Cloud Key Management Service (KMS) API . projects . locations . keyRings . cryptoKeys . cryptoKeyVersions

Instance Methods

asymmetricDecrypt(name, body=None, x__xgafv=None)

Decrypts data that was encrypted with a public key retrieved from

asymmetricSign(name, body=None, x__xgafv=None)

Signs data using a CryptoKeyVersion with CryptoKey.purpose

create(parent, body=None, x__xgafv=None)

Create a new CryptoKeyVersion in a CryptoKey.

destroy(name, body=None, x__xgafv=None)

Schedule a CryptoKeyVersion for destruction.

get(name, x__xgafv=None)

Returns metadata for a given CryptoKeyVersion.

getPublicKey(name, x__xgafv=None)

Returns the public key for the given CryptoKeyVersion. The

import_(parent, body=None, x__xgafv=None)

Imports a new CryptoKeyVersion into an existing CryptoKey using the

list(parent, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None, filter=None, view=None)

Lists CryptoKeyVersions.

list_next(previous_request, previous_response)

Retrieves the next page of results.

patch(name, body=None, updateMask=None, x__xgafv=None)

Update a CryptoKeyVersion's metadata.

restore(name, body=None, x__xgafv=None)

Restore a CryptoKeyVersion in the

Method Details

asymmetricDecrypt(name, body=None, x__xgafv=None)
Decrypts data that was encrypted with a public key retrieved from
GetPublicKey corresponding to a CryptoKeyVersion with
CryptoKey.purpose ASYMMETRIC_DECRYPT.

Args:
  name: string, Required. The resource name of the CryptoKeyVersion to use for
decryption. (required)
  body: object, The request body.
    The object takes the form of:

{ # Request message for KeyManagementService.AsymmetricDecrypt.
    "ciphertext": "A String", # Required. The data encrypted with the named CryptoKeyVersion's public
        # key using OAEP.
  }

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # Response message for KeyManagementService.AsymmetricDecrypt.
    "plaintext": "A String", # The decrypted data originally encrypted with the matching public key.
  }
asymmetricSign(name, body=None, x__xgafv=None)
Signs data using a CryptoKeyVersion with CryptoKey.purpose
ASYMMETRIC_SIGN, producing a signature that can be verified with the public
key retrieved from GetPublicKey.

Args:
  name: string, Required. The resource name of the CryptoKeyVersion to use for signing. (required)
  body: object, The request body.
    The object takes the form of:

{ # Request message for KeyManagementService.AsymmetricSign.
    "digest": { # A Digest holds a cryptographic message digest. # Required. The digest of the data to sign. The digest must be produced with
        # the same digest algorithm as specified by the key version's
        # algorithm.
      "sha256": "A String", # A message digest produced with the SHA-256 algorithm.
      "sha512": "A String", # A message digest produced with the SHA-512 algorithm.
      "sha384": "A String", # A message digest produced with the SHA-384 algorithm.
    },
  }

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # Response message for KeyManagementService.AsymmetricSign.
    "signature": "A String", # The created signature.
  }
create(parent, body=None, x__xgafv=None)
Create a new CryptoKeyVersion in a CryptoKey.

The server will assign the next sequential id. If unset,
state will be set to
ENABLED.

Args:
  parent: string, Required. The name of the CryptoKey associated with
the CryptoKeyVersions. (required)
  body: object, The request body.
    The object takes the form of:

