Docs
PackagesGoogle Cloud Native is in preview. Google Cloud Classic is fully supported.
google-native.cloudkms/v1.CryptoKey
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Create a new CryptoKey within a KeyRing. CryptoKey.purpose and CryptoKey.version_template.algorithm are required. Note - this resource’s API doesn’t support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.
Create CryptoKey Resource
new CryptoKey(name: string, args: CryptoKeyArgs, opts?: CustomResourceOptions);@overload
def CryptoKey(resource_name: str,
opts: Optional[ResourceOptions] = None,
crypto_key_backend: Optional[str] = None,
crypto_key_id: Optional[str] = None,
destroy_scheduled_duration: Optional[str] = None,
import_only: Optional[bool] = None,
key_ring_id: Optional[str] = None,
labels: Optional[Mapping[str, str]] = None,
location: Optional[str] = None,
next_rotation_time: Optional[str] = None,
project: Optional[str] = None,
purpose: Optional[CryptoKeyPurpose] = None,
rotation_period: Optional[str] = None,
skip_initial_version_creation: Optional[bool] = None,
version_template: Optional[CryptoKeyVersionTemplateArgs] = None)
@overload
def CryptoKey(resource_name: str,
args: CryptoKeyArgs,
opts: Optional[ResourceOptions] = None)func NewCryptoKey(ctx *Context, name string, args CryptoKeyArgs, opts ...ResourceOption) (*CryptoKey, error)public CryptoKey(string name, CryptoKeyArgs args, CustomResourceOptions? opts = null)
public CryptoKey(String name, CryptoKeyArgs args)
public CryptoKey(String name, CryptoKeyArgs args, CustomResourceOptions options)
type: google-native:cloudkms/v1:CryptoKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CryptoKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CryptoKeyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CryptoKeyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CryptoKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CryptoKeyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
CryptoKey Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The CryptoKey resource accepts the following input properties:
- Key
Ring stringId - Crypto
Key stringBackend Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format
projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.- Crypto
Key stringId Required. It must be unique within a KeyRing and match the regular expression
[a-zA-Z0-9_-]{1,63}- Destroy
Scheduled stringDuration Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
- Import
Only bool Immutable. Whether this key may contain imported versions only.
- Labels Dictionary<string, string>
Labels with user-defined metadata. For more information, see Labeling Keys.
- Location string
- Next
Rotation stringTime At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
- Project string
- Purpose
Pulumi.
Google Native. Cloudkms. V1. Crypto Key Purpose Immutable. The immutable purpose of this CryptoKey.
- Rotation
Period string next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
- Skip
Initial boolVersion Creation If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.
- Version
Template Pulumi.Google Native. Cloudkms. V1. Inputs. Crypto Key Version Template A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.
- Key
Ring stringId - Crypto
Key stringBackend Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format
projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.- Crypto
Key stringId Required. It must be unique within a KeyRing and match the regular expression
[a-zA-Z0-9_-]{1,63}- Destroy
Scheduled stringDuration Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
- Import
Only bool Immutable. Whether this key may contain imported versions only.
- Labels map[string]string
Labels with user-defined metadata. For more information, see Labeling Keys.
- Location string
- Next
Rotation stringTime At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
- Project string
- Purpose
Crypto
Key Purpose Immutable. The immutable purpose of this CryptoKey.
- Rotation
Period string next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
- Skip
Initial boolVersion Creation If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.
- Version
Template CryptoKey Version Template Args A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.
- key
Ring StringId - crypto
Key StringBackend Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format
projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.- crypto
Key StringId Required. It must be unique within a KeyRing and match the regular expression
[a-zA-Z0-9_-]{1,63}- destroy
Scheduled StringDuration Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
- import
Only Boolean Immutable. Whether this key may contain imported versions only.
- labels Map<String,String>
Labels with user-defined metadata. For more information, see Labeling Keys.
- location String
- next
Rotation StringTime At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
- project String
- purpose
Crypto
Key Purpose Immutable. The immutable purpose of this CryptoKey.
- rotation
Period String next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
- skip
Initial BooleanVersion Creation If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.
- version
Template CryptoKey Version Template A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.
- key
Ring stringId - crypto
Key stringBackend Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format
projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.- crypto
Key stringId Required. It must be unique within a KeyRing and match the regular expression
[a-zA-Z0-9_-]{1,63}- destroy
Scheduled stringDuration Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
- import
Only boolean Immutable. Whether this key may contain imported versions only.
- labels {[key: string]: string}
Labels with user-defined metadata. For more information, see Labeling Keys.
- location string
- next
Rotation stringTime At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
- project string
- purpose
Crypto
Key Purpose Immutable. The immutable purpose of this CryptoKey.
- rotation
Period string next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
- skip
Initial booleanVersion Creation If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.
- version
Template CryptoKey Version Template A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.
- key_
ring_ strid - crypto_
key_ strbackend Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format
projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.- crypto_
key_ strid Required. It must be unique within a KeyRing and match the regular expression
[a-zA-Z0-9_-]{1,63}- destroy_
scheduled_ strduration Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
- import_
only bool Immutable. Whether this key may contain imported versions only.
- labels Mapping[str, str]
Labels with user-defined metadata. For more information, see Labeling Keys.
- location str
- next_
rotation_ strtime At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
- project str
- purpose
Crypto
Key Purpose Immutable. The immutable purpose of this CryptoKey.
- rotation_
period str next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
- skip_
initial_ boolversion_ creation If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.
- version_
template CryptoKey Version Template Args A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.
- key
Ring StringId - crypto
Key StringBackend Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format
projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.- crypto
Key StringId Required. It must be unique within a KeyRing and match the regular expression
[a-zA-Z0-9_-]{1,63}- destroy
Scheduled StringDuration Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
- import
Only Boolean Immutable. Whether this key may contain imported versions only.
- labels Map<String>
Labels with user-defined metadata. For more information, see Labeling Keys.
- location String
- next
Rotation StringTime At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
- project String
- purpose "CRYPTO_KEY_PURPOSE_UNSPECIFIED" | "ENCRYPT_DECRYPT" | "ASYMMETRIC_SIGN" | "ASYMMETRIC_DECRYPT" | "MAC"
Immutable. The immutable purpose of this CryptoKey.
- rotation
Period String next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
- skip
Initial BooleanVersion Creation If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.
- version
Template Property Map A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.
Outputs
All input properties are implicitly available as output properties. Additionally, the CryptoKey resource produces the following output properties:
- Create
Time string The time at which this CryptoKey was created.
