| <html><body> |
| <style> |
| |
| body, h1, h2, h3, div, span, p, pre, a { |
| margin: 0; |
| padding: 0; |
| border: 0; |
| font-weight: inherit; |
| font-style: inherit; |
| font-size: 100%; |
| font-family: inherit; |
| vertical-align: baseline; |
| } |
| |
| body { |
| font-size: 13px; |
| padding: 1em; |
| } |
| |
| h1 { |
| font-size: 26px; |
| margin-bottom: 1em; |
| } |
| |
| h2 { |
| font-size: 24px; |
| margin-bottom: 1em; |
| } |
| |
| h3 { |
| font-size: 20px; |
| margin-bottom: 1em; |
| margin-top: 1em; |
| } |
| |
| pre, code { |
| line-height: 1.5; |
| font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; |
| } |
| |
| pre { |
| margin-top: 0.5em; |
| } |
| |
| h1, h2, h3, p { |
| font-family: Arial, sans serif; |
| } |
| |
| h1, h2, h3 { |
| border-bottom: solid #CCC 1px; |
| } |
| |
| .toc_element { |
| margin-top: 0.5em; |
| } |
| |
| .firstline { |
| margin-left: 2 em; |
| } |
| |
| .method { |
| margin-top: 1em; |
| border: solid 1px #CCC; |
| padding: 1em; |
| background: #EEE; |
| } |
| |
| .details { |
| font-weight: bold; |
| font-size: 14px; |
| } |
| |
| </style> |
| |
| <h1><a href="cloudkms_v1.html">Cloud Key Management Service (KMS) API</a> . <a href="cloudkms_v1.projects.html">projects</a> . <a href="cloudkms_v1.projects.locations.html">locations</a> . <a href="cloudkms_v1.projects.locations.keyRings.html">keyRings</a> . <a href="cloudkms_v1.projects.locations.keyRings.cryptoKeys.html">cryptoKeys</a> . <a href="cloudkms_v1.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.html">cryptoKeyVersions</a></h1> |
| <h2>Instance Methods</h2> |
| <p class="toc_element"> |
| <code><a href="#asymmetricDecrypt">asymmetricDecrypt(name, body=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Decrypts data that was encrypted with a public key retrieved from</p> |
| <p class="toc_element"> |
| <code><a href="#asymmetricSign">asymmetricSign(name, body=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Signs data using a CryptoKeyVersion with CryptoKey.purpose</p> |
| <p class="toc_element"> |
| <code><a href="#create">create(parent, body=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Create a new CryptoKeyVersion in a CryptoKey.</p> |
| <p class="toc_element"> |
| <code><a href="#destroy">destroy(name, body=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Schedule a CryptoKeyVersion for destruction.</p> |
| <p class="toc_element"> |
| <code><a href="#get">get(name, x__xgafv=None)</a></code></p> |
| <p class="firstline">Returns metadata for a given CryptoKeyVersion.</p> |
| <p class="toc_element"> |
| <code><a href="#getPublicKey">getPublicKey(name, x__xgafv=None)</a></code></p> |
| <p class="firstline">Returns the public key for the given CryptoKeyVersion. The</p> |
| <p class="toc_element"> |
| <code><a href="#import_">import_(parent, body=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Imports a new CryptoKeyVersion into an existing CryptoKey using the</p> |
| <p class="toc_element"> |
| <code><a href="#list">list(parent, filter=None, orderBy=None, pageToken=None, pageSize=None, view=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Lists CryptoKeyVersions.</p> |
| <p class="toc_element"> |
| <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> |
| <p class="firstline">Retrieves the next page of results.</p> |
| <p class="toc_element"> |
| <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Update a CryptoKeyVersion's metadata.</p> |
| <p class="toc_element"> |
| <code><a href="#restore">restore(name, body=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Restore a CryptoKeyVersion in the</p> |
| <h3>Method Details</h3> |
| <div class="method"> |
| <code class="details" id="asymmetricDecrypt">asymmetricDecrypt(name, body=None, x__xgafv=None)</code> |
| <pre>Decrypts data that was encrypted with a public key retrieved from |
| GetPublicKey corresponding to a CryptoKeyVersion with |
| CryptoKey.purpose ASYMMETRIC_DECRYPT. |
| |
| Args: |
| name: string, Required. The resource name of the CryptoKeyVersion to use for |
| decryption. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # Request message for KeyManagementService.AsymmetricDecrypt. |
| "ciphertextCrc32c": "A String", # Optional. An optional CRC32C checksum of the AsymmetricDecryptRequest.ciphertext. |
| # If specified, KeyManagementService will verify the integrity of the |
| # received AsymmetricDecryptRequest.ciphertext using this checksum. |
| # KeyManagementService will report an error if the checksum verification |
| # fails. If you receive a checksum error, your client should verify that |
| # CRC32C(AsymmetricDecryptRequest.ciphertext) is equal to |
| # AsymmetricDecryptRequest.ciphertext_crc32c, and if so, perform a |
| # limited number of retries. A persistent mismatch may indicate an issue in |
| # your computation of the CRC32C checksum. |
| # Note: This field is defined as int64 for reasons of compatibility across |
| # different languages. However, it is a non-negative integer, which will |
| # never exceed 2^32-1, and can be safely downconverted to uint32 in languages |
| # that support this type. |
| # |
| # NOTE: This field is in Beta. |
| "ciphertext": "A String", # Required. The data encrypted with the named CryptoKeyVersion's public |
