Class: Google::Cloud::Kms::V1::KeyManagementServiceClient

Inherits:

Object

• Object
• Google::Cloud::Kms::V1::KeyManagementServiceClient

Defined in:

lib/google/cloud/kms/v1/key_management_service_client.rb

Overview

Google Cloud Key Management Service

Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:

• KeyRing
• CryptoKey
• CryptoKeyVersion

If you are using manual gRPC libraries, see Using gRPC with Cloud KMS.

Constant Summary

SERVICE_ADDRESS =

The default address of the service.

"cloudkms.googleapis.com".freeze

DEFAULT_SERVICE_PORT =

The default port of the service.

443

GRPC_INTERCEPTORS =

The default set of gRPC interceptors.

[]

DEFAULT_TIMEOUT =

30

ALL_SCOPES =

The scopes needed to make gRPC calls to all of the methods defined in this service.

[
  "https://www.googleapis.com/auth/cloud-platform"
].freeze

Class Method Summary

• .crypto_key_path(project, location, key_ring, crypto_key) ⇒ String

  Returns a fully-qualified crypto_key resource name string.

• .crypto_key_path_path(project, location, key_ring, crypto_key_path) ⇒ String

  Returns a fully-qualified crypto_key_path resource name string.

• .crypto_key_version_path(project, location, key_ring, crypto_key, crypto_key_version) ⇒ String

  Returns a fully-qualified crypto_key_version resource name string.

• .key_ring_path(project, location, key_ring) ⇒ String

  Returns a fully-qualified key_ring resource name string.

• .location_path(project, location) ⇒ String

  Returns a fully-qualified location resource name string.

Instance Method Summary

• #asymmetric_decrypt(name, ciphertext, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::AsymmetricDecryptResponse

  Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey#purpose ASYMMETRIC_DECRYPT.

• #asymmetric_sign(name, digest, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::AsymmetricSignResponse

  Signs data using a CryptoKeyVersion with CryptoKey#purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.

• #create_crypto_key(parent, crypto_key_id, crypto_key, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::CryptoKey

  Create a new CryptoKey within a KeyRing.

• #create_crypto_key_version(parent, crypto_key_version, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::CryptoKeyVersion

  Create a new CryptoKeyVersion in a CryptoKey.

• #create_key_ring(parent, key_ring_id, key_ring, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::KeyRing

  Create a new KeyRing in a given Project and Location.

• #decrypt(name, ciphertext, additional_authenticated_data: nil, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::DecryptResponse

  Decrypts data that was protected by Encrypt.

• #destroy_crypto_key_version(name, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::CryptoKeyVersion

  Schedule a CryptoKeyVersion for destruction.

• #encrypt(name, plaintext, additional_authenticated_data: nil, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::EncryptResponse

  Encrypts data, so that it can only be recovered by a call to Decrypt.

• #get_crypto_key(name, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::CryptoKey

  Returns metadata for a given CryptoKey, as well as its primary CryptoKeyVersion.

• #get_crypto_key_version(name, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::CryptoKeyVersion

  Returns metadata for a given CryptoKeyVersion.

• #get_iam_policy(resource, options: nil) {|result, operation| ... } ⇒ Google::Iam::V1::Policy

  Gets the access control policy for a resource.

• #get_key_ring(name, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::KeyRing

  Returns metadata for a given KeyRing.

• #get_public_key(name, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::PublicKey

  Returns the public key for the given CryptoKeyVersion.

• #initialize(credentials: nil, scopes: ALL_SCOPES, client_config: {}, timeout: DEFAULT_TIMEOUT, metadata: nil, exception_transformer: nil, lib_name: nil, lib_version: "") ⇒ KeyManagementServiceClient constructor

  A new instance of KeyManagementServiceClient.

• #list_crypto_key_versions(parent, page_size: nil, view: nil, options: nil) {|result, operation| ... } ⇒ Google::Gax::PagedEnumerable<Google::Cloud::Kms::V1::CryptoKeyVersion>

  Lists CryptoKeyVersions.

• #list_crypto_keys(parent, page_size: nil, version_view: nil, options: nil) {|result, operation| ... } ⇒ Google::Gax::PagedEnumerable<Google::Cloud::Kms::V1::CryptoKey>

  Lists CryptoKeys.

• #list_key_rings(parent, page_size: nil, options: nil) {|result, operation| ... } ⇒ Google::Gax::PagedEnumerable<Google::Cloud::Kms::V1::KeyRing>

  Lists KeyRings.

• #restore_crypto_key_version(name, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::CryptoKeyVersion

  Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state.

• #set_iam_policy(resource, policy, options: nil) {|result, operation| ... } ⇒ Google::Iam::V1::Policy

  Sets the access control policy on the specified resource.

• #test_iam_permissions(resource, permissions, options: nil) {|result, operation| ... } ⇒ Google::Iam::V1::TestIamPermissionsResponse

  Returns permissions that a caller has on the specified resource.

• #update_crypto_key(crypto_key, update_mask, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::CryptoKey

  Update a CryptoKey.

• #update_crypto_key_primary_version(name, crypto_key_version_id, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::CryptoKey

  Update the version of a CryptoKey that will be used in Encrypt.

• #update_crypto_key_version(crypto_key_version, update_mask, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::CryptoKeyVersion

  Update a CryptoKeyVersion's metadata.

Constructor Details

#initialize(credentials: nil, scopes: ALL_SCOPES, client_config: {}, timeout: DEFAULT_TIMEOUT, metadata: nil, exception_transformer: nil, lib_name: nil, lib_version: "") ⇒ KeyManagementServiceClient

Returns a new instance of KeyManagementServiceClient.

Parameters:

• credentials (Google::Auth::Credentials, String, Hash, GRPC::Core::Channel, GRPC::Core::ChannelCredentials, Proc) (defaults to: nil) —

  Provides the means for authenticating requests made by the client. This parameter can be many types. A Google::Auth::Credentials uses a the properties of its represented keyfile for authenticating requests made by this client. A String will be treated as the path to the keyfile to be used for the construction of credentials for this client. A Hash will be treated as the contents of a keyfile to be used for the construction of credentials for this client. A GRPC::Core::Channel will be used to make calls through. A GRPC::Core::ChannelCredentials for the setting up the RPC client. The channel credentials should already be composed with a GRPC::Core::CallCredentials object. A Proc will be used as an updater_proc for the Grpc channel. The proc transforms the metadata for requests, generally, to give OAuth credentials.