- Id string
The provider-assigned unique ID for this managed resource.
- Name string
The resource name for this CryptoKey in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*.- Primary
Pulumi.
Google Native. Cloudkms. V1. Outputs. Crypto Key Version Response A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.
- Create
Time string The time at which this CryptoKey was created.
- Id string
The provider-assigned unique ID for this managed resource.
- Name string
The resource name for this CryptoKey in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*.- Primary
Crypto
Key Version Response A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.
- create
Time String The time at which this CryptoKey was created.
- id String
The provider-assigned unique ID for this managed resource.
- name String
The resource name for this CryptoKey in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*.- primary
Crypto
Key Version Response A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.
- create
Time string The time at which this CryptoKey was created.
- id string
The provider-assigned unique ID for this managed resource.
- name string
The resource name for this CryptoKey in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*.- primary
Crypto
Key Version Response A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.
- create_
time str The time at which this CryptoKey was created.
- id str
The provider-assigned unique ID for this managed resource.
- name str
The resource name for this CryptoKey in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*.- primary
Crypto
Key Version Response A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.
- create
Time String The time at which this CryptoKey was created.
- id String
The provider-assigned unique ID for this managed resource.
- name String
The resource name for this CryptoKey in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*.- primary Property Map
A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.
Supporting Types
CertificateChainsResponse, CertificateChainsResponseArgs
- Cavium
Certs List<string> Cavium certificate chain corresponding to the attestation.
- Google
Card List<string>Certs Google card certificate chain corresponding to the attestation.
- Google
Partition List<string>Certs Google partition certificate chain corresponding to the attestation.
- Cavium
Certs []string Cavium certificate chain corresponding to the attestation.
- Google
Card []stringCerts Google card certificate chain corresponding to the attestation.
- Google
Partition []stringCerts Google partition certificate chain corresponding to the attestation.
- cavium
Certs List<String> Cavium certificate chain corresponding to the attestation.
- google
Card List<String>Certs Google card certificate chain corresponding to the attestation.
- google
Partition List<String>Certs Google partition certificate chain corresponding to the attestation.
- cavium
Certs string[] Cavium certificate chain corresponding to the attestation.
- google
Card string[]Certs Google card certificate chain corresponding to the attestation.
- google
Partition string[]Certs Google partition certificate chain corresponding to the attestation.
- cavium_
certs Sequence[str] Cavium certificate chain corresponding to the attestation.
- google_
card_ Sequence[str]certs Google card certificate chain corresponding to the attestation.
- google_
partition_ Sequence[str]certs Google partition certificate chain corresponding to the attestation.
- cavium
Certs List<String> Cavium certificate chain corresponding to the attestation.
- google
Card List<String>Certs Google card certificate chain corresponding to the attestation.
- google
Partition List<String>Certs Google partition certificate chain corresponding to the attestation.
CryptoKeyPurpose, CryptoKeyPurposeArgs
- Crypto
Key Purpose Unspecified - CRYPTO_KEY_PURPOSE_UNSPECIFIED
Not specified.
- Encrypt
Decrypt - ENCRYPT_DECRYPT
CryptoKeys with this purpose may be used with Encrypt and Decrypt.
- Asymmetric
Sign - ASYMMETRIC_SIGN
CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.
- Asymmetric
Decrypt - ASYMMETRIC_DECRYPT
CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.
- Mac
- MAC
CryptoKeys with this purpose may be used with MacSign.
- Crypto
Key Purpose Crypto Key Purpose Unspecified - CRYPTO_KEY_PURPOSE_UNSPECIFIED
Not specified.
- Crypto
Key Purpose Encrypt Decrypt - ENCRYPT_DECRYPT
CryptoKeys with this purpose may be used with Encrypt and Decrypt.
- Crypto
Key Purpose Asymmetric Sign - ASYMMETRIC_SIGN
CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.
- Crypto
Key Purpose Asymmetric Decrypt - ASYMMETRIC_DECRYPT
CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.
- Crypto
Key Purpose Mac - MAC
CryptoKeys with this purpose may be used with MacSign.
- Crypto
Key Purpose Unspecified - CRYPTO_KEY_PURPOSE_UNSPECIFIED
Not specified.
- Encrypt
Decrypt - ENCRYPT_DECRYPT
CryptoKeys with this purpose may be used with Encrypt and Decrypt.
- Asymmetric
Sign - ASYMMETRIC_SIGN
CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.
- Asymmetric
Decrypt - ASYMMETRIC_DECRYPT
CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.
- Mac
- MAC
CryptoKeys with this purpose may be used with MacSign.
- Crypto
Key Purpose Unspecified - CRYPTO_KEY_PURPOSE_UNSPECIFIED
Not specified.
- Encrypt
Decrypt - ENCRYPT_DECRYPT
CryptoKeys with this purpose may be used with Encrypt and Decrypt.
- Asymmetric
Sign - ASYMMETRIC_SIGN
CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.
- Asymmetric
Decrypt - ASYMMETRIC_DECRYPT
CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.
- Mac
- MAC
CryptoKeys with this purpose may be used with MacSign.
- CRYPTO_KEY_PURPOSE_UNSPECIFIED
- CRYPTO_KEY_PURPOSE_UNSPECIFIED
Not specified.
- ENCRYPT_DECRYPT
- ENCRYPT_DECRYPT
CryptoKeys with this purpose may be used with Encrypt and Decrypt.
- ASYMMETRIC_SIGN
- ASYMMETRIC_SIGN
CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.
- ASYMMETRIC_DECRYPT
- ASYMMETRIC_DECRYPT
CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.
- MAC
- MAC
CryptoKeys with this purpose may be used with MacSign.
- "CRYPTO_KEY_PURPOSE_UNSPECIFIED"
- CRYPTO_KEY_PURPOSE_UNSPECIFIED
Not specified.
- "ENCRYPT_DECRYPT"
- ENCRYPT_DECRYPT
CryptoKeys with this purpose may be used with Encrypt and Decrypt.
- "ASYMMETRIC_SIGN"
- ASYMMETRIC_SIGN
CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.
- "ASYMMETRIC_DECRYPT"
- ASYMMETRIC_DECRYPT
CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.
- "MAC"
- MAC
CryptoKeys with this purpose may be used with MacSign.
CryptoKeyVersionResponse, CryptoKeyVersionResponseArgs
- Algorithm string
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- Attestation
Pulumi.