| # key using OAEP. |
| } |
| |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # Response message for KeyManagementService.AsymmetricDecrypt. |
| "plaintext": "A String", # The decrypted data originally encrypted with the matching public key. |
| "verifiedCiphertextCrc32c": True or False, # Integrity verification field. A flag indicating whether |
| # AsymmetricDecryptRequest.ciphertext_crc32c was received by |
| # KeyManagementService and used for the integrity verification of the |
| # ciphertext. A false value of this |
| # field indicates either that AsymmetricDecryptRequest.ciphertext_crc32c |
| # was left unset or that it was not delivered to KeyManagementService. If |
| # you've set AsymmetricDecryptRequest.ciphertext_crc32c but this field is |
| # still false, discard the response and perform a limited number of retries. |
| # |
| # NOTE: This field is in Beta. |
| "plaintextCrc32c": "A String", # Integrity verification field. A CRC32C checksum of the returned |
| # AsymmetricDecryptResponse.plaintext. An integrity check of |
| # AsymmetricDecryptResponse.plaintext can be performed by computing the |
| # CRC32C checksum of AsymmetricDecryptResponse.plaintext and comparing |
| # your results to this field. Discard the response in case of non-matching |
| # checksum values, and perform a limited number of retries. A persistent |
| # mismatch may indicate an issue in your computation of the CRC32C checksum. |
| # Note: This field is defined as int64 for reasons of compatibility across |
| # different languages. However, it is a non-negative integer, which will |
| # never exceed 2^32-1, and can be safely downconverted to uint32 in languages |
| # that support this type. |
| # |
| # NOTE: This field is in Beta. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="asymmetricSign">asymmetricSign(name, body=None, x__xgafv=None)</code> |
| <pre>Signs data using a CryptoKeyVersion with CryptoKey.purpose |
| ASYMMETRIC_SIGN, producing a signature that can be verified with the public |
| key retrieved from GetPublicKey. |
| |
| Args: |
| name: string, Required. The resource name of the CryptoKeyVersion to use for signing. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # Request message for KeyManagementService.AsymmetricSign. |
| "digest": { # A Digest holds a cryptographic message digest. # Required. The digest of the data to sign. The digest must be produced with |
| # the same digest algorithm as specified by the key version's |
| # algorithm. |
| "sha384": "A String", # A message digest produced with the SHA-384 algorithm. |
| "sha256": "A String", # A message digest produced with the SHA-256 algorithm. |
| "sha512": "A String", # A message digest produced with the SHA-512 algorithm. |
| }, |
| "digestCrc32c": "A String", # Optional. An optional CRC32C checksum of the AsymmetricSignRequest.digest. If |
| # specified, KeyManagementService will verify the integrity of the |
| # received AsymmetricSignRequest.digest using this checksum. |
| # KeyManagementService will report an error if the checksum verification |
| # fails. If you receive a checksum error, your client should verify that |
| # CRC32C(AsymmetricSignRequest.digest) is equal to |
| # AsymmetricSignRequest.digest_crc32c, and if so, perform a limited |
| # number of retries. A persistent mismatch may indicate an issue in your |
| # computation of the CRC32C checksum. |
| # Note: This field is defined as int64 for reasons of compatibility across |
| # different languages. However, it is a non-negative integer, which will |
| # never exceed 2^32-1, and can be safely downconverted to uint32 in languages |
| # that support this type. |
| # |
| # NOTE: This field is in Beta. |
| } |
| |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # Response message for KeyManagementService.AsymmetricSign. |
| "signatureCrc32c": "A String", # Integrity verification field. A CRC32C checksum of the returned |
| # AsymmetricSignResponse.signature. An integrity check of |
| # AsymmetricSignResponse.signature can be performed by computing the |
| # CRC32C checksum of AsymmetricSignResponse.signature and comparing your |
| # results to this field. Discard the response in case of non-matching |
| # checksum values, and perform a limited number of retries. A persistent |
| # mismatch may indicate an issue in your computation of the CRC32C checksum. |
| # Note: This field is defined as int64 for reasons of compatibility across |
| # different languages. However, it is a non-negative integer, which will |
| # never exceed 2^32-1, and can be safely downconverted to uint32 in languages |
| # that support this type. |
| # |
| # NOTE: This field is in Beta. |
| "verifiedDigestCrc32c": True or False, # Integrity verification field. A flag indicating whether |
| # AsymmetricSignRequest.digest_crc32c was received by |
| # KeyManagementService and used for the integrity verification of the |
| # digest. A false value of this field |
| # indicates either that AsymmetricSignRequest.digest_crc32c was left |
| # unset or that it was not delivered to KeyManagementService. If you've |
| # set AsymmetricSignRequest.digest_crc32c but this field is still false, |
| # discard the response and perform a limited number of retries. |
| # |
| # NOTE: This field is in Beta. |
