1. Packages
  2. Google Cloud Native
  3. API Docs
  4. cloudkms
  5. cloudkms/v1
  6. CryptoKey

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.31.1 published on Thursday, Jul 20, 2023 by Pulumi

google-native.cloudkms/v1.CryptoKey

Explore with Pulumi AI

google-native logo

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.31.1 published on Thursday, Jul 20, 2023 by Pulumi

    Create a new CryptoKey within a KeyRing. CryptoKey.purpose and CryptoKey.version_template.algorithm are required. Note - this resource’s API doesn’t support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

    Create CryptoKey Resource

    new CryptoKey(name: string, args: CryptoKeyArgs, opts?: CustomResourceOptions);
    @overload
    def CryptoKey(resource_name: str,
                  opts: Optional[ResourceOptions] = None,
                  crypto_key_backend: Optional[str] = None,
                  crypto_key_id: Optional[str] = None,
                  destroy_scheduled_duration: Optional[str] = None,
                  import_only: Optional[bool] = None,
                  key_ring_id: Optional[str] = None,
                  labels: Optional[Mapping[str, str]] = None,
                  location: Optional[str] = None,
                  next_rotation_time: Optional[str] = None,
                  project: Optional[str] = None,
                  purpose: Optional[CryptoKeyPurpose] = None,
                  rotation_period: Optional[str] = None,
                  skip_initial_version_creation: Optional[bool] = None,
                  version_template: Optional[CryptoKeyVersionTemplateArgs] = None)
    @overload
    def CryptoKey(resource_name: str,
                  args: CryptoKeyArgs,
                  opts: Optional[ResourceOptions] = None)
    func NewCryptoKey(ctx *Context, name string, args CryptoKeyArgs, opts ...ResourceOption) (*CryptoKey, error)
    public CryptoKey(string name, CryptoKeyArgs args, CustomResourceOptions? opts = null)
    public CryptoKey(String name, CryptoKeyArgs args)
    public CryptoKey(String name, CryptoKeyArgs args, CustomResourceOptions options)
    
    type: google-native:cloudkms/v1:CryptoKey
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args CryptoKeyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args CryptoKeyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args CryptoKeyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args CryptoKeyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args CryptoKeyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    CryptoKey Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The CryptoKey resource accepts the following input properties:

    KeyRingId string
    CryptoKeyBackend string

    Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.

    CryptoKeyId string

    Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

    DestroyScheduledDuration string

    Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.

    ImportOnly bool

    Immutable. Whether this key may contain imported versions only.

    Labels Dictionary<string, string>

    Labels with user-defined metadata. For more information, see Labeling Keys.

    Location string
    NextRotationTime string

    At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

    Project string
    Purpose Pulumi.GoogleNative.Cloudkms.V1.CryptoKeyPurpose

    Immutable. The immutable purpose of this CryptoKey.

    RotationPeriod string

    next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

    SkipInitialVersionCreation bool

    If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.

    VersionTemplate Pulumi.GoogleNative.Cloudkms.V1.Inputs.CryptoKeyVersionTemplate

    A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

    KeyRingId string
    CryptoKeyBackend string

    Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.

    CryptoKeyId string

    Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

    DestroyScheduledDuration string

    Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.

    ImportOnly bool

    Immutable. Whether this key may contain imported versions only.

    Labels map[string]string

    Labels with user-defined metadata. For more information, see Labeling Keys.

    Location string
    NextRotationTime string

    At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

    Project string
    Purpose CryptoKeyPurpose

    Immutable. The immutable purpose of this CryptoKey.

    RotationPeriod string

    next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

    SkipInitialVersionCreation bool

    If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.

    VersionTemplate CryptoKeyVersionTemplateArgs

    A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

    keyRingId String
    cryptoKeyBackend String

    Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.

    cryptoKeyId String

    Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

    destroyScheduledDuration String

    Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.

    importOnly Boolean

    Immutable. Whether this key may contain imported versions only.

    labels Map<String,String>

    Labels with user-defined metadata. For more information, see Labeling Keys.

    location String
    nextRotationTime String

    At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

    project String
    purpose CryptoKeyPurpose

    Immutable. The immutable purpose of this CryptoKey.

    rotationPeriod String

    next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

    skipInitialVersionCreation Boolean

    If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.

    versionTemplate CryptoKeyVersionTemplate

    A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

    keyRingId string
    cryptoKeyBackend string

    Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.

    cryptoKeyId string

    Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

    destroyScheduledDuration string

    Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.

    importOnly boolean

    Immutable. Whether this key may contain imported versions only.

    labels {[key: string]: string}

    Labels with user-defined metadata. For more information, see Labeling Keys.

    location string
    nextRotationTime string

    At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

    project string
    purpose CryptoKeyPurpose

    Immutable. The immutable purpose of this CryptoKey.

    rotationPeriod string

    next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

    skipInitialVersionCreation boolean

    If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.

    versionTemplate CryptoKeyVersionTemplate

    A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

    key_ring_id str
    crypto_key_backend str

    Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.

    crypto_key_id str

    Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

    destroy_scheduled_duration str

    Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.

    import_only bool

    Immutable. Whether this key may contain imported versions only.

    labels Mapping[str, str]

    Labels with user-defined metadata. For more information, see Labeling Keys.

    location str
    next_rotation_time str

    At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

    project str
    purpose CryptoKeyPurpose

    Immutable. The immutable purpose of this CryptoKey.

    rotation_period str

    next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

    skip_initial_version_creation bool

    If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.

    version_template CryptoKeyVersionTemplateArgs

    A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

    keyRingId String
    cryptoKeyBackend String

    Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.

    cryptoKeyId String

    Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

    destroyScheduledDuration String

    Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.

    importOnly Boolean

    Immutable. Whether this key may contain imported versions only.

    labels Map<String>

    Labels with user-defined metadata. For more information, see Labeling Keys.

    location String
    nextRotationTime String

    At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

    project String
    purpose "CRYPTO_KEY_PURPOSE_UNSPECIFIED" | "ENCRYPT_DECRYPT" | "ASYMMETRIC_SIGN" | "ASYMMETRIC_DECRYPT" | "MAC"

    Immutable. The immutable purpose of this CryptoKey.

    rotationPeriod String

    next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

    skipInitialVersionCreation Boolean

    If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.

    versionTemplate Property Map

    A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the CryptoKey resource produces the following output properties:

    CreateTime string

    The time at which this CryptoKey was created.

    Id string

    The provider-assigned unique ID for this managed resource.

    Name string

    The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.

