Class: Google::Apis::DlpV2::GooglePrivacyDlpV2CryptoKey

Inherits:

Object

• Object
• Google::Apis::DlpV2::GooglePrivacyDlpV2CryptoKey

Includes:

Core::Hashable, Core::JsonObjectSupport

Defined in:

lib/google/apis/dlp_v2/classes.rb,
lib/google/apis/dlp_v2/representations.rb,
lib/google/apis/dlp_v2/representations.rb

Overview

This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by KMS). When using KMS to wrap/unwrap DEKs, be sure to set an appropriate IAM policy on the KMS CryptoKey (KEK) to ensure an attacker cannot unwrap the data crypto key.

Instance Attribute Summary

• #kms_wrapped ⇒ Google::Apis::DlpV2::GooglePrivacyDlpV2KmsWrappedCryptoKey

  Include to use an existing data crypto key wrapped by KMS.

• #transient ⇒ Google::Apis::DlpV2::GooglePrivacyDlpV2TransientCryptoKey

  Use this to have a random data crypto key generated.

• #unwrapped ⇒ Google::Apis::DlpV2::GooglePrivacyDlpV2UnwrappedCryptoKey

  Using raw keys is prone to security risks due to accidentally leaking the key.

Instance Method Summary

• #initialize(**args) ⇒ GooglePrivacyDlpV2CryptoKey constructor

  A new instance of GooglePrivacyDlpV2CryptoKey.

• #update!(**args) ⇒ Object

  Update properties of this object.

Constructor Details

#initialize(**args) ⇒ GooglePrivacyDlpV2CryptoKey

Returns a new instance of GooglePrivacyDlpV2CryptoKey.

# File 'lib/google/apis/dlp_v2/classes.rb', line 1376

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#kms_wrapped ⇒ Google::Apis::DlpV2::GooglePrivacyDlpV2KmsWrappedCryptoKey

Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128/192/256 bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a kms-wrapped crypto key: dlp.kms.encrypt Corresponds to the JSON property kmsWrapped

Returns:

• (Google::Apis::DlpV2::GooglePrivacyDlpV2KmsWrappedCryptoKey)

# File 'lib/google/apis/dlp_v2/classes.rb', line 1362

def kms_wrapped
  @kms_wrapped
end

#transient ⇒ Google::Apis::DlpV2::GooglePrivacyDlpV2TransientCryptoKey

Use this to have a random data crypto key generated. It will be discarded after the request finishes. Corresponds to the JSON property transient

Returns:

• (Google::Apis::DlpV2::GooglePrivacyDlpV2TransientCryptoKey)

# File 'lib/google/apis/dlp_v2/classes.rb', line 1368

def transient
  @transient
end

#unwrapped ⇒ Google::Apis::DlpV2::GooglePrivacyDlpV2UnwrappedCryptoKey

Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Corresponds to the JSON property unwrapped

Returns:

• (Google::Apis::DlpV2::GooglePrivacyDlpV2UnwrappedCryptoKey)

# File 'lib/google/apis/dlp_v2/classes.rb', line 1374

def unwrapped
  @unwrapped
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object

# File 'lib/google/apis/dlp_v2/classes.rb', line 1381

def update!(**args)
  @kms_wrapped = args[:kms_wrapped] if args.key?(:kms_wrapped)
  @transient = args[:transient] if args.key?(:transient)
  @unwrapped = args[:unwrapped] if args.key?(:unwrapped)
end