blob: d07e7e271cbcddb79c61f7544720dd59fdba2fc2 [file] [log] [blame]
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -04001<html><body>
2<style>
3
4body, h1, h2, h3, div, span, p, pre, a {
5 margin: 0;
6 padding: 0;
7 border: 0;
8 font-weight: inherit;
9 font-style: inherit;
10 font-size: 100%;
11 font-family: inherit;
12 vertical-align: baseline;
13}
14
15body {
16 font-size: 13px;
17 padding: 1em;
18}
19
20h1 {
21 font-size: 26px;
22 margin-bottom: 1em;
23}
24
25h2 {
26 font-size: 24px;
27 margin-bottom: 1em;
28}
29
30h3 {
31 font-size: 20px;
32 margin-bottom: 1em;
33 margin-top: 1em;
34}
35
36pre, code {
37 line-height: 1.5;
38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
39}
40
41pre {
42 margin-top: 0.5em;
43}
44
45h1, h2, h3, p {
46 font-family: Arial, sans serif;
47}
48
49h1, h2, h3 {
50 border-bottom: solid #CCC 1px;
51}
52
53.toc_element {
54 margin-top: 0.5em;
55}
56
57.firstline {
58 margin-left: 2 em;
59}
60
61.method {
62 margin-top: 1em;
63 border: solid 1px #CCC;
64 padding: 1em;
65 background: #EEE;
66}
67
68.details {
69 font-weight: bold;
70 font-size: 14px;
71}
72
73</style>
74
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070075<h1><a href="cloudkms_v1.html">Cloud Key Management Service (KMS) API</a> . <a href="cloudkms_v1.projects.html">projects</a> . <a href="cloudkms_v1.projects.locations.html">locations</a> . <a href="cloudkms_v1.projects.locations.keyRings.html">keyRings</a> . <a href="cloudkms_v1.projects.locations.keyRings.cryptoKeys.html">cryptoKeys</a> . <a href="cloudkms_v1.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions.html">cryptoKeyVersions</a></h1>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -040076<h2>Instance Methods</h2>
77<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -070078 <code><a href="#asymmetricDecrypt">asymmetricDecrypt(name, body=None, x__xgafv=None)</a></code></p>
Dmitry Frenkel3e17f892020-10-06 16:46:05 -070079<p class="firstline">Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT.</p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070080<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -070081 <code><a href="#asymmetricSign">asymmetricSign(name, body=None, x__xgafv=None)</a></code></p>
Dmitry Frenkel3e17f892020-10-06 16:46:05 -070082<p class="firstline">Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.</p>
83<p class="toc_element">
84 <code><a href="#close">close()</a></code></p>
85<p class="firstline">Close httplib2 connections.</p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070086<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -070087 <code><a href="#create">create(parent, body=None, x__xgafv=None)</a></code></p>
Dmitry Frenkel3e17f892020-10-06 16:46:05 -070088<p class="firstline">Create a new CryptoKeyVersion in a CryptoKey. The server will assign the next sequential id. If unset, state will be set to ENABLED.</p>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -040089<p class="toc_element">
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070090 <code><a href="#destroy">destroy(name, body=None, x__xgafv=None)</a></code></p>
Dmitry Frenkel3e17f892020-10-06 16:46:05 -070091<p class="firstline">Schedule a CryptoKeyVersion for destruction. Upon calling this method, CryptoKeyVersion.state will be set to DESTROY_SCHEDULED and destroy_time will be set to a time 24 hours in the future, at which point the state will be changed to DESTROYED, and the key material will be irrevocably destroyed. Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to reverse the process.</p>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -040092<p class="toc_element">
93 <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
94<p class="firstline">Returns metadata for a given CryptoKeyVersion.</p>
95<p class="toc_element">
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070096 <code><a href="#getPublicKey">getPublicKey(name, x__xgafv=None)</a></code></p>
Dmitry Frenkel3e17f892020-10-06 16:46:05 -070097<p class="firstline">Returns the public key for the given CryptoKeyVersion. The CryptoKey.purpose must be ASYMMETRIC_SIGN or ASYMMETRIC_DECRYPT.</p>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -070098<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -070099 <code><a href="#import_">import_(parent, body=None, x__xgafv=None)</a></code></p>
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700100<p class="firstline">Imports a new CryptoKeyVersion into an existing CryptoKey using the wrapped key material provided in the request. The version ID will be assigned the next sequential id within the CryptoKey.</p>
Dan O'Mearadd494642020-05-01 07:42:23 -0700101<p class="toc_element">
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800102 <code><a href="#list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, view=None, x__xgafv=None)</a></code></p>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400103<p class="firstline">Lists CryptoKeyVersions.</p>
104<p class="toc_element">
105 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
106<p class="firstline">Retrieves the next page of results.</p>
107<p class="toc_element">
Dan O'Mearadd494642020-05-01 07:42:23 -0700108 <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700109<p class="firstline">Update a CryptoKeyVersion's metadata. state may be changed between ENABLED and DISABLED using this method. See DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to move between other states.</p>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400110<p class="toc_element">
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700111 <code><a href="#restore">restore(name, body=None, x__xgafv=None)</a></code></p>
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700112<p class="firstline">Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state. Upon restoration of the CryptoKeyVersion, state will be set to DISABLED, and destroy_time will be cleared.</p>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400113<h3>Method Details</h3>
114<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -0700115 <code class="details" id="asymmetricDecrypt">asymmetricDecrypt(name, body=None, x__xgafv=None)</code>
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700116 <pre>Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700117
118Args:
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700119 name: string, Required. The resource name of the CryptoKeyVersion to use for decryption. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -0700120 body: object, The request body.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700121 The object takes the form of:
122
123{ # Request message for KeyManagementService.AsymmetricDecrypt.
