google-cloud-kms 0.3.0 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +22 -1
- data/lib/google/cloud/kms.rb +1 -1
- data/lib/google/cloud/kms/v1.rb +1 -1
- data/lib/google/cloud/kms/v1/doc/google/cloud/kms/v1/resources.rb +150 -84
- data/lib/google/cloud/kms/v1/doc/google/cloud/kms/v1/service.rb +157 -91
- data/lib/google/cloud/kms/v1/key_management_service_client.rb +128 -76
- data/lib/google/cloud/kms/v1/resources_pb.rb +1 -0
- data/lib/google/cloud/kms/v1/service_services_pb.rb +63 -34
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 91e18b340eb2c241dc87e554d0bbf7864f36dbce382fd523d8030823d23090cf
|
|
4
|
+
data.tar.gz: a41d0f6437e9569bdcc767da7963980719b239e3b8028e5f3f20f09e769133c0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c36f619de556ad2bf18cbeeedc8a27769cba04d44d57a1819ae6a7f26dc1b508e6015fc6e879ce3f0d965d1a64659875c6f67bdf10ae856efa8c21b76034fd65
|
|
7
|
+
data.tar.gz: f57cde3b29bc990751f05e03a3e04d6175f5e3871d8e9891eae49d1c51d2f7d123f59573493c128d6ac62881191b2424846d227d2717842ca5fa4e50ff8cf5dc
|
data/README.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# Ruby Client for Cloud Key Management Service (KMS) API ([
|
|
1
|
+
# Ruby Client for Cloud Key Management Service (KMS) API ([GA](https://github.com/googleapis/google-cloud-ruby#versioning))
|
|
2
2
|
|
|
3
3
|
[Cloud Key Management Service (KMS) API][Product Documentation]:
|
|
4
4
|
Manages keys and performs cryptographic operations in a central cloud
|
|
@@ -20,6 +20,27 @@ steps:
|
|
|
20
20
|
$ gem install google-cloud-kms
|
|
21
21
|
```
|
|
22
22
|
|
|
23
|
+
### Example
|
|
24
|
+
|
|
25
|
+
```ruby
|
|
26
|
+
require "google/cloud/kms"
|
|
27
|
+
|
|
28
|
+
# Create a client for a project and given credentials
|
|
29
|
+
kms = Google::Cloud::Kms.new credentials: "/path/to/keyfile.json"
|
|
30
|
+
|
|
31
|
+
# Where to create key rings
|
|
32
|
+
key_ring_parent = kms.class.location_path "my-project", "us-central1"
|
|
33
|
+
|
|
34
|
+
# Create a new key ring
|
|
35
|
+
key_ring = kms.create_key_ring key_ring_parent, "my-ring", {}
|
|
36
|
+
puts "Created at #{Time.new key_ring.create_time.seconds}"
|
|
37
|
+
|
|
38
|
+
# Iterate over created key rings
|
|
39
|
+
kms.list_key_rings(key_ring_parent).each do |key_ring|
|
|
40
|
+
puts "Found ring called #{key_ring.name}"
|
|
41
|
+
end
|
|
42
|
+
```
|
|
43
|
+
|
|
23
44
|
### Next Steps
|
|
24
45
|
- Read the [Client Library Documentation][] for Cloud Key Management Service (KMS) API
|
|
25
46
|
to see other available methods on the client.
