Class: Google::Cloud::Kms::V1::KeyManagementService::Client

Inherits:

Object

• Object
• Google::Cloud::Kms::V1::KeyManagementService::Client

Includes:

Paths

Defined in:

lib/google/cloud/kms/v1/key_management_service/client.rb

Overview

Client for the KeyManagementService service.

Google Cloud Key Management Service

Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:

• KeyRing
• CryptoKey
• CryptoKeyVersion
• ImportJob

If you are using manual gRPC libraries, see Using gRPC with Cloud KMS.

Defined Under Namespace

Classes: Configuration

Instance Attribute Summary

• #iam_policy_client ⇒ Google::Iam::V1::IAMPolicy::Client readonly

  Get the associated client for mix-in of the IAMPolicy.

• #location_client ⇒ Google::Cloud::Location::Locations::Client readonly

  Get the associated client for mix-in of the Locations.

Class Method Summary

• .configure {|config| ... } ⇒ Client::Configuration

  Configure the KeyManagementService Client class.

Instance Method Summary

• #asymmetric_decrypt(request, options = nil) {|response, operation| ... } ⇒ ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse

  Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT.

• #asymmetric_sign(request, options = nil) {|response, operation| ... } ⇒ ::Google::Cloud::Kms::V1::AsymmetricSignResponse

  Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.

• #configure {|config| ... } ⇒ Client::Configuration

  Configure the KeyManagementService Client instance.

• #create_crypto_key(request, options = nil) {|response, operation| ... } ⇒ ::Google::Cloud::Kms::V1::CryptoKey

  Create a new CryptoKey within a KeyRing.

• #create_crypto_key_version(request, options = nil) {|response, operation| ... } ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion

  Create a new CryptoKeyVersion in a CryptoKey.

• #create_import_job(request, options = nil) {|response, operation| ... } ⇒ ::Google::Cloud::Kms::V1::ImportJob

  Create a new ImportJob within a KeyRing.

• #create_key_ring(request, options = nil) {|response, operation| ... } ⇒ ::Google::Cloud::Kms::V1::KeyRing

  Create a new KeyRing in a given Project and Location.

• #decrypt(request, options = nil) {|response, operation| ... } ⇒ ::Google::Cloud::Kms::V1::DecryptResponse

  Decrypts data that was protected by Encrypt.

• #destroy_crypto_key_version(request, options = nil) {|response, operation| ... } ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion

  Schedule a CryptoKeyVersion for destruction.

• #encrypt(request, options = nil) {|response, operation| ... } ⇒ ::Google::Cloud::Kms::V1::EncryptResponse

  Encrypts data, so that it can only be recovered by a call to Decrypt.

• #generate_random_bytes(request, options = nil) {|response, operation| ... } ⇒ ::Google::Cloud::Kms::V1::GenerateRandomBytesResponse

  Generate random bytes using the Cloud KMS randomness source in the provided location.

• #get_crypto_key(request, options = nil) {|response, operation| ... } ⇒ ::Google::Cloud::Kms::V1::CryptoKey

  Returns metadata for a given CryptoKey, as well as its primary CryptoKeyVersion.

• #get_crypto_key_version(request, options = nil) {|response, operation| ... } ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion

  Returns metadata for a given CryptoKeyVersion.

• #get_import_job(request, options = nil) {|response, operation| ... } ⇒ ::Google::Cloud::Kms::V1::ImportJob

  Returns metadata for a given ImportJob.

• #get_key_ring(request, options = nil) {|response, operation| ... } ⇒ ::Google::Cloud::Kms::V1::KeyRing

  Returns metadata for a given KeyRing.

• #get_public_key(request, options = nil) {|response, operation| ... } ⇒ ::Google::Cloud::Kms::V1::PublicKey

  Returns the public key for the given CryptoKeyVersion.

• #import_crypto_key_version(request, options = nil) {|response, operation| ... } ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion

  Import wrapped key material into a CryptoKeyVersion.

• #initialize {|config| ... } ⇒ Client constructor

  Create a new KeyManagementService client object.

• #list_crypto_key_versions(request, options = nil) {|response, operation| ... } ⇒ ::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::CryptoKeyVersion>

  Lists CryptoKeyVersions.

• #list_crypto_keys(request, options = nil) {|response, operation| ... } ⇒ ::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::CryptoKey>

  Lists CryptoKeys.

• #list_import_jobs(request, options = nil) {|response, operation| ... } ⇒ ::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::ImportJob>

  Lists ImportJobs.

• #list_key_rings(request, options = nil) {|response, operation| ... } ⇒ ::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::KeyRing>

  Lists KeyRings.

• #mac_sign(request, options = nil) {|response, operation| ... } ⇒ ::Google::Cloud::Kms::V1::MacSignResponse

  Signs data using a CryptoKeyVersion with CryptoKey.purpose MAC, producing a tag that can be verified by another source with the same key.

• #mac_verify(request, options = nil) {|response, operation| ... } ⇒ ::Google::Cloud::Kms::V1::MacVerifyResponse

  Verifies MAC tag using a CryptoKeyVersion with CryptoKey.purpose MAC, and returns a response that indicates whether or not the verification was successful.

• #raw_decrypt(request, options = nil) {|response, operation| ... } ⇒ ::Google::Cloud::Kms::V1::RawDecryptResponse

  Decrypts data that was originally encrypted using a raw cryptographic mechanism.

• #raw_encrypt(request, options = nil) {|response, operation| ... } ⇒ ::Google::Cloud::Kms::V1::RawEncryptResponse

  Encrypts data using portable cryptographic primitives.

• #restore_crypto_key_version(request, options = nil) {|response, operation| ... } ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion

  Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state.

• #universe_domain ⇒ String

  The effective universe domain.

• #update_crypto_key(request, options = nil) {|response, operation| ... } ⇒ ::Google::Cloud::Kms::V1::CryptoKey

  Update a CryptoKey.

• #update_crypto_key_primary_version(request, options = nil) {|response, operation| ... } ⇒ ::Google::Cloud::Kms::V1::CryptoKey

  Update the version of a CryptoKey that will be used in Encrypt.

• #update_crypto_key_version(request, options = nil) {|response, operation| ... } ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion

  Update a CryptoKeyVersion's metadata.

Methods included from Paths

#crypto_key_path, #crypto_key_version_path, #import_job_path, #key_ring_path, #location_path

Constructor Details

#initialize {|config| ... } ⇒ Client

Create a new KeyManagementService client object.

Examples:

# Create a client using the default configuration
client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a client using a custom configuration
client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new do |config|
  config.timeout = 10.0
end

Yields:

• (config) —

  Configure the KeyManagementService client.

Yield Parameters:

• config (Client::Configuration)

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 261

def initialize
  # These require statements are intentionally placed here to initialize
  # the gRPC module only when it's required.
  # See https://github.com/googleapis/toolkit/issues/446
  require "gapic/grpc"
  require "google/cloud/kms/v1/service_services_pb"

  # Create the configuration object
  @config = Configuration.new Client.configure

  # Yield the configuration if needed
  yield @config if block_given?

  # Create credentials
  credentials = @config.credentials
  # Use self-signed JWT if the endpoint is unchanged from default,
  # but only if the default endpoint does not have a region prefix.
  enable_self_signed_jwt = @config.endpoint.nil? ||
                           (@config.endpoint == Configuration::DEFAULT_ENDPOINT &&
                           !@config.endpoint.split(".").first.include?("-"))
  credentials ||= Credentials.default scope: @config.scope,
                                      enable_self_signed_jwt: enable_self_signed_jwt
  if credentials.is_a?(::String) || credentials.is_a?(::Hash)
    credentials = Credentials.new credentials, scope: @config.scope
  end
  @quota_project_id = @config.quota_project
  @quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id

  @key_management_service_stub = ::Gapic::ServiceStub.new(
    ::Google::Cloud::Kms::V1::KeyManagementService::Stub,
    credentials: credentials,
    endpoint: @config.endpoint,
    endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
    universe_domain: @config.universe_domain,
    channel_args: @config.channel_args,
    interceptors: @config.interceptors,
    channel_pool_config: @config.channel_pool
  )

  @location_client = Google::Cloud::Location::Locations::Client.new do |config|
    config.credentials = credentials
    config.quota_project = @quota_project_id
    config.endpoint = @key_management_service_stub.endpoint
    config.universe_domain = @key_management_service_stub.universe_domain
  end

  @iam_policy_client = Google::Iam::V1::IAMPolicy::Client.new do |config|
    config.credentials = credentials
    config.quota_project = @quota_project_id
    config.endpoint = @key_management_service_stub.endpoint
    config.universe_domain = @key_management_service_stub.universe_domain
  end
end

Instance Attribute Details

#iam_policy_client ⇒ Google::Iam::V1::IAMPolicy::Client (readonly)

Get the associated client for mix-in of the IAMPolicy.

