KeyManagementServiceClient

KeyManagementServiceClient

Google Cloud Key Management Service

Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:

  • KeyRing
  • CryptoKey
  • CryptoKeyVersion
  • ImportJob

If you are using manual gRPC libraries, see Using gRPC with Cloud KMS.

Constructor

new KeyManagementServiceClient(optionsopt)

Construct an instance of KeyManagementServiceClient.

Parameters:
Name Type Attributes Description
options object <optional>

The configuration object. See the subsequent parameters for more details.

Properties
Name Type Attributes Description
credentials object <optional>

Credentials object.

Properties
Name Type Attributes Description
client_email string <optional>
private_key string <optional>
email string <optional>

Account email address. Required when using a .pem or .p12 keyFilename.
keyFilename string <optional>

Full path to the a .json, .pem, or .p12 key downloaded from the Google Developers Console. If you provide a path to a JSON file, the projectId option below is not necessary. NOTE: .pem and .p12 require you to specify options.email as well.
port number <optional>

The port on which to connect to the remote host.
projectId string <optional>

The project ID from the Google Developer's Console, e.g. 'grape-spaceship-123'. We will also check the environment variable GCLOUD_PROJECT for your project ID. If your app is running in an environment which supports Application Default Credentials, your project ID will be detected automatically.
promise function <optional>

Custom promise module to use instead of native Promises.
apiEndpoint string <optional>

The domain name of the API remote host.
Source:

Members

(static) apiEndpoint

The DNS address for this API service - same as servicePath(), exists for compatibility reasons.

Source:

(static) port

The port for this API service.

Source:

(static) scopes

The scopes needed to make gRPC calls for every method defined in this service.

Source:

(static) servicePath

The DNS address for this API service.

Source:

Methods

asymmetricDecrypt(request, optionsopt, callbackopt) → {Promise}

Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The resource name of the CryptoKeyVersion to use for decryption.
ciphertext Buffer

Required. The data encrypted with the named CryptoKeyVersion's public key using OAEP.
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing AsymmetricDecryptResponse.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedName = client.cryptoKeyVersionPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]');
const ciphertext = Buffer.from('');
const request = {
  name: formattedName,
  ciphertext: ciphertext,
};
client.asymmetricDecrypt(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

asymmetricSign(request, optionsopt, callbackopt) → {Promise}

Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The resource name of the CryptoKeyVersion to use for signing.
digest Object

Required. The digest of the data to sign. The digest must be produced with the same digest algorithm as specified by the key version's algorithm.

This object should have the same structure as Digest
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing AsymmetricSignResponse.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedName = client.cryptoKeyVersionPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]');
const digest = {};
const request = {
  name: formattedName,
  digest: digest,
};
client.asymmetricSign(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

createCryptoKey(request, optionsopt, callbackopt) → {Promise}

Create a new CryptoKey within a KeyRing.

CryptoKey.purpose and CryptoKey.version_template.algorithm are required.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The name of the KeyRing associated with the CryptoKeys.
cryptoKeyId string

Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}
cryptoKey Object

Required. A CryptoKey with initial field values.

This object should have the same structure as CryptoKey
skipInitialVersionCreation boolean <optional>

If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKey.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedParent = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');
const cryptoKeyId = 'my-app-key';
const purpose = 'ENCRYPT_DECRYPT';
const seconds = 2147483647;
const nextRotationTime = {
  seconds: seconds,
};
const seconds2 = 604800;
const rotationPeriod = {
  seconds: seconds2,
};
const cryptoKey = {
  purpose: purpose,
  nextRotationTime: nextRotationTime,
  rotationPeriod: rotationPeriod,
};
const request = {
  parent: formattedParent,
  cryptoKeyId: cryptoKeyId,
  cryptoKey: cryptoKey,
};
client.createCryptoKey(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

createCryptoKeyVersion(request, optionsopt, callbackopt) → {Promise}

Create a new CryptoKeyVersion in a CryptoKey.