• scopes (Array<String>) (defaults to: ALL_SCOPES) —

  The OAuth scopes for this service. This parameter is ignored if an updater_proc is supplied.

• client_config (Hash) (defaults to: {}) —

  A Hash for call options for each method. See Google::Gax#construct_settings for the structure of this data. Falls back to the default config if not specified or the specified config is missing data points.

• timeout (Numeric) (defaults to: DEFAULT_TIMEOUT) —

  The default timeout, in seconds, for calls made through this client.

• metadata (Hash) (defaults to: nil) —

  Default metadata to be sent with each request. This can be overridden on a per call basis.

• exception_transformer (Proc) (defaults to: nil) —

  An optional proc that intercepts any exceptions raised during an API call to inject custom error handling.

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 221

def initialize \
    credentials: nil,
    scopes: ALL_SCOPES,
    client_config: {},
    timeout: DEFAULT_TIMEOUT,
    metadata: nil,
    exception_transformer: nil,
    lib_name: nil,
    lib_version: ""
  # These require statements are intentionally placed here to initialize
  # the gRPC module only when it's required.
  # See https://github.com/googleapis/toolkit/issues/446
  require "google/gax/grpc"
  require "google/cloud/kms/v1/service_services_pb"
  require "google/iam/v1/iam_policy_services_pb"

  credentials ||= Google::Cloud::Kms::V1::Credentials.default

  if credentials.is_a?(String) || credentials.is_a?(Hash)
    updater_proc = Google::Cloud::Kms::V1::Credentials.new(credentials).updater_proc
  end
  if credentials.is_a?(GRPC::Core::Channel)
    channel = credentials
  end
  if credentials.is_a?(GRPC::Core::ChannelCredentials)
    chan_creds = credentials
  end
  if credentials.is_a?(Proc)
    updater_proc = credentials
  end
  if credentials.is_a?(Google::Auth::Credentials)
    updater_proc = credentials.updater_proc
  end

  package_version = Gem.loaded_specs['google-cloud-kms'].version.version

  google_api_client = "gl-ruby/#{RUBY_VERSION}"
  google_api_client << " #{lib_name}/#{lib_version}" if lib_name
  google_api_client << " gapic/#{package_version} gax/#{Google::Gax::VERSION}"
  google_api_client << " grpc/#{GRPC::VERSION}"
  google_api_client.freeze

  headers = { :"x-goog-api-client" => google_api_client }
  headers.merge!(metadata) unless metadata.nil?
  client_config_file = Pathname.new(__dir__).join(
    "key_management_service_client_config.json"
  )
  defaults = client_config_file.open do |f|
    Google::Gax.construct_settings(
      "google.cloud.kms.v1.KeyManagementService",
      JSON.parse(f.read),
      client_config,
      Google::Gax::Grpc::STATUS_CODE_NAMES,
      timeout,
      page_descriptors: PAGE_DESCRIPTORS,
      errors: Google::Gax::Grpc::API_ERRORS,
      metadata: headers
    )
  end

  # Allow overriding the service path/port in subclasses.
  service_path = self.class::SERVICE_ADDRESS
  port = self.class::DEFAULT_SERVICE_PORT
  interceptors = self.class::GRPC_INTERCEPTORS
  @key_management_service_stub = Google::Gax::Grpc.create_stub(
    service_path,
    port,
    chan_creds: chan_creds,
    channel: channel,
    updater_proc: updater_proc,
    scopes: scopes,
    interceptors: interceptors,
    &Google::Cloud::Kms::V1::KeyManagementService::Stub.method(:new)
  )
  @iam_policy_stub = Google::Gax::Grpc.create_stub(
    service_path,
    port,
    chan_creds: chan_creds,
    channel: channel,
    updater_proc: updater_proc,
    scopes: scopes,
    interceptors: interceptors,
    &Google::Iam::V1::IAMPolicy::Stub.method(:new)
  )

