Class: Google::Cloud::Kms::V1::EkmConnection
- Inherits:
-
Object
- Object
- Google::Cloud::Kms::V1::EkmConnection
- Extended by:
- Protobuf::MessageExts::ClassMethods
- Includes:
- Protobuf::MessageExts
- Defined in:
- proto_docs/google/cloud/kms/v1/ekm_service.rb
Overview
An EkmConnection represents an individual EKM connection. It can be used for creating CryptoKeys and CryptoKeyVersions with a ProtectionLevel of [EXTERNAL_VPC][CryptoKeyVersion.ProtectionLevel.EXTERNAL_VPC], as well as performing cryptographic operations using keys created within the EkmConnection.
Defined Under Namespace
Modules: KeyManagementMode Classes: ServiceResolver
Instance Attribute Summary collapse
-
#create_time ⇒ ::Google::Protobuf::Timestamp
readonly
Output only.
-
#crypto_space_path ⇒ ::String
Optional.
-
#etag ⇒ ::String
Optional.
-
#key_management_mode ⇒ ::Google::Cloud::Kms::V1::EkmConnection::KeyManagementMode
Optional.
-
#name ⇒ ::String
readonly
Output only.
-
#service_resolvers ⇒ ::Array<::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver>
Optional.
Instance Attribute Details
#create_time ⇒ ::Google::Protobuf::Timestamp (readonly)
Returns Output only. The time at which the EkmConnection was created.
231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 |
# File 'proto_docs/google/cloud/kms/v1/ekm_service.rb', line 231 class EkmConnection include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # A {::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver ServiceResolver} # represents an EKM replica that can be reached within an # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}. # @!attribute [rw] service_directory_service # @return [::String] # Required. The resource name of the Service Directory service pointing to # an EKM replica, in the format # `projects/*/locations/*/namespaces/*/services/*`. # @!attribute [rw] endpoint_filter # @return [::String] # Optional. The filter applied to the endpoints of the resolved service. If # no filter is specified, all endpoints will be considered. An endpoint # will be chosen arbitrarily from the filtered list for each request. # # For endpoint filter syntax and examples, see # https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest. # @!attribute [rw] hostname # @return [::String] # Required. The hostname of the EKM replica used at TLS and HTTP layers. # @!attribute [rw] server_certificates # @return [::Array<::Google::Cloud::Kms::V1::Certificate>] # Required. A list of leaf server certificates used to authenticate HTTPS # connections to the EKM replica. Currently, a maximum of 10 # {::Google::Cloud::Kms::V1::Certificate Certificate} is supported. class ServiceResolver include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # {::Google::Cloud::Kms::V1::EkmConnection::KeyManagementMode KeyManagementMode} # describes who can perform control plane cryptographic operations using this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}. module KeyManagementMode # Not specified. KEY_MANAGEMENT_MODE_UNSPECIFIED = 0 # EKM-side key management operations on # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} created with this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} must be initiated from # the EKM directly and cannot be performed from Cloud KMS. This means that: # * When creating a # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} associated with # this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}, the caller must # supply the key path of pre-existing external key material that will be # linked to the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. # * Destruction of external key material cannot be requested via the # Cloud KMS API and must be performed directly in the EKM. # * Automatic rotation of key material is not supported. MANUAL = 1 # All {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} created with this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} use EKM-side key # management operations initiated from Cloud KMS. This means that: # * When a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} # associated with this {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} # is # created, the EKM automatically generates new key material and a new # key path. The caller cannot supply the key path of pre-existing # external key material. # * Destruction of external key material associated with this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} can be requested by # calling [DestroyCryptoKeyVersion][EkmService.DestroyCryptoKeyVersion]. # * Automatic rotation of key material is supported. CLOUD_KMS = 2 end end |
#crypto_space_path ⇒ ::String
Returns Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS.