The server will assign the next sequential id. If unset, state will be set to ENABLED.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
parent string

Required. The name of the CryptoKey associated with the CryptoKeyVersions.
cryptoKeyVersion Object

Required. A CryptoKeyVersion with initial field values.

This object should have the same structure as CryptoKeyVersion
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKeyVersion.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedParent = client.cryptoKeyPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]');
const cryptoKeyVersion = {};
const request = {
  parent: formattedParent,
  cryptoKeyVersion: cryptoKeyVersion,
};
client.createCryptoKeyVersion(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

createImportJob(request, optionsopt, callbackopt) → {Promise}

Create a new ImportJob within a KeyRing.

ImportJob.import_method is required.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
parent string

Required. The name of the KeyRing associated with the ImportJobs.
importJobId string

Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}
importJob Object

Required. An ImportJob with initial field values.

This object should have the same structure as ImportJob
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing ImportJob.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedParent = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');
const importJobId = 'my-import-job';
const importMethod = 'RSA_OAEP_3072_SHA1_AES_256';
const protectionLevel = 'HSM';
const importJob = {
  importMethod: importMethod,
  protectionLevel: protectionLevel,
};
const request = {
  parent: formattedParent,
  importJobId: importJobId,
  importJob: importJob,
};
client.createImportJob(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

createKeyRing(request, optionsopt, callbackopt) → {Promise}

Create a new KeyRing in a given Project and Location.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
parent string

Required. The resource name of the location associated with the KeyRings, in the format projects/* /locations/*.
keyRingId string

Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
keyRing Object

Required. A KeyRing with initial field values.

This object should have the same structure as KeyRing
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing KeyRing.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedParent = client.locationPath('[PROJECT]', '[LOCATION]');
const keyRingId = '';
const keyRing = {};
const request = {
  parent: formattedParent,
  keyRingId: keyRingId,
  keyRing: keyRing,
};
client.createKeyRing(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

cryptoKeyPath(project, location, keyRing, cryptoKey) → {String}

Return a fully-qualified crypto_key resource name string.

Parameters:
Name Type Description
project String
location String
keyRing String
cryptoKey String
Source:

cryptoKeyPathPath(project, location, keyRing, cryptoKeyPath) → {String}

Return a fully-qualified crypto_key_path resource name string.

Parameters:
Name Type Description
project String
location String
keyRing String
cryptoKeyPath String
Source:

cryptoKeyVersionPath(project, location, keyRing, cryptoKey, cryptoKeyVersion) → {String}

Return a fully-qualified crypto_key_version resource name string.

Parameters:
Name Type Description
project String
location String
keyRing String
cryptoKey String
cryptoKeyVersion String
Source:

decrypt(request, optionsopt, callbackopt) → {Promise}

Decrypts data that was protected by Encrypt. The CryptoKey.purpose must be ENCRYPT_DECRYPT.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
name string

Required. The resource name of the CryptoKey to use for decryption. The server will choose the appropriate version.
ciphertext Buffer

Required. The encrypted data originally returned in EncryptResponse.ciphertext.
additionalAuthenticatedData Buffer <optional>

Optional. Optional data that must match the data originally supplied in EncryptRequest.additional_authenticated_data.
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing DecryptResponse.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedName = client.cryptoKeyPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]');
const ciphertext = Buffer.from('');
const request = {
  name: formattedName,
  ciphertext: ciphertext,
};
client.decrypt(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

destroyCryptoKeyVersion(request, optionsopt, callbackopt) → {Promise}

Schedule a CryptoKeyVersion for destruction.

Upon calling this method, CryptoKeyVersion.state will be set to DESTROY_SCHEDULED and destroy_time will be set to a time 24 hours in the future, at which point the state will be changed to DESTROYED, and the key material will be irrevocably destroyed.

Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to reverse the process.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The resource name of the CryptoKeyVersion to destroy.
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKeyVersion.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedName = client.cryptoKeyVersionPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]');
client.destroyCryptoKeyVersion({name: formattedName})
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

encrypt(request, optionsopt, callbackopt) → {Promise}

Encrypts data, so that it can only be recovered by a call to Decrypt. The CryptoKey.purpose must be ENCRYPT_DECRYPT.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
name string

Required. The resource name of the CryptoKey or CryptoKeyVersion to use for encryption.