    Primary Pulumi.GoogleNative.Cloudkms.V1.Outputs.CryptoKeyVersionResponse

    A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

    CreateTime string

    The time at which this CryptoKey was created.

    Id string

    The provider-assigned unique ID for this managed resource.

    Name string

    The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.

    Primary CryptoKeyVersionResponse

    A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

    createTime String

    The time at which this CryptoKey was created.

    id String

    The provider-assigned unique ID for this managed resource.

    name String

    The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.

    primary CryptoKeyVersionResponse

    A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

    createTime string

    The time at which this CryptoKey was created.

    id string

    The provider-assigned unique ID for this managed resource.

    name string

    The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.

    primary CryptoKeyVersionResponse

    A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

    create_time str

    The time at which this CryptoKey was created.

    id str

    The provider-assigned unique ID for this managed resource.

    name str

    The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.

    primary CryptoKeyVersionResponse

    A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

    createTime String

    The time at which this CryptoKey was created.

    id String

    The provider-assigned unique ID for this managed resource.

    name String

    The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.

    primary Property Map

    A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

    Supporting Types

    CertificateChainsResponse, CertificateChainsResponseArgs

    CaviumCerts List<string>

    Cavium certificate chain corresponding to the attestation.

    GoogleCardCerts List<string>

    Google card certificate chain corresponding to the attestation.

    GooglePartitionCerts List<string>

    Google partition certificate chain corresponding to the attestation.

    CaviumCerts []string

    Cavium certificate chain corresponding to the attestation.

    GoogleCardCerts []string

    Google card certificate chain corresponding to the attestation.

    GooglePartitionCerts []string

    Google partition certificate chain corresponding to the attestation.

    caviumCerts List<String>

    Cavium certificate chain corresponding to the attestation.

    googleCardCerts List<String>

    Google card certificate chain corresponding to the attestation.

    googlePartitionCerts List<String>

    Google partition certificate chain corresponding to the attestation.

    caviumCerts string[]

    Cavium certificate chain corresponding to the attestation.

    googleCardCerts string[]

    Google card certificate chain corresponding to the attestation.

    googlePartitionCerts string[]

    Google partition certificate chain corresponding to the attestation.

    cavium_certs Sequence[str]

    Cavium certificate chain corresponding to the attestation.

    google_card_certs Sequence[str]

    Google card certificate chain corresponding to the attestation.

    google_partition_certs Sequence[str]

    Google partition certificate chain corresponding to the attestation.

    caviumCerts List<String>

    Cavium certificate chain corresponding to the attestation.

    googleCardCerts List<String>

    Google card certificate chain corresponding to the attestation.

    googlePartitionCerts List<String>

    Google partition certificate chain corresponding to the attestation.

    CryptoKeyPurpose, CryptoKeyPurposeArgs

    CryptoKeyPurposeUnspecified
    CRYPTO_KEY_PURPOSE_UNSPECIFIED

    Not specified.

    EncryptDecrypt
    ENCRYPT_DECRYPT

    CryptoKeys with this purpose may be used with Encrypt and Decrypt.

    AsymmetricSign
    ASYMMETRIC_SIGN

    CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.

    AsymmetricDecrypt
    ASYMMETRIC_DECRYPT

    CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.

    Mac
    MAC

    CryptoKeys with this purpose may be used with MacSign.

    CryptoKeyPurposeCryptoKeyPurposeUnspecified
    CRYPTO_KEY_PURPOSE_UNSPECIFIED

    Not specified.

    CryptoKeyPurposeEncryptDecrypt
    ENCRYPT_DECRYPT

    CryptoKeys with this purpose may be used with Encrypt and Decrypt.

    CryptoKeyPurposeAsymmetricSign
    ASYMMETRIC_SIGN

    CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.

    CryptoKeyPurposeAsymmetricDecrypt
    ASYMMETRIC_DECRYPT

    CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.

    CryptoKeyPurposeMac
    MAC

    CryptoKeys with this purpose may be used with MacSign.

    CryptoKeyPurposeUnspecified
    CRYPTO_KEY_PURPOSE_UNSPECIFIED

    Not specified.

    EncryptDecrypt
    ENCRYPT_DECRYPT

    CryptoKeys with this purpose may be used with Encrypt and Decrypt.

    AsymmetricSign
    ASYMMETRIC_SIGN

    CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.

    AsymmetricDecrypt
    ASYMMETRIC_DECRYPT

    CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.

    Mac
    MAC

    CryptoKeys with this purpose may be used with MacSign.

    CryptoKeyPurposeUnspecified
    CRYPTO_KEY_PURPOSE_UNSPECIFIED

    Not specified.

    EncryptDecrypt
    ENCRYPT_DECRYPT

    CryptoKeys with this purpose may be used with Encrypt and Decrypt.

    AsymmetricSign
    ASYMMETRIC_SIGN

    CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.

    AsymmetricDecrypt
    ASYMMETRIC_DECRYPT

    CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.

    Mac
    MAC

    CryptoKeys with this purpose may be used with MacSign.

    CRYPTO_KEY_PURPOSE_UNSPECIFIED
    CRYPTO_KEY_PURPOSE_UNSPECIFIED

    Not specified.

    ENCRYPT_DECRYPT
    ENCRYPT_DECRYPT

    CryptoKeys with this purpose may be used with Encrypt and Decrypt.

    ASYMMETRIC_SIGN
    ASYMMETRIC_SIGN

    CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.

    ASYMMETRIC_DECRYPT
    ASYMMETRIC_DECRYPT

    CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.

    MAC
    MAC

    CryptoKeys with this purpose may be used with MacSign.

    "CRYPTO_KEY_PURPOSE_UNSPECIFIED"
    CRYPTO_KEY_PURPOSE_UNSPECIFIED

    Not specified.

    "ENCRYPT_DECRYPT"
    ENCRYPT_DECRYPT

    CryptoKeys with this purpose may be used with Encrypt and Decrypt.

    "ASYMMETRIC_SIGN"
    ASYMMETRIC_SIGN

    CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.

    "ASYMMETRIC_DECRYPT"
    ASYMMETRIC_DECRYPT

    CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.

    "MAC"
    MAC

    CryptoKeys with this purpose may be used with MacSign.

    CryptoKeyVersionResponse, CryptoKeyVersionResponseArgs

    Algorithm string

    The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

    Attestation Pulumi.GoogleNative.Cloudkms.V1.Inputs.KeyOperationAttestationResponse

    Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.

    CreateTime string

    The time at which this CryptoKeyVersion was created.

    DestroyEventTime string

    The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.

    DestroyTime string

    The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.

