KeyManagementServiceClient

KeyManagementServiceClient

Google Cloud Key Management Service

Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:

If you are using manual gRPC libraries, see Using gRPC with Cloud KMS.

Constructor

new KeyManagementServiceClient(optionsopt)

Construct an instance of KeyManagementServiceClient.

Parameters:
Name Type Attributes Description
options object <optional>

The configuration object. See the subsequent parameters for more details.

Properties
Name Type Attributes Description
credentials object <optional>

Credentials object.

Properties
Name Type Attributes Description
client_email string <optional>
private_key string <optional>
email string <optional>

Account email address. Required when using a .pem or .p12 keyFilename.

keyFilename string <optional>

Full path to the a .json, .pem, or .p12 key downloaded from the Google Developers Console. If you provide a path to a JSON file, the projectId option below is not necessary. NOTE: .pem and .p12 require you to specify options.email as well.

port number <optional>

The port on which to connect to the remote host.

projectId string <optional>

The project ID from the Google Developer's Console, e.g. 'grape-spaceship-123'. We will also check the environment variable GCLOUD_PROJECT for your project ID. If your app is running in an environment which supports Application Default Credentials, your project ID will be detected automatically.

apiEndpoint string <optional>

The domain name of the API remote host.

Members

(static) apiEndpoint

The DNS address for this API service - same as servicePath(), exists for compatibility reasons.

(static) port

The port for this API service.

(static) scopes

The scopes needed to make gRPC calls for every method defined in this service.

(static) servicePath

The DNS address for this API service.

Methods

asymmetricDecrypt(request, optionsopt) → {Promise}

Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The resource name of the CryptoKeyVersion to use for decryption.

ciphertext Buffer

Required. The data encrypted with the named CryptoKeyVersion's public key using OAEP.

options object <optional>

Call options. See CallOptions for more details.

asymmetricSign(request, optionsopt) → {Promise}

Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The resource name of the CryptoKeyVersion to use for signing.

digest google.cloud.kms.v1.Digest

Required. The digest of the data to sign. The digest must be produced with the same digest algorithm as specified by the key version's algorithm.

options object <optional>

Call options. See CallOptions for more details.

close()

Terminate the GRPC channel and close the client.

The client will no longer be usable and all future behavior is undefined.

createCryptoKey(request, optionsopt) → {Promise}

Create a new CryptoKey within a KeyRing.

CryptoKey.purpose and CryptoKey.version_template.algorithm are required.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
parent string

Required. The name of the KeyRing associated with the CryptoKeys.

cryptoKeyId string

Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

cryptoKey google.cloud.kms.v1.CryptoKey

Required. A CryptoKey with initial field values.

skipInitialVersionCreation boolean

If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.

options object <optional>

Call options. See CallOptions for more details.

createCryptoKeyVersion(request, optionsopt) → {Promise}

Create a new CryptoKeyVersion in a CryptoKey.

The server will assign the next sequential id. If unset, state will be set to ENABLED.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
parent string

Required. The name of the CryptoKey associated with the CryptoKeyVersions.

cryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion

Required. A CryptoKeyVersion with initial field values.

options object <optional>

Call options. See CallOptions for more details.

createImportJob(request, optionsopt) → {Promise}

Create a new ImportJob within a KeyRing.

ImportJob.import_method is required.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
parent string

Required. The name of the KeyRing associated with the ImportJobs.

importJobId string

Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

importJob google.cloud.kms.v1.ImportJob

Required. An ImportJob with initial field values.

options object <optional>

Call options. See CallOptions for more details.

createKeyRing(request, optionsopt) → {Promise}

Create a new KeyRing in a given Project and Location.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
parent string

Required. The resource name of the location associated with the KeyRings, in the format projects/* /locations/*.

keyRingId string

Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}

keyRing google.cloud.kms.v1.KeyRing

Required. A KeyRing with initial field values.

options object <optional>

Call options. See CallOptions for more details.

cryptoKeyPath(project, location, key_ring, crypto_key) → {string}

Return a fully-qualified cryptoKey resource name string.

Parameters:
Name Type Description
project string
location string
key_ring string
crypto_key string

cryptoKeyVersionPath(project, location, key_ring, crypto_key, crypto_key_version) → {string}

Return a fully-qualified cryptoKeyVersion resource name string.

