Class: Google::Cloud::Kms::V1::CryptoKey

Inherits:

Object

• Object
• Google::Cloud::Kms::V1::CryptoKey

Extended by:

Protobuf::MessageExts::ClassMethods

Includes:

Protobuf::MessageExts

Defined in:

proto_docs/google/cloud/kms/v1/resources.rb

Overview

A CryptoKey represents a logical key that can be used for cryptographic operations.

A CryptoKey is made up of zero or more versions, which represent the actual key material used in cryptographic operations.

Defined Under Namespace

Modules: CryptoKeyPurpose Classes: LabelsEntry

Instance Attribute Summary

• #create_time ⇒ ::Google::Protobuf::Timestamp readonly

  Output only.

• #crypto_key_backend ⇒ ::String

  Immutable.

• #destroy_scheduled_duration ⇒ ::Google::Protobuf::Duration

  Immutable.

• #import_only ⇒ ::Boolean

  Immutable.

• #key_access_justifications_policy ⇒ ::Google::Cloud::Kms::V1::KeyAccessJustificationsPolicy

  Optional.

• #labels ⇒ ::Google::Protobuf::Map{::String => ::String}

  Labels with user-defined metadata.

• #name ⇒ ::String readonly

  Output only.

• #next_rotation_time ⇒ ::Google::Protobuf::Timestamp

  At next_rotation_time, the Key Management Service will automatically:.

• #primary ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion readonly

  Output only.

• #purpose ⇒ ::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose

  Immutable.

• #rotation_period ⇒ ::Google::Protobuf::Duration

  next_rotation_time will be advanced by this period when the service automatically rotates a key.

• #version_template ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate

  A template describing settings for new CryptoKeyVersion instances.

Instance Attribute Details

#create_time ⇒ ::Google::Protobuf::Timestamp (readonly)

Returns Output only. The time at which this CryptoKey was created.

Returns:

• (::Google::Protobuf::Timestamp) —

  Output only. The time at which this CryptoKey was created.

# File 'proto_docs/google/cloud/kms/v1/resources.rb', line 159

class CryptoKey
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose CryptoKeyPurpose}
  # describes the cryptographic capabilities of a
  # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. A given key can only be used
  # for the operations allowed by its purpose. For more information, see [Key
  # purposes](https://cloud.google.com/kms/docs/algorithms#key_purposes).
  module CryptoKeyPurpose
    # Not specified.
    CRYPTO_KEY_PURPOSE_UNSPECIFIED = 0

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt} and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt Decrypt}.
    ENCRYPT_DECRYPT = 1

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_sign AsymmetricSign}
    # and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
    ASYMMETRIC_SIGN = 5

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_decrypt AsymmetricDecrypt}
    # and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
    ASYMMETRIC_DECRYPT = 6

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_encrypt RawEncrypt}
    # and {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_decrypt RawDecrypt}.
    # This purpose is meant to be used for interoperable symmetric
    # encryption and does not support automatic CryptoKey rotation.
    RAW_ENCRYPT_DECRYPT = 7

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign MacSign}.
    MAC = 9

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}
    # and {::Google::Cloud::Kms::V1::KeyManagementService::Client#decapsulate Decapsulate}.
    KEY_ENCAPSULATION = 10
  end
end

#crypto_key_backend ⇒ ::String

Returns Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Only applicable if CryptoKeyVersions have a ProtectionLevel of HSM_SINGLE_TENANT, with the resource name in the format projects/*/locations/*/singleTenantHsmInstances/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.

Returns:

• (::String) —

  Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Only applicable if CryptoKeyVersions have a ProtectionLevel of HSM_SINGLE_TENANT, with the resource name in the format projects/*/locations/*/singleTenantHsmInstances/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.