{ # A CryptoKeyVersion represents an individual cryptographic key, and the
    # associated key material.
    # 
    # An ENABLED version can be
    # used for cryptographic operations.
    # 
    # For security reasons, the raw cryptographic key material represented by a
    # CryptoKeyVersion can never be viewed or exported. It can only be used to
    # encrypt, decrypt, or sign data when an authorized user or application invokes
    # Cloud KMS.
  "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
      # for destruction. Only present if state is
      # DESTROY_SCHEDULED.
  "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if
      # state is
      # IMPORT_FAILED.
  "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
      # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
  "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
      # performed with this CryptoKeyVersion.
  "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
      # creation time. Use this statement to verify attributes of the key as stored
      # on the HSM, independently of Google. Only provided for key versions with
      # protection_level HSM.
      # information, see [Verifying attestations]
      # (https://cloud.google.com/kms/docs/attest-key).
    "content": "A String", # Output only. The attestation data provided by the HSM when the key
        # operation was performed.
    "format": "A String", # Output only. The format of the attestation data.
  },
  "state": "A String", # The current state of the CryptoKeyVersion.
  "importJob": "A String", # Output only. The name of the ImportJob used to import this
      # CryptoKeyVersion. Only present if the underlying key material was
      # imported.
  "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
      # generated.
  "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material
      # was imported.
  "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
      # CryptoKeyVersion supports.
  "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
  "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
      # configuring a CryptoKeyVersion that are specific to the
      # EXTERNAL protection level.
      # configuring a CryptoKeyVersion that are specific to the
      # EXTERNAL protection level.
    "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents.
  },
  "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
      # destroyed. Only present if state is
      # DESTROYED.
}

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A CryptoKeyVersion represents an individual cryptographic key, and the
      # associated key material.
      #
      # An ENABLED version can be
      # used for cryptographic operations.
      #
      # For security reasons, the raw cryptographic key material represented by a
      # CryptoKeyVersion can never be viewed or exported. It can only be used to
      # encrypt, decrypt, or sign data when an authorized user or application invokes
      # Cloud KMS.
    "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
        # for destruction. Only present if state is
        # DESTROY_SCHEDULED.
    "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if
        # state is
        # IMPORT_FAILED.
    "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
        # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
    "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
        # performed with this CryptoKeyVersion.
    "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
        # creation time. Use this statement to verify attributes of the key as stored
        # on the HSM, independently of Google. Only provided for key versions with
        # protection_level HSM.
        # information, see [Verifying attestations]
        # (https://cloud.google.com/kms/docs/attest-key).
      "content": "A String", # Output only. The attestation data provided by the HSM when the key
          # operation was performed.
      "format": "A String", # Output only. The format of the attestation data.
    },
    "state": "A String", # The current state of the CryptoKeyVersion.
    "importJob": "A String", # Output only. The name of the ImportJob used to import this
        # CryptoKeyVersion. Only present if the underlying key material was
        # imported.
    "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
        # generated.
    "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material
        # was imported.
    "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
        # CryptoKeyVersion supports.
    "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
    "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
        # configuring a CryptoKeyVersion that are specific to the
        # EXTERNAL protection level.
        # configuring a CryptoKeyVersion that are specific to the
        # EXTERNAL protection level.
      "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents.
    },
    "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
        # destroyed. Only present if state is
        # DESTROYED.
  }
destroy(name, body=None, x__xgafv=None)
Schedule a CryptoKeyVersion for destruction.

Upon calling this method, CryptoKeyVersion.state will be set to
DESTROY_SCHEDULED
and destroy_time will be set to a time 24
hours in the future, at which point the state
will be changed to
DESTROYED, and the key
material will be irrevocably destroyed.

Before the destroy_time is reached,
RestoreCryptoKeyVersion may be called to reverse the process.

Args:
  name: string, Required. The resource name of the CryptoKeyVersion to destroy. (required)
  body: object, The request body.
    The object takes the form of:

