Google Cloud Native v0.28.0, Feb 2 23

google-native.cloudkms/v1.CryptoKey

Create a new CryptoKey within a KeyRing. CryptoKey.purpose and CryptoKey.version_template.algorithm are required. Note - this resource’s API doesn’t support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

Create CryptoKey Resource

new CryptoKey(name: string, args: CryptoKeyArgs, opts?: CustomResourceOptions);

@overload
def CryptoKey(resource_name: str,
              opts: Optional[ResourceOptions] = None,
              crypto_key_backend: Optional[str] = None,
              crypto_key_id: Optional[str] = None,
              destroy_scheduled_duration: Optional[str] = None,
              import_only: Optional[bool] = None,
              key_ring_id: Optional[str] = None,
              labels: Optional[Mapping[str, str]] = None,
              location: Optional[str] = None,
              next_rotation_time: Optional[str] = None,
              project: Optional[str] = None,
              purpose: Optional[CryptoKeyPurpose] = None,
              rotation_period: Optional[str] = None,
              skip_initial_version_creation: Optional[bool] = None,
              version_template: Optional[CryptoKeyVersionTemplateArgs] = None)
@overload
def CryptoKey(resource_name: str,
              args: CryptoKeyArgs,
              opts: Optional[ResourceOptions] = None)

func NewCryptoKey(ctx *Context, name string, args CryptoKeyArgs, opts ...ResourceOption) (*CryptoKey, error)

public CryptoKey(string name, CryptoKeyArgs args, CustomResourceOptions? opts = null)

public CryptoKey(String name, CryptoKeyArgs args)
public CryptoKey(String name, CryptoKeyArgs args, CustomResourceOptions options)

type: google-native:cloudkms/v1:CryptoKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args CryptoKeyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args CryptoKeyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args CryptoKeyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args CryptoKeyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args CryptoKeyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

CryptoKey Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The CryptoKey resource accepts the following input properties:

KeyRingId string
CryptoKeyBackend string: Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.
CryptoKeyId string: Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}
DestroyScheduledDuration string: Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
ImportOnly bool: Immutable. Whether this key may contain imported versions only.
Labels Dictionary<string, string>: Labels with user-defined metadata. For more information, see Labeling Keys.
Location string
NextRotationTime string: At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
Project string
Purpose Pulumi.GoogleNative.Cloudkms.V1.CryptoKeyPurpose: Immutable. The immutable purpose of this CryptoKey.
RotationPeriod string: next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
SkipInitialVersionCreation bool: If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.
VersionTemplate Pulumi.GoogleNative.Cloudkms.V1.Inputs.CryptoKeyVersionTemplateArgs: A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

KeyRingId string
CryptoKeyBackend string: Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.
CryptoKeyId string: Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}
DestroyScheduledDuration string: Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
ImportOnly bool: Immutable. Whether this key may contain imported versions only.
Labels map[string]string: Labels with user-defined metadata. For more information, see Labeling Keys.
Location string
NextRotationTime string: At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
Project string
Purpose CryptoKeyPurpose: Immutable. The immutable purpose of this CryptoKey.
RotationPeriod string: next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
SkipInitialVersionCreation bool: If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.
VersionTemplate CryptoKeyVersionTemplateArgs: A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

keyRingId String
cryptoKeyBackend String: Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.
cryptoKeyId String: Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}
destroyScheduledDuration String: Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
importOnly Boolean: Immutable. Whether this key may contain imported versions only.
labels Map<String,String>: Labels with user-defined metadata. For more information, see Labeling Keys.
location String
nextRotationTime String: At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
project String
purpose CryptoKeyPurpose: Immutable. The immutable purpose of this CryptoKey.
rotationPeriod String: next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
skipInitialVersionCreation Boolean: If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.
versionTemplate CryptoKeyVersionTemplateArgs: A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

keyRingId string
cryptoKeyBackend string: Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.
cryptoKeyId string: Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}
destroyScheduledDuration string: Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
importOnly boolean: Immutable. Whether this key may contain imported versions only.
labels {[key: string]: string}: Labels with user-defined metadata. For more information, see Labeling Keys.
location string
nextRotationTime string: At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
project string
purpose CryptoKeyPurpose: Immutable. The immutable purpose of this CryptoKey.
rotationPeriod string: next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
skipInitialVersionCreation boolean: If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.
versionTemplate CryptoKeyVersionTemplateArgs: A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

key_ring_id str
crypto_key_backend str: Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.
crypto_key_id str: Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}
destroy_scheduled_duration str: Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
import_only bool: Immutable. Whether this key may contain imported versions only.
labels Mapping[str, str]: Labels with user-defined metadata. For more information, see Labeling Keys.
location str
next_rotation_time str: At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
project str
purpose CryptoKeyPurpose: Immutable. The immutable purpose of this CryptoKey.
rotation_period str: next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
skip_initial_version_creation bool: If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.
version_template CryptoKeyVersionTemplateArgs: A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

keyRingId String
cryptoKeyBackend String: Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.
cryptoKeyId String: Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}
destroyScheduledDuration String: Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
importOnly Boolean: Immutable. Whether this key may contain imported versions only.
labels Map<String>: Labels with user-defined metadata. For more information, see Labeling Keys.
location String
nextRotationTime String: At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
project String
purpose "CRYPTO_KEY_PURPOSE_UNSPECIFIED" | "ENCRYPT_DECRYPT" | "ASYMMETRIC_SIGN" | "ASYMMETRIC_DECRYPT" | "MAC": Immutable. The immutable purpose of this CryptoKey.
rotationPeriod String: next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
skipInitialVersionCreation Boolean: If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.
versionTemplate Property Map: A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

Outputs

All input properties are implicitly available as output properties. Additionally, the CryptoKey resource produces the following output properties:

CreateTime string: The time at which this CryptoKey was created.
Id string: The provider-assigned unique ID for this managed resource.
Name string: The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.
Primary Pulumi.GoogleNative.Cloudkms.V1.Outputs.CryptoKeyVersionResponse: A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