| "signature": "A String", # The created signature. |
| "name": "A String", # The resource name of the CryptoKeyVersion used for signing. Check |
| # this field to verify that the intended resource was used for signing. |
| # |
| # NOTE: This field is in Beta. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="create">create(parent, body=None, x__xgafv=None)</code> |
| <pre>Create a new CryptoKeyVersion in a CryptoKey. |
| |
| The server will assign the next sequential id. If unset, |
| state will be set to |
| ENABLED. |
| |
| Args: |
| parent: string, Required. The name of the CryptoKey associated with |
| the CryptoKeyVersions. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # A CryptoKeyVersion represents an individual cryptographic key, and the |
| # associated key material. |
| # |
| # An ENABLED version can be |
| # used for cryptographic operations. |
| # |
| # For security reasons, the raw cryptographic key material represented by a |
| # CryptoKeyVersion can never be viewed or exported. It can only be used to |
| # encrypt, decrypt, or sign data when an authorized user or application invokes |
| # Cloud KMS. |
| "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was |
| # generated. |
| "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format |
| # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. |
| "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material |
| # was imported. |
| "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if |
| # state is |
| # IMPORT_FAILED. |
| "state": "A String", # The current state of the CryptoKeyVersion. |
| "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key |
| # creation time. Use this statement to verify attributes of the key as stored |
| # on the HSM, independently of Google. Only provided for key versions with |
| # protection_level HSM. |
| # information, see [Verifying attestations] |
| # (https://cloud.google.com/kms/docs/attest-key). |
| "format": "A String", # Output only. The format of the attestation data. |
| "content": "A String", # Output only. The attestation data provided by the HSM when the key |
| # operation was performed. |
| }, |
| "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created. |
| "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled |
| # for destruction. Only present if state is |
| # DESTROY_SCHEDULED. |
| "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was |
| # destroyed. Only present if state is |
| # DESTROYED. |
| "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are |
| # performed with this CryptoKeyVersion. |
| "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for |
| # configuring a CryptoKeyVersion that are specific to the |
| # EXTERNAL protection level. |
| # configuring a CryptoKeyVersion that are specific to the |
| # EXTERNAL protection level. |
| "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents. |
| }, |
| "importJob": "A String", # Output only. The name of the ImportJob used to import this |
| # CryptoKeyVersion. Only present if the underlying key material was |
| # imported. |
| "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this |
| # CryptoKeyVersion supports. |
| } |
| |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # A CryptoKeyVersion represents an individual cryptographic key, and the |
| # associated key material. |
| # |
| # An ENABLED version can be |
| # used for cryptographic operations. |
| # |
| # For security reasons, the raw cryptographic key material represented by a |
| # CryptoKeyVersion can never be viewed or exported. It can only be used to |
| # encrypt, decrypt, or sign data when an authorized user or application invokes |
| # Cloud KMS. |
| "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was |
| # generated. |
| "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format |
| # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. |
| "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material |
| # was imported. |
| "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if |
| # state is |
| # IMPORT_FAILED. |
| "state": "A String", # The current state of the CryptoKeyVersion. |
| "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key |
| # creation time. Use this statement to verify attributes of the key as stored |
| # on the HSM, independently of Google. Only provided for key versions with |
| # protection_level HSM. |
| # information, see [Verifying attestations] |
| # (https://cloud.google.com/kms/docs/attest-key). |
| "format": "A String", # Output only. The format of the attestation data. |
| "content": "A String", # Output only. The attestation data provided by the HSM when the key |
| # operation was performed. |
| }, |
| "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created. |
| "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled |
| # for destruction. Only present if state is |
| # DESTROY_SCHEDULED. |
| "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was |
| # destroyed. Only present if state is |
| # DESTROYED. |
| "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are |
| # performed with this CryptoKeyVersion. |
| "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for |
| # configuring a CryptoKeyVersion that are specific to the |