Returns:

• (Google::Iam::V1::IAMPolicy::Client)

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 327

def iam_policy_client
  @iam_policy_client
end

#location_client ⇒ Google::Cloud::Location::Locations::Client (readonly)

Get the associated client for mix-in of the Locations.

Returns:

• (Google::Cloud::Location::Locations::Client)

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 320

def location_client
  @location_client
end

Class Method Details

.configure {|config| ... } ⇒ Client::Configuration

Configure the KeyManagementService Client class.

See Configuration for a description of the configuration fields.

Examples:

# Modify the configuration for all KeyManagementService clients
::Google::Cloud::Kms::V1::KeyManagementService::Client.configure do |config|
  config.timeout = 10.0
end

Yields:

• (config) —

  Configure the Client client.

Yield Parameters:

• config (Client::Configuration)

Returns:

• (Client::Configuration)

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 75

def self.configure
  @configure ||= begin
    namespace = ["Google", "Cloud", "Kms", "V1"]
    parent_config = while namespace.any?
                      parent_name = namespace.join "::"
                      parent_const = const_get parent_name
                      break parent_const.configure if parent_const.respond_to? :configure
                      namespace.pop
                    end
    default_config = Client::Configuration.new parent_config

    default_config.rpcs.list_key_rings.timeout = 60.0
    default_config.rpcs.list_key_rings.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.list_crypto_keys.timeout = 60.0
    default_config.rpcs.list_crypto_keys.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.list_crypto_key_versions.timeout = 60.0
    default_config.rpcs.list_crypto_key_versions.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.list_import_jobs.timeout = 60.0
    default_config.rpcs.list_import_jobs.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.get_key_ring.timeout = 60.0
    default_config.rpcs.get_key_ring.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.get_crypto_key.timeout = 60.0
    default_config.rpcs.get_crypto_key.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.get_crypto_key_version.timeout = 60.0
    default_config.rpcs.get_crypto_key_version.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.get_public_key.timeout = 60.0
    default_config.rpcs.get_public_key.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.get_import_job.timeout = 60.0
    default_config.rpcs.get_import_job.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.create_key_ring.timeout = 60.0
    default_config.rpcs.create_key_ring.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.create_crypto_key.timeout = 60.0
    default_config.rpcs.create_crypto_key.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.create_crypto_key_version.timeout = 60.0

    default_config.rpcs.import_crypto_key_version.timeout = 60.0

    default_config.rpcs.create_import_job.timeout = 60.0
    default_config.rpcs.create_import_job.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.update_crypto_key.timeout = 60.0
    default_config.rpcs.update_crypto_key.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.update_crypto_key_version.timeout = 60.0
    default_config.rpcs.update_crypto_key_version.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.update_crypto_key_primary_version.timeout = 60.0
    default_config.rpcs.update_crypto_key_primary_version.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.destroy_crypto_key_version.timeout = 60.0
    default_config.rpcs.destroy_crypto_key_version.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.restore_crypto_key_version.timeout = 60.0
    default_config.rpcs.restore_crypto_key_version.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.encrypt.timeout = 60.0
    default_config.rpcs.encrypt.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.decrypt.timeout = 60.0
    default_config.rpcs.decrypt.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.asymmetric_sign.timeout = 60.0
    default_config.rpcs.asymmetric_sign.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.asymmetric_decrypt.timeout = 60.0
    default_config.rpcs.asymmetric_decrypt.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.mac_sign.timeout = 60.0
    default_config.rpcs.mac_sign.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.mac_verify.timeout = 60.0
    default_config.rpcs.mac_verify.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.generate_random_bytes.timeout = 60.0
    default_config.rpcs.generate_random_bytes.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config
  end
  yield @configure if block_given?
  @configure
end

Instance Method Details

#asymmetric_decrypt(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse #asymmetric_decrypt(name: nil, ciphertext: nil, ciphertext_crc32c: nil) ⇒ ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse

Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::AsymmetricDecryptRequest.new

# Call the asymmetric_decrypt method.
result = client.asymmetric_decrypt request

# The returned object is of type Google::Cloud::Kms::V1::AsymmetricDecryptResponse.
p result

Overloads:

• #asymmetric_decrypt(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse

  Pass arguments to asymmetric_decrypt via a request object, either of type AsymmetricDecryptRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::AsymmetricDecryptRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #asymmetric_decrypt(name: nil, ciphertext: nil, ciphertext_crc32c: nil) ⇒ ::Google::Cloud::Kms::V1::AsymmetricDecryptResponse

  Pass arguments to asymmetric_decrypt via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • name (::String) (defaults to: nil) —

    Required. The resource name of the CryptoKeyVersion to use for decryption.

  • ciphertext (::String) (defaults to: nil) —

    Required. The data encrypted with the named CryptoKeyVersion's public key using OAEP.

  • ciphertext_crc32c (::Google::Protobuf::Int64Value, ::Hash) (defaults to: nil) —

    Optional. An optional CRC32C checksum of the AsymmetricDecryptRequest.ciphertext. If specified, KeyManagementService will verify the integrity of the received AsymmetricDecryptRequest.ciphertext using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(AsymmetricDecryptRequest.ciphertext) is equal to AsymmetricDecryptRequest.ciphertext_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Cloud::Kms::V1::AsymmetricDecryptResponse)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Cloud::Kms::V1::AsymmetricDecryptResponse)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 3131

def asymmetric_decrypt request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::AsymmetricDecryptRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.asymmetric_decrypt.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.name
    header_params["name"] = request.name
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.asymmetric_decrypt.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.asymmetric_decrypt.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :asymmetric_decrypt, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#asymmetric_sign(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::AsymmetricSignResponse #asymmetric_sign(name: nil, digest: nil, digest_crc32c: nil, data: nil, data_crc32c: nil) ⇒ ::Google::Cloud::Kms::V1::AsymmetricSignResponse

Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::AsymmetricSignRequest.new

# Call the asymmetric_sign method.
result = client.asymmetric_sign request

# The returned object is of type Google::Cloud::Kms::V1::AsymmetricSignResponse.
p result

Overloads:

• #asymmetric_sign(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::AsymmetricSignResponse

  Pass arguments to asymmetric_sign via a request object, either of type AsymmetricSignRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::AsymmetricSignRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #asymmetric_sign(name: nil, digest: nil, digest_crc32c: nil, data: nil, data_crc32c: nil) ⇒ ::Google::Cloud::Kms::V1::AsymmetricSignResponse

  Pass arguments to asymmetric_sign via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • name (::String) (defaults to: nil) —

    Required. The resource name of the CryptoKeyVersion to use for signing.

  • digest (::Google::Cloud::Kms::V1::Digest, ::Hash) (defaults to: nil) —

    Optional. The digest of the data to sign. The digest must be produced with the same digest algorithm as specified by the key version's algorithm.

    This field may not be supplied if AsymmetricSignRequest.data is supplied.

  • digest_crc32c (::Google::Protobuf::Int64Value, ::Hash) (defaults to: nil) —

    Optional. An optional CRC32C checksum of the AsymmetricSignRequest.digest. If specified, KeyManagementService will verify the integrity of the received AsymmetricSignRequest.digest using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(AsymmetricSignRequest.digest) is equal to AsymmetricSignRequest.digest_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

  • data (::String) (defaults to: nil) —

    Optional. The data to sign. It can't be supplied if AsymmetricSignRequest.digest is supplied.

