Documentation

Overview

Package kms is an auto-generated package for the Cloud Key Management Service (KMS) API.

Manages keys and performs cryptographic operations in a central cloud service, for direct use by other cloud resources and applications.

Use of Context

The ctx passed to NewClient is used for authentication requests and for creating the underlying connection, but is not used for subsequent calls. Individual methods on the client use the ctx given to them.

To close the open connection, use the Close() method.

For information about setting deadlines, reusing contexts, and more please visit pkg.go.dev/cloud.google.com/go.

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func DefaultAuthScopes

func DefaultAuthScopes() []string

    DefaultAuthScopes reports the default set of authentication scopes to use with this package.

    Types

    type CryptoKeyIterator

    type CryptoKeyIterator struct {
    
    	// Response is the raw response for the current page.
    	// It must be cast to the RPC response type.
    	// Calling Next() or InternalFetch() updates this value.
    	Response interface{}
    
    	// InternalFetch is for use by the Google Cloud Libraries only.
    	// It is not part of the stable interface of this package.
    	//
    	// InternalFetch returns results from a single call to the underlying RPC.
    	// The number of results is no greater than pageSize.
    	// If there are no more results, nextPageToken is empty and err is nil.
    	InternalFetch func(pageSize int, pageToken string) (results []*kmspb.CryptoKey, nextPageToken string, err error)
    	// contains filtered or unexported fields
    }

      CryptoKeyIterator manages a stream of *kmspb.CryptoKey.

      func (*CryptoKeyIterator) Next

      func (it *CryptoKeyIterator) Next() (*kmspb.CryptoKey, error)

        Next returns the next result. Its second return value is iterator.Done if there are no more results. Once Next returns Done, all subsequent calls will return Done.

        func (*CryptoKeyIterator) PageInfo

        func (it *CryptoKeyIterator) PageInfo() *iterator.PageInfo

          PageInfo supports pagination. See the google.golang.org/api/iterator package for details.

          type CryptoKeyVersionIterator

          type CryptoKeyVersionIterator struct {
          
          	// Response is the raw response for the current page.
          	// It must be cast to the RPC response type.
          	// Calling Next() or InternalFetch() updates this value.
          	Response interface{}
          
          	// InternalFetch is for use by the Google Cloud Libraries only.
          	// It is not part of the stable interface of this package.
          	//
          	// InternalFetch returns results from a single call to the underlying RPC.
          	// The number of results is no greater than pageSize.
          	// If there are no more results, nextPageToken is empty and err is nil.
          	InternalFetch func(pageSize int, pageToken string) (results []*kmspb.CryptoKeyVersion, nextPageToken string, err error)
          	// contains filtered or unexported fields
          }

            CryptoKeyVersionIterator manages a stream of *kmspb.CryptoKeyVersion.

            func (*CryptoKeyVersionIterator) Next

              Next returns the next result. Its second return value is iterator.Done if there are no more results. Once Next returns Done, all subsequent calls will return Done.

              func (*CryptoKeyVersionIterator) PageInfo

              func (it *CryptoKeyVersionIterator) PageInfo() *iterator.PageInfo

                PageInfo supports pagination. See the google.golang.org/api/iterator package for details.

                type ImportJobIterator

                type ImportJobIterator struct {
                
                	// Response is the raw response for the current page.
                	// It must be cast to the RPC response type.
                	// Calling Next() or InternalFetch() updates this value.
                	Response interface{}
                
                	// InternalFetch is for use by the Google Cloud Libraries only.
                	// It is not part of the stable interface of this package.
                	//
                	// InternalFetch returns results from a single call to the underlying RPC.
                	// The number of results is no greater than pageSize.
                	// If there are no more results, nextPageToken is empty and err is nil.
                	InternalFetch func(pageSize int, pageToken string) (results []*kmspb.ImportJob, nextPageToken string, err error)
                	// contains filtered or unexported fields
                }

                  ImportJobIterator manages a stream of *kmspb.ImportJob.