Google Native. Cloudkms. V1. Inputs. Key Operation Attestation Response Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
- Create
Time string The time at which this CryptoKeyVersion was created.
- Destroy
Event stringTime The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
- Destroy
Time string The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
- External
Destruction stringFailure Reason The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
- External
Protection Pulumi.Level Options Google Native. Cloudkms. V1. Inputs. External Protection Level Options Response ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
- Generate
Time string The time this CryptoKeyVersion's key material was generated.
- Generation
Failure stringReason The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
- Import
Failure stringReason The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
- Import
Job string The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
- Import
Time string The time at which this CryptoKeyVersion's key material was most recently imported.
- Name string
The resource name for this CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.- Protection
Level string The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- Reimport
Eligible bool Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
- State string
The current state of the CryptoKeyVersion.
- Algorithm string
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- Attestation
Key
Operation Attestation Response Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
- Create
Time string The time at which this CryptoKeyVersion was created.
- Destroy
Event stringTime The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
- Destroy
Time string The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
- External
Destruction stringFailure Reason The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
- External
Protection ExternalLevel Options Protection Level Options Response ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
- Generate
Time string The time this CryptoKeyVersion's key material was generated.
- Generation
Failure stringReason The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
- Import
Failure stringReason The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
- Import
Job string The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
- Import
Time string The time at which this CryptoKeyVersion's key material was most recently imported.
- Name string
The resource name for this CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.- Protection
Level string The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- Reimport
Eligible bool Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
- State string
The current state of the CryptoKeyVersion.
- algorithm String
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- attestation
Key
Operation Attestation Response Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
- create
Time String The time at which this CryptoKeyVersion was created.
- destroy
Event StringTime The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
- destroy
Time String The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
- external
Destruction StringFailure Reason The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
- external
Protection ExternalLevel Options Protection Level Options Response ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
- generate
Time String The time this CryptoKeyVersion's key material was generated.
- generation
Failure StringReason The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
- import
Failure StringReason The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
- import
Job String The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
- import
Time String The time at which this CryptoKeyVersion's key material was most recently imported.
- name String
The resource name for this CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.- protection
Level String The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- reimport
Eligible Boolean Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
- state String
The current state of the CryptoKeyVersion.
- algorithm string
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- attestation
Key
Operation Attestation Response Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
- create
Time string The time at which this CryptoKeyVersion was created.
- destroy
Event stringTime The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
- destroy
Time string The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
- external
Destruction stringFailure Reason The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
- external
Protection ExternalLevel Options Protection Level Options Response ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
- generate
Time string The time this CryptoKeyVersion's key material was generated.
- generation
Failure stringReason The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
- import
Failure stringReason The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
- import
Job string The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
- import
Time string The time at which this CryptoKeyVersion's key material was most recently imported.
- name string
The resource name for this CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.- protection
Level string The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- reimport
Eligible boolean Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
- state string
The current state of the CryptoKeyVersion.
- algorithm str
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- attestation
Key
Operation Attestation Response Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
- create_
time str The time at which this CryptoKeyVersion was created.
- destroy_
event_ strtime The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
- destroy_
time str The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
- external_
destruction_ strfailure_ reason The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
- external_
protection_ Externallevel_ options Protection Level Options Response ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
- generate_
time str The time this CryptoKeyVersion's key material was generated.
- generation_
failure_ strreason The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
- import_
failure_ strreason The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
- import_
job str The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
- import_
time str The time at which this CryptoKeyVersion's key material was most recently imported.
- name str
The resource name for this CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.- protection_
level str The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- reimport_
eligible bool Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
- state str
The current state of the CryptoKeyVersion.
- algorithm String
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- attestation Property Map
Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
- create
Time String The time at which this CryptoKeyVersion was created.
- destroy
Event StringTime The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
- destroy
Time String The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
- external
Destruction StringFailure Reason The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
- external
Protection Property MapLevel Options ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
- generate
Time String The time this CryptoKeyVersion's key material was generated.
- generation
Failure StringReason The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
- import
Failure StringReason The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
- import
Job String The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
- import
Time String The time at which this CryptoKeyVersion's key material was most recently imported.
- name String
The resource name for this CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.- protection
Level String The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- reimport
Eligible Boolean Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
- state String
The current state of the CryptoKeyVersion.
CryptoKeyVersionTemplate, CryptoKeyVersionTemplateArgs
- Algorithm
Pulumi.
Google Native. Cloudkms. V1. Crypto Key Version Template Algorithm Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
- Protection
Level Pulumi.Google Native. Cloudkms. V1. Crypto Key Version Template Protection Level ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
- Algorithm
Crypto
Key Version Template Algorithm Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
- Protection
Level CryptoKey Version Template Protection Level ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
- algorithm
Crypto
Key Version Template Algorithm Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
- protection
Level CryptoKey Version Template Protection Level ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
- algorithm
Crypto
Key Version Template Algorithm Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
- protection
Level CryptoKey Version Template Protection Level ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
- algorithm
Crypto
Key Version Template Algorithm Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
- protection_
level CryptoKey Version Template Protection Level ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
- algorithm "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" | "GOOGLE_SYMMETRIC_ENCRYPTION" | "RSA_SIGN_PSS_2048_SHA256" | "RSA_SIGN_PSS_3072_SHA256" | "RSA_SIGN_PSS_4096_SHA256" | "RSA_SIGN_PSS_4096_SHA512" | "RSA_SIGN_PKCS1_2048_SHA256" | "RSA_SIGN_PKCS1_3072_SHA256" | "RSA_SIGN_PKCS1_4096_SHA256" | "RSA_SIGN_PKCS1_4096_SHA512" | "RSA_SIGN_RAW_PKCS1_2048" | "RSA_SIGN_RAW_PKCS1_3072" | "RSA_SIGN_RAW_PKCS1_4096" | "RSA_DECRYPT_OAEP_2048_SHA256" | "RSA_DECRYPT_OAEP_3072_SHA256" | "RSA_DECRYPT_OAEP_4096_SHA256" | "RSA_DECRYPT_OAEP_4096_SHA512" | "RSA_DECRYPT_OAEP_2048_SHA1" | "RSA_DECRYPT_OAEP_3072_SHA1" | "RSA_DECRYPT_OAEP_4096_SHA1" | "EC_SIGN_P256_SHA256" | "EC_SIGN_P384_SHA384" | "EC_SIGN_SECP256K1_SHA256" | "HMAC_SHA256" | "HMAC_SHA1" | "HMAC_SHA384" | "HMAC_SHA512" | "HMAC_SHA224" | "EXTERNAL_SYMMETRIC_ENCRYPTION"
Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
- protection
Level "PROTECTION_LEVEL_UNSPECIFIED" | "SOFTWARE" | "HSM" | "EXTERNAL" | "EXTERNAL_VPC" ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
CryptoKeyVersionTemplateAlgorithm, CryptoKeyVersionTemplateAlgorithmArgs
- Crypto
Key Version Algorithm Unspecified - CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED
Not specified.