  • data_crc32c (::Google::Protobuf::Int64Value, ::Hash) (defaults to: nil) —

    Optional. An optional CRC32C checksum of the AsymmetricSignRequest.data. If specified, KeyManagementService will verify the integrity of the received AsymmetricSignRequest.data using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(AsymmetricSignRequest.data) is equal to AsymmetricSignRequest.data_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Cloud::Kms::V1::AsymmetricSignResponse)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Cloud::Kms::V1::AsymmetricSignResponse)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 3015

def asymmetric_sign request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::AsymmetricSignRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.asymmetric_sign.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.name
    header_params["name"] = request.name
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.asymmetric_sign.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.asymmetric_sign.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :asymmetric_sign, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#configure {|config| ... } ⇒ Client::Configuration

Configure the KeyManagementService Client instance.

The configuration is set to the derived mode, meaning that values can be changed, but structural changes (adding new fields, etc.) are not allowed. Structural changes should be made on configure.

See Configuration for a description of the configuration fields.

Yields:

• (config) —

  Configure the Client client.

Yield Parameters:

• config (Client::Configuration)

Returns:

• (Client::Configuration)

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 231

def configure
  yield @config if block_given?
  @config
end

#create_crypto_key(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKey #create_crypto_key(parent: nil, crypto_key_id: nil, crypto_key: nil, skip_initial_version_creation: nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKey

Create a new CryptoKey within a KeyRing.

CryptoKey.purpose and CryptoKey.version_template.algorithm are required.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::CreateCryptoKeyRequest.new

# Call the create_crypto_key method.
result = client.create_crypto_key request

# The returned object is of type Google::Cloud::Kms::V1::CryptoKey.
p result

Overloads:

• #create_crypto_key(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKey

  Pass arguments to create_crypto_key via a request object, either of type CreateCryptoKeyRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::CreateCryptoKeyRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #create_crypto_key(parent: nil, crypto_key_id: nil, crypto_key: nil, skip_initial_version_creation: nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKey

  Pass arguments to create_crypto_key via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • parent (::String) (defaults to: nil) —

    Required. The name of the KeyRing associated with the CryptoKeys.

  • crypto_key_id (::String) (defaults to: nil) —

    Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

  • crypto_key (::Google::Cloud::Kms::V1::CryptoKey, ::Hash) (defaults to: nil) —

    Required. A CryptoKey with initial field values.

  • skip_initial_version_creation (::Boolean) (defaults to: nil) —

    If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Cloud::Kms::V1::CryptoKey)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Cloud::Kms::V1::CryptoKey)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 1392

def create_crypto_key request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::CreateCryptoKeyRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.create_crypto_key.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.parent
    header_params["parent"] = request.parent
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.create_crypto_key.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.create_crypto_key.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :create_crypto_key, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#create_crypto_key_version(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion #create_crypto_key_version(parent: nil, crypto_key_version: nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion

Create a new CryptoKeyVersion in a CryptoKey.

The server will assign the next sequential id. If unset, state will be set to ENABLED.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::CreateCryptoKeyVersionRequest.new

# Call the create_crypto_key_version method.
result = client.create_crypto_key_version request

# The returned object is of type Google::Cloud::Kms::V1::CryptoKeyVersion.
p result

Overloads:

• #create_crypto_key_version(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion

  Pass arguments to create_crypto_key_version via a request object, either of type CreateCryptoKeyVersionRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::CreateCryptoKeyVersionRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #create_crypto_key_version(parent: nil, crypto_key_version: nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion

  Pass arguments to create_crypto_key_version via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • parent (::String) (defaults to: nil) —

    Required. The name of the CryptoKey associated with the CryptoKeyVersions.

  • crypto_key_version (::Google::Cloud::Kms::V1::CryptoKeyVersion, ::Hash) (defaults to: nil) —

    Required. A CryptoKeyVersion with initial field values.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Cloud::Kms::V1::CryptoKeyVersion)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Cloud::Kms::V1::CryptoKeyVersion)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 1488

def create_crypto_key_version request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::CreateCryptoKeyVersionRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.create_crypto_key_version.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.parent
    header_params["parent"] = request.parent
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.create_crypto_key_version.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.create_crypto_key_version.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :create_crypto_key_version, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#create_import_job(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::ImportJob #create_import_job(parent: nil, import_job_id: nil, import_job: nil) ⇒ ::Google::Cloud::Kms::V1::ImportJob

Create a new ImportJob within a KeyRing.

ImportJob.import_method is required.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::CreateImportJobRequest.new

# Call the create_import_job method.
result = client.create_import_job request

# The returned object is of type Google::Cloud::Kms::V1::ImportJob.
p result

Overloads:

• #create_import_job(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::ImportJob

  Pass arguments to create_import_job via a request object, either of type CreateImportJobRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::CreateImportJobRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #create_import_job(parent: nil, import_job_id: nil, import_job: nil) ⇒ ::Google::Cloud::Kms::V1::ImportJob

  Pass arguments to create_import_job via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • parent (::String) (defaults to: nil) —

    Required. The name of the KeyRing associated with the ImportJobs.

  • import_job_id (::String) (defaults to: nil) —

    Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

  • import_job (::Google::Cloud::Kms::V1::ImportJob, ::Hash) (defaults to: nil) —

    Required. An ImportJob with initial field values.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Cloud::Kms::V1::ImportJob)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Cloud::Kms::V1::ImportJob)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 1759

def create_import_job request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::CreateImportJobRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.create_import_job.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.parent
    header_params["parent"] = request.parent
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.create_import_job.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.create_import_job.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :create_import_job, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#create_key_ring(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::KeyRing #create_key_ring(parent: nil, key_ring_id: nil, key_ring: nil) ⇒ ::Google::Cloud::Kms::V1::KeyRing

Create a new KeyRing in a given Project and Location.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::CreateKeyRingRequest.new

# Call the create_key_ring method.
result = client.create_key_ring request

# The returned object is of type Google::Cloud::Kms::V1::KeyRing.
p result

Overloads:

• #create_key_ring(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::KeyRing

  Pass arguments to create_key_ring via a request object, either of type CreateKeyRingRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::CreateKeyRingRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #create_key_ring(parent: nil, key_ring_id: nil, key_ring: nil) ⇒ ::Google::Cloud::Kms::V1::KeyRing

  Pass arguments to create_key_ring via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • parent (::String) (defaults to: nil) —

    Required. The resource name of the location associated with the KeyRings, in the format projects/*/locations/*.

  • key_ring_id (::String) (defaults to: nil) —

    Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}

  • key_ring (::Google::Cloud::Kms::V1::KeyRing, ::Hash) (defaults to: nil) —

    Required. A KeyRing with initial field values.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Cloud::Kms::V1::KeyRing)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Cloud::Kms::V1::KeyRing)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 1285

def create_key_ring request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::CreateKeyRingRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.create_key_ring.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.parent
    header_params["parent"] = request.parent
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.create_key_ring.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.create_key_ring.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :create_key_ring, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#decrypt(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::DecryptResponse #decrypt(name: nil, ciphertext: nil, additional_authenticated_data: nil, ciphertext_crc32c: nil, additional_authenticated_data_crc32c: nil) ⇒ ::Google::Cloud::Kms::V1::DecryptResponse

Decrypts data that was protected by Encrypt. The CryptoKey.purpose must be ENCRYPT_DECRYPT.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::DecryptRequest.new

# Call the decrypt method.
result = client.decrypt request

# The returned object is of type Google::Cloud::Kms::V1::DecryptResponse.
p result

Overloads:

• #decrypt(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::DecryptResponse

  Pass arguments to decrypt via a request object, either of type DecryptRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::DecryptRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #decrypt(name: nil, ciphertext: nil, additional_authenticated_data: nil, ciphertext_crc32c: nil, additional_authenticated_data_crc32c: nil) ⇒ ::Google::Cloud::Kms::V1::DecryptResponse

  Pass arguments to decrypt via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • name (::String) (defaults to: nil) —

    Required. The resource name of the CryptoKey to use for decryption. The server will choose the appropriate version.

  • ciphertext (::String) (defaults to: nil) —

    Required. The encrypted data originally returned in EncryptResponse.ciphertext.

  • additional_authenticated_data (::String) (defaults to: nil) —

    Optional. Optional data that must match the data originally supplied in EncryptRequest.additional_authenticated_data.

