asymmetricDecrypt(name, body=None, x__xgafv=None)
Decrypts data that was encrypted with a public key retrieved from
asymmetricSign(name, body=None, x__xgafv=None)
Signs data using a CryptoKeyVersion with CryptoKey.purpose
create(parent, body=None, x__xgafv=None)
Create a new CryptoKeyVersion in a CryptoKey.
destroy(name, body=None, x__xgafv=None)
Schedule a CryptoKeyVersion for destruction.
Returns metadata for a given CryptoKeyVersion.
getPublicKey(name, x__xgafv=None)
Returns the public key for the given CryptoKeyVersion. The
import_(parent, body=None, x__xgafv=None)
Imports a new CryptoKeyVersion into an existing CryptoKey using the
list(parent, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None, filter=None, view=None)
Lists CryptoKeyVersions.
list_next(previous_request, previous_response)
Retrieves the next page of results.
patch(name, body=None, updateMask=None, x__xgafv=None)
Update a CryptoKeyVersion's metadata.
restore(name, body=None, x__xgafv=None)
Restore a CryptoKeyVersion in the
asymmetricDecrypt(name, body=None, x__xgafv=None)
Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT. Args: name: string, Required. The resource name of the CryptoKeyVersion to use for decryption. (required) body: object, The request body. The object takes the form of: { # Request message for KeyManagementService.AsymmetricDecrypt. "ciphertext": "A String", # Required. The data encrypted with the named CryptoKeyVersion's public # key using OAEP. } x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # Response message for KeyManagementService.AsymmetricDecrypt. "plaintext": "A String", # The decrypted data originally encrypted with the matching public key. }
asymmetricSign(name, body=None, x__xgafv=None)
Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey. Args: name: string, Required. The resource name of the CryptoKeyVersion to use for signing. (required) body: object, The request body. The object takes the form of: { # Request message for KeyManagementService.AsymmetricSign. "digest": { # A Digest holds a cryptographic message digest. # Required. The digest of the data to sign. The digest must be produced with # the same digest algorithm as specified by the key version's # algorithm. "sha256": "A String", # A message digest produced with the SHA-256 algorithm. "sha512": "A String", # A message digest produced with the SHA-512 algorithm. "sha384": "A String", # A message digest produced with the SHA-384 algorithm. }, } x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # Response message for KeyManagementService.AsymmetricSign. "signature": "A String", # The created signature. }
create(parent, body=None, x__xgafv=None)
Create a new CryptoKeyVersion in a CryptoKey. The server will assign the next sequential id. If unset, state will be set to ENABLED. Args: parent: string, Required. The name of the CryptoKey associated with the CryptoKeyVersions. (required) body: object, The request body. The object takes the form of: { # A CryptoKeyVersion represents an individual cryptographic key, and the # associated key material. # # An ENABLED version can be # used for cryptographic operations. # # For security reasons, the raw cryptographic key material represented by a # CryptoKeyVersion can never be viewed or exported. It can only be used to # encrypt, decrypt, or sign data when an authorized user or application invokes # Cloud KMS. "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled # for destruction. Only present if state is # DESTROY_SCHEDULED. "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if # state is # IMPORT_FAILED. "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are # performed with this CryptoKeyVersion. "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key # creation time. Use this statement to verify attributes of the key as stored # on the HSM, independently of Google. Only provided for key versions with # protection_level HSM. # information, see [Verifying attestations] # (https://cloud.google.com/kms/docs/attest-key). "content": "A String", # Output only. The attestation data provided by the HSM when the key # operation was performed. "format": "A String", # Output only. The format of the attestation data. }, "state": "A String", # The current state of the CryptoKeyVersion. "importJob": "A String", # Output only. The name of the ImportJob used to import this # CryptoKeyVersion. Only present if the underlying key material was # imported. "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was # generated. "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material # was imported. "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this # CryptoKeyVersion supports. "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created. "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for # configuring a CryptoKeyVersion that are specific to the # EXTERNAL protection level. # configuring a CryptoKeyVersion that are specific to the # EXTERNAL protection level. "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents. }, "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was # destroyed. Only present if state is # DESTROYED. } x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # A CryptoKeyVersion represents an individual cryptographic key, and the # associated key material. # # An ENABLED version can be # used for cryptographic operations. # # For security reasons, the raw cryptographic key material represented by a # CryptoKeyVersion can never be viewed or exported. It can only be used to # encrypt, decrypt, or sign data when an authorized user or application invokes # Cloud KMS. "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled # for destruction. Only present if state is # DESTROY_SCHEDULED. "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if # state is # IMPORT_FAILED. "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are # performed with this