  @list_key_rings = Google::Gax.create_api_call(
    @key_management_service_stub.method(:list_key_rings),
    defaults["list_key_rings"],
    exception_transformer: exception_transformer,
    params_extractor: proc do |request|
      {'parent' => request.parent}
    end
  )
  @list_crypto_keys = Google::Gax.create_api_call(
    @key_management_service_stub.method(:list_crypto_keys),
    defaults["list_crypto_keys"],
    exception_transformer: exception_transformer,
    params_extractor: proc do |request|
      {'parent' => request.parent}
    end
  )
  @list_crypto_key_versions = Google::Gax.create_api_call(
    @key_management_service_stub.method(:list_crypto_key_versions),
    defaults["list_crypto_key_versions"],
    exception_transformer: exception_transformer,
    params_extractor: proc do |request|
      {'parent' => request.parent}
    end
  )
  @get_key_ring = Google::Gax.create_api_call(
    @key_management_service_stub.method(:get_key_ring),
    defaults["get_key_ring"],
    exception_transformer: exception_transformer,
    params_extractor: proc do |request|
      {'name' => request.name}
    end
  )
  @get_crypto_key = Google::Gax.create_api_call(
    @key_management_service_stub.method(:get_crypto_key),
    defaults["get_crypto_key"],
    exception_transformer: exception_transformer,
    params_extractor: proc do |request|
      {'name' => request.name}
    end
  )
  @get_crypto_key_version = Google::Gax.create_api_call(
    @key_management_service_stub.method(:get_crypto_key_version),
    defaults["get_crypto_key_version"],
    exception_transformer: exception_transformer,
    params_extractor: proc do |request|
      {'name' => request.name}
    end
  )
  @create_key_ring = Google::Gax.create_api_call(
    @key_management_service_stub.method(:create_key_ring),
    defaults["create_key_ring"],
    exception_transformer: exception_transformer,
    params_extractor: proc do |request|
      {'parent' => request.parent}
    end
  )
  @create_crypto_key = Google::Gax.create_api_call(
    @key_management_service_stub.method(:create_crypto_key),
    defaults["create_crypto_key"],
    exception_transformer: exception_transformer,
    params_extractor: proc do |request|
      {'parent' => request.parent}
    end
  )
  @create_crypto_key_version = Google::Gax.create_api_call(
    @key_management_service_stub.method(:create_crypto_key_version),
    defaults["create_crypto_key_version"],
    exception_transformer: exception_transformer,
    params_extractor: proc do |request|
      {'parent' => request.parent}
    end
  )
  @update_crypto_key = Google::Gax.create_api_call(
    @key_management_service_stub.method(:update_crypto_key),
    defaults["update_crypto_key"],
    exception_transformer: exception_transformer,
    params_extractor: proc do |request|
      {'crypto_key.name' => request.crypto_key.name}
    end
  )
  @update_crypto_key_version = Google::Gax.create_api_call(
    @key_management_service_stub.method(:update_crypto_key_version),
    defaults["update_crypto_key_version"],
    exception_transformer: exception_transformer,
    params_extractor: proc do |request|
      {'crypto_key_version.name' => request.crypto_key_version.name}
    end
  )
  @encrypt = Google::Gax.create_api_call(
    @key_management_service_stub.method(:encrypt),
    defaults["encrypt"],
    exception_transformer: exception_transformer,
    params_extractor: proc do |request|
      {'name' => request.name}
    end
  )
  @decrypt = Google::Gax.create_api_call(
    @key_management_service_stub.method(:decrypt),
    defaults["decrypt"],
    exception_transformer: exception_transformer,
    params_extractor: proc do |request|
      {'name' => request.name}
    end
  )
  @update_crypto_key_primary_version = Google::Gax.create_api_call(
    @key_management_service_stub.method(:update_crypto_key_primary_version),
    defaults["update_crypto_key_primary_version"],
    exception_transformer: exception_transformer,
    params_extractor: proc do |request|
      {'name' => request.name}
    end
  )
  @destroy_crypto_key_version = Google::Gax.create_api_call(
    @key_management_service_stub.method(:destroy_crypto_key_version),
    defaults["destroy_crypto_key_version"],
    exception_transformer: exception_transformer,
    params_extractor: proc do |request|
      {'name' => request.name}
    end
  )
  @restore_crypto_key_version = Google::Gax.create_api_call(
    @key_management_service_stub.method(:restore_crypto_key_version),
    defaults["restore_crypto_key_version"],
    exception_transformer: exception_transformer,
    params_extractor: proc do |request|
      {'name' => request.name}
    end
  )
  @get_public_key = Google::Gax.create_api_call(
    @key_management_service_stub.method(:get_public_key),
    defaults["get_public_key"],
    exception_transformer: exception_transformer,
    params_extractor: proc do |request|
      {'name' => request.name}
    end
  )
  @asymmetric_decrypt = Google::Gax.create_api_call(
    @key_management_service_stub.method(:asymmetric_decrypt),
    defaults["asymmetric_decrypt"],
    exception_transformer: exception_transformer,
    params_extractor: proc do |request|
      {'name' => request.name}
    end
  )
  @asymmetric_sign = Google::Gax.create_api_call(
    @key_management_service_stub.method(:asymmetric_sign),
    defaults["asymmetric_sign"],
    exception_transformer: exception_transformer,
    params_extractor: proc do |request|
      {'name' => request.name}
    end
  )
  @set_iam_policy = Google::Gax.create_api_call(
    @iam_policy_stub.method(:set_iam_policy),
    defaults["set_iam_policy"],
    exception_transformer: exception_transformer,
    params_extractor: proc do |request|
      {'resource' => request.resource}
    end
  )
  @get_iam_policy = Google::Gax.create_api_call(
    @iam_policy_stub.method(:get_iam_policy),
    defaults["get_iam_policy"],
    exception_transformer: exception_transformer,
    params_extractor: proc do |request|
      {'resource' => request.resource}
    end
  )
  @test_iam_permissions = Google::Gax.create_api_call(
    @iam_policy_stub.method(:test_iam_permissions),
    defaults["test_iam_permissions"],
    exception_transformer: exception_transformer,
    params_extractor: proc do |request|
      {'resource' => request.resource}
    end
  )
end

Class Method Details

.crypto_key_path(project, location, key_ring, crypto_key) ⇒ String

Returns a fully-qualified crypto_key resource name string.

Parameters:

• project (String)
• location (String)
• key_ring (String)
• crypto_key (String)

Returns:

• (String)

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 166

def self.crypto_key_path project, location, key_ring, crypto_key
  CRYPTO_KEY_PATH_TEMPLATE.render(
    :"project" => project,
    :"location" => location,
    :"key_ring" => key_ring,
    :"crypto_key" => crypto_key
  )
end

.crypto_key_path_path(project, location, key_ring, crypto_key_path) ⇒ String

Returns a fully-qualified crypto_key_path resource name string.

Parameters:

• project (String)
• location (String)
• key_ring (String)
• crypto_key_path (String)

Returns:

• (String)

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 140

def self.crypto_key_path_path project, location, key_ring, crypto_key_path
  CRYPTO_KEY_PATH_PATH_TEMPLATE.render(
    :"project" => project,
    :"location" => location,
    :"key_ring" => key_ring,
    :"crypto_key_path" => crypto_key_path
  )
end

.crypto_key_version_path(project, location, key_ring, crypto_key, crypto_key_version) ⇒ String

Returns a fully-qualified crypto_key_version resource name string.

Parameters:

• project (String)
• location (String)
• key_ring (String)
• crypto_key (String)
• crypto_key_version (String)

Returns:

• (String)

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 182

def self.crypto_key_version_path project, location, key_ring, crypto_key, crypto_key_version
  CRYPTO_KEY_VERSION_PATH_TEMPLATE.render(
    :"project" => project,
    :"location" => location,
    :"key_ring" => key_ring,
    :"crypto_key" => crypto_key,
    :"crypto_key_version" => crypto_key_version
  )
end

.key_ring_path(project, location, key_ring) ⇒ String

Returns a fully-qualified key_ring resource name string.