  • ciphertext_crc32c (::Google::Protobuf::Int64Value, ::Hash) (defaults to: nil) —

    Optional. An optional CRC32C checksum of the DecryptRequest.ciphertext. If specified, KeyManagementService will verify the integrity of the received DecryptRequest.ciphertext using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(DecryptRequest.ciphertext) is equal to DecryptRequest.ciphertext_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

  • additional_authenticated_data_crc32c (::Google::Protobuf::Int64Value, ::Hash) (defaults to: nil) —

    Optional. An optional CRC32C checksum of the DecryptRequest.additional_authenticated_data. If specified, KeyManagementService will verify the integrity of the received DecryptRequest.additional_authenticated_data using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(DecryptRequest.additional_authenticated_data) is equal to DecryptRequest.additional_authenticated_data_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Cloud::Kms::V1::DecryptResponse)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Cloud::Kms::V1::DecryptResponse)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 2542

def decrypt request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::DecryptRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.decrypt.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.name
    header_params["name"] = request.name
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.decrypt.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.decrypt.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :decrypt, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#destroy_crypto_key_version(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion #destroy_crypto_key_version(name: nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion

Schedule a CryptoKeyVersion for destruction.

Upon calling this method, CryptoKeyVersion.state will be set to DESTROY_SCHEDULED, and destroy_time will be set to the time destroy_scheduled_duration in the future. At that time, the state will automatically change to DESTROYED, and the key material will be irrevocably destroyed.

Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to reverse the process.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest.new

# Call the destroy_crypto_key_version method.
result = client.destroy_crypto_key_version request

# The returned object is of type Google::Cloud::Kms::V1::CryptoKeyVersion.
p result

Overloads:

• #destroy_crypto_key_version(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion

  Pass arguments to destroy_crypto_key_version via a request object, either of type DestroyCryptoKeyVersionRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #destroy_crypto_key_version(name: nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion

  Pass arguments to destroy_crypto_key_version via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • name (::String) (defaults to: nil) —

    Required. The resource name of the CryptoKeyVersion to destroy.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Cloud::Kms::V1::CryptoKeyVersion)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Cloud::Kms::V1::CryptoKeyVersion)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 2149

def destroy_crypto_key_version request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.destroy_crypto_key_version.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.name
    header_params["name"] = request.name
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.destroy_crypto_key_version.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.destroy_crypto_key_version.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :destroy_crypto_key_version, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#encrypt(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::EncryptResponse #encrypt(name: nil, plaintext: nil, additional_authenticated_data: nil, plaintext_crc32c: nil, additional_authenticated_data_crc32c: nil) ⇒ ::Google::Cloud::Kms::V1::EncryptResponse

Encrypts data, so that it can only be recovered by a call to Decrypt. The CryptoKey.purpose must be ENCRYPT_DECRYPT.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::EncryptRequest.new

# Call the encrypt method.
result = client.encrypt request

# The returned object is of type Google::Cloud::Kms::V1::EncryptResponse.
p result

Overloads:

• #encrypt(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::EncryptResponse

  Pass arguments to encrypt via a request object, either of type EncryptRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::EncryptRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #encrypt(name: nil, plaintext: nil, additional_authenticated_data: nil, plaintext_crc32c: nil, additional_authenticated_data_crc32c: nil) ⇒ ::Google::Cloud::Kms::V1::EncryptResponse

  Pass arguments to encrypt via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • name (::String) (defaults to: nil) —

    Required. The resource name of the CryptoKey or CryptoKeyVersion to use for encryption.

    If a CryptoKey is specified, the server will use its primary version.

  • plaintext (::String) (defaults to: nil) —

    Required. The data to encrypt. Must be no larger than 64KiB.

    The maximum size depends on the key version's protection_level. For SOFTWARE, EXTERNAL, and EXTERNAL_VPC keys, the plaintext must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.

  • additional_authenticated_data (::String) (defaults to: nil) —

    Optional. Optional data that, if specified, must also be provided during decryption through DecryptRequest.additional_authenticated_data.

    The maximum size depends on the key version's protection_level. For SOFTWARE, EXTERNAL, and EXTERNAL_VPC keys the AAD must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.

  • plaintext_crc32c (::Google::Protobuf::Int64Value, ::Hash) (defaults to: nil) —

    Optional. An optional CRC32C checksum of the EncryptRequest.plaintext. If specified, KeyManagementService will verify the integrity of the received EncryptRequest.plaintext using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(EncryptRequest.plaintext) is equal to EncryptRequest.plaintext_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

  • additional_authenticated_data_crc32c (::Google::Protobuf::Int64Value, ::Hash) (defaults to: nil) —

    Optional. An optional CRC32C checksum of the EncryptRequest.additional_authenticated_data. If specified, KeyManagementService will verify the integrity of the received EncryptRequest.additional_authenticated_data using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(EncryptRequest.additional_authenticated_data) is equal to EncryptRequest.additional_authenticated_data_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Cloud::Kms::V1::EncryptResponse)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Cloud::Kms::V1::EncryptResponse)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 2405

def encrypt request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::EncryptRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.encrypt.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.name
    header_params["name"] = request.name
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.encrypt.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.encrypt.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :encrypt, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#generate_random_bytes(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::GenerateRandomBytesResponse #generate_random_bytes(location: nil, length_bytes: nil, protection_level: nil) ⇒ ::Google::Cloud::Kms::V1::GenerateRandomBytesResponse

Generate random bytes using the Cloud KMS randomness source in the provided location.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::GenerateRandomBytesRequest.new

# Call the generate_random_bytes method.
result = client.generate_random_bytes request

# The returned object is of type Google::Cloud::Kms::V1::GenerateRandomBytesResponse.
p result

Overloads:

• #generate_random_bytes(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::GenerateRandomBytesResponse

  Pass arguments to generate_random_bytes via a request object, either of type GenerateRandomBytesRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::GenerateRandomBytesRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #generate_random_bytes(location: nil, length_bytes: nil, protection_level: nil) ⇒ ::Google::Cloud::Kms::V1::GenerateRandomBytesResponse

  Pass arguments to generate_random_bytes via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • location (::String) (defaults to: nil) —

    The project-specific location in which to generate random bytes. For example, "projects/my-project/locations/us-central1".

  • length_bytes (::Integer) (defaults to: nil) —

    The length in bytes of the amount of randomness to retrieve. Minimum 8 bytes, maximum 1024 bytes.

  • protection_level (::Google::Cloud::Kms::V1::ProtectionLevel) (defaults to: nil) —

    The ProtectionLevel to use when generating the random data. Currently, only HSM protection level is supported.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Cloud::Kms::V1::GenerateRandomBytesResponse)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Cloud::Kms::V1::GenerateRandomBytesResponse)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 3471

def generate_random_bytes request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::GenerateRandomBytesRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.generate_random_bytes.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.location
    header_params["location"] = request.location
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.generate_random_bytes.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.generate_random_bytes.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :generate_random_bytes, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#get_crypto_key(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKey #get_crypto_key(name: nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKey

Returns metadata for a given CryptoKey, as well as its primary CryptoKeyVersion.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::GetCryptoKeyRequest.new

# Call the get_crypto_key method.
result = client.get_crypto_key request

# The returned object is of type Google::Cloud::Kms::V1::CryptoKey.
p result

Overloads:

• #get_crypto_key(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKey

  Pass arguments to get_crypto_key via a request object, either of type GetCryptoKeyRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::GetCryptoKeyRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #get_crypto_key(name: nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKey

  Pass arguments to get_crypto_key via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • name (::String) (defaults to: nil) —

    Required. The name of the CryptoKey to get.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Cloud::Kms::V1::CryptoKey)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Cloud::Kms::V1::CryptoKey)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 923

def get_crypto_key request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::GetCryptoKeyRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.get_crypto_key.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.name
    header_params["name"] = request.name
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.get_crypto_key.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.get_crypto_key.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :get_crypto_key, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#get_crypto_key_version(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion #get_crypto_key_version(name: nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion

Returns metadata for a given CryptoKeyVersion.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::GetCryptoKeyVersionRequest.new

# Call the get_crypto_key_version method.
result = client.get_crypto_key_version request

# The returned object is of type Google::Cloud::Kms::V1::CryptoKeyVersion.
p result

Overloads:

• #get_crypto_key_version(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion

  Pass arguments to get_crypto_key_version via a request object, either of type GetCryptoKeyVersionRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::GetCryptoKeyVersionRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #get_crypto_key_version(name: nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion

  Pass arguments to get_crypto_key_version via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • name (::String) (defaults to: nil) —

    Required. The name of the CryptoKeyVersion to get.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Cloud::Kms::V1::CryptoKeyVersion)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Cloud::Kms::V1::CryptoKeyVersion)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 1011

def get_crypto_key_version request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::GetCryptoKeyVersionRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.get_crypto_key_version.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.name
    header_params["name"] = request.name
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.get_crypto_key_version.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.get_crypto_key_version.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :get_crypto_key_version, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#get_import_job(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::ImportJob #get_import_job(name: nil) ⇒ ::Google::Cloud::Kms::V1::ImportJob

Returns metadata for a given ImportJob.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::GetImportJobRequest.new

# Call the get_import_job method.
result = client.get_import_job request

# The returned object is of type Google::Cloud::Kms::V1::ImportJob.
p result

Overloads:

• #get_import_job(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::ImportJob

  Pass arguments to get_import_job via a request object, either of type GetImportJobRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::GetImportJobRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #get_import_job(name: nil) ⇒ ::Google::Cloud::Kms::V1::ImportJob

  Pass arguments to get_import_job via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • name (::String) (defaults to: nil) —

    Required. The name of the ImportJob to get.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Cloud::Kms::V1::ImportJob)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Cloud::Kms::V1::ImportJob)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 1190

def get_import_job request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::GetImportJobRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.get_import_job.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.name
    header_params["name"] = request.name
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.get_import_job.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.get_import_job.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :get_import_job, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#get_key_ring(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::KeyRing #get_key_ring(name: nil) ⇒ ::Google::Cloud::Kms::V1::KeyRing

Returns metadata for a given KeyRing.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::GetKeyRingRequest.new

# Call the get_key_ring method.
result = client.get_key_ring request

# The returned object is of type Google::Cloud::Kms::V1::KeyRing.
p result

Overloads:

• #get_key_ring(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::KeyRing

  Pass arguments to get_key_ring via a request object, either of type GetKeyRingRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::GetKeyRingRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #get_key_ring(name: nil) ⇒ ::Google::Cloud::Kms::V1::KeyRing

  Pass arguments to get_key_ring via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • name (::String) (defaults to: nil) —

    Required. The name of the KeyRing to get.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Cloud::Kms::V1::KeyRing)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Cloud::Kms::V1::KeyRing)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 834

def get_key_ring request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::GetKeyRingRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.get_key_ring.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.name
    header_params["name"] = request.name
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.get_key_ring.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.get_key_ring.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :get_key_ring, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#get_public_key(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::PublicKey #get_public_key(name: nil) ⇒ ::Google::Cloud::Kms::V1::PublicKey

Returns the public key for the given CryptoKeyVersion. The CryptoKey.purpose must be ASYMMETRIC_SIGN or ASYMMETRIC_DECRYPT.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::GetPublicKeyRequest.new

# Call the get_public_key method.
result = client.get_public_key request

# The returned object is of type Google::Cloud::Kms::V1::PublicKey.
p result

Overloads:

• #get_public_key(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::PublicKey

  Pass arguments to get_public_key via a request object, either of type GetPublicKeyRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::GetPublicKeyRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #get_public_key(name: nil) ⇒ ::Google::Cloud::Kms::V1::PublicKey

  Pass arguments to get_public_key via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • name (::String) (defaults to: nil) —

    Required. The name of the CryptoKeyVersion public key to get.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Cloud::Kms::V1::PublicKey)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Cloud::Kms::V1::PublicKey)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 1103

def get_public_key request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::GetPublicKeyRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.get_public_key.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.name
    header_params["name"] = request.name
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.get_public_key.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.get_public_key.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :get_public_key, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#import_crypto_key_version(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion #import_crypto_key_version(parent: nil, crypto_key_version: nil, algorithm: nil, import_job: nil, wrapped_key: nil, rsa_aes_wrapped_key: nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion

Import wrapped key material into a CryptoKeyVersion.

All requests must specify a CryptoKey. If a CryptoKeyVersion is additionally specified in the request, key material will be reimported into that version. Otherwise, a new version will be created, and will be assigned the next sequential id within the CryptoKey.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest.new

# Call the import_crypto_key_version method.
result = client.import_crypto_key_version request

# The returned object is of type Google::Cloud::Kms::V1::CryptoKeyVersion.
p result

Overloads:

• #import_crypto_key_version(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion

  Pass arguments to import_crypto_key_version via a request object, either of type ImportCryptoKeyVersionRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #import_crypto_key_version(parent: nil, crypto_key_version: nil, algorithm: nil, import_job: nil, wrapped_key: nil, rsa_aes_wrapped_key: nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion

  Pass arguments to import_crypto_key_version via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • parent (::String) (defaults to: nil) —

    Required. The name of the CryptoKey to be imported into.

    The create permission is only required on this key when creating a new CryptoKeyVersion.

  • crypto_key_version (::String) (defaults to: nil) —

    Optional. The optional name of an existing CryptoKeyVersion to target for an import operation. If this field is not present, a new CryptoKeyVersion containing the supplied key material is created.

    If this field is present, the supplied key material is imported into the existing CryptoKeyVersion. To import into an existing CryptoKeyVersion, the CryptoKeyVersion must be a child of ImportCryptoKeyVersionRequest.parent, have been previously created via [ImportCryptoKeyVersion][], and be in DESTROYED or IMPORT_FAILED state. The key material and algorithm must match the previous CryptoKeyVersion exactly if the CryptoKeyVersion has ever contained key material.

  • algorithm (::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm) (defaults to: nil) —

    Required. The algorithm of the key being imported. This does not need to match the version_template of the CryptoKey this version imports into.

  • import_job (::String) (defaults to: nil) —

    Required. The name of the ImportJob that was used to wrap this key material.

  • wrapped_key (::String) (defaults to: nil) —

    Optional. The wrapped key material to import.

    Before wrapping, key material must be formatted. If importing symmetric key material, the expected key material format is plain bytes. If importing asymmetric key material, the expected key material format is PKCS#8-encoded DER (the PrivateKeyInfo structure from RFC 5208).

    When wrapping with import methods (RSA_OAEP_3072_SHA1_AES_256 or RSA_OAEP_4096_SHA1_AES_256 or RSA_OAEP_3072_SHA256_AES_256 or RSA_OAEP_4096_SHA256_AES_256),

    this field must contain the concatenation of:

    1. An ephemeral AES-256 wrapping key wrapped with the public_key using RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty label.
    2. The formatted key to be imported, wrapped with the ephemeral AES-256 key using AES-KWP (RFC 5649).

    This format is the same as the format produced by PKCS#11 mechanism CKM_RSA_AES_KEY_WRAP.

    When wrapping with import methods (RSA_OAEP_3072_SHA256 or RSA_OAEP_4096_SHA256),

    this field must contain the formatted key to be imported, wrapped with the public_key using RSAES-OAEP with SHA-256, MGF1 with SHA-256, and an empty label.

  • rsa_aes_wrapped_key (::String) (defaults to: nil) —

    Optional. This field has the same meaning as wrapped_key. Prefer to use that field in new work. Either that field or this field (but not both) must be specified.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Cloud::Kms::V1::CryptoKeyVersion)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Cloud::Kms::V1::CryptoKeyVersion)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 1661

def import_crypto_key_version request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.import_crypto_key_version.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.parent
    header_params["parent"] = request.parent
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.import_crypto_key_version.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.import_crypto_key_version.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :import_crypto_key_version, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#list_crypto_key_versions(request, options = nil) ⇒ ::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::CryptoKeyVersion> #list_crypto_key_versions(parent: nil, page_size: nil, page_token: nil, view: nil, filter: nil, order_by: nil) ⇒ ::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::CryptoKeyVersion>

Lists CryptoKeyVersions.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::ListCryptoKeyVersionsRequest.new

# Call the list_crypto_key_versions method.
result = client.list_crypto_key_versions request

# The returned object is of type Gapic::PagedEnumerable. You can iterate
# over elements, and API calls will be issued to fetch pages as needed.
result.each do |item|
  # Each element is of type ::Google::Cloud::Kms::V1::CryptoKeyVersion.
  p item
end

Overloads:

• #list_crypto_key_versions(request, options = nil) ⇒ ::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::CryptoKeyVersion>

  Pass arguments to list_crypto_key_versions via a request object, either of type ListCryptoKeyVersionsRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::ListCryptoKeyVersionsRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #list_crypto_key_versions(parent: nil, page_size: nil, page_token: nil, view: nil, filter: nil, order_by: nil) ⇒ ::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::CryptoKeyVersion>

  Pass arguments to list_crypto_key_versions via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • parent (::String) (defaults to: nil) —

    Required. The resource name of the CryptoKey to list, in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.