                  func (*ImportJobIterator) Next

                  func (it *ImportJobIterator) Next() (*kmspb.ImportJob, error)

                    Next returns the next result. Its second return value is iterator.Done if there are no more results. Once Next returns Done, all subsequent calls will return Done.

                    func (*ImportJobIterator) PageInfo

                    func (it *ImportJobIterator) PageInfo() *iterator.PageInfo

                      PageInfo supports pagination. See the google.golang.org/api/iterator package for details.

                      type KeyManagementCallOptions

                      type KeyManagementCallOptions struct {
                      	ListKeyRings                  []gax.CallOption
                      	ListCryptoKeys                []gax.CallOption
                      	ListCryptoKeyVersions         []gax.CallOption
                      	ListImportJobs                []gax.CallOption
                      	GetKeyRing                    []gax.CallOption
                      	GetCryptoKey                  []gax.CallOption
                      	GetCryptoKeyVersion           []gax.CallOption
                      	GetPublicKey                  []gax.CallOption
                      	GetImportJob                  []gax.CallOption
                      	CreateKeyRing                 []gax.CallOption
                      	CreateCryptoKey               []gax.CallOption
                      	CreateCryptoKeyVersion        []gax.CallOption
                      	ImportCryptoKeyVersion        []gax.CallOption
                      	CreateImportJob               []gax.CallOption
                      	UpdateCryptoKey               []gax.CallOption
                      	UpdateCryptoKeyVersion        []gax.CallOption
                      	Encrypt                       []gax.CallOption
                      	Decrypt                       []gax.CallOption
                      	AsymmetricSign                []gax.CallOption
                      	AsymmetricDecrypt             []gax.CallOption
                      	UpdateCryptoKeyPrimaryVersion []gax.CallOption
                      	DestroyCryptoKeyVersion       []gax.CallOption
                      	RestoreCryptoKeyVersion       []gax.CallOption
                      }

                        KeyManagementCallOptions contains the retry settings for each method of KeyManagementClient.

                        type KeyManagementClient

                        type KeyManagementClient struct {
                        
                        	// The call options for this service.
                        	CallOptions *KeyManagementCallOptions
                        	// contains filtered or unexported fields
                        }

                          KeyManagementClient is a client for interacting with Cloud Key Management Service (KMS) API.

                          Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.

                          func NewKeyManagementClient

                          func NewKeyManagementClient(ctx context.Context, opts ...option.ClientOption) (*KeyManagementClient, error)

                          NewKeyManagementClient creates a new key management service client.

                          Google Cloud Key Management Service

                          Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:

                          KeyRing
                          
                          CryptoKey
                          
                          CryptoKeyVersion
                          
                          ImportJob
                          

                          If you are using manual gRPC libraries, see Using gRPC with Cloud KMS (at https://cloud.google.com/kms/docs/grpc).

                          Example
                          Output:
                          
                          

                          func (*KeyManagementClient) AsymmetricDecrypt

                            AsymmetricDecrypt decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT.

                            Example
                            Output:
                            
                            

                            func (*KeyManagementClient) AsymmetricSign

                              AsymmetricSign signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.

                              Example
                              Output:
                              
                              

                              func (*KeyManagementClient) Close

                              func (c *KeyManagementClient) Close() error

                                Close closes the connection to the API service. The user should invoke this when the client is no longer required.

                                func (*KeyManagementClient) Connection

                                func (c *KeyManagementClient) Connection() *grpc.ClientConn

                                  Connection returns a connection to the API service.

                                  Deprecated.

                                  func (*KeyManagementClient) CreateCryptoKey

                                    CreateCryptoKey create a new CryptoKey within a KeyRing.

                                    CryptoKey.purpose and CryptoKey.version_template.algorithm are required.

                                    Example
                                    Output:
                                    
                                    

                                    func (*KeyManagementClient) CreateCryptoKeyVersion

                                      CreateCryptoKeyVersion create a new CryptoKeyVersion in a CryptoKey.

                                      The server will assign the next sequential id. If unset, state will be set to ENABLED.

