KeyManagementServiceClient

Constructor

new KeyManagementServiceClient(optionsopt)

Construct an instance of KeyManagementServiceClient.

Parameters:

Name Type Attributes Description

options

object

The configuration object. The options accepted by the constructor are described in detail in this document. The common options are:

Properties

Name Type Attributes Description

credentials

object

Credentials object.

Properties

Name	Type	Attributes	Description
`client_email`	string	<optional>
`private_key`	string	<optional>

email

string

Account email address. Required when using a .pem or .p12 keyFilename.

keyFilename

string

Full path to the a .json, .pem, or .p12 key downloaded from the Google Developers Console. If you provide a path to a JSON file, the projectId option below is not necessary. NOTE: .pem and .p12 require you to specify options.email as well.

port

number

The port on which to connect to the remote host.

projectId

string

The project ID from the Google Developer's Console, e.g. 'grape-spaceship-123'. We will also check the environment variable GCLOUD_PROJECT for your project ID. If your app is running in an environment which supports Application Default Credentials, your project ID will be detected automatically.

apiEndpoint

string

The domain name of the API remote host.

clientConfig

gax.ClientConfig

Client configuration override. Follows the structure of gapicConfig.

fallback

boolean

Use HTTP fallback mode. In fallback mode, a special browser-compatible transport implementation is used instead of gRPC transport. In browser context (if the window object is defined) the fallback mode is enabled automatically; set options.fallback to false if you need to override this behavior.

Members

apiEndpoint

The DNS address for this API service - same as servicePath(), exists for compatibility reasons.

port

The port for this API service.

scopes

The scopes needed to make gRPC calls for every method defined in this service.

servicePath

The DNS address for this API service.

Methods

asymmetricDecrypt(request, optionsopt) → {Promise}

Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Attributes	Description
`name`	string		Required. The resource name of the CryptoKeyVersion to use for decryption.
`ciphertext`	Buffer		Required. The data encrypted with the named CryptoKeyVersion's public key using OAEP.
`ciphertextCrc32c`	google.protobuf.Int64Value	<optional>	Optional. An optional CRC32C checksum of the AsymmetricDecryptRequest.ciphertext. If specified, KeyManagementService will verify the integrity of the received AsymmetricDecryptRequest.ciphertext using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(AsymmetricDecryptRequest.ciphertext) is equal to AsymmetricDecryptRequest.ciphertext_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing AsymmetricDecryptResponse. Please see the documentation for more details and examples.

Example

const [response] = await client.asymmetricDecrypt(request);

asymmetricSign(request, optionsopt) → {Promise}

Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Attributes	Description
`name`	string		Required. The resource name of the CryptoKeyVersion to use for signing.
`digest`	google.cloud.kms.v1.Digest		Required. The digest of the data to sign. The digest must be produced with the same digest algorithm as specified by the key version's algorithm.
`digestCrc32c`	google.protobuf.Int64Value	<optional>	Optional. An optional CRC32C checksum of the AsymmetricSignRequest.digest. If specified, KeyManagementService will verify the integrity of the received AsymmetricSignRequest.digest using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(AsymmetricSignRequest.digest) is equal to AsymmetricSignRequest.digest_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing AsymmetricSignResponse. Please see the documentation for more details and examples.

Example

const [response] = await client.asymmetricSign(request);

close() → {Promise}

Terminate the gRPC channel and close the client.

The client will no longer be usable and all future behavior is undefined.

Returns:

Type	Description
Promise	A promise that resolves when the client is closed.

createCryptoKey(request, optionsopt) → {Promise}

Create a new CryptoKey within a KeyRing.

CryptoKey.purpose and CryptoKey.version_template.algorithm are required.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`parent`	string	Required. The name of the KeyRing associated with the CryptoKeys.
`cryptoKeyId`	string	Required. It must be unique within a KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}`
`cryptoKey`	google.cloud.kms.v1.CryptoKey	Required. A CryptoKey with initial field values.
`skipInitialVersionCreation`	boolean	If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing CryptoKey. Please see the documentation for more details and examples.

Example

const [response] = await client.createCryptoKey(request);

createCryptoKeyVersion(request, optionsopt) → {Promise}

Create a new CryptoKeyVersion in a CryptoKey.

The server will assign the next sequential id. If unset, state will be set to ENABLED.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`parent`	string	Required. The name of the CryptoKey associated with the CryptoKeyVersions.
`cryptoKeyVersion`	google.cloud.kms.v1.CryptoKeyVersion	Required. A CryptoKeyVersion with initial field values.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing CryptoKeyVersion. Please see the documentation for more details and examples.

Example

const [response] = await client.createCryptoKeyVersion(request);

createImportJob(request, optionsopt) → {Promise}

Create a new ImportJob within a KeyRing.

ImportJob.import_method is required.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`parent`	string	Required. The name of the KeyRing associated with the ImportJobs.
`importJobId`	string	Required. It must be unique within a KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}`
`importJob`	google.cloud.kms.v1.ImportJob	Required. An ImportJob with initial field values.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing ImportJob. Please see the documentation for more details and examples.