# File 'proto_docs/google/cloud/kms/v1/resources.rb', line 159

class CryptoKey
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose CryptoKeyPurpose}
  # describes the cryptographic capabilities of a
  # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. A given key can only be used
  # for the operations allowed by its purpose. For more information, see [Key
  # purposes](https://cloud.google.com/kms/docs/algorithms#key_purposes).
  module CryptoKeyPurpose
    # Not specified.
    CRYPTO_KEY_PURPOSE_UNSPECIFIED = 0

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt} and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt Decrypt}.
    ENCRYPT_DECRYPT = 1

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_sign AsymmetricSign}
    # and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
    ASYMMETRIC_SIGN = 5

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_decrypt AsymmetricDecrypt}
    # and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
    ASYMMETRIC_DECRYPT = 6

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_encrypt RawEncrypt}
    # and {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_decrypt RawDecrypt}.
    # This purpose is meant to be used for interoperable symmetric
    # encryption and does not support automatic CryptoKey rotation.
    RAW_ENCRYPT_DECRYPT = 7

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign MacSign}.
    MAC = 9

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}
    # and {::Google::Cloud::Kms::V1::KeyManagementService::Client#decapsulate Decapsulate}.
    KEY_ENCAPSULATION = 10
  end
end

#destroy_scheduled_duration ⇒ ::Google::Protobuf::Duration

Returns Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 30 days.

Returns:

• (::Google::Protobuf::Duration) —

  Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 30 days.

# File 'proto_docs/google/cloud/kms/v1/resources.rb', line 159

class CryptoKey
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose CryptoKeyPurpose}
  # describes the cryptographic capabilities of a
  # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. A given key can only be used
  # for the operations allowed by its purpose. For more information, see [Key
  # purposes](https://cloud.google.com/kms/docs/algorithms#key_purposes).
  module CryptoKeyPurpose
    # Not specified.
    CRYPTO_KEY_PURPOSE_UNSPECIFIED = 0

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt} and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt Decrypt}.
    ENCRYPT_DECRYPT = 1

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_sign AsymmetricSign}
    # and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
    ASYMMETRIC_SIGN = 5

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_decrypt AsymmetricDecrypt}
    # and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
    ASYMMETRIC_DECRYPT = 6

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_encrypt RawEncrypt}
    # and {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_decrypt RawDecrypt}.
    # This purpose is meant to be used for interoperable symmetric
    # encryption and does not support automatic CryptoKey rotation.
    RAW_ENCRYPT_DECRYPT = 7

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign MacSign}.
    MAC = 9

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}
    # and {::Google::Cloud::Kms::V1::KeyManagementService::Client#decapsulate Decapsulate}.
    KEY_ENCAPSULATION = 10
  end
end

#import_only ⇒ ::Boolean

Returns Immutable. Whether this key may contain imported versions only.

Returns:

• (::Boolean) —

  Immutable. Whether this key may contain imported versions only.

# File 'proto_docs/google/cloud/kms/v1/resources.rb', line 159

class CryptoKey
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose CryptoKeyPurpose}
  # describes the cryptographic capabilities of a
  # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. A given key can only be used
  # for the operations allowed by its purpose. For more information, see [Key
  # purposes](https://cloud.google.com/kms/docs/algorithms#key_purposes).
  module CryptoKeyPurpose
    # Not specified.
    CRYPTO_KEY_PURPOSE_UNSPECIFIED = 0

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt} and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt Decrypt}.
    ENCRYPT_DECRYPT = 1

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_sign AsymmetricSign}
    # and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
    ASYMMETRIC_SIGN = 5

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_decrypt AsymmetricDecrypt}
    # and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
    ASYMMETRIC_DECRYPT = 6

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_encrypt RawEncrypt}
    # and {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_decrypt RawDecrypt}.
    # This purpose is meant to be used for interoperable symmetric
    # encryption and does not support automatic CryptoKey rotation.
    RAW_ENCRYPT_DECRYPT = 7

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign MacSign}.
    MAC = 9

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}
    # and {::Google::Cloud::Kms::V1::KeyManagementService::Client#decapsulate Decapsulate}.
    KEY_ENCAPSULATION = 10
  end
end

#key_access_justifications_policy ⇒ ::Google::Cloud::Kms::V1::KeyAccessJustificationsPolicy

Returns Optional. The policy used for Key Access Justifications Policy Enforcement. If this field is present and this key is enrolled in Key Access Justifications Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if rejected by the policy. The policy is defined by specifying zero or more allowed justification codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes By default, this field is absent, and all justification codes are allowed. If the key_access_justifications_policy.allowed_access_reasons is empty (zero allowed justification code), all encrypt, decrypt, and sign operations will fail.