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800124 &quot;ciphertext&quot;: &quot;A String&quot;, # Required. The data encrypted with the named CryptoKeyVersion&#x27;s public key using OAEP.
125 &quot;ciphertextCrc32c&quot;: &quot;A String&quot;, # Optional. An optional CRC32C checksum of the AsymmetricDecryptRequest.ciphertext. If specified, KeyManagementService will verify the integrity of the received AsymmetricDecryptRequest.ciphertext using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(AsymmetricDecryptRequest.ciphertext) is equal to AsymmetricDecryptRequest.ciphertext_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. NOTE: This field is in Beta.
126}
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700127
128 x__xgafv: string, V1 error format.
129 Allowed values
130 1 - v1 error format
131 2 - v2 error format
132
133Returns:
134 An object of the form:
135
136 { # Response message for KeyManagementService.AsymmetricDecrypt.
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800137 &quot;plaintext&quot;: &quot;A String&quot;, # The decrypted data originally encrypted with the matching public key.
138 &quot;plaintextCrc32c&quot;: &quot;A String&quot;, # Integrity verification field. A CRC32C checksum of the returned AsymmetricDecryptResponse.plaintext. An integrity check of AsymmetricDecryptResponse.plaintext can be performed by computing the CRC32C checksum of AsymmetricDecryptResponse.plaintext and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. NOTE: This field is in Beta.
139 &quot;verifiedCiphertextCrc32c&quot;: True or False, # Integrity verification field. A flag indicating whether AsymmetricDecryptRequest.ciphertext_crc32c was received by KeyManagementService and used for the integrity verification of the ciphertext. A false value of this field indicates either that AsymmetricDecryptRequest.ciphertext_crc32c was left unset or that it was not delivered to KeyManagementService. If you&#x27;ve set AsymmetricDecryptRequest.ciphertext_crc32c but this field is still false, discard the response and perform a limited number of retries. NOTE: This field is in Beta.
140}</pre>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700141</div>
142
143<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -0700144 <code class="details" id="asymmetricSign">asymmetricSign(name, body=None, x__xgafv=None)</code>
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700145 <pre>Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700146
147Args:
148 name: string, Required. The resource name of the CryptoKeyVersion to use for signing. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -0700149 body: object, The request body.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700150 The object takes the form of:
151
152{ # Request message for KeyManagementService.AsymmetricSign.
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800153 &quot;digest&quot;: { # A Digest holds a cryptographic message digest. # Required. The digest of the data to sign. The digest must be produced with the same digest algorithm as specified by the key version&#x27;s algorithm.
154 &quot;sha256&quot;: &quot;A String&quot;, # A message digest produced with the SHA-256 algorithm.
155 &quot;sha384&quot;: &quot;A String&quot;, # A message digest produced with the SHA-384 algorithm.
156 &quot;sha512&quot;: &quot;A String&quot;, # A message digest produced with the SHA-512 algorithm.
157 },
158 &quot;digestCrc32c&quot;: &quot;A String&quot;, # Optional. An optional CRC32C checksum of the AsymmetricSignRequest.digest. If specified, KeyManagementService will verify the integrity of the received AsymmetricSignRequest.digest using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(AsymmetricSignRequest.digest) is equal to AsymmetricSignRequest.digest_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. NOTE: This field is in Beta.
159}
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700160
161 x__xgafv: string, V1 error format.
162 Allowed values
163 1 - v1 error format
164 2 - v2 error format
165
166Returns:
167 An object of the form:
168
169 { # Response message for KeyManagementService.AsymmetricSign.
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800170 &quot;name&quot;: &quot;A String&quot;, # The resource name of the CryptoKeyVersion used for signing. Check this field to verify that the intended resource was used for signing. NOTE: This field is in Beta.
171 &quot;signature&quot;: &quot;A String&quot;, # The created signature.
172 &quot;signatureCrc32c&quot;: &quot;A String&quot;, # Integrity verification field. A CRC32C checksum of the returned AsymmetricSignResponse.signature. An integrity check of AsymmetricSignResponse.signature can be performed by computing the CRC32C checksum of AsymmetricSignResponse.signature and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. NOTE: This field is in Beta.
