asymmetricDecrypt(name, body, x__xgafv=None)
Decrypts data that was encrypted with a public key retrieved from
asymmetricSign(name, body, x__xgafv=None)
Signs data using a CryptoKeyVersion with CryptoKey.purpose
create(parent, body, x__xgafv=None)
Create a new CryptoKeyVersion in a CryptoKey.
destroy(name, body=None, x__xgafv=None)
Schedule a CryptoKeyVersion for destruction.
Returns metadata for a given CryptoKeyVersion.
getPublicKey(name, x__xgafv=None)
Returns the public key for the given CryptoKeyVersion. The
list(parent, pageSize=None, pageToken=None, x__xgafv=None, view=None)
Lists CryptoKeyVersions.
list_next(previous_request, previous_response)
Retrieves the next page of results.
patch(name, body, updateMask=None, x__xgafv=None)
Update a CryptoKeyVersion's metadata.
restore(name, body=None, x__xgafv=None)
Restore a CryptoKeyVersion in the
asymmetricDecrypt(name, body, x__xgafv=None)
Decrypts data that was encrypted with a public key retrieved from
GetPublicKey corresponding to a CryptoKeyVersion with
CryptoKey.purpose ASYMMETRIC_DECRYPT.
Args:
name: string, Required. The resource name of the CryptoKeyVersion to use for
decryption. (required)
body: object, The request body. (required)
The object takes the form of:
{ # Request message for KeyManagementService.AsymmetricDecrypt.
"ciphertext": "A String", # Required. The data encrypted with the named CryptoKeyVersion's public
# key using OAEP.
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Response message for KeyManagementService.AsymmetricDecrypt.
"plaintext": "A String", # The decrypted data originally encrypted with the matching public key.
}
asymmetricSign(name, body, x__xgafv=None)
Signs data using a CryptoKeyVersion with CryptoKey.purpose
ASYMMETRIC_SIGN, producing a signature that can be verified with the public
key retrieved from GetPublicKey.
Args:
name: string, Required. The resource name of the CryptoKeyVersion to use for signing. (required)
body: object, The request body. (required)
The object takes the form of:
{ # Request message for KeyManagementService.AsymmetricSign.
"digest": { # A Digest holds a cryptographic message digest. # Required. The digest of the data to sign. The digest must be produced with
# the same digest algorithm as specified by the key version's
# algorithm.
"sha256": "A String", # A message digest produced with the SHA-256 algorithm.
"sha512": "A String", # A message digest produced with the SHA-512 algorithm.
"sha384": "A String", # A message digest produced with the SHA-384 algorithm.
},
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Response message for KeyManagementService.AsymmetricSign.
"signature": "A String", # The created signature.
}
create(parent, body, x__xgafv=None)
Create a new CryptoKeyVersion in a CryptoKey.
The server will assign the next sequential id. If unset,
state will be set to
ENABLED.
Args:
parent: string, Required. The name of the CryptoKey associated with
the CryptoKeyVersions. (required)
body: object, The request body. (required)
The object takes the form of:
{ # A CryptoKeyVersion represents an individual cryptographic key, and the
# associated key material.
#
# An ENABLED version can be
# used for cryptographic operations.
#
# For security reasons, the raw cryptographic key material represented by a
# CryptoKeyVersion can never be viewed or exported. It can only be used to
# encrypt, decrypt, or sign data when an authorized user or application invokes
# Cloud KMS.
"destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
# for destruction. Only present if state is
# DESTROY_SCHEDULED.
"name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
# `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
"algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
# CryptoKeyVersion supports.
"protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
# performed with this CryptoKeyVersion.
"attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
# creation time. Use this statement to verify attributes of the key as stored
# on the HSM, independently of Google. Only provided for key versions with
# protection_level HSM.
# information, see [Verifying attestations]
# (https://cloud.google.com/kms/docs/attest-key).
"content": "A String", # Output only. The attestation data provided by the HSM when the key
# operation was performed.
"format": "A String", # Output only. The format of the attestation data.