CryptoKeyVersion. "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key # creation time. Use this statement to verify attributes of the key as stored # on the HSM, independently of Google. Only provided for key versions with # protection_level HSM. # information, see [Verifying attestations] # (https://cloud.google.com/kms/docs/attest-key). "content": "A String", # Output only. The attestation data provided by the HSM when the key # operation was performed. "format": "A String", # Output only. The format of the attestation data. }, "state": "A String", # The current state of the CryptoKeyVersion. "importJob": "A String", # Output only. The name of the ImportJob used to import this # CryptoKeyVersion. Only present if the underlying key material was # imported. "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was # generated. "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material # was imported. "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this # CryptoKeyVersion supports. "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created. "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for # configuring a CryptoKeyVersion that are specific to the # EXTERNAL protection level. # configuring a CryptoKeyVersion that are specific to the # EXTERNAL protection level. "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents. }, "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was # destroyed. Only present if state is # DESTROYED. }
destroy(name, body=None, x__xgafv=None)
Schedule a CryptoKeyVersion for destruction. Upon calling this method, CryptoKeyVersion.state will be set to DESTROY_SCHEDULED and destroy_time will be set to a time 24 hours in the future, at which point the state will be changed to DESTROYED, and the key material will be irrevocably destroyed. Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to reverse the process. Args: name: string, Required. The resource name of the CryptoKeyVersion to destroy. (required) body: object, The request body. The object takes the form of: { # Request message for KeyManagementService.DestroyCryptoKeyVersion. } x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # A CryptoKeyVersion represents an individual cryptographic key, and the # associated key material. # # An ENABLED version can be # used for cryptographic operations. # # For security reasons, the raw cryptographic key material represented by a # CryptoKeyVersion can never be viewed or exported. It can only be used to # encrypt, decrypt, or sign data when an authorized user or application invokes # Cloud KMS. "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled # for destruction. Only present if state is # DESTROY_SCHEDULED. "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if # state is # IMPORT_FAILED. "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are # performed with this CryptoKeyVersion. "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key # creation time. Use this statement to verify attributes of the key as stored # on the HSM, independently of Google. Only provided for key versions with # protection_level HSM. # information, see [Verifying attestations] # (https://cloud.google.com/kms/docs/attest-key). "content": "A String", # Output only. The attestation data provided by the HSM when the key # operation was performed. "format": "A String", # Output only. The format of the attestation data. }, "state": "A String", # The current state of the CryptoKeyVersion. "importJob": "A String", # Output only. The name of the ImportJob used to import this # CryptoKeyVersion. Only present if the underlying key material was # imported. "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was # generated. "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material # was imported. "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this # CryptoKeyVersion supports. "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created. "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for # configuring a CryptoKeyVersion that are specific to the # EXTERNAL protection level. # configuring a CryptoKeyVersion that are specific to the # EXTERNAL protection level. "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents. }, "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was # destroyed. Only present if state is # DESTROYED. }
get(name, x__xgafv=None)
Returns metadata for a given CryptoKeyVersion. Args: name: string, Required. The name of the CryptoKeyVersion to get. (required) x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # A CryptoKeyVersion represents an individual cryptographic key, and the # associated key material. # # An ENABLED version can be # used for cryptographic operations. # # For security reasons, the raw cryptographic key material represented by a # CryptoKeyVersion can never be viewed or exported. It can only be used to # encrypt, decrypt, or sign data when an authorized user or application invokes # Cloud KMS. "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled # for destruction. Only present if state is # DESTROY_SCHEDULED. "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if # state is # IMPORT_FAILED. "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are # performed with this CryptoKeyVersion. "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key # creation time. Use this statement to verify attributes of the key as stored # on the HSM, independently of Google. Only provided for key versions with # protection_level HSM. # information, see [Verifying attestations] # (https://cloud.google.com/kms/docs/attest-key). "content": "A String", # Output only. The attestation data provided by the HSM when the key # operation was performed. "format": "A String", # Output only. The format of the attestation data. }, "state": "A String", # The current state of the CryptoKeyVersion. "importJob": "A String", # Output only. The name of the ImportJob used to import this # CryptoKeyVersion. Only present if the underlying key material was # imported. "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was # generated. "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material # was imported. "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this # CryptoKeyVersion supports. "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created. "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for # configuring a CryptoKeyVersion that are specific to the # EXTERNAL protection level. # configuring a CryptoKeyVersion that are specific to the # EXTERNAL protection level. "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents. }, "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was # destroyed. Only present if state is # DESTROYED. }