    ExternalDestructionFailureReason string

    The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.

    ExternalProtectionLevelOptions Pulumi.GoogleNative.Cloudkms.V1.Inputs.ExternalProtectionLevelOptionsResponse

    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.

    GenerateTime string

    The time this CryptoKeyVersion's key material was generated.

    GenerationFailureReason string

    The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.

    ImportFailureReason string

    The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.

    ImportJob string

    The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.

    ImportTime string

    The time at which this CryptoKeyVersion's key material was most recently imported.

    Name string

    The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.

    ProtectionLevel string

    The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.

    ReimportEligible bool

    Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.

    State string

    The current state of the CryptoKeyVersion.

    Algorithm string

    The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

    Attestation KeyOperationAttestationResponse

    Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.

    CreateTime string

    The time at which this CryptoKeyVersion was created.

    DestroyEventTime string

    The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.

    DestroyTime string

    The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.

    ExternalDestructionFailureReason string

    The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.

    ExternalProtectionLevelOptions ExternalProtectionLevelOptionsResponse

    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.

    GenerateTime string

    The time this CryptoKeyVersion's key material was generated.

    GenerationFailureReason string

    The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.

    ImportFailureReason string

    The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.

    ImportJob string

    The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.

    ImportTime string

    The time at which this CryptoKeyVersion's key material was most recently imported.

    Name string

    The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.

    ProtectionLevel string

    The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.

    ReimportEligible bool

    Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.

    State string

    The current state of the CryptoKeyVersion.

    algorithm String

    The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

    attestation KeyOperationAttestationResponse

    Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.

    createTime String

    The time at which this CryptoKeyVersion was created.

    destroyEventTime String

    The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.

    destroyTime String

    The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.

    externalDestructionFailureReason String

    The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.

    externalProtectionLevelOptions ExternalProtectionLevelOptionsResponse

    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.

    generateTime String

    The time this CryptoKeyVersion's key material was generated.

    generationFailureReason String

    The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.

    importFailureReason String

    The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.

    importJob String

    The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.

    importTime String

    The time at which this CryptoKeyVersion's key material was most recently imported.

    name String

    The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.

    protectionLevel String

    The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.

    reimportEligible Boolean

    Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.

    state String

    The current state of the CryptoKeyVersion.

    algorithm string

    The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

    attestation KeyOperationAttestationResponse

    Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.

    createTime string

    The time at which this CryptoKeyVersion was created.

    destroyEventTime string

    The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.

    destroyTime string

    The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.

    externalDestructionFailureReason string

    The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.

    externalProtectionLevelOptions ExternalProtectionLevelOptionsResponse

    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.

    generateTime string

    The time this CryptoKeyVersion's key material was generated.

    generationFailureReason string

    The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.

    importFailureReason string

    The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.

    importJob string

    The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.

    importTime string

    The time at which this CryptoKeyVersion's key material was most recently imported.

    name string

    The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.

    protectionLevel string

    The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.

    reimportEligible boolean

    Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.

    state string

    The current state of the CryptoKeyVersion.

    algorithm str

    The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

    attestation KeyOperationAttestationResponse

    Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.

    create_time str

    The time at which this CryptoKeyVersion was created.

    destroy_event_time str

    The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.

    destroy_time str

    The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.

    external_destruction_failure_reason str

    The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.

    external_protection_level_options ExternalProtectionLevelOptionsResponse

    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.

    generate_time str

    The time this CryptoKeyVersion's key material was generated.

    generation_failure_reason str

    The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.

    import_failure_reason str

    The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.

    import_job str

    The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.

    import_time str

    The time at which this CryptoKeyVersion's key material was most recently imported.

    name str

    The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.

    protection_level str

    The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.

    reimport_eligible bool

    Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.

    state str

    The current state of the CryptoKeyVersion.

    algorithm String

    The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

    attestation Property Map

    Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.

    createTime String

    The time at which this CryptoKeyVersion was created.

    destroyEventTime String

    The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.

    destroyTime String

    The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.

    externalDestructionFailureReason String

    The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.

    externalProtectionLevelOptions Property Map

    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.

    generateTime String

    The time this CryptoKeyVersion's key material was generated.

    generationFailureReason String

    The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.

    importFailureReason String

    The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.

    importJob String

    The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.

    importTime String

    The time at which this CryptoKeyVersion's key material was most recently imported.

    name String

    The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.

    protectionLevel String

    The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.

    reimportEligible Boolean

    Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.

    state String

    The current state of the CryptoKeyVersion.

    CryptoKeyVersionTemplate, CryptoKeyVersionTemplateArgs

    Algorithm Pulumi.GoogleNative.Cloudkms.V1.CryptoKeyVersionTemplateAlgorithm

    Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

    ProtectionLevel Pulumi.GoogleNative.Cloudkms.V1.CryptoKeyVersionTemplateProtectionLevel

    ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

    Algorithm CryptoKeyVersionTemplateAlgorithm

    Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

    ProtectionLevel CryptoKeyVersionTemplateProtectionLevel

    ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

    algorithm CryptoKeyVersionTemplateAlgorithm

    Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

    protectionLevel CryptoKeyVersionTemplateProtectionLevel

    ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

    algorithm CryptoKeyVersionTemplateAlgorithm

    Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

    protectionLevel CryptoKeyVersionTemplateProtectionLevel

    ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

    algorithm CryptoKeyVersionTemplateAlgorithm

    Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

    protection_level CryptoKeyVersionTemplateProtectionLevel

    ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

    algorithm "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" | "GOOGLE_SYMMETRIC_ENCRYPTION" | "RSA_SIGN_PSS_2048_SHA256" | "RSA_SIGN_PSS_3072_SHA256" | "RSA_SIGN_PSS_4096_SHA256" | "RSA_SIGN_PSS_4096_SHA512" | "RSA_SIGN_PKCS1_2048_SHA256" | "RSA_SIGN_PKCS1_3072_SHA256" | "RSA_SIGN_PKCS1_4096_SHA256" | "RSA_SIGN_PKCS1_4096_SHA512" | "RSA_SIGN_RAW_PKCS1_2048" | "RSA_SIGN_RAW_PKCS1_3072" | "RSA_SIGN_RAW_PKCS1_4096" | "RSA_DECRYPT_OAEP_2048_SHA256" | "RSA_DECRYPT_OAEP_3072_SHA256" | "RSA_DECRYPT_OAEP_4096_SHA256" | "RSA_DECRYPT_OAEP_4096_SHA512" | "RSA_DECRYPT_OAEP_2048_SHA1" | "RSA_DECRYPT_OAEP_3072_SHA1" | "RSA_DECRYPT_OAEP_4096_SHA1" | "EC_SIGN_P256_SHA256" | "EC_SIGN_P384_SHA384" | "EC_SIGN_SECP256K1_SHA256" | "HMAC_SHA256" | "HMAC_SHA1" | "HMAC_SHA384" | "HMAC_SHA512" | "HMAC_SHA224" | "EXTERNAL_SYMMETRIC_ENCRYPTION"

    Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

    protectionLevel "PROTECTION_LEVEL_UNSPECIFIED" | "SOFTWARE" | "HSM" | "EXTERNAL" | "EXTERNAL_VPC"

    ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

    CryptoKeyVersionTemplateAlgorithm, CryptoKeyVersionTemplateAlgorithmArgs

    CryptoKeyVersionAlgorithmUnspecified
    CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED

    Not specified.