173 &quot;verifiedDigestCrc32c&quot;: True or False, # Integrity verification field. A flag indicating whether AsymmetricSignRequest.digest_crc32c was received by KeyManagementService and used for the integrity verification of the digest. A false value of this field indicates either that AsymmetricSignRequest.digest_crc32c was left unset or that it was not delivered to KeyManagementService. If you&#x27;ve set AsymmetricSignRequest.digest_crc32c but this field is still false, discard the response and perform a limited number of retries. NOTE: This field is in Beta.
174}</pre>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700175</div>
176
177<div class="method">
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700178 <code class="details" id="close">close()</code>
179 <pre>Close httplib2 connections.</pre>
180</div>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400181
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700182<div class="method">
183 <code class="details" id="create">create(parent, body=None, x__xgafv=None)</code>
184 <pre>Create a new CryptoKeyVersion in a CryptoKey. The server will assign the next sequential id. If unset, state will be set to ENABLED.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400185
186Args:
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700187 parent: string, Required. The name of the CryptoKey associated with the CryptoKeyVersions. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -0700188 body: object, The request body.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400189 The object takes the form of:
190
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700191{ # A CryptoKeyVersion represents an individual cryptographic key, and the associated key material. An ENABLED version can be used for cryptographic operations. For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS.
Yoshi Automation Bot0bf565c2020-12-09 08:56:03 -0800192 &quot;algorithm&quot;: &quot;A String&quot;, # Output only. The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700193 &quot;attestation&quot;: { # Contains an HSM-generated attestation about a key operation. For more information, see [Verifying attestations] (https://cloud.google.com/kms/docs/attest-key). # Output only. Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700194 &quot;certChains&quot;: { # Certificate chains needed to verify the attestation. Certificates in chains are PEM-encoded and are ordered based on https://tools.ietf.org/html/rfc5246#section-7.4.2. # Output only. The certificate chains needed to validate the attestation
Yoshi Automation Bot0bf565c2020-12-09 08:56:03 -0800195 &quot;caviumCerts&quot;: [ # Cavium certificate chain corresponding to the attestation.
Bu Sun Kim673ec5c2020-11-16 11:05:03 -0700196 &quot;A String&quot;,
197 ],
Yoshi Automation Botc2228be2020-11-24 15:48:03 -0800198 &quot;googleCardCerts&quot;: [ # Google card certificate chain corresponding to the attestation.
199 &quot;A String&quot;,
200 ],
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800201 &quot;googlePartitionCerts&quot;: [ # Google partition certificate chain corresponding to the attestation.
202 &quot;A String&quot;,
203 ],
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700204 },
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800205 &quot;content&quot;: &quot;A String&quot;, # Output only. The attestation data provided by the HSM when the key operation was performed.
206 &quot;format&quot;: &quot;A String&quot;, # Output only. The format of the attestation data.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700207 },
Yoshi Automation Bot0bf565c2020-12-09 08:56:03 -0800208 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800209 &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was destroyed. Only present if state is DESTROYED.
210 &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800211 &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level. # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level.
212 &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
213 },
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800214 &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was generated.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800215 &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of an import failure. Only present if state is IMPORT_FAILED.
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800216 &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used to import this CryptoKeyVersion. Only present if the underlying key material was imported.
217 &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material was imported.
218 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for this CryptoKeyVersion in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
219 &quot;protectionLevel&quot;: &quot;A String&quot;, # Output only. The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
220 &quot;state&quot;: &quot;A String&quot;, # The current state of the CryptoKeyVersion.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400221}
222
223 x__xgafv: string, V1 error format.
224 Allowed values
225 1 - v1 error format
226 2 - v2 error format
227
228Returns:
229 An object of the form:
230
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700231 { # A CryptoKeyVersion represents an individual cryptographic key, and the associated key material. An ENABLED version can be used for cryptographic operations. For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS.
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800232 &quot;algorithm&quot;: &quot;A String&quot;, # Output only. The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
233 &quot;attestation&quot;: { # Contains an HSM-generated attestation about a key operation. For more information, see [Verifying attestations] (https://cloud.google.com/kms/docs/attest-key). # Output only. Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
234 &quot;certChains&quot;: { # Certificate chains needed to verify the attestation. Certificates in chains are PEM-encoded and are ordered based on https://tools.ietf.org/html/rfc5246#section-7.4.2. # Output only. The certificate chains needed to validate the attestation
235 &quot;caviumCerts&quot;: [ # Cavium certificate chain corresponding to the attestation.
236 &quot;A String&quot;,
237 ],
238 &quot;googleCardCerts&quot;: [ # Google card certificate chain corresponding to the attestation.
239 &quot;A String&quot;,
240 ],
241 &quot;googlePartitionCerts&quot;: [ # Google partition certificate chain corresponding to the attestation.
242 &quot;A String&quot;,
243 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700244 },
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800245 &quot;content&quot;: &quot;A String&quot;, # Output only. The attestation data provided by the HSM when the key operation was performed.
246 &quot;format&quot;: &quot;A String&quot;, # Output only. The format of the attestation data.