  • page_size (::Integer) (defaults to: nil) —

    Optional. Optional limit on the number of CryptoKeyVersions to include in the response. Further CryptoKeyVersions can subsequently be obtained by including the ListCryptoKeyVersionsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.

  • page_token (::String) (defaults to: nil) —

    Optional. Optional pagination token, returned earlier via ListCryptoKeyVersionsResponse.next_page_token.

  • view (::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionView) (defaults to: nil) —

    The fields to include in the response.

  • filter (::String) (defaults to: nil) —

    Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.

  • order_by (::String) (defaults to: nil) —

    Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::CryptoKeyVersion>)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::CryptoKeyVersion>)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 633

def list_crypto_key_versions request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::ListCryptoKeyVersionsRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.list_crypto_key_versions.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.parent
    header_params["parent"] = request.parent
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.list_crypto_key_versions.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.list_crypto_key_versions.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :list_crypto_key_versions, request, options: options do |response, operation|
    response = ::Gapic::PagedEnumerable.new @key_management_service_stub, :list_crypto_key_versions, request, response, operation, options
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#list_crypto_keys(request, options = nil) ⇒ ::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::CryptoKey> #list_crypto_keys(parent: nil, page_size: nil, page_token: nil, version_view: nil, filter: nil, order_by: nil) ⇒ ::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::CryptoKey>

Lists CryptoKeys.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::ListCryptoKeysRequest.new

# Call the list_crypto_keys method.
result = client.list_crypto_keys request

# The returned object is of type Gapic::PagedEnumerable. You can iterate
# over elements, and API calls will be issued to fetch pages as needed.
result.each do |item|
  # Each element is of type ::Google::Cloud::Kms::V1::CryptoKey.
  p item
end

Overloads:

• #list_crypto_keys(request, options = nil) ⇒ ::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::CryptoKey>

  Pass arguments to list_crypto_keys via a request object, either of type ListCryptoKeysRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::ListCryptoKeysRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #list_crypto_keys(parent: nil, page_size: nil, page_token: nil, version_view: nil, filter: nil, order_by: nil) ⇒ ::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::CryptoKey>

  Pass arguments to list_crypto_keys via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • parent (::String) (defaults to: nil) —

    Required. The resource name of the KeyRing to list, in the format projects/*/locations/*/keyRings/*.

  • page_size (::Integer) (defaults to: nil) —

    Optional. Optional limit on the number of CryptoKeys to include in the response. Further CryptoKeys can subsequently be obtained by including the ListCryptoKeysResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.

  • page_token (::String) (defaults to: nil) —

    Optional. Optional pagination token, returned earlier via ListCryptoKeysResponse.next_page_token.

  • version_view (::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionView) (defaults to: nil) —

    The fields of the primary version to include in the response.

  • filter (::String) (defaults to: nil) —

    Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.

  • order_by (::String) (defaults to: nil) —

    Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::CryptoKey>)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::CryptoKey>)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 517

def list_crypto_keys request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::ListCryptoKeysRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.list_crypto_keys.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.parent
    header_params["parent"] = request.parent
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.list_crypto_keys.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.list_crypto_keys.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :list_crypto_keys, request, options: options do |response, operation|
    response = ::Gapic::PagedEnumerable.new @key_management_service_stub, :list_crypto_keys, request, response, operation, options
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#list_import_jobs(request, options = nil) ⇒ ::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::ImportJob> #list_import_jobs(parent: nil, page_size: nil, page_token: nil, filter: nil, order_by: nil) ⇒ ::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::ImportJob>

Lists ImportJobs.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::ListImportJobsRequest.new

# Call the list_import_jobs method.
result = client.list_import_jobs request

# The returned object is of type Gapic::PagedEnumerable. You can iterate
# over elements, and API calls will be issued to fetch pages as needed.
result.each do |item|
  # Each element is of type ::Google::Cloud::Kms::V1::ImportJob.
  p item
end

Overloads:

• #list_import_jobs(request, options = nil) ⇒ ::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::ImportJob>

  Pass arguments to list_import_jobs via a request object, either of type ListImportJobsRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::ListImportJobsRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #list_import_jobs(parent: nil, page_size: nil, page_token: nil, filter: nil, order_by: nil) ⇒ ::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::ImportJob>

  Pass arguments to list_import_jobs via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • parent (::String) (defaults to: nil) —

    Required. The resource name of the KeyRing to list, in the format projects/*/locations/*/keyRings/*.

  • page_size (::Integer) (defaults to: nil) —

    Optional. Optional limit on the number of ImportJobs to include in the response. Further ImportJobs can subsequently be obtained by including the ListImportJobsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.

  • page_token (::String) (defaults to: nil) —

    Optional. Optional pagination token, returned earlier via ListImportJobsResponse.next_page_token.

  • filter (::String) (defaults to: nil) —

    Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.

  • order_by (::String) (defaults to: nil) —

    Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::ImportJob>)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::ImportJob>)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 746

def list_import_jobs request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::ListImportJobsRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.list_import_jobs.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.parent
    header_params["parent"] = request.parent
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.list_import_jobs.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.list_import_jobs.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :list_import_jobs, request, options: options do |response, operation|
    response = ::Gapic::PagedEnumerable.new @key_management_service_stub, :list_import_jobs, request, response, operation, options
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#list_key_rings(request, options = nil) ⇒ ::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::KeyRing> #list_key_rings(parent: nil, page_size: nil, page_token: nil, filter: nil, order_by: nil) ⇒ ::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::KeyRing>

Lists KeyRings.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::ListKeyRingsRequest.new

# Call the list_key_rings method.
result = client.list_key_rings request

# The returned object is of type Gapic::PagedEnumerable. You can iterate
# over elements, and API calls will be issued to fetch pages as needed.
result.each do |item|
  # Each element is of type ::Google::Cloud::Kms::V1::KeyRing.
  p item
end

Overloads:

• #list_key_rings(request, options = nil) ⇒ ::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::KeyRing>

  Pass arguments to list_key_rings via a request object, either of type ListKeyRingsRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::ListKeyRingsRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #list_key_rings(parent: nil, page_size: nil, page_token: nil, filter: nil, order_by: nil) ⇒ ::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::KeyRing>

  Pass arguments to list_key_rings via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • parent (::String) (defaults to: nil) —

    Required. The resource name of the location associated with the KeyRings, in the format projects/*/locations/*.

  • page_size (::Integer) (defaults to: nil) —

    Optional. Optional limit on the number of KeyRings to include in the response. Further KeyRings can subsequently be obtained by including the ListKeyRingsResponse.next_page_token in a subsequent request. If unspecified, the server will pick an appropriate default.

  • page_token (::String) (defaults to: nil) —

    Optional. Optional pagination token, returned earlier via ListKeyRingsResponse.next_page_token.

  • filter (::String) (defaults to: nil) —

    Optional. Only include resources that match the filter in the response. For more information, see Sorting and filtering list results.

  • order_by (::String) (defaults to: nil) —

    Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order. For more information, see Sorting and filtering list results.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::KeyRing>)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::KeyRing>)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 402

def list_key_rings request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::ListKeyRingsRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.list_key_rings.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.parent
    header_params["parent"] = request.parent
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.list_key_rings.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.list_key_rings.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :list_key_rings, request, options: options do |response, operation|
    response = ::Gapic::PagedEnumerable.new @key_management_service_stub, :list_key_rings, request, response, operation, options
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#mac_sign(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::MacSignResponse #mac_sign(name: nil, data: nil, data_crc32c: nil) ⇒ ::Google::Cloud::Kms::V1::MacSignResponse

Signs data using a CryptoKeyVersion with CryptoKey.purpose MAC, producing a tag that can be verified by another source with the same key.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::MacSignRequest.new

# Call the mac_sign method.
result = client.mac_sign request

# The returned object is of type Google::Cloud::Kms::V1::MacSignResponse.
p result

Overloads:

• #mac_sign(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::MacSignResponse

  Pass arguments to mac_sign via a request object, either of type MacSignRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::MacSignRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #mac_sign(name: nil, data: nil, data_crc32c: nil) ⇒ ::Google::Cloud::Kms::V1::MacSignResponse

  Pass arguments to mac_sign via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • name (::String) (defaults to: nil) —

    Required. The resource name of the CryptoKeyVersion to use for signing.