| # EXTERNAL protection level. |
| # configuring a CryptoKeyVersion that are specific to the |
| # EXTERNAL protection level. |
| "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents. |
| }, |
| "importJob": "A String", # Output only. The name of the ImportJob used to import this |
| # CryptoKeyVersion. Only present if the underlying key material was |
| # imported. |
| "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this |
| # CryptoKeyVersion supports. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="destroy">destroy(name, body=None, x__xgafv=None)</code> |
| <pre>Schedule a CryptoKeyVersion for destruction. |
| |
| Upon calling this method, CryptoKeyVersion.state will be set to |
| DESTROY_SCHEDULED |
| and destroy_time will be set to a time 24 |
| hours in the future, at which point the state |
| will be changed to |
| DESTROYED, and the key |
| material will be irrevocably destroyed. |
| |
| Before the destroy_time is reached, |
| RestoreCryptoKeyVersion may be called to reverse the process. |
| |
| Args: |
| name: string, Required. The resource name of the CryptoKeyVersion to destroy. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # Request message for KeyManagementService.DestroyCryptoKeyVersion. |
| } |
| |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # A CryptoKeyVersion represents an individual cryptographic key, and the |
| # associated key material. |
| # |
| # An ENABLED version can be |
| # used for cryptographic operations. |
| # |
| # For security reasons, the raw cryptographic key material represented by a |
| # CryptoKeyVersion can never be viewed or exported. It can only be used to |
| # encrypt, decrypt, or sign data when an authorized user or application invokes |
| # Cloud KMS. |
| "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was |
| # generated. |
| "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format |
| # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. |
| "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material |
| # was imported. |
| "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if |
| # state is |
| # IMPORT_FAILED. |
| "state": "A String", # The current state of the CryptoKeyVersion. |
| "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key |
| # creation time. Use this statement to verify attributes of the key as stored |
| # on the HSM, independently of Google. Only provided for key versions with |
| # protection_level HSM. |
| # information, see [Verifying attestations] |
| # (https://cloud.google.com/kms/docs/attest-key). |
| "format": "A String", # Output only. The format of the attestation data. |
| "content": "A String", # Output only. The attestation data provided by the HSM when the key |
| # operation was performed. |
| }, |
| "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created. |
| "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled |
| # for destruction. Only present if state is |
| # DESTROY_SCHEDULED. |
| "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was |
| # destroyed. Only present if state is |
| # DESTROYED. |
| "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are |
| # performed with this CryptoKeyVersion. |
| "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for |
| # configuring a CryptoKeyVersion that are specific to the |
| # EXTERNAL protection level. |
| # configuring a CryptoKeyVersion that are specific to the |
| # EXTERNAL protection level. |
| "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents. |
| }, |
| "importJob": "A String", # Output only. The name of the ImportJob used to import this |
| # CryptoKeyVersion. Only present if the underlying key material was |
| # imported. |
| "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this |
| # CryptoKeyVersion supports. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="get">get(name, x__xgafv=None)</code> |
| <pre>Returns metadata for a given CryptoKeyVersion. |
| |
| Args: |
| name: string, Required. The name of the CryptoKeyVersion to get. (required) |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # A CryptoKeyVersion represents an individual cryptographic key, and the |
| # associated key material. |
| # |
| # An ENABLED version can be |
| # used for cryptographic operations. |
| # |
| # For security reasons, the raw cryptographic key material represented by a |
| # CryptoKeyVersion can never be viewed or exported. It can only be used to |
| # encrypt, decrypt, or sign data when an authorized user or application invokes |
| # Cloud KMS. |
| "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was |
| # generated. |
| "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format |
| # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. |
| "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material |
| # was imported. |
| "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if |
| # state is |
| # IMPORT_FAILED. |
| "state": "A String", # The current state of the CryptoKeyVersion. |
| "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key |
| # creation time. Use this statement to verify attributes of the key as stored |
| # on the HSM, independently of Google. Only provided for key versions with |
| # protection_level HSM. |