Parameters:
Name Type Description
project string
location string
key_ring string
crypto_key string
crypto_key_version string

decrypt(request, optionsopt) → {Promise}

Decrypts data that was protected by Encrypt. The CryptoKey.purpose must be ENCRYPT_DECRYPT.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
name string

Required. The resource name of the CryptoKey to use for decryption. The server will choose the appropriate version.

ciphertext Buffer

Required. The encrypted data originally returned in EncryptResponse.ciphertext.

additionalAuthenticatedData Buffer <optional>

Optional. Optional data that must match the data originally supplied in EncryptRequest.additional_authenticated_data.

options object <optional>

Call options. See CallOptions for more details.

destroyCryptoKeyVersion(request, optionsopt) → {Promise}

Schedule a CryptoKeyVersion for destruction.

Upon calling this method, CryptoKeyVersion.state will be set to DESTROY_SCHEDULED and destroy_time will be set to a time 24 hours in the future, at which point the state will be changed to DESTROYED, and the key material will be irrevocably destroyed.

Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to reverse the process.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The resource name of the CryptoKeyVersion to destroy.

options object <optional>

Call options. See CallOptions for more details.

encrypt(request, optionsopt) → {Promise}

Encrypts data, so that it can only be recovered by a call to Decrypt. The CryptoKey.purpose must be ENCRYPT_DECRYPT.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
name string

Required. The resource name of the CryptoKey or CryptoKeyVersion to use for encryption.

If a CryptoKey is specified, the server will use its primary version.

plaintext Buffer

Required. The data to encrypt. Must be no larger than 64KiB.

The maximum size depends on the key version's protection_level. For SOFTWARE keys, the plaintext must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.

additionalAuthenticatedData Buffer <optional>

Optional. Optional data that, if specified, must also be provided during decryption through DecryptRequest.additional_authenticated_data.

The maximum size depends on the key version's protection_level. For SOFTWARE keys, the AAD must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.

options object <optional>

Call options. See CallOptions for more details.

getCryptoKey(request, optionsopt) → {Promise}

Returns metadata for a given CryptoKey, as well as its primary CryptoKeyVersion.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The name of the CryptoKey to get.

options object <optional>

Call options. See CallOptions for more details.

getCryptoKeyVersion(request, optionsopt) → {Promise}

Returns metadata for a given CryptoKeyVersion.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The name of the CryptoKeyVersion to get.

options object <optional>

Call options. See CallOptions for more details.

getIamPolicy(request, optionsopt, callbackopt) → {Promise}

Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
resource string

REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.

options Object <optional>

OPTIONAL: A GetPolicyOptions object for specifying options to GetIamPolicy. This field is only used by Cloud IAM.

This object should have the same structure as GetPolicyOptions

options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing Policy.

getImportJob(request, optionsopt) → {Promise}

Returns metadata for a given ImportJob.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The name of the ImportJob to get.

options object <optional>

Call options. See CallOptions for more details.

getKeyRing(request, optionsopt) → {Promise}

Returns metadata for a given KeyRing.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The name of the KeyRing to get.

options object <optional>

Call options. See CallOptions for more details.

getProjectId(callback)

Return the project ID used by this class.

Parameters:
Name Type Description
callback function

the callback to be called with the current project Id.

getPublicKey(request, optionsopt) → {Promise}

Returns the public key for the given CryptoKeyVersion. The CryptoKey.purpose must be ASYMMETRIC_SIGN or ASYMMETRIC_DECRYPT.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The name of the CryptoKeyVersion public key to get.

options object <optional>

Call options. See CallOptions for more details.

importCryptoKeyVersion(request, optionsopt) → {Promise}

Imports a new CryptoKeyVersion into an existing CryptoKey using the wrapped key material provided in the request.

The version ID will be assigned the next sequential id within the CryptoKey.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
parent string

Required. The name of the CryptoKey to be imported into.

algorithm google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm

Required. The algorithm of the key being imported. This does not need to match the version_template of the CryptoKey this version imports into.

importJob string

Required. The name of the ImportJob that was used to wrap this key material.

rsaAesWrappedKey Buffer

Wrapped key material produced with RSA_OAEP_3072_SHA1_AES_256 or RSA_OAEP_4096_SHA1_AES_256.

This field contains the concatenation of two wrapped keys:

  1. An ephemeral AES-256 wrapping key wrapped with the public_key using RSAES-OAEP with SHA-1, MGF1 with SHA-1, and an empty label.
  2. The key to be imported, wrapped with the ephemeral AES-256 key using AES-KWP (RFC 5649).