CreateTime string: The time at which this CryptoKey was created.
Id string: The provider-assigned unique ID for this managed resource.
Name string: The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.
Primary CryptoKeyVersionResponse: A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

createTime String: The time at which this CryptoKey was created.
id String: The provider-assigned unique ID for this managed resource.
name String: The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.
primary CryptoKeyVersionResponse: A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

createTime string: The time at which this CryptoKey was created.
id string: The provider-assigned unique ID for this managed resource.
name string: The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.
primary CryptoKeyVersionResponse: A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

create_time str: The time at which this CryptoKey was created.
id str: The provider-assigned unique ID for this managed resource.
name str: The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.
primary CryptoKeyVersionResponse: A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

createTime String: The time at which this CryptoKey was created.
id String: The provider-assigned unique ID for this managed resource.
name String: The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.
primary Property Map: A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

Supporting Types

CertificateChainsResponse

CaviumCerts List<string>: Cavium certificate chain corresponding to the attestation.
GoogleCardCerts List<string>: Google card certificate chain corresponding to the attestation.
GooglePartitionCerts List<string>: Google partition certificate chain corresponding to the attestation.

CaviumCerts []string: Cavium certificate chain corresponding to the attestation.
GoogleCardCerts []string: Google card certificate chain corresponding to the attestation.
GooglePartitionCerts []string: Google partition certificate chain corresponding to the attestation.

caviumCerts List<String>: Cavium certificate chain corresponding to the attestation.
googleCardCerts List<String>: Google card certificate chain corresponding to the attestation.
googlePartitionCerts List<String>: Google partition certificate chain corresponding to the attestation.

caviumCerts string[]: Cavium certificate chain corresponding to the attestation.
googleCardCerts string[]: Google card certificate chain corresponding to the attestation.
googlePartitionCerts string[]: Google partition certificate chain corresponding to the attestation.

cavium_certs Sequence[str]: Cavium certificate chain corresponding to the attestation.
google_card_certs Sequence[str]: Google card certificate chain corresponding to the attestation.
google_partition_certs Sequence[str]: Google partition certificate chain corresponding to the attestation.

caviumCerts List<String>: Cavium certificate chain corresponding to the attestation.
googleCardCerts List<String>: Google card certificate chain corresponding to the attestation.
googlePartitionCerts List<String>: Google partition certificate chain corresponding to the attestation.

CryptoKeyPurpose

CryptoKeyPurposeUnspecified: CRYPTO_KEY_PURPOSE_UNSPECIFIED
Not specified.
EncryptDecrypt: ENCRYPT_DECRYPT
CryptoKeys with this purpose may be used with Encrypt and Decrypt.
AsymmetricSign: ASYMMETRIC_SIGN
CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.
AsymmetricDecrypt: ASYMMETRIC_DECRYPT
CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.
Mac: MAC
CryptoKeys with this purpose may be used with MacSign.

CryptoKeyPurposeCryptoKeyPurposeUnspecified: CRYPTO_KEY_PURPOSE_UNSPECIFIED
Not specified.
CryptoKeyPurposeEncryptDecrypt: ENCRYPT_DECRYPT
CryptoKeys with this purpose may be used with Encrypt and Decrypt.
CryptoKeyPurposeAsymmetricSign: ASYMMETRIC_SIGN
CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.
CryptoKeyPurposeAsymmetricDecrypt: ASYMMETRIC_DECRYPT
CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.
CryptoKeyPurposeMac: MAC
CryptoKeys with this purpose may be used with MacSign.

CryptoKeyPurposeUnspecified: CRYPTO_KEY_PURPOSE_UNSPECIFIED
Not specified.
EncryptDecrypt: ENCRYPT_DECRYPT
CryptoKeys with this purpose may be used with Encrypt and Decrypt.
AsymmetricSign: ASYMMETRIC_SIGN
CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.
AsymmetricDecrypt: ASYMMETRIC_DECRYPT
CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.
Mac: MAC
CryptoKeys with this purpose may be used with MacSign.

CryptoKeyPurposeUnspecified: CRYPTO_KEY_PURPOSE_UNSPECIFIED
Not specified.
EncryptDecrypt: ENCRYPT_DECRYPT
CryptoKeys with this purpose may be used with Encrypt and Decrypt.
AsymmetricSign: ASYMMETRIC_SIGN
CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.
AsymmetricDecrypt: ASYMMETRIC_DECRYPT
CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.
Mac: MAC
CryptoKeys with this purpose may be used with MacSign.

CRYPTO_KEY_PURPOSE_UNSPECIFIED: CRYPTO_KEY_PURPOSE_UNSPECIFIED
Not specified.
ENCRYPT_DECRYPT: ENCRYPT_DECRYPT
CryptoKeys with this purpose may be used with Encrypt and Decrypt.
ASYMMETRIC_SIGN: ASYMMETRIC_SIGN
CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.
ASYMMETRIC_DECRYPT: ASYMMETRIC_DECRYPT
CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.
MAC: MAC
CryptoKeys with this purpose may be used with MacSign.

"CRYPTO_KEY_PURPOSE_UNSPECIFIED": CRYPTO_KEY_PURPOSE_UNSPECIFIED
Not specified.
"ENCRYPT_DECRYPT": ENCRYPT_DECRYPT
CryptoKeys with this purpose may be used with Encrypt and Decrypt.
"ASYMMETRIC_SIGN": ASYMMETRIC_SIGN
CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.
"ASYMMETRIC_DECRYPT": ASYMMETRIC_DECRYPT
CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.
"MAC": MAC
CryptoKeys with this purpose may be used with MacSign.