{ # Request message for KeyManagementService.DestroyCryptoKeyVersion.
  }

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A CryptoKeyVersion represents an individual cryptographic key, and the
      # associated key material.
      #
      # An ENABLED version can be
      # used for cryptographic operations.
      #
      # For security reasons, the raw cryptographic key material represented by a
      # CryptoKeyVersion can never be viewed or exported. It can only be used to
      # encrypt, decrypt, or sign data when an authorized user or application invokes
      # Cloud KMS.
    "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
        # for destruction. Only present if state is
        # DESTROY_SCHEDULED.
    "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if
        # state is
        # IMPORT_FAILED.
    "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
        # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
    "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
        # performed with this CryptoKeyVersion.
    "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
        # creation time. Use this statement to verify attributes of the key as stored
        # on the HSM, independently of Google. Only provided for key versions with
        # protection_level HSM.
        # information, see [Verifying attestations]
        # (https://cloud.google.com/kms/docs/attest-key).
      "content": "A String", # Output only. The attestation data provided by the HSM when the key
          # operation was performed.
      "format": "A String", # Output only. The format of the attestation data.
    },
    "state": "A String", # The current state of the CryptoKeyVersion.
    "importJob": "A String", # Output only. The name of the ImportJob used to import this
        # CryptoKeyVersion. Only present if the underlying key material was
        # imported.
    "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
        # generated.
    "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material
        # was imported.
    "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
        # CryptoKeyVersion supports.
    "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
    "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
        # configuring a CryptoKeyVersion that are specific to the
        # EXTERNAL protection level.
        # configuring a CryptoKeyVersion that are specific to the
        # EXTERNAL protection level.
      "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents.
    },
    "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
        # destroyed. Only present if state is
        # DESTROYED.
  }
get(name, x__xgafv=None)
Returns metadata for a given CryptoKeyVersion.

Args:
  name: string, Required. The name of the CryptoKeyVersion to get. (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A CryptoKeyVersion represents an individual cryptographic key, and the
      # associated key material.
      #
      # An ENABLED version can be
      # used for cryptographic operations.
      #
      # For security reasons, the raw cryptographic key material represented by a
      # CryptoKeyVersion can never be viewed or exported. It can only be used to
      # encrypt, decrypt, or sign data when an authorized user or application invokes
      # Cloud KMS.
    "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
        # for destruction. Only present if state is
        # DESTROY_SCHEDULED.
    "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if
        # state is
        # IMPORT_FAILED.
    "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
        # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
    "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
        # performed with this CryptoKeyVersion.
    "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
        # creation time. Use this statement to verify attributes of the key as stored
        # on the HSM, independently of Google. Only provided for key versions with
        # protection_level HSM.
        # information, see [Verifying attestations]
        # (https://cloud.google.com/kms/docs/attest-key).
      "content": "A String", # Output only. The attestation data provided by the HSM when the key
          # operation was performed.
      "format": "A String", # Output only. The format of the attestation data.
    },
    "state": "A String", # The current state of the CryptoKeyVersion.
    "importJob": "A String", # Output only. The name of the ImportJob used to import this
        # CryptoKeyVersion. Only present if the underlying key material was
        # imported.
    "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
        # generated.
    "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material
        # was imported.
    "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
        # CryptoKeyVersion supports.
    "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
    "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
        # configuring a CryptoKeyVersion that are specific to the
        # EXTERNAL protection level.
        # configuring a CryptoKeyVersion that are specific to the
        # EXTERNAL protection level.
      "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents.
    },
    "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
        # destroyed. Only present if state is
        # DESTROYED.
  }
getPublicKey(name, x__xgafv=None)
Returns the public key for the given CryptoKeyVersion. The
CryptoKey.purpose must be
ASYMMETRIC_SIGN or
ASYMMETRIC_DECRYPT.

Args:
  name: string, Required. The name of the CryptoKeyVersion public key to
get. (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # The public key for a given CryptoKeyVersion. Obtained via
      # GetPublicKey.
    "pem": "A String", # The public key, encoded in PEM format. For more information, see the
        # [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for
        # [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and
        # [Textual Encoding of Subject Public Key Info]
        # (https://tools.ietf.org/html/rfc7468#section-13).
    "algorithm": "A String", # The Algorithm associated
        # with this key.
  }
import_(parent, body=None, x__xgafv=None)
Imports a new CryptoKeyVersion into an existing CryptoKey using the
wrapped key material provided in the request.

The version ID will be assigned the next sequential id within the
CryptoKey.