Returns:

• (::Google::Cloud::Kms::V1::KeyAccessJustificationsPolicy) —

  Optional. The policy used for Key Access Justifications Policy Enforcement. If this field is present and this key is enrolled in Key Access Justifications Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if rejected by the policy. The policy is defined by specifying zero or more allowed justification codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes By default, this field is absent, and all justification codes are allowed. If the key_access_justifications_policy.allowed_access_reasons is empty (zero allowed justification code), all encrypt, decrypt, and sign operations will fail.

# File 'proto_docs/google/cloud/kms/v1/resources.rb', line 159

class CryptoKey
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose CryptoKeyPurpose}
  # describes the cryptographic capabilities of a
  # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. A given key can only be used
  # for the operations allowed by its purpose. For more information, see [Key
  # purposes](https://cloud.google.com/kms/docs/algorithms#key_purposes).
  module CryptoKeyPurpose
    # Not specified.
    CRYPTO_KEY_PURPOSE_UNSPECIFIED = 0

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt} and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt Decrypt}.
    ENCRYPT_DECRYPT = 1

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_sign AsymmetricSign}
    # and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
    ASYMMETRIC_SIGN = 5

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_decrypt AsymmetricDecrypt}
    # and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
    ASYMMETRIC_DECRYPT = 6

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_encrypt RawEncrypt}
    # and {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_decrypt RawDecrypt}.
    # This purpose is meant to be used for interoperable symmetric
    # encryption and does not support automatic CryptoKey rotation.
    RAW_ENCRYPT_DECRYPT = 7

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign MacSign}.
    MAC = 9

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}
    # and {::Google::Cloud::Kms::V1::KeyManagementService::Client#decapsulate Decapsulate}.
    KEY_ENCAPSULATION = 10
  end
end

#labels ⇒ ::Google::Protobuf::Map{::String => ::String}

Returns Labels with user-defined metadata. For more information, see Labeling Keys.

Returns:

• (::Google::Protobuf::Map{::String => ::String}) —

  Labels with user-defined metadata. For more information, see Labeling Keys.

# File 'proto_docs/google/cloud/kms/v1/resources.rb', line 159

class CryptoKey
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose CryptoKeyPurpose}
  # describes the cryptographic capabilities of a
  # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. A given key can only be used
  # for the operations allowed by its purpose. For more information, see [Key
  # purposes](https://cloud.google.com/kms/docs/algorithms#key_purposes).
  module CryptoKeyPurpose
    # Not specified.
    CRYPTO_KEY_PURPOSE_UNSPECIFIED = 0

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt} and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt Decrypt}.
    ENCRYPT_DECRYPT = 1

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_sign AsymmetricSign}
    # and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
    ASYMMETRIC_SIGN = 5

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_decrypt AsymmetricDecrypt}
    # and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
    ASYMMETRIC_DECRYPT = 6

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_encrypt RawEncrypt}
    # and {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_decrypt RawDecrypt}.
    # This purpose is meant to be used for interoperable symmetric
    # encryption and does not support automatic CryptoKey rotation.
    RAW_ENCRYPT_DECRYPT = 7

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign MacSign}.
    MAC = 9

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}
    # and {::Google::Cloud::Kms::V1::KeyManagementService::Client#decapsulate Decapsulate}.
    KEY_ENCAPSULATION = 10
  end
end

#name ⇒ ::String (readonly)

Returns Output only. The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.

Returns:

• (::String) —

  Output only. The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.

# File 'proto_docs/google/cloud/kms/v1/resources.rb', line 159

class CryptoKey
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose CryptoKeyPurpose}
  # describes the cryptographic capabilities of a
  # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. A given key can only be used
  # for the operations allowed by its purpose. For more information, see [Key
  # purposes](https://cloud.google.com/kms/docs/algorithms#key_purposes).
  module CryptoKeyPurpose
    # Not specified.
    CRYPTO_KEY_PURPOSE_UNSPECIFIED = 0

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt} and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt Decrypt}.
    ENCRYPT_DECRYPT = 1

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_sign AsymmetricSign}
    # and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
    ASYMMETRIC_SIGN = 5