},
"state": "A String", # The current state of the CryptoKeyVersion.
"destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
# destroyed. Only present if state is
# DESTROYED.
"generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
# generated.
"createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # A CryptoKeyVersion represents an individual cryptographic key, and the
# associated key material.
#
# An ENABLED version can be
# used for cryptographic operations.
#
# For security reasons, the raw cryptographic key material represented by a
# CryptoKeyVersion can never be viewed or exported. It can only be used to
# encrypt, decrypt, or sign data when an authorized user or application invokes
# Cloud KMS.
"destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
# for destruction. Only present if state is
# DESTROY_SCHEDULED.
"name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
# `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
"algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
# CryptoKeyVersion supports.
"protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
# performed with this CryptoKeyVersion.
"attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
# creation time. Use this statement to verify attributes of the key as stored
# on the HSM, independently of Google. Only provided for key versions with
# protection_level HSM.
# information, see [Verifying attestations]
# (https://cloud.google.com/kms/docs/attest-key).
"content": "A String", # Output only. The attestation data provided by the HSM when the key
# operation was performed.
"format": "A String", # Output only. The format of the attestation data.
},
"state": "A String", # The current state of the CryptoKeyVersion.
"destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
# destroyed. Only present if state is
# DESTROYED.
"generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
# generated.
"createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
}
destroy(name, body=None, x__xgafv=None)
Schedule a CryptoKeyVersion for destruction.
Upon calling this method, CryptoKeyVersion.state will be set to
DESTROY_SCHEDULED
and destroy_time will be set to a time 24
hours in the future, at which point the state
will be changed to
DESTROYED, and the key
material will be irrevocably destroyed.
Before the destroy_time is reached,
RestoreCryptoKeyVersion may be called to reverse the process.
Args:
name: string, The resource name of the CryptoKeyVersion to destroy. (required)
body: object, The request body.
The object takes the form of:
{ # Request message for KeyManagementService.DestroyCryptoKeyVersion.
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # A CryptoKeyVersion represents an individual cryptographic key, and the
# associated key material.
#
# An ENABLED version can be
# used for cryptographic operations.
#
# For security reasons, the raw cryptographic key material represented by a
# CryptoKeyVersion can never be viewed or exported. It can only be used to
# encrypt, decrypt, or sign data when an authorized user or application invokes
# Cloud KMS.
"destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
# for destruction. Only present if state is
# DESTROY_SCHEDULED.
"name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
# `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
"algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
# CryptoKeyVersion supports.
"protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
# performed with this CryptoKeyVersion.
"attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
# creation time. Use this statement to verify attributes of the key as stored
# on the HSM, independently of Google. Only provided for key versions with
# protection_level HSM.
# information, see [Verifying attestations]
# (https://cloud.google.com/kms/docs/attest-key).
"content": "A String", # Output only. The attestation data provided by the HSM when the key
# operation was performed.
"format": "A String", # Output only. The format of the attestation data.
},
"state": "A String", # The current state of the CryptoKeyVersion.
"destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
# destroyed. Only present if state is
# DESTROYED.
"generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
# generated.
"createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
}
get(name, x__xgafv=None)
Returns metadata for a given CryptoKeyVersion.
Args:
name: string, The name of the CryptoKeyVersion to get. (required)
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # A CryptoKeyVersion represents an individual cryptographic key, and the
# associated key material.
#
# An ENABLED version can be
# used for cryptographic operations.
#
# For security reasons, the raw cryptographic key material represented by a
# CryptoKeyVersion can never be viewed or exported. It can only be used to
# encrypt, decrypt, or sign data when an authorized user or application invokes
# Cloud KMS.
"destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
# for destruction. Only present if state is
# DESTROY_SCHEDULED.
"name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
# `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
"algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
# CryptoKeyVersion supports.
"protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
# performed with this CryptoKeyVersion.
"attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
# creation time. Use this statement to verify attributes of the key as stored
# on the HSM, independently of Google. Only provided for key versions with
# protection_level HSM.
# information, see [Verifying attestations]
# (https://cloud.google.com/kms/docs/attest-key).
"content": "A String", # Output only. The attestation data provided by the HSM when the key
# operation was performed.
"format": "A String", # Output only. The format of the attestation data.