getPublicKey(name, x__xgafv=None)
Returns the public key for the given CryptoKeyVersion. The CryptoKey.purpose must be ASYMMETRIC_SIGN or ASYMMETRIC_DECRYPT. Args: name: string, Required. The name of the CryptoKeyVersion public key to get. (required) x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # The public key for a given CryptoKeyVersion. Obtained via # GetPublicKey. "pem": "A String", # The public key, encoded in PEM format. For more information, see the # [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for # [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and # [Textual Encoding of Subject Public Key Info] # (https://tools.ietf.org/html/rfc7468#section-13). "algorithm": "A String", # The Algorithm associated # with this key. }
import_(parent, body=None, x__xgafv=None)
Imports a new CryptoKeyVersion into an existing CryptoKey using the wrapped key material provided in the request. The version ID will be assigned the next sequential id within the CryptoKey. Args: parent: string, Required. The name of the CryptoKey to be imported into. (required) body: object, The request body. The object takes the form of: { # Request message for KeyManagementService.ImportCryptoKeyVersion. "importJob": "A String", # Required. The name of the ImportJob that was used to # wrap this key material. "algorithm": "A String", # Required. The algorithm of # the key being imported. This does not need to match the # version_template of the CryptoKey this # version imports into. "rsaAesWrappedKey": "A String", # Wrapped key material produced with # RSA_OAEP_3072_SHA1_AES_256 # or # RSA_OAEP_4096_SHA1_AES_256. # # This field contains the concatenation of two wrapped keys: # <ol> # <li>An ephemeral AES-256 wrapping key wrapped with the # public_key using RSAES-OAEP with SHA-1, # MGF1 with SHA-1, and an empty label. # </li> # <li>The key to be imported, wrapped with the ephemeral AES-256 key # using AES-KWP (RFC 5649). # </li> # </ol> # # If importing symmetric key material, it is expected that the unwrapped # key contains plain bytes. If importing asymmetric key material, it is # expected that the unwrapped key is in PKCS#8-encoded DER format (the # PrivateKeyInfo structure from RFC 5208). # # This format is the same as the format produced by PKCS#11 mechanism # CKM_RSA_AES_KEY_WRAP. } x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # A CryptoKeyVersion represents an individual cryptographic key, and the # associated key material. # # An ENABLED version can be # used for cryptographic operations. # # For security reasons, the raw cryptographic key material represented by a # CryptoKeyVersion can never be viewed or exported. It can only be used to # encrypt, decrypt, or sign data when an authorized user or application invokes # Cloud KMS. "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled # for destruction. Only present if state is # DESTROY_SCHEDULED. "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if # state is # IMPORT_FAILED. "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are # performed with this CryptoKeyVersion. "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key # creation time. Use this statement to verify attributes of the key as stored # on the HSM, independently of Google. Only provided for key versions with # protection_level HSM. # information, see [Verifying attestations] # (https://cloud.google.com/kms/docs/attest-key). "content": "A String", # Output only. The attestation data provided by the HSM when the key # operation was performed. "format": "A String", # Output only. The format of the attestation data. }, "state": "A String", # The current state of the CryptoKeyVersion. "importJob": "A String", # Output only. The name of the ImportJob used to import this # CryptoKeyVersion. Only present if the underlying key material was # imported. "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was # generated. "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material # was imported. "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this # CryptoKeyVersion supports. "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created. "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for # configuring a CryptoKeyVersion that are specific to the # EXTERNAL protection level. # configuring a CryptoKeyVersion that are specific to the # EXTERNAL protection level. "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents. }, "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was # destroyed. Only present if state is # DESTROYED. }
list(parent, orderBy=None, pageSize=None, pageToken=None, x__xgafv=None, filter=None, view=None)