If importing symmetric key material, it is expected that the unwrapped key contains plain bytes. If importing asymmetric key material, it is expected that the unwrapped key is in PKCS#8-encoded DER format (the PrivateKeyInfo structure from RFC 5208).

This format is the same as the format produced by PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP.

options object <optional>

Call options. See CallOptions for more details.

importJobPath(project, location, key_ring, import_job) → {string}

Return a fully-qualified importJob resource name string.

Parameters:
Name Type Description
project string
location string
key_ring string
import_job string

initialize() → {Promise}

Initialize the client. Performs asynchronous operations (such as authentication) and prepares the client. This function will be called automatically when any class method is called for the first time, but if you need to initialize it before calling an actual method, feel free to call initialize() directly.

You can await on this method if you want to make sure the client is initialized.

keyRingPath(project, location, key_ring) → {string}

Return a fully-qualified keyRing resource name string.

Parameters:
Name Type Description
project string
location string
key_ring string

listCryptoKeys(request, optionsopt) → {Promise}

Lists CryptoKeys.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The resource name of the KeyRing to list, in the format projects/* /locations/* /keyRings/*.

pageSize number <optional>

Optional. Optional limit on the number of CryptoKeys to include in the response. Further CryptoKeys can subsequently be obtained by including the ListCryptoKeysResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.

pageToken string <optional>

Optional. Optional pagination token, returned earlier via ListCryptoKeysResponse.next_page_token.

versionView google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionView

The fields of the primary version to include in the response.

filter string <optional>

Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.

orderBy string <optional>

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

options object <optional>

Call options. See CallOptions for more details.

listCryptoKeysAsync(request, optionsopt) → {Object}

Equivalent to listCryptoKeys, but returns an iterable object.

for-await-of syntax is used with the iterable to recursively get response element on-demand.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The resource name of the KeyRing to list, in the format projects/* /locations/* /keyRings/*.

pageSize number <optional>

Optional. Optional limit on the number of CryptoKeys to include in the response. Further CryptoKeys can subsequently be obtained by including the ListCryptoKeysResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.

pageToken string <optional>

Optional. Optional pagination token, returned earlier via ListCryptoKeysResponse.next_page_token.

versionView google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionView

The fields of the primary version to include in the response.

filter string <optional>

Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.

orderBy string <optional>

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

options object <optional>

Call options. See CallOptions for more details.

listCryptoKeysStream(request, optionsopt) → {Stream}

Equivalent to listCryptoKeys, but returns a NodeJS Stream object.

This fetches the paged responses for listCryptoKeys continuously and invokes the callback registered for 'data' event for each element in the responses.

The returned object has 'end' method when no more elements are required.

autoPaginate option will be ignored.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The resource name of the KeyRing to list, in the format projects/* /locations/* /keyRings/*.

pageSize number <optional>

Optional. Optional limit on the number of CryptoKeys to include in the response. Further CryptoKeys can subsequently be obtained by including the ListCryptoKeysResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.

pageToken string <optional>

Optional. Optional pagination token, returned earlier via ListCryptoKeysResponse.next_page_token.

versionView google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionView

The fields of the primary version to include in the response.

filter string <optional>

Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.

orderBy string <optional>

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

options object <optional>

Call options. See CallOptions for more details.

See:

listCryptoKeyVersions(request, optionsopt) → {Promise}

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The resource name of the CryptoKey to list, in the format projects/* /locations/* /keyRings/* /cryptoKeys/*.

pageSize number <optional>

Optional. Optional limit on the number of CryptoKeyVersions to include in the response. Further CryptoKeyVersions can subsequently be obtained by including the ListCryptoKeyVersionsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.

pageToken string <optional>

Optional. Optional pagination token, returned earlier via ListCryptoKeyVersionsResponse.next_page_token.

view google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionView

The fields to include in the response.

filter string <optional>

Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.

orderBy string <optional>

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

options object <optional>

Call options. See CallOptions for more details.

listCryptoKeyVersionsAsync(request, optionsopt) → {Object}

Equivalent to listCryptoKeyVersions, but returns an iterable object.

for-await-of syntax is used with the iterable to recursively get response element on-demand.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The resource name of the CryptoKey to list, in the format projects/* /locations/* /keyRings/* /cryptoKeys/*.

pageSize number <optional>

Optional. Optional limit on the number of CryptoKeyVersions to include in the response. Further CryptoKeyVersions can subsequently be obtained by including the ListCryptoKeyVersionsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.

pageToken string <optional>

Optional. Optional pagination token, returned earlier via ListCryptoKeyVersionsResponse.next_page_token.

view google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionView

The fields to include in the response.

filter string <optional>

Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.

orderBy string <optional>

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

options object <optional>

Call options. See CallOptions for more details.

listCryptoKeyVersionsStream(request, optionsopt) → {Stream}

Equivalent to listCryptoKeyVersions, but returns a NodeJS Stream object.