CryptoKeyVersionResponse

Algorithm string: The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
Attestation Pulumi.GoogleNative.Cloudkms.V1.Inputs.KeyOperationAttestationResponse: Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
CreateTime string: The time at which this CryptoKeyVersion was created.
DestroyEventTime string: The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
DestroyTime string: The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
ExternalProtectionLevelOptions Pulumi.GoogleNative.Cloudkms.V1.Inputs.ExternalProtectionLevelOptionsResponse: ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
GenerateTime string: The time this CryptoKeyVersion's key material was generated.
ImportFailureReason string: The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
ImportJob string: The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
ImportTime string: The time at which this CryptoKeyVersion's key material was most recently imported.
Name string: The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.
ProtectionLevel string: The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
ReimportEligible bool: Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
State string: The current state of the CryptoKeyVersion.

Algorithm string: The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
Attestation KeyOperationAttestationResponse: Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
CreateTime string: The time at which this CryptoKeyVersion was created.
DestroyEventTime string: The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
DestroyTime string: The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
ExternalProtectionLevelOptions ExternalProtectionLevelOptionsResponse: ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
GenerateTime string: The time this CryptoKeyVersion's key material was generated.
ImportFailureReason string: The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
ImportJob string: The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
ImportTime string: The time at which this CryptoKeyVersion's key material was most recently imported.
Name string: The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.
ProtectionLevel string: The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
ReimportEligible bool: Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
State string: The current state of the CryptoKeyVersion.

algorithm String: The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
attestation KeyOperationAttestationResponse: Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
createTime String: The time at which this CryptoKeyVersion was created.
destroyEventTime String: The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
destroyTime String: The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
externalProtectionLevelOptions ExternalProtectionLevelOptionsResponse: ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
generateTime String: The time this CryptoKeyVersion's key material was generated.
importFailureReason String: The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
importJob String: The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
importTime String: The time at which this CryptoKeyVersion's key material was most recently imported.
name String: The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.
protectionLevel String: The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
reimportEligible Boolean: Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
state String: The current state of the CryptoKeyVersion.

algorithm string: The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
attestation KeyOperationAttestationResponse: Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
createTime string: The time at which this CryptoKeyVersion was created.
destroyEventTime string: The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
destroyTime string: The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
externalProtectionLevelOptions ExternalProtectionLevelOptionsResponse: ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
generateTime string: The time this CryptoKeyVersion's key material was generated.
importFailureReason string: The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
importJob string: The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
importTime string: The time at which this CryptoKeyVersion's key material was most recently imported.
name string: The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.
protectionLevel string: The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
reimportEligible boolean: Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
state string: The current state of the CryptoKeyVersion.

algorithm str: The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
attestation KeyOperationAttestationResponse: Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
create_time str: The time at which this CryptoKeyVersion was created.
destroy_event_time str: The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
destroy_time str: The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
external_protection_level_options ExternalProtectionLevelOptionsResponse: ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
generate_time str: The time this CryptoKeyVersion's key material was generated.
import_failure_reason str: The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
import_job str: The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
import_time str: The time at which this CryptoKeyVersion's key material was most recently imported.
name str: The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.
protection_level str: The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
reimport_eligible bool: Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
state str: The current state of the CryptoKeyVersion.

algorithm String: The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
attestation Property Map: Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
createTime String: The time at which this CryptoKeyVersion was created.
destroyEventTime String: The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
destroyTime String: The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
externalProtectionLevelOptions Property Map: ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
generateTime String: The time this CryptoKeyVersion's key material was generated.
importFailureReason String: The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
importJob String: The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
importTime String: The time at which this CryptoKeyVersion's key material was most recently imported.
name String: The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.
protectionLevel String: The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
reimportEligible Boolean: Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
state String: The current state of the CryptoKeyVersion.

CryptoKeyVersionTemplate

Algorithm Pulumi.GoogleNative.Cloudkms.V1.CryptoKeyVersionTemplateAlgorithm: Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
ProtectionLevel Pulumi.GoogleNative.Cloudkms.V1.CryptoKeyVersionTemplateProtectionLevel: ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

Algorithm CryptoKeyVersionTemplateAlgorithm: Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
ProtectionLevel CryptoKeyVersionTemplateProtectionLevel: ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

algorithm CryptoKeyVersionTemplateAlgorithm: Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
protectionLevel CryptoKeyVersionTemplateProtectionLevel: ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

algorithm CryptoKeyVersionTemplateAlgorithm: Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
protectionLevel CryptoKeyVersionTemplateProtectionLevel: ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

algorithm CryptoKeyVersionTemplateAlgorithm: Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
protection_level CryptoKeyVersionTemplateProtectionLevel: ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

algorithm "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" | "GOOGLE_SYMMETRIC_ENCRYPTION" | "RSA_SIGN_PSS_2048_SHA256" | "RSA_SIGN_PSS_3072_SHA256" | "RSA_SIGN_PSS_4096_SHA256" | "RSA_SIGN_PSS_4096_SHA512" | "RSA_SIGN_PKCS1_2048_SHA256" | "RSA_SIGN_PKCS1_3072_SHA256" | "RSA_SIGN_PKCS1_4096_SHA256" | "RSA_SIGN_PKCS1_4096_SHA512" | "RSA_SIGN_RAW_PKCS1_2048" | "RSA_SIGN_RAW_PKCS1_3072" | "RSA_SIGN_RAW_PKCS1_4096" | "RSA_DECRYPT_OAEP_2048_SHA256" | "RSA_DECRYPT_OAEP_3072_SHA256" | "RSA_DECRYPT_OAEP_4096_SHA256" | "RSA_DECRYPT_OAEP_4096_SHA512" | "RSA_DECRYPT_OAEP_2048_SHA1" | "RSA_DECRYPT_OAEP_3072_SHA1" | "RSA_DECRYPT_OAEP_4096_SHA1" | "EC_SIGN_P256_SHA256" | "EC_SIGN_P384_SHA384" | "EC_SIGN_SECP256K1_SHA256" | "HMAC_SHA256" | "HMAC_SHA1" | "HMAC_SHA384" | "HMAC_SHA512" | "HMAC_SHA224" | "EXTERNAL_SYMMETRIC_ENCRYPTION": Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
protectionLevel "PROTECTION_LEVEL_UNSPECIFIED" | "SOFTWARE" | "HSM" | "EXTERNAL" | "EXTERNAL_VPC": ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

