::ImportJob::ImportMethod]
412
- # Required. Immutable. The wrapping method to be used for incoming key material.
413
- # @!attribute [rw] protection_level
414
- # @return [Google::Cloud::Kms::V1::ProtectionLevel]
415
- # Required. Immutable. The protection level of the {Google::Cloud::Kms::V1::ImportJob ImportJob}. This must match the
416
- # {Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level} of the
417
- # {Google::Cloud::Kms::V1::CryptoKey#version_template version_template} on the {Google::Cloud::Kms::V1::CryptoKey CryptoKey} you
418
- # attempt to import into.
419
- # @!attribute [rw] create_time
420
- # @return [Google::Protobuf::Timestamp]
421
- # Output only. The time at which this {Google::Cloud::Kms::V1::ImportJob ImportJob} was created.
422
- # @!attribute [rw] generate_time
423
- # @return [Google::Protobuf::Timestamp]
424
- # Output only. The time this {Google::Cloud::Kms::V1::ImportJob ImportJob}'s key material was generated.
425
- # @!attribute [rw] expire_time
426
- # @return [Google::Protobuf::Timestamp]
427
- # Output only. The time at which this {Google::Cloud::Kms::V1::ImportJob ImportJob} is scheduled for
428
- # expiration and can no longer be used to import key material.
429
- # @!attribute [rw] expire_event_time
430
- # @return [Google::Protobuf::Timestamp]
431
- # Output only. The time this {Google::Cloud::Kms::V1::ImportJob ImportJob} expired. Only present if
432
- # {Google::Cloud::Kms::V1::ImportJob#state state} is {Google::Cloud::Kms::V1::ImportJob::ImportJobState::EXPIRED EXPIRED}.
433
- # @!attribute [rw] state
434
- # @return [Google::Cloud::Kms::V1::ImportJob::ImportJobState]
435
- # Output only. The current state of the {Google::Cloud::Kms::V1::ImportJob ImportJob}, indicating if it can
436
- # be used.
437
- # @!attribute [rw] public_key
438
- # @return [Google::Cloud::Kms::V1::ImportJob::WrappingPublicKey]
439
- # Output only. The public key with which to wrap key material prior to
440
- # import. Only returned if {Google::Cloud::Kms::V1::ImportJob#state state} is
441
- # {Google::Cloud::Kms::V1::ImportJob::ImportJobState::ACTIVE ACTIVE}.
442
- # @!attribute [rw] attestation
443
- # @return [Google::Cloud::Kms::V1::KeyOperationAttestation]
444
- # Output only. Statement that was generated and signed by the key creator
445
- # (for example, an HSM) at key creation time. Use this statement to verify
446
- # attributes of the key as stored on the HSM, independently of Google.
447
- # Only present if the chosen {Google::Cloud::Kms::V1::ImportJob::ImportMethod ImportMethod} is one with a protection
448
- # level of {Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM}.
449
- class ImportJob
450
- # The public key component of the wrapping key. For details of the type of
451
- # key this public key corresponds to, see the {Google::Cloud::Kms::V1::ImportJob::ImportMethod ImportMethod}.
452
- # @!attribute [rw] pem
453
- # @return [String]
454
- # The public key, encoded in PEM format. For more information, see the [RFC
455
- # 7468](https://tools.ietf.org/html/rfc7468) sections for [General
456
- # Considerations](https://tools.ietf.org/html/rfc7468#section-2) and
457
- # [Textual Encoding of Subject Public Key Info]
458
- # (https://tools.ietf.org/html/rfc7468#section-13).
459
- class WrappingPublicKey; end
460
-
461
- # The state of the {Google::Cloud::Kms::V1::ImportJob ImportJob}, indicating if it can be used.
462
- module ImportJobState
463
- # Not specified.
464
- IMPORT_JOB_STATE_UNSPECIFIED = 0
465
-
466
- # The wrapping key for this job is still being generated. It may not be
467
- # used. Cloud KMS will automatically mark this job as
468
- # {Google::Cloud::Kms::V1::ImportJob::ImportJobState::ACTIVE ACTIVE} as soon as the wrapping key is generated.
469
- PENDING_GENERATION = 1
470
-
471
- # This job may be used in
472
- # {Google::Cloud::Kms::V1::KeyManagementService::CreateCryptoKey CreateCryptoKey} and
473
- # {Google::Cloud::Kms::V1::KeyManagementService::CreateCryptoKeyVersion CreateCryptoKeyVersion}
474
- # requests.
475
- ACTIVE = 2
476
-
477
- # This job can no longer be used and may not leave this state once entered.
478
- EXPIRED = 3
479
- end
480
-
481
- # {Google::Cloud::Kms::V1::ImportJob::ImportMethod ImportMethod} describes the key wrapping method chosen for this
482
- # {Google::Cloud::Kms::V1::ImportJob ImportJob}.
483
- module ImportMethod
484
- # Not specified.
485
- IMPORT_METHOD_UNSPECIFIED = 0
486
-
487
- # This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
488
- # scheme defined in the PKCS #11 standard. In summary, this involves
489
- # wrapping the raw key with an ephemeral AES key, and wrapping the
490
- # ephemeral AES key with a 3072 bit RSA key. For more details, see
491
- # [RSA AES key wrap
492
- # mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
493
- RSA_OAEP_3072_SHA1_AES_256 = 1
494
-
495
- # This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
496
- # scheme defined in the PKCS #11 standard. In summary, this involves
497
- # wrapping the raw key with an ephemeral AES key, and wrapping the
498
- # ephemeral AES key with a 4096 bit RSA key. For more details, see
499
- # [RSA AES key wrap
500
- # mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
501
- RSA_OAEP_4096_SHA1_AES_256 = 2
502
- end
503
- end
504
-
505
- # {Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} specifies how cryptographic operations are performed.
506
- # For more information, see [Protection levels]
507
- # (https://cloud.google.com/kms/docs/algorithms#protection_levels).
508
- module ProtectionLevel
509
- # Not specified.
510
- PROTECTION_LEVEL_UNSPECIFIED = 0
511
-
512
- # Crypto operations are performed in software.
513
- SOFTWARE = 1
514
-
515
- # Crypto operations are performed in a Hardware Security Module.
516
- HSM = 2
517
-
518
- # Crypto operations are performed by an external key manager.
519
- EXTERNAL = 3
520
- end
521
- end
522
- end
523
- end
524
- end