cloudkms/v1 library
Cloud Key Management Service (KMS) API - v1
Manages keys and performs cryptographic operations in a central cloud service, for direct use by other cloud resources and applications.
For more information, see cloud.google.com/kms/
Create an instance of CloudKMSApi to access these resources:
- FoldersResource
- OrganizationsResource
- ProjectsResource
Classes
- AddQuorumMember
- Add a quorum member to the SingleTenantHsmInstance.
- ApproveSingleTenantHsmInstanceProposalRequest
- Request message for HsmManagement.ApproveSingleTenantHsmInstanceProposal.
- AsymmetricDecryptRequest
- Request message for KeyManagementService.AsymmetricDecrypt.
- AsymmetricDecryptResponse
- Response message for KeyManagementService.AsymmetricDecrypt.
- AsymmetricSignRequest
- Request message for KeyManagementService.AsymmetricSign.
- AsymmetricSignResponse
- Response message for KeyManagementService.AsymmetricSign.
- AuditConfig
- Specifies the audit configuration for a service.
- AutokeyConfig
- Cloud KMS Autokey configuration for a folder.
- Binding
-
Associates
members, or principals, with arole. - Certificate
- A Certificate represents an X.509 certificate used to authenticate HTTPS connections to EKM replicas.
- Challenge
- A challenge to be signed by a 2FA key.
- ChallengeReply
- A reply to a challenge signed by a 2FA key.
- ChecksummedData
- Data with integrity verification field.
- CloudKMSApi
- Manages keys and performs cryptographic operations in a central cloud service, for direct use by other cloud resources and applications.
- CryptoKey
- A CryptoKey represents a logical key that can be used for cryptographic operations.
- CryptoKeyVersion
- A CryptoKeyVersion represents an individual cryptographic key, and the associated key material.
- DecapsulateRequest
- Request message for KeyManagementService.Decapsulate.
- DecapsulateResponse
- Response message for KeyManagementService.Decapsulate.
- DecryptRequest
- Request message for KeyManagementService.Decrypt.
- DecryptResponse
- Response message for KeyManagementService.Decrypt.
- Digest
- A Digest holds a cryptographic message digest.
- EkmConfig
- An EkmConfig is a singleton resource that represents configuration parameters that apply to all CryptoKeys and CryptoKeyVersions with a ProtectionLevel of EXTERNAL_VPC in a given project and location.
- EkmConnection
- An EkmConnection represents an individual EKM connection.
- EncryptRequest
- Request message for KeyManagementService.Encrypt.
- EncryptResponse
- Response message for KeyManagementService.Encrypt.
- FoldersResource
- GenerateRandomBytesRequest
- Request message for KeyManagementService.GenerateRandomBytes.
- GenerateRandomBytesResponse
- Response message for KeyManagementService.GenerateRandomBytes.
- ImportCryptoKeyVersionRequest
- Request message for KeyManagementService.ImportCryptoKeyVersion.
- ImportJob
- An ImportJob can be used to create CryptoKeys and CryptoKeyVersions using pre-existing key material, generated outside of Cloud KMS.
- KeyAccessJustificationsEnrollmentConfig
- The configuration of a protection level for a project's Key Access Justifications enrollment.
- KeyAccessJustificationsPolicyConfig
- A singleton configuration for Key Access Justifications policies.
- KeyHandle
- Resource-oriented representation of a request to Cloud KMS Autokey and the resulting provisioning of a CryptoKey.
- KeyOperationAttestation
- Contains an HSM-generated attestation about a key operation.
- KeyRing
- A KeyRing is a toplevel logical grouping of CryptoKeys.
- ListCryptoKeysResponse
- Response message for KeyManagementService.ListCryptoKeys.
- ListCryptoKeyVersionsResponse
- Response message for KeyManagementService.ListCryptoKeyVersions.
- ListEkmConnectionsResponse
- Response message for EkmService.ListEkmConnections.
- ListImportJobsResponse
- Response message for KeyManagementService.ListImportJobs.
- ListKeyHandlesResponse
- Response message for Autokey.ListKeyHandles.
- ListKeyRingsResponse
- Response message for KeyManagementService.ListKeyRings.
- ListLocationsResponse
- The response message for Locations.ListLocations.
- ListSingleTenantHsmInstanceProposalsResponse
- Response message for HsmManagement.ListSingleTenantHsmInstanceProposals.
- ListSingleTenantHsmInstancesResponse
- Response message for HsmManagement.ListSingleTenantHsmInstances.
- MacSignRequest
- Request message for KeyManagementService.MacSign.
- MacSignResponse
- Response message for KeyManagementService.MacSign.
- MacVerifyRequest
- Request message for KeyManagementService.MacVerify.
- MacVerifyResponse
- Response message for KeyManagementService.MacVerify.
- Operation
- This resource represents a long-running operation that is the result of a network API call.
- OrganizationsResource
- Policy
- An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.