Example

const [response] = await client.createImportJob(request);

createKeyRing(request, optionsopt) → {Promise}

Create a new KeyRing in a given Project and Location.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`parent`	string	Required. The resource name of the location associated with the KeyRings, in the format `projects/* /locations/*`.
`keyRingId`	string	Required. It must be unique within a location and match the regular expression `[a-zA-Z0-9_-]{1,63}`
`keyRing`	google.cloud.kms.v1.KeyRing	Required. A KeyRing with initial field values.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing KeyRing. Please see the documentation for more details and examples.

Example

const [response] = await client.createKeyRing(request);

cryptoKeyPath(project, location, key_ring, crypto_key) → {string}

Return a fully-qualified cryptoKey resource name string.

Parameters:

Name	Type	Description
`project`	string
`location`	string
`key_ring`	string
`crypto_key`	string

Returns:

Type	Description
string	Resource name string.

cryptoKeyVersionPath(project, location, key_ring, crypto_key, crypto_key_version) → {string}

Return a fully-qualified cryptoKeyVersion resource name string.

Parameters:

Name	Type	Description
`project`	string
`location`	string
`key_ring`	string
`crypto_key`	string
`crypto_key_version`	string

Returns:

Type	Description
string	Resource name string.

decrypt(request, optionsopt) → {Promise}

Decrypts data that was protected by Encrypt. The CryptoKey.purpose must be ENCRYPT_DECRYPT.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Attributes	Description
`name`	string		Required. The resource name of the CryptoKey to use for decryption. The server will choose the appropriate version.
`ciphertext`	Buffer		Required. The encrypted data originally returned in EncryptResponse.ciphertext.
`additionalAuthenticatedData`	Buffer	<optional>	Optional. Optional data that must match the data originally supplied in EncryptRequest.additional_authenticated_data.
`ciphertextCrc32c`	google.protobuf.Int64Value	<optional>	Optional. An optional CRC32C checksum of the DecryptRequest.ciphertext. If specified, KeyManagementService will verify the integrity of the received DecryptRequest.ciphertext using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(DecryptRequest.ciphertext) is equal to DecryptRequest.ciphertext_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.
`additionalAuthenticatedDataCrc32c`	google.protobuf.Int64Value	<optional>	Optional. An optional CRC32C checksum of the DecryptRequest.additional_authenticated_data. If specified, KeyManagementService will verify the integrity of the received DecryptRequest.additional_authenticated_data using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(DecryptRequest.additional_authenticated_data) is equal to DecryptRequest.additional_authenticated_data_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing DecryptResponse. Please see the documentation for more details and examples.

Example

const [response] = await client.decrypt(request);

destroyCryptoKeyVersion(request, optionsopt) → {Promise}

Schedule a CryptoKeyVersion for destruction.

Upon calling this method, CryptoKeyVersion.state will be set to DESTROY_SCHEDULED and destroy_time will be set to a time 24 hours in the future, at which point the state will be changed to DESTROYED, and the key material will be irrevocably destroyed.

Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to reverse the process.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`name`	string	Required. The resource name of the CryptoKeyVersion to destroy.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing CryptoKeyVersion. Please see the documentation for more details and examples.

Example

const [response] = await client.destroyCryptoKeyVersion(request);

encrypt(request, optionsopt) → {Promise}

Encrypts data, so that it can only be recovered by a call to Decrypt. The CryptoKey.purpose must be ENCRYPT_DECRYPT.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Attributes	Description
`name`	string		Required. The resource name of the CryptoKey or CryptoKeyVersion to use for encryption. If a CryptoKey is specified, the server will use its primary version.
`plaintext`	Buffer		Required. The data to encrypt. Must be no larger than 64KiB. The maximum size depends on the key version's protection_level. For SOFTWARE keys, the plaintext must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.
`additionalAuthenticatedData`	Buffer	<optional>	Optional. Optional data that, if specified, must also be provided during decryption through DecryptRequest.additional_authenticated_data. The maximum size depends on the key version's protection_level. For SOFTWARE keys, the AAD must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.
`plaintextCrc32c`	google.protobuf.Int64Value	<optional>	Optional. An optional CRC32C checksum of the EncryptRequest.plaintext. If specified, KeyManagementService will verify the integrity of the received EncryptRequest.plaintext using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(EncryptRequest.plaintext) is equal to EncryptRequest.plaintext_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.
`additionalAuthenticatedDataCrc32c`	google.protobuf.Int64Value	<optional>	Optional. An optional CRC32C checksum of the EncryptRequest.additional_authenticated_data. If specified, KeyManagementService will verify the integrity of the received EncryptRequest.additional_authenticated_data using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(EncryptRequest.additional_authenticated_data) is equal to EncryptRequest.additional_authenticated_data_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing EncryptResponse. Please see the documentation for more details and examples.