This fetches the paged responses for listCryptoKeyVersions continuously and invokes the callback registered for 'data' event for each element in the responses.

The returned object has 'end' method when no more elements are required.

autoPaginate option will be ignored.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The resource name of the CryptoKey to list, in the format projects/* /locations/* /keyRings/* /cryptoKeys/*.

pageSize number <optional>

Optional. Optional limit on the number of CryptoKeyVersions to include in the response. Further CryptoKeyVersions can subsequently be obtained by including the ListCryptoKeyVersionsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.

pageToken string <optional>

Optional. Optional pagination token, returned earlier via ListCryptoKeyVersionsResponse.next_page_token.

view google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionView

The fields to include in the response.

filter string <optional>

Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.

orderBy string <optional>

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

options object <optional>

Call options. See CallOptions for more details.

See:

listImportJobs(request, optionsopt) → {Promise}

Lists ImportJobs.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The resource name of the KeyRing to list, in the format projects/* /locations/* /keyRings/*.

pageSize number <optional>

Optional. Optional limit on the number of ImportJobs to include in the response. Further ImportJobs can subsequently be obtained by including the ListImportJobsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.

pageToken string <optional>

Optional. Optional pagination token, returned earlier via ListImportJobsResponse.next_page_token.

filter string <optional>

Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.

orderBy string <optional>

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

options object <optional>

Call options. See CallOptions for more details.

listImportJobsAsync(request, optionsopt) → {Object}

Equivalent to listImportJobs, but returns an iterable object.

for-await-of syntax is used with the iterable to recursively get response element on-demand.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The resource name of the KeyRing to list, in the format projects/* /locations/* /keyRings/*.

pageSize number <optional>

Optional. Optional limit on the number of ImportJobs to include in the response. Further ImportJobs can subsequently be obtained by including the ListImportJobsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.

pageToken string <optional>

Optional. Optional pagination token, returned earlier via ListImportJobsResponse.next_page_token.

filter string <optional>

Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.

orderBy string <optional>

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

options object <optional>

Call options. See CallOptions for more details.

listImportJobsStream(request, optionsopt) → {Stream}

Equivalent to listImportJobs, but returns a NodeJS Stream object.

This fetches the paged responses for listImportJobs continuously and invokes the callback registered for 'data' event for each element in the responses.

The returned object has 'end' method when no more elements are required.

autoPaginate option will be ignored.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The resource name of the KeyRing to list, in the format projects/* /locations/* /keyRings/*.

pageSize number <optional>

Optional. Optional limit on the number of ImportJobs to include in the response. Further ImportJobs can subsequently be obtained by including the ListImportJobsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.

pageToken string <optional>

Optional. Optional pagination token, returned earlier via ListImportJobsResponse.next_page_token.

filter string <optional>

Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.

orderBy string <optional>

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

options object <optional>

Call options. See CallOptions for more details.

See:

listKeyRings(request, optionsopt) → {Promise}

Lists KeyRings.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The resource name of the location associated with the KeyRings, in the format projects/* /locations/*.

pageSize number <optional>

Optional. Optional limit on the number of KeyRings to include in the response. Further KeyRings can subsequently be obtained by including the ListKeyRingsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.

pageToken string <optional>

Optional. Optional pagination token, returned earlier via ListKeyRingsResponse.next_page_token.

filter string <optional>

Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.

orderBy string <optional>

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

options object <optional>

Call options. See CallOptions for more details.

listKeyRingsAsync(request, optionsopt) → {Object}

Equivalent to listKeyRings, but returns an iterable object.

for-await-of syntax is used with the iterable to recursively get response element on-demand.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The resource name of the location associated with the KeyRings, in the format projects/* /locations/*.

pageSize number <optional>

Optional. Optional limit on the number of KeyRings to include in the response. Further KeyRings can subsequently be obtained by including the ListKeyRingsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.

pageToken string <optional>

Optional. Optional pagination token, returned earlier via ListKeyRingsResponse.next_page_token.

filter string <optional>

Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.

orderBy string <optional>

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

options object <optional>

Call options. See CallOptions for more details.

listKeyRingsStream(request, optionsopt) → {Stream}

Equivalent to listKeyRings, but returns a NodeJS Stream object.