    GoogleSymmetricEncryption
    GOOGLE_SYMMETRIC_ENCRYPTION

    Creates symmetric encryption keys.

    RsaSignPss2048Sha256
    RSA_SIGN_PSS_2048_SHA256

    RSASSA-PSS 2048 bit key with a SHA256 digest.

    RsaSignPss3072Sha256
    RSA_SIGN_PSS_3072_SHA256

    RSASSA-PSS 3072 bit key with a SHA256 digest.

    RsaSignPss4096Sha256
    RSA_SIGN_PSS_4096_SHA256

    RSASSA-PSS 4096 bit key with a SHA256 digest.

    RsaSignPss4096Sha512
    RSA_SIGN_PSS_4096_SHA512

    RSASSA-PSS 4096 bit key with a SHA512 digest.

    RsaSignPkcs12048Sha256
    RSA_SIGN_PKCS1_2048_SHA256

    RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

    RsaSignPkcs13072Sha256
    RSA_SIGN_PKCS1_3072_SHA256

    RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

    RsaSignPkcs14096Sha256
    RSA_SIGN_PKCS1_4096_SHA256

    RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

    RsaSignPkcs14096Sha512
    RSA_SIGN_PKCS1_4096_SHA512

    RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

    RsaSignRawPkcs12048
    RSA_SIGN_RAW_PKCS1_2048

    RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.

    RsaSignRawPkcs13072
    RSA_SIGN_RAW_PKCS1_3072

    RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.

    RsaSignRawPkcs14096
    RSA_SIGN_RAW_PKCS1_4096

    RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.

    RsaDecryptOaep2048Sha256
    RSA_DECRYPT_OAEP_2048_SHA256

    RSAES-OAEP 2048 bit key with a SHA256 digest.

    RsaDecryptOaep3072Sha256
    RSA_DECRYPT_OAEP_3072_SHA256

    RSAES-OAEP 3072 bit key with a SHA256 digest.

    RsaDecryptOaep4096Sha256
    RSA_DECRYPT_OAEP_4096_SHA256

    RSAES-OAEP 4096 bit key with a SHA256 digest.

    RsaDecryptOaep4096Sha512
    RSA_DECRYPT_OAEP_4096_SHA512

    RSAES-OAEP 4096 bit key with a SHA512 digest.

    RsaDecryptOaep2048Sha1
    RSA_DECRYPT_OAEP_2048_SHA1

    RSAES-OAEP 2048 bit key with a SHA1 digest.

    RsaDecryptOaep3072Sha1
    RSA_DECRYPT_OAEP_3072_SHA1

    RSAES-OAEP 3072 bit key with a SHA1 digest.

    RsaDecryptOaep4096Sha1
    RSA_DECRYPT_OAEP_4096_SHA1

    RSAES-OAEP 4096 bit key with a SHA1 digest.

    EcSignP256Sha256
    EC_SIGN_P256_SHA256

    ECDSA on the NIST P-256 curve with a SHA256 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

    EcSignP384Sha384
    EC_SIGN_P384_SHA384

    ECDSA on the NIST P-384 curve with a SHA384 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

    EcSignSecp256k1Sha256
    EC_SIGN_SECP256K1_SHA256

    ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

    HmacSha256
    HMAC_SHA256

    HMAC-SHA256 signing with a 256 bit key.

    HmacSha1
    HMAC_SHA1

    HMAC-SHA1 signing with a 160 bit key.

    HmacSha384
    HMAC_SHA384

    HMAC-SHA384 signing with a 384 bit key.

    HmacSha512
    HMAC_SHA512

    HMAC-SHA512 signing with a 512 bit key.

    HmacSha224
    HMAC_SHA224

    HMAC-SHA224 signing with a 224 bit key.

    ExternalSymmetricEncryption
    EXTERNAL_SYMMETRIC_ENCRYPTION

    Algorithm representing symmetric encryption by an external key manager.

    CryptoKeyVersionTemplateAlgorithmCryptoKeyVersionAlgorithmUnspecified
    CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED

    Not specified.

    CryptoKeyVersionTemplateAlgorithmGoogleSymmetricEncryption
    GOOGLE_SYMMETRIC_ENCRYPTION

    Creates symmetric encryption keys.

    CryptoKeyVersionTemplateAlgorithmRsaSignPss2048Sha256
    RSA_SIGN_PSS_2048_SHA256

    RSASSA-PSS 2048 bit key with a SHA256 digest.

    CryptoKeyVersionTemplateAlgorithmRsaSignPss3072Sha256
    RSA_SIGN_PSS_3072_SHA256

    RSASSA-PSS 3072 bit key with a SHA256 digest.

    CryptoKeyVersionTemplateAlgorithmRsaSignPss4096Sha256
    RSA_SIGN_PSS_4096_SHA256

    RSASSA-PSS 4096 bit key with a SHA256 digest.

    CryptoKeyVersionTemplateAlgorithmRsaSignPss4096Sha512
    RSA_SIGN_PSS_4096_SHA512

    RSASSA-PSS 4096 bit key with a SHA512 digest.

    CryptoKeyVersionTemplateAlgorithmRsaSignPkcs12048Sha256
    RSA_SIGN_PKCS1_2048_SHA256

    RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

    CryptoKeyVersionTemplateAlgorithmRsaSignPkcs13072Sha256
    RSA_SIGN_PKCS1_3072_SHA256

    RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

    CryptoKeyVersionTemplateAlgorithmRsaSignPkcs14096Sha256
    RSA_SIGN_PKCS1_4096_SHA256

    RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

    CryptoKeyVersionTemplateAlgorithmRsaSignPkcs14096Sha512
    RSA_SIGN_PKCS1_4096_SHA512

    RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

    CryptoKeyVersionTemplateAlgorithmRsaSignRawPkcs12048
    RSA_SIGN_RAW_PKCS1_2048

    RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.

