kmspb

package
Version: v1.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 1, 2022 License: Apache-2.0 Imports: 13 Imported by: 10

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ProtectionLevel_name = map[int32]string{
		0: "PROTECTION_LEVEL_UNSPECIFIED",
		1: "SOFTWARE",
		2: "HSM",
		3: "EXTERNAL",
		4: "EXTERNAL_VPC",
	}
	ProtectionLevel_value = map[string]int32{
		"PROTECTION_LEVEL_UNSPECIFIED": 0,
		"SOFTWARE":                     1,
		"HSM":                          2,
		"EXTERNAL":                     3,
		"EXTERNAL_VPC":                 4,
	}
)

Enum value maps for ProtectionLevel.

View Source
var (
	CryptoKey_CryptoKeyPurpose_name = map[int32]string{
		0: "CRYPTO_KEY_PURPOSE_UNSPECIFIED",
		1: "ENCRYPT_DECRYPT",
		5: "ASYMMETRIC_SIGN",
		6: "ASYMMETRIC_DECRYPT",
		9: "MAC",
	}
	CryptoKey_CryptoKeyPurpose_value = map[string]int32{
		"CRYPTO_KEY_PURPOSE_UNSPECIFIED": 0,
		"ENCRYPT_DECRYPT":                1,
		"ASYMMETRIC_SIGN":                5,
		"ASYMMETRIC_DECRYPT":             6,
		"MAC":                            9,
	}
)

Enum value maps for CryptoKey_CryptoKeyPurpose.

View Source
var (
	KeyOperationAttestation_AttestationFormat_name = map[int32]string{
		0: "ATTESTATION_FORMAT_UNSPECIFIED",
		3: "CAVIUM_V1_COMPRESSED",
		4: "CAVIUM_V2_COMPRESSED",
	}
	KeyOperationAttestation_AttestationFormat_value = map[string]int32{
		"ATTESTATION_FORMAT_UNSPECIFIED": 0,
		"CAVIUM_V1_COMPRESSED":           3,
		"CAVIUM_V2_COMPRESSED":           4,
	}
)

Enum value maps for KeyOperationAttestation_AttestationFormat.

View Source
var (
	CryptoKeyVersion_CryptoKeyVersionAlgorithm_name = map[int32]string{
		0:  "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED",
		1:  "GOOGLE_SYMMETRIC_ENCRYPTION",
		2:  "RSA_SIGN_PSS_2048_SHA256",
		3:  "RSA_SIGN_PSS_3072_SHA256",
		4:  "RSA_SIGN_PSS_4096_SHA256",
		15: "RSA_SIGN_PSS_4096_SHA512",
		5:  "RSA_SIGN_PKCS1_2048_SHA256",
		6:  "RSA_SIGN_PKCS1_3072_SHA256",
		7:  "RSA_SIGN_PKCS1_4096_SHA256",
		16: "RSA_SIGN_PKCS1_4096_SHA512",
		28: "RSA_SIGN_RAW_PKCS1_2048",
		29: "RSA_SIGN_RAW_PKCS1_3072",
		30: "RSA_SIGN_RAW_PKCS1_4096",
		8:  "RSA_DECRYPT_OAEP_2048_SHA256",
		9:  "RSA_DECRYPT_OAEP_3072_SHA256",
		10: "RSA_DECRYPT_OAEP_4096_SHA256",
		17: "RSA_DECRYPT_OAEP_4096_SHA512",
		37: "RSA_DECRYPT_OAEP_2048_SHA1",
		38: "RSA_DECRYPT_OAEP_3072_SHA1",
		39: "RSA_DECRYPT_OAEP_4096_SHA1",
		12: "EC_SIGN_P256_SHA256",
		13: "EC_SIGN_P384_SHA384",
		31: "EC_SIGN_SECP256K1_SHA256",
		32: "HMAC_SHA256",
		33: "HMAC_SHA1",
		34: "HMAC_SHA384",
		35: "HMAC_SHA512",
		36: "HMAC_SHA224",
		18: "EXTERNAL_SYMMETRIC_ENCRYPTION",
	}
	CryptoKeyVersion_CryptoKeyVersionAlgorithm_value = map[string]int32{
		"CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED": 0,
		"GOOGLE_SYMMETRIC_ENCRYPTION":              1,
		"RSA_SIGN_PSS_2048_SHA256":                 2,
		"RSA_SIGN_PSS_3072_SHA256":                 3,
		"RSA_SIGN_PSS_4096_SHA256":                 4,
		"RSA_SIGN_PSS_4096_SHA512":                 15,
		"RSA_SIGN_PKCS1_2048_SHA256":               5,
		"RSA_SIGN_PKCS1_3072_SHA256":               6,
		"RSA_SIGN_PKCS1_4096_SHA256":               7,
		"RSA_SIGN_PKCS1_4096_SHA512":               16,
		"RSA_SIGN_RAW_PKCS1_2048":                  28,
		"RSA_SIGN_RAW_PKCS1_3072":                  29,
		"RSA_SIGN_RAW_PKCS1_4096":                  30,
		"RSA_DECRYPT_OAEP_2048_SHA256":             8,
		"RSA_DECRYPT_OAEP_3072_SHA256":             9,
		"RSA_DECRYPT_OAEP_4096_SHA256":             10,
		"RSA_DECRYPT_OAEP_4096_SHA512":             17,
		"RSA_DECRYPT_OAEP_2048_SHA1":               37,
		"RSA_DECRYPT_OAEP_3072_SHA1":               38,
		"RSA_DECRYPT_OAEP_4096_SHA1":               39,
		"EC_SIGN_P256_SHA256":                      12,
		"EC_SIGN_P384_SHA384":                      13,
		"EC_SIGN_SECP256K1_SHA256":                 31,
		"HMAC_SHA256":                              32,
		"HMAC_SHA1":                                33,
		"HMAC_SHA384":                              34,
		"HMAC_SHA512":                              35,
		"HMAC_SHA224":                              36,
		"EXTERNAL_SYMMETRIC_ENCRYPTION":            18,
	}
)

Enum value maps for CryptoKeyVersion_CryptoKeyVersionAlgorithm.

View Source
var (
	CryptoKeyVersion_CryptoKeyVersionState_name = map[int32]string{
		0: "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED",
		5: "PENDING_GENERATION",
		1: "ENABLED",
		2: "DISABLED",
		3: "DESTROYED",
		4: "DESTROY_SCHEDULED",
		6: "PENDING_IMPORT",
		7: "IMPORT_FAILED",
	}
	CryptoKeyVersion_CryptoKeyVersionState_value = map[string]int32{
		"CRYPTO_KEY_VERSION_STATE_UNSPECIFIED": 0,
		"PENDING_GENERATION":                   5,
		"ENABLED":                              1,
		"DISABLED":                             2,
		"DESTROYED":                            3,
		"DESTROY_SCHEDULED":                    4,
		"PENDING_IMPORT":                       6,
		"IMPORT_FAILED":                        7,
	}
)

Enum value maps for CryptoKeyVersion_CryptoKeyVersionState.

View Source
var (
	CryptoKeyVersion_CryptoKeyVersionView_name = map[int32]string{
		0: "CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED",
		1: "FULL",
	}
	CryptoKeyVersion_CryptoKeyVersionView_value = map[string]int32{
		"CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED": 0,
		"FULL":                                1,
	}
)

Enum value maps for CryptoKeyVersion_CryptoKeyVersionView.

View Source
var (
	ImportJob_ImportMethod_name = map[int32]string{
		0: "IMPORT_METHOD_UNSPECIFIED",
		1: "RSA_OAEP_3072_SHA1_AES_256",
		2: "RSA_OAEP_4096_SHA1_AES_256",
		3: "RSA_OAEP_3072_SHA256_AES_256",
		4: "RSA_OAEP_4096_SHA256_AES_256",
		5: "RSA_OAEP_3072_SHA256",
		6: "RSA_OAEP_4096_SHA256",
	}
	ImportJob_ImportMethod_value = map[string]int32{
		"IMPORT_METHOD_UNSPECIFIED":    0,
		"RSA_OAEP_3072_SHA1_AES_256":   1,
		"RSA_OAEP_4096_SHA1_AES_256":   2,
		"RSA_OAEP_3072_SHA256_AES_256": 3,
		"RSA_OAEP_4096_SHA256_AES_256": 4,
		"RSA_OAEP_3072_SHA256":         5,
		"RSA_OAEP_4096_SHA256":         6,
	}
)

Enum value maps for ImportJob_ImportMethod.

View Source
var (
	ImportJob_ImportJobState_name = map[int32]string{
		0: "IMPORT_JOB_STATE_UNSPECIFIED",
		1: "PENDING_GENERATION",
		2: "ACTIVE",
		3: "EXPIRED",
	}
	ImportJob_ImportJobState_value = map[string]int32{
		"IMPORT_JOB_STATE_UNSPECIFIED": 0,
		"PENDING_GENERATION":           1,
		"ACTIVE":                       2,
		"EXPIRED":                      3,
	}
)

Enum value maps for ImportJob_ImportJobState.

View Source
var File_google_cloud_kms_v1_ekm_service_proto protoreflect.FileDescriptor
View Source
var File_google_cloud_kms_v1_resources_proto protoreflect.FileDescriptor
View Source
var File_google_cloud_kms_v1_service_proto protoreflect.FileDescriptor

Functions

func RegisterEkmServiceServer

func RegisterEkmServiceServer(s *grpc.Server, srv EkmServiceServer)

func RegisterKeyManagementServiceServer

func RegisterKeyManagementServiceServer(s *grpc.Server, srv KeyManagementServiceServer)

Types

type AsymmetricDecryptRequest

type AsymmetricDecryptRequest struct {

	// Required. The resource name of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
	// decryption.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. The data encrypted with the named
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s public key using
	// OAEP.
	Ciphertext []byte `protobuf:"bytes,3,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
	// Optional. An optional CRC32C checksum of the
	// [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext].
	// If specified,
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// verify the integrity of the received
	// [AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]
	// using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// report an error if the checksum verification fails. If you receive a
	// checksum error, your client should verify that
	// CRC32C([AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext])
	// is equal to
	// [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c],
	// and if so, perform a limited number of retries. A persistent mismatch may
	// indicate an issue in your computation of the CRC32C checksum. Note: This
	// field is defined as int64 for reasons of compatibility across different
	// languages. However, it is a non-negative integer, which will never exceed
	// 2^32-1, and can be safely downconverted to uint32 in languages that support
	// this type.
	CiphertextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,4,opt,name=ciphertext_crc32c,json=ciphertextCrc32c,proto3" json:"ciphertext_crc32c,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt].

func (*AsymmetricDecryptRequest) Descriptor deprecated

func (*AsymmetricDecryptRequest) Descriptor() ([]byte, []int)

Deprecated: Use AsymmetricDecryptRequest.ProtoReflect.Descriptor instead.

func (*AsymmetricDecryptRequest) GetCiphertext

func (x *AsymmetricDecryptRequest) GetCiphertext() []byte

func (*AsymmetricDecryptRequest) GetCiphertextCrc32C

func (x *AsymmetricDecryptRequest) GetCiphertextCrc32C() *wrapperspb.Int64Value

func (*AsymmetricDecryptRequest) GetName

func (x *AsymmetricDecryptRequest) GetName() string

func (*AsymmetricDecryptRequest) ProtoMessage

func (*AsymmetricDecryptRequest) ProtoMessage()

func (*AsymmetricDecryptRequest) ProtoReflect

func (x *AsymmetricDecryptRequest) ProtoReflect() protoreflect.Message

func (*AsymmetricDecryptRequest) Reset

func (x *AsymmetricDecryptRequest) Reset()

func (*AsymmetricDecryptRequest) String

func (x *AsymmetricDecryptRequest) String() string

type AsymmetricDecryptResponse

type AsymmetricDecryptResponse struct {

	// The decrypted data originally encrypted with the matching public key.
	Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
	// Integrity verification field. A CRC32C checksum of the returned
	// [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext].
	// An integrity check of
	// [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext]
	// can be performed by computing the CRC32C checksum of
	// [AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext]
	// and comparing your results to this field. Discard the response in case of
	// non-matching checksum values, and perform a limited number of retries. A
	// persistent mismatch may indicate an issue in your computation of the CRC32C
	// checksum. Note: This field is defined as int64 for reasons of compatibility
	// across different languages. However, it is a non-negative integer, which
	// will never exceed 2^32-1, and can be safely downconverted to uint32 in
	// languages that support this type.
	PlaintextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,2,opt,name=plaintext_crc32c,json=plaintextCrc32c,proto3" json:"plaintext_crc32c,omitempty"`
	// Integrity verification field. A flag indicating whether
	// [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c]
	// was received by
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used
	// for the integrity verification of the
	// [ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext]. A
	// false value of this field indicates either that
	// [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c]
	// was left unset or that it was not delivered to
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
	// set
	// [AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c]
	// but this field is still false, discard the response and perform a limited
	// number of retries.
	VerifiedCiphertextCrc32C bool `` /* 136-byte string literal not displayed */
	// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in
	// decryption.
	ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt].

func (*AsymmetricDecryptResponse) Descriptor deprecated

func (*AsymmetricDecryptResponse) Descriptor() ([]byte, []int)

Deprecated: Use AsymmetricDecryptResponse.ProtoReflect.Descriptor instead.

func (*AsymmetricDecryptResponse) GetPlaintext

func (x *AsymmetricDecryptResponse) GetPlaintext() []byte

func (*AsymmetricDecryptResponse) GetPlaintextCrc32C

func (x *AsymmetricDecryptResponse) GetPlaintextCrc32C() *wrapperspb.Int64Value

func (*AsymmetricDecryptResponse) GetProtectionLevel

func (x *AsymmetricDecryptResponse) GetProtectionLevel() ProtectionLevel

func (*AsymmetricDecryptResponse) GetVerifiedCiphertextCrc32C

func (x *AsymmetricDecryptResponse) GetVerifiedCiphertextCrc32C() bool

func (*AsymmetricDecryptResponse) ProtoMessage

func (*AsymmetricDecryptResponse) ProtoMessage()

func (*AsymmetricDecryptResponse) ProtoReflect

func (*AsymmetricDecryptResponse) Reset

func (x *AsymmetricDecryptResponse) Reset()

func (*AsymmetricDecryptResponse) String

func (x *AsymmetricDecryptResponse) String() string

type AsymmetricSignRequest

type AsymmetricSignRequest struct {

	// Required. The resource name of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
	// signing.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. The digest of the data to sign. The digest must be produced with
	// the same digest algorithm as specified by the key version's
	// [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm].
	//
	// This field may not be supplied if
	// [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data]
	// is supplied.
	Digest *Digest `protobuf:"bytes,3,opt,name=digest,proto3" json:"digest,omitempty"`
	// Optional. An optional CRC32C checksum of the
	// [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest].
	// If specified,
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// verify the integrity of the received
	// [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]
	// using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// report an error if the checksum verification fails. If you receive a
	// checksum error, your client should verify that
	// CRC32C([AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest])
	// is equal to
	// [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c],
	// and if so, perform a limited number of retries. A persistent mismatch may
	// indicate an issue in your computation of the CRC32C checksum. Note: This
	// field is defined as int64 for reasons of compatibility across different
	// languages. However, it is a non-negative integer, which will never exceed
	// 2^32-1, and can be safely downconverted to uint32 in languages that support
	// this type.
	DigestCrc32C *wrapperspb.Int64Value `protobuf:"bytes,4,opt,name=digest_crc32c,json=digestCrc32c,proto3" json:"digest_crc32c,omitempty"`
	// Optional. The data to sign.
	// It can't be supplied if
	// [AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]
	// is supplied.
	Data []byte `protobuf:"bytes,6,opt,name=data,proto3" json:"data,omitempty"`
	// Optional. An optional CRC32C checksum of the
	// [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data].
	// If specified,
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// verify the integrity of the received
	// [AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data]
	// using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// report an error if the checksum verification fails. If you receive a
	// checksum error, your client should verify that
	// CRC32C([AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data])
	// is equal to
	// [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c],
	// and if so, perform a limited number of retries. A persistent mismatch may
	// indicate an issue in your computation of the CRC32C checksum. Note: This
	// field is defined as int64 for reasons of compatibility across different
	// languages. However, it is a non-negative integer, which will never exceed
	// 2^32-1, and can be safely downconverted to uint32 in languages that support
	// this type.
	DataCrc32C *wrapperspb.Int64Value `protobuf:"bytes,7,opt,name=data_crc32c,json=dataCrc32c,proto3" json:"data_crc32c,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign].

func (*AsymmetricSignRequest) Descriptor deprecated

func (*AsymmetricSignRequest) Descriptor() ([]byte, []int)

Deprecated: Use AsymmetricSignRequest.ProtoReflect.Descriptor instead.

func (*AsymmetricSignRequest) GetData

func (x *AsymmetricSignRequest) GetData() []byte

func (*AsymmetricSignRequest) GetDataCrc32C

func (x *AsymmetricSignRequest) GetDataCrc32C() *wrapperspb.Int64Value

func (*AsymmetricSignRequest) GetDigest

func (x *AsymmetricSignRequest) GetDigest() *Digest

func (*AsymmetricSignRequest) GetDigestCrc32C

func (x *AsymmetricSignRequest) GetDigestCrc32C() *wrapperspb.Int64Value

func (*AsymmetricSignRequest) GetName

func (x *AsymmetricSignRequest) GetName() string

func (*AsymmetricSignRequest) ProtoMessage

func (*AsymmetricSignRequest) ProtoMessage()

func (*AsymmetricSignRequest) ProtoReflect

func (x *AsymmetricSignRequest) ProtoReflect() protoreflect.Message

func (*AsymmetricSignRequest) Reset

func (x *AsymmetricSignRequest) Reset()

func (*AsymmetricSignRequest) String

func (x *AsymmetricSignRequest) String() string

type AsymmetricSignResponse

type AsymmetricSignResponse struct {

	// The created signature.
	Signature []byte `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"`
	// Integrity verification field. A CRC32C checksum of the returned
	// [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature].
	// An integrity check of
	// [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature]
	// can be performed by computing the CRC32C checksum of
	// [AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature]
	// and comparing your results to this field. Discard the response in case of
	// non-matching checksum values, and perform a limited number of retries. A
	// persistent mismatch may indicate an issue in your computation of the CRC32C
	// checksum. Note: This field is defined as int64 for reasons of compatibility
	// across different languages. However, it is a non-negative integer, which
	// will never exceed 2^32-1, and can be safely downconverted to uint32 in
	// languages that support this type.
	SignatureCrc32C *wrapperspb.Int64Value `protobuf:"bytes,2,opt,name=signature_crc32c,json=signatureCrc32c,proto3" json:"signature_crc32c,omitempty"`
	// Integrity verification field. A flag indicating whether
	// [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c]
	// was received by
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used
	// for the integrity verification of the
	// [digest][google.cloud.kms.v1.AsymmetricSignRequest.digest]. A false value
	// of this field indicates either that
	// [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c]
	// was left unset or that it was not delivered to
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
	// set
	// [AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c]
	// but this field is still false, discard the response and perform a limited
	// number of retries.
	VerifiedDigestCrc32C bool `protobuf:"varint,3,opt,name=verified_digest_crc32c,json=verifiedDigestCrc32c,proto3" json:"verified_digest_crc32c,omitempty"`
	// The resource name of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing.
	// Check this field to verify that the intended resource was used for signing.
	Name string `protobuf:"bytes,4,opt,name=name,proto3" json:"name,omitempty"`
	// Integrity verification field. A flag indicating whether
	// [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c]
	// was received by
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used
	// for the integrity verification of the
	// [data][google.cloud.kms.v1.AsymmetricSignRequest.data]. A false value of
	// this field indicates either that
	// [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c]
	// was left unset or that it was not delivered to
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
	// set
	// [AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c]
	// but this field is still false, discard the response and perform a limited
	// number of retries.
	VerifiedDataCrc32C bool `protobuf:"varint,5,opt,name=verified_data_crc32c,json=verifiedDataCrc32c,proto3" json:"verified_data_crc32c,omitempty"`
	// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing.
	ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign].

func (*AsymmetricSignResponse) Descriptor deprecated

func (*AsymmetricSignResponse) Descriptor() ([]byte, []int)

Deprecated: Use AsymmetricSignResponse.ProtoReflect.Descriptor instead.