- Google
Symmetric Encryption - GOOGLE_SYMMETRIC_ENCRYPTION
Creates symmetric encryption keys.
- Rsa
Sign Pss2048Sha256 - RSA_SIGN_PSS_2048_SHA256
RSASSA-PSS 2048 bit key with a SHA256 digest.
- Rsa
Sign Pss3072Sha256 - RSA_SIGN_PSS_3072_SHA256
RSASSA-PSS 3072 bit key with a SHA256 digest.
- Rsa
Sign Pss4096Sha256 - RSA_SIGN_PSS_4096_SHA256
RSASSA-PSS 4096 bit key with a SHA256 digest.
- Rsa
Sign Pss4096Sha512 - RSA_SIGN_PSS_4096_SHA512
RSASSA-PSS 4096 bit key with a SHA512 digest.
- Rsa
Sign Pkcs12048Sha256 - RSA_SIGN_PKCS1_2048_SHA256
RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
- Rsa
Sign Pkcs13072Sha256 - RSA_SIGN_PKCS1_3072_SHA256
RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
- Rsa
Sign Pkcs14096Sha256 - RSA_SIGN_PKCS1_4096_SHA256
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
- Rsa
Sign Pkcs14096Sha512 - RSA_SIGN_PKCS1_4096_SHA512
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
- Rsa
Sign Raw Pkcs12048 - RSA_SIGN_RAW_PKCS1_2048
RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
- Rsa
Sign Raw Pkcs13072 - RSA_SIGN_RAW_PKCS1_3072
RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
- Rsa
Sign Raw Pkcs14096 - RSA_SIGN_RAW_PKCS1_4096
RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
- Rsa
Decrypt Oaep2048Sha256 - RSA_DECRYPT_OAEP_2048_SHA256
RSAES-OAEP 2048 bit key with a SHA256 digest.
- Rsa
Decrypt Oaep3072Sha256 - RSA_DECRYPT_OAEP_3072_SHA256
RSAES-OAEP 3072 bit key with a SHA256 digest.
- Rsa
Decrypt Oaep4096Sha256 - RSA_DECRYPT_OAEP_4096_SHA256
RSAES-OAEP 4096 bit key with a SHA256 digest.
- Rsa
Decrypt Oaep4096Sha512 - RSA_DECRYPT_OAEP_4096_SHA512
RSAES-OAEP 4096 bit key with a SHA512 digest.
- Rsa
Decrypt Oaep2048Sha1 - RSA_DECRYPT_OAEP_2048_SHA1
RSAES-OAEP 2048 bit key with a SHA1 digest.
- Rsa
Decrypt Oaep3072Sha1 - RSA_DECRYPT_OAEP_3072_SHA1
RSAES-OAEP 3072 bit key with a SHA1 digest.
- Rsa
Decrypt Oaep4096Sha1 - RSA_DECRYPT_OAEP_4096_SHA1
RSAES-OAEP 4096 bit key with a SHA1 digest.
- Ec
Sign P256Sha256 - EC_SIGN_P256_SHA256
ECDSA on the NIST P-256 curve with a SHA256 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
- Ec
Sign P384Sha384 - EC_SIGN_P384_SHA384
ECDSA on the NIST P-384 curve with a SHA384 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
- Ec
Sign Secp256k1Sha256 - EC_SIGN_SECP256K1_SHA256
ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
- Hmac
Sha256 - HMAC_SHA256
HMAC-SHA256 signing with a 256 bit key.
- Hmac
Sha1 - HMAC_SHA1
HMAC-SHA1 signing with a 160 bit key.
- Hmac
Sha384 - HMAC_SHA384
HMAC-SHA384 signing with a 384 bit key.
- Hmac
Sha512 - HMAC_SHA512
HMAC-SHA512 signing with a 512 bit key.
- Hmac
Sha224 - HMAC_SHA224
HMAC-SHA224 signing with a 224 bit key.
- External
Symmetric Encryption - EXTERNAL_SYMMETRIC_ENCRYPTION
Algorithm representing symmetric encryption by an external key manager.
- Crypto
Key Version Template Algorithm Crypto Key Version Algorithm Unspecified - CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED
Not specified.
- Crypto
Key Version Template Algorithm Google Symmetric Encryption - GOOGLE_SYMMETRIC_ENCRYPTION
Creates symmetric encryption keys.
- Crypto
Key Version Template Algorithm Rsa Sign Pss2048Sha256 - RSA_SIGN_PSS_2048_SHA256
RSASSA-PSS 2048 bit key with a SHA256 digest.
- Crypto
Key Version Template Algorithm Rsa Sign Pss3072Sha256 - RSA_SIGN_PSS_3072_SHA256
RSASSA-PSS 3072 bit key with a SHA256 digest.
- Crypto
Key Version Template Algorithm Rsa Sign Pss4096Sha256 - RSA_SIGN_PSS_4096_SHA256
RSASSA-PSS 4096 bit key with a SHA256 digest.
- Crypto
Key Version Template Algorithm Rsa Sign Pss4096Sha512 - RSA_SIGN_PSS_4096_SHA512
RSASSA-PSS 4096 bit key with a SHA512 digest.
- Crypto
Key Version Template Algorithm Rsa Sign Pkcs12048Sha256 - RSA_SIGN_PKCS1_2048_SHA256
RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
- Crypto
Key Version Template Algorithm Rsa Sign Pkcs13072Sha256 - RSA_SIGN_PKCS1_3072_SHA256
RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
- Crypto
Key Version Template Algorithm Rsa Sign Pkcs14096Sha256 - RSA_SIGN_PKCS1_4096_SHA256
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
- Crypto
Key Version Template Algorithm Rsa Sign Pkcs14096Sha512 - RSA_SIGN_PKCS1_4096_SHA512
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
- Crypto
Key Version Template Algorithm Rsa Sign Raw Pkcs12048 - RSA_SIGN_RAW_PKCS1_2048
RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
- Crypto
Key Version Template Algorithm Rsa Sign Raw Pkcs13072 - RSA_SIGN_RAW_PKCS1_3072
RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
- Crypto
Key Version Template Algorithm Rsa Sign Raw Pkcs14096 - RSA_SIGN_RAW_PKCS1_4096
RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
- Crypto
Key Version Template Algorithm Rsa Decrypt Oaep2048Sha256 - RSA_DECRYPT_OAEP_2048_SHA256
RSAES-OAEP 2048 bit key with a SHA256 digest.