|
data/lib/google/cloud/kms.rb
CHANGED
|
@@ -21,7 +21,7 @@ module Google
|
|
|
21
21
|
# rubocop:disable LineLength
|
|
22
22
|
|
|
23
23
|
##
|
|
24
|
-
# # Ruby Client for Cloud Key Management Service (KMS) API ([
|
|
24
|
+
# # Ruby Client for Cloud Key Management Service (KMS) API ([GA](https://github.com/googleapis/google-cloud-ruby#versioning))
|
|
25
25
|
#
|
|
26
26
|
# [Cloud Key Management Service (KMS) API][Product Documentation]:
|
|
27
27
|
# Manages keys and performs cryptographic operations in a central cloud
|
data/lib/google/cloud/kms/v1.rb
CHANGED
|
@@ -23,7 +23,7 @@ module Google
|
|
|
23
23
|
# rubocop:disable LineLength
|
|
24
24
|
|
|
25
25
|
##
|
|
26
|
-
# # Ruby Client for Cloud Key Management Service (KMS) API ([
|
|
26
|
+
# # Ruby Client for Cloud Key Management Service (KMS) API ([GA](https://github.com/googleapis/google-cloud-ruby#versioning))
|
|
27
27
|
#
|
|
28
28
|
# [Cloud Key Management Service (KMS) API][Product Documentation]:
|
|
29
29
|
# Manages keys and performs cryptographic operations in a central cloud
|
|
@@ -17,118 +17,149 @@ module Google
|
|
|
17
17
|
module Cloud
|
|
18
18
|
module Kms
|
|
19
19
|
module V1
|
|
20
|
-
# A {Google::Cloud::Kms::V1::KeyRing KeyRing} is a toplevel logical grouping of
|
|
20
|
+
# A {Google::Cloud::Kms::V1::KeyRing KeyRing} is a toplevel logical grouping of
|
|
21
|
+
# {Google::Cloud::Kms::V1::CryptoKey CryptoKeys}.
|
|
21
22
|
# @!attribute [rw] name
|
|
22
23
|
# @return [String]
|
|
23
|
-
# Output only. The resource name for the
|
|
24
|
+
# Output only. The resource name for the
|
|
25
|
+
# {Google::Cloud::Kms::V1::KeyRing KeyRing} in the format
|
|
24
26
|
# `projects/*/locations/*/keyRings/*`.
|
|
25
27
|
# @!attribute [rw] create_time
|
|
26
28
|
# @return [Google::Protobuf::Timestamp]
|
|
27
|
-
# Output only. The time at which this {Google::Cloud::Kms::V1::KeyRing KeyRing}
|
|
29
|
+
# Output only. The time at which this {Google::Cloud::Kms::V1::KeyRing KeyRing}
|
|
30
|
+
# was created.
|
|
28
31
|
class KeyRing; end
|
|
29
32
|
|
|
30
|
-
# A {Google::Cloud::Kms::V1::CryptoKey CryptoKey} represents a logical key that
|
|
31
|
-
# operations.
|
|
33
|
+
# A {Google::Cloud::Kms::V1::CryptoKey CryptoKey} represents a logical key that
|
|
34
|
+
# can be used for cryptographic operations.
|
|
32
35
|
#
|
|
33
|
-
# A {Google::Cloud::Kms::V1::CryptoKey CryptoKey} is made up of one or more
|
|
34
|
-
# represent the actual
|
|
36
|
+
# A {Google::Cloud::Kms::V1::CryptoKey CryptoKey} is made up of one or more
|
|
37
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion versions}, which represent the actual