247 },
248 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
249 &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was destroyed. Only present if state is DESTROYED.
250 &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
251 &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level. # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level.
252 &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
253 },
254 &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was generated.
255 &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of an import failure. Only present if state is IMPORT_FAILED.
256 &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used to import this CryptoKeyVersion. Only present if the underlying key material was imported.
257 &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material was imported.
258 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for this CryptoKeyVersion in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
259 &quot;protectionLevel&quot;: &quot;A String&quot;, # Output only. The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
260 &quot;state&quot;: &quot;A String&quot;, # The current state of the CryptoKeyVersion.
261}</pre>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400262</div>
263
264<div class="method">
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700265 <code class="details" id="destroy">destroy(name, body=None, x__xgafv=None)</code>
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700266 <pre>Schedule a CryptoKeyVersion for destruction. Upon calling this method, CryptoKeyVersion.state will be set to DESTROY_SCHEDULED and destroy_time will be set to a time 24 hours in the future, at which point the state will be changed to DESTROYED, and the key material will be irrevocably destroyed. Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to reverse the process.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400267
268Args:
Dan O'Mearadd494642020-05-01 07:42:23 -0700269 name: string, Required. The resource name of the CryptoKeyVersion to destroy. (required)
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700270 body: object, The request body.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400271 The object takes the form of:
272
273{ # Request message for KeyManagementService.DestroyCryptoKeyVersion.
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800274}
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400275
276 x__xgafv: string, V1 error format.
277 Allowed values
278 1 - v1 error format
279 2 - v2 error format
280
281Returns:
282 An object of the form:
283
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700284 { # A CryptoKeyVersion represents an individual cryptographic key, and the associated key material. An ENABLED version can be used for cryptographic operations. For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS.
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800285 &quot;algorithm&quot;: &quot;A String&quot;, # Output only. The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
286 &quot;attestation&quot;: { # Contains an HSM-generated attestation about a key operation. For more information, see [Verifying attestations] (https://cloud.google.com/kms/docs/attest-key). # Output only. Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
287 &quot;certChains&quot;: { # Certificate chains needed to verify the attestation. Certificates in chains are PEM-encoded and are ordered based on https://tools.ietf.org/html/rfc5246#section-7.4.2. # Output only. The certificate chains needed to validate the attestation
288 &quot;caviumCerts&quot;: [ # Cavium certificate chain corresponding to the attestation.
289 &quot;A String&quot;,
290 ],
291 &quot;googleCardCerts&quot;: [ # Google card certificate chain corresponding to the attestation.
292 &quot;A String&quot;,
293 ],
294 &quot;googlePartitionCerts&quot;: [ # Google partition certificate chain corresponding to the attestation.
295 &quot;A String&quot;,
296 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700297 },
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800298 &quot;content&quot;: &quot;A String&quot;, # Output only. The attestation data provided by the HSM when the key operation was performed.
299 &quot;format&quot;: &quot;A String&quot;, # Output only. The format of the attestation data.
300 },
301 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
302 &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was destroyed. Only present if state is DESTROYED.
303 &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
304 &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level. # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level.
305 &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
306 },
307 &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was generated.
308 &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of an import failure. Only present if state is IMPORT_FAILED.
309 &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used to import this CryptoKeyVersion. Only present if the underlying key material was imported.
310 &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material was imported.
311 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for this CryptoKeyVersion in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
312 &quot;protectionLevel&quot;: &quot;A String&quot;, # Output only. The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
313 &quot;state&quot;: &quot;A String&quot;, # The current state of the CryptoKeyVersion.
314}</pre>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400315</div>
316
317<div class="method">
318 <code class="details" id="get">get(name, x__xgafv=None)</code>
319 <pre>Returns metadata for a given CryptoKeyVersion.
320
321Args:
Dan O'Mearadd494642020-05-01 07:42:23 -0700322 name: string, Required. The name of the CryptoKeyVersion to get. (required)
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400323 x__xgafv: string, V1 error format.
324 Allowed values
325 1 - v1 error format
326 2 - v2 error format
327
328Returns:
329 An object of the form:
330
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700331 { # A CryptoKeyVersion represents an individual cryptographic key, and the associated key material. An ENABLED version can be used for cryptographic operations. For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS.
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800332 &quot;algorithm&quot;: &quot;A String&quot;, # Output only. The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
333 &quot;attestation&quot;: { # Contains an HSM-generated attestation about a key operation. For more information, see [Verifying attestations] (https://cloud.google.com/kms/docs/attest-key). # Output only. Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
334 &quot;certChains&quot;: { # Certificate chains needed to verify the attestation. Certificates in chains are PEM-encoded and are ordered based on https://tools.ietf.org/html/rfc5246#section-7.4.2. # Output only. The certificate chains needed to validate the attestation
335 &quot;caviumCerts&quot;: [ # Cavium certificate chain corresponding to the attestation.
336 &quot;A String&quot;,
337 ],
338 &quot;googleCardCerts&quot;: [ # Google card certificate chain corresponding to the attestation.