- Crypto
Key Version Template Algorithm Rsa Decrypt Oaep3072Sha256 - RSA_DECRYPT_OAEP_3072_SHA256
RSAES-OAEP 3072 bit key with a SHA256 digest.
- Crypto
Key Version Template Algorithm Rsa Decrypt Oaep4096Sha256 - RSA_DECRYPT_OAEP_4096_SHA256
RSAES-OAEP 4096 bit key with a SHA256 digest.
- Crypto
Key Version Template Algorithm Rsa Decrypt Oaep4096Sha512 - RSA_DECRYPT_OAEP_4096_SHA512
RSAES-OAEP 4096 bit key with a SHA512 digest.
- Crypto
Key Version Template Algorithm Rsa Decrypt Oaep2048Sha1 - RSA_DECRYPT_OAEP_2048_SHA1
RSAES-OAEP 2048 bit key with a SHA1 digest.
- Crypto
Key Version Template Algorithm Rsa Decrypt Oaep3072Sha1 - RSA_DECRYPT_OAEP_3072_SHA1
RSAES-OAEP 3072 bit key with a SHA1 digest.
- Crypto
Key Version Template Algorithm Rsa Decrypt Oaep4096Sha1 - RSA_DECRYPT_OAEP_4096_SHA1
RSAES-OAEP 4096 bit key with a SHA1 digest.
- Crypto
Key Version Template Algorithm Ec Sign P256Sha256 - EC_SIGN_P256_SHA256
ECDSA on the NIST P-256 curve with a SHA256 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
- Crypto
Key Version Template Algorithm Ec Sign P384Sha384 - EC_SIGN_P384_SHA384
ECDSA on the NIST P-384 curve with a SHA384 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
- Crypto
Key Version Template Algorithm Ec Sign Secp256k1Sha256 - EC_SIGN_SECP256K1_SHA256
ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
- Crypto
Key Version Template Algorithm Hmac Sha256 - HMAC_SHA256
HMAC-SHA256 signing with a 256 bit key.
- Crypto
Key Version Template Algorithm Hmac Sha1 - HMAC_SHA1
HMAC-SHA1 signing with a 160 bit key.
- Crypto
Key Version Template Algorithm Hmac Sha384 - HMAC_SHA384
HMAC-SHA384 signing with a 384 bit key.
- Crypto
Key Version Template Algorithm Hmac Sha512 - HMAC_SHA512
HMAC-SHA512 signing with a 512 bit key.
- Crypto
Key Version Template Algorithm Hmac Sha224 - HMAC_SHA224
HMAC-SHA224 signing with a 224 bit key.
- Crypto
Key Version Template Algorithm External Symmetric Encryption - EXTERNAL_SYMMETRIC_ENCRYPTION
Algorithm representing symmetric encryption by an external key manager.
- Crypto
Key Version Algorithm Unspecified - CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED
Not specified.
- Google
Symmetric Encryption - GOOGLE_SYMMETRIC_ENCRYPTION
Creates symmetric encryption keys.
- Rsa
Sign Pss2048Sha256 - RSA_SIGN_PSS_2048_SHA256
RSASSA-PSS 2048 bit key with a SHA256 digest.
- Rsa
Sign Pss3072Sha256 - RSA_SIGN_PSS_3072_SHA256
RSASSA-PSS 3072 bit key with a SHA256 digest.
- Rsa
Sign Pss4096Sha256 - RSA_SIGN_PSS_4096_SHA256
RSASSA-PSS 4096 bit key with a SHA256 digest.
- Rsa
Sign Pss4096Sha512 - RSA_SIGN_PSS_4096_SHA512
RSASSA-PSS 4096 bit key with a SHA512 digest.
- Rsa
Sign Pkcs12048Sha256 - RSA_SIGN_PKCS1_2048_SHA256
RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
- Rsa
Sign Pkcs13072Sha256 - RSA_SIGN_PKCS1_3072_SHA256
RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
- Rsa
Sign Pkcs14096Sha256 - RSA_SIGN_PKCS1_4096_SHA256
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
- Rsa
Sign Pkcs14096Sha512 - RSA_SIGN_PKCS1_4096_SHA512
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
- Rsa
Sign Raw Pkcs12048 - RSA_SIGN_RAW_PKCS1_2048
RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
- Rsa
Sign Raw Pkcs13072 - RSA_SIGN_RAW_PKCS1_3072
RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
- Rsa
Sign Raw Pkcs14096 - RSA_SIGN_RAW_PKCS1_4096
RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
- Rsa
Decrypt Oaep2048Sha256 - RSA_DECRYPT_OAEP_2048_SHA256
RSAES-OAEP 2048 bit key with a SHA256 digest.
- Rsa
Decrypt Oaep3072Sha256 - RSA_DECRYPT_OAEP_3072_SHA256
RSAES-OAEP 3072 bit key with a SHA256 digest.
- Rsa
Decrypt Oaep4096Sha256 - RSA_DECRYPT_OAEP_4096_SHA256
RSAES-OAEP 4096 bit key with a SHA256 digest.
- Rsa
Decrypt Oaep4096Sha512 - RSA_DECRYPT_OAEP_4096_SHA512
RSAES-OAEP 4096 bit key with a SHA512 digest.
- Rsa
Decrypt Oaep2048Sha1 - RSA_DECRYPT_OAEP_2048_SHA1
RSAES-OAEP 2048 bit key with a SHA1 digest.
- Rsa
Decrypt Oaep3072Sha1 - RSA_DECRYPT_OAEP_3072_SHA1
RSAES-OAEP 3072 bit key with a SHA1 digest.
- Rsa
Decrypt Oaep4096Sha1 - RSA_DECRYPT_OAEP_4096_SHA1
RSAES-OAEP 4096 bit key with a SHA1 digest.