- ProjectsLocationsEkmConfigResource
- ProjectsLocationsEkmConnectionsResource
- ProjectsLocationsKeyHandlesResource
- ProjectsLocationsKeyRingsCryptoKeysCryptoKeyVersionsResource
- ProjectsLocationsKeyRingsCryptoKeysResource
- ProjectsLocationsKeyRingsImportJobsResource
- ProjectsLocationsKeyRingsResource
- ProjectsLocationsOperationsResource
- ProjectsLocationsResource
- ProjectsLocationsSingleTenantHsmInstancesProposalsResource
- ProjectsLocationsSingleTenantHsmInstancesResource
- ProjectsResource
- PublicKey
- The public keys for a given CryptoKeyVersion.
- QuorumAuth
- Configuration for M of N quorum auth.
- QuorumParameters
- Parameters of quorum approval for the SingleTenantHsmInstanceProposal.
- QuorumReply
- The reply to QuorumParameters for approving the proposal.
- RawDecryptRequest
- Request message for KeyManagementService.RawDecrypt.
- RawDecryptResponse
- Response message for KeyManagementService.RawDecrypt.
- RawEncryptRequest
- Request message for KeyManagementService.RawEncrypt.
- RawEncryptResponse
- Response message for KeyManagementService.RawEncrypt.
- RegisterTwoFactorAuthKeys
- Register 2FA keys for the SingleTenantHsmInstance.
- RemoveQuorumMember
- Remove a quorum member from the SingleTenantHsmInstance.
- RequiredActionQuorumParameters
- Parameters for an approval that has both required challenges and a quorum.
- RequiredActionQuorumReply
- The reply to RequiredActionQuorumParameters for approving the proposal.
- ServiceResolver
- A ServiceResolver represents an EKM replica that can be reached within an EkmConnection.
- SetIamPolicyRequest
-
Request message for
SetIamPolicymethod. - ShowEffectiveAutokeyConfigResponse
- Response message for ShowEffectiveAutokeyConfig.
- ShowEffectiveKeyAccessJustificationsEnrollmentConfigResponse
- Response message for KeyAccessJustificationsConfig.ShowEffectiveKeyAccessJustificationsEnrollmentConfig
- ShowEffectiveKeyAccessJustificationsPolicyConfigResponse
- Response message for KeyAccessJustificationsConfig.ShowEffectiveKeyAccessJustificationsPolicyConfig.
- SingleTenantHsmInstance
- A SingleTenantHsmInstance represents a single-tenant HSM instance.
- SingleTenantHsmInstanceProposal
- A SingleTenantHsmInstanceProposal represents a proposal to perform an operation on a SingleTenantHsmInstance.
- UpdateCryptoKeyPrimaryVersionRequest
- Request message for KeyManagementService.UpdateCryptoKeyPrimaryVersion.
- WrappingPublicKey
- The public key component of the wrapping key.
Typedefs
- ApproveSingleTenantHsmInstanceProposalResponse = $Empty
- Response message for HsmManagement.ApproveSingleTenantHsmInstanceProposal.
- AuditLogConfig = $AuditLogConfig
- Provides the configuration for logging a type of permissions.
- CertificateChains = $CertificateChains
- Certificate chains needed to verify the attestation.
- CryptoKeyVersionTemplate = $CryptoKeyVersionTemplate
- A CryptoKeyVersionTemplate specifies the properties to use when creating a new CryptoKeyVersion, either manually with CreateCryptoKeyVersion or automatically as a result of auto-rotation.
- DeleteSingleTenantHsmInstance = $Empty
- Delete the SingleTenantHsmInstance.
- DestroyCryptoKeyVersionRequest = $Empty
- Request message for KeyManagementService.DestroyCryptoKeyVersion.
- DisableSingleTenantHsmInstance = $Empty
- Disable the SingleTenantHsmInstance.
- Empty = $Empty
- A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs.
- EnableSingleTenantHsmInstance = $Empty
- Enable the SingleTenantHsmInstance.
- ExecuteSingleTenantHsmInstanceProposalRequest = $Empty
- Request message for HsmManagement.ExecuteSingleTenantHsmInstanceProposal.
- Expr = $Expr
- Represents a textual expression in the Common Expression Language (CEL) syntax.
- ExternalProtectionLevelOptions = $ExternalProtectionLevelOptions
- ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
- KeyAccessJustificationsPolicy = $KeyAccessJustificationsPolicy
- A KeyAccessJustificationsPolicy specifies zero or more allowed AccessReason values for encrypt, decrypt, and sign operations on a CryptoKey.
- Location = $Location00
- A resource that represents a Google Cloud location.
- RefreshSingleTenantHsmInstance = $Empty
- Refreshes the SingleTenantHsmInstance.
- RestoreCryptoKeyVersionRequest = $Empty
- Request message for KeyManagementService.RestoreCryptoKeyVersion.
- Status = $Status00
-
The
Statustype defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. - TestIamPermissionsRequest = $TestIamPermissionsRequest00
-
Request message for
TestIamPermissionsmethod. - TestIamPermissionsResponse = $PermissionsResponse
-
Response message for
TestIamPermissionsmethod. - VerifyConnectivityResponse = $Empty
- Response message for EkmService.VerifyConnectivity.
Exceptions / Errors
- ApiRequestError
- Represents a general error reported by the API endpoint.
- DetailedApiRequestError
- Represents a specific error reported by the API endpoint.