339 &quot;A String&quot;,
340 ],
341 &quot;googlePartitionCerts&quot;: [ # Google partition certificate chain corresponding to the attestation.
342 &quot;A String&quot;,
343 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700344 },
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800345 &quot;content&quot;: &quot;A String&quot;, # Output only. The attestation data provided by the HSM when the key operation was performed.
346 &quot;format&quot;: &quot;A String&quot;, # Output only. The format of the attestation data.
347 },
348 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
349 &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was destroyed. Only present if state is DESTROYED.
350 &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
351 &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level. # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level.
352 &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
353 },
354 &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was generated.
355 &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of an import failure. Only present if state is IMPORT_FAILED.
356 &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used to import this CryptoKeyVersion. Only present if the underlying key material was imported.
357 &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material was imported.
358 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for this CryptoKeyVersion in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
359 &quot;protectionLevel&quot;: &quot;A String&quot;, # Output only. The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
360 &quot;state&quot;: &quot;A String&quot;, # The current state of the CryptoKeyVersion.
361}</pre>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400362</div>
363
364<div class="method">
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700365 <code class="details" id="getPublicKey">getPublicKey(name, x__xgafv=None)</code>
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700366 <pre>Returns the public key for the given CryptoKeyVersion. The CryptoKey.purpose must be ASYMMETRIC_SIGN or ASYMMETRIC_DECRYPT.
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700367
368Args:
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700369 name: string, Required. The name of the CryptoKeyVersion public key to get. (required)
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700370 x__xgafv: string, V1 error format.
371 Allowed values
372 1 - v1 error format
373 2 - v2 error format
374
375Returns:
376 An object of the form:
377
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700378 { # The public key for a given CryptoKeyVersion. Obtained via GetPublicKey.
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800379 &quot;algorithm&quot;: &quot;A String&quot;, # The Algorithm associated with this key.
380 &quot;name&quot;: &quot;A String&quot;, # The name of the CryptoKeyVersion public key. Provided here for verification. NOTE: This field is in Beta.
381 &quot;pem&quot;: &quot;A String&quot;, # The public key, encoded in PEM format. For more information, see the [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and [Textual Encoding of Subject Public Key Info] (https://tools.ietf.org/html/rfc7468#section-13).
382 &quot;pemCrc32c&quot;: &quot;A String&quot;, # Integrity verification field. A CRC32C checksum of the returned PublicKey.pem. An integrity check of PublicKey.pem can be performed by computing the CRC32C checksum of PublicKey.pem and comparing your results to this field. Discard the response in case of non-matching checksum values, and perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type. NOTE: This field is in Beta.
383}</pre>
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700384</div>
385
386<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -0700387 <code class="details" id="import_">import_(parent, body=None, x__xgafv=None)</code>
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700388 <pre>Imports a new CryptoKeyVersion into an existing CryptoKey using the wrapped key material provided in the request. The version ID will be assigned the next sequential id within the CryptoKey.
Dan O'Mearadd494642020-05-01 07:42:23 -0700389
390Args:
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700391 parent: string, Required. The name of the CryptoKey to be imported into. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -0700392 body: object, The request body.
393 The object takes the form of:
394
395{ # Request message for KeyManagementService.ImportCryptoKeyVersion.
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800396 &quot;algorithm&quot;: &quot;A String&quot;, # Required. The algorithm of the key being imported. This does not need to match the version_template of the CryptoKey this version imports into.
397 &quot;importJob&quot;: &quot;A String&quot;, # Required. The name of the ImportJob that was used to wrap this key material.
398 &quot;rsaAesWrappedKey&quot;: &quot;A String&quot;, # Wrapped key material produced with RSA_OAEP_3072_SHA1_AES_256 or RSA_OAEP_4096_SHA1_AES_256. This field contains the concatenation of two wrapped keys: 1. An ephemeral AES-256 wrapping key wrapped with the public_key using RSAES-OAEP with SHA-1, MGF1 with SHA-1, and an empty label. 2. The key to be imported, wrapped with the ephemeral AES-256 key using AES-KWP (RFC 5649). If importing symmetric key material, it is expected that the unwrapped key contains plain bytes. If importing asymmetric key material, it is expected that the unwrapped key is in PKCS#8-encoded DER format (the PrivateKeyInfo structure from RFC 5208). This format is the same as the format produced by PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP.
399}
Dan O'Mearadd494642020-05-01 07:42:23 -0700400
401 x__xgafv: string, V1 error format.
402 Allowed values
403 1 - v1 error format
404 2 - v2 error format
405
406Returns:
407 An object of the form:
408
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700409 { # A CryptoKeyVersion represents an individual cryptographic key, and the associated key material. An ENABLED version can be used for cryptographic operations. For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS.