func (*AsymmetricSignResponse) GetName

func (x *AsymmetricSignResponse) GetName() string

func (*AsymmetricSignResponse) GetProtectionLevel

func (x *AsymmetricSignResponse) GetProtectionLevel() ProtectionLevel

func (*AsymmetricSignResponse) GetSignature

func (x *AsymmetricSignResponse) GetSignature() []byte

func (*AsymmetricSignResponse) GetSignatureCrc32C

func (x *AsymmetricSignResponse) GetSignatureCrc32C() *wrapperspb.Int64Value

func (*AsymmetricSignResponse) GetVerifiedDataCrc32C

func (x *AsymmetricSignResponse) GetVerifiedDataCrc32C() bool

func (*AsymmetricSignResponse) GetVerifiedDigestCrc32C

func (x *AsymmetricSignResponse) GetVerifiedDigestCrc32C() bool

func (*AsymmetricSignResponse) ProtoMessage

func (*AsymmetricSignResponse) ProtoMessage()

func (*AsymmetricSignResponse) ProtoReflect

func (x *AsymmetricSignResponse) ProtoReflect() protoreflect.Message

func (*AsymmetricSignResponse) Reset

func (x *AsymmetricSignResponse) Reset()

func (*AsymmetricSignResponse) String

func (x *AsymmetricSignResponse) String() string

type Certificate

type Certificate struct {

	// Required. The raw certificate bytes in DER format.
	RawDer []byte `protobuf:"bytes,1,opt,name=raw_der,json=rawDer,proto3" json:"raw_der,omitempty"`
	// Output only. True if the certificate was parsed successfully.
	Parsed bool `protobuf:"varint,2,opt,name=parsed,proto3" json:"parsed,omitempty"`
	// Output only. The issuer distinguished name in RFC 2253 format. Only present
	// if [parsed][google.cloud.kms.v1.Certificate.parsed] is true.
	Issuer string `protobuf:"bytes,3,opt,name=issuer,proto3" json:"issuer,omitempty"`
	// Output only. The subject distinguished name in RFC 2253 format. Only
	// present if [parsed][google.cloud.kms.v1.Certificate.parsed] is true.
	Subject string `protobuf:"bytes,4,opt,name=subject,proto3" json:"subject,omitempty"`
	// Output only. The subject Alternative DNS names. Only present if
	// [parsed][google.cloud.kms.v1.Certificate.parsed] is true.
	SubjectAlternativeDnsNames []string `` /* 143-byte string literal not displayed */
	// Output only. The certificate is not valid before this time. Only present if
	// [parsed][google.cloud.kms.v1.Certificate.parsed] is true.
	NotBeforeTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=not_before_time,json=notBeforeTime,proto3" json:"not_before_time,omitempty"`
	// Output only. The certificate is not valid after this time. Only present if
	// [parsed][google.cloud.kms.v1.Certificate.parsed] is true.
	NotAfterTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=not_after_time,json=notAfterTime,proto3" json:"not_after_time,omitempty"`
	// Output only. The certificate serial number as a hex string. Only present if
	// [parsed][google.cloud.kms.v1.Certificate.parsed] is true.
	SerialNumber string `protobuf:"bytes,8,opt,name=serial_number,json=serialNumber,proto3" json:"serial_number,omitempty"`
	// Output only. The SHA-256 certificate fingerprint as a hex string. Only
	// present if [parsed][google.cloud.kms.v1.Certificate.parsed] is true.
	Sha256Fingerprint string `protobuf:"bytes,9,opt,name=sha256_fingerprint,json=sha256Fingerprint,proto3" json:"sha256_fingerprint,omitempty"`
	// contains filtered or unexported fields
}

A Certificate[google.cloud.kms.v1.Certificate] represents an X.509 certificate used to authenticate HTTPS connections to EKM replicas.

func (*Certificate) Descriptor deprecated

func (*Certificate) Descriptor() ([]byte, []int)

Deprecated: Use Certificate.ProtoReflect.Descriptor instead.

func (*Certificate) GetIssuer

func (x *Certificate) GetIssuer() string

func (*Certificate) GetNotAfterTime

func (x *Certificate) GetNotAfterTime() *timestamppb.Timestamp

func (*Certificate) GetNotBeforeTime

func (x *Certificate) GetNotBeforeTime() *timestamppb.Timestamp

func (*Certificate) GetParsed

func (x *Certificate) GetParsed() bool

func (*Certificate) GetRawDer

func (x *Certificate) GetRawDer() []byte

func (*Certificate) GetSerialNumber

func (x *Certificate) GetSerialNumber() string

func (*Certificate) GetSha256Fingerprint

func (x *Certificate) GetSha256Fingerprint() string

func (*Certificate) GetSubject

func (x *Certificate) GetSubject() string

func (*Certificate) GetSubjectAlternativeDnsNames

func (x *Certificate) GetSubjectAlternativeDnsNames() []string

func (*Certificate) ProtoMessage

func (*Certificate) ProtoMessage()

func (*Certificate) ProtoReflect

func (x *Certificate) ProtoReflect() protoreflect.Message

func (*Certificate) Reset

func (x *Certificate) Reset()

func (*Certificate) String

func (x *Certificate) String() string

type CreateCryptoKeyRequest

type CreateCryptoKeyRequest struct {

	// Required. The [name][google.cloud.kms.v1.KeyRing.name] of the KeyRing
	// associated with the [CryptoKeys][google.cloud.kms.v1.CryptoKey].
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. It must be unique within a KeyRing and match the regular
	// expression `[a-zA-Z0-9_-]{1,63}`
	CryptoKeyId string `protobuf:"bytes,2,opt,name=crypto_key_id,json=cryptoKeyId,proto3" json:"crypto_key_id,omitempty"`
	// Required. A [CryptoKey][google.cloud.kms.v1.CryptoKey] with initial field
	// values.
	CryptoKey *CryptoKey `protobuf:"bytes,3,opt,name=crypto_key,json=cryptoKey,proto3" json:"crypto_key,omitempty"`
	// If set to true, the request will create a
	// [CryptoKey][google.cloud.kms.v1.CryptoKey] without any
	// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. You must
	// manually call
	// [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]
	// or
	// [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]
	// before you can use this [CryptoKey][google.cloud.kms.v1.CryptoKey].
	SkipInitialVersionCreation bool `` /* 144-byte string literal not displayed */
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey].

func (*CreateCryptoKeyRequest) Descriptor deprecated

func (*CreateCryptoKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateCryptoKeyRequest.ProtoReflect.Descriptor instead.

func (*CreateCryptoKeyRequest) GetCryptoKey

func (x *CreateCryptoKeyRequest) GetCryptoKey() *CryptoKey

func (*CreateCryptoKeyRequest) GetCryptoKeyId

func (x *CreateCryptoKeyRequest) GetCryptoKeyId() string

func (*CreateCryptoKeyRequest) GetParent

func (x *CreateCryptoKeyRequest) GetParent() string

func (*CreateCryptoKeyRequest) GetSkipInitialVersionCreation

func (x *CreateCryptoKeyRequest) GetSkipInitialVersionCreation() bool

func (*CreateCryptoKeyRequest) ProtoMessage

func (*CreateCryptoKeyRequest) ProtoMessage()

func (*CreateCryptoKeyRequest) ProtoReflect

func (x *CreateCryptoKeyRequest) ProtoReflect() protoreflect.Message

func (*CreateCryptoKeyRequest) Reset

func (x *CreateCryptoKeyRequest) Reset()

func (*CreateCryptoKeyRequest) String

func (x *CreateCryptoKeyRequest) String() string

type CreateCryptoKeyVersionRequest

type CreateCryptoKeyVersionRequest struct {

	// Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the
	// [CryptoKey][google.cloud.kms.v1.CryptoKey] associated with the
	// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
	// initial field values.
	CryptoKeyVersion *CryptoKeyVersion `protobuf:"bytes,2,opt,name=crypto_key_version,json=cryptoKeyVersion,proto3" json:"crypto_key_version,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion].

func (*CreateCryptoKeyVersionRequest) Descriptor deprecated

func (*CreateCryptoKeyVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.

func (*CreateCryptoKeyVersionRequest) GetCryptoKeyVersion

func (x *CreateCryptoKeyVersionRequest) GetCryptoKeyVersion() *CryptoKeyVersion

func (*CreateCryptoKeyVersionRequest) GetParent

func (x *CreateCryptoKeyVersionRequest) GetParent() string

func (*CreateCryptoKeyVersionRequest) ProtoMessage

func (*CreateCryptoKeyVersionRequest) ProtoMessage()

func (*CreateCryptoKeyVersionRequest) ProtoReflect

func (*CreateCryptoKeyVersionRequest) Reset

func (x *CreateCryptoKeyVersionRequest) Reset()

func (*CreateCryptoKeyVersionRequest) String

type CreateEkmConnectionRequest

type CreateEkmConnectionRequest struct {

	// Required. The resource name of the location associated with the
	// [EkmConnection][google.cloud.kms.v1.EkmConnection], in the format
	// `projects/*/locations/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. It must be unique within a location and match the regular
	// expression `[a-zA-Z0-9_-]{1,63}`.
	EkmConnectionId string `protobuf:"bytes,2,opt,name=ekm_connection_id,json=ekmConnectionId,proto3" json:"ekm_connection_id,omitempty"`
	// Required. An [EkmConnection][google.cloud.kms.v1.EkmConnection] with
	// initial field values.
	EkmConnection *EkmConnection `protobuf:"bytes,3,opt,name=ekm_connection,json=ekmConnection,proto3" json:"ekm_connection,omitempty"`
	// contains filtered or unexported fields
}

Request message for [EkmService.CreateEkmConnection][google.cloud.kms.v1.EkmService.CreateEkmConnection].

func (*CreateEkmConnectionRequest) Descriptor deprecated

func (*CreateEkmConnectionRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateEkmConnectionRequest.ProtoReflect.Descriptor instead.

func (*CreateEkmConnectionRequest) GetEkmConnection

func (x *CreateEkmConnectionRequest) GetEkmConnection() *EkmConnection

func (*CreateEkmConnectionRequest) GetEkmConnectionId

func (x *CreateEkmConnectionRequest) GetEkmConnectionId() string

func (*CreateEkmConnectionRequest) GetParent

func (x *CreateEkmConnectionRequest) GetParent() string

func (*CreateEkmConnectionRequest) ProtoMessage

func (*CreateEkmConnectionRequest) ProtoMessage()

func (*CreateEkmConnectionRequest) ProtoReflect

func (*CreateEkmConnectionRequest) Reset

func (x *CreateEkmConnectionRequest) Reset()

func (*CreateEkmConnectionRequest) String

func (x *CreateEkmConnectionRequest) String() string

type CreateImportJobRequest

type CreateImportJobRequest struct {

	// Required. The [name][google.cloud.kms.v1.KeyRing.name] of the
	// [KeyRing][google.cloud.kms.v1.KeyRing] associated with the
	// [ImportJobs][google.cloud.kms.v1.ImportJob].
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. It must be unique within a KeyRing and match the regular
	// expression `[a-zA-Z0-9_-]{1,63}`
	ImportJobId string `protobuf:"bytes,2,opt,name=import_job_id,json=importJobId,proto3" json:"import_job_id,omitempty"`
	// Required. An [ImportJob][google.cloud.kms.v1.ImportJob] with initial field
	// values.
	ImportJob *ImportJob `protobuf:"bytes,3,opt,name=import_job,json=importJob,proto3" json:"import_job,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.CreateImportJob][google.cloud.kms.v1.KeyManagementService.CreateImportJob].

func (*CreateImportJobRequest) Descriptor deprecated

func (*CreateImportJobRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateImportJobRequest.ProtoReflect.Descriptor instead.

func (*CreateImportJobRequest) GetImportJob

func (x *CreateImportJobRequest) GetImportJob() *ImportJob

func (*CreateImportJobRequest) GetImportJobId

func (x *CreateImportJobRequest) GetImportJobId() string

func (*CreateImportJobRequest) GetParent

func (x *CreateImportJobRequest) GetParent() string

func (*CreateImportJobRequest) ProtoMessage

func (*CreateImportJobRequest) ProtoMessage()

func (*CreateImportJobRequest) ProtoReflect

func (x *CreateImportJobRequest) ProtoReflect() protoreflect.Message

func (*CreateImportJobRequest) Reset

func (x *CreateImportJobRequest) Reset()

func (*CreateImportJobRequest) String

func (x *CreateImportJobRequest) String() string

type CreateKeyRingRequest

type CreateKeyRingRequest struct {

	// Required. The resource name of the location associated with the
	// [KeyRings][google.cloud.kms.v1.KeyRing], in the format
	// `projects/*/locations/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. It must be unique within a location and match the regular
	// expression `[a-zA-Z0-9_-]{1,63}`
	KeyRingId string `protobuf:"bytes,2,opt,name=key_ring_id,json=keyRingId,proto3" json:"key_ring_id,omitempty"`
	// Required. A [KeyRing][google.cloud.kms.v1.KeyRing] with initial field
	// values.
	KeyRing *KeyRing `protobuf:"bytes,3,opt,name=key_ring,json=keyRing,proto3" json:"key_ring,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.CreateKeyRing][google.cloud.kms.v1.KeyManagementService.CreateKeyRing].

func (*CreateKeyRingRequest) Descriptor deprecated

func (*CreateKeyRingRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateKeyRingRequest.ProtoReflect.Descriptor instead.

func (*CreateKeyRingRequest) GetKeyRing

func (x *CreateKeyRingRequest) GetKeyRing() *KeyRing

func (*CreateKeyRingRequest) GetKeyRingId

func (x *CreateKeyRingRequest) GetKeyRingId() string

func (*CreateKeyRingRequest) GetParent

func (x *CreateKeyRingRequest) GetParent() string

func (*CreateKeyRingRequest) ProtoMessage

func (*CreateKeyRingRequest) ProtoMessage()

func (*CreateKeyRingRequest) ProtoReflect

func (x *CreateKeyRingRequest) ProtoReflect() protoreflect.Message

func (*CreateKeyRingRequest) Reset

func (x *CreateKeyRingRequest) Reset()

func (*CreateKeyRingRequest) String

func (x *CreateKeyRingRequest) String() string

type CryptoKey

type CryptoKey struct {

	// Output only. The resource name for this
	// [CryptoKey][google.cloud.kms.v1.CryptoKey] in the format
	// `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Output only. A copy of the "primary"
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that will be used
	// by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] when this
	// [CryptoKey][google.cloud.kms.v1.CryptoKey] is given in
	// [EncryptRequest.name][google.cloud.kms.v1.EncryptRequest.name].
	//
	// The [CryptoKey][google.cloud.kms.v1.CryptoKey]'s primary version can be
	// updated via
	// [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion].
	//
	// Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]
	// may have a primary. For other keys, this field will be omitted.
	Primary *CryptoKeyVersion `protobuf:"bytes,2,opt,name=primary,proto3" json:"primary,omitempty"`
	// Immutable. The immutable purpose of this
	// [CryptoKey][google.cloud.kms.v1.CryptoKey].
	Purpose CryptoKey_CryptoKeyPurpose `protobuf:"varint,3,opt,name=purpose,proto3,enum=google.cloud.kms.v1.CryptoKey_CryptoKeyPurpose" json:"purpose,omitempty"`
	// Output only. The time at which this
	// [CryptoKey][google.cloud.kms.v1.CryptoKey] was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// At [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time],
	// the Key Management Service will automatically:
	//
	// 1. Create a new version of this [CryptoKey][google.cloud.kms.v1.CryptoKey].
	// 2. Mark the new version as primary.
	//
	// Key rotations performed manually via
	// [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]
	// and
	// [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion]
	// do not affect
	// [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time].
	//
	// Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]
	// support automatic rotation. For other keys, this field must be omitted.
	NextRotationTime *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=next_rotation_time,json=nextRotationTime,proto3" json:"next_rotation_time,omitempty"`
	// Controls the rate of automatic rotation.
	//
	// Types that are assignable to RotationSchedule:
	//
	//	*CryptoKey_RotationPeriod
	RotationSchedule isCryptoKey_RotationSchedule `protobuf_oneof:"rotation_schedule"`
	// A template describing settings for new
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] instances. The
	// properties of new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
	// instances created by either
	// [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]
	// or auto-rotation are controlled by this template.
	VersionTemplate *CryptoKeyVersionTemplate `protobuf:"bytes,11,opt,name=version_template,json=versionTemplate,proto3" json:"version_template,omitempty"`
	// Labels with user-defined metadata. For more information, see
	// [Labeling Keys](https://cloud.google.com/kms/docs/labeling-keys).
	Labels map[string]string `` /* 154-byte string literal not displayed */
	// Immutable. Whether this key may contain imported versions only.
	ImportOnly bool `protobuf:"varint,13,opt,name=import_only,json=importOnly,proto3" json:"import_only,omitempty"`
	// Immutable. The period of time that versions of this key spend in the
	// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
	// state before transitioning to
	// [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED].
	// If not specified at creation time, the default duration is 24 hours.
	DestroyScheduledDuration *durationpb.Duration `` /* 136-byte string literal not displayed */
	// Immutable. The resource name of the backend environment where the key
	// material for all [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]
	// associated with this [CryptoKey][google.cloud.kms.v1.CryptoKey] reside and
	// where all related cryptographic operations are performed. Only applicable
	// if [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] have a
	// [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of
	// [EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC], with the
	// resource name in the format `projects/*/locations/*/ekmConnections/*`.
	// Note, this list is non-exhaustive and may apply to additional
	// [ProtectionLevels][google.cloud.kms.v1.ProtectionLevel] in the future.
	CryptoKeyBackend string `protobuf:"bytes,15,opt,name=crypto_key_backend,json=cryptoKeyBackend,proto3" json:"crypto_key_backend,omitempty"`
	// contains filtered or unexported fields
}

A CryptoKey[google.cloud.kms.v1.CryptoKey] represents a logical key that can be used for cryptographic operations.

A CryptoKey[google.cloud.kms.v1.CryptoKey] is made up of zero or more [versions][google.cloud.kms.v1.CryptoKeyVersion], which represent the actual key material used in cryptographic operations.

func (*CryptoKey) Descriptor deprecated

func (*CryptoKey) Descriptor() ([]byte, []int)

Deprecated: Use CryptoKey.ProtoReflect.Descriptor instead.

func (*CryptoKey) GetCreateTime

func (x *CryptoKey) GetCreateTime() *timestamppb.Timestamp

func (*CryptoKey) GetCryptoKeyBackend

func (x *CryptoKey) GetCryptoKeyBackend() string

func (*CryptoKey) GetDestroyScheduledDuration

func (x *CryptoKey) GetDestroyScheduledDuration() *durationpb.Duration

func (*CryptoKey) GetImportOnly

func (x *CryptoKey) GetImportOnly() bool

func (*CryptoKey) GetLabels

func (x *CryptoKey) GetLabels() map[string]string

func (*CryptoKey) GetName

func (x *CryptoKey) GetName() string

func (*CryptoKey) GetNextRotationTime

func (x *CryptoKey) GetNextRotationTime() *timestamppb.Timestamp

func (*CryptoKey) GetPrimary

func (x *CryptoKey) GetPrimary() *CryptoKeyVersion

func (*CryptoKey) GetPurpose

func (x *CryptoKey) GetPurpose() CryptoKey_CryptoKeyPurpose

func (*CryptoKey) GetRotationPeriod

func (x *CryptoKey) GetRotationPeriod() *durationpb.Duration

func (*CryptoKey) GetRotationSchedule

func (m *CryptoKey) GetRotationSchedule() isCryptoKey_RotationSchedule

func (*CryptoKey) GetVersionTemplate

func (x *CryptoKey) GetVersionTemplate() *CryptoKeyVersionTemplate

func (*CryptoKey) ProtoMessage

func (*CryptoKey) ProtoMessage()

func (*CryptoKey) ProtoReflect

func (x *CryptoKey) ProtoReflect() protoreflect.Message

func (*CryptoKey) Reset

func (x *CryptoKey) Reset()

func (*CryptoKey) String

func (x *CryptoKey) String() string

type CryptoKeyVersion

type CryptoKeyVersion struct {

	// Output only. The resource name for this
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the format
	// `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The current state of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	State CryptoKeyVersion_CryptoKeyVersionState `` /* 128-byte string literal not displayed */
	// Output only. The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel]
	// describing how crypto operations are performed with this
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */
	// Output only. The
	// [CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
	// that this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
	// supports.
	Algorithm CryptoKeyVersion_CryptoKeyVersionAlgorithm `` /* 141-byte string literal not displayed */
	// Output only. Statement that was generated and signed by the HSM at key
	// creation time. Use this statement to verify attributes of the key as stored
	// on the HSM, independently of Google. Only provided for key versions with
	// [protection_level][google.cloud.kms.v1.CryptoKeyVersion.protection_level]
	// [HSM][google.cloud.kms.v1.ProtectionLevel.HSM].
	Attestation *KeyOperationAttestation `protobuf:"bytes,8,opt,name=attestation,proto3" json:"attestation,omitempty"`
	// Output only. The time at which this
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// Output only. The time this
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material was
	// generated.
	GenerateTime *timestamppb.Timestamp `protobuf:"bytes,11,opt,name=generate_time,json=generateTime,proto3" json:"generate_time,omitempty"`
	// Output only. The time this
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material is
	// scheduled for destruction. Only present if
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
	// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED].
	DestroyTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=destroy_time,json=destroyTime,proto3" json:"destroy_time,omitempty"`
	// Output only. The time this CryptoKeyVersion's key material was
	// destroyed. Only present if
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
	// [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED].
	DestroyEventTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=destroy_event_time,json=destroyEventTime,proto3" json:"destroy_event_time,omitempty"`
	// Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob]
	// used in the most recent import of this
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Only present if
	// the underlying key material was imported.
	ImportJob string `protobuf:"bytes,14,opt,name=import_job,json=importJob,proto3" json:"import_job,omitempty"`
	// Output only. The time at which this
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material was
	// most recently imported.
	ImportTime *timestamppb.Timestamp `protobuf:"bytes,15,opt,name=import_time,json=importTime,proto3" json:"import_time,omitempty"`
	// Output only. The root cause of the most recent import failure. Only present
	// if [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
	// [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED].
	ImportFailureReason string `protobuf:"bytes,16,opt,name=import_failure_reason,json=importFailureReason,proto3" json:"import_failure_reason,omitempty"`
	// ExternalProtectionLevelOptions stores a group of additional fields for
	// configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that
	// are specific to the
	// [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level
	// and [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC]
	// protection levels.
	ExternalProtectionLevelOptions *ExternalProtectionLevelOptions `` /* 156-byte string literal not displayed */
	// Output only. Whether or not this key version is eligible for reimport, by
	// being specified as a target in
	// [ImportCryptoKeyVersionRequest.crypto_key_version][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.crypto_key_version].
	ReimportEligible bool `protobuf:"varint,18,opt,name=reimport_eligible,json=reimportEligible,proto3" json:"reimport_eligible,omitempty"`
	// contains filtered or unexported fields
}

A CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion] represents an individual cryptographic key, and the associated key material.