Args:
  parent: string, Required. The name of the CryptoKey to
be imported into. (required)
  body: object, The request body.
    The object takes the form of:

{ # Request message for KeyManagementService.ImportCryptoKeyVersion.
    "importJob": "A String", # Required. The name of the ImportJob that was used to
        # wrap this key material.
    "algorithm": "A String", # Required. The algorithm of
        # the key being imported. This does not need to match the
        # version_template of the CryptoKey this
        # version imports into.
    "rsaAesWrappedKey": "A String", # Wrapped key material produced with
        # RSA_OAEP_3072_SHA1_AES_256
        # or
        # RSA_OAEP_4096_SHA1_AES_256.
        # 
        # This field contains the concatenation of two wrapped keys:
        # <ol>
        #   <li>An ephemeral AES-256 wrapping key wrapped with the
        #       public_key using RSAES-OAEP with SHA-1,
        #       MGF1 with SHA-1, and an empty label.
        #   </li>
        #   <li>The key to be imported, wrapped with the ephemeral AES-256 key
        #       using AES-KWP (RFC 5649).
        #   </li>
        # </ol>
        # 
        # If importing symmetric key material, it is expected that the unwrapped
        # key contains plain bytes. If importing asymmetric key material, it is
        # expected that the unwrapped key is in PKCS#8-encoded DER format (the
        # PrivateKeyInfo structure from RFC 5208).
        # 
        # This format is the same as the format produced by PKCS#11 mechanism
        # CKM_RSA_AES_KEY_WRAP.
  }

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A CryptoKeyVersion represents an individual cryptographic key, and the
      # associated key material.
      #
      # An ENABLED version can be
      # used for cryptographic operations.
      #
      # For security reasons, the raw cryptographic key material represented by a
      # CryptoKeyVersion can never be viewed or exported. It can only be used to
      # encrypt, decrypt, or sign data when an authorized user or application invokes
      # Cloud KMS.
    "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
        # for destruction. Only present if state is
        # DESTROY_SCHEDULED.
    "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if
        # state is
        # IMPORT_FAILED.
    "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
        # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
    "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
        # performed with this CryptoKeyVersion.
    "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
        # creation time. Use this statement to verify attributes of the key as stored
        # on the HSM, independently of Google. Only provided for key versions with
        # protection_level HSM.
        # information, see [Verifying attestations]
        # (https://cloud.google.com/kms/docs/attest-key).
      "content": "A String", # Output only. The attestation data provided by the HSM when the key
          # operation was performed.
      "format": "A String", # Output only. The format of the attestation data.
    },
    "state": "A String", # The current state of the CryptoKeyVersion.
    "importJob": "A String", # Output only. The name of the ImportJob used to import this
        # CryptoKeyVersion. Only present if the underlying key material was
        # imported.
    "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
        # generated.
    "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material
        # was imported.
    "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
        # CryptoKeyVersion supports.
    "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
    "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
        # configuring a CryptoKeyVersion that are specific to the
        # EXTERNAL protection level.
        # configuring a CryptoKeyVersion that are specific to the
        # EXTERNAL protection level.
      "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents.
    },
    "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
        # destroyed. Only present if state is
        # DESTROYED.
  }
list(parent, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None, filter=None, view=None)
Lists CryptoKeyVersions.

Args:
  parent: string, Required. The resource name of the CryptoKey to list, in the format
`projects/*/locations/*/keyRings/*/cryptoKeys/*`. (required)
  orderBy: string, Optional. Specify how the results should be sorted. If not specified, the
results will be sorted in the default order. For more information, see
[Sorting and filtering list
results](https://cloud.google.com/kms/docs/sorting-and-filtering).
  pageSize: integer, Optional. Optional limit on the number of CryptoKeyVersions to
include in the response. Further CryptoKeyVersions can
subsequently be obtained by including the
ListCryptoKeyVersionsResponse.next_page_token in a subsequent request.
If unspecified, the server will pick an appropriate default.
  pageToken: string, Optional. Optional pagination token, returned earlier via
ListCryptoKeyVersionsResponse.next_page_token.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format
  filter: string, Optional. Only include resources that match the filter in the response. For
more information, see
[Sorting and filtering list
results](https://cloud.google.com/kms/docs/sorting-and-filtering).
  view: string, The fields to include in the response.