|
|
38
|
+
# key material used in cryptographic operations.
|
|
35
39
|
# @!attribute [rw] name
|
|
36
40
|
# @return [String]
|
|
37
|
-
# Output only. The resource name for this
|
|
41
|
+
# Output only. The resource name for this
|
|
42
|
+
# {Google::Cloud::Kms::V1::CryptoKey CryptoKey} in the format
|
|
38
43
|
# `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
|
|
39
44
|
# @!attribute [rw] primary
|
|
40
45
|
# @return [Google::Cloud::Kms::V1::CryptoKeyVersion]
|
|
41
|
-
# Output only. A copy of the "primary"
|
|
42
|
-
#
|
|
43
|
-
#
|
|
46
|
+
# Output only. A copy of the "primary"
|
|
47
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} that will be used
|
|
48
|
+
# by {Google::Cloud::Kms::V1::KeyManagementService::Encrypt Encrypt} when this
|
|
49
|
+
# {Google::Cloud::Kms::V1::CryptoKey CryptoKey} is given in
|
|
50
|
+
# {Google::Cloud::Kms::V1::EncryptRequest#name EncryptRequest#name}.
|
|
44
51
|
#
|
|
45
|
-
# The {Google::Cloud::Kms::V1::CryptoKey CryptoKey}'s primary version can be
|
|
52
|
+
# The {Google::Cloud::Kms::V1::CryptoKey CryptoKey}'s primary version can be
|
|
53
|
+
# updated via
|
|
46
54
|
# {Google::Cloud::Kms::V1::KeyManagementService::UpdateCryptoKeyPrimaryVersion UpdateCryptoKeyPrimaryVersion}.
|
|
47
55
|
#
|
|
48
56
|
# All keys with {Google::Cloud::Kms::V1::CryptoKey#purpose purpose}
|
|
49
|
-
# {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}
|
|
50
|
-
# primary. For other keys, this field will be omitted.
|
|
57
|
+
# {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}
|
|
58
|
+
# have a primary. For other keys, this field will be omitted.
|
|
51
59
|
# @!attribute [rw] purpose
|
|
52
60
|
# @return [Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose]
|
|
53
61
|
# The immutable purpose of this {Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
|
|
54
62
|
# @!attribute [rw] create_time
|
|
55
63
|
# @return [Google::Protobuf::Timestamp]
|
|
56
|
-
# Output only. The time at which this
|
|
64
|
+
# Output only. The time at which this
|
|
65
|
+
# {Google::Cloud::Kms::V1::CryptoKey CryptoKey} was created.
|
|
57
66
|
# @!attribute [rw] next_rotation_time
|
|
58
67
|
# @return [Google::Protobuf::Timestamp]
|
|
59
|
-
# At {Google::Cloud::Kms::V1::CryptoKey#next_rotation_time next_rotation_time},
|
|
68
|
+
# At {Google::Cloud::Kms::V1::CryptoKey#next_rotation_time next_rotation_time},
|
|
69
|
+
# the Key Management Service will automatically:
|
|
60
70
|
#
|
|
61
71
|
# 1. Create a new version of this {Google::Cloud::Kms::V1::CryptoKey CryptoKey}.
|
|
62
72
|
# 2. Mark the new version as primary.
|
|
63
73
|
#
|
|
64
74
|
# Key rotations performed manually via
|
|
65
|
-
# {Google::Cloud::Kms::V1::KeyManagementService::CreateCryptoKeyVersion CreateCryptoKeyVersion}
|
|
75
|
+
# {Google::Cloud::Kms::V1::KeyManagementService::CreateCryptoKeyVersion CreateCryptoKeyVersion}
|
|
76
|
+
# and
|
|
66
77
|
# {Google::Cloud::Kms::V1::KeyManagementService::UpdateCryptoKeyPrimaryVersion UpdateCryptoKeyPrimaryVersion}
|
|
67
|
-
# do not affect
|
|
78
|
+
# do not affect
|
|
79
|
+
# {Google::Cloud::Kms::V1::CryptoKey#next_rotation_time next_rotation_time}.
|
|
68
80
|
#
|
|
69
81
|
# Keys with {Google::Cloud::Kms::V1::CryptoKey#purpose purpose}
|
|
70
|
-
# {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}
|
|
71
|
-
# automatic rotation. For other keys, this field must be omitted.
|
|
82
|
+
# {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}
|
|
83
|
+
# support automatic rotation. For other keys, this field must be omitted.
|
|
72
84
|
# @!attribute [rw] rotation_period
|
|
73
85
|
# @return [Google::Protobuf::Duration]
|
|
74
|
-
# {Google::Cloud::Kms::V1::CryptoKey#next_rotation_time next_rotation_time}
|
|
75
|
-
#
|
|
86
|
+
# {Google::Cloud::Kms::V1::CryptoKey#next_rotation_time next_rotation_time}
|
|
87
|
+
# will be advanced by this period when the service automatically rotates a
|
|
88
|
+
# key. Must be at least one day.
|
|
76
89
|
#
|
|
77
|
-
# If {Google::Cloud::Kms::V1::CryptoKey#rotation_period rotation_period} is
|