Parameters:

• project (String)
• location (String)
• key_ring (String)

Returns:

• (String)

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 126

def self.key_ring_path project, location, key_ring
  KEY_RING_PATH_TEMPLATE.render(
    :"project" => project,
    :"location" => location,
    :"key_ring" => key_ring
  )
end

.location_path(project, location) ⇒ String

Returns a fully-qualified location resource name string.

Parameters:

• project (String)
• location (String)

Returns:

• (String)

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 153

def self.location_path project, location
  LOCATION_PATH_TEMPLATE.render(
    :"project" => project,
    :"location" => location
  )
end

Instance Method Details

#asymmetric_decrypt(name, ciphertext, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::AsymmetricDecryptResponse

Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey#purpose ASYMMETRIC_DECRYPT.

Examples:

require "google/cloud/kms"

key_management_service_client = Google::Cloud::Kms.new(version: :v1)
formatted_name = Google::Cloud::Kms::V1::KeyManagementServiceClient.crypto_key_version_path("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]", "[CRYPTO_KEY_VERSION]")

# TODO: Initialize `ciphertext`:
ciphertext = ''
response = key_management_service_client.asymmetric_decrypt(formatted_name, ciphertext)

Parameters:

• name (String) —

  Required. The resource name of the CryptoKeyVersion to use for decryption.

• ciphertext (String) —

  Required. The data encrypted with the named CryptoKeyVersion's public key using OAEP.

• options (Google::Gax::CallOptions) (defaults to: nil) —

  Overrides the default settings for this call, e.g, timeout, retries, etc.

Yields:

• (result, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• result (Google::Cloud::Kms::V1::AsymmetricDecryptResponse)
• operation (GRPC::ActiveCall::Operation)

Returns:

• (Google::Cloud::Kms::V1::AsymmetricDecryptResponse)

Raises:

• (Google::Gax::GaxError) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 1276

def asymmetric_decrypt \
    name,
    ciphertext,
    options: nil,
    &block
  req = {
    name: name,
    ciphertext: ciphertext
  }.delete_if { |_, v| v.nil? }
  req = Google::Gax::to_proto(req, Google::Cloud::Kms::V1::AsymmetricDecryptRequest)
  @asymmetric_decrypt.call(req, options, &block)
end

#asymmetric_sign(name, digest, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::AsymmetricSignResponse

Signs data using a CryptoKeyVersion with CryptoKey#purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.

Examples:

require "google/cloud/kms"

key_management_service_client = Google::Cloud::Kms.new(version: :v1)
formatted_name = Google::Cloud::Kms::V1::KeyManagementServiceClient.crypto_key_version_path("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]", "[CRYPTO_KEY_VERSION]")

# TODO: Initialize `digest`:
digest = {}
response = key_management_service_client.asymmetric_sign(formatted_name, digest)

Parameters:

• name (String) —

  Required. The resource name of the CryptoKeyVersion to use for signing.

• digest (Google::Cloud::Kms::V1::Digest | Hash) —

  Required. The digest of the data to sign. The digest must be produced with the same digest algorithm as specified by the key version's algorithm. A hash of the same form as Google::Cloud::Kms::V1::Digest can also be provided.

• options (Google::Gax::CallOptions) (defaults to: nil) —

  Overrides the default settings for this call, e.g, timeout, retries, etc.

Yields:

• (result, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• result (Google::Cloud::Kms::V1::AsymmetricSignResponse)
• operation (GRPC::ActiveCall::Operation)

Returns:

• (Google::Cloud::Kms::V1::AsymmetricSignResponse)

Raises:

• (Google::Gax::GaxError) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 1319

def asymmetric_sign \
    name,
    digest,
    options: nil,
    &block
  req = {
    name: name,
    digest: digest
  }.delete_if { |_, v| v.nil? }
  req = Google::Gax::to_proto(req, Google::Cloud::Kms::V1::AsymmetricSignRequest)
  @asymmetric_sign.call(req, options, &block)
end

#create_crypto_key(parent, crypto_key_id, crypto_key, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::CryptoKey

Create a new CryptoKey within a KeyRing.

CryptoKey#purpose and CryptoKey#version_template#algorithm are required.

Examples:

require "google/cloud/kms"

key_management_service_client = Google::Cloud::Kms.new(version: :v1)
formatted_parent = Google::Cloud::Kms::V1::KeyManagementServiceClient.key_ring_path("[PROJECT]", "[LOCATION]", "[KEY_RING]")
crypto_key_id = "my-app-key"
purpose = :ENCRYPT_DECRYPT
seconds = 2147483647
next_rotation_time = { seconds: seconds }
seconds_2 = 604800
rotation_period = { seconds: seconds_2 }
crypto_key = {
  purpose: purpose,
  next_rotation_time: next_rotation_time,
  rotation_period: rotation_period
}
response = key_management_service_client.create_crypto_key(formatted_parent, crypto_key_id, crypto_key)

Parameters:

• parent (String) —

  Required. The name of the KeyRing associated with the CryptoKeys.

• crypto_key_id (String) —

  Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

• crypto_key (Google::Cloud::Kms::V1::CryptoKey | Hash) —

  A CryptoKey with initial field values. A hash of the same form as Google::Cloud::Kms::V1::CryptoKey can also be provided.

• options (Google::Gax::CallOptions) (defaults to: nil) —

  Overrides the default settings for this call, e.g, timeout, retries, etc.

Yields:

• (result, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• result (Google::Cloud::Kms::V1::CryptoKey)
• operation (GRPC::ActiveCall::Operation)

Returns:

• (Google::Cloud::Kms::V1::CryptoKey)

Raises:

• (Google::Gax::GaxError) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 840

def create_crypto_key \
    parent,
    crypto_key_id,
    crypto_key,
    options: nil,
    &block
  req = {
    parent: parent,
    crypto_key_id: crypto_key_id,
    crypto_key: crypto_key
  }.delete_if { |_, v| v.nil? }
  req = Google::Gax::to_proto(req, Google::Cloud::Kms::V1::CreateCryptoKeyRequest)
  @create_crypto_key.call(req, options, &block)
end

#create_crypto_key_version(parent, crypto_key_version, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::CryptoKeyVersion

Create a new CryptoKeyVersion in a CryptoKey.

The server will assign the next sequential id. If unset, state will be set to ENABLED.