| # information, see [Verifying attestations] |
| # (https://cloud.google.com/kms/docs/attest-key). |
| "format": "A String", # Output only. The format of the attestation data. |
| "content": "A String", # Output only. The attestation data provided by the HSM when the key |
| # operation was performed. |
| }, |
| "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created. |
| "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled |
| # for destruction. Only present if state is |
| # DESTROY_SCHEDULED. |
| "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was |
| # destroyed. Only present if state is |
| # DESTROYED. |
| "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are |
| # performed with this CryptoKeyVersion. |
| "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for |
| # configuring a CryptoKeyVersion that are specific to the |
| # EXTERNAL protection level. |
| # configuring a CryptoKeyVersion that are specific to the |
| # EXTERNAL protection level. |
| "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents. |
| }, |
| "importJob": "A String", # Output only. The name of the ImportJob used to import this |
| # CryptoKeyVersion. Only present if the underlying key material was |
| # imported. |
| "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this |
| # CryptoKeyVersion supports. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="getPublicKey">getPublicKey(name, x__xgafv=None)</code> |
| <pre>Returns the public key for the given CryptoKeyVersion. The |
| CryptoKey.purpose must be |
| ASYMMETRIC_SIGN or |
| ASYMMETRIC_DECRYPT. |
| |
| Args: |
| name: string, Required. The name of the CryptoKeyVersion public key to |
| get. (required) |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # The public key for a given CryptoKeyVersion. Obtained via |
| # GetPublicKey. |
| "pemCrc32c": "A String", # Integrity verification field. A CRC32C checksum of the returned |
| # PublicKey.pem. An integrity check of PublicKey.pem can be performed |
| # by computing the CRC32C checksum of PublicKey.pem and |
| # comparing your results to this field. Discard the response in case of |
| # non-matching checksum values, and perform a limited number of retries. A |
| # persistent mismatch may indicate an issue in your computation of the CRC32C |
| # checksum. |
| # Note: This field is defined as int64 for reasons of compatibility across |
| # different languages. However, it is a non-negative integer, which will |
| # never exceed 2^32-1, and can be safely downconverted to uint32 in languages |
| # that support this type. |
| # |
| # NOTE: This field is in Beta. |
| "name": "A String", # The name of the CryptoKeyVersion public key. |
| # Provided here for verification. |
| # |
| # NOTE: This field is in Beta. |
| "algorithm": "A String", # The Algorithm associated |
| # with this key. |
| "pem": "A String", # The public key, encoded in PEM format. For more information, see the |
| # [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for |
| # [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and |
| # [Textual Encoding of Subject Public Key Info] |
| # (https://tools.ietf.org/html/rfc7468#section-13). |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="import_">import_(parent, body=None, x__xgafv=None)</code> |
| <pre>Imports a new CryptoKeyVersion into an existing CryptoKey using the |
| wrapped key material provided in the request. |
| |
| The version ID will be assigned the next sequential id within the |
| CryptoKey. |
| |
| Args: |
| parent: string, Required. The name of the CryptoKey to |
| be imported into. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # Request message for KeyManagementService.ImportCryptoKeyVersion. |
| "rsaAesWrappedKey": "A String", # Wrapped key material produced with |
| # RSA_OAEP_3072_SHA1_AES_256 |
| # or |
| # RSA_OAEP_4096_SHA1_AES_256. |
| # |
| # This field contains the concatenation of two wrapped keys: |
| # <ol> |
| # <li>An ephemeral AES-256 wrapping key wrapped with the |
| # public_key using RSAES-OAEP with SHA-1, |
| # MGF1 with SHA-1, and an empty label. |
| # </li> |
| # <li>The key to be imported, wrapped with the ephemeral AES-256 key |
| # using AES-KWP (RFC 5649). |
| # </li> |
| # </ol> |
| # |
| # If importing symmetric key material, it is expected that the unwrapped |
| # key contains plain bytes. If importing asymmetric key material, it is |
| # expected that the unwrapped key is in PKCS#8-encoded DER format (the |
| # PrivateKeyInfo structure from RFC 5208). |
| # |
| # This format is the same as the format produced by PKCS#11 mechanism |
| # CKM_RSA_AES_KEY_WRAP. |
| "importJob": "A String", # Required. The name of the ImportJob that was used to |
| # wrap this key material. |
| "algorithm": "A String", # Required. The algorithm of |
| # the key being imported. This does not need to match the |
| # version_template of the CryptoKey this |
| # version imports into. |
| } |
| |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # A CryptoKeyVersion represents an individual cryptographic key, and the |
| # associated key material. |
| # |
| # An ENABLED version can be |
| # used for cryptographic operations. |
| # |
| # For security reasons, the raw cryptographic key material represented by a |
