chore: Update discovery artifacts (#1291)
* chore: update docs/dyn/index.md
* chore(abusiveexperiencereport): update the api
* chore(acceleratedmobilepageurl): update the api
* chore(accessapproval): update the api
* chore(accesscontextmanager): update the api
* chore(adexchangebuyer2): update the api
* chore(adexperiencereport): update the api
* chore(admob): update the api
* chore(analytics): update the api
* chore(analyticsreporting): update the api
* chore(androiddeviceprovisioning): update the api
* chore(androidenterprise): update the api
* chore(androidpublisher): update the api
* chore(apigateway): update the api
* chore(artifactregistry): update the api
* chore(bigqueryconnection): update the api
* chore(bigquerydatatransfer): update the api
* chore(billingbudgets): update the api
* chore(binaryauthorization): update the api
* chore(blogger): update the api
* chore(books): update the api
* chore(calendar): update the api
* chore(chat): update the api
* chore(chromeuxreport): update the api
* chore(civicinfo): update the api
* chore(classroom): update the api
* chore(cloudbilling): update the api
* chore(cloudbuild): update the api
* chore(clouddebugger): update the api
* chore(clouderrorreporting): update the api
* chore(cloudfunctions): update the api
* chore(cloudidentity): update the api
* chore(cloudiot): update the api
* chore(cloudkms): update the api
* chore(cloudprofiler): update the api
* chore(cloudresourcemanager): update the api
* chore(cloudscheduler): update the api
* chore(cloudshell): update the api
* chore(cloudtasks): update the api
* chore(cloudtrace): update the api
* chore(composer): update the api
* chore(containeranalysis): update the api
* chore(content): update the api
* chore(customsearch): update the api
* chore(datacatalog): update the api
* chore(datafusion): update the api
* chore(datamigration): update the api
* chore(datastore): update the api
* chore(deploymentmanager): update the api
* chore(digitalassetlinks): update the api
* chore(displayvideo): update the api
* chore(dlp): update the api
* chore(dns): update the api
* chore(docs): update the api
* chore(domains): update the api
* chore(domainsrdap): update the api
* chore(doubleclickbidmanager): update the api
* chore(doubleclicksearch): update the api
* chore(drive): update the api
* chore(driveactivity): update the api
* chore(eventarc): update the api
* chore(factchecktools): update the api
* chore(fcm): update the api
* chore(file): update the api
* chore(firebase): update the api
* chore(firebasedatabase): update the api
* chore(firebasedynamiclinks): update the api
* chore(firebasehosting): update the api
* chore(firebaseml): update the api
* chore(firebaserules): update the api
* chore(firestore): update the api
* chore(fitness): update the api
* chore(gamesConfiguration): update the api
* chore(gamesManagement): update the api
* chore(gameservices): update the api
* chore(genomics): update the api
* chore(gmail): update the api
* chore(gmailpostmastertools): update the api
* chore(groupsmigration): update the api
* chore(groupssettings): update the api
* chore(healthcare): update the api
* chore(iam): update the api
* chore(iamcredentials): update the api
* chore(iap): update the api
* chore(identitytoolkit): update the api
* chore(indexing): update the api
* chore(jobs): update the api
* chore(kgsearch): update the api
* chore(language): update the api
* chore(libraryagent): update the api
* chore(licensing): update the api
* chore(lifesciences): update the api
* chore(logging): update the api
* chore(managedidentities): update the api
* chore(manufacturers): update the api
* chore(memcache): update the api
* chore(ml): update the api
* chore(monitoring): update the api
* chore(networkmanagement): update the api
* chore(osconfig): update the api
* chore(pagespeedonline): update the api
* chore(playablelocations): update the api
* chore(playcustomapp): update the api
* chore(policytroubleshooter): update the api
* chore(poly): update the api
* chore(privateca): update the api
* chore(prod_tt_sasportal): update the api
* chore(pubsub): update the api
* chore(pubsublite): update the api
* chore(realtimebidding): update the api
* chore(recommendationengine): update the api
* chore(recommender): update the api
* chore(redis): update the api
* chore(remotebuildexecution): update the api
* chore(reseller): update the api
* chore(runtimeconfig): update the api
* chore(safebrowsing): update the api
* chore(sasportal): update the api
* chore(script): update the api
* chore(searchconsole): update the api
* chore(secretmanager): update the api
* chore(servicecontrol): update the api
* chore(servicedirectory): update the api
* chore(siteVerification): update the api
* chore(slides): update the api
* chore(smartdevicemanagement): update the api
* chore(sourcerepo): update the api
* chore(sqladmin): update the api
* chore(storage): update the api
* chore(storagetransfer): update the api
* chore(streetviewpublish): update the api
* chore(sts): update the api
* chore(tagmanager): update the api
* chore(tasks): update the api
* chore(testing): update the api
* chore(texttospeech): update the api
* chore(toolresults): update the api