Example

const [response] = await client.encrypt(request);

generateRandomBytes(request, optionsopt) → {Promise}

Generate random bytes using the Cloud KMS randomness source in the provided location.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`location`	string	The project-specific location in which to generate random bytes. For example, "projects/my-project/locations/us-central1".
`lengthBytes`	number	The length in bytes of the amount of randomness to retrieve. Minimum 8 bytes, maximum 1024 bytes.
`protectionLevel`	google.cloud.kms.v1.ProtectionLevel	The ProtectionLevel to use when generating the random data. Defaults to SOFTWARE.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing GenerateRandomBytesResponse. Please see the documentation for more details and examples.

Example

const [response] = await client.generateRandomBytes(request);

getCryptoKey(request, optionsopt) → {Promise}

Returns metadata for a given CryptoKey, as well as its primary CryptoKeyVersion.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`name`	string	Required. The name of the CryptoKey to get.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing CryptoKey. Please see the documentation for more details and examples.

Example

const [response] = await client.getCryptoKey(request);

getCryptoKeyVersion(request, optionsopt) → {Promise}

Returns metadata for a given CryptoKeyVersion.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`name`	string	Required. The name of the CryptoKeyVersion to get.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing CryptoKeyVersion. Please see the documentation for more details and examples.

Example

const [response] = await client.getCryptoKeyVersion(request);

getIamPolicy(request, optionsopt, callbackopt) → {Promise}

Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name Type Attributes Description

resource

string

REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.

options

Object

OPTIONAL: A GetPolicyOptions object for specifying options to GetIamPolicy. This field is only used by Cloud IAM.

This object should have the same structure as GetPolicyOptions

options

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

function

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing Policy.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing Policy. The promise has a method named "cancel" which cancels the ongoing API call.

getImportJob(request, optionsopt) → {Promise}

Returns metadata for a given ImportJob.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`name`	string	Required. The name of the ImportJob to get.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing ImportJob. Please see the documentation for more details and examples.

Example

const [response] = await client.getImportJob(request);

getKeyRing(request, optionsopt) → {Promise}

Returns metadata for a given KeyRing.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`name`	string	Required. The name of the KeyRing to get.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing KeyRing. Please see the documentation for more details and examples.

Example

const [response] = await client.getKeyRing(request);

getProjectId() → {Promise}

Return the project ID used by this class.

Returns:

Type	Description
Promise	A promise that resolves to string containing the project ID.

getPublicKey(request, optionsopt) → {Promise}

Returns the public key for the given CryptoKeyVersion. The CryptoKey.purpose must be ASYMMETRIC_SIGN or ASYMMETRIC_DECRYPT.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`name`	string	Required. The name of the CryptoKeyVersion public key to get.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing PublicKey. Please see the documentation for more details and examples.

Example

const [response] = await client.getPublicKey(request);

importCryptoKeyVersion(request, optionsopt) → {Promise}

Imports a new CryptoKeyVersion into an existing CryptoKey using the wrapped key material provided in the request.

The version ID will be assigned the next sequential id within the CryptoKey.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`parent`	string	Required. The name of the CryptoKey to be imported into.
`algorithm`	google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm	Required. The algorithm of the key being imported. This does not need to match the version_template of the CryptoKey this version imports into.
`importJob`	string	Required. The name of the ImportJob that was used to wrap this key material.
`rsaAesWrappedKey`	Buffer	Wrapped key material produced with RSA_OAEP_3072_SHA1_AES_256 or RSA_OAEP_4096_SHA1_AES_256. This field contains the concatenation of two wrapped keys: An ephemeral AES-256 wrapping key wrapped with the public_key using RSAES-OAEP with SHA-1, MGF1 with SHA-1, and an empty label. The key to be imported, wrapped with the ephemeral AES-256 key using AES-KWP (RFC 5649). If importing symmetric key material, it is expected that the unwrapped key contains plain bytes. If importing asymmetric key material, it is expected that the unwrapped key is in PKCS#8-encoded DER format (the PrivateKeyInfo structure from RFC 5208). This format is the same as the format produced by PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing CryptoKeyVersion. Please see the documentation for more details and examples.

Example

const [response] = await client.importCryptoKeyVersion(request);

importJobPath(project, location, key_ring, import_job) → {string}

Return a fully-qualified importJob resource name string.

Parameters:

Name	Type	Description
`project`	string
`location`	string
`key_ring`	string
`import_job`	string

Returns:

Type	Description
string	Resource name string.

initialize() → {Promise}

Initialize the client. Performs asynchronous operations (such as authentication) and prepares the client. This function will be called automatically when any class method is called for the first time, but if you need to initialize it before calling an actual method, feel free to call initialize() directly.

You can await on this method if you want to make sure the client is initialized.

Returns:

Type	Description
Promise	A promise that resolves to an authenticated service stub.

keyRingPath(project, location, key_ring) → {string}

Return a fully-qualified keyRing resource name string.