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800410 &quot;algorithm&quot;: &quot;A String&quot;, # Output only. The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
411 &quot;attestation&quot;: { # Contains an HSM-generated attestation about a key operation. For more information, see [Verifying attestations] (https://cloud.google.com/kms/docs/attest-key). # Output only. Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
412 &quot;certChains&quot;: { # Certificate chains needed to verify the attestation. Certificates in chains are PEM-encoded and are ordered based on https://tools.ietf.org/html/rfc5246#section-7.4.2. # Output only. The certificate chains needed to validate the attestation
413 &quot;caviumCerts&quot;: [ # Cavium certificate chain corresponding to the attestation.
414 &quot;A String&quot;,
415 ],
416 &quot;googleCardCerts&quot;: [ # Google card certificate chain corresponding to the attestation.
417 &quot;A String&quot;,
418 ],
419 &quot;googlePartitionCerts&quot;: [ # Google partition certificate chain corresponding to the attestation.
420 &quot;A String&quot;,
421 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700422 },
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800423 &quot;content&quot;: &quot;A String&quot;, # Output only. The attestation data provided by the HSM when the key operation was performed.
424 &quot;format&quot;: &quot;A String&quot;, # Output only. The format of the attestation data.
425 },
426 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
427 &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was destroyed. Only present if state is DESTROYED.
428 &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
429 &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level. # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level.
430 &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
431 },
432 &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was generated.
433 &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of an import failure. Only present if state is IMPORT_FAILED.
434 &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used to import this CryptoKeyVersion. Only present if the underlying key material was imported.
435 &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material was imported.
436 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for this CryptoKeyVersion in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
437 &quot;protectionLevel&quot;: &quot;A String&quot;, # Output only. The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
438 &quot;state&quot;: &quot;A String&quot;, # The current state of the CryptoKeyVersion.
439}</pre>
Dan O'Mearadd494642020-05-01 07:42:23 -0700440</div>
441
442<div class="method">
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800443 <code class="details" id="list">list(parent, filter=None, orderBy=None, pageSize=None, pageToken=None, view=None, x__xgafv=None)</code>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400444 <pre>Lists CryptoKeyVersions.
445
446Args:
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700447 parent: string, Required. The resource name of the CryptoKey to list, in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*`. (required)
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800448 filter: string, Optional. Only include resources that match the filter in the response. For more information, see [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
449 orderBy: string, Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering).
Yoshi Automation Bot0bf565c2020-12-09 08:56:03 -0800450 pageSize: integer, Optional. Optional limit on the number of CryptoKeyVersions to include in the response. Further CryptoKeyVersions can subsequently be obtained by including the ListCryptoKeyVersionsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800451 pageToken: string, Optional. Optional pagination token, returned earlier via ListCryptoKeyVersionsResponse.next_page_token.
Bu Sun Kim65020912020-05-20 12:08:20 -0700452 view: string, The fields to include in the response.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700453 Allowed values
454 CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED - Default view for each CryptoKeyVersion. Does not include the attestation field.
455 FULL - Provides all fields in each CryptoKeyVersion, including the attestation.
Bu Sun Kim65020912020-05-20 12:08:20 -0700456 x__xgafv: string, V1 error format.
457 Allowed values
458 1 - v1 error format
459 2 - v2 error format
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400460
461Returns:
462 An object of the form:
463
464 { # Response message for KeyManagementService.ListCryptoKeyVersions.
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800465 &quot;cryptoKeyVersions&quot;: [ # The list of CryptoKeyVersions.
466 { # A CryptoKeyVersion represents an individual cryptographic key, and the associated key material. An ENABLED version can be used for cryptographic operations. For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS.
467 &quot;algorithm&quot;: &quot;A String&quot;, # Output only. The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
468 &quot;attestation&quot;: { # Contains an HSM-generated attestation about a key operation. For more information, see [Verifying attestations] (https://cloud.google.com/kms/docs/attest-key). # Output only. Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
469 &quot;certChains&quot;: { # Certificate chains needed to verify the attestation. Certificates in chains are PEM-encoded and are ordered based on https://tools.ietf.org/html/rfc5246#section-7.4.2. # Output only. The certificate chains needed to validate the attestation
470 &quot;caviumCerts&quot;: [ # Cavium certificate chain corresponding to the attestation.
471 &quot;A String&quot;,
472 ],
473 &quot;googleCardCerts&quot;: [ # Google card certificate chain corresponding to the attestation.
474 &quot;A String&quot;,
475 ],
476 &quot;googlePartitionCerts&quot;: [ # Google partition certificate chain corresponding to the attestation.
477 &quot;A String&quot;,
478 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700479 },
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800480 &quot;content&quot;: &quot;A String&quot;, # Output only. The attestation data provided by the HSM when the key operation was performed.
481 &quot;format&quot;: &quot;A String&quot;, # Output only. The format of the attestation data.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400482 },
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800483 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
484 &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was destroyed. Only present if state is DESTROYED.
485 &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
486 &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level. # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level.
487 &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
488 },
489 &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was generated.
490 &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of an import failure. Only present if state is IMPORT_FAILED.
491 &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used to import this CryptoKeyVersion. Only present if the underlying key material was imported.
492 &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material was imported.