An [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] version can be used for cryptographic operations.

For security reasons, the raw cryptographic key material represented by a CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion] can never be viewed or exported. It can only be used to encrypt, decrypt, or sign data when an authorized user or application invokes Cloud KMS.

func (*CryptoKeyVersion) Descriptor deprecated

func (*CryptoKeyVersion) Descriptor() ([]byte, []int)

Deprecated: Use CryptoKeyVersion.ProtoReflect.Descriptor instead.

func (*CryptoKeyVersion) GetAlgorithm

func (*CryptoKeyVersion) GetAttestation

func (x *CryptoKeyVersion) GetAttestation() *KeyOperationAttestation

func (*CryptoKeyVersion) GetCreateTime

func (x *CryptoKeyVersion) GetCreateTime() *timestamppb.Timestamp

func (*CryptoKeyVersion) GetDestroyEventTime

func (x *CryptoKeyVersion) GetDestroyEventTime() *timestamppb.Timestamp

func (*CryptoKeyVersion) GetDestroyTime

func (x *CryptoKeyVersion) GetDestroyTime() *timestamppb.Timestamp

func (*CryptoKeyVersion) GetExternalProtectionLevelOptions

func (x *CryptoKeyVersion) GetExternalProtectionLevelOptions() *ExternalProtectionLevelOptions

func (*CryptoKeyVersion) GetGenerateTime

func (x *CryptoKeyVersion) GetGenerateTime() *timestamppb.Timestamp

func (*CryptoKeyVersion) GetImportFailureReason

func (x *CryptoKeyVersion) GetImportFailureReason() string

func (*CryptoKeyVersion) GetImportJob

func (x *CryptoKeyVersion) GetImportJob() string

func (*CryptoKeyVersion) GetImportTime

func (x *CryptoKeyVersion) GetImportTime() *timestamppb.Timestamp

func (*CryptoKeyVersion) GetName

func (x *CryptoKeyVersion) GetName() string

func (*CryptoKeyVersion) GetProtectionLevel

func (x *CryptoKeyVersion) GetProtectionLevel() ProtectionLevel

func (*CryptoKeyVersion) GetReimportEligible

func (x *CryptoKeyVersion) GetReimportEligible() bool

func (*CryptoKeyVersion) GetState

func (*CryptoKeyVersion) ProtoMessage

func (*CryptoKeyVersion) ProtoMessage()

func (*CryptoKeyVersion) ProtoReflect

func (x *CryptoKeyVersion) ProtoReflect() protoreflect.Message

func (*CryptoKeyVersion) Reset

func (x *CryptoKeyVersion) Reset()

func (*CryptoKeyVersion) String

func (x *CryptoKeyVersion) String() string

type CryptoKeyVersionTemplate

type CryptoKeyVersionTemplate struct {

	// [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] to use when creating
	// a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] based on this
	// template. Immutable. Defaults to
	// [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE].
	ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */
	// Required.
	// [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
	// to use when creating a
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] based on this
	// template.
	//
	// For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both
	// this field is omitted and
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] is
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
	Algorithm CryptoKeyVersion_CryptoKeyVersionAlgorithm `` /* 140-byte string literal not displayed */
	// contains filtered or unexported fields
}

A CryptoKeyVersionTemplate[google.cloud.kms.v1.CryptoKeyVersionTemplate] specifies the properties to use when creating a new CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion], either manually with [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or automatically as a result of auto-rotation.

func (*CryptoKeyVersionTemplate) Descriptor deprecated

func (*CryptoKeyVersionTemplate) Descriptor() ([]byte, []int)

Deprecated: Use CryptoKeyVersionTemplate.ProtoReflect.Descriptor instead.

func (*CryptoKeyVersionTemplate) GetAlgorithm

func (*CryptoKeyVersionTemplate) GetProtectionLevel

func (x *CryptoKeyVersionTemplate) GetProtectionLevel() ProtectionLevel

func (*CryptoKeyVersionTemplate) ProtoMessage

func (*CryptoKeyVersionTemplate) ProtoMessage()

func (*CryptoKeyVersionTemplate) ProtoReflect

func (x *CryptoKeyVersionTemplate) ProtoReflect() protoreflect.Message

func (*CryptoKeyVersionTemplate) Reset

func (x *CryptoKeyVersionTemplate) Reset()

func (*CryptoKeyVersionTemplate) String

func (x *CryptoKeyVersionTemplate) String() string

type CryptoKeyVersion_CryptoKeyVersionAlgorithm

type CryptoKeyVersion_CryptoKeyVersionAlgorithm int32

The algorithm of the CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion], indicating what parameters must be used for each cryptographic operation.

The [GOOGLE_SYMMETRIC_ENCRYPTION][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION] algorithm is usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].

Algorithms beginning with "RSA_SIGN_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN].

The fields in the name after "RSA_SIGN_" correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm.

For PSS, the salt length used is equal to the length of digest algorithm. For example, [RSA_SIGN_PSS_2048_SHA256][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256] will use PSS with a salt length of 256 bits or 32 bytes.

Algorithms beginning with "RSA_DECRYPT_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].

The fields in the name after "RSA_DECRYPT_" correspond to the following parameters: padding algorithm, modulus bit length, and digest algorithm.

Algorithms beginning with "EC_SIGN_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN].

The fields in the name after "EC_SIGN_" correspond to the following parameters: elliptic curve, digest algorithm.

Algorithms beginning with "HMAC_" are usable with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] [MAC][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.MAC].

The suffix following "HMAC_" corresponds to the hash algorithm being used (eg. SHA256).

For more information, see [Key purposes and algorithms] (https://cloud.google.com/kms/docs/algorithms).

const (
	// Not specified.
	CryptoKeyVersion_CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED CryptoKeyVersion_CryptoKeyVersionAlgorithm = 0
	// Creates symmetric encryption keys.
	CryptoKeyVersion_GOOGLE_SYMMETRIC_ENCRYPTION CryptoKeyVersion_CryptoKeyVersionAlgorithm = 1
	// RSASSA-PSS 2048 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PSS_2048_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 2
	// RSASSA-PSS 3072 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PSS_3072_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 3
	// RSASSA-PSS 4096 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 4
	// RSASSA-PSS 4096 bit key with a SHA512 digest.
	CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 15
	// RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PKCS1_2048_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 5
	// RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PKCS1_3072_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 6
	// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
	CryptoKeyVersion_RSA_SIGN_PKCS1_4096_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 7
	// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
	CryptoKeyVersion_RSA_SIGN_PKCS1_4096_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 16
	// RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
	CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_2048 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 28
	// RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
	CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_3072 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 29
	// RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
	CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_4096 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 30
	// RSAES-OAEP 2048 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_2048_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 8
	// RSAES-OAEP 3072 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_3072_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 9
	// RSAES-OAEP 4096 bit key with a SHA256 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 10
	// RSAES-OAEP 4096 bit key with a SHA512 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 17
	// RSAES-OAEP 2048 bit key with a SHA1 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_2048_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 37
	// RSAES-OAEP 3072 bit key with a SHA1 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_3072_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 38
	// RSAES-OAEP 4096 bit key with a SHA1 digest.
	CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 39
	// ECDSA on the NIST P-256 curve with a SHA256 digest.
	CryptoKeyVersion_EC_SIGN_P256_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 12
	// ECDSA on the NIST P-384 curve with a SHA384 digest.
	CryptoKeyVersion_EC_SIGN_P384_SHA384 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 13
	// ECDSA on the non-NIST secp256k1 curve. This curve is only supported for
	// HSM protection level.
	CryptoKeyVersion_EC_SIGN_SECP256K1_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 31
	// HMAC-SHA256 signing with a 256 bit key.
	CryptoKeyVersion_HMAC_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 32
	// HMAC-SHA1 signing with a 160 bit key.
	CryptoKeyVersion_HMAC_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 33
	// HMAC-SHA384 signing with a 384 bit key.
	CryptoKeyVersion_HMAC_SHA384 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 34
	// HMAC-SHA512 signing with a 512 bit key.
	CryptoKeyVersion_HMAC_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 35
	// HMAC-SHA224 signing with a 224 bit key.
	CryptoKeyVersion_HMAC_SHA224 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 36
	// Algorithm representing symmetric encryption by an external key manager.
	CryptoKeyVersion_EXTERNAL_SYMMETRIC_ENCRYPTION CryptoKeyVersion_CryptoKeyVersionAlgorithm = 18
)

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Descriptor

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Enum

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) EnumDescriptor deprecated

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) EnumDescriptor() ([]byte, []int)

Deprecated: Use CryptoKeyVersion_CryptoKeyVersionAlgorithm.Descriptor instead.

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Number

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) String

func (CryptoKeyVersion_CryptoKeyVersionAlgorithm) Type

type CryptoKeyVersion_CryptoKeyVersionState

type CryptoKeyVersion_CryptoKeyVersionState int32

The state of a CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion], indicating if it can be used.

const (
	// Not specified.
	CryptoKeyVersion_CRYPTO_KEY_VERSION_STATE_UNSPECIFIED CryptoKeyVersion_CryptoKeyVersionState = 0
	// This version is still being generated. It may not be used, enabled,
	// disabled, or destroyed yet. Cloud KMS will automatically mark this
	// version
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
	// as soon as the version is ready.
	CryptoKeyVersion_PENDING_GENERATION CryptoKeyVersion_CryptoKeyVersionState = 5
	// This version may be used for cryptographic operations.
	CryptoKeyVersion_ENABLED CryptoKeyVersion_CryptoKeyVersionState = 1
	// This version may not be used, but the key material is still available,
	// and the version can be placed back into the
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
	// state.
	CryptoKeyVersion_DISABLED CryptoKeyVersion_CryptoKeyVersionState = 2
	// This version is destroyed, and the key material is no longer stored.
	// This version may only become
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
	// again if this version is
	// [reimport_eligible][google.cloud.kms.v1.CryptoKeyVersion.reimport_eligible]
	// and the original key material is reimported with a call to
	// [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion].
	CryptoKeyVersion_DESTROYED CryptoKeyVersion_CryptoKeyVersionState = 3
	// This version is scheduled for destruction, and will be destroyed soon.
	// Call
	// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
	// to put it back into the
	// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]
	// state.
	CryptoKeyVersion_DESTROY_SCHEDULED CryptoKeyVersion_CryptoKeyVersionState = 4
	// This version is still being imported. It may not be used, enabled,
	// disabled, or destroyed yet. Cloud KMS will automatically mark this
	// version
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
	// as soon as the version is ready.
	CryptoKeyVersion_PENDING_IMPORT CryptoKeyVersion_CryptoKeyVersionState = 6
	// This version was not imported successfully. It may not be used, enabled,
	// disabled, or destroyed. The submitted key material has been discarded.
	// Additional details can be found in
	// [CryptoKeyVersion.import_failure_reason][google.cloud.kms.v1.CryptoKeyVersion.import_failure_reason].
	CryptoKeyVersion_IMPORT_FAILED CryptoKeyVersion_CryptoKeyVersionState = 7
)

func (CryptoKeyVersion_CryptoKeyVersionState) Descriptor

func (CryptoKeyVersion_CryptoKeyVersionState) Enum

func (CryptoKeyVersion_CryptoKeyVersionState) EnumDescriptor deprecated

func (CryptoKeyVersion_CryptoKeyVersionState) EnumDescriptor() ([]byte, []int)

Deprecated: Use CryptoKeyVersion_CryptoKeyVersionState.Descriptor instead.

func (CryptoKeyVersion_CryptoKeyVersionState) Number

func (CryptoKeyVersion_CryptoKeyVersionState) String

func (CryptoKeyVersion_CryptoKeyVersionState) Type

type CryptoKeyVersion_CryptoKeyVersionView

type CryptoKeyVersion_CryptoKeyVersionView int32

A view for CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion]s. Controls the level of detail returned for [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] in [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions] and [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys].

const (
	// Default view for each
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Does not
	// include the
	// [attestation][google.cloud.kms.v1.CryptoKeyVersion.attestation] field.
	CryptoKeyVersion_CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED CryptoKeyVersion_CryptoKeyVersionView = 0
	// Provides all fields in each
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], including the
	// [attestation][google.cloud.kms.v1.CryptoKeyVersion.attestation].
	CryptoKeyVersion_FULL CryptoKeyVersion_CryptoKeyVersionView = 1
)

func (CryptoKeyVersion_CryptoKeyVersionView) Descriptor

func (CryptoKeyVersion_CryptoKeyVersionView) Enum

func (CryptoKeyVersion_CryptoKeyVersionView) EnumDescriptor deprecated

func (CryptoKeyVersion_CryptoKeyVersionView) EnumDescriptor() ([]byte, []int)

Deprecated: Use CryptoKeyVersion_CryptoKeyVersionView.Descriptor instead.

func (CryptoKeyVersion_CryptoKeyVersionView) Number

func (CryptoKeyVersion_CryptoKeyVersionView) String

func (CryptoKeyVersion_CryptoKeyVersionView) Type

type CryptoKey_CryptoKeyPurpose

type CryptoKey_CryptoKeyPurpose int32

[CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose] describes the cryptographic capabilities of a CryptoKey[google.cloud.kms.v1.CryptoKey]. A given key can only be used for the operations allowed by its purpose. For more information, see [Key purposes](https://cloud.google.com/kms/docs/algorithms#key_purposes).

const (
	// Not specified.
	CryptoKey_CRYPTO_KEY_PURPOSE_UNSPECIFIED CryptoKey_CryptoKeyPurpose = 0
	// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
	// with [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and
	// [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
	CryptoKey_ENCRYPT_DECRYPT CryptoKey_CryptoKeyPurpose = 1
	// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
	// with
	// [AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign]
	// and
	// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
	CryptoKey_ASYMMETRIC_SIGN CryptoKey_CryptoKeyPurpose = 5
	// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
	// with
	// [AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt]
	// and
	// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
	CryptoKey_ASYMMETRIC_DECRYPT CryptoKey_CryptoKeyPurpose = 6
	// [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
	// with [MacSign][google.cloud.kms.v1.KeyManagementService.MacSign].
	CryptoKey_MAC CryptoKey_CryptoKeyPurpose = 9
)

func (CryptoKey_CryptoKeyPurpose) Descriptor

func (CryptoKey_CryptoKeyPurpose) Enum

func (CryptoKey_CryptoKeyPurpose) EnumDescriptor deprecated

func (CryptoKey_CryptoKeyPurpose) EnumDescriptor() ([]byte, []int)

Deprecated: Use CryptoKey_CryptoKeyPurpose.Descriptor instead.

func (CryptoKey_CryptoKeyPurpose) Number

func (CryptoKey_CryptoKeyPurpose) String

func (CryptoKey_CryptoKeyPurpose) Type

type CryptoKey_RotationPeriod

type CryptoKey_RotationPeriod struct {
	// [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time]
	// will be advanced by this period when the service automatically rotates a
	// key. Must be at least 24 hours and at most 876,000 hours.
	//
	// If [rotation_period][google.cloud.kms.v1.CryptoKey.rotation_period] is
	// set,
	// [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time]
	// must also be set.
	//
	// Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]
	// support automatic rotation. For other keys, this field must be omitted.
	RotationPeriod *durationpb.Duration `protobuf:"bytes,8,opt,name=rotation_period,json=rotationPeriod,proto3,oneof"`
}

type DecryptRequest

type DecryptRequest struct {

	// Required. The resource name of the
	// [CryptoKey][google.cloud.kms.v1.CryptoKey] to use for decryption. The
	// server will choose the appropriate version.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. The encrypted data originally returned in
	// [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext].
	Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
	// Optional. Optional data that must match the data originally supplied in
	// [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data].
	AdditionalAuthenticatedData []byte `` /* 144-byte string literal not displayed */
	// Optional. An optional CRC32C checksum of the
	// [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext].
	// If specified,
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// verify the integrity of the received
	// [DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]
	// using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// report an error if the checksum verification fails. If you receive a
	// checksum error, your client should verify that
	// CRC32C([DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext])
	// is equal to
	// [DecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.DecryptRequest.ciphertext_crc32c],
	// and if so, perform a limited number of retries. A persistent mismatch may
	// indicate an issue in your computation of the CRC32C checksum. Note: This
	// field is defined as int64 for reasons of compatibility across different
	// languages. However, it is a non-negative integer, which will never exceed
	// 2^32-1, and can be safely downconverted to uint32 in languages that support
	// this type.
	CiphertextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,5,opt,name=ciphertext_crc32c,json=ciphertextCrc32c,proto3" json:"ciphertext_crc32c,omitempty"`
	// Optional. An optional CRC32C checksum of the
	// [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data].
	// If specified,
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// verify the integrity of the received
	// [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data]
	// using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// report an error if the checksum verification fails. If you receive a
	// checksum error, your client should verify that
	// CRC32C([DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data])
	// is equal to
	// [DecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data_crc32c],
	// and if so, perform a limited number of retries. A persistent mismatch may
	// indicate an issue in your computation of the CRC32C checksum. Note: This
	// field is defined as int64 for reasons of compatibility across different
	// languages. However, it is a non-negative integer, which will never exceed
	// 2^32-1, and can be safely downconverted to uint32 in languages that support
	// this type.
	AdditionalAuthenticatedDataCrc32C *wrapperspb.Int64Value `` /* 164-byte string literal not displayed */
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].

func (*DecryptRequest) Descriptor deprecated

func (*DecryptRequest) Descriptor() ([]byte, []int)

Deprecated: Use DecryptRequest.ProtoReflect.Descriptor instead.

func (*DecryptRequest) GetAdditionalAuthenticatedData

func (x *DecryptRequest) GetAdditionalAuthenticatedData() []byte

func (*DecryptRequest) GetAdditionalAuthenticatedDataCrc32C

func (x *DecryptRequest) GetAdditionalAuthenticatedDataCrc32C() *wrapperspb.Int64Value

func (*DecryptRequest) GetCiphertext

func (x *DecryptRequest) GetCiphertext() []byte

func (*DecryptRequest) GetCiphertextCrc32C

func (x *DecryptRequest) GetCiphertextCrc32C() *wrapperspb.Int64Value

func (*DecryptRequest) GetName

func (x *DecryptRequest) GetName() string

func (*DecryptRequest) ProtoMessage

func (*DecryptRequest) ProtoMessage()

func (*DecryptRequest) ProtoReflect

func (x *DecryptRequest) ProtoReflect() protoreflect.Message

func (*DecryptRequest) Reset

func (x *DecryptRequest) Reset()

func (*DecryptRequest) String

func (x *DecryptRequest) String() string

type DecryptResponse

type DecryptResponse struct {

	// The decrypted data originally supplied in
	// [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext].
	Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
	// Integrity verification field. A CRC32C checksum of the returned
	// [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext].
	// An integrity check of
	// [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext]
	// can be performed by computing the CRC32C checksum of
	// [DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext]
	// and comparing your results to this field. Discard the response in case of
	// non-matching checksum values, and perform a limited number of retries. A
	// persistent mismatch may indicate an issue in your computation of the CRC32C
	// checksum. Note: receiving this response message indicates that
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] is able to
	// successfully decrypt the
	// [ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext]. Note: This
	// field is defined as int64 for reasons of compatibility across different
	// languages. However, it is a non-negative integer, which will never exceed
	// 2^32-1, and can be safely downconverted to uint32 in languages that support
	// this type.
	PlaintextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,2,opt,name=plaintext_crc32c,json=plaintextCrc32c,proto3" json:"plaintext_crc32c,omitempty"`
	// Whether the Decryption was performed using the primary key version.
	UsedPrimary bool `protobuf:"varint,3,opt,name=used_primary,json=usedPrimary,proto3" json:"used_primary,omitempty"`
	// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in
	// decryption.
	ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].