This fetches the paged responses for listKeyRings continuously and invokes the callback registered for 'data' event for each element in the responses.

The returned object has 'end' method when no more elements are required.

autoPaginate option will be ignored.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Attributes Description
parent string

Required. The resource name of the location associated with the KeyRings, in the format projects/* /locations/*.

pageSize number <optional>

Optional. Optional limit on the number of KeyRings to include in the response. Further KeyRings can subsequently be obtained by including the ListKeyRingsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.

pageToken string <optional>

Optional. Optional pagination token, returned earlier via ListKeyRingsResponse.next_page_token.

filter string <optional>

Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.

orderBy string <optional>

Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

options object <optional>

Call options. See CallOptions for more details.

See:

locationPath(project, location) → {string}

Return a fully-qualified location resource name string.

Parameters:
Name Type Description
project string
location string

matchCryptoKeyFromCryptoKeyName(cryptoKeyName) → {string}

Parse the crypto_key from CryptoKey resource.

Parameters:
Name Type Description
cryptoKeyName string

A fully-qualified path representing CryptoKey resource.

matchCryptoKeyFromCryptoKeyVersionName(cryptoKeyVersionName) → {string}

Parse the crypto_key from CryptoKeyVersion resource.

Parameters:
Name Type Description
cryptoKeyVersionName string

A fully-qualified path representing CryptoKeyVersion resource.

matchCryptoKeyFromPublicKeyName(publicKeyName) → {string}

Parse the crypto_key from PublicKey resource.

Parameters:
Name Type Description
publicKeyName string

A fully-qualified path representing PublicKey resource.

matchCryptoKeyVersionFromCryptoKeyVersionName(cryptoKeyVersionName) → {string}

Parse the crypto_key_version from CryptoKeyVersion resource.

Parameters:
Name Type Description
cryptoKeyVersionName string

A fully-qualified path representing CryptoKeyVersion resource.

matchCryptoKeyVersionFromPublicKeyName(publicKeyName) → {string}

Parse the crypto_key_version from PublicKey resource.

Parameters:
Name Type Description
publicKeyName string

A fully-qualified path representing PublicKey resource.

matchImportJobFromImportJobName(importJobName) → {string}

Parse the import_job from ImportJob resource.

Parameters:
Name Type Description
importJobName string

A fully-qualified path representing ImportJob resource.

matchKeyRingFromCryptoKeyName(cryptoKeyName) → {string}

Parse the key_ring from CryptoKey resource.

Parameters:
Name Type Description
cryptoKeyName string

A fully-qualified path representing CryptoKey resource.

matchKeyRingFromCryptoKeyVersionName(cryptoKeyVersionName) → {string}

Parse the key_ring from CryptoKeyVersion resource.

Parameters:
Name Type Description
cryptoKeyVersionName string

A fully-qualified path representing CryptoKeyVersion resource.

matchKeyRingFromImportJobName(importJobName) → {string}

Parse the key_ring from ImportJob resource.

Parameters:
Name Type Description
importJobName string

A fully-qualified path representing ImportJob resource.

matchKeyRingFromKeyRingName(keyRingName) → {string}

Parse the key_ring from KeyRing resource.

Parameters:
Name Type Description
keyRingName string

A fully-qualified path representing KeyRing resource.

matchKeyRingFromPublicKeyName(publicKeyName) → {string}

Parse the key_ring from PublicKey resource.

Parameters:
Name Type Description
publicKeyName string

A fully-qualified path representing PublicKey resource.

matchLocationFromCryptoKeyName(cryptoKeyName) → {string}

Parse the location from CryptoKey resource.

Parameters:
Name Type Description
cryptoKeyName string

A fully-qualified path representing CryptoKey resource.

matchLocationFromCryptoKeyVersionName(cryptoKeyVersionName) → {string}

Parse the location from CryptoKeyVersion resource.

Parameters:
Name Type Description
cryptoKeyVersionName string

A fully-qualified path representing CryptoKeyVersion resource.

matchLocationFromImportJobName(importJobName) → {string}

Parse the location from ImportJob resource.

Parameters:
Name Type Description
importJobName string

A fully-qualified path representing ImportJob resource.

matchLocationFromKeyRingName(keyRingName) → {string}

Parse the location from KeyRing resource.