|
90
|
+
# If {Google::Cloud::Kms::V1::CryptoKey#rotation_period rotation_period} is
|
|
91
|
+
# set,
|
|
92
|
+
# {Google::Cloud::Kms::V1::CryptoKey#next_rotation_time next_rotation_time}
|
|
93
|
+
# must also be set.
|
|
78
94
|
#
|
|
79
95
|
# Keys with {Google::Cloud::Kms::V1::CryptoKey#purpose purpose}
|
|
80
|
-
# {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}
|
|
81
|
-
# automatic rotation. For other keys, this field must be omitted.
|
|
96
|
+
# {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}
|
|
97
|
+
# support automatic rotation. For other keys, this field must be omitted.
|
|
82
98
|
# @!attribute [rw] version_template
|
|
83
99
|
# @return [Google::Cloud::Kms::V1::CryptoKeyVersionTemplate]
|
|
84
|
-
# A template describing settings for new
|
|
85
|
-
#
|
|
86
|
-
# {Google::Cloud::Kms::V1::
|
|
87
|
-
#
|
|
100
|
+
# A template describing settings for new
|
|
101
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} instances. The
|
|
102
|
+
# properties of new {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
|
|
103
|
+
# instances created by either
|
|
104
|
+
# {Google::Cloud::Kms::V1::KeyManagementService::CreateCryptoKeyVersion CreateCryptoKeyVersion}
|
|
105
|
+
# or auto-rotation are controlled by this template.
|
|
88
106
|
# @!attribute [rw] labels
|
|
89
107
|
# @return [Hash{String => String}]
|
|
90
108
|
# Labels with user-defined metadata. For more information, see
|
|
91
109
|
# [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys).
|
|
92
110
|
class CryptoKey
|
|
93
|
-
# {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose CryptoKeyPurpose}
|
|
94
|
-
#
|
|
95
|
-
#
|
|
111
|
+
# {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose CryptoKeyPurpose}
|
|
112
|
+
# describes the cryptographic capabilities of a
|
|
113
|
+
# {Google::Cloud::Kms::V1::CryptoKey CryptoKey}. A given key can only be used
|
|
114
|
+
# for the operations allowed by its purpose.
|
|
96
115
|
module CryptoKeyPurpose
|
|
97
116
|
# Not specified.
|
|
98
117
|
CRYPTO_KEY_PURPOSE_UNSPECIFIED = 0
|
|
99
118
|
|
|
100
|
-
# {Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
|
|
101
|
-
# {Google::Cloud::Kms::V1::KeyManagementService::Encrypt Encrypt} and
|
|
119
|
+
# {Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
|
|
120
|
+
# with {Google::Cloud::Kms::V1::KeyManagementService::Encrypt Encrypt} and
|
|
102
121
|
# {Google::Cloud::Kms::V1::KeyManagementService::Decrypt Decrypt}.
|
|
103
122
|
ENCRYPT_DECRYPT = 1
|
|
104
123
|
|
|
105
|
-
# {Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
|
|
106
|
-
#
|
|
124
|
+
# {Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
|
|
125
|
+
# with
|
|
126
|
+
# {Google::Cloud::Kms::V1::KeyManagementService::AsymmetricSign AsymmetricSign}
|
|
127
|
+
# and
|
|
107
128
|
# {Google::Cloud::Kms::V1::KeyManagementService::GetPublicKey GetPublicKey}.
|
|
108
129
|
ASYMMETRIC_SIGN = 5
|
|
109
130
|
|
|
110
|
-
# {Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
|
|
111
|
-
#
|
|
131
|
+
# {Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
|
|
132
|
+
# with
|
|
133
|
+
# {Google::Cloud::Kms::V1::KeyManagementService::AsymmetricDecrypt AsymmetricDecrypt}
|
|
134
|
+
# and
|
|
112
135
|
# {Google::Cloud::Kms::V1::KeyManagementService::GetPublicKey GetPublicKey}.
|
|
113
136
|
ASYMMETRIC_DECRYPT = 6
|
|
114
137
|
end
|
|
115
138
|
end
|
|
116
139
|
|
|
117
|
-
# A {Google::Cloud::Kms::V1::CryptoKeyVersionTemplate CryptoKeyVersionTemplate}
|
|
118
|
-
#
|
|
119
|
-
# {Google::Cloud::Kms::V1::
|
|
120
|
-
#
|
|
140
|
+
# A {Google::Cloud::Kms::V1::CryptoKeyVersionTemplate CryptoKeyVersionTemplate}
|
|
141
|
+
# specifies the properties to use when creating a new
|
|
142
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}, either manually
|
|
143
|
+
# with
|
|
144
|
+
# {Google::Cloud::Kms::V1::KeyManagementService::CreateCryptoKeyVersion CreateCryptoKeyVersion}
|
|
145
|
+
# or automatically as a result of auto-rotation.
|
|
121
146
|
# @!attribute [rw] protection_level
|
|
122
147
|