| # CryptoKeyVersion can never be viewed or exported. It can only be used to |
| # encrypt, decrypt, or sign data when an authorized user or application invokes |
| # Cloud KMS. |
| "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was |
| # generated. |
| "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format |
| # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. |
| "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material |
| # was imported. |
| "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if |
| # state is |
| # IMPORT_FAILED. |
| "state": "A String", # The current state of the CryptoKeyVersion. |
| "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key |
| # creation time. Use this statement to verify attributes of the key as stored |
| # on the HSM, independently of Google. Only provided for key versions with |
| # protection_level HSM. |
| # information, see [Verifying attestations] |
| # (https://cloud.google.com/kms/docs/attest-key). |
| "format": "A String", # Output only. The format of the attestation data. |
| "content": "A String", # Output only. The attestation data provided by the HSM when the key |
| # operation was performed. |
| }, |
| "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created. |
| "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled |
| # for destruction. Only present if state is |
| # DESTROY_SCHEDULED. |
| "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was |
| # destroyed. Only present if state is |
| # DESTROYED. |
| "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are |
| # performed with this CryptoKeyVersion. |
| "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for |
| # configuring a CryptoKeyVersion that are specific to the |
| # EXTERNAL protection level. |
| # configuring a CryptoKeyVersion that are specific to the |
| # EXTERNAL protection level. |
| "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents. |
| }, |
| "importJob": "A String", # Output only. The name of the ImportJob used to import this |
| # CryptoKeyVersion. Only present if the underlying key material was |
| # imported. |
| "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this |
| # CryptoKeyVersion supports. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="list">list(parent, filter=None, orderBy=None, pageToken=None, pageSize=None, view=None, x__xgafv=None)</code> |
| <pre>Lists CryptoKeyVersions. |
| |
| Args: |
| parent: string, Required. The resource name of the CryptoKey to list, in the format |
| `projects/*/locations/*/keyRings/*/cryptoKeys/*`. (required) |
| filter: string, Optional. Only include resources that match the filter in the response. For |
| more information, see |
| [Sorting and filtering list |
| results](https://cloud.google.com/kms/docs/sorting-and-filtering). |
| orderBy: string, Optional. Specify how the results should be sorted. If not specified, the |
| results will be sorted in the default order. For more information, see |
| [Sorting and filtering list |
| results](https://cloud.google.com/kms/docs/sorting-and-filtering). |
| pageToken: string, Optional. Optional pagination token, returned earlier via |
| ListCryptoKeyVersionsResponse.next_page_token. |
| pageSize: integer, Optional. Optional limit on the number of CryptoKeyVersions to |
| include in the response. Further CryptoKeyVersions can |
| subsequently be obtained by including the |
| ListCryptoKeyVersionsResponse.next_page_token in a subsequent request. |
| If unspecified, the server will pick an appropriate default. |
| view: string, The fields to include in the response. |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # Response message for KeyManagementService.ListCryptoKeyVersions. |
| "cryptoKeyVersions": [ # The list of CryptoKeyVersions. |
| { # A CryptoKeyVersion represents an individual cryptographic key, and the |
| # associated key material. |
| # |
| # An ENABLED version can be |
| # used for cryptographic operations. |
| # |
| # For security reasons, the raw cryptographic key material represented by a |
| # CryptoKeyVersion can never be viewed or exported. It can only be used to |
| # encrypt, decrypt, or sign data when an authorized user or application invokes |
| # Cloud KMS. |
| "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was |
| # generated. |
| "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format |
| # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. |
| "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material |
| # was imported. |
| "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if |
| # state is |
| # IMPORT_FAILED. |
| "state": "A String", # The current state of the CryptoKeyVersion. |
| "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key |
| # creation time. Use this statement to verify attributes of the key as stored |
| # on the HSM, independently of Google. Only provided for key versions with |
| # protection_level HSM. |
| # information, see [Verifying attestations] |
| # (https://cloud.google.com/kms/docs/attest-key). |
| "format": "A String", # Output only. The format of the attestation data. |
| "content": "A String", # Output only. The attestation data provided by the HSM when the key |
| # operation was performed. |