If a CryptoKey is specified, the server will use its primary version.
plaintext Buffer

Required. The data to encrypt. Must be no larger than 64KiB.

The maximum size depends on the key version's protection_level. For SOFTWARE keys, the plaintext must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.
additionalAuthenticatedData Buffer <optional>

Optional. Optional data that, if specified, must also be provided during decryption through DecryptRequest.additional_authenticated_data.

The maximum size depends on the key version's protection_level. For SOFTWARE keys, the AAD must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing EncryptResponse.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedName = client.cryptoKeyPathPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY_PATH]');
const plaintext = Buffer.from('');
const request = {
  name: formattedName,
  plaintext: plaintext,
};
client.encrypt(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

getCryptoKey(request, optionsopt, callbackopt) → {Promise}

Returns metadata for a given CryptoKey, as well as its primary CryptoKeyVersion.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The name of the CryptoKey to get.
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKey.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedName = client.cryptoKeyPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]');
client.getCryptoKey({name: formattedName})
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

getCryptoKeyVersion(request, optionsopt, callbackopt) → {Promise}

Returns metadata for a given CryptoKeyVersion.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The name of the CryptoKeyVersion to get.
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKeyVersion.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedName = client.cryptoKeyVersionPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]');
client.getCryptoKeyVersion({name: formattedName})
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

getIamPolicy(request, optionsopt, callbackopt) → {Promise}

Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
resource string

REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.
options Object <optional>

OPTIONAL: A GetPolicyOptions object for specifying options to GetIamPolicy. This field is only used by Cloud IAM.

This object should have the same structure as GetPolicyOptions
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing Policy.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedResource = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');
client.getIamPolicy({resource: formattedResource})
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

getImportJob(request, optionsopt, callbackopt) → {Promise}

Returns metadata for a given ImportJob.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The name of the ImportJob to get.
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing ImportJob.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedName = client.importJobPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[IMPORT_JOB]');
client.getImportJob({name: formattedName})
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

getKeyRing(request, optionsopt, callbackopt) → {Promise}

Returns metadata for a given KeyRing.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The name of the KeyRing to get.
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing KeyRing.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedName = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');
client.getKeyRing({name: formattedName})
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

getProjectId(callback)

Return the project ID used by this class.

Parameters:
Name Type Description
callback function

the callback to be called with the current project Id.
Source:

getPublicKey(request, optionsopt, callbackopt) → {Promise}

Returns the public key for the given CryptoKeyVersion. The CryptoKey.purpose must be ASYMMETRIC_SIGN or ASYMMETRIC_DECRYPT.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The name of the CryptoKeyVersion public key to get.
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing PublicKey.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedName = client.cryptoKeyVersionPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]');
client.getPublicKey({name: formattedName})
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

importCryptoKeyVersion(request, optionsopt, callbackopt) → {Promise}

Imports a new CryptoKeyVersion into an existing CryptoKey using the wrapped key material provided in the request.

The version ID will be assigned the next sequential id within the CryptoKey.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The name of the CryptoKey to be imported into.
algorithm number

Required. The algorithm of the key being imported. This does not need to match the version_template of the CryptoKey this version imports into.

The number should be among the values of CryptoKeyVersionAlgorithm
importJob string

Required. The name of the ImportJob that was used to wrap this key material.
rsaAesWrappedKey Buffer <optional>

Wrapped key material produced with RSA_OAEP_3072_SHA1_AES_256 or RSA_OAEP_4096_SHA1_AES_256.

This field contains the concatenation of two wrapped keys:

  1. An ephemeral AES-256 wrapping key wrapped with the public_key using RSAES-OAEP with SHA-1, MGF1 with SHA-1, and an empty label.
  2. The key to be imported, wrapped with the ephemeral AES-256 key using AES-KWP (RFC 5649).