Parameters:

Name	Type	Description
`project`	string
`location`	string
`key_ring`	string

Returns:

Type	Description
string	Resource name string.

listCryptoKeys(request, optionsopt) → {Promise}

Lists CryptoKeys.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Attributes	Description
`parent`	string		Required. The resource name of the KeyRing to list, in the format `projects/* /locations/* /keyRings/*`.
`pageSize`	number	<optional>	Optional. Optional limit on the number of CryptoKeys to include in the response. Further CryptoKeys can subsequently be obtained by including the ListCryptoKeysResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.
`pageToken`	string	<optional>	Optional. Optional pagination token, returned earlier via ListCryptoKeysResponse.next_page_token.
`versionView`	google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionView		The fields of the primary version to include in the response.
`filter`	string	<optional>	Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.
`orderBy`	string	<optional>	Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

options

object

Call options. See CallOptions for more details.

Returns:

Type Description

Promise

The promise which resolves to an array. The first element of the array is Array of CryptoKey. The client library will perform auto-pagination by default: it will call the API as many times as needed and will merge results from all the pages into this array. Note that it can affect your quota. We recommend using listCryptoKeysAsync() method described below for async iteration which you can stop as needed. Please see the documentation for more details and examples.

listCryptoKeysAsync(request, optionsopt) → {Object}

Equivalent to listCryptoKeys, but returns an iterable object.

for-await-of syntax is used with the iterable to get response elements on-demand.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Attributes	Description
`parent`	string		Required. The resource name of the KeyRing to list, in the format `projects/* /locations/* /keyRings/*`.
`pageSize`	number	<optional>	Optional. Optional limit on the number of CryptoKeys to include in the response. Further CryptoKeys can subsequently be obtained by including the ListCryptoKeysResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.
`pageToken`	string	<optional>	Optional. Optional pagination token, returned earlier via ListCryptoKeysResponse.next_page_token.
`versionView`	google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionView		The fields of the primary version to include in the response.
`filter`	string	<optional>	Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.
`orderBy`	string	<optional>	Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Object	An iterable Object that allows async iteration. When you iterate the returned iterable, each element will be an object representing CryptoKey. The API will be called under the hood as needed, once per the page, so you can stop the iteration when you don't need more results. Please see the documentation for more details and examples.

Example

const iterable = client.listCryptoKeysAsync(request);
for await (const response of iterable) {
  // process response
}

listCryptoKeysStream(request, optionsopt) → {Stream}

Equivalent to method.name.toCamelCase(), but returns a NodeJS Stream object.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Attributes	Description
`parent`	string		Required. The resource name of the KeyRing to list, in the format `projects/* /locations/* /keyRings/*`.
`pageSize`	number	<optional>	Optional. Optional limit on the number of CryptoKeys to include in the response. Further CryptoKeys can subsequently be obtained by including the ListCryptoKeysResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.
`pageToken`	string	<optional>	Optional. Optional pagination token, returned earlier via ListCryptoKeysResponse.next_page_token.
`versionView`	google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionView		The fields of the primary version to include in the response.
`filter`	string	<optional>	Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.
`orderBy`	string	<optional>	Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Stream	An object stream which emits an object representing CryptoKey on 'data' event. The client library will perform auto-pagination by default: it will call the API as many times as needed. Note that it can affect your quota. We recommend using `listCryptoKeysAsync()` method described below for async iteration which you can stop as needed. Please see the documentation for more details and examples.

listCryptoKeyVersions(request, optionsopt) → {Promise}

Lists CryptoKeyVersions.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Attributes	Description
`parent`	string		Required. The resource name of the CryptoKey to list, in the format `projects/* /locations/* /keyRings/* /cryptoKeys/*`.
`pageSize`	number	<optional>	Optional. Optional limit on the number of CryptoKeyVersions to include in the response. Further CryptoKeyVersions can subsequently be obtained by including the ListCryptoKeyVersionsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.
`pageToken`	string	<optional>	Optional. Optional pagination token, returned earlier via ListCryptoKeyVersionsResponse.next_page_token.
`view`	google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionView		The fields to include in the response.
`filter`	string	<optional>	Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.
`orderBy`	string	<optional>	Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

options

object

Call options. See CallOptions for more details.

Returns:

Type Description

Promise

The promise which resolves to an array. The first element of the array is Array of CryptoKeyVersion. The client library will perform auto-pagination by default: it will call the API as many times as needed and will merge results from all the pages into this array. Note that it can affect your quota. We recommend using listCryptoKeyVersionsAsync() method described below for async iteration which you can stop as needed. Please see the documentation for more details and examples.

listCryptoKeyVersionsAsync(request, optionsopt) → {Object}

Equivalent to listCryptoKeyVersions, but returns an iterable object.

for-await-of syntax is used with the iterable to get response elements on-demand.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Attributes	Description
`parent`	string		Required. The resource name of the CryptoKey to list, in the format `projects/* /locations/* /keyRings/* /cryptoKeys/*`.
`pageSize`	number	<optional>	Optional. Optional limit on the number of CryptoKeyVersions to include in the response. Further CryptoKeyVersions can subsequently be obtained by including the ListCryptoKeyVersionsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.
`pageToken`	string	<optional>	Optional. Optional pagination token, returned earlier via ListCryptoKeyVersionsResponse.next_page_token.
`view`	google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionView		The fields to include in the response.
`filter`	string	<optional>	Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.
`orderBy`	string	<optional>	Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Object	An iterable Object that allows async iteration. When you iterate the returned iterable, each element will be an object representing CryptoKeyVersion. The API will be called under the hood as needed, once per the page, so you can stop the iteration when you don't need more results. Please see the documentation for more details and examples.