CryptoKeyVersionTemplateAlgorithm

CryptoKeyVersionAlgorithmUnspecified: CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED
Not specified.
GoogleSymmetricEncryption: GOOGLE_SYMMETRIC_ENCRYPTION
Creates symmetric encryption keys.
RsaSignPss2048Sha256: RSA_SIGN_PSS_2048_SHA256
RSASSA-PSS 2048 bit key with a SHA256 digest.
RsaSignPss3072Sha256: RSA_SIGN_PSS_3072_SHA256
RSASSA-PSS 3072 bit key with a SHA256 digest.
RsaSignPss4096Sha256: RSA_SIGN_PSS_4096_SHA256
RSASSA-PSS 4096 bit key with a SHA256 digest.
RsaSignPss4096Sha512: RSA_SIGN_PSS_4096_SHA512
RSASSA-PSS 4096 bit key with a SHA512 digest.
RsaSignPkcs12048Sha256: RSA_SIGN_PKCS1_2048_SHA256
RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
RsaSignPkcs13072Sha256: RSA_SIGN_PKCS1_3072_SHA256
RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
RsaSignPkcs14096Sha256: RSA_SIGN_PKCS1_4096_SHA256
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
RsaSignPkcs14096Sha512: RSA_SIGN_PKCS1_4096_SHA512
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
RsaSignRawPkcs12048: RSA_SIGN_RAW_PKCS1_2048
RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
RsaSignRawPkcs13072: RSA_SIGN_RAW_PKCS1_3072
RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
RsaSignRawPkcs14096: RSA_SIGN_RAW_PKCS1_4096
RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
RsaDecryptOaep2048Sha256: RSA_DECRYPT_OAEP_2048_SHA256
RSAES-OAEP 2048 bit key with a SHA256 digest.
RsaDecryptOaep3072Sha256: RSA_DECRYPT_OAEP_3072_SHA256
RSAES-OAEP 3072 bit key with a SHA256 digest.
RsaDecryptOaep4096Sha256: RSA_DECRYPT_OAEP_4096_SHA256
RSAES-OAEP 4096 bit key with a SHA256 digest.
RsaDecryptOaep4096Sha512: RSA_DECRYPT_OAEP_4096_SHA512
RSAES-OAEP 4096 bit key with a SHA512 digest.
RsaDecryptOaep2048Sha1: RSA_DECRYPT_OAEP_2048_SHA1
RSAES-OAEP 2048 bit key with a SHA1 digest.
RsaDecryptOaep3072Sha1: RSA_DECRYPT_OAEP_3072_SHA1
RSAES-OAEP 3072 bit key with a SHA1 digest.
RsaDecryptOaep4096Sha1: RSA_DECRYPT_OAEP_4096_SHA1
RSAES-OAEP 4096 bit key with a SHA1 digest.
EcSignP256Sha256: EC_SIGN_P256_SHA256
ECDSA on the NIST P-256 curve with a SHA256 digest.
EcSignP384Sha384: EC_SIGN_P384_SHA384
ECDSA on the NIST P-384 curve with a SHA384 digest.
EcSignSecp256k1Sha256: EC_SIGN_SECP256K1_SHA256
ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level.
HmacSha256: HMAC_SHA256
HMAC-SHA256 signing with a 256 bit key.
HmacSha1: HMAC_SHA1
HMAC-SHA1 signing with a 160 bit key.
HmacSha384: HMAC_SHA384
HMAC-SHA384 signing with a 384 bit key.
HmacSha512: HMAC_SHA512
HMAC-SHA512 signing with a 512 bit key.
HmacSha224: HMAC_SHA224
HMAC-SHA224 signing with a 224 bit key.
ExternalSymmetricEncryption: EXTERNAL_SYMMETRIC_ENCRYPTION
Algorithm representing symmetric encryption by an external key manager.