If importing symmetric key material, it is expected that the unwrapped key contains plain bytes. If importing asymmetric key material, it is expected that the unwrapped key is in PKCS#8-encoded DER format (the PrivateKeyInfo structure from RFC 5208).

This format is the same as the format produced by PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP.
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKeyVersion.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedParent = client.cryptoKeyPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]');
const algorithm = 'CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED';
const importJob = '';
const request = {
  parent: formattedParent,
  algorithm: algorithm,
  importJob: importJob,
};
client.importCryptoKeyVersion(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

importJobPath(project, location, keyRing, importJob) → {String}

Return a fully-qualified import_job resource name string.

Parameters:
Name Type Description
project String
location String
keyRing String
importJob String
Source:

keyRingPath(project, location, keyRing) → {String}

Return a fully-qualified key_ring resource name string.

Parameters:
Name Type Description
project String
location String
keyRing String
Source:

listCryptoKeys(request, optionsopt, callbackopt) → {Promise}

Lists CryptoKeys.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The resource name of the KeyRing to list, in the format projects/* /locations/* /keyRings/*.
pageSize number <optional>

The maximum number of resources contained in the underlying API response. If page streaming is performed per-resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.
versionView number <optional>

The fields of the primary version to include in the response.

The number should be among the values of CryptoKeyVersionView
filter string <optional>

Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.
orderBy string <optional>

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is Array of CryptoKey.

When autoPaginate: false is specified through options, it contains the result in a single response. If the response indicates the next page exists, the third parameter is set to be used for the next request object. The fourth parameter keeps the raw response object of an object representing ListCryptoKeysResponse.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

// Iterate over all elements.
const formattedParent = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');

client.listCryptoKeys({parent: formattedParent})
  .then(responses => {
    const resources = responses[0];
    for (const resource of resources) {
      // doThingsWith(resource)
    }
  })
  .catch(err => {
    console.error(err);
  });

// Or obtain the paged response.
const formattedParent = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');


const options = {autoPaginate: false};
const callback = responses => {
  // The actual resources in a response.
  const resources = responses[0];
  // The next request if the response shows that there are more responses.
  const nextRequest = responses[1];
  // The actual response object, if necessary.
  // const rawResponse = responses[2];
  for (const resource of resources) {
    // doThingsWith(resource);
  }
  if (nextRequest) {
    // Fetch the next page.
    return client.listCryptoKeys(nextRequest, options).then(callback);
  }
}
client.listCryptoKeys({parent: formattedParent}, options)
  .then(callback)
  .catch(err => {
    console.error(err);
  });

listCryptoKeysStream(request, optionsopt) → {Stream}

Equivalent to listCryptoKeys, but returns a NodeJS Stream object.

This fetches the paged responses for listCryptoKeys continuously and invokes the callback registered for 'data' event for each element in the responses.

The returned object has 'end' method when no more elements are required.

autoPaginate option will be ignored.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The resource name of the KeyRing to list, in the format projects/* /locations/* /keyRings/*.
pageSize number <optional>

The maximum number of resources contained in the underlying API response. If page streaming is performed per-resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.
versionView number <optional>

The fields of the primary version to include in the response.

The number should be among the values of CryptoKeyVersionView
filter string <optional>

Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.
orderBy string <optional>

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
Source:
See:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedParent = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');
client.listCryptoKeysStream({parent: formattedParent})
  .on('data', element => {
    // doThingsWith(element)
  }).on('error', err => {
    console.log(err);
  });

listCryptoKeyVersions(request, optionsopt, callbackopt) → {Promise}

Lists CryptoKeyVersions.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The resource name of the CryptoKey to list, in the format projects/* /locations/* /keyRings/* /cryptoKeys/*.
pageSize number <optional>

The maximum number of resources contained in the underlying API response. If page streaming is performed per-resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.
view number <optional>

The fields to include in the response.

The number should be among the values of CryptoKeyVersionView
filter string <optional>

Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.
orderBy string <optional>

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is Array of CryptoKeyVersion.