Lists CryptoKeyVersions. Args: parent: string, Required. The resource name of the CryptoKey to list, in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*`. (required) orderBy: string, Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering). pageSize: integer, Optional. Optional limit on the number of CryptoKeyVersions to include in the response. Further CryptoKeyVersions can subsequently be obtained by including the ListCryptoKeyVersionsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default. pageToken: string, Optional. Optional pagination token, returned earlier via ListCryptoKeyVersionsResponse.next_page_token. x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format filter: string, Optional. Only include resources that match the filter in the response. For more information, see [Sorting and filtering list results](https://cloud.google.com/kms/docs/sorting-and-filtering). view: string, The fields to include in the response. Returns: An object of the form: { # Response message for KeyManagementService.ListCryptoKeyVersions. "nextPageToken": "A String", # A token to retrieve next page of results. Pass this value in # ListCryptoKeyVersionsRequest.page_token to retrieve the next page of # results. "totalSize": 42, # The total number of CryptoKeyVersions that matched the # query. "cryptoKeyVersions": [ # The list of CryptoKeyVersions. { # A CryptoKeyVersion represents an individual cryptographic key, and the # associated key material. # # An ENABLED version can be # used for cryptographic operations. # # For security reasons, the raw cryptographic key material represented by a # CryptoKeyVersion can never be viewed or exported. It can only be used to # encrypt, decrypt, or sign data when an authorized user or application invokes # Cloud KMS. "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled # for destruction. Only present if state is # DESTROY_SCHEDULED. "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if # state is # IMPORT_FAILED. "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are # performed with this CryptoKeyVersion. "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key # creation time. Use this statement to verify attributes of the key as stored # on the HSM, independently of Google. Only provided for key versions with # protection_level HSM. # information, see [Verifying attestations] # (https://cloud.google.com/kms/docs/attest-key). "content": "A String", # Output only. The attestation data provided by the HSM when the key # operation was performed. "format": "A String", # Output only. The format of the attestation data. }, "state": "A String", # The current state of the CryptoKeyVersion. "importJob": "A String", # Output only. The name of the ImportJob used to import this # CryptoKeyVersion. Only present if the underlying key material was # imported. "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was # generated. "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material # was imported. "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this # CryptoKeyVersion supports. "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created. "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for # configuring a CryptoKeyVersion that are specific to the # EXTERNAL protection level. # configuring a CryptoKeyVersion that are specific to the # EXTERNAL protection level. "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents. }, "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was # destroyed. Only present if state is # DESTROYED. }, ], }
list_next(previous_request, previous_response)
Retrieves the next page of results. Args: previous_request: The request for the previous page. (required) previous_response: The response from the request for the previous page. (required) Returns: A request object that you can call 'execute()' on to request the next page. Returns None if there are no more items in the collection.
patch(name, body=None, updateMask=None, x__xgafv=None)
Update a CryptoKeyVersion's metadata. state may be changed between ENABLED and DISABLED using this method. See DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to move between other states. Args: name: string, Output only. The resource name for this CryptoKeyVersion in the format `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. (required) body: object, The request body. The object takes the form of: { # A CryptoKeyVersion represents an individual cryptographic key, and the # associated key material. # # An ENABLED version can be # used for cryptographic operations. # # For security reasons, the raw cryptographic key material represented by a # CryptoKeyVersion can never be viewed or exported. It can only be used to # encrypt, decrypt, or sign data when an authorized user or application invokes # Cloud KMS. "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled # for destruction. Only present if state is # DESTROY_SCHEDULED. "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if # state is # IMPORT_FAILED. "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are # performed with this CryptoKeyVersion. "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key # creation time. Use this statement to verify attributes of the key as stored # on the HSM, independently of Google. Only provided for key versions with # protection_level HSM. # information, see [Verifying attestations] # (https://cloud.google.com/kms/docs/attest-key). "content": "A String", # Output only. The attestation data provided by the HSM when the key # operation was performed. "format": "A String", # Output only. The format of the attestation data. }, "state": "A String", # The current state of the CryptoKeyVersion. "importJob": "A String", # Output only. The name of the ImportJob used to import this # CryptoKeyVersion. Only present if the underlying key material was # imported. "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was # generated. "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material # was imported. "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this # CryptoKeyVersion supports. "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created. "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for # configuring a CryptoKeyVersion that are specific to the # EXTERNAL protection level. # configuring a CryptoKeyVersion that