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_decrypt AsymmetricDecrypt}
    # and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
    ASYMMETRIC_DECRYPT = 6

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_encrypt RawEncrypt}
    # and {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_decrypt RawDecrypt}.
    # This purpose is meant to be used for interoperable symmetric
    # encryption and does not support automatic CryptoKey rotation.
    RAW_ENCRYPT_DECRYPT = 7

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign MacSign}.
    MAC = 9

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}
    # and {::Google::Cloud::Kms::V1::KeyManagementService::Client#decapsulate Decapsulate}.
    KEY_ENCAPSULATION = 10
  end
end

#next_rotation_time ⇒ ::Google::Protobuf::Timestamp

Returns At next_rotation_time, the Key Management Service will automatically:

1. Create a new version of this CryptoKey.
2. Mark the new version as primary.

Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time.

Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

Returns:

• (::Google::Protobuf::Timestamp) —

  At next_rotation_time, the Key Management Service will automatically:

  1. Create a new version of this CryptoKey.
  2. Mark the new version as primary.

  Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time.

  Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

# File 'proto_docs/google/cloud/kms/v1/resources.rb', line 159

class CryptoKey
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose CryptoKeyPurpose}
  # describes the cryptographic capabilities of a
  # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. A given key can only be used
  # for the operations allowed by its purpose. For more information, see [Key
  # purposes](https://cloud.google.com/kms/docs/algorithms#key_purposes).
  module CryptoKeyPurpose
    # Not specified.
    CRYPTO_KEY_PURPOSE_UNSPECIFIED = 0

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt} and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt Decrypt}.
    ENCRYPT_DECRYPT = 1

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_sign AsymmetricSign}
    # and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
    ASYMMETRIC_SIGN = 5

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_decrypt AsymmetricDecrypt}
    # and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
    ASYMMETRIC_DECRYPT = 6

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_encrypt RawEncrypt}
    # and {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_decrypt RawDecrypt}.
    # This purpose is meant to be used for interoperable symmetric
    # encryption and does not support automatic CryptoKey rotation.
    RAW_ENCRYPT_DECRYPT = 7

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign MacSign}.
    MAC = 9

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}
    # and {::Google::Cloud::Kms::V1::KeyManagementService::Client#decapsulate Decapsulate}.
    KEY_ENCAPSULATION = 10
  end
end

#primary ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion (readonly)

Returns Output only. A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name.

The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion.

Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

Returns:

• (::Google::Cloud::Kms::V1::CryptoKeyVersion) —

  Output only. A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name.

  The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion.

  Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

# File 'proto_docs/google/cloud/kms/v1/resources.rb', line 159

class CryptoKey
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose CryptoKeyPurpose}
  # describes the cryptographic capabilities of a
  # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. A given key can only be used
  # for the operations allowed by its purpose. For more information, see [Key
  # purposes](https://cloud.google.com/kms/docs/algorithms#key_purposes).
  module CryptoKeyPurpose
    # Not specified.
    CRYPTO_KEY_PURPOSE_UNSPECIFIED = 0

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt} and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt Decrypt}.
    ENCRYPT_DECRYPT = 1

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_sign AsymmetricSign}
    # and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
    ASYMMETRIC_SIGN = 5

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_decrypt AsymmetricDecrypt}
    # and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
    ASYMMETRIC_DECRYPT = 6

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_encrypt RawEncrypt}
    # and {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_decrypt RawDecrypt}.
    # This purpose is meant to be used for interoperable symmetric
    # encryption and does not support automatic CryptoKey rotation.
    RAW_ENCRYPT_DECRYPT = 7

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign MacSign}.
    MAC = 9

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}
    # and {::Google::Cloud::Kms::V1::KeyManagementService::Client#decapsulate Decapsulate}.
    KEY_ENCAPSULATION = 10
  end
end

#purpose ⇒ ::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose

Returns Immutable. The immutable purpose of this CryptoKey.

Returns:

• (::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose) —

  Immutable. The immutable purpose of this CryptoKey.