231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 |
# File 'proto_docs/google/cloud/kms/v1/ekm_service.rb', line 231 class EkmConnection include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # A {::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver ServiceResolver} # represents an EKM replica that can be reached within an # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}. # @!attribute [rw] service_directory_service # @return [::String] # Required. The resource name of the Service Directory service pointing to # an EKM replica, in the format # `projects/*/locations/*/namespaces/*/services/*`. # @!attribute [rw] endpoint_filter # @return [::String] # Optional. The filter applied to the endpoints of the resolved service. If # no filter is specified, all endpoints will be considered. An endpoint # will be chosen arbitrarily from the filtered list for each request. # # For endpoint filter syntax and examples, see # https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest. # @!attribute [rw] hostname # @return [::String] # Required. The hostname of the EKM replica used at TLS and HTTP layers. # @!attribute [rw] server_certificates # @return [::Array<::Google::Cloud::Kms::V1::Certificate>] # Required. A list of leaf server certificates used to authenticate HTTPS # connections to the EKM replica. Currently, a maximum of 10 # {::Google::Cloud::Kms::V1::Certificate Certificate} is supported. class ServiceResolver include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # {::Google::Cloud::Kms::V1::EkmConnection::KeyManagementMode KeyManagementMode} # describes who can perform control plane cryptographic operations using this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}. module KeyManagementMode # Not specified. KEY_MANAGEMENT_MODE_UNSPECIFIED = 0 # EKM-side key management operations on # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} created with this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} must be initiated from # the EKM directly and cannot be performed from Cloud KMS. This means that: # * When creating a # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} associated with # this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}, the caller must # supply the key path of pre-existing external key material that will be # linked to the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. # * Destruction of external key material cannot be requested via the # Cloud KMS API and must be performed directly in the EKM. # * Automatic rotation of key material is not supported. MANUAL = 1 # All {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} created with this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} use EKM-side key # management operations initiated from Cloud KMS. This means that: # * When a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} # associated with this {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} # is # created, the EKM automatically generates new key material and a new # key path. The caller cannot supply the key path of pre-existing # external key material. # * Destruction of external key material associated with this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} can be requested by # calling [DestroyCryptoKeyVersion][EkmService.DestroyCryptoKeyVersion]. # * Automatic rotation of key material is supported. CLOUD_KMS = 2 end end |
#etag ⇒ ::String
Returns Optional. Etag of the currently stored EkmConnection.
231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 |
# File 'proto_docs/google/cloud/kms/v1/ekm_service.rb', line 231 class EkmConnection include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # A {::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver ServiceResolver} # represents an EKM replica that can be reached within an # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}. # @!attribute [rw] service_directory_service # @return [::String] # Required. The resource name of the Service Directory service pointing to # an EKM replica, in the format # `projects/*/locations/*/namespaces/*/services/*`. # @!attribute [rw] endpoint_filter # @return [::String] # Optional. The filter applied to the endpoints of the resolved service. If # no filter is specified, all endpoints will be considered. An endpoint # will be chosen arbitrarily from the filtered list for each request. # # For endpoint filter syntax and examples, see # https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest. # @!attribute [rw] hostname # @return [::String] # Required. The hostname of the EKM replica used at TLS and HTTP layers. # @!attribute [rw] server_certificates # @return [::Array<::Google::Cloud::Kms::V1::Certificate>] # Required. A list of leaf server certificates used to authenticate HTTPS # connections to the EKM replica. Currently, a maximum of 10 # {::Google::Cloud::Kms::V1::Certificate Certificate} is supported. class ServiceResolver include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # {::Google::Cloud::Kms::V1::EkmConnection::KeyManagementMode KeyManagementMode} # describes who can perform control plane cryptographic operations using this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}. module KeyManagementMode # Not specified. KEY_MANAGEMENT_MODE_UNSPECIFIED = 0 # EKM-side key management operations on # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} created with this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} must be initiated from # the EKM directly and cannot be performed from Cloud KMS. This means that: # * When creating a # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} associated with # this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}, the caller must # supply the key path of pre-existing external key material that will be # linked to the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. # * Destruction of external key material cannot be requested via the # Cloud KMS API and must be performed directly in the EKM. # * Automatic rotation of key material is not supported. MANUAL = 1 # All {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} created with this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} use EKM-side key # management operations initiated from Cloud KMS. This means that: # * When a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} # associated with this {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} # is # created, the EKM automatically generates new key material and a new # key path. The caller cannot supply the key path of pre-existing # external key material. # * Destruction of external key material associated with this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} can be requested by # calling [DestroyCryptoKeyVersion][EkmService.DestroyCryptoKeyVersion]. # * Automatic rotation of key material is supported. CLOUD_KMS = 2 end end |
#key_management_mode ⇒ ::Google::Cloud::Kms::V1::EkmConnection::KeyManagementMode
Returns Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL.