                                      Example
                                      Output:
                                      
                                      

                                      func (*KeyManagementClient) CreateImportJob

                                        CreateImportJob create a new ImportJob within a KeyRing.

                                        ImportJob.import_method is required.

                                        Example
                                        Output:
                                        
                                        

                                        func (*KeyManagementClient) CreateKeyRing

                                        func (c *KeyManagementClient) CreateKeyRing(ctx context.Context, req *kmspb.CreateKeyRingRequest, opts ...gax.CallOption) (*kmspb.KeyRing, error)

                                          CreateKeyRing create a new KeyRing in a given Project and Location.

                                          Example
                                          Output:
                                          
                                          

                                          func (*KeyManagementClient) CryptoKeyIAM

                                          func (c *KeyManagementClient) CryptoKeyIAM(cryptoKey *kmspb.CryptoKey) *iam.Handle

                                            CryptoKeyIAM returns a handle to inspect and change permissions of a CryptoKey.

                                            Deprecated: Please use ResourceIAM and provide the CryptoKey.Name as input.

                                            func (*KeyManagementClient) Decrypt

                                              Decrypt decrypts data that was protected by Encrypt. The CryptoKey.purpose must be ENCRYPT_DECRYPT.

                                              Example
                                              Output:
                                              
                                              

                                              func (*KeyManagementClient) DestroyCryptoKeyVersion

                                                DestroyCryptoKeyVersion schedule a CryptoKeyVersion for destruction.

                                                Upon calling this method, CryptoKeyVersion.state will be set to DESTROY_SCHEDULED and destroy_time will be set to a time 24 hours in the future, at which point the state will be changed to DESTROYED, and the key material will be irrevocably destroyed.

                                                Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to reverse the process.

                                                Example
                                                Output:
                                                
                                                

                                                func (*KeyManagementClient) Encrypt

                                                  Encrypt encrypts data, so that it can only be recovered by a call to Decrypt. The CryptoKey.purpose must be ENCRYPT_DECRYPT.

                                                  Example
                                                  Output:
                                                  
                                                  

                                                  func (*KeyManagementClient) GetCryptoKey

                                                    GetCryptoKey returns metadata for a given CryptoKey, as well as its primary CryptoKeyVersion.

                                                    Example
                                                    Output:
                                                    
                                                    

                                                    func (*KeyManagementClient) GetCryptoKeyVersion

                                                      GetCryptoKeyVersion returns metadata for a given CryptoKeyVersion.

                                                      Example
                                                      Output:
                                                      
                                                      

                                                      func (*KeyManagementClient) GetImportJob

                                                        GetImportJob returns metadata for a given ImportJob.

                                                        Example
                                                        Output:
                                                        
                                                        

                                                        func (*KeyManagementClient) GetKeyRing

                                                          GetKeyRing returns metadata for a given KeyRing.

                                                          Example
                                                          Output:
                                                          
                                                          

                                                          func (*KeyManagementClient) GetPublicKey

                                                            GetPublicKey returns the public key for the given CryptoKeyVersion. The CryptoKey.purpose must be ASYMMETRIC_SIGN or ASYMMETRIC_DECRYPT.

                                                            Example
                                                            Output:
                                                            
                                                            

                                                            func (*KeyManagementClient) ImportCryptoKeyVersion

                                                              ImportCryptoKeyVersion imports a new CryptoKeyVersion into an existing CryptoKey using the wrapped key material provided in the request.

                                                              The version ID will be assigned the next sequential id within the CryptoKey.

                                                              Example
                                                              Output:
                                                              
                                                              

                                                              func (*KeyManagementClient) KeyRingIAM

                                                              func (c *KeyManagementClient) KeyRingIAM(keyRing *kmspb.KeyRing) *iam.Handle

                                                                KeyRingIAM returns a handle to inspect and change permissions of a KeyRing.

                                                                Deprecated: Please use ResourceIAM and provide the KeyRing.Name as input.

                                                                func (*KeyManagementClient) ListCryptoKeyVersions

                                                                  ListCryptoKeyVersions lists CryptoKeyVersions.