# File 'proto_docs/google/cloud/kms/v1/resources.rb', line 159

class CryptoKey
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose CryptoKeyPurpose}
  # describes the cryptographic capabilities of a
  # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. A given key can only be used
  # for the operations allowed by its purpose. For more information, see [Key
  # purposes](https://cloud.google.com/kms/docs/algorithms#key_purposes).
  module CryptoKeyPurpose
    # Not specified.
    CRYPTO_KEY_PURPOSE_UNSPECIFIED = 0

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt} and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt Decrypt}.
    ENCRYPT_DECRYPT = 1

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_sign AsymmetricSign}
    # and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
    ASYMMETRIC_SIGN = 5

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_decrypt AsymmetricDecrypt}
    # and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
    ASYMMETRIC_DECRYPT = 6

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_encrypt RawEncrypt}
    # and {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_decrypt RawDecrypt}.
    # This purpose is meant to be used for interoperable symmetric
    # encryption and does not support automatic CryptoKey rotation.
    RAW_ENCRYPT_DECRYPT = 7

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign MacSign}.
    MAC = 9

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}
    # and {::Google::Cloud::Kms::V1::KeyManagementService::Client#decapsulate Decapsulate}.
    KEY_ENCAPSULATION = 10
  end
end

#rotation_period ⇒ ::Google::Protobuf::Duration

Returns next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

If rotation_period is set, next_rotation_time must also be set.

Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

Returns:

• (::Google::Protobuf::Duration) —

  next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

  If rotation_period is set, next_rotation_time must also be set.

  Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

# File 'proto_docs/google/cloud/kms/v1/resources.rb', line 159

class CryptoKey
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose CryptoKeyPurpose}
  # describes the cryptographic capabilities of a
  # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. A given key can only be used
  # for the operations allowed by its purpose. For more information, see [Key
  # purposes](https://cloud.google.com/kms/docs/algorithms#key_purposes).
  module CryptoKeyPurpose
    # Not specified.
    CRYPTO_KEY_PURPOSE_UNSPECIFIED = 0

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt} and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt Decrypt}.
    ENCRYPT_DECRYPT = 1

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_sign AsymmetricSign}
    # and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
    ASYMMETRIC_SIGN = 5

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_decrypt AsymmetricDecrypt}
    # and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
    ASYMMETRIC_DECRYPT = 6

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_encrypt RawEncrypt}
    # and {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_decrypt RawDecrypt}.
    # This purpose is meant to be used for interoperable symmetric
    # encryption and does not support automatic CryptoKey rotation.
    RAW_ENCRYPT_DECRYPT = 7

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign MacSign}.
    MAC = 9

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}
    # and {::Google::Cloud::Kms::V1::KeyManagementService::Client#decapsulate Decapsulate}.
    KEY_ENCAPSULATION = 10
  end
end

#version_template ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate

Returns A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

Returns:

• (::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate) —

  A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

# File 'proto_docs/google/cloud/kms/v1/resources.rb', line 159

class CryptoKey
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::String]
  class LabelsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose CryptoKeyPurpose}
  # describes the cryptographic capabilities of a
  # {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. A given key can only be used
  # for the operations allowed by its purpose. For more information, see [Key
  # purposes](https://cloud.google.com/kms/docs/algorithms#key_purposes).
  module CryptoKeyPurpose
    # Not specified.
    CRYPTO_KEY_PURPOSE_UNSPECIFIED = 0

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt} and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt Decrypt}.
    ENCRYPT_DECRYPT = 1

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_sign AsymmetricSign}
    # and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
    ASYMMETRIC_SIGN = 5

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#asymmetric_decrypt AsymmetricDecrypt}
    # and
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.
    ASYMMETRIC_DECRYPT = 6

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_encrypt RawEncrypt}
    # and {::Google::Cloud::Kms::V1::KeyManagementService::Client#raw_decrypt RawDecrypt}.
    # This purpose is meant to be used for interoperable symmetric
    # encryption and does not support automatic CryptoKey rotation.
    RAW_ENCRYPT_DECRYPT = 7

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with {::Google::Cloud::Kms::V1::KeyManagementService::Client#mac_sign MacSign}.
    MAC = 9

    # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} with this purpose may be used
    # with
    # {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}
    # and {::Google::Cloud::Kms::V1::KeyManagementService::Client#decapsulate Decapsulate}.
    KEY_ENCAPSULATION = 10
  end
end