Example

const iterable = client.listCryptoKeyVersionsAsync(request);
for await (const response of iterable) {
  // process response
}

listCryptoKeyVersionsStream(request, optionsopt) → {Stream}

Equivalent to method.name.toCamelCase(), but returns a NodeJS Stream object.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Attributes	Description
`parent`	string		Required. The resource name of the CryptoKey to list, in the format `projects/* /locations/* /keyRings/* /cryptoKeys/*`.
`pageSize`	number	<optional>	Optional. Optional limit on the number of CryptoKeyVersions to include in the response. Further CryptoKeyVersions can subsequently be obtained by including the ListCryptoKeyVersionsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.
`pageToken`	string	<optional>	Optional. Optional pagination token, returned earlier via ListCryptoKeyVersionsResponse.next_page_token.
`view`	google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionView		The fields to include in the response.
`filter`	string	<optional>	Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.
`orderBy`	string	<optional>	Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

options

object

Call options. See CallOptions for more details.

Returns:

Type Description

Stream

An object stream which emits an object representing CryptoKeyVersion on 'data' event. The client library will perform auto-pagination by default: it will call the API as many times as needed. Note that it can affect your quota. We recommend using listCryptoKeyVersionsAsync() method described below for async iteration which you can stop as needed. Please see the documentation for more details and examples.

listImportJobs(request, optionsopt) → {Promise}

Lists ImportJobs.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Attributes	Description
`parent`	string		Required. The resource name of the KeyRing to list, in the format `projects/* /locations/* /keyRings/*`.
`pageSize`	number	<optional>	Optional. Optional limit on the number of ImportJobs to include in the response. Further ImportJobs can subsequently be obtained by including the ListImportJobsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.
`pageToken`	string	<optional>	Optional. Optional pagination token, returned earlier via ListImportJobsResponse.next_page_token.
`filter`	string	<optional>	Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.
`orderBy`	string	<optional>	Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

options

object

Call options. See CallOptions for more details.

Returns:

Type Description

Promise

The promise which resolves to an array. The first element of the array is Array of ImportJob. The client library will perform auto-pagination by default: it will call the API as many times as needed and will merge results from all the pages into this array. Note that it can affect your quota. We recommend using listImportJobsAsync() method described below for async iteration which you can stop as needed. Please see the documentation for more details and examples.

listImportJobsAsync(request, optionsopt) → {Object}

Equivalent to listImportJobs, but returns an iterable object.

for-await-of syntax is used with the iterable to get response elements on-demand.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Attributes	Description
`parent`	string		Required. The resource name of the KeyRing to list, in the format `projects/* /locations/* /keyRings/*`.
`pageSize`	number	<optional>	Optional. Optional limit on the number of ImportJobs to include in the response. Further ImportJobs can subsequently be obtained by including the ListImportJobsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.
`pageToken`	string	<optional>	Optional. Optional pagination token, returned earlier via ListImportJobsResponse.next_page_token.
`filter`	string	<optional>	Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.
`orderBy`	string	<optional>	Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Object	An iterable Object that allows async iteration. When you iterate the returned iterable, each element will be an object representing ImportJob. The API will be called under the hood as needed, once per the page, so you can stop the iteration when you don't need more results. Please see the documentation for more details and examples.

Example

const iterable = client.listImportJobsAsync(request);
for await (const response of iterable) {
  // process response
}

listImportJobsStream(request, optionsopt) → {Stream}

Equivalent to method.name.toCamelCase(), but returns a NodeJS Stream object.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Attributes	Description
`parent`	string		Required. The resource name of the KeyRing to list, in the format `projects/* /locations/* /keyRings/*`.
`pageSize`	number	<optional>	Optional. Optional limit on the number of ImportJobs to include in the response. Further ImportJobs can subsequently be obtained by including the ListImportJobsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.
`pageToken`	string	<optional>	Optional. Optional pagination token, returned earlier via ListImportJobsResponse.next_page_token.
`filter`	string	<optional>	Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.
`orderBy`	string	<optional>	Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Stream	An object stream which emits an object representing ImportJob on 'data' event. The client library will perform auto-pagination by default: it will call the API as many times as needed. Note that it can affect your quota. We recommend using `listImportJobsAsync()` method described below for async iteration which you can stop as needed. Please see the documentation for more details and examples.

listKeyRings(request, optionsopt) → {Promise}

Lists KeyRings.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Attributes	Description
`parent`	string		Required. The resource name of the location associated with the KeyRings, in the format `projects/* /locations/*`.
`pageSize`	number	<optional>	Optional. Optional limit on the number of KeyRings to include in the response. Further KeyRings can subsequently be obtained by including the ListKeyRingsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.
`pageToken`	string	<optional>	Optional. Optional pagination token, returned earlier via ListKeyRingsResponse.next_page_token.
`filter`	string	<optional>	Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.
`orderBy`	string	<optional>	Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

options

object

Call options. See CallOptions for more details.