are specific to the # EXTERNAL protection level. "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents. }, "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was # destroyed. Only present if state is # DESTROYED. } updateMask: string, Required. List of fields to be updated in this request. x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # A CryptoKeyVersion represents an individual cryptographic key, and the # associated key material. # # An ENABLED version can be # used for cryptographic operations. # # For security reasons, the raw cryptographic key material represented by a # CryptoKeyVersion can never be viewed or exported. It can only be used to # encrypt, decrypt, or sign data when an authorized user or application invokes # Cloud KMS. "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled # for destruction. Only present if state is # DESTROY_SCHEDULED. "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if # state is # IMPORT_FAILED. "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are # performed with this CryptoKeyVersion. "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key # creation time. Use this statement to verify attributes of the key as stored # on the HSM, independently of Google. Only provided for key versions with # protection_level HSM. # information, see [Verifying attestations] # (https://cloud.google.com/kms/docs/attest-key). "content": "A String", # Output only. The attestation data provided by the HSM when the key # operation was performed. "format": "A String", # Output only. The format of the attestation data. }, "state": "A String", # The current state of the CryptoKeyVersion. "importJob": "A String", # Output only. The name of the ImportJob used to import this # CryptoKeyVersion. Only present if the underlying key material was # imported. "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was # generated. "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material # was imported. "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this # CryptoKeyVersion supports. "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created. "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for # configuring a CryptoKeyVersion that are specific to the # EXTERNAL protection level. # configuring a CryptoKeyVersion that are specific to the # EXTERNAL protection level. "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents. }, "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was # destroyed. Only present if state is # DESTROYED. }
restore(name, body=None, x__xgafv=None)
Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state. Upon restoration of the CryptoKeyVersion, state will be set to DISABLED, and destroy_time will be cleared. Args: name: string, Required. The resource name of the CryptoKeyVersion to restore. (required) body: object, The request body. The object takes the form of: { # Request message for KeyManagementService.RestoreCryptoKeyVersion. } x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # A CryptoKeyVersion represents an individual cryptographic key, and the # associated key material. # # An ENABLED version can be # used for cryptographic operations. # # For security reasons, the raw cryptographic key material represented by a # CryptoKeyVersion can never be viewed or exported. It can only be used to # encrypt, decrypt, or sign data when an authorized user or application invokes # Cloud KMS. "destroyTime": "A String", # Output only. The time this CryptoKeyVersion's key material is scheduled # for destruction. Only present if state is # DESTROY_SCHEDULED. "importFailureReason": "A String", # Output only. The root cause of an import failure. Only present if # state is # IMPORT_FAILED. "name": "A String", # Output only. The resource name for this CryptoKeyVersion in the format # `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. "protectionLevel": "A String", # Output only. The ProtectionLevel describing how crypto operations are # performed with this CryptoKeyVersion. "attestation": { # Contains an HSM-generated attestation about a key operation. For more # Output only. Statement that was generated and signed by the HSM at key # creation time. Use this statement to verify attributes of the key as stored # on the HSM, independently of Google. Only provided for key versions with # protection_level HSM. # information, see [Verifying attestations] # (https://cloud.google.com/kms/docs/attest-key). "content": "A String", # Output only. The attestation data provided by the HSM when the key # operation was performed. "format": "A String", # Output only. The format of the attestation data. }, "state": "A String", # The current state of the CryptoKeyVersion. "importJob": "A String", # Output only. The name of the ImportJob used to import this # CryptoKeyVersion. Only present if the underlying key material was # imported. "generateTime": "A String", # Output only. The time this CryptoKeyVersion's key material was # generated. "importTime": "A String", # Output only. The time at which this CryptoKeyVersion's key material # was imported. "algorithm": "A String", # Output only. The CryptoKeyVersionAlgorithm that this # CryptoKeyVersion supports. "createTime": "A String", # Output only. The time at which this CryptoKeyVersion was created. "externalProtectionLevelOptions": { # ExternalProtectionLevelOptions stores a group of additional fields for # ExternalProtectionLevelOptions stores a group of additional fields for # configuring a CryptoKeyVersion that are specific to the # EXTERNAL protection level. # configuring a CryptoKeyVersion that are specific to the # EXTERNAL protection level. "externalKeyUri": "A String", # The URI for an external resource that this CryptoKeyVersion represents. }, "destroyEventTime": "A String", # Output only. The time this CryptoKeyVersion's key material was # destroyed. Only present if state is # DESTROYED. }