Examples:

require "google/cloud/kms"

key_management_service_client = Google::Cloud::Kms.new(version: :v1)
formatted_parent = Google::Cloud::Kms::V1::KeyManagementServiceClient.crypto_key_path("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]")

# TODO: Initialize `crypto_key_version`:
crypto_key_version = {}
response = key_management_service_client.create_crypto_key_version(formatted_parent, crypto_key_version)

Parameters:

• parent (String) —

  Required. The name of the CryptoKey associated with the CryptoKeyVersions.

• crypto_key_version (Google::Cloud::Kms::V1::CryptoKeyVersion | Hash) —

  A CryptoKeyVersion with initial field values. A hash of the same form as Google::Cloud::Kms::V1::CryptoKeyVersion can also be provided.

• options (Google::Gax::CallOptions) (defaults to: nil) —

  Overrides the default settings for this call, e.g, timeout, retries, etc.

Yields:

• (result, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• result (Google::Cloud::Kms::V1::CryptoKeyVersion)
• operation (GRPC::ActiveCall::Operation)

Returns:

• (Google::Cloud::Kms::V1::CryptoKeyVersion)

Raises:

• (Google::Gax::GaxError) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 886

def create_crypto_key_version \
    parent,
    crypto_key_version,
    options: nil,
    &block
  req = {
    parent: parent,
    crypto_key_version: crypto_key_version
  }.delete_if { |_, v| v.nil? }
  req = Google::Gax::to_proto(req, Google::Cloud::Kms::V1::CreateCryptoKeyVersionRequest)
  @create_crypto_key_version.call(req, options, &block)
end

#create_key_ring(parent, key_ring_id, key_ring, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::KeyRing

Create a new KeyRing in a given Project and Location.

Examples:

require "google/cloud/kms"

key_management_service_client = Google::Cloud::Kms.new(version: :v1)
formatted_parent = Google::Cloud::Kms::V1::KeyManagementServiceClient.location_path("[PROJECT]", "[LOCATION]")

# TODO: Initialize `key_ring_id`:
key_ring_id = ''

# TODO: Initialize `key_ring`:
key_ring = {}
response = key_management_service_client.create_key_ring(formatted_parent, key_ring_id, key_ring)

Parameters:

• parent (String) —

  Required. The resource name of the location associated with the KeyRings, in the format projects/*/locations/*.

• key_ring_id (String) —

  Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}

• key_ring (Google::Cloud::Kms::V1::KeyRing | Hash) —

  A KeyRing with initial field values. A hash of the same form as Google::Cloud::Kms::V1::KeyRing can also be provided.

• options (Google::Gax::CallOptions) (defaults to: nil) —

  Overrides the default settings for this call, e.g, timeout, retries, etc.

Yields:

• (result, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• result (Google::Cloud::Kms::V1::KeyRing)
• operation (GRPC::ActiveCall::Operation)

Returns:

• (Google::Cloud::Kms::V1::KeyRing)

Raises:

• (Google::Gax::GaxError) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 783

def create_key_ring \
    parent,
    key_ring_id,
    key_ring,
    options: nil,
    &block
  req = {
    parent: parent,
    key_ring_id: key_ring_id,
    key_ring: key_ring
  }.delete_if { |_, v| v.nil? }
  req = Google::Gax::to_proto(req, Google::Cloud::Kms::V1::CreateKeyRingRequest)
  @create_key_ring.call(req, options, &block)
end

#decrypt(name, ciphertext, additional_authenticated_data: nil, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::DecryptResponse

Decrypts data that was protected by Encrypt. The CryptoKey#purpose must be ENCRYPT_DECRYPT.

Examples:

require "google/cloud/kms"

key_management_service_client = Google::Cloud::Kms.new(version: :v1)
formatted_name = Google::Cloud::Kms::V1::KeyManagementServiceClient.crypto_key_path("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]")

# TODO: Initialize `ciphertext`:
ciphertext = ''
response = key_management_service_client.decrypt(formatted_name, ciphertext)

Parameters:

• name (String) —

  Required. The resource name of the CryptoKey to use for decryption. The server will choose the appropriate version.

• ciphertext (String) —

  Required. The encrypted data originally returned in EncryptResponse#ciphertext.

• additional_authenticated_data (String) (defaults to: nil) —

  Optional data that must match the data originally supplied in EncryptRequest#additional_authenticated_data.

• options (Google::Gax::CallOptions) (defaults to: nil) —

  Overrides the default settings for this call, e.g, timeout, retries, etc.

Yields:

• (result, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• result (Google::Cloud::Kms::V1::DecryptResponse)
• operation (GRPC::ActiveCall::Operation)

Returns:

• (Google::Cloud::Kms::V1::DecryptResponse)

Raises:

• (Google::Gax::GaxError) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 1083

def decrypt \
    name,
    ciphertext,
    additional_authenticated_data: nil,
    options: nil,
    &block
  req = {
    name: name,
    ciphertext: ciphertext,
    additional_authenticated_data: additional_authenticated_data
  }.delete_if { |_, v| v.nil? }
  req = Google::Gax::to_proto(req, Google::Cloud::Kms::V1::DecryptRequest)
  @decrypt.call(req, options, &block)
end

#destroy_crypto_key_version(name, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::CryptoKeyVersion

Schedule a CryptoKeyVersion for destruction.

Upon calling this method, CryptoKeyVersion#state will be set to DESTROY_SCHEDULED and destroy_time will be set to a time 24 hours in the future, at which point the state will be changed to DESTROYED, and the key material will be irrevocably destroyed.

Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to reverse the process.

Examples:

require "google/cloud/kms"

key_management_service_client = Google::Cloud::Kms.new(version: :v1)
formatted_name = Google::Cloud::Kms::V1::KeyManagementServiceClient.crypto_key_version_path("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]", "[CRYPTO_KEY_VERSION]")
response = key_management_service_client.destroy_crypto_key_version(formatted_name)

Parameters:

• name (String) —

  The resource name of the CryptoKeyVersion to destroy.

• options (Google::Gax::CallOptions) (defaults to: nil) —

  Overrides the default settings for this call, e.g, timeout, retries, etc.