When autoPaginate: false is specified through options, it contains the result in a single response. If the response indicates the next page exists, the third parameter is set to be used for the next request object. The fourth parameter keeps the raw response object of an object representing ListCryptoKeyVersionsResponse.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

// Iterate over all elements.
const formattedParent = client.cryptoKeyPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]');

client.listCryptoKeyVersions({parent: formattedParent})
  .then(responses => {
    const resources = responses[0];
    for (const resource of resources) {
      // doThingsWith(resource)
    }
  })
  .catch(err => {
    console.error(err);
  });

// Or obtain the paged response.
const formattedParent = client.cryptoKeyPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]');


const options = {autoPaginate: false};
const callback = responses => {
  // The actual resources in a response.
  const resources = responses[0];
  // The next request if the response shows that there are more responses.
  const nextRequest = responses[1];
  // The actual response object, if necessary.
  // const rawResponse = responses[2];
  for (const resource of resources) {
    // doThingsWith(resource);
  }
  if (nextRequest) {
    // Fetch the next page.
    return client.listCryptoKeyVersions(nextRequest, options).then(callback);
  }
}
client.listCryptoKeyVersions({parent: formattedParent}, options)
  .then(callback)
  .catch(err => {
    console.error(err);
  });

listCryptoKeyVersionsStream(request, optionsopt) → {Stream}

Equivalent to listCryptoKeyVersions, but returns a NodeJS Stream object.

This fetches the paged responses for listCryptoKeyVersions continuously and invokes the callback registered for 'data' event for each element in the responses.

The returned object has 'end' method when no more elements are required.

autoPaginate option will be ignored.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The resource name of the CryptoKey to list, in the format projects/* /locations/* /keyRings/* /cryptoKeys/*.
pageSize number <optional>

The maximum number of resources contained in the underlying API response. If page streaming is performed per-resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.
view number <optional>

The fields to include in the response.

The number should be among the values of CryptoKeyVersionView
filter string <optional>

Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.
orderBy string <optional>

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
Source:
See:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedParent = client.cryptoKeyPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]');
client.listCryptoKeyVersionsStream({parent: formattedParent})
  .on('data', element => {
    // doThingsWith(element)
  }).on('error', err => {
    console.log(err);
  });

listImportJobs(request, optionsopt, callbackopt) → {Promise}

Lists ImportJobs.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The resource name of the KeyRing to list, in the format projects/* /locations/* /keyRings/*.
pageSize number <optional>

The maximum number of resources contained in the underlying API response. If page streaming is performed per-resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.
filter string <optional>

Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.
orderBy string <optional>

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is Array of ImportJob.

When autoPaginate: false is specified through options, it contains the result in a single response. If the response indicates the next page exists, the third parameter is set to be used for the next request object. The fourth parameter keeps the raw response object of an object representing ListImportJobsResponse.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

// Iterate over all elements.
const formattedParent = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');

client.listImportJobs({parent: formattedParent})
  .then(responses => {
    const resources = responses[0];
    for (const resource of resources) {
      // doThingsWith(resource)
    }
  })
  .catch(err => {
    console.error(err);
  });

// Or obtain the paged response.
const formattedParent = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');


const options = {autoPaginate: false};
const callback = responses => {
  // The actual resources in a response.
  const resources = responses[0];
  // The next request if the response shows that there are more responses.
  const nextRequest = responses[1];
  // The actual response object, if necessary.
  // const rawResponse = responses[2];
  for (const resource of resources) {
    // doThingsWith(resource);
  }
  if (nextRequest) {
    // Fetch the next page.
    return client.listImportJobs(nextRequest, options).then(callback);
  }
}
client.listImportJobs({parent: formattedParent}, options)
  .then(callback)
  .catch(err => {
    console.error(err);
  });

listImportJobsStream(request, optionsopt) → {Stream}

Equivalent to listImportJobs, but returns a NodeJS Stream object.

This fetches the paged responses for listImportJobs continuously and invokes the callback registered for 'data' event for each element in the responses.

