Class: Google::Apis::DlpV2::GooglePrivacyDlpV2CryptoKey
- Inherits:
-
Object
- Object
- Google::Apis::DlpV2::GooglePrivacyDlpV2CryptoKey
- Includes:
- Core::Hashable, Core::JsonObjectSupport
- Defined in:
- generated/google/apis/dlp_v2/classes.rb,
generated/google/apis/dlp_v2/representations.rb,
generated/google/apis/dlp_v2/representations.rb
Overview
This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key.
Instance Attribute Summary collapse
-
#kms_wrapped ⇒ Google::Apis::DlpV2::GooglePrivacyDlpV2KmsWrappedCryptoKey
Include to use an existing data crypto key wrapped by KMS.
-
#transient ⇒ Google::Apis::DlpV2::GooglePrivacyDlpV2TransientCryptoKey
Use this to have a random data crypto key generated.
-
#unwrapped ⇒ Google::Apis::DlpV2::GooglePrivacyDlpV2UnwrappedCryptoKey
Using raw keys is prone to security risks due to accidentally leaking the key.
Instance Method Summary collapse
-
#initialize(**args) ⇒ GooglePrivacyDlpV2CryptoKey
constructor
A new instance of GooglePrivacyDlpV2CryptoKey.
-
#update!(**args) ⇒ Object
Update properties of this object.
Methods included from Core::JsonObjectSupport
Methods included from Core::Hashable
Constructor Details
#initialize(**args) ⇒ GooglePrivacyDlpV2CryptoKey
Returns a new instance of GooglePrivacyDlpV2CryptoKey.
1351 1352 1353 |
# File 'generated/google/apis/dlp_v2/classes.rb', line 1351 def initialize(**args) update!(**args) end |
Instance Attribute Details
#kms_wrapped ⇒ Google::Apis::DlpV2::GooglePrivacyDlpV2KmsWrappedCryptoKey
Include to use an existing data crypto key wrapped by KMS.
The wrapped key must be a 128/192/256 bit key.
Authorization requires the following IAM permissions when sending a request
to perform a crypto transformation using a kms-wrapped crypto key:
dlp.kms.encrypt
Corresponds to the JSON property kmsWrapped
1337 1338 1339 |
# File 'generated/google/apis/dlp_v2/classes.rb', line 1337 def kms_wrapped @kms_wrapped end |
#transient ⇒ Google::Apis::DlpV2::GooglePrivacyDlpV2TransientCryptoKey
Use this to have a random data crypto key generated.
It will be discarded after the request finishes.
Corresponds to the JSON property transient
1343 1344 1345 |
# File 'generated/google/apis/dlp_v2/classes.rb', line 1343 def transient @transient end |
#unwrapped ⇒ Google::Apis::DlpV2::GooglePrivacyDlpV2UnwrappedCryptoKey
Using raw keys is prone to security risks due to accidentally
leaking the key. Choose another type of key if possible.
Corresponds to the JSON property unwrapped
1349 1350 1351 |
# File 'generated/google/apis/dlp_v2/classes.rb', line 1349 def unwrapped @unwrapped end |
Instance Method Details
#update!(**args) ⇒ Object
Update properties of this object
1356 1357 1358 1359 1360 |
# File 'generated/google/apis/dlp_v2/classes.rb', line 1356 def update!(**args) @kms_wrapped = args[:kms_wrapped] if args.key?(:kms_wrapped) @transient = args[:transient] if args.key?(:transient) @unwrapped = args[:unwrapped] if args.key?(:unwrapped) end |