func (*DecryptResponse) Descriptor deprecated

func (*DecryptResponse) Descriptor() ([]byte, []int)

Deprecated: Use DecryptResponse.ProtoReflect.Descriptor instead.

func (*DecryptResponse) GetPlaintext

func (x *DecryptResponse) GetPlaintext() []byte

func (*DecryptResponse) GetPlaintextCrc32C

func (x *DecryptResponse) GetPlaintextCrc32C() *wrapperspb.Int64Value

func (*DecryptResponse) GetProtectionLevel

func (x *DecryptResponse) GetProtectionLevel() ProtectionLevel

func (*DecryptResponse) GetUsedPrimary

func (x *DecryptResponse) GetUsedPrimary() bool

func (*DecryptResponse) ProtoMessage

func (*DecryptResponse) ProtoMessage()

func (*DecryptResponse) ProtoReflect

func (x *DecryptResponse) ProtoReflect() protoreflect.Message

func (*DecryptResponse) Reset

func (x *DecryptResponse) Reset()

func (*DecryptResponse) String

func (x *DecryptResponse) String() string

type DestroyCryptoKeyVersionRequest

type DestroyCryptoKeyVersionRequest struct {

	// Required. The resource name of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to destroy.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion].

func (*DestroyCryptoKeyVersionRequest) Descriptor deprecated

func (*DestroyCryptoKeyVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use DestroyCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.

func (*DestroyCryptoKeyVersionRequest) GetName

func (*DestroyCryptoKeyVersionRequest) ProtoMessage

func (*DestroyCryptoKeyVersionRequest) ProtoMessage()

func (*DestroyCryptoKeyVersionRequest) ProtoReflect

func (*DestroyCryptoKeyVersionRequest) Reset

func (x *DestroyCryptoKeyVersionRequest) Reset()

func (*DestroyCryptoKeyVersionRequest) String

type Digest

type Digest struct {

	// Required. The message digest.
	//
	// Types that are assignable to Digest:
	//
	//	*Digest_Sha256
	//	*Digest_Sha384
	//	*Digest_Sha512
	Digest isDigest_Digest `protobuf_oneof:"digest"`
	// contains filtered or unexported fields
}

A Digest[google.cloud.kms.v1.Digest] holds a cryptographic message digest.

func (*Digest) Descriptor deprecated

func (*Digest) Descriptor() ([]byte, []int)

Deprecated: Use Digest.ProtoReflect.Descriptor instead.

func (*Digest) GetDigest

func (m *Digest) GetDigest() isDigest_Digest

func (*Digest) GetSha256

func (x *Digest) GetSha256() []byte

func (*Digest) GetSha384

func (x *Digest) GetSha384() []byte

func (*Digest) GetSha512

func (x *Digest) GetSha512() []byte

func (*Digest) ProtoMessage

func (*Digest) ProtoMessage()

func (*Digest) ProtoReflect

func (x *Digest) ProtoReflect() protoreflect.Message

func (*Digest) Reset

func (x *Digest) Reset()

func (*Digest) String

func (x *Digest) String() string

type Digest_Sha256

type Digest_Sha256 struct {
	// A message digest produced with the SHA-256 algorithm.
	Sha256 []byte `protobuf:"bytes,1,opt,name=sha256,proto3,oneof"`
}

type Digest_Sha384

type Digest_Sha384 struct {
	// A message digest produced with the SHA-384 algorithm.
	Sha384 []byte `protobuf:"bytes,2,opt,name=sha384,proto3,oneof"`
}

type Digest_Sha512

type Digest_Sha512 struct {
	// A message digest produced with the SHA-512 algorithm.
	Sha512 []byte `protobuf:"bytes,3,opt,name=sha512,proto3,oneof"`
}

type EkmConnection

type EkmConnection struct {

	// Output only. The resource name for the
	// [EkmConnection][google.cloud.kms.v1.EkmConnection] in the format
	// `projects/*/locations/*/ekmConnections/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Output only. The time at which the
	// [EkmConnection][google.cloud.kms.v1.EkmConnection] was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// A list of
	// [ServiceResolvers][google.cloud.kms.v1.EkmConnection.ServiceResolver] where
	// the EKM can be reached. There should be one ServiceResolver per EKM
	// replica. Currently, only a single
	// [ServiceResolver][google.cloud.kms.v1.EkmConnection.ServiceResolver] is
	// supported.
	ServiceResolvers []*EkmConnection_ServiceResolver `protobuf:"bytes,3,rep,name=service_resolvers,json=serviceResolvers,proto3" json:"service_resolvers,omitempty"`
	// Optional. Etag of the currently stored
	// [EkmConnection][google.cloud.kms.v1.EkmConnection].
	Etag string `protobuf:"bytes,5,opt,name=etag,proto3" json:"etag,omitempty"`
	// contains filtered or unexported fields
}

An EkmConnection[google.cloud.kms.v1.EkmConnection] represents an individual EKM connection. It can be used for creating [CryptoKeys][google.cloud.kms.v1.CryptoKey] and [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] with a ProtectionLevel[google.cloud.kms.v1.ProtectionLevel] of [EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC], as well as performing cryptographic operations using keys created within the EkmConnection[google.cloud.kms.v1.EkmConnection].

func (*EkmConnection) Descriptor deprecated

func (*EkmConnection) Descriptor() ([]byte, []int)

Deprecated: Use EkmConnection.ProtoReflect.Descriptor instead.

func (*EkmConnection) GetCreateTime

func (x *EkmConnection) GetCreateTime() *timestamppb.Timestamp

func (*EkmConnection) GetEtag

func (x *EkmConnection) GetEtag() string

func (*EkmConnection) GetName

func (x *EkmConnection) GetName() string

func (*EkmConnection) GetServiceResolvers

func (x *EkmConnection) GetServiceResolvers() []*EkmConnection_ServiceResolver

func (*EkmConnection) ProtoMessage

func (*EkmConnection) ProtoMessage()

func (*EkmConnection) ProtoReflect

func (x *EkmConnection) ProtoReflect() protoreflect.Message

func (*EkmConnection) Reset

func (x *EkmConnection) Reset()

func (*EkmConnection) String

func (x *EkmConnection) String() string

type EkmConnection_ServiceResolver

type EkmConnection_ServiceResolver struct {

	// Required. The resource name of the Service Directory service pointing to
	// an EKM replica, in the format
	// `projects/*/locations/*/namespaces/*/services/*`.
	ServiceDirectoryService string `` /* 132-byte string literal not displayed */
	// Optional. The filter applied to the endpoints of the resolved service. If
	// no filter is specified, all endpoints will be considered. An endpoint
	// will be chosen arbitrarily from the filtered list for each request.
	//
	// For endpoint filter syntax and examples, see
	// https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest.
	EndpointFilter string `protobuf:"bytes,2,opt,name=endpoint_filter,json=endpointFilter,proto3" json:"endpoint_filter,omitempty"`
	// Required. The hostname of the EKM replica used at TLS and HTTP layers.
	Hostname string `protobuf:"bytes,3,opt,name=hostname,proto3" json:"hostname,omitempty"`
	// Required. A list of leaf server certificates used to authenticate HTTPS
	// connections to the EKM replica. Currently, a maximum of 10
	// [Certificate][google.cloud.kms.v1.Certificate] is supported.
	ServerCertificates []*Certificate `protobuf:"bytes,4,rep,name=server_certificates,json=serverCertificates,proto3" json:"server_certificates,omitempty"`
	// contains filtered or unexported fields
}

A [ServiceResolver][google.cloud.kms.v1.EkmConnection.ServiceResolver] represents an EKM replica that can be reached within an EkmConnection[google.cloud.kms.v1.EkmConnection].

func (*EkmConnection_ServiceResolver) Descriptor deprecated

func (*EkmConnection_ServiceResolver) Descriptor() ([]byte, []int)

Deprecated: Use EkmConnection_ServiceResolver.ProtoReflect.Descriptor instead.

func (*EkmConnection_ServiceResolver) GetEndpointFilter

func (x *EkmConnection_ServiceResolver) GetEndpointFilter() string

func (*EkmConnection_ServiceResolver) GetHostname

func (x *EkmConnection_ServiceResolver) GetHostname() string

func (*EkmConnection_ServiceResolver) GetServerCertificates

func (x *EkmConnection_ServiceResolver) GetServerCertificates() []*Certificate

func (*EkmConnection_ServiceResolver) GetServiceDirectoryService

func (x *EkmConnection_ServiceResolver) GetServiceDirectoryService() string

func (*EkmConnection_ServiceResolver) ProtoMessage

func (*EkmConnection_ServiceResolver) ProtoMessage()

func (*EkmConnection_ServiceResolver) ProtoReflect

func (*EkmConnection_ServiceResolver) Reset

func (x *EkmConnection_ServiceResolver) Reset()

func (*EkmConnection_ServiceResolver) String

type EkmServiceClient

type EkmServiceClient interface {
	// Lists [EkmConnections][google.cloud.kms.v1.EkmConnection].
	ListEkmConnections(ctx context.Context, in *ListEkmConnectionsRequest, opts ...grpc.CallOption) (*ListEkmConnectionsResponse, error)
	// Returns metadata for a given
	// [EkmConnection][google.cloud.kms.v1.EkmConnection].
	GetEkmConnection(ctx context.Context, in *GetEkmConnectionRequest, opts ...grpc.CallOption) (*EkmConnection, error)
	// Creates a new [EkmConnection][google.cloud.kms.v1.EkmConnection] in a given
	// Project and Location.
	CreateEkmConnection(ctx context.Context, in *CreateEkmConnectionRequest, opts ...grpc.CallOption) (*EkmConnection, error)
	// Updates an [EkmConnection][google.cloud.kms.v1.EkmConnection]'s metadata.
	UpdateEkmConnection(ctx context.Context, in *UpdateEkmConnectionRequest, opts ...grpc.CallOption) (*EkmConnection, error)
}

EkmServiceClient is the client API for EkmService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewEkmServiceClient

func NewEkmServiceClient(cc grpc.ClientConnInterface) EkmServiceClient

type EkmServiceServer

type EkmServiceServer interface {
	// Lists [EkmConnections][google.cloud.kms.v1.EkmConnection].
	ListEkmConnections(context.Context, *ListEkmConnectionsRequest) (*ListEkmConnectionsResponse, error)
	// Returns metadata for a given
	// [EkmConnection][google.cloud.kms.v1.EkmConnection].
	GetEkmConnection(context.Context, *GetEkmConnectionRequest) (*EkmConnection, error)
	// Creates a new [EkmConnection][google.cloud.kms.v1.EkmConnection] in a given
	// Project and Location.
	CreateEkmConnection(context.Context, *CreateEkmConnectionRequest) (*EkmConnection, error)
	// Updates an [EkmConnection][google.cloud.kms.v1.EkmConnection]'s metadata.
	UpdateEkmConnection(context.Context, *UpdateEkmConnectionRequest) (*EkmConnection, error)
}

EkmServiceServer is the server API for EkmService service.

type EncryptRequest

type EncryptRequest struct {

	// Required. The resource name of the
	// [CryptoKey][google.cloud.kms.v1.CryptoKey] or
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
	// encryption.
	//
	// If a [CryptoKey][google.cloud.kms.v1.CryptoKey] is specified, the server
	// will use its [primary version][google.cloud.kms.v1.CryptoKey.primary].
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. The data to encrypt. Must be no larger than 64KiB.
	//
	// The maximum size depends on the key version's
	// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level].
	// For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE],
	// [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and
	// [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys, the
	// plaintext must be no larger than 64KiB. For
	// [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of
	// the plaintext and additional_authenticated_data fields must be no larger
	// than 8KiB.
	Plaintext []byte `protobuf:"bytes,2,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
	// Optional. Optional data that, if specified, must also be provided during
	// decryption through
	// [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data].
	//
	// The maximum size depends on the key version's
	// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level].
	// For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE],
	// [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and
	// [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys the
	// AAD must be no larger than 64KiB. For
	// [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of
	// the plaintext and additional_authenticated_data fields must be no larger
	// than 8KiB.
	AdditionalAuthenticatedData []byte `` /* 144-byte string literal not displayed */
	// Optional. An optional CRC32C checksum of the
	// [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext].
	// If specified,
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// verify the integrity of the received
	// [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]
	// using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// report an error if the checksum verification fails. If you receive a
	// checksum error, your client should verify that
	// CRC32C([EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext])
	// is equal to
	// [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c],
	// and if so, perform a limited number of retries. A persistent mismatch may
	// indicate an issue in your computation of the CRC32C checksum. Note: This
	// field is defined as int64 for reasons of compatibility across different
	// languages. However, it is a non-negative integer, which will never exceed
	// 2^32-1, and can be safely downconverted to uint32 in languages that support
	// this type.
	PlaintextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,7,opt,name=plaintext_crc32c,json=plaintextCrc32c,proto3" json:"plaintext_crc32c,omitempty"`
	// Optional. An optional CRC32C checksum of the
	// [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data].
	// If specified,
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// verify the integrity of the received
	// [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]
	// using this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// report an error if the checksum verification fails. If you receive a
	// checksum error, your client should verify that
	// CRC32C([EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data])
	// is equal to
	// [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c],
	// and if so, perform a limited number of retries. A persistent mismatch may
	// indicate an issue in your computation of the CRC32C checksum. Note: This
	// field is defined as int64 for reasons of compatibility across different
	// languages. However, it is a non-negative integer, which will never exceed
	// 2^32-1, and can be safely downconverted to uint32 in languages that support
	// this type.
	AdditionalAuthenticatedDataCrc32C *wrapperspb.Int64Value `` /* 164-byte string literal not displayed */
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].

func (*EncryptRequest) Descriptor deprecated

func (*EncryptRequest) Descriptor() ([]byte, []int)

Deprecated: Use EncryptRequest.ProtoReflect.Descriptor instead.

func (*EncryptRequest) GetAdditionalAuthenticatedData

func (x *EncryptRequest) GetAdditionalAuthenticatedData() []byte

func (*EncryptRequest) GetAdditionalAuthenticatedDataCrc32C

func (x *EncryptRequest) GetAdditionalAuthenticatedDataCrc32C() *wrapperspb.Int64Value

func (*EncryptRequest) GetName

func (x *EncryptRequest) GetName() string

func (*EncryptRequest) GetPlaintext

func (x *EncryptRequest) GetPlaintext() []byte

func (*EncryptRequest) GetPlaintextCrc32C

func (x *EncryptRequest) GetPlaintextCrc32C() *wrapperspb.Int64Value

func (*EncryptRequest) ProtoMessage

func (*EncryptRequest) ProtoMessage()

func (*EncryptRequest) ProtoReflect

func (x *EncryptRequest) ProtoReflect() protoreflect.Message

func (*EncryptRequest) Reset

func (x *EncryptRequest) Reset()

func (*EncryptRequest) String

func (x *EncryptRequest) String() string

type EncryptResponse

type EncryptResponse struct {

	// The resource name of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in
	// encryption. Check this field to verify that the intended resource was used
	// for encryption.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The encrypted data.
	Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
	// Integrity verification field. A CRC32C checksum of the returned
	// [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext].
	// An integrity check of
	// [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext]
	// can be performed by computing the CRC32C checksum of
	// [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext]
	// and comparing your results to this field. Discard the response in case of
	// non-matching checksum values, and perform a limited number of retries. A
	// persistent mismatch may indicate an issue in your computation of the CRC32C
	// checksum. Note: This field is defined as int64 for reasons of compatibility
	// across different languages. However, it is a non-negative integer, which
	// will never exceed 2^32-1, and can be safely downconverted to uint32 in
	// languages that support this type.
	CiphertextCrc32C *wrapperspb.Int64Value `protobuf:"bytes,4,opt,name=ciphertext_crc32c,json=ciphertextCrc32c,proto3" json:"ciphertext_crc32c,omitempty"`
	// Integrity verification field. A flag indicating whether
	// [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c]
	// was received by
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used
	// for the integrity verification of the
	// [plaintext][google.cloud.kms.v1.EncryptRequest.plaintext]. A false value of
	// this field indicates either that
	// [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c]
	// was left unset or that it was not delivered to
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
	// set
	// [EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c]
	// but this field is still false, discard the response and perform a limited
	// number of retries.
	VerifiedPlaintextCrc32C bool `` /* 133-byte string literal not displayed */
	// Integrity verification field. A flag indicating whether
	// [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c]
	// was received by
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used
	// for the integrity verification of the
	// [AAD][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data]. A
	// false value of this field indicates either that
	// [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c]
	// was left unset or that it was not delivered to
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
	// set
	// [EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c]
	// but this field is still false, discard the response and perform a limited
	// number of retries.
	VerifiedAdditionalAuthenticatedDataCrc32C bool `` /* 191-byte string literal not displayed */
	// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in
	// encryption.
	ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].

func (*EncryptResponse) Descriptor deprecated

func (*EncryptResponse) Descriptor() ([]byte, []int)

Deprecated: Use EncryptResponse.ProtoReflect.Descriptor instead.

func (*EncryptResponse) GetCiphertext

func (x *EncryptResponse) GetCiphertext() []byte

func (*EncryptResponse) GetCiphertextCrc32C

func (x *EncryptResponse) GetCiphertextCrc32C() *wrapperspb.Int64Value

func (*EncryptResponse) GetName

func (x *EncryptResponse) GetName() string

func (*EncryptResponse) GetProtectionLevel

func (x *EncryptResponse) GetProtectionLevel() ProtectionLevel

func (*EncryptResponse) GetVerifiedAdditionalAuthenticatedDataCrc32C

func (x *EncryptResponse) GetVerifiedAdditionalAuthenticatedDataCrc32C() bool

func (*EncryptResponse) GetVerifiedPlaintextCrc32C

func (x *EncryptResponse) GetVerifiedPlaintextCrc32C() bool

func (*EncryptResponse) ProtoMessage

func (*EncryptResponse) ProtoMessage()

func (*EncryptResponse) ProtoReflect

func (x *EncryptResponse) ProtoReflect() protoreflect.Message

func (*EncryptResponse) Reset

func (x *EncryptResponse) Reset()

func (*EncryptResponse) String

func (x *EncryptResponse) String() string

type ExternalProtectionLevelOptions

type ExternalProtectionLevelOptions struct {

	// The URI for an external resource that this
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] represents.
	ExternalKeyUri string `protobuf:"bytes,1,opt,name=external_key_uri,json=externalKeyUri,proto3" json:"external_key_uri,omitempty"`
	// The path to the external key material on the EKM when using
	// [EkmConnection][google.cloud.kms.v1.EkmConnection] e.g., "v0/my/key". Set
	// this field instead of external_key_uri when using an
	// [EkmConnection][google.cloud.kms.v1.EkmConnection].
	EkmConnectionKeyPath string `protobuf:"bytes,2,opt,name=ekm_connection_key_path,json=ekmConnectionKeyPath,proto3" json:"ekm_connection_key_path,omitempty"`
	// contains filtered or unexported fields
}

ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion] that are specific to the [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level and [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] protection levels.

func (*ExternalProtectionLevelOptions) Descriptor deprecated

func (*ExternalProtectionLevelOptions) Descriptor() ([]byte, []int)

Deprecated: Use ExternalProtectionLevelOptions.ProtoReflect.Descriptor instead.

func (*ExternalProtectionLevelOptions) GetEkmConnectionKeyPath

func (x *ExternalProtectionLevelOptions) GetEkmConnectionKeyPath() string

func (*ExternalProtectionLevelOptions) GetExternalKeyUri

func (x *ExternalProtectionLevelOptions) GetExternalKeyUri() string

func (*ExternalProtectionLevelOptions) ProtoMessage

func (*ExternalProtectionLevelOptions) ProtoMessage()

func (*ExternalProtectionLevelOptions) ProtoReflect

func (*ExternalProtectionLevelOptions) Reset

func (x *ExternalProtectionLevelOptions) Reset()

func (*ExternalProtectionLevelOptions) String

type GenerateRandomBytesRequest

type GenerateRandomBytesRequest struct {

	// The project-specific location in which to generate random bytes.
	// For example, "projects/my-project/locations/us-central1".
	Location string `protobuf:"bytes,1,opt,name=location,proto3" json:"location,omitempty"`
	// The length in bytes of the amount of randomness to retrieve.  Minimum 8
	// bytes, maximum 1024 bytes.
	LengthBytes int32 `protobuf:"varint,2,opt,name=length_bytes,json=lengthBytes,proto3" json:"length_bytes,omitempty"`
	// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] to use when
	// generating the random data. Currently, only
	// [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] protection level is
	// supported.
	ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes].