231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 |
# File 'proto_docs/google/cloud/kms/v1/ekm_service.rb', line 231 class EkmConnection include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # A {::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver ServiceResolver} # represents an EKM replica that can be reached within an # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}. # @!attribute [rw] service_directory_service # @return [::String] # Required. The resource name of the Service Directory service pointing to # an EKM replica, in the format # `projects/*/locations/*/namespaces/*/services/*`. # @!attribute [rw] endpoint_filter # @return [::String] # Optional. The filter applied to the endpoints of the resolved service. If # no filter is specified, all endpoints will be considered. An endpoint # will be chosen arbitrarily from the filtered list for each request. # # For endpoint filter syntax and examples, see # https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest. # @!attribute [rw] hostname # @return [::String] # Required. The hostname of the EKM replica used at TLS and HTTP layers. # @!attribute [rw] server_certificates # @return [::Array<::Google::Cloud::Kms::V1::Certificate>] # Required. A list of leaf server certificates used to authenticate HTTPS # connections to the EKM replica. Currently, a maximum of 10 # {::Google::Cloud::Kms::V1::Certificate Certificate} is supported. class ServiceResolver include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # {::Google::Cloud::Kms::V1::EkmConnection::KeyManagementMode KeyManagementMode} # describes who can perform control plane cryptographic operations using this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}. module KeyManagementMode # Not specified. KEY_MANAGEMENT_MODE_UNSPECIFIED = 0 # EKM-side key management operations on # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} created with this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} must be initiated from # the EKM directly and cannot be performed from Cloud KMS. This means that: # * When creating a # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} associated with # this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}, the caller must # supply the key path of pre-existing external key material that will be # linked to the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. # * Destruction of external key material cannot be requested via the # Cloud KMS API and must be performed directly in the EKM. # * Automatic rotation of key material is not supported. MANUAL = 1 # All {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} created with this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} use EKM-side key # management operations initiated from Cloud KMS. This means that: # * When a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} # associated with this {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} # is # created, the EKM automatically generates new key material and a new # key path. The caller cannot supply the key path of pre-existing # external key material. # * Destruction of external key material associated with this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} can be requested by # calling [DestroyCryptoKeyVersion][EkmService.DestroyCryptoKeyVersion]. # * Automatic rotation of key material is supported. CLOUD_KMS = 2 end end |
#name ⇒ ::String (readonly)
Returns Output only. The resource name for the
EkmConnection in the format
projects/*/locations/*/ekmConnections/*
.