    CryptoKeyVersionTemplateAlgorithmRsaSignRawPkcs13072
    RSA_SIGN_RAW_PKCS1_3072

    RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.

    CryptoKeyVersionTemplateAlgorithmRsaSignRawPkcs14096
    RSA_SIGN_RAW_PKCS1_4096

    RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.

    CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep2048Sha256
    RSA_DECRYPT_OAEP_2048_SHA256

    RSAES-OAEP 2048 bit key with a SHA256 digest.

    CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep3072Sha256
    RSA_DECRYPT_OAEP_3072_SHA256

    RSAES-OAEP 3072 bit key with a SHA256 digest.

    CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep4096Sha256
    RSA_DECRYPT_OAEP_4096_SHA256

    RSAES-OAEP 4096 bit key with a SHA256 digest.

    CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep4096Sha512
    RSA_DECRYPT_OAEP_4096_SHA512

    RSAES-OAEP 4096 bit key with a SHA512 digest.

    CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep2048Sha1
    RSA_DECRYPT_OAEP_2048_SHA1

    RSAES-OAEP 2048 bit key with a SHA1 digest.

    CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep3072Sha1
    RSA_DECRYPT_OAEP_3072_SHA1

    RSAES-OAEP 3072 bit key with a SHA1 digest.

    CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep4096Sha1
    RSA_DECRYPT_OAEP_4096_SHA1

    RSAES-OAEP 4096 bit key with a SHA1 digest.

    CryptoKeyVersionTemplateAlgorithmEcSignP256Sha256
    EC_SIGN_P256_SHA256

    ECDSA on the NIST P-256 curve with a SHA256 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

    CryptoKeyVersionTemplateAlgorithmEcSignP384Sha384
    EC_SIGN_P384_SHA384

    ECDSA on the NIST P-384 curve with a SHA384 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

    CryptoKeyVersionTemplateAlgorithmEcSignSecp256k1Sha256
    EC_SIGN_SECP256K1_SHA256

    ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

    CryptoKeyVersionTemplateAlgorithmHmacSha256
    HMAC_SHA256

    HMAC-SHA256 signing with a 256 bit key.

    CryptoKeyVersionTemplateAlgorithmHmacSha1
    HMAC_SHA1

    HMAC-SHA1 signing with a 160 bit key.

    CryptoKeyVersionTemplateAlgorithmHmacSha384
    HMAC_SHA384

    HMAC-SHA384 signing with a 384 bit key.

    CryptoKeyVersionTemplateAlgorithmHmacSha512
    HMAC_SHA512

    HMAC-SHA512 signing with a 512 bit key.

    CryptoKeyVersionTemplateAlgorithmHmacSha224
    HMAC_SHA224

    HMAC-SHA224 signing with a 224 bit key.

    CryptoKeyVersionTemplateAlgorithmExternalSymmetricEncryption
    EXTERNAL_SYMMETRIC_ENCRYPTION

    Algorithm representing symmetric encryption by an external key manager.

    CryptoKeyVersionAlgorithmUnspecified
    CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED

    Not specified.

    GoogleSymmetricEncryption
    GOOGLE_SYMMETRIC_ENCRYPTION

    Creates symmetric encryption keys.

    RsaSignPss2048Sha256
    RSA_SIGN_PSS_2048_SHA256

    RSASSA-PSS 2048 bit key with a SHA256 digest.

    RsaSignPss3072Sha256
    RSA_SIGN_PSS_3072_SHA256

    RSASSA-PSS 3072 bit key with a SHA256 digest.

    RsaSignPss4096Sha256
    RSA_SIGN_PSS_4096_SHA256

    RSASSA-PSS 4096 bit key with a SHA256 digest.

    RsaSignPss4096Sha512
    RSA_SIGN_PSS_4096_SHA512

    RSASSA-PSS 4096 bit key with a SHA512 digest.

    RsaSignPkcs12048Sha256
    RSA_SIGN_PKCS1_2048_SHA256

    RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

    RsaSignPkcs13072Sha256
    RSA_SIGN_PKCS1_3072_SHA256

    RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

    RsaSignPkcs14096Sha256
    RSA_SIGN_PKCS1_4096_SHA256

    RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

    RsaSignPkcs14096Sha512
    RSA_SIGN_PKCS1_4096_SHA512

    RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

    RsaSignRawPkcs12048
    RSA_SIGN_RAW_PKCS1_2048

    RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.

    RsaSignRawPkcs13072
    RSA_SIGN_RAW_PKCS1_3072

    RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.

    RsaSignRawPkcs14096
    RSA_SIGN_RAW_PKCS1_4096

    RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.

    RsaDecryptOaep2048Sha256
    RSA_DECRYPT_OAEP_2048_SHA256

    RSAES-OAEP 2048 bit key with a SHA256 digest.

    RsaDecryptOaep3072Sha256
    RSA_DECRYPT_OAEP_3072_SHA256

    RSAES-OAEP 3072 bit key with a SHA256 digest.

    RsaDecryptOaep4096Sha256
    RSA_DECRYPT_OAEP_4096_SHA256

    RSAES-OAEP 4096 bit key with a SHA256 digest.

    RsaDecryptOaep4096Sha512
    RSA_DECRYPT_OAEP_4096_SHA512

    RSAES-OAEP 4096 bit key with a SHA512 digest.

    RsaDecryptOaep2048Sha1
    RSA_DECRYPT_OAEP_2048_SHA1

    RSAES-OAEP 2048 bit key with a SHA1 digest.

    RsaDecryptOaep3072Sha1
    RSA_DECRYPT_OAEP_3072_SHA1

    RSAES-OAEP 3072 bit key with a SHA1 digest.

    RsaDecryptOaep4096Sha1
    RSA_DECRYPT_OAEP_4096_SHA1

    RSAES-OAEP 4096 bit key with a SHA1 digest.

    EcSignP256Sha256
    EC_SIGN_P256_SHA256

    ECDSA on the NIST P-256 curve with a SHA256 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

    EcSignP384Sha384
    EC_SIGN_P384_SHA384

    ECDSA on the NIST P-384 curve with a SHA384 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

    EcSignSecp256k1Sha256
    EC_SIGN_SECP256K1_SHA256

    ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

    HmacSha256
    HMAC_SHA256

    HMAC-SHA256 signing with a 256 bit key.