* chore(trafficdirector): update the api
* chore(transcoder): update the api
* chore(translate): update the api
* chore(vault): update the api
* chore(vectortile): update the api
* chore(verifiedaccess): update the api
* chore(videointelligence): update the api
* chore(vision): update the api
* chore(webfonts): update the api
* chore(webmasters): update the api
* chore(websecurityscanner): update the api
* chore(workflowexecutions): update the api
* chore(workflows): update the api
* chore(youtubeAnalytics): update the api
* chore(youtubereporting): update the api
* chore(docs): Add new discovery artifacts and reference documents
diff --git a/docs/dyn/dlp_v2.projects.content.html b/docs/dyn/dlp_v2.projects.content.html
index 517c5de..2589b65 100644
--- a/docs/dyn/dlp_v2.projects.content.html
+++ b/docs/dyn/dlp_v2.projects.content.html
@@ -190,7 +190,7 @@
"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
"name": "A String", # Name describing the field.
},
- "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
+ "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.
"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
@@ -464,7 +464,7 @@
"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
"name": "A String", # Name describing the field.
},
- "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
+ "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.
"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
@@ -688,7 +688,7 @@
"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
"name": "A String", # Name describing the field.
},
- "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
+ "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.
"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
@@ -1235,7 +1235,7 @@
"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
"name": "A String", # Name describing the field.
},
- "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
+ "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.
"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
@@ -1459,7 +1459,7 @@
"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
"name": "A String", # Name describing the field.
},
- "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
+ "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.
"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
@@ -1728,7 +1728,7 @@
"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
"name": "A String", # Name describing the field.
},
- "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
+ "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.
"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
@@ -2466,7 +2466,7 @@
"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
"name": "A String", # Name describing the field.
},
- "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
+ "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.
"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
@@ -2740,7 +2740,7 @@
"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
"name": "A String", # Name describing the field.
},
- "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
+ "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.
"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
@@ -2964,7 +2964,7 @@
"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
"name": "A String", # Name describing the field.
},
- "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
+ "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.
"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
@@ -3339,7 +3339,7 @@
"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
"name": "A String", # Name describing the field.
},
- "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
+ "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.
"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
@@ -3563,7 +3563,7 @@
"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
"name": "A String", # Name describing the field.
},
- "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
+ "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.
"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.
@@ -3832,7 +3832,7 @@
"context": { # General identifier of a data field in a storage service. # A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. If the context is not set, plaintext would be used as is for encryption. If the context is set but: 1. there is no record present when transforming a given value or 2. the field is not present when transforming a given value, plaintext would be used as is for encryption. Note that case (1) is expected when an `InfoTypeTransformation` is applied to both structured and non-structured `ContentItem`s.
"name": "A String", # Name describing the field.
},
- "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function.
+ "cryptoKey": { # This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key. # The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.
"kmsWrapped": { # Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt # Kms wrapped key
"cryptoKeyName": "A String", # Required. The resource name of the KMS CryptoKey to use for unwrapping.
"wrappedKey": "A String", # Required. The wrapped data crypto key.