The returned object has 'end' method when no more elements are required.

autoPaginate option will be ignored.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The resource name of the KeyRing to list, in the format projects/* /locations/* /keyRings/*.
pageSize number <optional>

The maximum number of resources contained in the underlying API response. If page streaming is performed per-resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.
filter string <optional>

Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.
orderBy string <optional>

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
Source:
See:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedParent = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');
client.listImportJobsStream({parent: formattedParent})
  .on('data', element => {
    // doThingsWith(element)
  }).on('error', err => {
    console.log(err);
  });

listKeyRings(request, optionsopt, callbackopt) → {Promise}

Lists KeyRings.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The resource name of the location associated with the KeyRings, in the format projects/* /locations/*.
pageSize number <optional>

The maximum number of resources contained in the underlying API response. If page streaming is performed per-resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.
filter string <optional>

Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.
orderBy string <optional>

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is Array of KeyRing.

When autoPaginate: false is specified through options, it contains the result in a single response. If the response indicates the next page exists, the third parameter is set to be used for the next request object. The fourth parameter keeps the raw response object of an object representing ListKeyRingsResponse.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

// Iterate over all elements.
const formattedParent = client.locationPath('[PROJECT]', '[LOCATION]');

client.listKeyRings({parent: formattedParent})
  .then(responses => {
    const resources = responses[0];
    for (const resource of resources) {
      // doThingsWith(resource)
    }
  })
  .catch(err => {
    console.error(err);
  });

// Or obtain the paged response.
const formattedParent = client.locationPath('[PROJECT]', '[LOCATION]');


const options = {autoPaginate: false};
const callback = responses => {
  // The actual resources in a response.
  const resources = responses[0];
  // The next request if the response shows that there are more responses.
  const nextRequest = responses[1];
  // The actual response object, if necessary.
  // const rawResponse = responses[2];
  for (const resource of resources) {
    // doThingsWith(resource);
  }
  if (nextRequest) {
    // Fetch the next page.
    return client.listKeyRings(nextRequest, options).then(callback);
  }
}
client.listKeyRings({parent: formattedParent}, options)
  .then(callback)
  .catch(err => {
    console.error(err);
  });

listKeyRingsStream(request, optionsopt) → {Stream}

Equivalent to listKeyRings, but returns a NodeJS Stream object.

This fetches the paged responses for listKeyRings continuously and invokes the callback registered for 'data' event for each element in the responses.

The returned object has 'end' method when no more elements are required.

autoPaginate option will be ignored.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The resource name of the location associated with the KeyRings, in the format projects/* /locations/*.
pageSize number <optional>

The maximum number of resources contained in the underlying API response. If page streaming is performed per-resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.
filter string <optional>

Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.
orderBy string <optional>

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
Source:
See:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedParent = client.locationPath('[PROJECT]', '[LOCATION]');
client.listKeyRingsStream({parent: formattedParent})
  .on('data', element => {
    // doThingsWith(element)
  }).on('error', err => {
    console.log(err);
  });

locationPath(project, location) → {String}

Return a fully-qualified location resource name string.

Parameters:
Name Type Description
project String
location String
Source:

matchCryptoKeyFromCryptoKeyName(cryptoKeyName) → {String}

Parse the cryptoKeyName from a crypto_key resource.

Parameters:
Name Type Description
cryptoKeyName String

A fully-qualified path representing a crypto_key resources.
Source:

matchCryptoKeyFromCryptoKeyVersionName(cryptoKeyVersionName) → {String}

Parse the cryptoKeyVersionName from a crypto_key_version resource.

Parameters:
Name Type Description
cryptoKeyVersionName String

A fully-qualified path representing a crypto_key_version resources.
Source:

matchCryptoKeyPathFromCryptoKeyPathName(cryptoKeyPathName) → {String}

Parse the cryptoKeyPathName from a crypto_key_path resource.

Parameters:
Name Type Description
cryptoKeyPathName String

A fully-qualified path representing a crypto_key_path resources.
Source:

matchCryptoKeyVersionFromCryptoKeyVersionName(cryptoKeyVersionName) → {String}

Parse the cryptoKeyVersionName from a crypto_key_version resource.