CryptoKeyVersionTemplateAlgorithmCryptoKeyVersionAlgorithmUnspecified: CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED
Not specified.
CryptoKeyVersionTemplateAlgorithmGoogleSymmetricEncryption: GOOGLE_SYMMETRIC_ENCRYPTION
Creates symmetric encryption keys.
CryptoKeyVersionTemplateAlgorithmRsaSignPss2048Sha256: RSA_SIGN_PSS_2048_SHA256
RSASSA-PSS 2048 bit key with a SHA256 digest.
CryptoKeyVersionTemplateAlgorithmRsaSignPss3072Sha256: RSA_SIGN_PSS_3072_SHA256
RSASSA-PSS 3072 bit key with a SHA256 digest.
CryptoKeyVersionTemplateAlgorithmRsaSignPss4096Sha256: RSA_SIGN_PSS_4096_SHA256
RSASSA-PSS 4096 bit key with a SHA256 digest.
CryptoKeyVersionTemplateAlgorithmRsaSignPss4096Sha512: RSA_SIGN_PSS_4096_SHA512
RSASSA-PSS 4096 bit key with a SHA512 digest.
CryptoKeyVersionTemplateAlgorithmRsaSignPkcs12048Sha256: RSA_SIGN_PKCS1_2048_SHA256
RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
CryptoKeyVersionTemplateAlgorithmRsaSignPkcs13072Sha256: RSA_SIGN_PKCS1_3072_SHA256
RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
CryptoKeyVersionTemplateAlgorithmRsaSignPkcs14096Sha256: RSA_SIGN_PKCS1_4096_SHA256
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
CryptoKeyVersionTemplateAlgorithmRsaSignPkcs14096Sha512: RSA_SIGN_PKCS1_4096_SHA512
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
CryptoKeyVersionTemplateAlgorithmRsaSignRawPkcs12048: RSA_SIGN_RAW_PKCS1_2048
RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
CryptoKeyVersionTemplateAlgorithmRsaSignRawPkcs13072: RSA_SIGN_RAW_PKCS1_3072
RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
CryptoKeyVersionTemplateAlgorithmRsaSignRawPkcs14096: RSA_SIGN_RAW_PKCS1_4096
RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep2048Sha256: RSA_DECRYPT_OAEP_2048_SHA256
RSAES-OAEP 2048 bit key with a SHA256 digest.
CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep3072Sha256: RSA_DECRYPT_OAEP_3072_SHA256
RSAES-OAEP 3072 bit key with a SHA256 digest.
CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep4096Sha256: RSA_DECRYPT_OAEP_4096_SHA256
RSAES-OAEP 4096 bit key with a SHA256 digest.
CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep4096Sha512: RSA_DECRYPT_OAEP_4096_SHA512
RSAES-OAEP 4096 bit key with a SHA512 digest.
CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep2048Sha1: RSA_DECRYPT_OAEP_2048_SHA1
RSAES-OAEP 2048 bit key with a SHA1 digest.
CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep3072Sha1: RSA_DECRYPT_OAEP_3072_SHA1
RSAES-OAEP 3072 bit key with a SHA1 digest.
CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep4096Sha1: RSA_DECRYPT_OAEP_4096_SHA1
RSAES-OAEP 4096 bit key with a SHA1 digest.
CryptoKeyVersionTemplateAlgorithmEcSignP256Sha256: EC_SIGN_P256_SHA256
ECDSA on the NIST P-256 curve with a SHA256 digest.
CryptoKeyVersionTemplateAlgorithmEcSignP384Sha384: EC_SIGN_P384_SHA384
ECDSA on the NIST P-384 curve with a SHA384 digest.
CryptoKeyVersionTemplateAlgorithmEcSignSecp256k1Sha256: EC_SIGN_SECP256K1_SHA256
ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level.
CryptoKeyVersionTemplateAlgorithmHmacSha256: HMAC_SHA256
HMAC-SHA256 signing with a 256 bit key.
CryptoKeyVersionTemplateAlgorithmHmacSha1: HMAC_SHA1
HMAC-SHA1 signing with a 160 bit key.
CryptoKeyVersionTemplateAlgorithmHmacSha384: HMAC_SHA384
HMAC-SHA384 signing with a 384 bit key.
CryptoKeyVersionTemplateAlgorithmHmacSha512: HMAC_SHA512
HMAC-SHA512 signing with a 512 bit key.
CryptoKeyVersionTemplateAlgorithmHmacSha224: HMAC_SHA224
HMAC-SHA224 signing with a 224 bit key.
CryptoKeyVersionTemplateAlgorithmExternalSymmetricEncryption: EXTERNAL_SYMMETRIC_ENCRYPTION
Algorithm representing symmetric encryption by an external key manager.

CryptoKeyVersionAlgorithmUnspecified: CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED
Not specified.
GoogleSymmetricEncryption: GOOGLE_SYMMETRIC_ENCRYPTION
Creates symmetric encryption keys.
RsaSignPss2048Sha256: RSA_SIGN_PSS_2048_SHA256
RSASSA-PSS 2048 bit key with a SHA256 digest.
RsaSignPss3072Sha256: RSA_SIGN_PSS_3072_SHA256
RSASSA-PSS 3072 bit key with a SHA256 digest.
RsaSignPss4096Sha256: RSA_SIGN_PSS_4096_SHA256
RSASSA-PSS 4096 bit key with a SHA256 digest.
RsaSignPss4096Sha512: RSA_SIGN_PSS_4096_SHA512
RSASSA-PSS 4096 bit key with a SHA512 digest.
RsaSignPkcs12048Sha256: RSA_SIGN_PKCS1_2048_SHA256
RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
RsaSignPkcs13072Sha256: RSA_SIGN_PKCS1_3072_SHA256
RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
RsaSignPkcs14096Sha256: RSA_SIGN_PKCS1_4096_SHA256
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
RsaSignPkcs14096Sha512: RSA_SIGN_PKCS1_4096_SHA512
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
RsaSignRawPkcs12048: RSA_SIGN_RAW_PKCS1_2048
RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
RsaSignRawPkcs13072: RSA_SIGN_RAW_PKCS1_3072
RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
RsaSignRawPkcs14096: RSA_SIGN_RAW_PKCS1_4096
RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
RsaDecryptOaep2048Sha256: RSA_DECRYPT_OAEP_2048_SHA256
RSAES-OAEP 2048 bit key with a SHA256 digest.
RsaDecryptOaep3072Sha256: RSA_DECRYPT_OAEP_3072_SHA256
RSAES-OAEP 3072 bit key with a SHA256 digest.
RsaDecryptOaep4096Sha256: RSA_DECRYPT_OAEP_4096_SHA256
RSAES-OAEP 4096 bit key with a SHA256 digest.
RsaDecryptOaep4096Sha512: RSA_DECRYPT_OAEP_4096_SHA512
RSAES-OAEP 4096 bit key with a SHA512 digest.
RsaDecryptOaep2048Sha1: RSA_DECRYPT_OAEP_2048_SHA1
RSAES-OAEP 2048 bit key with a SHA1 digest.
RsaDecryptOaep3072Sha1: RSA_DECRYPT_OAEP_3072_SHA1
RSAES-OAEP 3072 bit key with a SHA1 digest.
RsaDecryptOaep4096Sha1: RSA_DECRYPT_OAEP_4096_SHA1
RSAES-OAEP 4096 bit key with a SHA1 digest.
EcSignP256Sha256: EC_SIGN_P256_SHA256
ECDSA on the NIST P-256 curve with a SHA256 digest.
EcSignP384Sha384: EC_SIGN_P384_SHA384
ECDSA on the NIST P-384 curve with a SHA384 digest.
EcSignSecp256k1Sha256: EC_SIGN_SECP256K1_SHA256
ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level.
HmacSha256: HMAC_SHA256
HMAC-SHA256 signing with a 256 bit key.
HmacSha1: HMAC_SHA1
HMAC-SHA1 signing with a 160 bit key.
HmacSha384: HMAC_SHA384
HMAC-SHA384 signing with a 384 bit key.
HmacSha512: HMAC_SHA512
HMAC-SHA512 signing with a 512 bit key.
HmacSha224: HMAC_SHA224
HMAC-SHA224 signing with a 224 bit key.
ExternalSymmetricEncryption: EXTERNAL_SYMMETRIC_ENCRYPTION
Algorithm representing symmetric encryption by an external key manager.