231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 |
# File 'proto_docs/google/cloud/kms/v1/ekm_service.rb', line 231 class EkmConnection include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # A {::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver ServiceResolver} # represents an EKM replica that can be reached within an # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}. # @!attribute [rw] service_directory_service # @return [::String] # Required. The resource name of the Service Directory service pointing to # an EKM replica, in the format # `projects/*/locations/*/namespaces/*/services/*`. # @!attribute [rw] endpoint_filter # @return [::String] # Optional. The filter applied to the endpoints of the resolved service. If # no filter is specified, all endpoints will be considered. An endpoint # will be chosen arbitrarily from the filtered list for each request. # # For endpoint filter syntax and examples, see # https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest. # @!attribute [rw] hostname # @return [::String] # Required. The hostname of the EKM replica used at TLS and HTTP layers. # @!attribute [rw] server_certificates # @return [::Array<::Google::Cloud::Kms::V1::Certificate>] # Required. A list of leaf server certificates used to authenticate HTTPS # connections to the EKM replica. Currently, a maximum of 10 # {::Google::Cloud::Kms::V1::Certificate Certificate} is supported. class ServiceResolver include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # {::Google::Cloud::Kms::V1::EkmConnection::KeyManagementMode KeyManagementMode} # describes who can perform control plane cryptographic operations using this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}. module KeyManagementMode # Not specified. KEY_MANAGEMENT_MODE_UNSPECIFIED = 0 # EKM-side key management operations on # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} created with this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} must be initiated from # the EKM directly and cannot be performed from Cloud KMS. This means that: # * When creating a # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} associated with # this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}, the caller must # supply the key path of pre-existing external key material that will be # linked to the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. # * Destruction of external key material cannot be requested via the # Cloud KMS API and must be performed directly in the EKM. # * Automatic rotation of key material is not supported. MANUAL = 1 # All {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} created with this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} use EKM-side key # management operations initiated from Cloud KMS. This means that: # * When a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} # associated with this {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} # is # created, the EKM automatically generates new key material and a new # key path. The caller cannot supply the key path of pre-existing # external key material. # * Destruction of external key material associated with this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} can be requested by # calling [DestroyCryptoKeyVersion][EkmService.DestroyCryptoKeyVersion]. # * Automatic rotation of key material is supported. CLOUD_KMS = 2 end end |
#service_resolvers ⇒ ::Array<::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver>
Returns Optional. A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported.
231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 |
# File 'proto_docs/google/cloud/kms/v1/ekm_service.rb', line 231 class EkmConnection include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # A {::Google::Cloud::Kms::V1::EkmConnection::ServiceResolver ServiceResolver} # represents an EKM replica that can be reached within an # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}. # @!attribute [rw] service_directory_service # @return [::String] # Required. The resource name of the Service Directory service pointing to # an EKM replica, in the format # `projects/*/locations/*/namespaces/*/services/*`. # @!attribute [rw] endpoint_filter # @return [::String] # Optional. The filter applied to the endpoints of the resolved service. If # no filter is specified, all endpoints will be considered. An endpoint # will be chosen arbitrarily from the filtered list for each request. # # For endpoint filter syntax and examples, see # https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest. # @!attribute [rw] hostname # @return [::String] # Required. The hostname of the EKM replica used at TLS and HTTP layers. # @!attribute [rw] server_certificates # @return [::Array<::Google::Cloud::Kms::V1::Certificate>] # Required. A list of leaf server certificates used to authenticate HTTPS # connections to the EKM replica. Currently, a maximum of 10 # {::Google::Cloud::Kms::V1::Certificate Certificate} is supported. class ServiceResolver include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end # {::Google::Cloud::Kms::V1::EkmConnection::KeyManagementMode KeyManagementMode} # describes who can perform control plane cryptographic operations using this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}. module KeyManagementMode # Not specified. KEY_MANAGEMENT_MODE_UNSPECIFIED = 0 # EKM-side key management operations on # {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} created with this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} must be initiated from # the EKM directly and cannot be performed from Cloud KMS. This means that: # * When creating a # {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} associated with # this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection}, the caller must # supply the key path of pre-existing external key material that will be # linked to the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. # * Destruction of external key material cannot be requested via the # Cloud KMS API and must be performed directly in the EKM. # * Automatic rotation of key material is not supported. MANUAL = 1 # All {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} created with this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} use EKM-side key # management operations initiated from Cloud KMS. This means that: # * When a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} # associated with this {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} # is # created, the EKM automatically generates new key material and a new # key path. The caller cannot supply the key path of pre-existing # external key material. # * Destruction of external key material associated with this # {::Google::Cloud::Kms::V1::EkmConnection EkmConnection} can be requested by # calling [DestroyCryptoKeyVersion][EkmService.DestroyCryptoKeyVersion]. # * Automatic rotation of key material is supported. CLOUD_KMS = 2 end end |