Parameters:
Name Type Description
cryptoKeyVersionName String

A fully-qualified path representing a crypto_key_version resources.
Source:

matchImportJobFromImportJobName(importJobName) → {String}

Parse the importJobName from a import_job resource.

Parameters:
Name Type Description
importJobName String

A fully-qualified path representing a import_job resources.
Source:

matchKeyRingFromCryptoKeyName(cryptoKeyName) → {String}

Parse the cryptoKeyName from a crypto_key resource.

Parameters:
Name Type Description
cryptoKeyName String

A fully-qualified path representing a crypto_key resources.
Source:

matchKeyRingFromCryptoKeyPathName(cryptoKeyPathName) → {String}

Parse the cryptoKeyPathName from a crypto_key_path resource.

Parameters:
Name Type Description
cryptoKeyPathName String

A fully-qualified path representing a crypto_key_path resources.
Source:

matchKeyRingFromCryptoKeyVersionName(cryptoKeyVersionName) → {String}

Parse the cryptoKeyVersionName from a crypto_key_version resource.

Parameters:
Name Type Description
cryptoKeyVersionName String

A fully-qualified path representing a crypto_key_version resources.
Source:

matchKeyRingFromImportJobName(importJobName) → {String}

Parse the importJobName from a import_job resource.

Parameters:
Name Type Description
importJobName String

A fully-qualified path representing a import_job resources.
Source:

matchKeyRingFromKeyRingName(keyRingName) → {String}

Parse the keyRingName from a key_ring resource.

Parameters:
Name Type Description
keyRingName String

A fully-qualified path representing a key_ring resources.
Source:

matchLocationFromCryptoKeyName(cryptoKeyName) → {String}

Parse the cryptoKeyName from a crypto_key resource.

Parameters:
Name Type Description
cryptoKeyName String

A fully-qualified path representing a crypto_key resources.
Source:

matchLocationFromCryptoKeyPathName(cryptoKeyPathName) → {String}

Parse the cryptoKeyPathName from a crypto_key_path resource.

Parameters:
Name Type Description
cryptoKeyPathName String

A fully-qualified path representing a crypto_key_path resources.
Source:

matchLocationFromCryptoKeyVersionName(cryptoKeyVersionName) → {String}

Parse the cryptoKeyVersionName from a crypto_key_version resource.

Parameters:
Name Type Description
cryptoKeyVersionName String

A fully-qualified path representing a crypto_key_version resources.
Source:

matchLocationFromImportJobName(importJobName) → {String}

Parse the importJobName from a import_job resource.

Parameters:
Name Type Description
importJobName String

A fully-qualified path representing a import_job resources.
Source:

matchLocationFromKeyRingName(keyRingName) → {String}

Parse the keyRingName from a key_ring resource.

Parameters:
Name Type Description
keyRingName String

A fully-qualified path representing a key_ring resources.
Source:

matchLocationFromLocationName(locationName) → {String}

Parse the locationName from a location resource.

Parameters:
Name Type Description
locationName String

A fully-qualified path representing a location resources.
Source:

matchProjectFromCryptoKeyName(cryptoKeyName) → {String}

Parse the cryptoKeyName from a crypto_key resource.

Parameters:
Name Type Description
cryptoKeyName String

A fully-qualified path representing a crypto_key resources.
Source:

matchProjectFromCryptoKeyPathName(cryptoKeyPathName) → {String}

Parse the cryptoKeyPathName from a crypto_key_path resource.

Parameters:
Name Type Description
cryptoKeyPathName String

A fully-qualified path representing a crypto_key_path resources.
Source:

matchProjectFromCryptoKeyVersionName(cryptoKeyVersionName) → {String}

Parse the cryptoKeyVersionName from a crypto_key_version resource.

Parameters:
Name Type Description
cryptoKeyVersionName String

A fully-qualified path representing a crypto_key_version resources.
Source:

matchProjectFromImportJobName(importJobName) → {String}

Parse the importJobName from a import_job resource.