CryptoKeyVersionAlgorithmUnspecified: CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED
Not specified.
GoogleSymmetricEncryption: GOOGLE_SYMMETRIC_ENCRYPTION
Creates symmetric encryption keys.
RsaSignPss2048Sha256: RSA_SIGN_PSS_2048_SHA256
RSASSA-PSS 2048 bit key with a SHA256 digest.
RsaSignPss3072Sha256: RSA_SIGN_PSS_3072_SHA256
RSASSA-PSS 3072 bit key with a SHA256 digest.
RsaSignPss4096Sha256: RSA_SIGN_PSS_4096_SHA256
RSASSA-PSS 4096 bit key with a SHA256 digest.
RsaSignPss4096Sha512: RSA_SIGN_PSS_4096_SHA512
RSASSA-PSS 4096 bit key with a SHA512 digest.
RsaSignPkcs12048Sha256: RSA_SIGN_PKCS1_2048_SHA256
RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
RsaSignPkcs13072Sha256: RSA_SIGN_PKCS1_3072_SHA256
RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
RsaSignPkcs14096Sha256: RSA_SIGN_PKCS1_4096_SHA256
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
RsaSignPkcs14096Sha512: RSA_SIGN_PKCS1_4096_SHA512
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
RsaSignRawPkcs12048: RSA_SIGN_RAW_PKCS1_2048
RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
RsaSignRawPkcs13072: RSA_SIGN_RAW_PKCS1_3072
RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
RsaSignRawPkcs14096: RSA_SIGN_RAW_PKCS1_4096
RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
RsaDecryptOaep2048Sha256: RSA_DECRYPT_OAEP_2048_SHA256
RSAES-OAEP 2048 bit key with a SHA256 digest.
RsaDecryptOaep3072Sha256: RSA_DECRYPT_OAEP_3072_SHA256
RSAES-OAEP 3072 bit key with a SHA256 digest.
RsaDecryptOaep4096Sha256: RSA_DECRYPT_OAEP_4096_SHA256
RSAES-OAEP 4096 bit key with a SHA256 digest.
RsaDecryptOaep4096Sha512: RSA_DECRYPT_OAEP_4096_SHA512
RSAES-OAEP 4096 bit key with a SHA512 digest.
RsaDecryptOaep2048Sha1: RSA_DECRYPT_OAEP_2048_SHA1
RSAES-OAEP 2048 bit key with a SHA1 digest.
RsaDecryptOaep3072Sha1: RSA_DECRYPT_OAEP_3072_SHA1
RSAES-OAEP 3072 bit key with a SHA1 digest.
RsaDecryptOaep4096Sha1: RSA_DECRYPT_OAEP_4096_SHA1
RSAES-OAEP 4096 bit key with a SHA1 digest.
EcSignP256Sha256: EC_SIGN_P256_SHA256
ECDSA on the NIST P-256 curve with a SHA256 digest.
EcSignP384Sha384: EC_SIGN_P384_SHA384
ECDSA on the NIST P-384 curve with a SHA384 digest.
EcSignSecp256k1Sha256: EC_SIGN_SECP256K1_SHA256
ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level.
HmacSha256: HMAC_SHA256
HMAC-SHA256 signing with a 256 bit key.
HmacSha1: HMAC_SHA1
HMAC-SHA1 signing with a 160 bit key.
HmacSha384: HMAC_SHA384
HMAC-SHA384 signing with a 384 bit key.
HmacSha512: HMAC_SHA512
HMAC-SHA512 signing with a 512 bit key.
HmacSha224: HMAC_SHA224
HMAC-SHA224 signing with a 224 bit key.
ExternalSymmetricEncryption: EXTERNAL_SYMMETRIC_ENCRYPTION
Algorithm representing symmetric encryption by an external key manager.

CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED: CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED
Not specified.
GOOGLE_SYMMETRIC_ENCRYPTION: GOOGLE_SYMMETRIC_ENCRYPTION
Creates symmetric encryption keys.
RSA_SIGN_PSS2048_SHA256: RSA_SIGN_PSS_2048_SHA256
RSASSA-PSS 2048 bit key with a SHA256 digest.
RSA_SIGN_PSS3072_SHA256: RSA_SIGN_PSS_3072_SHA256
RSASSA-PSS 3072 bit key with a SHA256 digest.
RSA_SIGN_PSS4096_SHA256: RSA_SIGN_PSS_4096_SHA256
RSASSA-PSS 4096 bit key with a SHA256 digest.
RSA_SIGN_PSS4096_SHA512: RSA_SIGN_PSS_4096_SHA512
RSASSA-PSS 4096 bit key with a SHA512 digest.
RSA_SIGN_PKCS12048_SHA256: RSA_SIGN_PKCS1_2048_SHA256
RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
RSA_SIGN_PKCS13072_SHA256: RSA_SIGN_PKCS1_3072_SHA256
RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
RSA_SIGN_PKCS14096_SHA256: RSA_SIGN_PKCS1_4096_SHA256
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
RSA_SIGN_PKCS14096_SHA512: RSA_SIGN_PKCS1_4096_SHA512
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
RSA_SIGN_RAW_PKCS12048: RSA_SIGN_RAW_PKCS1_2048
RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
RSA_SIGN_RAW_PKCS13072: RSA_SIGN_RAW_PKCS1_3072
RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
RSA_SIGN_RAW_PKCS14096: RSA_SIGN_RAW_PKCS1_4096
RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
RSA_DECRYPT_OAEP2048_SHA256: RSA_DECRYPT_OAEP_2048_SHA256
RSAES-OAEP 2048 bit key with a SHA256 digest.
RSA_DECRYPT_OAEP3072_SHA256: RSA_DECRYPT_OAEP_3072_SHA256
RSAES-OAEP 3072 bit key with a SHA256 digest.
RSA_DECRYPT_OAEP4096_SHA256: RSA_DECRYPT_OAEP_4096_SHA256
RSAES-OAEP 4096 bit key with a SHA256 digest.
RSA_DECRYPT_OAEP4096_SHA512: RSA_DECRYPT_OAEP_4096_SHA512
RSAES-OAEP 4096 bit key with a SHA512 digest.
RSA_DECRYPT_OAEP2048_SHA1: RSA_DECRYPT_OAEP_2048_SHA1
RSAES-OAEP 2048 bit key with a SHA1 digest.
RSA_DECRYPT_OAEP3072_SHA1: RSA_DECRYPT_OAEP_3072_SHA1
RSAES-OAEP 3072 bit key with a SHA1 digest.
RSA_DECRYPT_OAEP4096_SHA1: RSA_DECRYPT_OAEP_4096_SHA1
RSAES-OAEP 4096 bit key with a SHA1 digest.
EC_SIGN_P256_SHA256: EC_SIGN_P256_SHA256
ECDSA on the NIST P-256 curve with a SHA256 digest.
EC_SIGN_P384_SHA384: EC_SIGN_P384_SHA384
ECDSA on the NIST P-384 curve with a SHA384 digest.
EC_SIGN_SECP256K1_SHA256: EC_SIGN_SECP256K1_SHA256
ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level.
HMAC_SHA256: HMAC_SHA256
HMAC-SHA256 signing with a 256 bit key.
HMAC_SHA1: HMAC_SHA1
HMAC-SHA1 signing with a 160 bit key.
HMAC_SHA384: HMAC_SHA384
HMAC-SHA384 signing with a 384 bit key.
HMAC_SHA512: HMAC_SHA512
HMAC-SHA512 signing with a 512 bit key.
HMAC_SHA224: HMAC_SHA224
HMAC-SHA224 signing with a 224 bit key.
EXTERNAL_SYMMETRIC_ENCRYPTION: EXTERNAL_SYMMETRIC_ENCRYPTION
Algorithm representing symmetric encryption by an external key manager.

"CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED": CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED
Not specified.
"GOOGLE_SYMMETRIC_ENCRYPTION": GOOGLE_SYMMETRIC_ENCRYPTION
Creates symmetric encryption keys.
"RSA_SIGN_PSS_2048_SHA256": RSA_SIGN_PSS_2048_SHA256
RSASSA-PSS 2048 bit key with a SHA256 digest.
"RSA_SIGN_PSS_3072_SHA256": RSA_SIGN_PSS_3072_SHA256
RSASSA-PSS 3072 bit key with a SHA256 digest.
"RSA_SIGN_PSS_4096_SHA256": RSA_SIGN_PSS_4096_SHA256
RSASSA-PSS 4096 bit key with a SHA256 digest.
"RSA_SIGN_PSS_4096_SHA512": RSA_SIGN_PSS_4096_SHA512
RSASSA-PSS 4096 bit key with a SHA512 digest.
"RSA_SIGN_PKCS1_2048_SHA256": RSA_SIGN_PKCS1_2048_SHA256
RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
"RSA_SIGN_PKCS1_3072_SHA256": RSA_SIGN_PKCS1_3072_SHA256
RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
"RSA_SIGN_PKCS1_4096_SHA256": RSA_SIGN_PKCS1_4096_SHA256
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
"RSA_SIGN_PKCS1_4096_SHA512": RSA_SIGN_PKCS1_4096_SHA512
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
"RSA_SIGN_RAW_PKCS1_2048": RSA_SIGN_RAW_PKCS1_2048
RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
"RSA_SIGN_RAW_PKCS1_3072": RSA_SIGN_RAW_PKCS1_3072
RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
"RSA_SIGN_RAW_PKCS1_4096": RSA_SIGN_RAW_PKCS1_4096
RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
"RSA_DECRYPT_OAEP_2048_SHA256": RSA_DECRYPT_OAEP_2048_SHA256
RSAES-OAEP 2048 bit key with a SHA256 digest.
"RSA_DECRYPT_OAEP_3072_SHA256": RSA_DECRYPT_OAEP_3072_SHA256
RSAES-OAEP 3072 bit key with a SHA256 digest.
"RSA_DECRYPT_OAEP_4096_SHA256": RSA_DECRYPT_OAEP_4096_SHA256
RSAES-OAEP 4096 bit key with a SHA256 digest.
"RSA_DECRYPT_OAEP_4096_SHA512": RSA_DECRYPT_OAEP_4096_SHA512
RSAES-OAEP 4096 bit key with a SHA512 digest.
"RSA_DECRYPT_OAEP_2048_SHA1": RSA_DECRYPT_OAEP_2048_SHA1
RSAES-OAEP 2048 bit key with a SHA1 digest.
"RSA_DECRYPT_OAEP_3072_SHA1": RSA_DECRYPT_OAEP_3072_SHA1
RSAES-OAEP 3072 bit key with a SHA1 digest.
"RSA_DECRYPT_OAEP_4096_SHA1": RSA_DECRYPT_OAEP_4096_SHA1
RSAES-OAEP 4096 bit key with a SHA1 digest.
"EC_SIGN_P256_SHA256": EC_SIGN_P256_SHA256
ECDSA on the NIST P-256 curve with a SHA256 digest.
"EC_SIGN_P384_SHA384": EC_SIGN_P384_SHA384
ECDSA on the NIST P-384 curve with a SHA384 digest.
"EC_SIGN_SECP256K1_SHA256": EC_SIGN_SECP256K1_SHA256
ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level.
"HMAC_SHA256": HMAC_SHA256
HMAC-SHA256 signing with a 256 bit key.
"HMAC_SHA1": HMAC_SHA1
HMAC-SHA1 signing with a 160 bit key.
"HMAC_SHA384": HMAC_SHA384
HMAC-SHA384 signing with a 384 bit key.
"HMAC_SHA512": HMAC_SHA512
HMAC-SHA512 signing with a 512 bit key.
"HMAC_SHA224": HMAC_SHA224
HMAC-SHA224 signing with a 224 bit key.
"EXTERNAL_SYMMETRIC_ENCRYPTION": EXTERNAL_SYMMETRIC_ENCRYPTION
Algorithm representing symmetric encryption by an external key manager.