Returns:

Type Description

Promise

The promise which resolves to an array. The first element of the array is Array of KeyRing. The client library will perform auto-pagination by default: it will call the API as many times as needed and will merge results from all the pages into this array. Note that it can affect your quota. We recommend using listKeyRingsAsync() method described below for async iteration which you can stop as needed. Please see the documentation for more details and examples.

listKeyRingsAsync(request, optionsopt) → {Object}

Equivalent to listKeyRings, but returns an iterable object.

for-await-of syntax is used with the iterable to get response elements on-demand.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Attributes	Description
`parent`	string		Required. The resource name of the location associated with the KeyRings, in the format `projects/* /locations/*`.
`pageSize`	number	<optional>	Optional. Optional limit on the number of KeyRings to include in the response. Further KeyRings can subsequently be obtained by including the ListKeyRingsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.
`pageToken`	string	<optional>	Optional. Optional pagination token, returned earlier via ListKeyRingsResponse.next_page_token.
`filter`	string	<optional>	Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.
`orderBy`	string	<optional>	Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Object	An iterable Object that allows async iteration. When you iterate the returned iterable, each element will be an object representing KeyRing. The API will be called under the hood as needed, once per the page, so you can stop the iteration when you don't need more results. Please see the documentation for more details and examples.

Example

const iterable = client.listKeyRingsAsync(request);
for await (const response of iterable) {
  // process response
}

listKeyRingsStream(request, optionsopt) → {Stream}

Equivalent to method.name.toCamelCase(), but returns a NodeJS Stream object.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Attributes	Description
`parent`	string		Required. The resource name of the location associated with the KeyRings, in the format `projects/* /locations/*`.
`pageSize`	number	<optional>	Optional. Optional limit on the number of KeyRings to include in the response. Further KeyRings can subsequently be obtained by including the ListKeyRingsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.
`pageToken`	string	<optional>	Optional. Optional pagination token, returned earlier via ListKeyRingsResponse.next_page_token.
`filter`	string	<optional>	Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.
`orderBy`	string	<optional>	Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Stream	An object stream which emits an object representing KeyRing on 'data' event. The client library will perform auto-pagination by default: it will call the API as many times as needed. Note that it can affect your quota. We recommend using `listKeyRingsAsync()` method described below for async iteration which you can stop as needed. Please see the documentation for more details and examples.

locationPath(project, location) → {string}

Return a fully-qualified location resource name string.

Parameters:

Name	Type	Description
`project`	string
`location`	string

Returns:

Type	Description
string	Resource name string.

macSign(request, optionsopt) → {Promise}

Signs data using a CryptoKeyVersion with CryptoKey.purpose MAC, producing a tag that can be verified by another source with the same key.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Attributes	Description
`name`	string		Required. The resource name of the CryptoKeyVersion to use for signing.
`data`	Buffer		Required. The data to sign. The MAC tag is computed over this data field based on the specific algorithm.
`dataCrc32c`	google.protobuf.Int64Value	<optional>	Optional. An optional CRC32C checksum of the MacSignRequest.data. If specified, KeyManagementService will verify the integrity of the received MacSignRequest.data using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(MacSignRequest.data) is equal to MacSignRequest.data_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing MacSignResponse. Please see the documentation for more details and examples.

Example

const [response] = await client.macSign(request);

macVerify(request, optionsopt) → {Promise}

Verifies MAC tag using a CryptoKeyVersion with CryptoKey.purpose MAC, and returns a response that indicates whether or not the verification was successful.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Attributes	Description
`name`	string		Required. The resource name of the CryptoKeyVersion to use for verification.
`data`	Buffer		Required. The data used previously as a MacSignRequest.data to generate the MAC tag.
`dataCrc32c`	google.protobuf.Int64Value	<optional>	Optional. An optional CRC32C checksum of the MacVerifyRequest.data. If specified, KeyManagementService will verify the integrity of the received MacVerifyRequest.data using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(MacVerifyRequest.data) is equal to MacVerifyRequest.data_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.
`mac`	Buffer		Required. The signature to verify.
`macCrc32c`	google.protobuf.Int64Value	<optional>	Optional. An optional CRC32C checksum of the MacVerifyRequest.mac. If specified, KeyManagementService will verify the integrity of the received MacVerifyRequest.mac using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(MacVerifyRequest.tag) is equal to MacVerifyRequest.mac_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing MacVerifyResponse. Please see the documentation for more details and examples.

Example

const [response] = await client.macVerify(request);

matchCryptoKeyFromCryptoKeyName(cryptoKeyName) → {string}

Parse the crypto_key from CryptoKey resource.