# @return [Google::Cloud::Kms::V1::ProtectionLevel]
|
|
123
|
-
# {Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} to use when creating
|
|
124
|
-
#
|
|
148
|
+
# {Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} to use when creating
|
|
149
|
+
# a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} based on this
|
|
150
|
+
# template. Immutable. Defaults to
|
|
151
|
+
# {Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE}.
|
|
125
152
|
# @!attribute [rw] algorithm
|
|
126
153
|
# @return [Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm]
|
|
127
|
-
# Required.
|
|
128
|
-
#
|
|
154
|
+
# Required.
|
|
155
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm Algorithm}
|
|
156
|
+
# to use when creating a
|
|
157
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} based on this
|
|
158
|
+
# template.
|
|
129
159
|
#
|
|
130
160
|
# For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both
|
|
131
|
-
# this field is omitted and
|
|
161
|
+
# this field is omitted and
|
|
162
|
+
# {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose} is
|
|
132
163
|
# {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.
|
|
133
164
|
class CryptoKeyVersionTemplate; end
|
|
134
165
|
|
|
@@ -148,67 +179,86 @@ module Google
|
|
|
148
179
|
# Cavium HSM attestation compressed with gzip. Note that this format is
|
|
149
180
|
# defined by Cavium and subject to change at any time.
|
|
150
181
|
CAVIUM_V1_COMPRESSED = 3
|
|
182
|
+
|
|
183
|
+
# Cavium HSM attestation V2 compressed with gzip. This is a new format
|
|
184
|
+
# Introduced in Cavium's version 3.2-08
|
|
185
|
+
CAVIUM_V2_COMPRESSED = 4
|
|
151
186
|
end
|
|
152
187
|
end
|
|
153
188
|
|
|
154
|
-
# A {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} represents an
|
|
155
|
-
# associated key material.
|
|
189
|
+
# A {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} represents an
|
|
190
|
+
# individual cryptographic key, and the associated key material.
|
|
156
191
|
#
|
|
157
|
-
# An
|
|
158
|
-
#
|
|
192
|
+
# An
|
|
193
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED}
|
|
194
|
+
# version can be used for cryptographic operations.
|
|
159
195
|
#
|
|
160
196
|
# For security reasons, the raw cryptographic key material represented by a
|
|
161
|
-
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} can never be viewed
|
|
162
|
-
# encrypt, decrypt, or sign data when an
|
|
163
|
-
# Cloud KMS.
|
|
197
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} can never be viewed
|
|
198
|
+
# or exported. It can only be used to encrypt, decrypt, or sign data when an
|
|
199
|
+
# authorized user or application invokes Cloud KMS.
|
|
164
200
|
# @!attribute [rw] name
|
|
165
201
|
# @return [String]
|
|
166
|
-
# Output only. The resource name for this
|
|
202
|
+
# Output only. The resource name for this
|
|
203
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} in the format
|
|
167
204
|
# `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
|
|
168
205
|
# @!attribute [rw] state
|
|
169
206
|
# @return [Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState]
|
|
170
|
-
# The current state of the
|
|
207
|
+
# The current state of the
|
|
208
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
|
|
171
209
|
# @!attribute [rw] protection_level
|
|
172
210
|
# @return [Google::Cloud::Kms::V1::ProtectionLevel]
|
|
173
|
-
# Output only. The {Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel}
|
|
174
|
-
# performed with this
|
|
211
|
+
# Output only. The {Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel}
|
|
212
|
+
# describing how crypto operations are performed with this
|
|
213
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
|
|
175
214
|
# @!attribute [rw] algorithm
|
|
176
215
|
# @return [Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm]
|
|
177
|
-
# Output only. The
|
|
178
|
-
# {Google::Cloud::Kms::V1::CryptoKeyVersion
|
|
216
|
+
# Output only. The
|
|
217
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm CryptoKeyVersionAlgorithm}