    HmacSha1
    HMAC_SHA1

    HMAC-SHA1 signing with a 160 bit key.

    HmacSha384
    HMAC_SHA384

    HMAC-SHA384 signing with a 384 bit key.

    HmacSha512
    HMAC_SHA512

    HMAC-SHA512 signing with a 512 bit key.

    HmacSha224
    HMAC_SHA224

    HMAC-SHA224 signing with a 224 bit key.

    ExternalSymmetricEncryption
    EXTERNAL_SYMMETRIC_ENCRYPTION

    Algorithm representing symmetric encryption by an external key manager.

    CryptoKeyVersionAlgorithmUnspecified
    CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED

    Not specified.

    GoogleSymmetricEncryption
    GOOGLE_SYMMETRIC_ENCRYPTION

    Creates symmetric encryption keys.

    RsaSignPss2048Sha256
    RSA_SIGN_PSS_2048_SHA256

    RSASSA-PSS 2048 bit key with a SHA256 digest.

    RsaSignPss3072Sha256
    RSA_SIGN_PSS_3072_SHA256

    RSASSA-PSS 3072 bit key with a SHA256 digest.

    RsaSignPss4096Sha256
    RSA_SIGN_PSS_4096_SHA256

    RSASSA-PSS 4096 bit key with a SHA256 digest.

    RsaSignPss4096Sha512
    RSA_SIGN_PSS_4096_SHA512

    RSASSA-PSS 4096 bit key with a SHA512 digest.

    RsaSignPkcs12048Sha256
    RSA_SIGN_PKCS1_2048_SHA256

    RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

    RsaSignPkcs13072Sha256
    RSA_SIGN_PKCS1_3072_SHA256

    RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

    RsaSignPkcs14096Sha256
    RSA_SIGN_PKCS1_4096_SHA256

    RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

    RsaSignPkcs14096Sha512
    RSA_SIGN_PKCS1_4096_SHA512

    RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

    RsaSignRawPkcs12048
    RSA_SIGN_RAW_PKCS1_2048

    RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.

    RsaSignRawPkcs13072
    RSA_SIGN_RAW_PKCS1_3072

    RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.

    RsaSignRawPkcs14096
    RSA_SIGN_RAW_PKCS1_4096

    RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.

    RsaDecryptOaep2048Sha256
    RSA_DECRYPT_OAEP_2048_SHA256

    RSAES-OAEP 2048 bit key with a SHA256 digest.

    RsaDecryptOaep3072Sha256
    RSA_DECRYPT_OAEP_3072_SHA256

    RSAES-OAEP 3072 bit key with a SHA256 digest.

    RsaDecryptOaep4096Sha256
    RSA_DECRYPT_OAEP_4096_SHA256

    RSAES-OAEP 4096 bit key with a SHA256 digest.

    RsaDecryptOaep4096Sha512
    RSA_DECRYPT_OAEP_4096_SHA512

    RSAES-OAEP 4096 bit key with a SHA512 digest.

    RsaDecryptOaep2048Sha1
    RSA_DECRYPT_OAEP_2048_SHA1

    RSAES-OAEP 2048 bit key with a SHA1 digest.

    RsaDecryptOaep3072Sha1
    RSA_DECRYPT_OAEP_3072_SHA1

    RSAES-OAEP 3072 bit key with a SHA1 digest.

    RsaDecryptOaep4096Sha1
    RSA_DECRYPT_OAEP_4096_SHA1

    RSAES-OAEP 4096 bit key with a SHA1 digest.

    EcSignP256Sha256
    EC_SIGN_P256_SHA256

    ECDSA on the NIST P-256 curve with a SHA256 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

    EcSignP384Sha384
    EC_SIGN_P384_SHA384

    ECDSA on the NIST P-384 curve with a SHA384 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

    EcSignSecp256k1Sha256
    EC_SIGN_SECP256K1_SHA256

    ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

    HmacSha256
    HMAC_SHA256

    HMAC-SHA256 signing with a 256 bit key.

    HmacSha1
    HMAC_SHA1

    HMAC-SHA1 signing with a 160 bit key.

    HmacSha384
    HMAC_SHA384

    HMAC-SHA384 signing with a 384 bit key.

    HmacSha512
    HMAC_SHA512

    HMAC-SHA512 signing with a 512 bit key.

    HmacSha224
    HMAC_SHA224

    HMAC-SHA224 signing with a 224 bit key.

    ExternalSymmetricEncryption
    EXTERNAL_SYMMETRIC_ENCRYPTION

    Algorithm representing symmetric encryption by an external key manager.

    CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED
    CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED

    Not specified.

    GOOGLE_SYMMETRIC_ENCRYPTION
    GOOGLE_SYMMETRIC_ENCRYPTION

    Creates symmetric encryption keys.

    RSA_SIGN_PSS2048_SHA256
    RSA_SIGN_PSS_2048_SHA256

    RSASSA-PSS 2048 bit key with a SHA256 digest.

    RSA_SIGN_PSS3072_SHA256
    RSA_SIGN_PSS_3072_SHA256

    RSASSA-PSS 3072 bit key with a SHA256 digest.

    RSA_SIGN_PSS4096_SHA256
    RSA_SIGN_PSS_4096_SHA256

    RSASSA-PSS 4096 bit key with a SHA256 digest.

    RSA_SIGN_PSS4096_SHA512
    RSA_SIGN_PSS_4096_SHA512

    RSASSA-PSS 4096 bit key with a SHA512 digest.

    RSA_SIGN_PKCS12048_SHA256
    RSA_SIGN_PKCS1_2048_SHA256

    RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

    RSA_SIGN_PKCS13072_SHA256
    RSA_SIGN_PKCS1_3072_SHA256

    RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

    RSA_SIGN_PKCS14096_SHA256
    RSA_SIGN_PKCS1_4096_SHA256

    RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

    RSA_SIGN_PKCS14096_SHA512
    RSA_SIGN_PKCS1_4096_SHA512

    RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

    RSA_SIGN_RAW_PKCS12048
    RSA_SIGN_RAW_PKCS1_2048

    RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.

    RSA_SIGN_RAW_PKCS13072
    RSA_SIGN_RAW_PKCS1_3072

    RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.

    RSA_SIGN_RAW_PKCS14096
    RSA_SIGN_RAW_PKCS1_4096

    RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.

    RSA_DECRYPT_OAEP2048_SHA256
    RSA_DECRYPT_OAEP_2048_SHA256

    RSAES-OAEP 2048 bit key with a SHA256 digest.