func (*GenerateRandomBytesRequest) Descriptor deprecated

func (*GenerateRandomBytesRequest) Descriptor() ([]byte, []int)

Deprecated: Use GenerateRandomBytesRequest.ProtoReflect.Descriptor instead.

func (*GenerateRandomBytesRequest) GetLengthBytes

func (x *GenerateRandomBytesRequest) GetLengthBytes() int32

func (*GenerateRandomBytesRequest) GetLocation

func (x *GenerateRandomBytesRequest) GetLocation() string

func (*GenerateRandomBytesRequest) GetProtectionLevel

func (x *GenerateRandomBytesRequest) GetProtectionLevel() ProtectionLevel

func (*GenerateRandomBytesRequest) ProtoMessage

func (*GenerateRandomBytesRequest) ProtoMessage()

func (*GenerateRandomBytesRequest) ProtoReflect

func (*GenerateRandomBytesRequest) Reset

func (x *GenerateRandomBytesRequest) Reset()

func (*GenerateRandomBytesRequest) String

func (x *GenerateRandomBytesRequest) String() string

type GenerateRandomBytesResponse

type GenerateRandomBytesResponse struct {

	// The generated data.
	Data []byte `protobuf:"bytes,1,opt,name=data,proto3" json:"data,omitempty"`
	// Integrity verification field. A CRC32C checksum of the returned
	// [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data].
	// An integrity check of
	// [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data]
	// can be performed by computing the CRC32C checksum of
	// [GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data]
	// and comparing your results to this field. Discard the response in case of
	// non-matching checksum values, and perform a limited number of retries. A
	// persistent mismatch may indicate an issue in your computation of the CRC32C
	// checksum. Note: This field is defined as int64 for reasons of compatibility
	// across different languages. However, it is a non-negative integer, which
	// will never exceed 2^32-1, and can be safely downconverted to uint32 in
	// languages that support this type.
	DataCrc32C *wrapperspb.Int64Value `protobuf:"bytes,3,opt,name=data_crc32c,json=dataCrc32c,proto3" json:"data_crc32c,omitempty"`
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes].

func (*GenerateRandomBytesResponse) Descriptor deprecated

func (*GenerateRandomBytesResponse) Descriptor() ([]byte, []int)

Deprecated: Use GenerateRandomBytesResponse.ProtoReflect.Descriptor instead.

func (*GenerateRandomBytesResponse) GetData

func (x *GenerateRandomBytesResponse) GetData() []byte

func (*GenerateRandomBytesResponse) GetDataCrc32C

func (*GenerateRandomBytesResponse) ProtoMessage

func (*GenerateRandomBytesResponse) ProtoMessage()

func (*GenerateRandomBytesResponse) ProtoReflect

func (*GenerateRandomBytesResponse) Reset

func (x *GenerateRandomBytesResponse) Reset()

func (*GenerateRandomBytesResponse) String

func (x *GenerateRandomBytesResponse) String() string

type GetCryptoKeyRequest

type GetCryptoKeyRequest struct {

	// Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the
	// [CryptoKey][google.cloud.kms.v1.CryptoKey] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetCryptoKey][google.cloud.kms.v1.KeyManagementService.GetCryptoKey].

func (*GetCryptoKeyRequest) Descriptor deprecated

func (*GetCryptoKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetCryptoKeyRequest.ProtoReflect.Descriptor instead.

func (*GetCryptoKeyRequest) GetName

func (x *GetCryptoKeyRequest) GetName() string

func (*GetCryptoKeyRequest) ProtoMessage

func (*GetCryptoKeyRequest) ProtoMessage()

func (*GetCryptoKeyRequest) ProtoReflect

func (x *GetCryptoKeyRequest) ProtoReflect() protoreflect.Message

func (*GetCryptoKeyRequest) Reset

func (x *GetCryptoKeyRequest) Reset()

func (*GetCryptoKeyRequest) String

func (x *GetCryptoKeyRequest) String() string

type GetCryptoKeyVersionRequest

type GetCryptoKeyVersionRequest struct {

	// Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.GetCryptoKeyVersion].

func (*GetCryptoKeyVersionRequest) Descriptor deprecated

func (*GetCryptoKeyVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.

func (*GetCryptoKeyVersionRequest) GetName

func (x *GetCryptoKeyVersionRequest) GetName() string

func (*GetCryptoKeyVersionRequest) ProtoMessage

func (*GetCryptoKeyVersionRequest) ProtoMessage()

func (*GetCryptoKeyVersionRequest) ProtoReflect

func (*GetCryptoKeyVersionRequest) Reset

func (x *GetCryptoKeyVersionRequest) Reset()

func (*GetCryptoKeyVersionRequest) String

func (x *GetCryptoKeyVersionRequest) String() string

type GetEkmConnectionRequest

type GetEkmConnectionRequest struct {

	// Required. The [name][google.cloud.kms.v1.EkmConnection.name] of the
	// [EkmConnection][google.cloud.kms.v1.EkmConnection] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [EkmService.GetEkmConnection][google.cloud.kms.v1.EkmService.GetEkmConnection].

func (*GetEkmConnectionRequest) Descriptor deprecated

func (*GetEkmConnectionRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetEkmConnectionRequest.ProtoReflect.Descriptor instead.

func (*GetEkmConnectionRequest) GetName

func (x *GetEkmConnectionRequest) GetName() string

func (*GetEkmConnectionRequest) ProtoMessage

func (*GetEkmConnectionRequest) ProtoMessage()

func (*GetEkmConnectionRequest) ProtoReflect

func (x *GetEkmConnectionRequest) ProtoReflect() protoreflect.Message

func (*GetEkmConnectionRequest) Reset

func (x *GetEkmConnectionRequest) Reset()

func (*GetEkmConnectionRequest) String

func (x *GetEkmConnectionRequest) String() string

type GetImportJobRequest

type GetImportJobRequest struct {

	// Required. The [name][google.cloud.kms.v1.ImportJob.name] of the
	// [ImportJob][google.cloud.kms.v1.ImportJob] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetImportJob][google.cloud.kms.v1.KeyManagementService.GetImportJob].

func (*GetImportJobRequest) Descriptor deprecated

func (*GetImportJobRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetImportJobRequest.ProtoReflect.Descriptor instead.

func (*GetImportJobRequest) GetName

func (x *GetImportJobRequest) GetName() string

func (*GetImportJobRequest) ProtoMessage

func (*GetImportJobRequest) ProtoMessage()

func (*GetImportJobRequest) ProtoReflect

func (x *GetImportJobRequest) ProtoReflect() protoreflect.Message

func (*GetImportJobRequest) Reset

func (x *GetImportJobRequest) Reset()

func (*GetImportJobRequest) String

func (x *GetImportJobRequest) String() string

type GetKeyRingRequest

type GetKeyRingRequest struct {

	// Required. The [name][google.cloud.kms.v1.KeyRing.name] of the
	// [KeyRing][google.cloud.kms.v1.KeyRing] to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetKeyRing][google.cloud.kms.v1.KeyManagementService.GetKeyRing].

func (*GetKeyRingRequest) Descriptor deprecated

func (*GetKeyRingRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetKeyRingRequest.ProtoReflect.Descriptor instead.

func (*GetKeyRingRequest) GetName

func (x *GetKeyRingRequest) GetName() string

func (*GetKeyRingRequest) ProtoMessage

func (*GetKeyRingRequest) ProtoMessage()

func (*GetKeyRingRequest) ProtoReflect

func (x *GetKeyRingRequest) ProtoReflect() protoreflect.Message

func (*GetKeyRingRequest) Reset

func (x *GetKeyRingRequest) Reset()

func (*GetKeyRingRequest) String

func (x *GetKeyRingRequest) String() string

type GetPublicKeyRequest

type GetPublicKeyRequest struct {

	// Required. The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key to get.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].

func (*GetPublicKeyRequest) Descriptor deprecated

func (*GetPublicKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetPublicKeyRequest.ProtoReflect.Descriptor instead.

func (*GetPublicKeyRequest) GetName

func (x *GetPublicKeyRequest) GetName() string

func (*GetPublicKeyRequest) ProtoMessage

func (*GetPublicKeyRequest) ProtoMessage()

func (*GetPublicKeyRequest) ProtoReflect

func (x *GetPublicKeyRequest) ProtoReflect() protoreflect.Message

func (*GetPublicKeyRequest) Reset

func (x *GetPublicKeyRequest) Reset()

func (*GetPublicKeyRequest) String

func (x *GetPublicKeyRequest) String() string

type ImportCryptoKeyVersionRequest

type ImportCryptoKeyVersionRequest struct {

	// Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the
	// [CryptoKey][google.cloud.kms.v1.CryptoKey] to be imported into.
	//
	// The create permission is only required on this key when creating a new
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. The optional [name][google.cloud.kms.v1.CryptoKeyVersion.name] of
	// an existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to
	// target for an import operation. If this field is not present, a new
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] containing the
	// supplied key material is created.
	//
	// If this field is present, the supplied key material is imported into
	// the existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. To
	// import into an existing
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] must be a child of
	// [ImportCryptoKeyVersionRequest.parent][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent],
	// have been previously created via [ImportCryptoKeyVersion][], and be in
	// [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED]
	// or
	// [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED]
	// state. The key material and algorithm must match the previous
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] exactly if the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] has ever contained
	// key material.
	CryptoKeyVersion string `protobuf:"bytes,6,opt,name=crypto_key_version,json=cryptoKeyVersion,proto3" json:"crypto_key_version,omitempty"`
	// Required. The
	// [algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
	// of the key being imported. This does not need to match the
	// [version_template][google.cloud.kms.v1.CryptoKey.version_template] of the
	// [CryptoKey][google.cloud.kms.v1.CryptoKey] this version imports into.
	Algorithm CryptoKeyVersion_CryptoKeyVersionAlgorithm `` /* 140-byte string literal not displayed */
	// Required. The [name][google.cloud.kms.v1.ImportJob.name] of the
	// [ImportJob][google.cloud.kms.v1.ImportJob] that was used to wrap this key
	// material.
	ImportJob string `protobuf:"bytes,4,opt,name=import_job,json=importJob,proto3" json:"import_job,omitempty"`
	// Optional. The wrapped key material to import.
	//
	// Before wrapping, key material must be formatted. If importing symmetric key
	// material, the expected key material format is plain bytes. If importing
	// asymmetric key material, the expected key material format is PKCS#8-encoded
	// DER (the PrivateKeyInfo structure from RFC 5208).
	//
	// When wrapping with import methods
	// ([RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256]
	// or
	// [RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256]
	// or
	// [RSA_OAEP_3072_SHA256_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256_AES_256]
	// or
	// [RSA_OAEP_4096_SHA256_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256_AES_256]),
	//
	// this field must contain the concatenation of:
	// <ol>
	//
	//	<li>An ephemeral AES-256 wrapping key wrapped with the
	//	    [public_key][google.cloud.kms.v1.ImportJob.public_key] using
	//	    RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty
	//	    label.
	//	</li>
	//	<li>The formatted key to be imported, wrapped with the ephemeral AES-256
	//	    key using AES-KWP (RFC 5649).
	//	</li>
	//
	// </ol>
	//
	// This format is the same as the format produced by PKCS#11 mechanism
	// CKM_RSA_AES_KEY_WRAP.
	//
	// When wrapping with import methods
	// ([RSA_OAEP_3072_SHA256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256]
	// or
	// [RSA_OAEP_4096_SHA256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256]),
	//
	// this field must contain the formatted key to be imported, wrapped with the
	// [public_key][google.cloud.kms.v1.ImportJob.public_key] using RSAES-OAEP
	// with SHA-256, MGF1 with SHA-256, and an empty label.
	WrappedKey []byte `protobuf:"bytes,8,opt,name=wrapped_key,json=wrappedKey,proto3" json:"wrapped_key,omitempty"`
	// This field is legacy. Use the field
	// [wrapped_key][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key]
	// instead.
	//
	// Types that are assignable to WrappedKeyMaterial:
	//
	//	*ImportCryptoKeyVersionRequest_RsaAesWrappedKey
	WrappedKeyMaterial isImportCryptoKeyVersionRequest_WrappedKeyMaterial `protobuf_oneof:"wrapped_key_material"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion].

func (*ImportCryptoKeyVersionRequest) Descriptor deprecated

func (*ImportCryptoKeyVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use ImportCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.

func (*ImportCryptoKeyVersionRequest) GetAlgorithm

func (*ImportCryptoKeyVersionRequest) GetCryptoKeyVersion

func (x *ImportCryptoKeyVersionRequest) GetCryptoKeyVersion() string

func (*ImportCryptoKeyVersionRequest) GetImportJob

func (x *ImportCryptoKeyVersionRequest) GetImportJob() string

func (*ImportCryptoKeyVersionRequest) GetParent

func (x *ImportCryptoKeyVersionRequest) GetParent() string

func (*ImportCryptoKeyVersionRequest) GetRsaAesWrappedKey

func (x *ImportCryptoKeyVersionRequest) GetRsaAesWrappedKey() []byte

func (*ImportCryptoKeyVersionRequest) GetWrappedKey added in v1.7.0

func (x *ImportCryptoKeyVersionRequest) GetWrappedKey() []byte

func (*ImportCryptoKeyVersionRequest) GetWrappedKeyMaterial

func (m *ImportCryptoKeyVersionRequest) GetWrappedKeyMaterial() isImportCryptoKeyVersionRequest_WrappedKeyMaterial

func (*ImportCryptoKeyVersionRequest) ProtoMessage

func (*ImportCryptoKeyVersionRequest) ProtoMessage()

func (*ImportCryptoKeyVersionRequest) ProtoReflect

func (*ImportCryptoKeyVersionRequest) Reset

func (x *ImportCryptoKeyVersionRequest) Reset()

func (*ImportCryptoKeyVersionRequest) String

type ImportCryptoKeyVersionRequest_RsaAesWrappedKey

type ImportCryptoKeyVersionRequest_RsaAesWrappedKey struct {
	// Optional. This field has the same meaning as
	// [wrapped_key][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key].
	// Prefer to use that field in new work. Either that field or this field
	// (but not both) must be specified.
	RsaAesWrappedKey []byte `protobuf:"bytes,5,opt,name=rsa_aes_wrapped_key,json=rsaAesWrappedKey,proto3,oneof"`
}

type ImportJob

type ImportJob struct {

	// Output only. The resource name for this
	// [ImportJob][google.cloud.kms.v1.ImportJob] in the format
	// `projects/*/locations/*/keyRings/*/importJobs/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. Immutable. The wrapping method to be used for incoming key
	// material.
	ImportMethod ImportJob_ImportMethod `` /* 146-byte string literal not displayed */
	// Required. Immutable. The protection level of the
	// [ImportJob][google.cloud.kms.v1.ImportJob]. This must match the
	// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]
	// of the [version_template][google.cloud.kms.v1.CryptoKey.version_template]
	// on the [CryptoKey][google.cloud.kms.v1.CryptoKey] you attempt to import
	// into.
	ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */
	// Output only. The time at which this
	// [ImportJob][google.cloud.kms.v1.ImportJob] was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// Output only. The time this [ImportJob][google.cloud.kms.v1.ImportJob]'s key
	// material was generated.
	GenerateTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=generate_time,json=generateTime,proto3" json:"generate_time,omitempty"`
	// Output only. The time at which this
	// [ImportJob][google.cloud.kms.v1.ImportJob] is scheduled for expiration and
	// can no longer be used to import key material.
	ExpireTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=expire_time,json=expireTime,proto3" json:"expire_time,omitempty"`
	// Output only. The time this [ImportJob][google.cloud.kms.v1.ImportJob]
	// expired. Only present if [state][google.cloud.kms.v1.ImportJob.state] is
	// [EXPIRED][google.cloud.kms.v1.ImportJob.ImportJobState.EXPIRED].
	ExpireEventTime *timestamppb.Timestamp `protobuf:"bytes,10,opt,name=expire_event_time,json=expireEventTime,proto3" json:"expire_event_time,omitempty"`
	// Output only. The current state of the
	// [ImportJob][google.cloud.kms.v1.ImportJob], indicating if it can be used.
	State ImportJob_ImportJobState `protobuf:"varint,6,opt,name=state,proto3,enum=google.cloud.kms.v1.ImportJob_ImportJobState" json:"state,omitempty"`
	// Output only. The public key with which to wrap key material prior to
	// import. Only returned if [state][google.cloud.kms.v1.ImportJob.state] is
	// [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE].
	PublicKey *ImportJob_WrappingPublicKey `protobuf:"bytes,7,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
	// Output only. Statement that was generated and signed by the key creator
	// (for example, an HSM) at key creation time. Use this statement to verify
	// attributes of the key as stored on the HSM, independently of Google.
	// Only present if the chosen
	// [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod] is one with a
	// protection level of [HSM][google.cloud.kms.v1.ProtectionLevel.HSM].
	Attestation *KeyOperationAttestation `protobuf:"bytes,8,opt,name=attestation,proto3" json:"attestation,omitempty"`
	// contains filtered or unexported fields
}

An ImportJob[google.cloud.kms.v1.ImportJob] can be used to create [CryptoKeys][google.cloud.kms.v1.CryptoKey] and [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] using pre-existing key material, generated outside of Cloud KMS.

When an ImportJob[google.cloud.kms.v1.ImportJob] is created, Cloud KMS will generate a "wrapping key", which is a public/private key pair. You use the wrapping key to encrypt (also known as wrap) the pre-existing key material to protect it during the import process. The nature of the wrapping key depends on the choice of [import_method][google.cloud.kms.v1.ImportJob.import_method]. When the wrapping key generation is complete, the [state][google.cloud.kms.v1.ImportJob.state] will be set to [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] and the [public_key][google.cloud.kms.v1.ImportJob.public_key] can be fetched. The fetched public key can then be used to wrap your pre-existing key material.

Once the key material is wrapped, it can be imported into a new CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion] in an existing CryptoKey[google.cloud.kms.v1.CryptoKey] by calling [ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion]. Multiple [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] can be imported with a single ImportJob[google.cloud.kms.v1.ImportJob]. Cloud KMS uses the private key portion of the wrapping key to unwrap the key material. Only Cloud KMS has access to the private key.

An ImportJob[google.cloud.kms.v1.ImportJob] expires 3 days after it is created. Once expired, Cloud KMS will no longer be able to import or unwrap any key material that was wrapped with the ImportJob[google.cloud.kms.v1.ImportJob]'s public key.