493 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for this CryptoKeyVersion in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
494 &quot;protectionLevel&quot;: &quot;A String&quot;, # Output only. The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
495 &quot;state&quot;: &quot;A String&quot;, # The current state of the CryptoKeyVersion.
496 },
497 ],
498 &quot;nextPageToken&quot;: &quot;A String&quot;, # A token to retrieve next page of results. Pass this value in ListCryptoKeyVersionsRequest.page_token to retrieve the next page of results.
499 &quot;totalSize&quot;: 42, # The total number of CryptoKeyVersions that matched the query.
500}</pre>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400501</div>
502
503<div class="method">
504 <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
505 <pre>Retrieves the next page of results.
506
507Args:
508 previous_request: The request for the previous page. (required)
509 previous_response: The response from the request for the previous page. (required)
510
511Returns:
Bu Sun Kim65020912020-05-20 12:08:20 -0700512 A request object that you can call &#x27;execute()&#x27; on to request the next
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400513 page. Returns None if there are no more items in the collection.
514 </pre>
515</div>
516
517<div class="method">
Dan O'Mearadd494642020-05-01 07:42:23 -0700518 <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700519 <pre>Update a CryptoKeyVersion&#x27;s metadata. state may be changed between ENABLED and DISABLED using this method. See DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to move between other states.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400520
521Args:
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700522 name: string, Output only. The resource name for this CryptoKeyVersion in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. (required)
Dan O'Mearadd494642020-05-01 07:42:23 -0700523 body: object, The request body.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400524 The object takes the form of:
525
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700526{ # A CryptoKeyVersion represents an individual cryptographic key, and the associated key material. An ENABLED version can be used for cryptographic operations. For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS.
Yoshi Automation Bot0bf565c2020-12-09 08:56:03 -0800527 &quot;algorithm&quot;: &quot;A String&quot;, # Output only. The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700528 &quot;attestation&quot;: { # Contains an HSM-generated attestation about a key operation. For more information, see [Verifying attestations] (https://cloud.google.com/kms/docs/attest-key). # Output only. Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700529 &quot;certChains&quot;: { # Certificate chains needed to verify the attestation. Certificates in chains are PEM-encoded and are ordered based on https://tools.ietf.org/html/rfc5246#section-7.4.2. # Output only. The certificate chains needed to validate the attestation
Yoshi Automation Bot0bf565c2020-12-09 08:56:03 -0800530 &quot;caviumCerts&quot;: [ # Cavium certificate chain corresponding to the attestation.
Bu Sun Kim673ec5c2020-11-16 11:05:03 -0700531 &quot;A String&quot;,
532 ],
Yoshi Automation Botc2228be2020-11-24 15:48:03 -0800533 &quot;googleCardCerts&quot;: [ # Google card certificate chain corresponding to the attestation.
534 &quot;A String&quot;,
535 ],
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800536 &quot;googlePartitionCerts&quot;: [ # Google partition certificate chain corresponding to the attestation.
537 &quot;A String&quot;,
538 ],
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700539 },
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800540 &quot;content&quot;: &quot;A String&quot;, # Output only. The attestation data provided by the HSM when the key operation was performed.
541 &quot;format&quot;: &quot;A String&quot;, # Output only. The format of the attestation data.
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700542 },
Yoshi Automation Bot0bf565c2020-12-09 08:56:03 -0800543 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800544 &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was destroyed. Only present if state is DESTROYED.
545 &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800546 &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level. # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level.
547 &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
548 },
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800549 &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was generated.
Yoshi Automation Botb6971b02020-11-26 17:16:03 -0800550 &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of an import failure. Only present if state is IMPORT_FAILED.
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800551 &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used to import this CryptoKeyVersion. Only present if the underlying key material was imported.
552 &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material was imported.
553 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for this CryptoKeyVersion in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
554 &quot;protectionLevel&quot;: &quot;A String&quot;, # Output only. The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
555 &quot;state&quot;: &quot;A String&quot;, # The current state of the CryptoKeyVersion.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400556}
557
Dan O'Mearadd494642020-05-01 07:42:23 -0700558 updateMask: string, Required. List of fields to be updated in this request.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400559 x__xgafv: string, V1 error format.
560 Allowed values
561 1 - v1 error format
562 2 - v2 error format
563
564Returns:
565 An object of the form:
566
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700567 { # A CryptoKeyVersion represents an individual cryptographic key, and the associated key material. An ENABLED version can be used for cryptographic operations. For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS.
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800568 &quot;algorithm&quot;: &quot;A String&quot;, # Output only. The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
569 &quot;attestation&quot;: { # Contains an HSM-generated attestation about a key operation. For more information, see [Verifying attestations] (https://cloud.google.com/kms/docs/attest-key). # Output only. Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
570 &quot;certChains&quot;: { # Certificate chains needed to verify the attestation. Certificates in chains are PEM-encoded and are ordered based on https://tools.ietf.org/html/rfc5246#section-7.4.2. # Output only. The certificate chains needed to validate the attestation
571 &quot;caviumCerts&quot;: [ # Cavium certificate chain corresponding to the attestation.