                                                                  Example
                                                                  Output:
                                                                  
                                                                  

                                                                  func (*KeyManagementClient) ListCryptoKeys

                                                                    ListCryptoKeys lists CryptoKeys.

                                                                    Example
                                                                    Output:
                                                                    
                                                                    

                                                                    func (*KeyManagementClient) ListImportJobs

                                                                      ListImportJobs lists ImportJobs.

                                                                      Example
                                                                      Output:
                                                                      
                                                                      

                                                                      func (*KeyManagementClient) ListKeyRings

                                                                        ListKeyRings lists KeyRings.

                                                                        Example
                                                                        Output:
                                                                        
                                                                        

                                                                        func (*KeyManagementClient) ResourceIAM

                                                                        func (c *KeyManagementClient) ResourceIAM(resourcePath string) *iam.Handle

                                                                          ResourceIAM returns a handle to inspect and change permissions of the resource indicated by the given resource path.

                                                                          Example
                                                                          Output:
                                                                          
                                                                          

                                                                          func (*KeyManagementClient) RestoreCryptoKeyVersion

                                                                            RestoreCryptoKeyVersion restore a CryptoKeyVersion in the DESTROY_SCHEDULED state.

                                                                            Upon restoration of the CryptoKeyVersion, state will be set to DISABLED, and destroy_time will be cleared.

                                                                            Example
                                                                            Output:
                                                                            
                                                                            

                                                                            func (*KeyManagementClient) UpdateCryptoKey

                                                                              UpdateCryptoKey update a CryptoKey.

                                                                              Example
                                                                              Output:
                                                                              
                                                                              

                                                                              func (*KeyManagementClient) UpdateCryptoKeyPrimaryVersion

                                                                              func (c *KeyManagementClient) UpdateCryptoKeyPrimaryVersion(ctx context.Context, req *kmspb.UpdateCryptoKeyPrimaryVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error)

                                                                                UpdateCryptoKeyPrimaryVersion update the version of a CryptoKey that will be used in Encrypt.

                                                                                Returns an error if called on an asymmetric key.

                                                                                Example
                                                                                Output:
                                                                                
                                                                                

                                                                                func (*KeyManagementClient) UpdateCryptoKeyVersion

                                                                                  UpdateCryptoKeyVersion update a CryptoKeyVersion's metadata.

                                                                                  state may be changed between ENABLED and DISABLED using this method. See DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to move between other states.

                                                                                  Example
                                                                                  Output:
                                                                                  
                                                                                  

                                                                                  type KeyRingIterator

                                                                                  type KeyRingIterator struct {
                                                                                  
                                                                                  	// Response is the raw response for the current page.
                                                                                  	// It must be cast to the RPC response type.
                                                                                  	// Calling Next() or InternalFetch() updates this value.
                                                                                  	Response interface{}
                                                                                  
                                                                                  	// InternalFetch is for use by the Google Cloud Libraries only.
                                                                                  	// It is not part of the stable interface of this package.
                                                                                  	//
                                                                                  	// InternalFetch returns results from a single call to the underlying RPC.
                                                                                  	// The number of results is no greater than pageSize.
                                                                                  	// If there are no more results, nextPageToken is empty and err is nil.
                                                                                  	InternalFetch func(pageSize int, pageToken string) (results []*kmspb.KeyRing, nextPageToken string, err error)
                                                                                  	// contains filtered or unexported fields
                                                                                  }

                                                                                    KeyRingIterator manages a stream of *kmspb.KeyRing.

                                                                                    func (*KeyRingIterator) Next

                                                                                    func (it *KeyRingIterator) Next() (*kmspb.KeyRing, error)

                                                                                      Next returns the next result. Its second return value is iterator.Done if there are no more results. Once Next returns Done, all subsequent calls will return Done.

                                                                                      func (*KeyRingIterator) PageInfo

                                                                                      func (it *KeyRingIterator) PageInfo() *iterator.PageInfo

                                                                                        PageInfo supports pagination. See the google.golang.org/api/iterator package for details.