For more information, see [Importing a key](https://cloud.google.com/kms/docs/importing-a-key).

func (*ImportJob) Descriptor deprecated

func (*ImportJob) Descriptor() ([]byte, []int)

Deprecated: Use ImportJob.ProtoReflect.Descriptor instead.

func (*ImportJob) GetAttestation

func (x *ImportJob) GetAttestation() *KeyOperationAttestation

func (*ImportJob) GetCreateTime

func (x *ImportJob) GetCreateTime() *timestamppb.Timestamp

func (*ImportJob) GetExpireEventTime

func (x *ImportJob) GetExpireEventTime() *timestamppb.Timestamp

func (*ImportJob) GetExpireTime

func (x *ImportJob) GetExpireTime() *timestamppb.Timestamp

func (*ImportJob) GetGenerateTime

func (x *ImportJob) GetGenerateTime() *timestamppb.Timestamp

func (*ImportJob) GetImportMethod

func (x *ImportJob) GetImportMethod() ImportJob_ImportMethod

func (*ImportJob) GetName

func (x *ImportJob) GetName() string

func (*ImportJob) GetProtectionLevel

func (x *ImportJob) GetProtectionLevel() ProtectionLevel

func (*ImportJob) GetPublicKey

func (x *ImportJob) GetPublicKey() *ImportJob_WrappingPublicKey

func (*ImportJob) GetState

func (x *ImportJob) GetState() ImportJob_ImportJobState

func (*ImportJob) ProtoMessage

func (*ImportJob) ProtoMessage()

func (*ImportJob) ProtoReflect

func (x *ImportJob) ProtoReflect() protoreflect.Message

func (*ImportJob) Reset

func (x *ImportJob) Reset()

func (*ImportJob) String

func (x *ImportJob) String() string

type ImportJob_ImportJobState

type ImportJob_ImportJobState int32

The state of the ImportJob[google.cloud.kms.v1.ImportJob], indicating if it can be used.

const (
	// Not specified.
	ImportJob_IMPORT_JOB_STATE_UNSPECIFIED ImportJob_ImportJobState = 0
	// The wrapping key for this job is still being generated. It may not be
	// used. Cloud KMS will automatically mark this job as
	// [ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE] as soon as
	// the wrapping key is generated.
	ImportJob_PENDING_GENERATION ImportJob_ImportJobState = 1
	// This job may be used in
	// [CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey]
	// and
	// [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion]
	// requests.
	ImportJob_ACTIVE ImportJob_ImportJobState = 2
	// This job can no longer be used and may not leave this state once entered.
	ImportJob_EXPIRED ImportJob_ImportJobState = 3
)

func (ImportJob_ImportJobState) Descriptor

func (ImportJob_ImportJobState) Enum

func (ImportJob_ImportJobState) EnumDescriptor deprecated

func (ImportJob_ImportJobState) EnumDescriptor() ([]byte, []int)

Deprecated: Use ImportJob_ImportJobState.Descriptor instead.

func (ImportJob_ImportJobState) Number

func (ImportJob_ImportJobState) String

func (x ImportJob_ImportJobState) String() string

func (ImportJob_ImportJobState) Type

type ImportJob_ImportMethod

type ImportJob_ImportMethod int32

[ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod] describes the key wrapping method chosen for this ImportJob[google.cloud.kms.v1.ImportJob].

const (
	// Not specified.
	ImportJob_IMPORT_METHOD_UNSPECIFIED ImportJob_ImportMethod = 0
	// This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
	// scheme defined in the PKCS #11 standard. In summary, this involves
	// wrapping the raw key with an ephemeral AES key, and wrapping the
	// ephemeral AES key with a 3072 bit RSA key. For more details, see
	// [RSA AES key wrap
	// mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
	ImportJob_RSA_OAEP_3072_SHA1_AES_256 ImportJob_ImportMethod = 1
	// This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
	// scheme defined in the PKCS #11 standard. In summary, this involves
	// wrapping the raw key with an ephemeral AES key, and wrapping the
	// ephemeral AES key with a 4096 bit RSA key. For more details, see
	// [RSA AES key wrap
	// mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
	ImportJob_RSA_OAEP_4096_SHA1_AES_256 ImportJob_ImportMethod = 2
	// This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
	// scheme defined in the PKCS #11 standard. In summary, this involves
	// wrapping the raw key with an ephemeral AES key, and wrapping the
	// ephemeral AES key with a 3072 bit RSA key. For more details, see
	// [RSA AES key wrap
	// mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
	ImportJob_RSA_OAEP_3072_SHA256_AES_256 ImportJob_ImportMethod = 3
	// This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping
	// scheme defined in the PKCS #11 standard. In summary, this involves
	// wrapping the raw key with an ephemeral AES key, and wrapping the
	// ephemeral AES key with a 4096 bit RSA key. For more details, see
	// [RSA AES key wrap
	// mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908).
	ImportJob_RSA_OAEP_4096_SHA256_AES_256 ImportJob_ImportMethod = 4
	// This ImportMethod represents RSAES-OAEP with a 3072 bit RSA key. The
	// key material to be imported is wrapped directly with the RSA key. Due
	// to technical limitations of RSA wrapping, this method cannot be used to
	// wrap RSA keys for import.
	ImportJob_RSA_OAEP_3072_SHA256 ImportJob_ImportMethod = 5
	// This ImportMethod represents RSAES-OAEP with a 4096 bit RSA key. The
	// key material to be imported is wrapped directly with the RSA key. Due
	// to technical limitations of RSA wrapping, this method cannot be used to
	// wrap RSA keys for import.
	ImportJob_RSA_OAEP_4096_SHA256 ImportJob_ImportMethod = 6
)

func (ImportJob_ImportMethod) Descriptor

func (ImportJob_ImportMethod) Enum

func (ImportJob_ImportMethod) EnumDescriptor deprecated

func (ImportJob_ImportMethod) EnumDescriptor() ([]byte, []int)

Deprecated: Use ImportJob_ImportMethod.Descriptor instead.

func (ImportJob_ImportMethod) Number

func (ImportJob_ImportMethod) String

func (x ImportJob_ImportMethod) String() string

func (ImportJob_ImportMethod) Type

type ImportJob_WrappingPublicKey

type ImportJob_WrappingPublicKey struct {

	// The public key, encoded in PEM format. For more information, see the [RFC
	// 7468](https://tools.ietf.org/html/rfc7468) sections for [General
	// Considerations](https://tools.ietf.org/html/rfc7468#section-2) and
	// [Textual Encoding of Subject Public Key Info]
	// (https://tools.ietf.org/html/rfc7468#section-13).
	Pem string `protobuf:"bytes,1,opt,name=pem,proto3" json:"pem,omitempty"`
	// contains filtered or unexported fields
}

The public key component of the wrapping key. For details of the type of key this public key corresponds to, see the [ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod].

func (*ImportJob_WrappingPublicKey) Descriptor deprecated

func (*ImportJob_WrappingPublicKey) Descriptor() ([]byte, []int)

Deprecated: Use ImportJob_WrappingPublicKey.ProtoReflect.Descriptor instead.

func (*ImportJob_WrappingPublicKey) GetPem

func (x *ImportJob_WrappingPublicKey) GetPem() string

func (*ImportJob_WrappingPublicKey) ProtoMessage

func (*ImportJob_WrappingPublicKey) ProtoMessage()

func (*ImportJob_WrappingPublicKey) ProtoReflect

func (*ImportJob_WrappingPublicKey) Reset

func (x *ImportJob_WrappingPublicKey) Reset()

func (*ImportJob_WrappingPublicKey) String

func (x *ImportJob_WrappingPublicKey) String() string

type KeyManagementServiceClient

type KeyManagementServiceClient interface {
	// Lists [KeyRings][google.cloud.kms.v1.KeyRing].
	ListKeyRings(ctx context.Context, in *ListKeyRingsRequest, opts ...grpc.CallOption) (*ListKeyRingsResponse, error)
	// Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey].
	ListCryptoKeys(ctx context.Context, in *ListCryptoKeysRequest, opts ...grpc.CallOption) (*ListCryptoKeysResponse, error)
	// Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
	ListCryptoKeyVersions(ctx context.Context, in *ListCryptoKeyVersionsRequest, opts ...grpc.CallOption) (*ListCryptoKeyVersionsResponse, error)
	// Lists [ImportJobs][google.cloud.kms.v1.ImportJob].
	ListImportJobs(ctx context.Context, in *ListImportJobsRequest, opts ...grpc.CallOption) (*ListImportJobsResponse, error)
	// Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
	GetKeyRing(ctx context.Context, in *GetKeyRingRequest, opts ...grpc.CallOption) (*KeyRing, error)
	// Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as
	// well as its [primary][google.cloud.kms.v1.CryptoKey.primary]
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	GetCryptoKey(ctx context.Context, in *GetCryptoKeyRequest, opts ...grpc.CallOption) (*CryptoKey, error)
	// Returns metadata for a given
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	GetCryptoKeyVersion(ctx context.Context, in *GetCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error)
	// Returns the public key for the given
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
	// [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]
	// or
	// [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
	GetPublicKey(ctx context.Context, in *GetPublicKeyRequest, opts ...grpc.CallOption) (*PublicKey, error)
	// Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].
	GetImportJob(ctx context.Context, in *GetImportJobRequest, opts ...grpc.CallOption) (*ImportJob, error)
	// Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and
	// Location.
	CreateKeyRing(ctx context.Context, in *CreateKeyRingRequest, opts ...grpc.CallOption) (*KeyRing, error)
	// Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a
	// [KeyRing][google.cloud.kms.v1.KeyRing].
	//
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
	// [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
	// are required.
	CreateCryptoKey(ctx context.Context, in *CreateCryptoKeyRequest, opts ...grpc.CallOption) (*CryptoKey, error)
	// Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a
	// [CryptoKey][google.cloud.kms.v1.CryptoKey].
	//
	// The server will assign the next sequential id. If unset,
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
	CreateCryptoKeyVersion(ctx context.Context, in *CreateCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error)
	// Import wrapped key material into a
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	//
	// All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If
	// a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is additionally
	// specified in the request, key material will be reimported into that
	// version. Otherwise, a new version will be created, and will be assigned the
	// next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
	ImportCryptoKeyVersion(ctx context.Context, in *ImportCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error)
	// Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a
	// [KeyRing][google.cloud.kms.v1.KeyRing].
	//
	// [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is
	// required.
	CreateImportJob(ctx context.Context, in *CreateImportJobRequest, opts ...grpc.CallOption) (*ImportJob, error)
	// Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
	UpdateCryptoKey(ctx context.Context, in *UpdateCryptoKeyRequest, opts ...grpc.CallOption) (*CryptoKey, error)
	// Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
	// metadata.
	//
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
	// and
	// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]
	// using this method. See
	// [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]
	// and
	// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
	// to move between other states.
	UpdateCryptoKeyVersion(ctx context.Context, in *UpdateCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error)
	// Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that
	// will be used in
	// [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
	//
	// Returns an error if called on a key whose purpose is not
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
	UpdateCryptoKeyPrimaryVersion(ctx context.Context, in *UpdateCryptoKeyPrimaryVersionRequest, opts ...grpc.CallOption) (*CryptoKey, error)
	// Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for
	// destruction.
	//
	// Upon calling this method,
	// [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will
	// be set to
	// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
	// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
	// be set to the time
	// [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]
	// in the future. At that time, the
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will automatically
	// change to
	// [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
	// and the key material will be irrevocably destroyed.
	//
	// Before the
	// [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is
	// reached,
	// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
	// may be called to reverse the process.
	DestroyCryptoKeyVersion(ctx context.Context, in *DestroyCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error)
	// Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
	// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
	// state.
	//
	// Upon restoration of the CryptoKeyVersion,
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
	// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
	// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
	// be cleared.
	RestoreCryptoKeyVersion(ctx context.Context, in *RestoreCryptoKeyVersionRequest, opts ...grpc.CallOption) (*CryptoKeyVersion, error)
	// Encrypts data, so that it can only be recovered by a call to
	// [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
	Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error)
	// Decrypts data that was protected by
	// [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
	Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error)
	// Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
	// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// ASYMMETRIC_SIGN, producing a signature that can be verified with the public
	// key retrieved from
	// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
	AsymmetricSign(ctx context.Context, in *AsymmetricSignRequest, opts ...grpc.CallOption) (*AsymmetricSignResponse, error)
	// Decrypts data that was encrypted with a public key retrieved from
	// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
	// corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
	// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// ASYMMETRIC_DECRYPT.
	AsymmetricDecrypt(ctx context.Context, in *AsymmetricDecryptRequest, opts ...grpc.CallOption) (*AsymmetricDecryptResponse, error)
	// Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
	// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC,
	// producing a tag that can be verified by another source with the same key.
	MacSign(ctx context.Context, in *MacSignRequest, opts ...grpc.CallOption) (*MacSignResponse, error)
	// Verifies MAC tag using a
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC, and returns
	// a response that indicates whether or not the verification was successful.
	MacVerify(ctx context.Context, in *MacVerifyRequest, opts ...grpc.CallOption) (*MacVerifyResponse, error)
	// Generate random bytes using the Cloud KMS randomness source in the provided
	// location.
	GenerateRandomBytes(ctx context.Context, in *GenerateRandomBytesRequest, opts ...grpc.CallOption) (*GenerateRandomBytesResponse, error)
}

KeyManagementServiceClient is the client API for KeyManagementService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

type KeyManagementServiceServer

type KeyManagementServiceServer interface {
	// Lists [KeyRings][google.cloud.kms.v1.KeyRing].
	ListKeyRings(context.Context, *ListKeyRingsRequest) (*ListKeyRingsResponse, error)
	// Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey].
	ListCryptoKeys(context.Context, *ListCryptoKeysRequest) (*ListCryptoKeysResponse, error)
	// Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
	ListCryptoKeyVersions(context.Context, *ListCryptoKeyVersionsRequest) (*ListCryptoKeyVersionsResponse, error)
	// Lists [ImportJobs][google.cloud.kms.v1.ImportJob].
	ListImportJobs(context.Context, *ListImportJobsRequest) (*ListImportJobsResponse, error)
	// Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
	GetKeyRing(context.Context, *GetKeyRingRequest) (*KeyRing, error)
	// Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as
	// well as its [primary][google.cloud.kms.v1.CryptoKey.primary]
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	GetCryptoKey(context.Context, *GetCryptoKeyRequest) (*CryptoKey, error)
	// Returns metadata for a given
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	GetCryptoKeyVersion(context.Context, *GetCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
	// Returns the public key for the given
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
	// [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]
	// or
	// [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
	GetPublicKey(context.Context, *GetPublicKeyRequest) (*PublicKey, error)
	// Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].
	GetImportJob(context.Context, *GetImportJobRequest) (*ImportJob, error)
	// Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and
	// Location.
	CreateKeyRing(context.Context, *CreateKeyRingRequest) (*KeyRing, error)
	// Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a
	// [KeyRing][google.cloud.kms.v1.KeyRing].
	//
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
	// [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
	// are required.
	CreateCryptoKey(context.Context, *CreateCryptoKeyRequest) (*CryptoKey, error)
	// Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a
	// [CryptoKey][google.cloud.kms.v1.CryptoKey].
	//
	// The server will assign the next sequential id. If unset,
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
	CreateCryptoKeyVersion(context.Context, *CreateCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
	// Import wrapped key material into a
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
	//
	// All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If
	// a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is additionally
	// specified in the request, key material will be reimported into that
	// version. Otherwise, a new version will be created, and will be assigned the
	// next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
	ImportCryptoKeyVersion(context.Context, *ImportCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
	// Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a
	// [KeyRing][google.cloud.kms.v1.KeyRing].
	//
	// [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is
	// required.
	CreateImportJob(context.Context, *CreateImportJobRequest) (*ImportJob, error)
	// Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
	UpdateCryptoKey(context.Context, *UpdateCryptoKeyRequest) (*CryptoKey, error)
	// Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
	// metadata.
	//
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
	// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
	// and
	// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]
	// using this method. See
	// [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]
	// and
	// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
	// to move between other states.
	UpdateCryptoKeyVersion(context.Context, *UpdateCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
	// Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that
	// will be used in
	// [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
	//
	// Returns an error if called on a key whose purpose is not
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
	UpdateCryptoKeyPrimaryVersion(context.Context, *UpdateCryptoKeyPrimaryVersionRequest) (*CryptoKey, error)
	// Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for
	// destruction.
	//
	// Upon calling this method,
	// [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will
	// be set to
	// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
	// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
	// be set to the time
	// [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]
	// in the future. At that time, the
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will automatically
	// change to
	// [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
	// and the key material will be irrevocably destroyed.
	//
	// Before the
	// [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is
	// reached,
	// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
	// may be called to reverse the process.
	DestroyCryptoKeyVersion(context.Context, *DestroyCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
	// Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
	// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
	// state.
	//
	// Upon restoration of the CryptoKeyVersion,
	// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
	// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
	// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
	// be cleared.
	RestoreCryptoKeyVersion(context.Context, *RestoreCryptoKeyVersionRequest) (*CryptoKeyVersion, error)
	// Encrypts data, so that it can only be recovered by a call to
	// [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
	Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error)
	// Decrypts data that was protected by
	// [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
	// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
	Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error)
	// Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
	// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// ASYMMETRIC_SIGN, producing a signature that can be verified with the public
	// key retrieved from
	// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
	AsymmetricSign(context.Context, *AsymmetricSignRequest) (*AsymmetricSignResponse, error)
	// Decrypts data that was encrypted with a public key retrieved from
	// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
	// corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
	// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
	// ASYMMETRIC_DECRYPT.
	AsymmetricDecrypt(context.Context, *AsymmetricDecryptRequest) (*AsymmetricDecryptResponse, error)
	// Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
	// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC,
	// producing a tag that can be verified by another source with the same key.
	MacSign(context.Context, *MacSignRequest) (*MacSignResponse, error)
	// Verifies MAC tag using a
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
	// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC, and returns
	// a response that indicates whether or not the verification was successful.
	MacVerify(context.Context, *MacVerifyRequest) (*MacVerifyResponse, error)
	// Generate random bytes using the Cloud KMS randomness source in the provided
	// location.
	GenerateRandomBytes(context.Context, *GenerateRandomBytesRequest) (*GenerateRandomBytesResponse, error)
}

KeyManagementServiceServer is the server API for KeyManagementService service.

type KeyOperationAttestation

type KeyOperationAttestation struct {

	// Output only. The format of the attestation data.
	Format KeyOperationAttestation_AttestationFormat `` /* 133-byte string literal not displayed */
	// Output only. The attestation data provided by the HSM when the key
	// operation was performed.
	Content []byte `protobuf:"bytes,5,opt,name=content,proto3" json:"content,omitempty"`
	// Output only. The certificate chains needed to validate the attestation
	CertChains *KeyOperationAttestation_CertificateChains `protobuf:"bytes,6,opt,name=cert_chains,json=certChains,proto3" json:"cert_chains,omitempty"`
	// contains filtered or unexported fields
}

Contains an HSM-generated attestation about a key operation. For more information, see [Verifying attestations] (https://cloud.google.com/kms/docs/attest-key).

func (*KeyOperationAttestation) Descriptor deprecated

func (*KeyOperationAttestation) Descriptor() ([]byte, []int)

Deprecated: Use KeyOperationAttestation.ProtoReflect.Descriptor instead.

func (*KeyOperationAttestation) GetCertChains

func (*KeyOperationAttestation) GetContent

func (x *KeyOperationAttestation) GetContent() []byte

func (*KeyOperationAttestation) GetFormat

func (*KeyOperationAttestation) ProtoMessage

func (*KeyOperationAttestation) ProtoMessage()

func (*KeyOperationAttestation) ProtoReflect

func (x *KeyOperationAttestation) ProtoReflect() protoreflect.Message

func (*KeyOperationAttestation) Reset

func (x *KeyOperationAttestation) Reset()

func (*KeyOperationAttestation) String

func (x *KeyOperationAttestation) String() string

type KeyOperationAttestation_AttestationFormat

type KeyOperationAttestation_AttestationFormat int32

Attestation formats provided by the HSM.

const (
	// Not specified.
	KeyOperationAttestation_ATTESTATION_FORMAT_UNSPECIFIED KeyOperationAttestation_AttestationFormat = 0
	// Cavium HSM attestation compressed with gzip. Note that this format is
	// defined by Cavium and subject to change at any time.
	//
	// See
	// https://www.marvell.com/products/security-solutions/nitrox-hs-adapters/software-key-attestation.html.
	KeyOperationAttestation_CAVIUM_V1_COMPRESSED KeyOperationAttestation_AttestationFormat = 3
	// Cavium HSM attestation V2 compressed with gzip. This is a new format
	// introduced in Cavium's version 3.2-08.
	KeyOperationAttestation_CAVIUM_V2_COMPRESSED KeyOperationAttestation_AttestationFormat = 4
)

func (KeyOperationAttestation_AttestationFormat) Descriptor

func (KeyOperationAttestation_AttestationFormat) Enum

func (KeyOperationAttestation_AttestationFormat) EnumDescriptor deprecated

func (KeyOperationAttestation_AttestationFormat) EnumDescriptor() ([]byte, []int)

Deprecated: Use KeyOperationAttestation_AttestationFormat.Descriptor instead.

func (KeyOperationAttestation_AttestationFormat) Number

func (KeyOperationAttestation_AttestationFormat) String

func (KeyOperationAttestation_AttestationFormat) Type

type KeyOperationAttestation_CertificateChains

type KeyOperationAttestation_CertificateChains struct {

	// Cavium certificate chain corresponding to the attestation.
	CaviumCerts []string `protobuf:"bytes,1,rep,name=cavium_certs,json=caviumCerts,proto3" json:"cavium_certs,omitempty"`
	// Google card certificate chain corresponding to the attestation.
	GoogleCardCerts []string `protobuf:"bytes,2,rep,name=google_card_certs,json=googleCardCerts,proto3" json:"google_card_certs,omitempty"`
	// Google partition certificate chain corresponding to the attestation.
	GooglePartitionCerts []string `protobuf:"bytes,3,rep,name=google_partition_certs,json=googlePartitionCerts,proto3" json:"google_partition_certs,omitempty"`
	// contains filtered or unexported fields
}

Certificate chains needed to verify the attestation. Certificates in chains are PEM-encoded and are ordered based on https://tools.ietf.org/html/rfc5246#section-7.4.2.

func (*KeyOperationAttestation_CertificateChains) Descriptor deprecated

func (*KeyOperationAttestation_CertificateChains) Descriptor() ([]byte, []int)

Deprecated: Use KeyOperationAttestation_CertificateChains.ProtoReflect.Descriptor instead.

func (*KeyOperationAttestation_CertificateChains) GetCaviumCerts

func (x *KeyOperationAttestation_CertificateChains) GetCaviumCerts() []string

func (*KeyOperationAttestation_CertificateChains) GetGoogleCardCerts

func (x *KeyOperationAttestation_CertificateChains) GetGoogleCardCerts() []string

func (*KeyOperationAttestation_CertificateChains) GetGooglePartitionCerts

func (x *KeyOperationAttestation_CertificateChains) GetGooglePartitionCerts() []string

func (*KeyOperationAttestation_CertificateChains) ProtoMessage

func (*KeyOperationAttestation_CertificateChains) ProtoReflect

func (*KeyOperationAttestation_CertificateChains) Reset

func (*KeyOperationAttestation_CertificateChains) String

type KeyRing

type KeyRing struct {

	// Output only. The resource name for the
	// [KeyRing][google.cloud.kms.v1.KeyRing] in the format
	// `projects/*/locations/*/keyRings/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Output only. The time at which this [KeyRing][google.cloud.kms.v1.KeyRing]
	// was created.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// contains filtered or unexported fields
}