Parameters:
Name Type Description
keyRingName string

A fully-qualified path representing KeyRing resource.

matchLocationFromLocationName(locationName) → {string}

Parse the location from Location resource.

Parameters:
Name Type Description
locationName string

A fully-qualified path representing Location resource.

matchLocationFromPublicKeyName(publicKeyName) → {string}

Parse the location from PublicKey resource.

Parameters:
Name Type Description
publicKeyName string

A fully-qualified path representing PublicKey resource.

matchProjectFromCryptoKeyName(cryptoKeyName) → {string}

Parse the project from CryptoKey resource.

Parameters:
Name Type Description
cryptoKeyName string

A fully-qualified path representing CryptoKey resource.

matchProjectFromCryptoKeyVersionName(cryptoKeyVersionName) → {string}

Parse the project from CryptoKeyVersion resource.

Parameters:
Name Type Description
cryptoKeyVersionName string

A fully-qualified path representing CryptoKeyVersion resource.

matchProjectFromImportJobName(importJobName) → {string}

Parse the project from ImportJob resource.

Parameters:
Name Type Description
importJobName string

A fully-qualified path representing ImportJob resource.

matchProjectFromKeyRingName(keyRingName) → {string}

Parse the project from KeyRing resource.

Parameters:
Name Type Description
keyRingName string

A fully-qualified path representing KeyRing resource.

matchProjectFromLocationName(locationName) → {string}

Parse the project from Location resource.

Parameters:
Name Type Description
locationName string

A fully-qualified path representing Location resource.

matchProjectFromPublicKeyName(publicKeyName) → {string}

Parse the project from PublicKey resource.

Parameters:
Name Type Description
publicKeyName string

A fully-qualified path representing PublicKey resource.

publicKeyPath(project, location, key_ring, crypto_key, crypto_key_version) → {string}

Return a fully-qualified publicKey resource name string.

Parameters:
Name Type Description
project string
location string
key_ring string
crypto_key string
crypto_key_version string

restoreCryptoKeyVersion(request, optionsopt) → {Promise}

Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state.

Upon restoration of the CryptoKeyVersion, state will be set to DISABLED, and destroy_time will be cleared.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The resource name of the CryptoKeyVersion to restore.

options object <optional>

Call options. See CallOptions for more details.

setIamPolicy(request, optionsopt, callbackopt) → {Promise}

Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error.

Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
resource string

REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.

permissions Array.<string>

The set of permissions to check for the resource. Permissions with wildcards (such as '' or 'storage.') are not allowed. For more information see IAM Overview.

options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing TestIamPermissionsResponse.

testIamPermissions(request, optionsopt, callbackopt) → {Promise}

Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error.

Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
resource string

REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.

permissions Array.<string>

The set of permissions to check for the resource. Permissions with wildcards (such as '' or 'storage.') are not allowed. For more information see IAM Overview.

options Object <optional>

Optional parameters. You can override the default settings for this call, e.g, timeout, retries, paginations, etc. See gax.CallOptions for the details.

callback function <optional>

The function which will be called with the result of the API call.

The second parameter to the callback is an object representing TestIamPermissionsResponse.

updateCryptoKey(request, optionsopt) → {Promise}

Update a CryptoKey.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
cryptoKey google.cloud.kms.v1.CryptoKey

Required. CryptoKey with updated values.

updateMask google.protobuf.FieldMask

Required. List of fields to be updated in this request.

options object <optional>

Call options. See CallOptions for more details.

updateCryptoKeyPrimaryVersion(request, optionsopt) → {Promise}

Update the version of a CryptoKey that will be used in Encrypt.

Returns an error if called on an asymmetric key.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
name string

Required. The resource name of the CryptoKey to update.

cryptoKeyVersionId string

Required. The id of the child CryptoKeyVersion to use as primary.

options object <optional>

Call options. See CallOptions for more details.

updateCryptoKeyVersion(request, optionsopt) → {Promise}

Update a CryptoKeyVersion's metadata.

state may be changed between ENABLED and DISABLED using this method. See DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to move between other states.

Parameters:
Name Type Attributes Description
request Object

The request object that will be sent.

Properties
Name Type Description
cryptoKeyVersion google.cloud.kms.v1.CryptoKeyVersion

Required. CryptoKeyVersion with updated values.

updateMask google.protobuf.FieldMask

Required. List of fields to be updated in this request.

options object <optional>

Call options. See CallOptions for more details.