},
"state": "A String", # The current state of the CryptoKeyVersion.
"destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
# destroyed. Only present if state is
# DESTROYED.
"generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
# generated.
"createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
}
getPublicKey(name, x__xgafv=None)
Returns the public key for the given CryptoKeyVersion. The
CryptoKey.purpose must be
ASYMMETRIC_SIGN or
ASYMMETRIC_DECRYPT.
Args:
name: string, The name of the CryptoKeyVersion public key to
get. (required)
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # The public key for a given CryptoKeyVersion. Obtained via
# GetPublicKey.
"pem": "A String", # The public key, encoded in PEM format. For more information, see the
# [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for
# [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and
# [Textual Encoding of Subject Public Key Info]
# (https://tools.ietf.org/html/rfc7468#section-13).
"algorithm": "A String", # The Algorithm associated
# with this key.
}
list(parent, pageSize=None, pageToken=None, x__xgafv=None, view=None)
Lists CryptoKeyVersions.
Args:
parent: string, Required. The resource name of the CryptoKey to list, in the format
`projects/*/locations/*/keyRings/*/cryptoKeys/*`. (required)
pageSize: integer, Optional limit on the number of CryptoKeyVersions to
include in the response. Further CryptoKeyVersions can
subsequently be obtained by including the
ListCryptoKeyVersionsResponse.next_page_token in a subsequent request.
If unspecified, the server will pick an appropriate default.
pageToken: string, Optional pagination token, returned earlier via
ListCryptoKeyVersionsResponse.next_page_token.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
view: string, The fields to include in the response.
Returns:
An object of the form:
{ # Response message for KeyManagementService.ListCryptoKeyVersions.
"nextPageToken": "A String", # A token to retrieve next page of results. Pass this value in
# ListCryptoKeyVersionsRequest.page_token to retrieve the next page of
# results.
"totalSize": 42, # The total number of CryptoKeyVersions that matched the
# query.
"cryptoKeyVersions": [ # The list of CryptoKeyVersions.
{ # A CryptoKeyVersion represents an individual cryptographic key, and the
# associated key material.
#
# An ENABLED version can be
# used for cryptographic operations.
#
# For security reasons, the raw cryptographic key material represented by a
# CryptoKeyVersion can never be viewed or exported. It can only be used to
# encrypt, decrypt, or sign data when an authorized user or application invokes
# Cloud KMS.
"destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
# for destruction. Only present if state is
# DESTROY_SCHEDULED.
"name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
# `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
"algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
# CryptoKeyVersion supports.
"protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
# performed with this CryptoKeyVersion.
"attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
# creation time. Use this statement to verify attributes of the key as stored
# on the HSM, independently of Google. Only provided for key versions with
# protection_level HSM.
# information, see [Verifying attestations]
# (https://cloud.google.com/kms/docs/attest-key).
"content": "A String", # Output only. The attestation data provided by the HSM when the key
# operation was performed.
"format": "A String", # Output only. The format of the attestation data.
},
"state": "A String", # The current state of the CryptoKeyVersion.
"destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
# destroyed. Only present if state is
# DESTROYED.
"generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
# generated.
"createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
},
],
}
list_next(previous_request, previous_response)
Retrieves the next page of results.
Args:
previous_request: The request for the previous page. (required)
previous_response: The response from the request for the previous page. (required)
Returns:
A request object that you can call 'execute()' on to request the next
page. Returns None if there are no more items in the collection.
patch(name, body, updateMask=None, x__xgafv=None)
Update a CryptoKeyVersion's metadata.
state may be changed between
ENABLED and
DISABLED using this
method. See DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to
move between other states.