A KeyRing[google.cloud.kms.v1.KeyRing] is a toplevel logical grouping of [CryptoKeys][google.cloud.kms.v1.CryptoKey].

func (*KeyRing) Descriptor deprecated

func (*KeyRing) Descriptor() ([]byte, []int)

Deprecated: Use KeyRing.ProtoReflect.Descriptor instead.

func (*KeyRing) GetCreateTime

func (x *KeyRing) GetCreateTime() *timestamppb.Timestamp

func (*KeyRing) GetName

func (x *KeyRing) GetName() string

func (*KeyRing) ProtoMessage

func (*KeyRing) ProtoMessage()

func (*KeyRing) ProtoReflect

func (x *KeyRing) ProtoReflect() protoreflect.Message

func (*KeyRing) Reset

func (x *KeyRing) Reset()

func (*KeyRing) String

func (x *KeyRing) String() string

type ListCryptoKeyVersionsRequest

type ListCryptoKeyVersionsRequest struct {

	// Required. The resource name of the
	// [CryptoKey][google.cloud.kms.v1.CryptoKey] to list, in the format
	// `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. Optional limit on the number of
	// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] to include in the
	// response. Further [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]
	// can subsequently be obtained by including the
	// [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token]
	// in a subsequent request. If unspecified, the server will pick an
	// appropriate default.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. Optional pagination token, returned earlier via
	// [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token].
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// The fields to include in the response.
	View CryptoKeyVersion_CryptoKeyVersionView `protobuf:"varint,4,opt,name=view,proto3,enum=google.cloud.kms.v1.CryptoKeyVersion_CryptoKeyVersionView" json:"view,omitempty"`
	// Optional. Only include resources that match the filter in the response. For
	// more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	Filter string `protobuf:"bytes,5,opt,name=filter,proto3" json:"filter,omitempty"`
	// Optional. Specify how the results should be sorted. If not specified, the
	// results will be sorted in the default order. For more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	OrderBy string `protobuf:"bytes,6,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions].

func (*ListCryptoKeyVersionsRequest) Descriptor deprecated

func (*ListCryptoKeyVersionsRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListCryptoKeyVersionsRequest.ProtoReflect.Descriptor instead.

func (*ListCryptoKeyVersionsRequest) GetFilter

func (x *ListCryptoKeyVersionsRequest) GetFilter() string

func (*ListCryptoKeyVersionsRequest) GetOrderBy

func (x *ListCryptoKeyVersionsRequest) GetOrderBy() string

func (*ListCryptoKeyVersionsRequest) GetPageSize

func (x *ListCryptoKeyVersionsRequest) GetPageSize() int32

func (*ListCryptoKeyVersionsRequest) GetPageToken

func (x *ListCryptoKeyVersionsRequest) GetPageToken() string

func (*ListCryptoKeyVersionsRequest) GetParent

func (x *ListCryptoKeyVersionsRequest) GetParent() string

func (*ListCryptoKeyVersionsRequest) GetView

func (*ListCryptoKeyVersionsRequest) ProtoMessage

func (*ListCryptoKeyVersionsRequest) ProtoMessage()

func (*ListCryptoKeyVersionsRequest) ProtoReflect

func (*ListCryptoKeyVersionsRequest) Reset

func (x *ListCryptoKeyVersionsRequest) Reset()

func (*ListCryptoKeyVersionsRequest) String

type ListCryptoKeyVersionsResponse

type ListCryptoKeyVersionsResponse struct {

	// The list of [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
	CryptoKeyVersions []*CryptoKeyVersion `protobuf:"bytes,1,rep,name=crypto_key_versions,json=cryptoKeyVersions,proto3" json:"crypto_key_versions,omitempty"`
	// A token to retrieve next page of results. Pass this value in
	// [ListCryptoKeyVersionsRequest.page_token][google.cloud.kms.v1.ListCryptoKeyVersionsRequest.page_token]
	// to retrieve the next page of results.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// The total number of
	// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] that matched the
	// query.
	TotalSize int32 `protobuf:"varint,3,opt,name=total_size,json=totalSize,proto3" json:"total_size,omitempty"`
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions].

func (*ListCryptoKeyVersionsResponse) Descriptor deprecated

func (*ListCryptoKeyVersionsResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListCryptoKeyVersionsResponse.ProtoReflect.Descriptor instead.

func (*ListCryptoKeyVersionsResponse) GetCryptoKeyVersions

func (x *ListCryptoKeyVersionsResponse) GetCryptoKeyVersions() []*CryptoKeyVersion

func (*ListCryptoKeyVersionsResponse) GetNextPageToken

func (x *ListCryptoKeyVersionsResponse) GetNextPageToken() string

func (*ListCryptoKeyVersionsResponse) GetTotalSize

func (x *ListCryptoKeyVersionsResponse) GetTotalSize() int32

func (*ListCryptoKeyVersionsResponse) ProtoMessage

func (*ListCryptoKeyVersionsResponse) ProtoMessage()

func (*ListCryptoKeyVersionsResponse) ProtoReflect

func (*ListCryptoKeyVersionsResponse) Reset

func (x *ListCryptoKeyVersionsResponse) Reset()

func (*ListCryptoKeyVersionsResponse) String

type ListCryptoKeysRequest

type ListCryptoKeysRequest struct {

	// Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing]
	// to list, in the format `projects/*/locations/*/keyRings/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. Optional limit on the number of
	// [CryptoKeys][google.cloud.kms.v1.CryptoKey] to include in the response.
	// Further [CryptoKeys][google.cloud.kms.v1.CryptoKey] can subsequently be
	// obtained by including the
	// [ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token]
	// in a subsequent request.  If unspecified, the server will pick an
	// appropriate default.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. Optional pagination token, returned earlier via
	// [ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token].
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// The fields of the primary version to include in the response.
	VersionView CryptoKeyVersion_CryptoKeyVersionView `` /* 158-byte string literal not displayed */
	// Optional. Only include resources that match the filter in the response. For
	// more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	Filter string `protobuf:"bytes,5,opt,name=filter,proto3" json:"filter,omitempty"`
	// Optional. Specify how the results should be sorted. If not specified, the
	// results will be sorted in the default order. For more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	OrderBy string `protobuf:"bytes,6,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys].

func (*ListCryptoKeysRequest) Descriptor deprecated

func (*ListCryptoKeysRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListCryptoKeysRequest.ProtoReflect.Descriptor instead.

func (*ListCryptoKeysRequest) GetFilter

func (x *ListCryptoKeysRequest) GetFilter() string

func (*ListCryptoKeysRequest) GetOrderBy

func (x *ListCryptoKeysRequest) GetOrderBy() string

func (*ListCryptoKeysRequest) GetPageSize

func (x *ListCryptoKeysRequest) GetPageSize() int32

func (*ListCryptoKeysRequest) GetPageToken

func (x *ListCryptoKeysRequest) GetPageToken() string

func (*ListCryptoKeysRequest) GetParent

func (x *ListCryptoKeysRequest) GetParent() string

func (*ListCryptoKeysRequest) GetVersionView

func (*ListCryptoKeysRequest) ProtoMessage

func (*ListCryptoKeysRequest) ProtoMessage()

func (*ListCryptoKeysRequest) ProtoReflect

func (x *ListCryptoKeysRequest) ProtoReflect() protoreflect.Message

func (*ListCryptoKeysRequest) Reset

func (x *ListCryptoKeysRequest) Reset()

func (*ListCryptoKeysRequest) String

func (x *ListCryptoKeysRequest) String() string

type ListCryptoKeysResponse

type ListCryptoKeysResponse struct {

	// The list of [CryptoKeys][google.cloud.kms.v1.CryptoKey].
	CryptoKeys []*CryptoKey `protobuf:"bytes,1,rep,name=crypto_keys,json=cryptoKeys,proto3" json:"crypto_keys,omitempty"`
	// A token to retrieve next page of results. Pass this value in
	// [ListCryptoKeysRequest.page_token][google.cloud.kms.v1.ListCryptoKeysRequest.page_token]
	// to retrieve the next page of results.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// The total number of [CryptoKeys][google.cloud.kms.v1.CryptoKey] that
	// matched the query.
	TotalSize int32 `protobuf:"varint,3,opt,name=total_size,json=totalSize,proto3" json:"total_size,omitempty"`
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys].

func (*ListCryptoKeysResponse) Descriptor deprecated

func (*ListCryptoKeysResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListCryptoKeysResponse.ProtoReflect.Descriptor instead.

func (*ListCryptoKeysResponse) GetCryptoKeys

func (x *ListCryptoKeysResponse) GetCryptoKeys() []*CryptoKey

func (*ListCryptoKeysResponse) GetNextPageToken

func (x *ListCryptoKeysResponse) GetNextPageToken() string

func (*ListCryptoKeysResponse) GetTotalSize

func (x *ListCryptoKeysResponse) GetTotalSize() int32

func (*ListCryptoKeysResponse) ProtoMessage

func (*ListCryptoKeysResponse) ProtoMessage()

func (*ListCryptoKeysResponse) ProtoReflect

func (x *ListCryptoKeysResponse) ProtoReflect() protoreflect.Message

func (*ListCryptoKeysResponse) Reset

func (x *ListCryptoKeysResponse) Reset()

func (*ListCryptoKeysResponse) String

func (x *ListCryptoKeysResponse) String() string

type ListEkmConnectionsRequest

type ListEkmConnectionsRequest struct {

	// Required. The resource name of the location associated with the
	// [EkmConnections][google.cloud.kms.v1.EkmConnection] to list, in the format
	// `projects/*/locations/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. Optional limit on the number of
	// [EkmConnections][google.cloud.kms.v1.EkmConnection] to include in the
	// response. Further [EkmConnections][google.cloud.kms.v1.EkmConnection] can
	// subsequently be obtained by including the
	// [ListEkmConnectionsResponse.next_page_token][google.cloud.kms.v1.ListEkmConnectionsResponse.next_page_token]
	// in a subsequent request. If unspecified, the server will pick an
	// appropriate default.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. Optional pagination token, returned earlier via
	// [ListEkmConnectionsResponse.next_page_token][google.cloud.kms.v1.ListEkmConnectionsResponse.next_page_token].
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// Optional. Only include resources that match the filter in the response. For
	// more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	Filter string `protobuf:"bytes,4,opt,name=filter,proto3" json:"filter,omitempty"`
	// Optional. Specify how the results should be sorted. If not specified, the
	// results will be sorted in the default order.  For more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	OrderBy string `protobuf:"bytes,5,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
	// contains filtered or unexported fields
}

Request message for [EkmService.ListEkmConnections][google.cloud.kms.v1.EkmService.ListEkmConnections].

func (*ListEkmConnectionsRequest) Descriptor deprecated

func (*ListEkmConnectionsRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListEkmConnectionsRequest.ProtoReflect.Descriptor instead.

func (*ListEkmConnectionsRequest) GetFilter

func (x *ListEkmConnectionsRequest) GetFilter() string

func (*ListEkmConnectionsRequest) GetOrderBy

func (x *ListEkmConnectionsRequest) GetOrderBy() string

func (*ListEkmConnectionsRequest) GetPageSize

func (x *ListEkmConnectionsRequest) GetPageSize() int32

func (*ListEkmConnectionsRequest) GetPageToken

func (x *ListEkmConnectionsRequest) GetPageToken() string

func (*ListEkmConnectionsRequest) GetParent

func (x *ListEkmConnectionsRequest) GetParent() string

func (*ListEkmConnectionsRequest) ProtoMessage

func (*ListEkmConnectionsRequest) ProtoMessage()

func (*ListEkmConnectionsRequest) ProtoReflect

func (*ListEkmConnectionsRequest) Reset

func (x *ListEkmConnectionsRequest) Reset()

func (*ListEkmConnectionsRequest) String

func (x *ListEkmConnectionsRequest) String() string

type ListEkmConnectionsResponse

type ListEkmConnectionsResponse struct {

	// The list of [EkmConnections][google.cloud.kms.v1.EkmConnection].
	EkmConnections []*EkmConnection `protobuf:"bytes,1,rep,name=ekm_connections,json=ekmConnections,proto3" json:"ekm_connections,omitempty"`
	// A token to retrieve next page of results. Pass this value in
	// [ListEkmConnectionsRequest.page_token][google.cloud.kms.v1.ListEkmConnectionsRequest.page_token]
	// to retrieve the next page of results.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// The total number of [EkmConnections][google.cloud.kms.v1.EkmConnection]
	// that matched the query.
	TotalSize int32 `protobuf:"varint,3,opt,name=total_size,json=totalSize,proto3" json:"total_size,omitempty"`
	// contains filtered or unexported fields
}

Response message for [EkmService.ListEkmConnections][google.cloud.kms.v1.EkmService.ListEkmConnections].

func (*ListEkmConnectionsResponse) Descriptor deprecated

func (*ListEkmConnectionsResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListEkmConnectionsResponse.ProtoReflect.Descriptor instead.

func (*ListEkmConnectionsResponse) GetEkmConnections

func (x *ListEkmConnectionsResponse) GetEkmConnections() []*EkmConnection

func (*ListEkmConnectionsResponse) GetNextPageToken

func (x *ListEkmConnectionsResponse) GetNextPageToken() string

func (*ListEkmConnectionsResponse) GetTotalSize

func (x *ListEkmConnectionsResponse) GetTotalSize() int32

func (*ListEkmConnectionsResponse) ProtoMessage

func (*ListEkmConnectionsResponse) ProtoMessage()

func (*ListEkmConnectionsResponse) ProtoReflect

func (*ListEkmConnectionsResponse) Reset

func (x *ListEkmConnectionsResponse) Reset()

func (*ListEkmConnectionsResponse) String

func (x *ListEkmConnectionsResponse) String() string

type ListImportJobsRequest

type ListImportJobsRequest struct {

	// Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing]
	// to list, in the format `projects/*/locations/*/keyRings/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. Optional limit on the number of
	// [ImportJobs][google.cloud.kms.v1.ImportJob] to include in the response.
	// Further [ImportJobs][google.cloud.kms.v1.ImportJob] can subsequently be
	// obtained by including the
	// [ListImportJobsResponse.next_page_token][google.cloud.kms.v1.ListImportJobsResponse.next_page_token]
	// in a subsequent request. If unspecified, the server will pick an
	// appropriate default.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. Optional pagination token, returned earlier via
	// [ListImportJobsResponse.next_page_token][google.cloud.kms.v1.ListImportJobsResponse.next_page_token].
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// Optional. Only include resources that match the filter in the response. For
	// more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	Filter string `protobuf:"bytes,4,opt,name=filter,proto3" json:"filter,omitempty"`
	// Optional. Specify how the results should be sorted. If not specified, the
	// results will be sorted in the default order. For more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	OrderBy string `protobuf:"bytes,5,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs].

func (*ListImportJobsRequest) Descriptor deprecated

func (*ListImportJobsRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListImportJobsRequest.ProtoReflect.Descriptor instead.

func (*ListImportJobsRequest) GetFilter

func (x *ListImportJobsRequest) GetFilter() string

func (*ListImportJobsRequest) GetOrderBy

func (x *ListImportJobsRequest) GetOrderBy() string

func (*ListImportJobsRequest) GetPageSize

func (x *ListImportJobsRequest) GetPageSize() int32

func (*ListImportJobsRequest) GetPageToken

func (x *ListImportJobsRequest) GetPageToken() string

func (*ListImportJobsRequest) GetParent

func (x *ListImportJobsRequest) GetParent() string

func (*ListImportJobsRequest) ProtoMessage

func (*ListImportJobsRequest) ProtoMessage()

func (*ListImportJobsRequest) ProtoReflect

func (x *ListImportJobsRequest) ProtoReflect() protoreflect.Message

func (*ListImportJobsRequest) Reset

func (x *ListImportJobsRequest) Reset()

func (*ListImportJobsRequest) String

func (x *ListImportJobsRequest) String() string

type ListImportJobsResponse

type ListImportJobsResponse struct {

	// The list of [ImportJobs][google.cloud.kms.v1.ImportJob].
	ImportJobs []*ImportJob `protobuf:"bytes,1,rep,name=import_jobs,json=importJobs,proto3" json:"import_jobs,omitempty"`
	// A token to retrieve next page of results. Pass this value in
	// [ListImportJobsRequest.page_token][google.cloud.kms.v1.ListImportJobsRequest.page_token]
	// to retrieve the next page of results.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// The total number of [ImportJobs][google.cloud.kms.v1.ImportJob] that
	// matched the query.
	TotalSize int32 `protobuf:"varint,3,opt,name=total_size,json=totalSize,proto3" json:"total_size,omitempty"`
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs].

func (*ListImportJobsResponse) Descriptor deprecated

func (*ListImportJobsResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListImportJobsResponse.ProtoReflect.Descriptor instead.

func (*ListImportJobsResponse) GetImportJobs

func (x *ListImportJobsResponse) GetImportJobs() []*ImportJob

func (*ListImportJobsResponse) GetNextPageToken

func (x *ListImportJobsResponse) GetNextPageToken() string

func (*ListImportJobsResponse) GetTotalSize

func (x *ListImportJobsResponse) GetTotalSize() int32

func (*ListImportJobsResponse) ProtoMessage

func (*ListImportJobsResponse) ProtoMessage()

func (*ListImportJobsResponse) ProtoReflect

func (x *ListImportJobsResponse) ProtoReflect() protoreflect.Message

func (*ListImportJobsResponse) Reset

func (x *ListImportJobsResponse) Reset()

func (*ListImportJobsResponse) String

func (x *ListImportJobsResponse) String() string

type ListKeyRingsRequest

type ListKeyRingsRequest struct {

	// Required. The resource name of the location associated with the
	// [KeyRings][google.cloud.kms.v1.KeyRing], in the format
	// `projects/*/locations/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Optional. Optional limit on the number of
	// [KeyRings][google.cloud.kms.v1.KeyRing] to include in the response. Further
	// [KeyRings][google.cloud.kms.v1.KeyRing] can subsequently be obtained by
	// including the
	// [ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token]
	// in a subsequent request.  If unspecified, the server will pick an
	// appropriate default.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// Optional. Optional pagination token, returned earlier via
	// [ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token].
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// Optional. Only include resources that match the filter in the response. For
	// more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	Filter string `protobuf:"bytes,4,opt,name=filter,proto3" json:"filter,omitempty"`
	// Optional. Specify how the results should be sorted. If not specified, the
	// results will be sorted in the default order.  For more information, see
	// [Sorting and filtering list
	// results](https://cloud.google.com/kms/docs/sorting-and-filtering).
	OrderBy string `protobuf:"bytes,5,opt,name=order_by,json=orderBy,proto3" json:"order_by,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings].

func (*ListKeyRingsRequest) Descriptor deprecated

func (*ListKeyRingsRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListKeyRingsRequest.ProtoReflect.Descriptor instead.

func (*ListKeyRingsRequest) GetFilter

func (x *ListKeyRingsRequest) GetFilter() string

func (*ListKeyRingsRequest) GetOrderBy

func (x *ListKeyRingsRequest) GetOrderBy() string

func (*ListKeyRingsRequest) GetPageSize

func (x *ListKeyRingsRequest) GetPageSize() int32

func (*ListKeyRingsRequest) GetPageToken

func (x *ListKeyRingsRequest) GetPageToken() string

func (*ListKeyRingsRequest) GetParent

func (x *ListKeyRingsRequest) GetParent() string

func (*ListKeyRingsRequest) ProtoMessage

func (*ListKeyRingsRequest) ProtoMessage()

func (*ListKeyRingsRequest) ProtoReflect

func (x *ListKeyRingsRequest) ProtoReflect() protoreflect.Message

func (*ListKeyRingsRequest) Reset

func (x *ListKeyRingsRequest) Reset()

func (*ListKeyRingsRequest) String

func (x *ListKeyRingsRequest) String() string

type ListKeyRingsResponse

type ListKeyRingsResponse struct {

	// The list of [KeyRings][google.cloud.kms.v1.KeyRing].
	KeyRings []*KeyRing `protobuf:"bytes,1,rep,name=key_rings,json=keyRings,proto3" json:"key_rings,omitempty"`
	// A token to retrieve next page of results. Pass this value in
	// [ListKeyRingsRequest.page_token][google.cloud.kms.v1.ListKeyRingsRequest.page_token]
	// to retrieve the next page of results.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// The total number of [KeyRings][google.cloud.kms.v1.KeyRing] that matched
	// the query.
	TotalSize int32 `protobuf:"varint,3,opt,name=total_size,json=totalSize,proto3" json:"total_size,omitempty"`
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings].