|
|
218
|
+
# that this {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
|
|
219
|
+
# supports.
|
|
179
220
|
# @!attribute [rw] attestation
|
|
180
221
|
# @return [Google::Cloud::Kms::V1::KeyOperationAttestation]
|
|
181
222
|
# Output only. Statement that was generated and signed by the HSM at key
|
|
182
223
|
# creation time. Use this statement to verify attributes of the key as stored
|
|
183
224
|
# on the HSM, independently of Google. Only provided for key versions with
|
|
184
|
-
# {Google::Cloud::Kms::V1::CryptoKeyVersion#protection_level protection_level}
|
|
225
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion#protection_level protection_level}
|
|
226
|
+
# {Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM}.
|
|
185
227
|
# @!attribute [rw] create_time
|
|
186
228
|
# @return [Google::Protobuf::Timestamp]
|
|
187
|
-
# Output only. The time at which this
|
|
229
|
+
# Output only. The time at which this
|
|
230
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} was created.
|
|
188
231
|
# @!attribute [rw] generate_time
|
|
189
232
|
# @return [Google::Protobuf::Timestamp]
|
|
190
|
-
# Output only. The time this
|
|
233
|
+
# Output only. The time this
|
|
234
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s key material was
|
|
191
235
|
# generated.
|
|
192
236
|
# @!attribute [rw] destroy_time
|
|
193
237
|
# @return [Google::Protobuf::Timestamp]
|
|
194
|
-
# Output only. The time this
|
|
195
|
-
#
|
|
238
|
+
# Output only. The time this
|
|
239
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s key material is
|
|
240
|
+
# scheduled for destruction. Only present if
|
|
241
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion#state state} is
|
|
196
242
|
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED}.
|
|
197
243
|
# @!attribute [rw] destroy_event_time
|
|
198
244
|
# @return [Google::Protobuf::Timestamp]
|
|
199
245
|
# Output only. The time this CryptoKeyVersion's key material was
|
|
200
|
-
# destroyed. Only present if
|
|
246
|
+
# destroyed. Only present if
|
|
247
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion#state state} is
|
|
201
248
|
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED}.