CryptoKeyVersionTemplateProtectionLevel

ProtectionLevelUnspecified: PROTECTION_LEVEL_UNSPECIFIED
Not specified.
Software: SOFTWARE
Crypto operations are performed in software.
Hsm: HSM
Crypto operations are performed in a Hardware Security Module.
External: EXTERNAL
Crypto operations are performed by an external key manager.
ExternalVpc: EXTERNAL_VPC
Crypto operations are performed in an EKM-over-VPC backend.

CryptoKeyVersionTemplateProtectionLevelProtectionLevelUnspecified: PROTECTION_LEVEL_UNSPECIFIED
Not specified.
CryptoKeyVersionTemplateProtectionLevelSoftware: SOFTWARE
Crypto operations are performed in software.
CryptoKeyVersionTemplateProtectionLevelHsm: HSM
Crypto operations are performed in a Hardware Security Module.
CryptoKeyVersionTemplateProtectionLevelExternal: EXTERNAL
Crypto operations are performed by an external key manager.
CryptoKeyVersionTemplateProtectionLevelExternalVpc: EXTERNAL_VPC
Crypto operations are performed in an EKM-over-VPC backend.

ProtectionLevelUnspecified: PROTECTION_LEVEL_UNSPECIFIED
Not specified.
Software: SOFTWARE
Crypto operations are performed in software.
Hsm: HSM
Crypto operations are performed in a Hardware Security Module.
External: EXTERNAL
Crypto operations are performed by an external key manager.
ExternalVpc: EXTERNAL_VPC
Crypto operations are performed in an EKM-over-VPC backend.

ProtectionLevelUnspecified: PROTECTION_LEVEL_UNSPECIFIED
Not specified.
Software: SOFTWARE
Crypto operations are performed in software.
Hsm: HSM
Crypto operations are performed in a Hardware Security Module.
External: EXTERNAL
Crypto operations are performed by an external key manager.
ExternalVpc: EXTERNAL_VPC
Crypto operations are performed in an EKM-over-VPC backend.

PROTECTION_LEVEL_UNSPECIFIED: PROTECTION_LEVEL_UNSPECIFIED
Not specified.
SOFTWARE: SOFTWARE
Crypto operations are performed in software.
HSM: HSM
Crypto operations are performed in a Hardware Security Module.
EXTERNAL: EXTERNAL
Crypto operations are performed by an external key manager.
EXTERNAL_VPC: EXTERNAL_VPC
Crypto operations are performed in an EKM-over-VPC backend.

"PROTECTION_LEVEL_UNSPECIFIED": PROTECTION_LEVEL_UNSPECIFIED
Not specified.
"SOFTWARE": SOFTWARE
Crypto operations are performed in software.
"HSM": HSM
Crypto operations are performed in a Hardware Security Module.
"EXTERNAL": EXTERNAL
Crypto operations are performed by an external key manager.
"EXTERNAL_VPC": EXTERNAL_VPC
Crypto operations are performed in an EKM-over-VPC backend.

CryptoKeyVersionTemplateResponse

Algorithm string: Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
ProtectionLevel string: ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

Algorithm string: Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
ProtectionLevel string: ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

algorithm String: Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
protectionLevel String: ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

algorithm string: Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
protectionLevel string: ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

algorithm str: Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
protection_level str: ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

algorithm String: Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
protectionLevel String: ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

ExternalProtectionLevelOptionsResponse

EkmConnectionKeyPath string: The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
ExternalKeyUri string: The URI for an external resource that this CryptoKeyVersion represents.

EkmConnectionKeyPath string: The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
ExternalKeyUri string: The URI for an external resource that this CryptoKeyVersion represents.

ekmConnectionKeyPath String: The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
externalKeyUri String: The URI for an external resource that this CryptoKeyVersion represents.

ekmConnectionKeyPath string: The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
externalKeyUri string: The URI for an external resource that this CryptoKeyVersion represents.

ekm_connection_key_path str: The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
external_key_uri str: The URI for an external resource that this CryptoKeyVersion represents.

ekmConnectionKeyPath String: The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
externalKeyUri String: The URI for an external resource that this CryptoKeyVersion represents.

KeyOperationAttestationResponse

CertChains Pulumi.GoogleNative.Cloudkms.V1.Inputs.CertificateChainsResponse: The certificate chains needed to validate the attestation
Content string: The attestation data provided by the HSM when the key operation was performed.
Format string: The format of the attestation data.

CertChains CertificateChainsResponse: The certificate chains needed to validate the attestation
Content string: The attestation data provided by the HSM when the key operation was performed.
Format string: The format of the attestation data.

certChains CertificateChainsResponse: The certificate chains needed to validate the attestation
content String: The attestation data provided by the HSM when the key operation was performed.
format String: The format of the attestation data.

certChains CertificateChainsResponse: The certificate chains needed to validate the attestation
content string: The attestation data provided by the HSM when the key operation was performed.
format string: The format of the attestation data.

cert_chains CertificateChainsResponse: The certificate chains needed to validate the attestation
content str: The attestation data provided by the HSM when the key operation was performed.
format str: The format of the attestation data.

certChains Property Map: The certificate chains needed to validate the attestation
content String: The attestation data provided by the HSM when the key operation was performed.
format String: The format of the attestation data.

Package Details

Repository: Google Cloud Native pulumi/pulumi-google-native
License: Apache-2.0