  • data (::String) (defaults to: nil) —

    Required. The data to sign. The MAC tag is computed over this data field based on the specific algorithm.

  • data_crc32c (::Google::Protobuf::Int64Value, ::Hash) (defaults to: nil) —

    Optional. An optional CRC32C checksum of the MacSignRequest.data. If specified, KeyManagementService will verify the integrity of the received MacSignRequest.data using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(MacSignRequest.data) is equal to MacSignRequest.data_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Cloud::Kms::V1::MacSignResponse)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Cloud::Kms::V1::MacSignResponse)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 3242

def mac_sign request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::MacSignRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.mac_sign.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.name
    header_params["name"] = request.name
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.mac_sign.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.mac_sign.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :mac_sign, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#mac_verify(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::MacVerifyResponse #mac_verify(name: nil, data: nil, data_crc32c: nil, mac: nil, mac_crc32c: nil) ⇒ ::Google::Cloud::Kms::V1::MacVerifyResponse

Verifies MAC tag using a CryptoKeyVersion with CryptoKey.purpose MAC, and returns a response that indicates whether or not the verification was successful.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::MacVerifyRequest.new

# Call the mac_verify method.
result = client.mac_verify request

# The returned object is of type Google::Cloud::Kms::V1::MacVerifyResponse.
p result

Overloads:

• #mac_verify(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::MacVerifyResponse

  Pass arguments to mac_verify via a request object, either of type MacVerifyRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::MacVerifyRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #mac_verify(name: nil, data: nil, data_crc32c: nil, mac: nil, mac_crc32c: nil) ⇒ ::Google::Cloud::Kms::V1::MacVerifyResponse

  Pass arguments to mac_verify via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • name (::String) (defaults to: nil) —

    Required. The resource name of the CryptoKeyVersion to use for verification.

  • data (::String) (defaults to: nil) —

    Required. The data used previously as a MacSignRequest.data to generate the MAC tag.

  • data_crc32c (::Google::Protobuf::Int64Value, ::Hash) (defaults to: nil) —

    Optional. An optional CRC32C checksum of the MacVerifyRequest.data. If specified, KeyManagementService will verify the integrity of the received MacVerifyRequest.data using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(MacVerifyRequest.data) is equal to MacVerifyRequest.data_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

  • mac (::String) (defaults to: nil) —

    Required. The signature to verify.

  • mac_crc32c (::Google::Protobuf::Int64Value, ::Hash) (defaults to: nil) —

    Optional. An optional CRC32C checksum of the MacVerifyRequest.mac. If specified, KeyManagementService will verify the integrity of the received MacVerifyRequest.mac using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C([MacVerifyRequest.tag][]) is equal to MacVerifyRequest.mac_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Cloud::Kms::V1::MacVerifyResponse)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Cloud::Kms::V1::MacVerifyResponse)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 3375

def mac_verify request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::MacVerifyRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.mac_verify.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.name
    header_params["name"] = request.name
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.mac_verify.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.mac_verify.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :mac_verify, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#raw_decrypt(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::RawDecryptResponse #raw_decrypt(name: nil, ciphertext: nil, additional_authenticated_data: nil, initialization_vector: nil, tag_length: nil, ciphertext_crc32c: nil, additional_authenticated_data_crc32c: nil, initialization_vector_crc32c: nil) ⇒ ::Google::Cloud::Kms::V1::RawDecryptResponse

Decrypts data that was originally encrypted using a raw cryptographic mechanism. The CryptoKey.purpose must be RAW_ENCRYPT_DECRYPT.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::RawDecryptRequest.new

# Call the raw_decrypt method.
result = client.raw_decrypt request

# The returned object is of type Google::Cloud::Kms::V1::RawDecryptResponse.
p result

Overloads:

• #raw_decrypt(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::RawDecryptResponse

  Pass arguments to raw_decrypt via a request object, either of type RawDecryptRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::RawDecryptRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #raw_decrypt(name: nil, ciphertext: nil, additional_authenticated_data: nil, initialization_vector: nil, tag_length: nil, ciphertext_crc32c: nil, additional_authenticated_data_crc32c: nil, initialization_vector_crc32c: nil) ⇒ ::Google::Cloud::Kms::V1::RawDecryptResponse

  Pass arguments to raw_decrypt via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • name (::String) (defaults to: nil) —

    Required. The resource name of the CryptoKeyVersion to use for decryption.

  • ciphertext (::String) (defaults to: nil) —

    Required. The encrypted data originally returned in RawEncryptResponse.ciphertext.

  • additional_authenticated_data (::String) (defaults to: nil) —

    Optional. Optional data that must match the data originally supplied in RawEncryptRequest.additional_authenticated_data.

  • initialization_vector (::String) (defaults to: nil) —

    Required. The initialization vector (IV) used during encryption, which must match the data originally provided in RawEncryptResponse.initialization_vector.

  • tag_length (::Integer) (defaults to: nil) —

    The length of the authentication tag that is appended to the end of the ciphertext. If unspecified (0), the default value for the key's algorithm will be used (for AES-GCM, the default value is 16).

  • ciphertext_crc32c (::Google::Protobuf::Int64Value, ::Hash) (defaults to: nil) —

    Optional. An optional CRC32C checksum of the RawDecryptRequest.ciphertext. If specified, KeyManagementService will verify the integrity of the received ciphertext using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(ciphertext) is equal to ciphertext_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

  • additional_authenticated_data_crc32c (::Google::Protobuf::Int64Value, ::Hash) (defaults to: nil) —

    Optional. An optional CRC32C checksum of the RawDecryptRequest.additional_authenticated_data. If specified, KeyManagementService will verify the integrity of the received additional_authenticated_data using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(additional_authenticated_data) is equal to additional_authenticated_data_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

  • initialization_vector_crc32c (::Google::Protobuf::Int64Value, ::Hash) (defaults to: nil) —

    Optional. An optional CRC32C checksum of the RawDecryptRequest.initialization_vector. If specified, KeyManagementService will verify the integrity of the received initialization_vector using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(initialization_vector) is equal to initialization_vector_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Cloud::Kms::V1::RawDecryptResponse)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Cloud::Kms::V1::RawDecryptResponse)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 2870

def raw_decrypt request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::RawDecryptRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.raw_decrypt.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.name
    header_params["name"] = request.name
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.raw_decrypt.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.raw_decrypt.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :raw_decrypt, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#raw_encrypt(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::RawEncryptResponse #raw_encrypt(name: nil, plaintext: nil, additional_authenticated_data: nil, plaintext_crc32c: nil, additional_authenticated_data_crc32c: nil, initialization_vector: nil, initialization_vector_crc32c: nil) ⇒ ::Google::Cloud::Kms::V1::RawEncryptResponse

Encrypts data using portable cryptographic primitives. Most users should choose Encrypt and Decrypt rather than their raw counterparts. The CryptoKey.purpose must be RAW_ENCRYPT_DECRYPT.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::RawEncryptRequest.new

# Call the raw_encrypt method.
result = client.raw_encrypt request

# The returned object is of type Google::Cloud::Kms::V1::RawEncryptResponse.
p result

Overloads:

• #raw_encrypt(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::RawEncryptResponse

  Pass arguments to raw_encrypt via a request object, either of type RawEncryptRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::RawEncryptRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #raw_encrypt(name: nil, plaintext: nil, additional_authenticated_data: nil, plaintext_crc32c: nil, additional_authenticated_data_crc32c: nil, initialization_vector: nil, initialization_vector_crc32c: nil) ⇒ ::Google::Cloud::Kms::V1::RawEncryptResponse

  Pass arguments to raw_encrypt via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • name (::String) (defaults to: nil) —

    Required. The resource name of the CryptoKeyVersion to use for encryption.

  • plaintext (::String) (defaults to: nil) —

    Required. The data to encrypt. Must be no larger than 64KiB.

