KMS Inventory V1 API - Class Google::Cloud::Kms::V1::CryptoKey (v0.11.1)

Reference documentation and code samples for the KMS Inventory V1 API class Google::Cloud::Kms::V1::CryptoKey.

A CryptoKey represents a logical key that can be used for cryptographic operations.

A CryptoKey is made up of zero or more versions, which represent the actual key material used in cryptographic operations.

Inherits

  • Object

Extended By

  • Google::Protobuf::MessageExts::ClassMethods

Includes

  • Google::Protobuf::MessageExts

Methods

#create_time

def create_time() -> ::Google::Protobuf::Timestamp
Returns

#crypto_key_backend

def crypto_key_backend() -> ::String
Returns
  • (::String) — Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of [EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC], with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.

#crypto_key_backend=

def crypto_key_backend=(value) -> ::String
Parameter
  • value (::String) — Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of [EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC], with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.
Returns
  • (::String) — Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of [EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC], with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.

#destroy_scheduled_duration

def destroy_scheduled_duration() -> ::Google::Protobuf::Duration
Returns

#destroy_scheduled_duration=

def destroy_scheduled_duration=(value) -> ::Google::Protobuf::Duration
Parameter
Returns

#import_only

def import_only() -> ::Boolean
Returns
  • (::Boolean) — Immutable. Whether this key may contain imported versions only.

#import_only=

def import_only=(value) -> ::Boolean
Parameter
  • value (::Boolean) — Immutable. Whether this key may contain imported versions only.
Returns
  • (::Boolean) — Immutable. Whether this key may contain imported versions only.

#key_access_justifications_policy

def key_access_justifications_policy() -> ::Google::Cloud::Kms::V1::KeyAccessJustificationsPolicy
Returns
  • (::Google::Cloud::Kms::V1::KeyAccessJustificationsPolicy) — Optional. The policy used for Key Access Justifications Policy Enforcement. If this field is present and this key is enrolled in Key Access Justifications Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if rejected by the policy. The policy is defined by specifying zero or more allowed justification codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes By default, this field is absent, and all justification codes are allowed.

#key_access_justifications_policy=

def key_access_justifications_policy=(value) -> ::Google::Cloud::Kms::V1::KeyAccessJustificationsPolicy
Parameter
  • value (::Google::Cloud::Kms::V1::KeyAccessJustificationsPolicy) — Optional. The policy used for Key Access Justifications Policy Enforcement. If this field is present and this key is enrolled in Key Access Justifications Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if rejected by the policy. The policy is defined by specifying zero or more allowed justification codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes By default, this field is absent, and all justification codes are allowed.
Returns
  • (::Google::Cloud::Kms::V1::KeyAccessJustificationsPolicy) — Optional. The policy used for Key Access Justifications Policy Enforcement. If this field is present and this key is enrolled in Key Access Justifications Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if rejected by the policy. The policy is defined by specifying zero or more allowed justification codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes By default, this field is absent, and all justification codes are allowed.

#labels

def labels() -> ::Google::Protobuf::Map{::String => ::String}
Returns
  • (::Google::Protobuf::Map{::String => ::String}) — Labels with user-defined metadata. For more information, see Labeling Keys.

#labels=

def labels=(value) -> ::Google::Protobuf::Map{::String => ::String}
Parameter
  • value (::Google::Protobuf::Map{::String => ::String}) — Labels with user-defined metadata. For more information, see Labeling Keys.
Returns
  • (::Google::Protobuf::Map{::String => ::String}) — Labels with user-defined metadata. For more information, see Labeling Keys.

#name

def name() -> ::String
Returns
  • (::String) — Output only. The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.

#next_rotation_time

def next_rotation_time() -> ::Google::Protobuf::Timestamp
Returns
  • (::Google::Protobuf::Timestamp) — At next_rotation_time, the Key Management Service will automatically:

    1. Create a new version of this CryptoKey.
    2. Mark the new version as primary.

    Key rotations performed manually via [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] and [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion] do not affect next_rotation_time.

    Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

#next_rotation_time=

def next_rotation_time=(value) -> ::Google::Protobuf::Timestamp
Parameter
  • value (::Google::Protobuf::Timestamp) — At next_rotation_time, the Key Management Service will automatically:

    1. Create a new version of this CryptoKey.
    2. Mark the new version as primary.

    Key rotations performed manually via [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] and [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion] do not affect next_rotation_time.

    Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

Returns
  • (::Google::Protobuf::Timestamp) — At next_rotation_time, the Key Management Service will automatically:

    1. Create a new version of this CryptoKey.
    2. Mark the new version as primary.

    Key rotations performed manually via [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] and [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion] do not affect next_rotation_time.

    Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

#primary

def primary() -> ::Google::Cloud::Kms::V1::CryptoKeyVersion
Returns
  • (::Google::Cloud::Kms::V1::CryptoKeyVersion) — Output only. A copy of the "primary" CryptoKeyVersion that will be used by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] when this CryptoKey is given in [EncryptRequest.name][google.cloud.kms.v1.EncryptRequest.name].

    The CryptoKey's primary version can be updated via [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion].

    Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

#purpose

def purpose() -> ::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose
Returns

#purpose=

def purpose=(value) -> ::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose
Parameter
Returns

#rotation_period

def rotation_period() -> ::Google::Protobuf::Duration
Returns

#rotation_period=

def rotation_period=(value) -> ::Google::Protobuf::Duration
Parameter
Returns

#version_template

def version_template() -> ::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate
Returns

#version_template=

def version_template=(value) -> ::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate
Parameter
Returns