|
|
202
249
|
class CryptoKeyVersion
|
|
203
|
-
# The algorithm of the
|
|
250
|
+
# The algorithm of the
|
|
251
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}, indicating what
|
|
204
252
|
# parameters must be used for each cryptographic operation.
|
|
205
253
|
#
|
|
206
254
|
# The
|
|
207
255
|
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm::GOOGLE_SYMMETRIC_ENCRYPTION GOOGLE_SYMMETRIC_ENCRYPTION}
|
|
208
|
-
# algorithm is usable with
|
|
256
|
+
# algorithm is usable with
|
|
257
|
+
# {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose}
|
|
209
258
|
# {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.
|
|
210
259
|
#
|
|
211
|
-
# Algorithms beginning with "RSA_SIGN_" are usable with
|
|
260
|
+
# Algorithms beginning with "RSA_SIGN_" are usable with
|
|
261
|
+
# {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose}
|
|
212
262
|
# {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ASYMMETRIC_SIGN ASYMMETRIC_SIGN}.
|
|
213
263
|
#
|
|
214
264
|
# The fields in the name after "RSA_SIGN_" correspond to the following
|
|
@@ -226,7 +276,8 @@ module Google
|
|
|
226
276
|
# The fields in the name after "RSA_DECRYPT_" correspond to the following
|
|
227
277
|
# parameters: padding algorithm, modulus bit length, and digest algorithm.
|
|
228
278
|
#
|
|
229
|
-
# Algorithms beginning with "EC_SIGN_" are usable with
|
|
279
|
+
# Algorithms beginning with "EC_SIGN_" are usable with
|
|
280
|
+
# {Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey#purpose}
|
|
230
281
|
# {Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ASYMMETRIC_SIGN ASYMMETRIC_SIGN}.
|
|
231
282
|
#
|
|
232
283
|
# The fields in the name after "EC_SIGN_" correspond to the following
|
|
@@ -272,21 +323,26 @@ module Google
|
|
|
272
323
|
EC_SIGN_P384_SHA384 = 13
|
|
273
324
|
end
|
|
274
325
|
|
|
275
|
-
# The state of a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion},
|
|
326
|
+
# The state of a {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion},
|
|
327
|
+
# indicating if it can be used.
|
|
276
328
|
module CryptoKeyVersionState
|
|
277
329
|
# Not specified.
|
|
278
330
|
CRYPTO_KEY_VERSION_STATE_UNSPECIFIED = 0
|
|
279
331
|
|
|
280
332
|
# This version is still being generated. It may not be used, enabled,
|
|
281
333
|
# disabled, or destroyed yet. Cloud KMS will automatically mark this
|
|
282
|
-
# version
|
|
334
|
+
# version
|
|
335
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED}
|
|
336
|
+
# as soon as the version is ready.
|
|
283
337
|
PENDING_GENERATION = 5
|
|
284
338
|
|
|
285
339
|
# This version may be used for cryptographic operations.
|
|
286
340
|
ENABLED = 1
|
|
287
341
|
|
|
288
342
|
# This version may not be used, but the key material is still available,
|
|
289
|
-
# and the version can be placed back into the
|
|
343
|
+
# and the version can be placed back into the
|
|
344
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED}
|
|
345
|
+
# state.
|
|
290
346
|
DISABLED = 2
|
|
291
347
|
|
|
292
348
|
# This version is destroyed, and the key material is no longer stored.
|
|
@@ -296,26 +352,34 @@ module Google
|
|
|
296
352
|
# This version is scheduled for destruction, and will be destroyed soon.
|
|
297
353
|
# Call
|
|
298
354
|
# {Google::Cloud::Kms::V1::KeyManagementService::RestoreCryptoKeyVersion RestoreCryptoKeyVersion}
|
|
299
|
-
# to put it back into the
|
|
355
|
+
# to put it back into the
|
|
356
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DISABLED DISABLED}
|
|
357
|
+
# state.
|
|
300
358
|
DESTROY_SCHEDULED = 4
|
|
301
359
|
end
|
|
302
360
|
|
|
303
|
-
# A view for {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}s.
|
|
304
|
-
#
|
|
305
|
-
# {Google::Cloud::Kms::V1::
|
|
361
|
+
# A view for {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}s.
|
|
362
|
+
# Controls the level of detail returned for
|
|
363
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} in
|
|
364
|
+
# {Google::Cloud::Kms::V1::KeyManagementService::ListCryptoKeyVersions KeyManagementService::ListCryptoKeyVersions}
|
|
365
|
+
# and
|
|
306
366
|
# {Google::Cloud::Kms::V1::KeyManagementService::ListCryptoKeys KeyManagementService::ListCryptoKeys}.
|
|
307
367
|
module CryptoKeyVersionView
|
|
308
|
-
# Default view for each
|
|
309
|
-
#
|
|
368
|
+
# Default view for each
|
|
369
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. Does not
|
|
370
|
+
# include the
|
|
371
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion#attestation attestation} field.
|
|
310
372
|
CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED = 0
|
|
311
373
|
|
|
312
|
-
# Provides all fields in each
|
|
374
|
+
# Provides all fields in each
|
|
375
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}, including the
|
|
313
376
|
# {Google::Cloud::Kms::V1::CryptoKeyVersion#attestation attestation}.
|
|
314
377
|
FULL = 1
|
|
315
378
|
end
|
|
316
379
|
end
|
|
317
380
|
|
|
318
|
-
# The public key for a given
|
|
381
|
+
# The public key for a given
|
|
382
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. Obtained via
|
|
319
383
|
# {Google::Cloud::Kms::V1::KeyManagementService::GetPublicKey GetPublicKey}.
|
|
320
384
|
# @!attribute [rw] pem
|
|
321
385
|
# @return [String]
|
|
@@ -326,11 +390,13 @@ module Google
|
|
|
326
390
|
# (https://tools.ietf.org/html/rfc7468#section-13).
|
|
327
391
|
# @!attribute [rw] algorithm
|
|
328
392
|
# @return [Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm]
|
|
329
|
-
# The
|
|
330
|
-
#
|
|
393
|
+
# The
|
|
394
|
+
# {Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm Algorithm}
|
|
395
|
+
# associated with this key.
|
|
331
396
|
class PublicKey; end
|
|
332
397
|
|
|
333
|
-
# {Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} specifies how
|
|
398
|
+
# {Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} specifies how
|
|
399
|
+
# cryptographic operations are performed.
|
|
334
400
|
module ProtectionLevel
|
|
335
401
|
# Not specified.
|
|
336
402
|
PROTECTION_LEVEL_UNSPECIFIED = 0
|