    The maximum size depends on the key version's protection_level. For SOFTWARE keys, the plaintext must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.

  • additional_authenticated_data (::String) (defaults to: nil) —

    Optional. Optional data that, if specified, must also be provided during decryption through RawDecryptRequest.additional_authenticated_data.

    This field may only be used in conjunction with an algorithm that accepts additional authenticated data (for example, AES-GCM).

    The maximum size depends on the key version's protection_level. For SOFTWARE keys, the plaintext must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.

  • plaintext_crc32c (::Google::Protobuf::Int64Value, ::Hash) (defaults to: nil) —

    Optional. An optional CRC32C checksum of the RawEncryptRequest.plaintext. If specified, KeyManagementService will verify the integrity of the received plaintext using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(plaintext) is equal to plaintext_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

  • additional_authenticated_data_crc32c (::Google::Protobuf::Int64Value, ::Hash) (defaults to: nil) —

    Optional. An optional CRC32C checksum of the RawEncryptRequest.additional_authenticated_data. If specified, KeyManagementService will verify the integrity of the received additional_authenticated_data using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(additional_authenticated_data) is equal to additional_authenticated_data_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

  • initialization_vector (::String) (defaults to: nil) —

    Optional. A customer-supplied initialization vector that will be used for encryption. If it is not provided for AES-CBC and AES-CTR, one will be generated. It will be returned in RawEncryptResponse.initialization_vector.

  • initialization_vector_crc32c (::Google::Protobuf::Int64Value, ::Hash) (defaults to: nil) —

    Optional. An optional CRC32C checksum of the RawEncryptRequest.initialization_vector. If specified, KeyManagementService will verify the integrity of the received initialization_vector using this checksum. KeyManagementService will report an error if the checksum verification fails. If you receive a checksum error, your client should verify that CRC32C(initialization_vector) is equal to initialization_vector_crc32c, and if so, perform a limited number of retries. A persistent mismatch may indicate an issue in your computation of the CRC32C checksum. Note: This field is defined as int64 for reasons of compatibility across different languages. However, it is a non-negative integer, which will never exceed 2^32-1, and can be safely downconverted to uint32 in languages that support this type.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Cloud::Kms::V1::RawEncryptResponse)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Cloud::Kms::V1::RawEncryptResponse)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 2716

def raw_encrypt request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::RawEncryptRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.raw_encrypt.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.name
    header_params["name"] = request.name
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.raw_encrypt.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.raw_encrypt.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :raw_encrypt, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#restore_crypto_key_version(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion #restore_crypto_key_version(name: nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion

Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state.

Upon restoration of the CryptoKeyVersion, state will be set to DISABLED, and destroy_time will be cleared.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest.new

# Call the restore_crypto_key_version method.
result = client.restore_crypto_key_version request

# The returned object is of type Google::Cloud::Kms::V1::CryptoKeyVersion.
p result

Overloads:

• #restore_crypto_key_version(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion

  Pass arguments to restore_crypto_key_version via a request object, either of type RestoreCryptoKeyVersionRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #restore_crypto_key_version(name: nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion

  Pass arguments to restore_crypto_key_version via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • name (::String) (defaults to: nil) —

    Required. The resource name of the CryptoKeyVersion to restore.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Cloud::Kms::V1::CryptoKeyVersion)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Cloud::Kms::V1::CryptoKeyVersion)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 2244

def restore_crypto_key_version request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.restore_crypto_key_version.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.name
    header_params["name"] = request.name
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.restore_crypto_key_version.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.restore_crypto_key_version.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :restore_crypto_key_version, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#universe_domain ⇒ String

The effective universe domain

Returns:

• (String)

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 241

def universe_domain
  @key_management_service_stub.universe_domain
end

#update_crypto_key(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKey #update_crypto_key(crypto_key: nil, update_mask: nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKey

Update a CryptoKey.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::UpdateCryptoKeyRequest.new

# Call the update_crypto_key method.
result = client.update_crypto_key request

# The returned object is of type Google::Cloud::Kms::V1::CryptoKey.
p result

Overloads:

• #update_crypto_key(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKey

  Pass arguments to update_crypto_key via a request object, either of type UpdateCryptoKeyRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::UpdateCryptoKeyRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #update_crypto_key(crypto_key: nil, update_mask: nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKey

  Pass arguments to update_crypto_key via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • crypto_key (::Google::Cloud::Kms::V1::CryptoKey, ::Hash) (defaults to: nil) —

    Required. CryptoKey with updated values.

  • update_mask (::Google::Protobuf::FieldMask, ::Hash) (defaults to: nil) —

    Required. List of fields to be updated in this request.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Cloud::Kms::V1::CryptoKey)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Cloud::Kms::V1::CryptoKey)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 1847

def update_crypto_key request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::UpdateCryptoKeyRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.update_crypto_key.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.crypto_key&.name
    header_params["crypto_key.name"] = request.crypto_key.name
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.update_crypto_key.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.update_crypto_key.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :update_crypto_key, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#update_crypto_key_primary_version(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKey #update_crypto_key_primary_version(name: nil, crypto_key_version_id: nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKey

Update the version of a CryptoKey that will be used in Encrypt.

Returns an error if called on a key whose purpose is not ENCRYPT_DECRYPT.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest.new

# Call the update_crypto_key_primary_version method.
result = client.update_crypto_key_primary_version request

# The returned object is of type Google::Cloud::Kms::V1::CryptoKey.
p result

Overloads:

• #update_crypto_key_primary_version(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKey

  Pass arguments to update_crypto_key_primary_version via a request object, either of type UpdateCryptoKeyPrimaryVersionRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #update_crypto_key_primary_version(name: nil, crypto_key_version_id: nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKey

  Pass arguments to update_crypto_key_primary_version via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • name (::String) (defaults to: nil) —

    Required. The resource name of the CryptoKey to update.

  • crypto_key_version_id (::String) (defaults to: nil) —

    Required. The id of the child CryptoKeyVersion to use as primary.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Cloud::Kms::V1::CryptoKey)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Cloud::Kms::V1::CryptoKey)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 2042

def update_crypto_key_primary_version request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.update_crypto_key_primary_version.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.name
    header_params["name"] = request.name
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.update_crypto_key_primary_version.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.update_crypto_key_primary_version.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :update_crypto_key_primary_version, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end

#update_crypto_key_version(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion #update_crypto_key_version(crypto_key_version: nil, update_mask: nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion

Update a CryptoKeyVersion's metadata.

state may be changed between ENABLED and DISABLED using this method. See DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to move between other states.

Examples:

Basic example

require "google/cloud/kms/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::Kms::V1::UpdateCryptoKeyVersionRequest.new

# Call the update_crypto_key_version method.
result = client.update_crypto_key_version request

# The returned object is of type Google::Cloud::Kms::V1::CryptoKeyVersion.
p result

Overloads:

• #update_crypto_key_version(request, options = nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion

  Pass arguments to update_crypto_key_version via a request object, either of type UpdateCryptoKeyVersionRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::Kms::V1::UpdateCryptoKeyVersionRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

• #update_crypto_key_version(crypto_key_version: nil, update_mask: nil) ⇒ ::Google::Cloud::Kms::V1::CryptoKeyVersion

  Pass arguments to update_crypto_key_version via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • crypto_key_version (::Google::Cloud::Kms::V1::CryptoKeyVersion, ::Hash) (defaults to: nil) —

    Required. CryptoKeyVersion with updated values.

  • update_mask (::Google::Protobuf::FieldMask, ::Hash) (defaults to: nil) —

    Required. List of fields to be updated in this request.

Yields:

• (response, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• response (::Google::Cloud::Kms::V1::CryptoKeyVersion)
• operation (::GRPC::ActiveCall::Operation)

Returns:

• (::Google::Cloud::Kms::V1::CryptoKeyVersion)

Raises:

• (::Google::Cloud::Error) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service/client.rb', line 1947

def update_crypto_key_version request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::UpdateCryptoKeyVersionRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.update_crypto_key_version.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {}
  if request.crypto_key_version&.name
    header_params["crypto_key_version.name"] = request.crypto_key_version.name
  end

  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.update_crypto_key_version.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.update_crypto_key_version.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :update_crypto_key_version, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end