- Ec
Sign P256Sha256 - EC_SIGN_P256_SHA256
ECDSA on the NIST P-256 curve with a SHA256 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
- Ec
Sign P384Sha384 - EC_SIGN_P384_SHA384
ECDSA on the NIST P-384 curve with a SHA384 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
- Ec
Sign Secp256k1Sha256 - EC_SIGN_SECP256K1_SHA256
ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
- Hmac
Sha256 - HMAC_SHA256
HMAC-SHA256 signing with a 256 bit key.
- Hmac
Sha1 - HMAC_SHA1
HMAC-SHA1 signing with a 160 bit key.
- Hmac
Sha384 - HMAC_SHA384
HMAC-SHA384 signing with a 384 bit key.
- Hmac
Sha512 - HMAC_SHA512
HMAC-SHA512 signing with a 512 bit key.
- Hmac
Sha224 - HMAC_SHA224
HMAC-SHA224 signing with a 224 bit key.
- External
Symmetric Encryption - EXTERNAL_SYMMETRIC_ENCRYPTION
Algorithm representing symmetric encryption by an external key manager.
- Crypto
Key Version Algorithm Unspecified - CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED
Not specified.
- Google
Symmetric Encryption - GOOGLE_SYMMETRIC_ENCRYPTION
Creates symmetric encryption keys.
- Rsa
Sign Pss2048Sha256 - RSA_SIGN_PSS_2048_SHA256
RSASSA-PSS 2048 bit key with a SHA256 digest.
- Rsa
Sign Pss3072Sha256 - RSA_SIGN_PSS_3072_SHA256
RSASSA-PSS 3072 bit key with a SHA256 digest.
- Rsa
Sign Pss4096Sha256 - RSA_SIGN_PSS_4096_SHA256
RSASSA-PSS 4096 bit key with a SHA256 digest.
- Rsa
Sign Pss4096Sha512 - RSA_SIGN_PSS_4096_SHA512
RSASSA-PSS 4096 bit key with a SHA512 digest.
- Rsa
Sign Pkcs12048Sha256 - RSA_SIGN_PKCS1_2048_SHA256
RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
- Rsa
Sign Pkcs13072Sha256 - RSA_SIGN_PKCS1_3072_SHA256
RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
- Rsa
Sign Pkcs14096Sha256 - RSA_SIGN_PKCS1_4096_SHA256
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
- Rsa
Sign Pkcs14096Sha512 - RSA_SIGN_PKCS1_4096_SHA512
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
- Rsa
Sign Raw Pkcs12048 - RSA_SIGN_RAW_PKCS1_2048
RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
- Rsa
Sign Raw Pkcs13072 - RSA_SIGN_RAW_PKCS1_3072
RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
- Rsa
Sign Raw Pkcs14096 - RSA_SIGN_RAW_PKCS1_4096
RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
- Rsa
Decrypt Oaep2048Sha256 - RSA_DECRYPT_OAEP_2048_SHA256
RSAES-OAEP 2048 bit key with a SHA256 digest.
- Rsa
Decrypt Oaep3072Sha256 - RSA_DECRYPT_OAEP_3072_SHA256
RSAES-OAEP 3072 bit key with a SHA256 digest.
- Rsa
Decrypt Oaep4096Sha256 - RSA_DECRYPT_OAEP_4096_SHA256
RSAES-OAEP 4096 bit key with a SHA256 digest.
- Rsa
Decrypt Oaep4096Sha512 - RSA_DECRYPT_OAEP_4096_SHA512
RSAES-OAEP 4096 bit key with a SHA512 digest.
- Rsa
Decrypt Oaep2048Sha1 - RSA_DECRYPT_OAEP_2048_SHA1
RSAES-OAEP 2048 bit key with a SHA1 digest.
- Rsa
Decrypt Oaep3072Sha1 - RSA_DECRYPT_OAEP_3072_SHA1
RSAES-OAEP 3072 bit key with a SHA1 digest.
- Rsa
Decrypt Oaep4096Sha1 - RSA_DECRYPT_OAEP_4096_SHA1
RSAES-OAEP 4096 bit key with a SHA1 digest.
- Ec
Sign P256Sha256 - EC_SIGN_P256_SHA256
ECDSA on the NIST P-256 curve with a SHA256 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
- Ec
Sign P384Sha384 - EC_SIGN_P384_SHA384
ECDSA on the NIST P-384 curve with a SHA384 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
- Ec
Sign Secp256k1Sha256 - EC_SIGN_SECP256K1_SHA256
ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
- Hmac
Sha256 - HMAC_SHA256
HMAC-SHA256 signing with a 256 bit key.
- Hmac
Sha1 - HMAC_SHA1
HMAC-SHA1 signing with a 160 bit key.
- Hmac
Sha384 - HMAC_SHA384
HMAC-SHA384 signing with a 384 bit key.
- Hmac
Sha512 - HMAC_SHA512
HMAC-SHA512 signing with a 512 bit key.
- Hmac
Sha224 - HMAC_SHA224
HMAC-SHA224 signing with a 224 bit key.
- External
Symmetric Encryption - EXTERNAL_SYMMETRIC_ENCRYPTION
Algorithm representing symmetric encryption by an external key manager.
- CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED
- CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED
Not specified.
- GOOGLE_SYMMETRIC_ENCRYPTION
- GOOGLE_SYMMETRIC_ENCRYPTION
Creates symmetric encryption keys.
- RSA_SIGN_PSS2048_SHA256
- RSA_SIGN_PSS_2048_SHA256
RSASSA-PSS 2048 bit key with a SHA256 digest.
- RSA_SIGN_PSS3072_SHA256
- RSA_SIGN_PSS_3072_SHA256
RSASSA-PSS 3072 bit key with a SHA256 digest.
- RSA_SIGN_PSS4096_SHA256
- RSA_SIGN_PSS_4096_SHA256
RSASSA-PSS 4096 bit key with a SHA256 digest.
- RSA_SIGN_PSS4096_SHA512
- RSA_SIGN_PSS_4096_SHA512
RSASSA-PSS 4096 bit key with a SHA512 digest.
- RSA_SIGN_PKCS12048_SHA256
- RSA_SIGN_PKCS1_2048_SHA256
RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
- RSA_SIGN_PKCS13072_SHA256
- RSA_SIGN_PKCS1_3072_SHA256
RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
- RSA_SIGN_PKCS14096_SHA256
- RSA_SIGN_PKCS1_4096_SHA256
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
- RSA_SIGN_PKCS14096_SHA512
- RSA_SIGN_PKCS1_4096_SHA512
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
- RSA_SIGN_RAW_PKCS12048
- RSA_SIGN_RAW_PKCS1_2048
RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
- RSA_SIGN_RAW_PKCS13072
- RSA_SIGN_RAW_PKCS1_3072
RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
- RSA_SIGN_RAW_PKCS14096
- RSA_SIGN_RAW_PKCS1_4096
RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
- RSA_DECRYPT_OAEP2048_SHA256
- RSA_DECRYPT_OAEP_2048_SHA256
RSAES-OAEP 2048 bit key with a SHA256 digest.