Parameters:

Name	Type	Description
`cryptoKeyName`	string	A fully-qualified path representing CryptoKey resource.

Returns:

Type	Description
string	A string representing the crypto_key.

matchCryptoKeyFromCryptoKeyVersionName(cryptoKeyVersionName) → {string}

Parse the crypto_key from CryptoKeyVersion resource.

Parameters:

Name	Type	Description
`cryptoKeyVersionName`	string	A fully-qualified path representing CryptoKeyVersion resource.

Returns:

Type	Description
string	A string representing the crypto_key.

matchCryptoKeyFromPublicKeyName(publicKeyName) → {string}

Parse the crypto_key from PublicKey resource.

Parameters:

Name	Type	Description
`publicKeyName`	string	A fully-qualified path representing PublicKey resource.

Returns:

Type	Description
string	A string representing the crypto_key.

matchCryptoKeyVersionFromCryptoKeyVersionName(cryptoKeyVersionName) → {string}

Parse the crypto_key_version from CryptoKeyVersion resource.

Parameters:

Name	Type	Description
`cryptoKeyVersionName`	string	A fully-qualified path representing CryptoKeyVersion resource.

Returns:

Type	Description
string	A string representing the crypto_key_version.

matchCryptoKeyVersionFromPublicKeyName(publicKeyName) → {string}

Parse the crypto_key_version from PublicKey resource.

Parameters:

Name	Type	Description
`publicKeyName`	string	A fully-qualified path representing PublicKey resource.

Returns:

Type	Description
string	A string representing the crypto_key_version.

matchImportJobFromImportJobName(importJobName) → {string}

Parse the import_job from ImportJob resource.

Parameters:

Name	Type	Description
`importJobName`	string	A fully-qualified path representing ImportJob resource.

Returns:

Type	Description
string	A string representing the import_job.

matchKeyRingFromCryptoKeyName(cryptoKeyName) → {string}

Parse the key_ring from CryptoKey resource.

Parameters:

Name	Type	Description
`cryptoKeyName`	string	A fully-qualified path representing CryptoKey resource.

Returns:

Type	Description
string	A string representing the key_ring.

matchKeyRingFromCryptoKeyVersionName(cryptoKeyVersionName) → {string}

Parse the key_ring from CryptoKeyVersion resource.

Parameters:

Name	Type	Description
`cryptoKeyVersionName`	string	A fully-qualified path representing CryptoKeyVersion resource.

Returns:

Type	Description
string	A string representing the key_ring.

matchKeyRingFromImportJobName(importJobName) → {string}

Parse the key_ring from ImportJob resource.

Parameters:

Name	Type	Description
`importJobName`	string	A fully-qualified path representing ImportJob resource.

Returns:

Type	Description
string	A string representing the key_ring.

matchKeyRingFromKeyRingName(keyRingName) → {string}

Parse the key_ring from KeyRing resource.

Parameters:

Name	Type	Description
`keyRingName`	string	A fully-qualified path representing KeyRing resource.

Returns:

Type	Description
string	A string representing the key_ring.

matchKeyRingFromPublicKeyName(publicKeyName) → {string}

Parse the key_ring from PublicKey resource.

Parameters:

Name	Type	Description
`publicKeyName`	string	A fully-qualified path representing PublicKey resource.

Returns:

Type	Description
string	A string representing the key_ring.

matchLocationFromCryptoKeyName(cryptoKeyName) → {string}

Parse the location from CryptoKey resource.

Parameters:

Name	Type	Description
`cryptoKeyName`	string	A fully-qualified path representing CryptoKey resource.

Returns:

Type	Description
string	A string representing the location.

matchLocationFromCryptoKeyVersionName(cryptoKeyVersionName) → {string}

Parse the location from CryptoKeyVersion resource.

Parameters:

Name	Type	Description
`cryptoKeyVersionName`	string	A fully-qualified path representing CryptoKeyVersion resource.

Returns:

Type	Description
string	A string representing the location.

matchLocationFromImportJobName(importJobName) → {string}

Parse the location from ImportJob resource.

Parameters:

Name	Type	Description
`importJobName`	string	A fully-qualified path representing ImportJob resource.

Returns:

Type	Description
string	A string representing the location.

matchLocationFromKeyRingName(keyRingName) → {string}

Parse the location from KeyRing resource.

Parameters:

Name	Type	Description
`keyRingName`	string	A fully-qualified path representing KeyRing resource.

Returns:

Type	Description
string	A string representing the location.

matchLocationFromLocationName(locationName) → {string}

Parse the location from Location resource.

Parameters:

Name	Type	Description
`locationName`	string	A fully-qualified path representing Location resource.

Returns:

Type	Description
string	A string representing the location.

matchLocationFromPublicKeyName(publicKeyName) → {string}

Parse the location from PublicKey resource.

Parameters:

Name	Type	Description
`publicKeyName`	string	A fully-qualified path representing PublicKey resource.