| }, |
| "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created. |
| "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled |
| # for destruction. Only present if state is |
| # DESTROY_SCHEDULED. |
| "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was |
| # destroyed. Only present if state is |
| # DESTROYED. |
| "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are |
| # performed with this CryptoKeyVersion. |
| "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for |
| # configuring a CryptoKeyVersion that are specific to the |
| # EXTERNAL protection level. |
| # configuring a CryptoKeyVersion that are specific to the |
| # EXTERNAL protection level. |
| "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents. |
| }, |
| "importJob": "A String", # Output only. The name of the ImportJob used to import this |
| # CryptoKeyVersion. Only present if the underlying key material was |
| # imported. |
| "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this |
| # CryptoKeyVersion supports. |
| }, |
| ], |
| "totalSize": 42, # The total number of CryptoKeyVersions that matched the |
| # query. |
| "nextPageToken": "A String", # A token to retrieve next page of results. Pass this value in |
| # ListCryptoKeyVersionsRequest.page_token to retrieve the next page of |
| # results. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="list_next">list_next(previous_request, previous_response)</code> |
| <pre>Retrieves the next page of results. |
| |
| Args: |
| previous_request: The request for the previous page. (required) |
| previous_response: The response from the request for the previous page. (required) |
| |
| Returns: |
| A request object that you can call 'execute()' on to request the next |
| page. Returns None if there are no more items in the collection. |
| </pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code> |
| <pre>Update a CryptoKeyVersion's metadata. |
| |
| state may be changed between |
| ENABLED and |
| DISABLED using this |
| method. See DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to |
| move between other states. |
| |
| Args: |
| name: string, Output only. The resource name for this CryptoKeyVersion in the format |
| `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # A CryptoKeyVersion represents an individual cryptographic key, and the |
| # associated key material. |
| # |
| # An ENABLED version can be |
| # used for cryptographic operations. |
| # |
| # For security reasons, the raw cryptographic key material represented by a |
| # CryptoKeyVersion can never be viewed or exported. It can only be used to |
| # encrypt, decrypt, or sign data when an authorized user or application invokes |
| # Cloud KMS. |
| "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was |
| # generated. |
| "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format |
| # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. |
| "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material |
| # was imported. |
| "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if |
| # state is |
| # IMPORT_FAILED. |
| "state": "A String", # The current state of the CryptoKeyVersion. |
| "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key |
| # creation time. Use this statement to verify attributes of the key as stored |
| # on the HSM, independently of Google. Only provided for key versions with |
| # protection_level HSM. |
| # information, see [Verifying attestations] |
| # (https://cloud.google.com/kms/docs/attest-key). |
| "format": "A String", # Output only. The format of the attestation data. |
| "content": "A String", # Output only. The attestation data provided by the HSM when the key |
| # operation was performed. |
| }, |
| "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created. |
| "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled |
| # for destruction. Only present if state is |
| # DESTROY_SCHEDULED. |
| "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was |
| # destroyed. Only present if state is |
| # DESTROYED. |
| "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are |
| # performed with this CryptoKeyVersion. |
| "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for |
| # configuring a CryptoKeyVersion that are specific to the |
| # EXTERNAL protection level. |
| # configuring a CryptoKeyVersion that are specific to the |
| # EXTERNAL protection level. |
| "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents. |
| }, |
| "importJob": "A String", # Output only. The name of the ImportJob used to import this |
| # CryptoKeyVersion. Only present if the underlying key material was |
| # imported. |
| "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this |
| # CryptoKeyVersion supports. |
| } |
| |
| updateMask: string, Required. List of fields to be updated in this request. |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # A CryptoKeyVersion represents an individual cryptographic key, and the |
| # associated key material. |
| # |
| # An ENABLED version can be |
| # used for cryptographic operations. |
| # |
| # For security reasons, the raw cryptographic key material represented by a |
| # CryptoKeyVersion can never be viewed or exported. It can only be used to |