- RSA_DECRYPT_OAEP3072_SHA256
- RSA_DECRYPT_OAEP_3072_SHA256
RSAES-OAEP 3072 bit key with a SHA256 digest.
- RSA_DECRYPT_OAEP4096_SHA256
- RSA_DECRYPT_OAEP_4096_SHA256
RSAES-OAEP 4096 bit key with a SHA256 digest.
- RSA_DECRYPT_OAEP4096_SHA512
- RSA_DECRYPT_OAEP_4096_SHA512
RSAES-OAEP 4096 bit key with a SHA512 digest.
- RSA_DECRYPT_OAEP2048_SHA1
- RSA_DECRYPT_OAEP_2048_SHA1
RSAES-OAEP 2048 bit key with a SHA1 digest.
- RSA_DECRYPT_OAEP3072_SHA1
- RSA_DECRYPT_OAEP_3072_SHA1
RSAES-OAEP 3072 bit key with a SHA1 digest.
- RSA_DECRYPT_OAEP4096_SHA1
- RSA_DECRYPT_OAEP_4096_SHA1
RSAES-OAEP 4096 bit key with a SHA1 digest.
- EC_SIGN_P256_SHA256
- EC_SIGN_P256_SHA256
ECDSA on the NIST P-256 curve with a SHA256 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
- EC_SIGN_P384_SHA384
- EC_SIGN_P384_SHA384
ECDSA on the NIST P-384 curve with a SHA384 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
- EC_SIGN_SECP256K1_SHA256
- EC_SIGN_SECP256K1_SHA256
ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
- HMAC_SHA256
- HMAC_SHA256
HMAC-SHA256 signing with a 256 bit key.
- HMAC_SHA1
- HMAC_SHA1
HMAC-SHA1 signing with a 160 bit key.
- HMAC_SHA384
- HMAC_SHA384
HMAC-SHA384 signing with a 384 bit key.
- HMAC_SHA512
- HMAC_SHA512
HMAC-SHA512 signing with a 512 bit key.
- HMAC_SHA224
- HMAC_SHA224
HMAC-SHA224 signing with a 224 bit key.
- EXTERNAL_SYMMETRIC_ENCRYPTION
- EXTERNAL_SYMMETRIC_ENCRYPTION
Algorithm representing symmetric encryption by an external key manager.
- "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED"
- CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED
Not specified.
- "GOOGLE_SYMMETRIC_ENCRYPTION"
- GOOGLE_SYMMETRIC_ENCRYPTION
Creates symmetric encryption keys.
- "RSA_SIGN_PSS_2048_SHA256"
- RSA_SIGN_PSS_2048_SHA256
RSASSA-PSS 2048 bit key with a SHA256 digest.
- "RSA_SIGN_PSS_3072_SHA256"
- RSA_SIGN_PSS_3072_SHA256
RSASSA-PSS 3072 bit key with a SHA256 digest.
- "RSA_SIGN_PSS_4096_SHA256"
- RSA_SIGN_PSS_4096_SHA256
RSASSA-PSS 4096 bit key with a SHA256 digest.
- "RSA_SIGN_PSS_4096_SHA512"
- RSA_SIGN_PSS_4096_SHA512
RSASSA-PSS 4096 bit key with a SHA512 digest.
- "RSA_SIGN_PKCS1_2048_SHA256"
- RSA_SIGN_PKCS1_2048_SHA256
RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
- "RSA_SIGN_PKCS1_3072_SHA256"
- RSA_SIGN_PKCS1_3072_SHA256
RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
- "RSA_SIGN_PKCS1_4096_SHA256"
- RSA_SIGN_PKCS1_4096_SHA256
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
- "RSA_SIGN_PKCS1_4096_SHA512"
- RSA_SIGN_PKCS1_4096_SHA512
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
- "RSA_SIGN_RAW_PKCS1_2048"
- RSA_SIGN_RAW_PKCS1_2048
RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
- "RSA_SIGN_RAW_PKCS1_3072"
- RSA_SIGN_RAW_PKCS1_3072
RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
- "RSA_SIGN_RAW_PKCS1_4096"
- RSA_SIGN_RAW_PKCS1_4096
RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
- "RSA_DECRYPT_OAEP_2048_SHA256"
- RSA_DECRYPT_OAEP_2048_SHA256
RSAES-OAEP 2048 bit key with a SHA256 digest.
- "RSA_DECRYPT_OAEP_3072_SHA256"
- RSA_DECRYPT_OAEP_3072_SHA256
RSAES-OAEP 3072 bit key with a SHA256 digest.
- "RSA_DECRYPT_OAEP_4096_SHA256"
- RSA_DECRYPT_OAEP_4096_SHA256
RSAES-OAEP 4096 bit key with a SHA256 digest.
- "RSA_DECRYPT_OAEP_4096_SHA512"
- RSA_DECRYPT_OAEP_4096_SHA512
RSAES-OAEP 4096 bit key with a SHA512 digest.
- "RSA_DECRYPT_OAEP_2048_SHA1"
- RSA_DECRYPT_OAEP_2048_SHA1
RSAES-OAEP 2048 bit key with a SHA1 digest.
- "RSA_DECRYPT_OAEP_3072_SHA1"
- RSA_DECRYPT_OAEP_3072_SHA1
RSAES-OAEP 3072 bit key with a SHA1 digest.
- "RSA_DECRYPT_OAEP_4096_SHA1"
- RSA_DECRYPT_OAEP_4096_SHA1
RSAES-OAEP 4096 bit key with a SHA1 digest.
- "EC_SIGN_P256_SHA256"
- EC_SIGN_P256_SHA256
ECDSA on the NIST P-256 curve with a SHA256 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
- "EC_SIGN_P384_SHA384"
- EC_SIGN_P384_SHA384
ECDSA on the NIST P-384 curve with a SHA384 digest. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
- "EC_SIGN_SECP256K1_SHA256"
- EC_SIGN_SECP256K1_SHA256
ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level. Other hash functions can also be used: https://cloud.google.com/kms/docs/create-validate-signatures#ecdsa_support_for_other_hash_algorithms
- "HMAC_SHA256"
- HMAC_SHA256
HMAC-SHA256 signing with a 256 bit key.