Returns:

Type	Description
string	A string representing the location.

matchProjectFromCryptoKeyName(cryptoKeyName) → {string}

Parse the project from CryptoKey resource.

Parameters:

Name	Type	Description
`cryptoKeyName`	string	A fully-qualified path representing CryptoKey resource.

Returns:

Type	Description
string	A string representing the project.

matchProjectFromCryptoKeyVersionName(cryptoKeyVersionName) → {string}

Parse the project from CryptoKeyVersion resource.

Parameters:

Name	Type	Description
`cryptoKeyVersionName`	string	A fully-qualified path representing CryptoKeyVersion resource.

Returns:

Type	Description
string	A string representing the project.

matchProjectFromImportJobName(importJobName) → {string}

Parse the project from ImportJob resource.

Parameters:

Name	Type	Description
`importJobName`	string	A fully-qualified path representing ImportJob resource.

Returns:

Type	Description
string	A string representing the project.

matchProjectFromKeyRingName(keyRingName) → {string}

Parse the project from KeyRing resource.

Parameters:

Name	Type	Description
`keyRingName`	string	A fully-qualified path representing KeyRing resource.

Returns:

Type	Description
string	A string representing the project.

matchProjectFromLocationName(locationName) → {string}

Parse the project from Location resource.

Parameters:

Name	Type	Description
`locationName`	string	A fully-qualified path representing Location resource.

Returns:

Type	Description
string	A string representing the project.

matchProjectFromPublicKeyName(publicKeyName) → {string}

Parse the project from PublicKey resource.

Parameters:

Name	Type	Description
`publicKeyName`	string	A fully-qualified path representing PublicKey resource.

Returns:

Type	Description
string	A string representing the project.

publicKeyPath(project, location, key_ring, crypto_key, crypto_key_version) → {string}

Return a fully-qualified publicKey resource name string.

Parameters:

Name	Type	Description
`project`	string
`location`	string
`key_ring`	string
`crypto_key`	string
`crypto_key_version`	string

Returns:

Type	Description
string	Resource name string.

restoreCryptoKeyVersion(request, optionsopt) → {Promise}

Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state.

Upon restoration of the CryptoKeyVersion, state will be set to DISABLED, and destroy_time will be cleared.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`name`	string	Required. The resource name of the CryptoKeyVersion to restore.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing CryptoKeyVersion. Please see the documentation for more details and examples.

Example

const [response] = await client.restoreCryptoKeyVersion(request);

setIamPolicy(request, optionsopt, callbackopt) → {Promise}

Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error.

Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`resource`	string	REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.
`permissions`	Array.<string>	The set of permissions to check for the `resource`. Permissions with wildcards (such as '' or 'storage.') are not allowed. For more information see IAM Overview.

options

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

function

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing TestIamPermissionsResponse.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing TestIamPermissionsResponse. The promise has a method named "cancel" which cancels the ongoing API call.

testIamPermissions(request, optionsopt, callbackopt) → {Promise}

Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error.

Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`resource`	string	REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.
`permissions`	Array.<string>	The set of permissions to check for the `resource`. Permissions with wildcards (such as '' or 'storage.') are not allowed. For more information see IAM Overview.

options

Object

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback

function

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing TestIamPermissionsResponse.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing TestIamPermissionsResponse. The promise has a method named "cancel" which cancels the ongoing API call.

updateCryptoKey(request, optionsopt) → {Promise}

Update a CryptoKey.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`cryptoKey`	google.cloud.kms.v1.CryptoKey	Required. CryptoKey with updated values.
`updateMask`	google.protobuf.FieldMask	Required. List of fields to be updated in this request.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing CryptoKey. Please see the documentation for more details and examples.

Example

const [response] = await client.updateCryptoKey(request);

updateCryptoKeyPrimaryVersion(request, optionsopt) → {Promise}

Update the version of a CryptoKey that will be used in Encrypt.

Returns an error if called on a key whose purpose is not ENCRYPT_DECRYPT.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`name`	string	Required. The resource name of the CryptoKey to update.
`cryptoKeyVersionId`	string	Required. The id of the child CryptoKeyVersion to use as primary.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing CryptoKey. Please see the documentation for more details and examples.

Example

const [response] = await client.updateCryptoKeyPrimaryVersion(request);

updateCryptoKeyVersion(request, optionsopt) → {Promise}

Update a CryptoKeyVersion's metadata.

state may be changed between ENABLED and DISABLED using this method. See DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to move between other states.

Parameters:

Name Type Attributes Description

request

Object

The request object that will be sent.

Properties

Name	Type	Description
`cryptoKeyVersion`	google.cloud.kms.v1.CryptoKeyVersion	Required. CryptoKeyVersion with updated values.
`updateMask`	google.protobuf.FieldMask	Required. List of fields to be updated in this request.

options

object

Call options. See CallOptions for more details.

Returns:

Type	Description
Promise	The promise which resolves to an array. The first element of the array is an object representing CryptoKeyVersion. Please see the documentation for more details and examples.

Example

const [response] = await client.updateCryptoKeyVersion(request);