Yields:

• (result, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• result (Google::Cloud::Kms::V1::CryptoKeyVersion)
• operation (GRPC::ActiveCall::Operation)

Returns:

• (Google::Cloud::Kms::V1::CryptoKeyVersion)

Raises:

• (Google::Gax::GaxError) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 1167

def destroy_crypto_key_version \
    name,
    options: nil,
    &block
  req = {
    name: name
  }.delete_if { |_, v| v.nil? }
  req = Google::Gax::to_proto(req, Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest)
  @destroy_crypto_key_version.call(req, options, &block)
end

#encrypt(name, plaintext, additional_authenticated_data: nil, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::EncryptResponse

Encrypts data, so that it can only be recovered by a call to Decrypt. The CryptoKey#purpose must be ENCRYPT_DECRYPT.

Examples:

require "google/cloud/kms"

key_management_service_client = Google::Cloud::Kms.new(version: :v1)
formatted_name = Google::Cloud::Kms::V1::KeyManagementServiceClient.crypto_key_path_path("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY_PATH]")

# TODO: Initialize `plaintext`:
plaintext = ''
response = key_management_service_client.encrypt(formatted_name, plaintext)

Parameters:

• name (String) —

  Required. The resource name of the CryptoKey or CryptoKeyVersion to use for encryption.

  If a CryptoKey is specified, the server will use its primary version.

• plaintext (String) —

  Required. The data to encrypt. Must be no larger than 64KiB.

  The maximum size depends on the key version's protection_level. For SOFTWARE keys, the plaintext must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.

• additional_authenticated_data (String) (defaults to: nil) —

  Optional data that, if specified, must also be provided during decryption through DecryptRequest#additional_authenticated_data.

  The maximum size depends on the key version's protection_level. For SOFTWARE keys, the AAD must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.

• options (Google::Gax::CallOptions) (defaults to: nil) —

  Overrides the default settings for this call, e.g, timeout, retries, etc.

Yields:

• (result, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• result (Google::Cloud::Kms::V1::EncryptResponse)
• operation (GRPC::ActiveCall::Operation)

Returns:

• (Google::Cloud::Kms::V1::EncryptResponse)

Raises:

• (Google::Gax::GaxError) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 1038

def encrypt \
    name,
    plaintext,
    additional_authenticated_data: nil,
    options: nil,
    &block
  req = {
    name: name,
    plaintext: plaintext,
    additional_authenticated_data: additional_authenticated_data
  }.delete_if { |_, v| v.nil? }
  req = Google::Gax::to_proto(req, Google::Cloud::Kms::V1::EncryptRequest)
  @encrypt.call(req, options, &block)
end

#get_crypto_key(name, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::CryptoKey

Returns metadata for a given CryptoKey, as well as its primary CryptoKeyVersion.

Examples:

require "google/cloud/kms"

key_management_service_client = Google::Cloud::Kms.new(version: :v1)
formatted_name = Google::Cloud::Kms::V1::KeyManagementServiceClient.crypto_key_path("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]")
response = key_management_service_client.get_crypto_key(formatted_name)

Parameters:

• name (String) —

  The name of the CryptoKey to get.

• options (Google::Gax::CallOptions) (defaults to: nil) —

  Overrides the default settings for this call, e.g, timeout, retries, etc.

Yields:

• (result, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• result (Google::Cloud::Kms::V1::CryptoKey)
• operation (GRPC::ActiveCall::Operation)

Returns:

• (Google::Cloud::Kms::V1::CryptoKey)

Raises:

• (Google::Gax::GaxError) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 709

def get_crypto_key \
    name,
    options: nil,
    &block
  req = {
    name: name
  }.delete_if { |_, v| v.nil? }
  req = Google::Gax::to_proto(req, Google::Cloud::Kms::V1::GetCryptoKeyRequest)
  @get_crypto_key.call(req, options, &block)
end

#get_crypto_key_version(name, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::CryptoKeyVersion

Returns metadata for a given CryptoKeyVersion.

Examples:

require "google/cloud/kms"

key_management_service_client = Google::Cloud::Kms.new(version: :v1)
formatted_name = Google::Cloud::Kms::V1::KeyManagementServiceClient.crypto_key_version_path("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]", "[CRYPTO_KEY_VERSION]")
response = key_management_service_client.get_crypto_key_version(formatted_name)

Parameters:

• name (String) —

  The name of the CryptoKeyVersion to get.

• options (Google::Gax::CallOptions) (defaults to: nil) —

  Overrides the default settings for this call, e.g, timeout, retries, etc.

Yields:

• (result, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• result (Google::Cloud::Kms::V1::CryptoKeyVersion)
• operation (GRPC::ActiveCall::Operation)

Returns:

• (Google::Cloud::Kms::V1::CryptoKeyVersion)

Raises:

• (Google::Gax::GaxError) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 739

def get_crypto_key_version \
    name,
    options: nil,
    &block
  req = {
    name: name
  }.delete_if { |_, v| v.nil? }
  req = Google::Gax::to_proto(req, Google::Cloud::Kms::V1::GetCryptoKeyVersionRequest)
  @get_crypto_key_version.call(req, options, &block)
end

#get_iam_policy(resource, options: nil) {|result, operation| ... } ⇒ Google::Iam::V1::Policy

Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.

Examples:

require "google/cloud/kms"

key_management_service_client = Google::Cloud::Kms.new(version: :v1)
formatted_resource = Google::Cloud::Kms::V1::KeyManagementServiceClient.key_ring_path("[PROJECT]", "[LOCATION]", "[KEY_RING]")
response = key_management_service_client.get_iam_policy(formatted_resource)

Parameters:

• resource (String) —

  REQUIRED: The resource for which the policy is being requested. resource is usually specified as a path. For example, a Project resource is specified as projects/{project}.

• options (Google::Gax::CallOptions) (defaults to: nil) —

  Overrides the default settings for this call, e.g, timeout, retries, etc.

Yields:

• (result, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• result (Google::Iam::V1::Policy)
• operation (GRPC::ActiveCall::Operation)

Returns:

• (Google::Iam::V1::Policy)

Raises:

• (Google::Gax::GaxError) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 1400

def get_iam_policy \
    resource,
    options: nil,
    &block
  req = {
    resource: resource
  }.delete_if { |_, v| v.nil? }
  req = Google::Gax::to_proto(req, Google::Iam::V1::GetIamPolicyRequest)
  @get_iam_policy.call(req, options, &block)
end

#get_key_ring(name, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::KeyRing

Returns metadata for a given KeyRing.