- "HMAC_SHA1"
- HMAC_SHA1
HMAC-SHA1 signing with a 160 bit key.
- "HMAC_SHA384"
- HMAC_SHA384
HMAC-SHA384 signing with a 384 bit key.
- "HMAC_SHA512"
- HMAC_SHA512
HMAC-SHA512 signing with a 512 bit key.
- "HMAC_SHA224"
- HMAC_SHA224
HMAC-SHA224 signing with a 224 bit key.
- "EXTERNAL_SYMMETRIC_ENCRYPTION"
- EXTERNAL_SYMMETRIC_ENCRYPTION
Algorithm representing symmetric encryption by an external key manager.
CryptoKeyVersionTemplateProtectionLevel, CryptoKeyVersionTemplateProtectionLevelArgs
- Protection
Level Unspecified - PROTECTION_LEVEL_UNSPECIFIED
Not specified.
- Software
- SOFTWARE
Crypto operations are performed in software.
- Hsm
- HSM
Crypto operations are performed in a Hardware Security Module.
- External
- EXTERNAL
Crypto operations are performed by an external key manager.
- External
Vpc - EXTERNAL_VPC
Crypto operations are performed in an EKM-over-VPC backend.
- Crypto
Key Version Template Protection Level Protection Level Unspecified - PROTECTION_LEVEL_UNSPECIFIED
Not specified.
- Crypto
Key Version Template Protection Level Software - SOFTWARE
Crypto operations are performed in software.
- Crypto
Key Version Template Protection Level Hsm - HSM
Crypto operations are performed in a Hardware Security Module.
- Crypto
Key Version Template Protection Level External - EXTERNAL
Crypto operations are performed by an external key manager.
- Crypto
Key Version Template Protection Level External Vpc - EXTERNAL_VPC
Crypto operations are performed in an EKM-over-VPC backend.
- Protection
Level Unspecified - PROTECTION_LEVEL_UNSPECIFIED
Not specified.
- Software
- SOFTWARE
Crypto operations are performed in software.
- Hsm
- HSM
Crypto operations are performed in a Hardware Security Module.
- External
- EXTERNAL
Crypto operations are performed by an external key manager.
- External
Vpc - EXTERNAL_VPC
Crypto operations are performed in an EKM-over-VPC backend.
- Protection
Level Unspecified - PROTECTION_LEVEL_UNSPECIFIED
Not specified.
- Software
- SOFTWARE
Crypto operations are performed in software.
- Hsm
- HSM
Crypto operations are performed in a Hardware Security Module.
- External
- EXTERNAL
Crypto operations are performed by an external key manager.
- External
Vpc - EXTERNAL_VPC
Crypto operations are performed in an EKM-over-VPC backend.
- PROTECTION_LEVEL_UNSPECIFIED
- PROTECTION_LEVEL_UNSPECIFIED
Not specified.
- SOFTWARE
- SOFTWARE
Crypto operations are performed in software.
- HSM
- HSM
Crypto operations are performed in a Hardware Security Module.
- EXTERNAL
- EXTERNAL
Crypto operations are performed by an external key manager.
- EXTERNAL_VPC
- EXTERNAL_VPC
Crypto operations are performed in an EKM-over-VPC backend.
- "PROTECTION_LEVEL_UNSPECIFIED"
- PROTECTION_LEVEL_UNSPECIFIED
Not specified.
- "SOFTWARE"
- SOFTWARE
Crypto operations are performed in software.
- "HSM"
- HSM
Crypto operations are performed in a Hardware Security Module.
- "EXTERNAL"
- EXTERNAL
Crypto operations are performed by an external key manager.
- "EXTERNAL_VPC"
- EXTERNAL_VPC
Crypto operations are performed in an EKM-over-VPC backend.
CryptoKeyVersionTemplateResponse, CryptoKeyVersionTemplateResponseArgs
- Algorithm string
Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
- Protection
Level string ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
- Algorithm string
Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
- Protection
Level string ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
- algorithm String
Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
- protection
Level String ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
- algorithm string
Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
- protection
Level string ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
- algorithm str
Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
- protection_
level str ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
- algorithm String
Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
- protection
Level String ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
ExternalProtectionLevelOptionsResponse, ExternalProtectionLevelOptionsResponseArgs
- Ekm
Connection stringKey Path The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- External
Key stringUri The URI for an external resource that this CryptoKeyVersion represents.
- Ekm
Connection stringKey Path The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- External
Key stringUri The URI for an external resource that this CryptoKeyVersion represents.
- ekm
Connection StringKey Path The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- external
Key StringUri The URI for an external resource that this CryptoKeyVersion represents.
- ekm
Connection stringKey Path The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- external
Key stringUri The URI for an external resource that this CryptoKeyVersion represents.
- ekm_
connection_ strkey_ path The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- external_
key_ struri The URI for an external resource that this CryptoKeyVersion represents.
- ekm
Connection StringKey Path The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- external
Key StringUri The URI for an external resource that this CryptoKeyVersion represents.
KeyOperationAttestationResponse, KeyOperationAttestationResponseArgs
- Cert
Chains Pulumi.Google Native. Cloudkms. V1. Inputs. Certificate Chains Response The certificate chains needed to validate the attestation
- Content string
The attestation data provided by the HSM when the key operation was performed.
- Format string
The format of the attestation data.
- Cert
Chains CertificateChains Response The certificate chains needed to validate the attestation
- Content string
The attestation data provided by the HSM when the key operation was performed.
- Format string
The format of the attestation data.
- cert
Chains CertificateChains Response The certificate chains needed to validate the attestation
- content String
The attestation data provided by the HSM when the key operation was performed.
- format String
The format of the attestation data.
- cert
Chains CertificateChains Response The certificate chains needed to validate the attestation
- content string
The attestation data provided by the HSM when the key operation was performed.
- format string
The format of the attestation data.
- cert_
chains CertificateChains Response The certificate chains needed to validate the attestation
- content str
The attestation data provided by the HSM when the key operation was performed.
- format str
The format of the attestation data.
- cert
Chains Property Map The certificate chains needed to validate the attestation
- content String
The attestation data provided by the HSM when the key operation was performed.
- format String
The format of the attestation data.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.