    RSA_DECRYPT_OAEP3072_SHA256
    RSA_DECRYPT_OAEP_3072_SHA256

    RSAES-OAEP 3072 bit key with a SHA256 digest.

    RSA_DECRYPT_OAEP4096_SHA256
    RSA_DECRYPT_OAEP_4096_SHA256

    RSAES-OAEP 4096 bit key with a SHA256 digest.

    RSA_DECRYPT_OAEP4096_SHA512
    RSA_DECRYPT_OAEP_4096_SHA512

    RSAES-OAEP 4096 bit key with a SHA512 digest.

    RSA_DECRYPT_OAEP2048_SHA1
    RSA_DECRYPT_OAEP_2048_SHA1

    RSAES-OAEP 2048 bit key with a SHA1 digest.

    RSA_DECRYPT_OAEP3072_SHA1
    RSA_DECRYPT_OAEP_3072_SHA1

    RSAES-OAEP 3072 bit key with a SHA1 digest.

    RSA_DECRYPT_OAEP4096_SHA1
    RSA_DECRYPT_OAEP_4096_SHA1

    RSAES-OAEP 4096 bit key with a SHA1 digest.

    EC_SIGN_P256_SHA256
    EC_SIGN_P256_SHA256

    ECDSA on the NIST P-256 curve with a SHA256 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

    EC_SIGN_P384_SHA384
    EC_SIGN_P384_SHA384

    ECDSA on the NIST P-384 curve with a SHA384 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

    EC_SIGN_SECP256K1_SHA256
    EC_SIGN_SECP256K1_SHA256

    ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

    HMAC_SHA256
    HMAC_SHA256

    HMAC-SHA256 signing with a 256 bit key.

    HMAC_SHA1
    HMAC_SHA1

    HMAC-SHA1 signing with a 160 bit key.

    HMAC_SHA384
    HMAC_SHA384

    HMAC-SHA384 signing with a 384 bit key.

    HMAC_SHA512
    HMAC_SHA512

    HMAC-SHA512 signing with a 512 bit key.

    HMAC_SHA224
    HMAC_SHA224

    HMAC-SHA224 signing with a 224 bit key.

    EXTERNAL_SYMMETRIC_ENCRYPTION
    EXTERNAL_SYMMETRIC_ENCRYPTION

    Algorithm representing symmetric encryption by an external key manager.

    "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED"
    CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED

    Not specified.

    "GOOGLE_SYMMETRIC_ENCRYPTION"
    GOOGLE_SYMMETRIC_ENCRYPTION

    Creates symmetric encryption keys.

    "RSA_SIGN_PSS_2048_SHA256"
    RSA_SIGN_PSS_2048_SHA256

    RSASSA-PSS 2048 bit key with a SHA256 digest.

    "RSA_SIGN_PSS_3072_SHA256"
    RSA_SIGN_PSS_3072_SHA256

    RSASSA-PSS 3072 bit key with a SHA256 digest.

    "RSA_SIGN_PSS_4096_SHA256"
    RSA_SIGN_PSS_4096_SHA256

    RSASSA-PSS 4096 bit key with a SHA256 digest.

    "RSA_SIGN_PSS_4096_SHA512"
    RSA_SIGN_PSS_4096_SHA512

    RSASSA-PSS 4096 bit key with a SHA512 digest.

    "RSA_SIGN_PKCS1_2048_SHA256"
    RSA_SIGN_PKCS1_2048_SHA256

    RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

    "RSA_SIGN_PKCS1_3072_SHA256"
    RSA_SIGN_PKCS1_3072_SHA256

    RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

    "RSA_SIGN_PKCS1_4096_SHA256"
    RSA_SIGN_PKCS1_4096_SHA256

    RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

    "RSA_SIGN_PKCS1_4096_SHA512"
    RSA_SIGN_PKCS1_4096_SHA512

    RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

    "RSA_SIGN_RAW_PKCS1_2048"
    RSA_SIGN_RAW_PKCS1_2048

    RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.

    "RSA_SIGN_RAW_PKCS1_3072"
    RSA_SIGN_RAW_PKCS1_3072

    RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.

    "RSA_SIGN_RAW_PKCS1_4096"
    RSA_SIGN_RAW_PKCS1_4096

    RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.

    "RSA_DECRYPT_OAEP_2048_SHA256"
    RSA_DECRYPT_OAEP_2048_SHA256

    RSAES-OAEP 2048 bit key with a SHA256 digest.

    "RSA_DECRYPT_OAEP_3072_SHA256"
    RSA_DECRYPT_OAEP_3072_SHA256

    RSAES-OAEP 3072 bit key with a SHA256 digest.

    "RSA_DECRYPT_OAEP_4096_SHA256"
    RSA_DECRYPT_OAEP_4096_SHA256

    RSAES-OAEP 4096 bit key with a SHA256 digest.

    "RSA_DECRYPT_OAEP_4096_SHA512"
    RSA_DECRYPT_OAEP_4096_SHA512

    RSAES-OAEP 4096 bit key with a SHA512 digest.

    "RSA_DECRYPT_OAEP_2048_SHA1"
    RSA_DECRYPT_OAEP_2048_SHA1

    RSAES-OAEP 2048 bit key with a SHA1 digest.

    "RSA_DECRYPT_OAEP_3072_SHA1"
    RSA_DECRYPT_OAEP_3072_SHA1

    RSAES-OAEP 3072 bit key with a SHA1 digest.

    "RSA_DECRYPT_OAEP_4096_SHA1"
    RSA_DECRYPT_OAEP_4096_SHA1

    RSAES-OAEP 4096 bit key with a SHA1 digest.

    "EC_SIGN_P256_SHA256"
    EC_SIGN_P256_SHA256

    ECDSA on the NIST P-256 curve with a SHA256 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

    "EC_SIGN_P384_SHA384"
    EC_SIGN_P384_SHA384

    ECDSA on the NIST P-384 curve with a SHA384 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

    "EC_SIGN_SECP256K1_SHA256"
    EC_SIGN_SECP256K1_SHA256

    ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms

    "HMAC_SHA256"
    HMAC_SHA256

    HMAC-SHA256 signing with a 256 bit key.

    "HMAC_SHA1"
    HMAC_SHA1

    HMAC-SHA1 signing with a 160 bit key.

    "HMAC_SHA384"
    HMAC_SHA384

    HMAC-SHA384 signing with a 384 bit key.

    "HMAC_SHA512"
    HMAC_SHA512

    HMAC-SHA512 signing with a 512 bit key.