func (*ListKeyRingsResponse) Descriptor deprecated

func (*ListKeyRingsResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListKeyRingsResponse.ProtoReflect.Descriptor instead.

func (*ListKeyRingsResponse) GetKeyRings

func (x *ListKeyRingsResponse) GetKeyRings() []*KeyRing

func (*ListKeyRingsResponse) GetNextPageToken

func (x *ListKeyRingsResponse) GetNextPageToken() string

func (*ListKeyRingsResponse) GetTotalSize

func (x *ListKeyRingsResponse) GetTotalSize() int32

func (*ListKeyRingsResponse) ProtoMessage

func (*ListKeyRingsResponse) ProtoMessage()

func (*ListKeyRingsResponse) ProtoReflect

func (x *ListKeyRingsResponse) ProtoReflect() protoreflect.Message

func (*ListKeyRingsResponse) Reset

func (x *ListKeyRingsResponse) Reset()

func (*ListKeyRingsResponse) String

func (x *ListKeyRingsResponse) String() string

type LocationMetadata

type LocationMetadata struct {

	// Indicates whether [CryptoKeys][google.cloud.kms.v1.CryptoKey] with
	// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]
	// [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] can be created in this
	// location.
	HsmAvailable bool `protobuf:"varint,1,opt,name=hsm_available,json=hsmAvailable,proto3" json:"hsm_available,omitempty"`
	// Indicates whether [CryptoKeys][google.cloud.kms.v1.CryptoKey] with
	// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]
	// [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] can be created in
	// this location.
	EkmAvailable bool `protobuf:"varint,2,opt,name=ekm_available,json=ekmAvailable,proto3" json:"ekm_available,omitempty"`
	// contains filtered or unexported fields
}

Cloud KMS metadata for the given [google.cloud.location.Location][google.cloud.location.Location].

func (*LocationMetadata) Descriptor deprecated

func (*LocationMetadata) Descriptor() ([]byte, []int)

Deprecated: Use LocationMetadata.ProtoReflect.Descriptor instead.

func (*LocationMetadata) GetEkmAvailable

func (x *LocationMetadata) GetEkmAvailable() bool

func (*LocationMetadata) GetHsmAvailable

func (x *LocationMetadata) GetHsmAvailable() bool

func (*LocationMetadata) ProtoMessage

func (*LocationMetadata) ProtoMessage()

func (*LocationMetadata) ProtoReflect

func (x *LocationMetadata) ProtoReflect() protoreflect.Message

func (*LocationMetadata) Reset

func (x *LocationMetadata) Reset()

func (*LocationMetadata) String

func (x *LocationMetadata) String() string

type MacSignRequest

type MacSignRequest struct {

	// Required. The resource name of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
	// signing.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. The data to sign. The MAC tag is computed over this data field
	// based on the specific algorithm.
	Data []byte `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`
	// Optional. An optional CRC32C checksum of the
	// [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data]. If
	// specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService]
	// will verify the integrity of the received
	// [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data] using this
	// checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService]
	// will report an error if the checksum verification fails. If you receive a
	// checksum error, your client should verify that
	// CRC32C([MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data]) is
	// equal to
	// [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c],
	// and if so, perform a limited number of retries. A persistent mismatch may
	// indicate an issue in your computation of the CRC32C checksum. Note: This
	// field is defined as int64 for reasons of compatibility across different
	// languages. However, it is a non-negative integer, which will never exceed
	// 2^32-1, and can be safely downconverted to uint32 in languages that support
	// this type.
	DataCrc32C *wrapperspb.Int64Value `protobuf:"bytes,3,opt,name=data_crc32c,json=dataCrc32c,proto3" json:"data_crc32c,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.MacSign][google.cloud.kms.v1.KeyManagementService.MacSign].

func (*MacSignRequest) Descriptor deprecated

func (*MacSignRequest) Descriptor() ([]byte, []int)

Deprecated: Use MacSignRequest.ProtoReflect.Descriptor instead.

func (*MacSignRequest) GetData

func (x *MacSignRequest) GetData() []byte

func (*MacSignRequest) GetDataCrc32C

func (x *MacSignRequest) GetDataCrc32C() *wrapperspb.Int64Value

func (*MacSignRequest) GetName

func (x *MacSignRequest) GetName() string

func (*MacSignRequest) ProtoMessage

func (*MacSignRequest) ProtoMessage()

func (*MacSignRequest) ProtoReflect

func (x *MacSignRequest) ProtoReflect() protoreflect.Message

func (*MacSignRequest) Reset

func (x *MacSignRequest) Reset()

func (*MacSignRequest) String

func (x *MacSignRequest) String() string

type MacSignResponse

type MacSignResponse struct {

	// The resource name of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing.
	// Check this field to verify that the intended resource was used for signing.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The created signature.
	Mac []byte `protobuf:"bytes,2,opt,name=mac,proto3" json:"mac,omitempty"`
	// Integrity verification field. A CRC32C checksum of the returned
	// [MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac]. An
	// integrity check of
	// [MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac] can be
	// performed by computing the CRC32C checksum of
	// [MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac] and
	// comparing your results to this field. Discard the response in case of
	// non-matching checksum values, and perform a limited number of retries. A
	// persistent mismatch may indicate an issue in your computation of the CRC32C
	// checksum. Note: This field is defined as int64 for reasons of compatibility
	// across different languages. However, it is a non-negative integer, which
	// will never exceed 2^32-1, and can be safely downconverted to uint32 in
	// languages that support this type.
	MacCrc32C *wrapperspb.Int64Value `protobuf:"bytes,3,opt,name=mac_crc32c,json=macCrc32c,proto3" json:"mac_crc32c,omitempty"`
	// Integrity verification field. A flag indicating whether
	// [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c]
	// was received by
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used
	// for the integrity verification of the
	// [data][google.cloud.kms.v1.MacSignRequest.data]. A false value of this
	// field indicates either that
	// [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c]
	// was left unset or that it was not delivered to
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
	// set
	// [MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c]
	// but this field is still false, discard the response and perform a limited
	// number of retries.
	VerifiedDataCrc32C bool `protobuf:"varint,4,opt,name=verified_data_crc32c,json=verifiedDataCrc32c,proto3" json:"verified_data_crc32c,omitempty"`
	// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for signing.
	ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.MacSign][google.cloud.kms.v1.KeyManagementService.MacSign].

func (*MacSignResponse) Descriptor deprecated

func (*MacSignResponse) Descriptor() ([]byte, []int)

Deprecated: Use MacSignResponse.ProtoReflect.Descriptor instead.

func (*MacSignResponse) GetMac

func (x *MacSignResponse) GetMac() []byte

func (*MacSignResponse) GetMacCrc32C

func (x *MacSignResponse) GetMacCrc32C() *wrapperspb.Int64Value

func (*MacSignResponse) GetName

func (x *MacSignResponse) GetName() string

func (*MacSignResponse) GetProtectionLevel

func (x *MacSignResponse) GetProtectionLevel() ProtectionLevel

func (*MacSignResponse) GetVerifiedDataCrc32C

func (x *MacSignResponse) GetVerifiedDataCrc32C() bool

func (*MacSignResponse) ProtoMessage

func (*MacSignResponse) ProtoMessage()

func (*MacSignResponse) ProtoReflect

func (x *MacSignResponse) ProtoReflect() protoreflect.Message

func (*MacSignResponse) Reset

func (x *MacSignResponse) Reset()

func (*MacSignResponse) String

func (x *MacSignResponse) String() string

type MacVerifyRequest

type MacVerifyRequest struct {

	// Required. The resource name of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
	// verification.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Required. The data used previously as a
	// [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data] to generate
	// the MAC tag.
	Data []byte `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`
	// Optional. An optional CRC32C checksum of the
	// [MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data]. If
	// specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService]
	// will verify the integrity of the received
	// [MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data] using
	// this checksum.
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] will
	// report an error if the checksum verification fails. If you receive a
	// checksum error, your client should verify that
	// CRC32C([MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data])
	// is equal to
	// [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c],
	// and if so, perform a limited number of retries. A persistent mismatch may
	// indicate an issue in your computation of the CRC32C checksum. Note: This
	// field is defined as int64 for reasons of compatibility across different
	// languages. However, it is a non-negative integer, which will never exceed
	// 2^32-1, and can be safely downconverted to uint32 in languages that support
	// this type.
	DataCrc32C *wrapperspb.Int64Value `protobuf:"bytes,3,opt,name=data_crc32c,json=dataCrc32c,proto3" json:"data_crc32c,omitempty"`
	// Required. The signature to verify.
	Mac []byte `protobuf:"bytes,4,opt,name=mac,proto3" json:"mac,omitempty"`
	// Optional. An optional CRC32C checksum of the
	// [MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac]. If
	// specified, [KeyManagementService][google.cloud.kms.v1.KeyManagementService]
	// will verify the integrity of the received
	// [MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac] using this
	// checksum. [KeyManagementService][google.cloud.kms.v1.KeyManagementService]
	// will report an error if the checksum verification fails. If you receive a
	// checksum error, your client should verify that
	// CRC32C([MacVerifyRequest.tag][]) is equal to
	// [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c],
	// and if so, perform a limited number of retries. A persistent mismatch may
	// indicate an issue in your computation of the CRC32C checksum. Note: This
	// field is defined as int64 for reasons of compatibility across different
	// languages. However, it is a non-negative integer, which will never exceed
	// 2^32-1, and can be safely downconverted to uint32 in languages that support
	// this type.
	MacCrc32C *wrapperspb.Int64Value `protobuf:"bytes,5,opt,name=mac_crc32c,json=macCrc32c,proto3" json:"mac_crc32c,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.MacVerify][google.cloud.kms.v1.KeyManagementService.MacVerify].

func (*MacVerifyRequest) Descriptor deprecated

func (*MacVerifyRequest) Descriptor() ([]byte, []int)

Deprecated: Use MacVerifyRequest.ProtoReflect.Descriptor instead.

func (*MacVerifyRequest) GetData

func (x *MacVerifyRequest) GetData() []byte

func (*MacVerifyRequest) GetDataCrc32C

func (x *MacVerifyRequest) GetDataCrc32C() *wrapperspb.Int64Value

func (*MacVerifyRequest) GetMac

func (x *MacVerifyRequest) GetMac() []byte

func (*MacVerifyRequest) GetMacCrc32C

func (x *MacVerifyRequest) GetMacCrc32C() *wrapperspb.Int64Value

func (*MacVerifyRequest) GetName

func (x *MacVerifyRequest) GetName() string

func (*MacVerifyRequest) ProtoMessage

func (*MacVerifyRequest) ProtoMessage()

func (*MacVerifyRequest) ProtoReflect

func (x *MacVerifyRequest) ProtoReflect() protoreflect.Message

func (*MacVerifyRequest) Reset

func (x *MacVerifyRequest) Reset()

func (*MacVerifyRequest) String

func (x *MacVerifyRequest) String() string

type MacVerifyResponse

type MacVerifyResponse struct {

	// The resource name of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for
	// verification. Check this field to verify that the intended resource was
	// used for verification.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// This field indicates whether or not the verification operation for
	// [MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac] over
	// [MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data] was
	// successful.
	Success bool `protobuf:"varint,2,opt,name=success,proto3" json:"success,omitempty"`
	// Integrity verification field. A flag indicating whether
	// [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c]
	// was received by
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used
	// for the integrity verification of the
	// [data][google.cloud.kms.v1.MacVerifyRequest.data]. A false value of this
	// field indicates either that
	// [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c]
	// was left unset or that it was not delivered to
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
	// set
	// [MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c]
	// but this field is still false, discard the response and perform a limited
	// number of retries.
	VerifiedDataCrc32C bool `protobuf:"varint,3,opt,name=verified_data_crc32c,json=verifiedDataCrc32c,proto3" json:"verified_data_crc32c,omitempty"`
	// Integrity verification field. A flag indicating whether
	// [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c]
	// was received by
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService] and used
	// for the integrity verification of the
	// [data][google.cloud.kms.v1.MacVerifyRequest.mac]. A false value of this
	// field indicates either that
	// [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c]
	// was left unset or that it was not delivered to
	// [KeyManagementService][google.cloud.kms.v1.KeyManagementService]. If you've
	// set
	// [MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c]
	// but this field is still false, discard the response and perform a limited
	// number of retries.
	VerifiedMacCrc32C bool `protobuf:"varint,4,opt,name=verified_mac_crc32c,json=verifiedMacCrc32c,proto3" json:"verified_mac_crc32c,omitempty"`
	// Integrity verification field. This value is used for the integrity
	// verification of [MacVerifyResponse.success]. If the value of this field
	// contradicts the value of [MacVerifyResponse.success], discard the response
	// and perform a limited number of retries.
	VerifiedSuccessIntegrity bool `` /* 136-byte string literal not displayed */
	// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used for
	// verification.
	ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */
	// contains filtered or unexported fields
}

Response message for [KeyManagementService.MacVerify][google.cloud.kms.v1.KeyManagementService.MacVerify].

func (*MacVerifyResponse) Descriptor deprecated

func (*MacVerifyResponse) Descriptor() ([]byte, []int)

Deprecated: Use MacVerifyResponse.ProtoReflect.Descriptor instead.

func (*MacVerifyResponse) GetName

func (x *MacVerifyResponse) GetName() string

func (*MacVerifyResponse) GetProtectionLevel

func (x *MacVerifyResponse) GetProtectionLevel() ProtectionLevel

func (*MacVerifyResponse) GetSuccess

func (x *MacVerifyResponse) GetSuccess() bool

func (*MacVerifyResponse) GetVerifiedDataCrc32C

func (x *MacVerifyResponse) GetVerifiedDataCrc32C() bool

func (*MacVerifyResponse) GetVerifiedMacCrc32C

func (x *MacVerifyResponse) GetVerifiedMacCrc32C() bool

func (*MacVerifyResponse) GetVerifiedSuccessIntegrity

func (x *MacVerifyResponse) GetVerifiedSuccessIntegrity() bool

func (*MacVerifyResponse) ProtoMessage

func (*MacVerifyResponse) ProtoMessage()

func (*MacVerifyResponse) ProtoReflect

func (x *MacVerifyResponse) ProtoReflect() protoreflect.Message

func (*MacVerifyResponse) Reset

func (x *MacVerifyResponse) Reset()

func (*MacVerifyResponse) String

func (x *MacVerifyResponse) String() string

type ProtectionLevel

type ProtectionLevel int32

ProtectionLevel[google.cloud.kms.v1.ProtectionLevel] specifies how cryptographic operations are performed. For more information, see [Protection levels] (https://cloud.google.com/kms/docs/algorithms#protection_levels).

const (
	// Not specified.
	ProtectionLevel_PROTECTION_LEVEL_UNSPECIFIED ProtectionLevel = 0
	// Crypto operations are performed in software.
	ProtectionLevel_SOFTWARE ProtectionLevel = 1
	// Crypto operations are performed in a Hardware Security Module.
	ProtectionLevel_HSM ProtectionLevel = 2
	// Crypto operations are performed by an external key manager.
	ProtectionLevel_EXTERNAL ProtectionLevel = 3
	// Crypto operations are performed in an EKM-over-VPC backend.
	ProtectionLevel_EXTERNAL_VPC ProtectionLevel = 4
)

func (ProtectionLevel) Descriptor

func (ProtectionLevel) Enum

func (x ProtectionLevel) Enum() *ProtectionLevel

func (ProtectionLevel) EnumDescriptor deprecated

func (ProtectionLevel) EnumDescriptor() ([]byte, []int)

Deprecated: Use ProtectionLevel.Descriptor instead.

func (ProtectionLevel) Number

func (ProtectionLevel) String

func (x ProtectionLevel) String() string

func (ProtectionLevel) Type

type PublicKey

type PublicKey struct {

	// The public key, encoded in PEM format. For more information, see the
	// [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for
	// [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and
	// [Textual Encoding of Subject Public Key Info]
	// (https://tools.ietf.org/html/rfc7468#section-13).
	Pem string `protobuf:"bytes,1,opt,name=pem,proto3" json:"pem,omitempty"`
	// The
	// [Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
	// associated with this key.
	Algorithm CryptoKeyVersion_CryptoKeyVersionAlgorithm `` /* 140-byte string literal not displayed */
	// Integrity verification field. A CRC32C checksum of the returned
	// [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem]. An integrity check of
	// [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem] can be performed by
	// computing the CRC32C checksum of
	// [PublicKey.pem][google.cloud.kms.v1.PublicKey.pem] and comparing your
	// results to this field. Discard the response in case of non-matching
	// checksum values, and perform a limited number of retries. A persistent
	// mismatch may indicate an issue in your computation of the CRC32C checksum.
	// Note: This field is defined as int64 for reasons of compatibility across
	// different languages. However, it is a non-negative integer, which will
	// never exceed 2^32-1, and can be safely downconverted to uint32 in languages
	// that support this type.
	//
	// NOTE: This field is in Beta.
	PemCrc32C *wrapperspb.Int64Value `protobuf:"bytes,3,opt,name=pem_crc32c,json=pemCrc32c,proto3" json:"pem_crc32c,omitempty"`
	// The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key.
	// Provided here for verification.
	//
	// NOTE: This field is in Beta.
	Name string `protobuf:"bytes,4,opt,name=name,proto3" json:"name,omitempty"`
	// The [ProtectionLevel][google.cloud.kms.v1.ProtectionLevel] of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key.
	ProtectionLevel ProtectionLevel `` /* 148-byte string literal not displayed */
	// contains filtered or unexported fields
}

The public key for a given CryptoKeyVersion[google.cloud.kms.v1.CryptoKeyVersion]. Obtained via [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].

func (*PublicKey) Descriptor deprecated

func (*PublicKey) Descriptor() ([]byte, []int)

Deprecated: Use PublicKey.ProtoReflect.Descriptor instead.

func (*PublicKey) GetAlgorithm

func (*PublicKey) GetName

func (x *PublicKey) GetName() string

func (*PublicKey) GetPem

func (x *PublicKey) GetPem() string

func (*PublicKey) GetPemCrc32C

func (x *PublicKey) GetPemCrc32C() *wrapperspb.Int64Value

func (*PublicKey) GetProtectionLevel

func (x *PublicKey) GetProtectionLevel() ProtectionLevel

func (*PublicKey) ProtoMessage

func (*PublicKey) ProtoMessage()

func (*PublicKey) ProtoReflect

func (x *PublicKey) ProtoReflect() protoreflect.Message

func (*PublicKey) Reset

func (x *PublicKey) Reset()

func (*PublicKey) String

func (x *PublicKey) String() string

type RestoreCryptoKeyVersionRequest

type RestoreCryptoKeyVersionRequest struct {

	// Required. The resource name of the
	// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to restore.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [KeyManagementService.RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion].

func (*RestoreCryptoKeyVersionRequest) Descriptor deprecated

func (*RestoreCryptoKeyVersionRequest) Descriptor() ([]byte, []int)

Deprecated: Use RestoreCryptoKeyVersionRequest.ProtoReflect.Descriptor instead.

func (*RestoreCryptoKeyVersionRequest) GetName

func (*RestoreCryptoKeyVersionRequest) ProtoMessage

func (*RestoreCryptoKeyVersionRequest) ProtoMessage()

func (*RestoreCryptoKeyVersionRequest) ProtoReflect

func (*RestoreCryptoKeyVersionRequest) Reset

func (x *RestoreCryptoKeyVersionRequest) Reset()

func (*RestoreCryptoKeyVersionRequest) String

type UnimplementedEkmServiceServer

type UnimplementedEkmServiceServer struct {
}

UnimplementedEkmServiceServer can be embedded to have forward compatible implementations.

func (*UnimplementedEkmServiceServer) CreateEkmConnection

func (*UnimplementedEkmServiceServer) GetEkmConnection

func (*UnimplementedEkmServiceServer) ListEkmConnections

func (*UnimplementedEkmServiceServer) UpdateEkmConnection

type UnimplementedKeyManagementServiceServer

type UnimplementedKeyManagementServiceServer struct {
}

UnimplementedKeyManagementServiceServer can be embedded to have forward compatible implementations.

func (*UnimplementedKeyManagementServiceServer) AsymmetricDecrypt

func (*UnimplementedKeyManagementServiceServer) AsymmetricSign

func (*UnimplementedKeyManagementServiceServer) CreateCryptoKey

func (*UnimplementedKeyManagementServiceServer) CreateCryptoKeyVersion

func (*UnimplementedKeyManagementServiceServer) CreateImportJob

func (*UnimplementedKeyManagementServiceServer) CreateKeyRing

func (*UnimplementedKeyManagementServiceServer) Decrypt

func (*UnimplementedKeyManagementServiceServer) DestroyCryptoKeyVersion

func (*UnimplementedKeyManagementServiceServer) Encrypt

func (*UnimplementedKeyManagementServiceServer) GenerateRandomBytes

func (*UnimplementedKeyManagementServiceServer) GetCryptoKey

func (*