Examples:

require "google/cloud/kms"

key_management_service_client = Google::Cloud::Kms.new(version: :v1)
formatted_name = Google::Cloud::Kms::V1::KeyManagementServiceClient.key_ring_path("[PROJECT]", "[LOCATION]", "[KEY_RING]")
response = key_management_service_client.get_key_ring(formatted_name)

Parameters:

• name (String) —

  The name of the KeyRing to get.

• options (Google::Gax::CallOptions) (defaults to: nil) —

  Overrides the default settings for this call, e.g, timeout, retries, etc.

Yields:

• (result, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• result (Google::Cloud::Kms::V1::KeyRing)
• operation (GRPC::ActiveCall::Operation)

Returns:

• (Google::Cloud::Kms::V1::KeyRing)

Raises:

• (Google::Gax::GaxError) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 678

def get_key_ring \
    name,
    options: nil,
    &block
  req = {
    name: name
  }.delete_if { |_, v| v.nil? }
  req = Google::Gax::to_proto(req, Google::Cloud::Kms::V1::GetKeyRingRequest)
  @get_key_ring.call(req, options, &block)
end

#get_public_key(name, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::PublicKey

Returns the public key for the given CryptoKeyVersion. The CryptoKey#purpose must be ASYMMETRIC_SIGN or ASYMMETRIC_DECRYPT.

Examples:

require "google/cloud/kms"

key_management_service_client = Google::Cloud::Kms.new(version: :v1)
formatted_name = Google::Cloud::Kms::V1::KeyManagementServiceClient.crypto_key_version_path("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]", "[CRYPTO_KEY_VERSION]")
response = key_management_service_client.get_public_key(formatted_name)

Parameters:

• name (String) —

  The name of the CryptoKeyVersion public key to get.

• options (Google::Gax::CallOptions) (defaults to: nil) —

  Overrides the default settings for this call, e.g, timeout, retries, etc.

Yields:

• (result, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• result (Google::Cloud::Kms::V1::PublicKey)
• operation (GRPC::ActiveCall::Operation)

Returns:

• (Google::Cloud::Kms::V1::PublicKey)

Raises:

• (Google::Gax::GaxError) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 1237

def get_public_key \
    name,
    options: nil,
    &block
  req = {
    name: name
  }.delete_if { |_, v| v.nil? }
  req = Google::Gax::to_proto(req, Google::Cloud::Kms::V1::GetPublicKeyRequest)
  @get_public_key.call(req, options, &block)
end

#list_crypto_key_versions(parent, page_size: nil, view: nil, options: nil) {|result, operation| ... } ⇒ Google::Gax::PagedEnumerable<Google::Cloud::Kms::V1::CryptoKeyVersion>

Lists CryptoKeyVersions.

Examples:

require "google/cloud/kms"

key_management_service_client = Google::Cloud::Kms.new(version: :v1)
formatted_parent = Google::Cloud::Kms::V1::KeyManagementServiceClient.crypto_key_path("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]")

# Iterate over all results.
key_management_service_client.list_crypto_key_versions(formatted_parent).each do |element|
  # Process element.
end

# Or iterate over results one page at a time.
key_management_service_client.list_crypto_key_versions(formatted_parent).each_page do |page|
  # Process each page at a time.
  page.each do |element|
    # Process element.
  end
end

Parameters:

• parent (String) —

  Required. The resource name of the CryptoKey to list, in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.

• page_size (Integer) (defaults to: nil) —

  The maximum number of resources contained in the underlying API response. If page streaming is performed per-resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.

• view (Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionView) (defaults to: nil) —

  The fields to include in the response.

• options (Google::Gax::CallOptions) (defaults to: nil) —

  Overrides the default settings for this call, e.g, timeout, retries, etc.

Yields:

• (result, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• result (Google::Gax::PagedEnumerable<Google::Cloud::Kms::V1::CryptoKeyVersion>)
• operation (GRPC::ActiveCall::Operation)

Returns:

• (Google::Gax::PagedEnumerable<Google::Cloud::Kms::V1::CryptoKeyVersion>) —

  An enumerable of Google::Cloud::Kms::V1::CryptoKeyVersion instances. See Google::Gax::PagedEnumerable documentation for other operations such as per-page iteration or access to the response object.

Raises:

• (Google::Gax::GaxError) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 644

def list_crypto_key_versions \
    parent,
    page_size: nil,
    view: nil,
    options: nil,
    &block
  req = {
    parent: parent,
    page_size: page_size,
    view: view
  }.delete_if { |_, v| v.nil? }
  req = Google::Gax::to_proto(req, Google::Cloud::Kms::V1::ListCryptoKeyVersionsRequest)
  @list_crypto_key_versions.call(req, options, &block)
end

#list_crypto_keys(parent, page_size: nil, version_view: nil, options: nil) {|result, operation| ... } ⇒ Google::Gax::PagedEnumerable<Google::Cloud::Kms::V1::CryptoKey>

Lists CryptoKeys.

Examples:

require "google/cloud/kms"

key_management_service_client = Google::Cloud::Kms.new(version: :v1)
formatted_parent = Google::Cloud::Kms::V1::KeyManagementServiceClient.key_ring_path("[PROJECT]", "[LOCATION]", "[KEY_RING]")

# Iterate over all results.
key_management_service_client.list_crypto_keys(formatted_parent).each do |element|
  # Process element.
end

# Or iterate over results one page at a time.
key_management_service_client.list_crypto_keys(formatted_parent).each_page do |page|
  # Process each page at a time.
  page.each do |element|
    # Process element.
  end
end

Parameters:

• parent (String) —

  Required. The resource name of the KeyRing to list, in the format projects/*/locations/*/keyRings/*.

• page_size (Integer) (defaults to: nil) —

  The maximum number of resources contained in the underlying API response. If page streaming is performed per-resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.

• version_view (Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionView) (defaults to: nil) —

  The fields of the primary version to include in the response.