    "HMAC_SHA224"
    HMAC_SHA224

    HMAC-SHA224 signing with a 224 bit key.

    "EXTERNAL_SYMMETRIC_ENCRYPTION"
    EXTERNAL_SYMMETRIC_ENCRYPTION

    Algorithm representing symmetric encryption by an external key manager.

    CryptoKeyVersionTemplateProtectionLevel, CryptoKeyVersionTemplateProtectionLevelArgs

    ProtectionLevelUnspecified
    PROTECTION_LEVEL_UNSPECIFIED

    Not specified.

    Software
    SOFTWARE

    Crypto operations are performed in software.

    Hsm
    HSM

    Crypto operations are performed in a Hardware Security Module.

    External
    EXTERNAL

    Crypto operations are performed by an external key manager.

    ExternalVpc
    EXTERNAL_VPC

    Crypto operations are performed in an EKM-over-VPC backend.

    CryptoKeyVersionTemplateProtectionLevelProtectionLevelUnspecified
    PROTECTION_LEVEL_UNSPECIFIED

    Not specified.

    CryptoKeyVersionTemplateProtectionLevelSoftware
    SOFTWARE

    Crypto operations are performed in software.

    CryptoKeyVersionTemplateProtectionLevelHsm
    HSM

    Crypto operations are performed in a Hardware Security Module.

    CryptoKeyVersionTemplateProtectionLevelExternal
    EXTERNAL

    Crypto operations are performed by an external key manager.

    CryptoKeyVersionTemplateProtectionLevelExternalVpc
    EXTERNAL_VPC

    Crypto operations are performed in an EKM-over-VPC backend.

    ProtectionLevelUnspecified
    PROTECTION_LEVEL_UNSPECIFIED

    Not specified.

    Software
    SOFTWARE

    Crypto operations are performed in software.

    Hsm
    HSM

    Crypto operations are performed in a Hardware Security Module.

    External
    EXTERNAL

    Crypto operations are performed by an external key manager.

    ExternalVpc
    EXTERNAL_VPC

    Crypto operations are performed in an EKM-over-VPC backend.

    ProtectionLevelUnspecified
    PROTECTION_LEVEL_UNSPECIFIED

    Not specified.

    Software
    SOFTWARE

    Crypto operations are performed in software.

    Hsm
    HSM

    Crypto operations are performed in a Hardware Security Module.

    External
    EXTERNAL

    Crypto operations are performed by an external key manager.

    ExternalVpc
    EXTERNAL_VPC

    Crypto operations are performed in an EKM-over-VPC backend.

    PROTECTION_LEVEL_UNSPECIFIED
    PROTECTION_LEVEL_UNSPECIFIED

    Not specified.

    SOFTWARE
    SOFTWARE

    Crypto operations are performed in software.

    HSM
    HSM

    Crypto operations are performed in a Hardware Security Module.

    EXTERNAL
    EXTERNAL

    Crypto operations are performed by an external key manager.

    EXTERNAL_VPC
    EXTERNAL_VPC

    Crypto operations are performed in an EKM-over-VPC backend.

    "PROTECTION_LEVEL_UNSPECIFIED"
    PROTECTION_LEVEL_UNSPECIFIED

    Not specified.

    "SOFTWARE"
    SOFTWARE

    Crypto operations are performed in software.

    "HSM"
    HSM

    Crypto operations are performed in a Hardware Security Module.

    "EXTERNAL"
    EXTERNAL

    Crypto operations are performed by an external key manager.

    "EXTERNAL_VPC"
    EXTERNAL_VPC

    Crypto operations are performed in an EKM-over-VPC backend.

    CryptoKeyVersionTemplateResponse, CryptoKeyVersionTemplateResponseArgs

    Algorithm string

    Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

    ProtectionLevel string

    ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

    Algorithm string

    Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

    ProtectionLevel string

    ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

    algorithm String

    Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

    protectionLevel String

    ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

    algorithm string

    Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

    protectionLevel string

    ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

    algorithm str

    Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

    protection_level str

    ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

    algorithm String

    Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

    protectionLevel String

    ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

    ExternalProtectionLevelOptionsResponse, ExternalProtectionLevelOptionsResponseArgs

    EkmConnectionKeyPath string

    The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.

    ExternalKeyUri string

    The URI for an external resource that this CryptoKeyVersion represents.

    EkmConnectionKeyPath string

    The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.

    ExternalKeyUri string

    The URI for an external resource that this CryptoKeyVersion represents.

    ekmConnectionKeyPath String

    The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.

    externalKeyUri String

    The URI for an external resource that this CryptoKeyVersion represents.

    ekmConnectionKeyPath string

    The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.

    externalKeyUri string

    The URI for an external resource that this CryptoKeyVersion represents.

    ekm_connection_key_path str

    The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.

    external_key_uri str

    The URI for an external resource that this CryptoKeyVersion represents.

    ekmConnectionKeyPath String

    The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.

    externalKeyUri String

    The URI for an external resource that this CryptoKeyVersion represents.

    KeyOperationAttestationResponse, KeyOperationAttestationResponseArgs

    CertChains Pulumi.GoogleNative.Cloudkms.V1.Inputs.CertificateChainsResponse

    The certificate chains needed to validate the attestation

    Content string

    The attestation data provided by the HSM when the key operation was performed.

    Format string

    The format of the attestation data.

    CertChains CertificateChainsResponse

    The certificate chains needed to validate the attestation

    Content string

    The attestation data provided by the HSM when the key operation was performed.

    Format string

    The format of the attestation data.

    certChains CertificateChainsResponse

    The certificate chains needed to validate the attestation

    content String

    The attestation data provided by the HSM when the key operation was performed.

    format String

    The format of the attestation data.

    certChains CertificateChainsResponse

    The certificate chains needed to validate the attestation

    content string

    The attestation data provided by the HSM when the key operation was performed.

    format string

    The format of the attestation data.

    cert_chains CertificateChainsResponse

    The certificate chains needed to validate the attestation

    content str

    The attestation data provided by the HSM when the key operation was performed.

    format str

    The format of the attestation data.

    certChains Property Map

    The certificate chains needed to validate the attestation

    content String

    The attestation data provided by the HSM when the key operation was performed.

    format String

    The format of the attestation data.

    Package Details

    Repository
    Google Cloud Native pulumi/pulumi-google-native
    License
    Apache-2.0
    google-native logo

    Google Cloud Native is in preview. Google Cloud Classic is fully supported.

    Google Cloud Native v0.31.1 published on Thursday, Jul 20, 2023 by Pulumi