| # encrypt, decrypt, or sign data when an authorized user or application invokes |
| # Cloud KMS. |
| "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was |
| # generated. |
| "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format |
| # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. |
| "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material |
| # was imported. |
| "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if |
| # state is |
| # IMPORT_FAILED. |
| "state": "A String", # The current state of the CryptoKeyVersion. |
| "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key |
| # creation time. Use this statement to verify attributes of the key as stored |
| # on the HSM, independently of Google. Only provided for key versions with |
| # protection_level HSM. |
| # information, see [Verifying attestations] |
| # (https://cloud.google.com/kms/docs/attest-key). |
| "format": "A String", # Output only. The format of the attestation data. |
| "content": "A String", # Output only. The attestation data provided by the HSM when the key |
| # operation was performed. |
| }, |
| "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created. |
| "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled |
| # for destruction. Only present if state is |
| # DESTROY_SCHEDULED. |
| "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was |
| # destroyed. Only present if state is |
| # DESTROYED. |
| "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are |
| # performed with this CryptoKeyVersion. |
| "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for |
| # configuring a CryptoKeyVersion that are specific to the |
| # EXTERNAL protection level. |
| # configuring a CryptoKeyVersion that are specific to the |
| # EXTERNAL protection level. |
| "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents. |
| }, |
| "importJob": "A String", # Output only. The name of the ImportJob used to import this |
| # CryptoKeyVersion. Only present if the underlying key material was |
| # imported. |
| "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this |
| # CryptoKeyVersion supports. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="restore">restore(name, body=None, x__xgafv=None)</code> |
| <pre>Restore a CryptoKeyVersion in the |
| DESTROY_SCHEDULED |
| state. |
| |
| Upon restoration of the CryptoKeyVersion, state |
| will be set to DISABLED, |
| and destroy_time will be cleared. |
| |
| Args: |
| name: string, Required. The resource name of the CryptoKeyVersion to restore. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # Request message for KeyManagementService.RestoreCryptoKeyVersion. |
| } |
| |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # A CryptoKeyVersion represents an individual cryptographic key, and the |
| # associated key material. |
| # |
| # An ENABLED version can be |
| # used for cryptographic operations. |
| # |
| # For security reasons, the raw cryptographic key material represented by a |
| # CryptoKeyVersion can never be viewed or exported. It can only be used to |
| # encrypt, decrypt, or sign data when an authorized user or application invokes |
| # Cloud KMS. |
| "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was |
| # generated. |
| "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format |
| # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. |
| "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material |
| # was imported. |
| "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if |
| # state is |
| # IMPORT_FAILED. |
| "state": "A String", # The current state of the CryptoKeyVersion. |
| "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key |
| # creation time. Use this statement to verify attributes of the key as stored |
| # on the HSM, independently of Google. Only provided for key versions with |
| # protection_level HSM. |
| # information, see [Verifying attestations] |
| # (https://cloud.google.com/kms/docs/attest-key). |
| "format": "A String", # Output only. The format of the attestation data. |
| "content": "A String", # Output only. The attestation data provided by the HSM when the key |
| # operation was performed. |
| }, |
| "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created. |
| "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled |
| # for destruction. Only present if state is |
| # DESTROY_SCHEDULED. |
| "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was |
| # destroyed. Only present if state is |
| # DESTROYED. |
| "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are |
| # performed with this CryptoKeyVersion. |
| "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for |
| # configuring a CryptoKeyVersion that are specific to the |
| # EXTERNAL protection level. |
| # configuring a CryptoKeyVersion that are specific to the |
| # EXTERNAL protection level. |
| "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents. |
| }, |
| "importJob": "A String", # Output only. The name of the ImportJob used to import this |
| # CryptoKeyVersion. Only present if the underlying key material was |
| # imported. |
| "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this |
| # CryptoKeyVersion supports. |
| }</pre> |
| </div> |
| |
| </body></html> |