Args:
name: string, Output only. The resource name for this CryptoKeyVersion in the format
`projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. (required)
body: object, The request body. (required)
The object takes the form of:
{ # A CryptoKeyVersion represents an individual cryptographic key, and the
# associated key material.
#
# An ENABLED version can be
# used for cryptographic operations.
#
# For security reasons, the raw cryptographic key material represented by a
# CryptoKeyVersion can never be viewed or exported. It can only be used to
# encrypt, decrypt, or sign data when an authorized user or application invokes
# Cloud KMS.
"destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
# for destruction. Only present if state is
# DESTROY_SCHEDULED.
"name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
# `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
"algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
# CryptoKeyVersion supports.
"protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
# performed with this CryptoKeyVersion.
"attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
# creation time. Use this statement to verify attributes of the key as stored
# on the HSM, independently of Google. Only provided for key versions with
# protection_level HSM.
# information, see [Verifying attestations]
# (https://cloud.google.com/kms/docs/attest-key).
"content": "A String", # Output only. The attestation data provided by the HSM when the key
# operation was performed.
"format": "A String", # Output only. The format of the attestation data.
},
"state": "A String", # The current state of the CryptoKeyVersion.
"destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
# destroyed. Only present if state is
# DESTROYED.
"generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
# generated.
"createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
}
updateMask: string, Required list of fields to be updated in this request.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # A CryptoKeyVersion represents an individual cryptographic key, and the
# associated key material.
#
# An ENABLED version can be
# used for cryptographic operations.
#
# For security reasons, the raw cryptographic key material represented by a
# CryptoKeyVersion can never be viewed or exported. It can only be used to
# encrypt, decrypt, or sign data when an authorized user or application invokes
# Cloud KMS.
"destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
# for destruction. Only present if state is
# DESTROY_SCHEDULED.
"name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
# `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
"algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
# CryptoKeyVersion supports.
"protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
# performed with this CryptoKeyVersion.
"attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
# creation time. Use this statement to verify attributes of the key as stored
# on the HSM, independently of Google. Only provided for key versions with
# protection_level HSM.
# information, see [Verifying attestations]
# (https://cloud.google.com/kms/docs/attest-key).
"content": "A String", # Output only. The attestation data provided by the HSM when the key
# operation was performed.
"format": "A String", # Output only. The format of the attestation data.
},
"state": "A String", # The current state of the CryptoKeyVersion.
"destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
# destroyed. Only present if state is
# DESTROYED.
"generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
# generated.
"createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
}
restore(name, body=None, x__xgafv=None)
Restore a CryptoKeyVersion in the
DESTROY_SCHEDULED
state.
Upon restoration of the CryptoKeyVersion, state
will be set to DISABLED,
and destroy_time will be cleared.
Args:
name: string, The resource name of the CryptoKeyVersion to restore. (required)
body: object, The request body.
The object takes the form of:
{ # Request message for KeyManagementService.RestoreCryptoKeyVersion.
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # A CryptoKeyVersion represents an individual cryptographic key, and the
# associated key material.
#
# An ENABLED version can be
# used for cryptographic operations.
#
# For security reasons, the raw cryptographic key material represented by a
# CryptoKeyVersion can never be viewed or exported. It can only be used to
# encrypt, decrypt, or sign data when an authorized user or application invokes
# Cloud KMS.
"destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
# for destruction. Only present if state is
# DESTROY_SCHEDULED.
"name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
# `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
"algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
# CryptoKeyVersion supports.
"protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
# performed with this CryptoKeyVersion.
"attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
# creation time. Use this statement to verify attributes of the key as stored
# on the HSM, independently of Google. Only provided for key versions with
# protection_level HSM.
# information, see [Verifying attestations]
# (https://cloud.google.com/kms/docs/attest-key).
"content": "A String", # Output only. The attestation data provided by the HSM when the key
# operation was performed.
"format": "A String", # Output only. The format of the attestation data.
},
"state": "A String", # The current state of the CryptoKeyVersion.
"destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
# destroyed. Only present if state is
# DESTROYED.
"generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
# generated.
"createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
}