572 &quot;A String&quot;,
573 ],
574 &quot;googleCardCerts&quot;: [ # Google card certificate chain corresponding to the attestation.
575 &quot;A String&quot;,
576 ],
577 &quot;googlePartitionCerts&quot;: [ # Google partition certificate chain corresponding to the attestation.
578 &quot;A String&quot;,
579 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700580 },
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800581 &quot;content&quot;: &quot;A String&quot;, # Output only. The attestation data provided by the HSM when the key operation was performed.
582 &quot;format&quot;: &quot;A String&quot;, # Output only. The format of the attestation data.
583 },
584 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
585 &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was destroyed. Only present if state is DESTROYED.
586 &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
587 &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level. # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level.
588 &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
589 },
590 &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was generated.
591 &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of an import failure. Only present if state is IMPORT_FAILED.
592 &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used to import this CryptoKeyVersion. Only present if the underlying key material was imported.
593 &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material was imported.
594 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for this CryptoKeyVersion in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
595 &quot;protectionLevel&quot;: &quot;A String&quot;, # Output only. The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
596 &quot;state&quot;: &quot;A String&quot;, # The current state of the CryptoKeyVersion.
597}</pre>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400598</div>
599
600<div class="method">
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700601 <code class="details" id="restore">restore(name, body=None, x__xgafv=None)</code>
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700602 <pre>Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state. Upon restoration of the CryptoKeyVersion, state will be set to DISABLED, and destroy_time will be cleared.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400603
604Args:
Dan O'Mearadd494642020-05-01 07:42:23 -0700605 name: string, Required. The resource name of the CryptoKeyVersion to restore. (required)
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700606 body: object, The request body.
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400607 The object takes the form of:
608
609{ # Request message for KeyManagementService.RestoreCryptoKeyVersion.
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800610}
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400611
612 x__xgafv: string, V1 error format.
613 Allowed values
614 1 - v1 error format
615 2 - v2 error format
616
617Returns:
618 An object of the form:
619
Dmitry Frenkel3e17f892020-10-06 16:46:05 -0700620 { # A CryptoKeyVersion represents an individual cryptographic key, and the associated key material. An ENABLED version can be used for cryptographic operations. For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS.
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800621 &quot;algorithm&quot;: &quot;A String&quot;, # Output only. The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
622 &quot;attestation&quot;: { # Contains an HSM-generated attestation about a key operation. For more information, see [Verifying attestations] (https://cloud.google.com/kms/docs/attest-key). # Output only. Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
623 &quot;certChains&quot;: { # Certificate chains needed to verify the attestation. Certificates in chains are PEM-encoded and are ordered based on https://tools.ietf.org/html/rfc5246#section-7.4.2. # Output only. The certificate chains needed to validate the attestation
624 &quot;caviumCerts&quot;: [ # Cavium certificate chain corresponding to the attestation.
625 &quot;A String&quot;,
626 ],
627 &quot;googleCardCerts&quot;: [ # Google card certificate chain corresponding to the attestation.
628 &quot;A String&quot;,
629 ],
630 &quot;googlePartitionCerts&quot;: [ # Google partition certificate chain corresponding to the attestation.
631 &quot;A String&quot;,
632 ],
Bu Sun Kim4ed7d3f2020-05-27 12:20:54 -0700633 },
Yoshi Automation Botcc94ec82021-01-15 07:10:04 -0800634 &quot;content&quot;: &quot;A String&quot;, # Output only. The attestation data provided by the HSM when the key operation was performed.
635 &quot;format&quot;: &quot;A String&quot;, # Output only. The format of the attestation data.
636 },
637 &quot;createTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion was created.
638 &quot;destroyEventTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was destroyed. Only present if state is DESTROYED.
639 &quot;destroyTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
640 &quot;externalProtectionLevelOptions&quot;: { # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level. # ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level.
641 &quot;externalKeyUri&quot;: &quot;A String&quot;, # The URI for an external resource that this CryptoKeyVersion represents.
642 },
643 &quot;generateTime&quot;: &quot;A String&quot;, # Output only. The time this CryptoKeyVersion&#x27;s key material was generated.
644 &quot;importFailureReason&quot;: &quot;A String&quot;, # Output only. The root cause of an import failure. Only present if state is IMPORT_FAILED.
645 &quot;importJob&quot;: &quot;A String&quot;, # Output only. The name of the ImportJob used to import this CryptoKeyVersion. Only present if the underlying key material was imported.
646 &quot;importTime&quot;: &quot;A String&quot;, # Output only. The time at which this CryptoKeyVersion&#x27;s key material was imported.
647 &quot;name&quot;: &quot;A String&quot;, # Output only. The resource name for this CryptoKeyVersion in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
648 &quot;protectionLevel&quot;: &quot;A String&quot;, # Output only. The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
649 &quot;state&quot;: &quot;A String&quot;, # The current state of the CryptoKeyVersion.
650}</pre>
Sai Cheemalapatic30d2b52017-03-13 12:12:03 -0400651</div>
652
653</body></html>