Returns:
  An object of the form:

    { # Response message for KeyManagementService.ListCryptoKeyVersions.
    "nextPageToken": "A String", # A token to retrieve next page of results. Pass this value in
        # ListCryptoKeyVersionsRequest.page_token to retrieve the next page of
        # results.
    "totalSize": 42, # The total number of CryptoKeyVersions that matched the
        # query.
    "cryptoKeyVersions": [ # The list of CryptoKeyVersions.
      { # A CryptoKeyVersion represents an individual cryptographic key, and the
          # associated key material.
          #
          # An ENABLED version can be
          # used for cryptographic operations.
          #
          # For security reasons, the raw cryptographic key material represented by a
          # CryptoKeyVersion can never be viewed or exported. It can only be used to
          # encrypt, decrypt, or sign data when an authorized user or application invokes
          # Cloud KMS.
        "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
            # for destruction. Only present if state is
            # DESTROY_SCHEDULED.
        "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if
            # state is
            # IMPORT_FAILED.
        "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
            # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
        "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
            # performed with this CryptoKeyVersion.
        "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
            # creation time. Use this statement to verify attributes of the key as stored
            # on the HSM, independently of Google. Only provided for key versions with
            # protection_level HSM.
            # information, see [Verifying attestations]
            # (https://cloud.google.com/kms/docs/attest-key).
          "content": "A String", # Output only. The attestation data provided by the HSM when the key
              # operation was performed.
          "format": "A String", # Output only. The format of the attestation data.
        },
        "state": "A String", # The current state of the CryptoKeyVersion.
        "importJob": "A String", # Output only. The name of the ImportJob used to import this
            # CryptoKeyVersion. Only present if the underlying key material was
            # imported.
        "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
            # generated.
        "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material
            # was imported.
        "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
            # CryptoKeyVersion supports.
        "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
        "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
            # configuring a CryptoKeyVersion that are specific to the
            # EXTERNAL protection level.
            # configuring a CryptoKeyVersion that are specific to the
            # EXTERNAL protection level.
          "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents.
        },
        "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
            # destroyed. Only present if state is
            # DESTROYED.
      },
    ],
  }
list_next(previous_request, previous_response)
Retrieves the next page of results.

Args:
  previous_request: The request for the previous page. (required)
  previous_response: The response from the request for the previous page. (required)

Returns:
  A request object that you can call 'execute()' on to request the next
  page. Returns None if there are no more items in the collection.
    
patch(name, body=None, updateMask=None, x__xgafv=None)
Update a CryptoKeyVersion's metadata.

state may be changed between
ENABLED and
DISABLED using this
method. See DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to
move between other states.

Args:
  name: string, Output only. The resource name for this CryptoKeyVersion in the format
`projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. (required)
  body: object, The request body.
    The object takes the form of:

{ # A CryptoKeyVersion represents an individual cryptographic key, and the
    # associated key material.
    # 
    # An ENABLED version can be
    # used for cryptographic operations.
    # 
    # For security reasons, the raw cryptographic key material represented by a
    # CryptoKeyVersion can never be viewed or exported. It can only be used to
    # encrypt, decrypt, or sign data when an authorized user or application invokes
    # Cloud KMS.
  "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
      # for destruction. Only present if state is
      # DESTROY_SCHEDULED.
  "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if
      # state is
      # IMPORT_FAILED.
  "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
      # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
  "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
      # performed with this CryptoKeyVersion.
  "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
      # creation time. Use this statement to verify attributes of the key as stored
      # on the HSM, independently of Google. Only provided for key versions with
      # protection_level HSM.
      # information, see [Verifying attestations]
      # (https://cloud.google.com/kms/docs/attest-key).
    "content": "A String", # Output only. The attestation data provided by the HSM when the key
        # operation was performed.
    "format": "A String", # Output only. The format of the attestation data.
  },
  "state": "A String", # The current state of the CryptoKeyVersion.
  "importJob": "A String", # Output only. The name of the ImportJob used to import this
      # CryptoKeyVersion. Only present if the underlying key material was
      # imported.
  "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
      # generated.
  "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material
      # was imported.
  "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
      # CryptoKeyVersion supports.
  "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
  "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
      # configuring a CryptoKeyVersion that are specific to the
      # EXTERNAL protection level.
      # configuring a CryptoKeyVersion that are specific to the
      # EXTERNAL protection level.
    "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents.
  },
  "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
      # destroyed. Only present if state is
      # DESTROYED.
}