Parameters:
Name Type Description
importJobName String

A fully-qualified path representing a import_job resources.
Source:

matchProjectFromKeyRingName(keyRingName) → {String}

Parse the keyRingName from a key_ring resource.

Parameters:
Name Type Description
keyRingName String

A fully-qualified path representing a key_ring resources.
Source:

matchProjectFromLocationName(locationName) → {String}

Parse the locationName from a location resource.

Parameters:
Name Type Description
locationName String

A fully-qualified path representing a location resources.
Source:

restoreCryptoKeyVersion(request, optionsopt, callbackopt) → {Promise}

Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state.

Upon restoration of the CryptoKeyVersion, state will be set to DISABLED, and destroy_time will be cleared.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The resource name of the CryptoKeyVersion to restore.
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKeyVersion.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedName = client.cryptoKeyVersionPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]');
client.restoreCryptoKeyVersion({name: formattedName})
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

setIamPolicy(request, optionsopt, callbackopt) → {Promise}

Sets the access control policy on the specified resource. Replaces any existing policy.

Can return Public Errors: NOT_FOUND, INVALID_ARGUMENT and PERMISSION_DENIED

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
resource string

REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.
policy Object

REQUIRED: The complete policy to be applied to the resource. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.

This object should have the same structure as Policy
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing Policy.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedResource = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');
const policy = {};
const request = {
  resource: formattedResource,
  policy: policy,
};
client.setIamPolicy(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

testIamPermissions(request, optionsopt, callbackopt) → {Promise}

Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error.

Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
resource string

REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.
permissions Array.<string>

The set of permissions to check for the resource. Permissions with wildcards (such as '' or 'storage.') are not allowed. For more information see IAM Overview.
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing TestIamPermissionsResponse.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedResource = client.keyRingPath('[PROJECT]', '[LOCATION]', '[KEY_RING]');
const permissions = [];
const request = {
  resource: formattedResource,
  permissions: permissions,
};
client.testIamPermissions(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

updateCryptoKey(request, optionsopt, callbackopt) → {Promise}

Update a CryptoKey.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
cryptoKey Object

Required. CryptoKey with updated values.

This object should have the same structure as CryptoKey
updateMask Object

Required. List of fields to be updated in this request.

This object should have the same structure as FieldMask
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKey.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const cryptoKey = {};
const updateMask = {};
const request = {
  cryptoKey: cryptoKey,
  updateMask: updateMask,
};
client.updateCryptoKey(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

updateCryptoKeyPrimaryVersion(request, optionsopt, callbackopt) → {Promise}

Update the version of a CryptoKey that will be used in Encrypt.

Returns an error if called on an asymmetric key.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The resource name of the CryptoKey to update.
cryptoKeyVersionId string

Required. The id of the child CryptoKeyVersion to use as primary.
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKey.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const formattedName = client.cryptoKeyPath('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]');
const cryptoKeyVersionId = '';
const request = {
  name: formattedName,
  cryptoKeyVersionId: cryptoKeyVersionId,
};
client.updateCryptoKeyPrimaryVersion(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });

updateCryptoKeyVersion(request, optionsopt, callbackopt) → {Promise}

Update a CryptoKeyVersion's metadata.

state may be changed between ENABLED and DISABLED using this method. See DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to move between other states.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
cryptoKeyVersion Object

Required. CryptoKeyVersion with updated values.

This object should have the same structure as CryptoKeyVersion
updateMask Object

Required. List of fields to be updated in this request.

This object should have the same structure as FieldMask
options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.
callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing CryptoKeyVersion.
Source:
Example
const kms = require('@google-cloud/kms');

const client = new kms.v1.KeyManagementServiceClient({
  // optional auth parameters.
});

const cryptoKeyVersion = {};
const updateMask = {};
const request = {
  cryptoKeyVersion: cryptoKeyVersion,
  updateMask: updateMask,
};
client.updateCryptoKeyVersion(request)
  .then(responses => {
    const response = responses[0];
    // doThingsWith(response)
  })
  .catch(err => {
    console.error(err);
  });