  updateMask: string, Required. List of fields to be updated in this request.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A CryptoKeyVersion represents an individual cryptographic key, and the
      # associated key material.
      #
      # An ENABLED version can be
      # used for cryptographic operations.
      #
      # For security reasons, the raw cryptographic key material represented by a
      # CryptoKeyVersion can never be viewed or exported. It can only be used to
      # encrypt, decrypt, or sign data when an authorized user or application invokes
      # Cloud KMS.
    "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
        # for destruction. Only present if state is
        # DESTROY_SCHEDULED.
    "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if
        # state is
        # IMPORT_FAILED.
    "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
        # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
    "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
        # performed with this CryptoKeyVersion.
    "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
        # creation time. Use this statement to verify attributes of the key as stored
        # on the HSM, independently of Google. Only provided for key versions with
        # protection_level HSM.
        # information, see [Verifying attestations]
        # (https://cloud.google.com/kms/docs/attest-key).
      "content": "A String", # Output only. The attestation data provided by the HSM when the key
          # operation was performed.
      "format": "A String", # Output only. The format of the attestation data.
    },
    "state": "A String", # The current state of the CryptoKeyVersion.
    "importJob": "A String", # Output only. The name of the ImportJob used to import this
        # CryptoKeyVersion. Only present if the underlying key material was
        # imported.
    "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
        # generated.
    "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material
        # was imported.
    "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
        # CryptoKeyVersion supports.
    "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
    "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
        # configuring a CryptoKeyVersion that are specific to the
        # EXTERNAL protection level.
        # configuring a CryptoKeyVersion that are specific to the
        # EXTERNAL protection level.
      "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents.
    },
    "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
        # destroyed. Only present if state is
        # DESTROYED.
  }
restore(name, body=None, x__xgafv=None)
Restore a CryptoKeyVersion in the
DESTROY_SCHEDULED
state.

Upon restoration of the CryptoKeyVersion, state
will be set to DISABLED,
and destroy_time will be cleared.

Args:
  name: string, Required. The resource name of the CryptoKeyVersion to restore. (required)
  body: object, The request body.
    The object takes the form of:

{ # Request message for KeyManagementService.RestoreCryptoKeyVersion.
  }

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A CryptoKeyVersion represents an individual cryptographic key, and the
      # associated key material.
      #
      # An ENABLED version can be
      # used for cryptographic operations.
      #
      # For security reasons, the raw cryptographic key material represented by a
      # CryptoKeyVersion can never be viewed or exported. It can only be used to
      # encrypt, decrypt, or sign data when an authorized user or application invokes
      # Cloud KMS.
    "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled
        # for destruction. Only present if state is
        # DESTROY_SCHEDULED.
    "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if
        # state is
        # IMPORT_FAILED.
    "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format
        # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`.
    "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are
        # performed with this CryptoKeyVersion.
    "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key
        # creation time. Use this statement to verify attributes of the key as stored
        # on the HSM, independently of Google. Only provided for key versions with
        # protection_level HSM.
        # information, see [Verifying attestations]
        # (https://cloud.google.com/kms/docs/attest-key).
      "content": "A String", # Output only. The attestation data provided by the HSM when the key
          # operation was performed.
      "format": "A String", # Output only. The format of the attestation data.
    },
    "state": "A String", # The current state of the CryptoKeyVersion.
    "importJob": "A String", # Output only. The name of the ImportJob used to import this
        # CryptoKeyVersion. Only present if the underlying key material was
        # imported.
    "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
        # generated.
    "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material
        # was imported.
    "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this
        # CryptoKeyVersion supports.
    "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created.
    "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for
        # configuring a CryptoKeyVersion that are specific to the
        # EXTERNAL protection level.
        # configuring a CryptoKeyVersion that are specific to the
        # EXTERNAL protection level.
      "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents.
    },
    "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was
        # destroyed. Only present if state is
        # DESTROYED.
  }