• options (Google::Gax::CallOptions) (defaults to: nil) —

  Overrides the default settings for this call, e.g, timeout, retries, etc.

Yields:

• (result, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• result (Google::Gax::PagedEnumerable<Google::Cloud::Kms::V1::CryptoKey>)
• operation (GRPC::ActiveCall::Operation)

Returns:

• (Google::Gax::PagedEnumerable<Google::Cloud::Kms::V1::CryptoKey>) —

  An enumerable of Google::Cloud::Kms::V1::CryptoKey instances. See Google::Gax::PagedEnumerable documentation for other operations such as per-page iteration or access to the response object.

Raises:

• (Google::Gax::GaxError) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 585

def list_crypto_keys \
    parent,
    page_size: nil,
    version_view: nil,
    options: nil,
    &block
  req = {
    parent: parent,
    page_size: page_size,
    version_view: version_view
  }.delete_if { |_, v| v.nil? }
  req = Google::Gax::to_proto(req, Google::Cloud::Kms::V1::ListCryptoKeysRequest)
  @list_crypto_keys.call(req, options, &block)
end

#list_key_rings(parent, page_size: nil, options: nil) {|result, operation| ... } ⇒ Google::Gax::PagedEnumerable<Google::Cloud::Kms::V1::KeyRing>

Lists KeyRings.

Examples:

require "google/cloud/kms"

key_management_service_client = Google::Cloud::Kms.new(version: :v1)
formatted_parent = Google::Cloud::Kms::V1::KeyManagementServiceClient.location_path("[PROJECT]", "[LOCATION]")

# Iterate over all results.
key_management_service_client.list_key_rings(formatted_parent).each do |element|
  # Process element.
end

# Or iterate over results one page at a time.
key_management_service_client.list_key_rings(formatted_parent).each_page do |page|
  # Process each page at a time.
  page.each do |element|
    # Process element.
  end
end

Parameters:

• parent (String) —

  Required. The resource name of the location associated with the KeyRings, in the format projects/*/locations/*.

• page_size (Integer) (defaults to: nil) —

  The maximum number of resources contained in the underlying API response. If page streaming is performed per-resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.

• options (Google::Gax::CallOptions) (defaults to: nil) —

  Overrides the default settings for this call, e.g, timeout, retries, etc.

Yields:

• (result, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• result (Google::Gax::PagedEnumerable<Google::Cloud::Kms::V1::KeyRing>)
• operation (GRPC::ActiveCall::Operation)

Returns:

• (Google::Gax::PagedEnumerable<Google::Cloud::Kms::V1::KeyRing>) —

  An enumerable of Google::Cloud::Kms::V1::KeyRing instances. See Google::Gax::PagedEnumerable documentation for other operations such as per-page iteration or access to the response object.

Raises:

• (Google::Gax::GaxError) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 528

def list_key_rings \
    parent,
    page_size: nil,
    options: nil,
    &block
  req = {
    parent: parent,
    page_size: page_size
  }.delete_if { |_, v| v.nil? }
  req = Google::Gax::to_proto(req, Google::Cloud::Kms::V1::ListKeyRingsRequest)
  @list_key_rings.call(req, options, &block)
end

#restore_crypto_key_version(name, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::CryptoKeyVersion

Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state.

Upon restoration of the CryptoKeyVersion, state will be set to DISABLED, and destroy_time will be cleared.

Examples:

require "google/cloud/kms"

key_management_service_client = Google::Cloud::Kms.new(version: :v1)
formatted_name = Google::Cloud::Kms::V1::KeyManagementServiceClient.crypto_key_version_path("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]", "[CRYPTO_KEY_VERSION]")
response = key_management_service_client.restore_crypto_key_version(formatted_name)

Parameters:

• name (String) —

  The resource name of the CryptoKeyVersion to restore.

• options (Google::Gax::CallOptions) (defaults to: nil) —

  Overrides the default settings for this call, e.g, timeout, retries, etc.

Yields:

• (result, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• result (Google::Cloud::Kms::V1::CryptoKeyVersion)
• operation (GRPC::ActiveCall::Operation)

Returns:

• (Google::Cloud::Kms::V1::CryptoKeyVersion)

Raises:

• (Google::Gax::GaxError) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 1203

def restore_crypto_key_version \
    name,
    options: nil,
    &block
  req = {
    name: name
  }.delete_if { |_, v| v.nil? }
  req = Google::Gax::to_proto(req, Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest)
  @restore_crypto_key_version.call(req, options, &block)
end

#set_iam_policy(resource, policy, options: nil) {|result, operation| ... } ⇒ Google::Iam::V1::Policy

Sets the access control policy on the specified resource. Replaces any existing policy.

Examples:

require "google/cloud/kms"

key_management_service_client = Google::Cloud::Kms.new(version: :v1)
formatted_resource = Google::Cloud::Kms::V1::KeyManagementServiceClient.key_ring_path("[PROJECT]", "[LOCATION]", "[KEY_RING]")

# TODO: Initialize `policy`:
policy = {}
response = key_management_service_client.set_iam_policy(formatted_resource, policy)

Parameters:

• resource (String) —

  REQUIRED: The resource for which the policy is being specified. resource is usually specified as a path. For example, a Project resource is specified as projects/{project}.

• policy (Google::Iam::V1::Policy | Hash) —

  REQUIRED: The complete policy to be applied to the resource. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them. A hash of the same form as Google::Iam::V1::Policy can also be provided.

• options (Google::Gax::CallOptions) (defaults to: nil) —

  Overrides the default settings for this call, e.g, timeout, retries, etc.

Yields:

• (result, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• result (Google::Iam::V1::Policy)
• operation (GRPC::ActiveCall::Operation)

Returns:

• (Google::Iam::V1::Policy)

Raises:

• (Google::Gax::GaxError) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 1364

def set_iam_policy \
    resource,
    policy,
    options: nil,
    &block
  req = {
    resource: resource,
    policy: policy
  }.delete_if { |_, v| v.nil? }
  req = Google::Gax::to_proto(req, Google::Iam::V1::SetIamPolicyRequest)
  @set_iam_policy.call(req, options, &block)
end

#test_iam_permissions(resource, permissions, options: nil) {|result, operation| ... } ⇒ Google::Iam::V1::TestIamPermissionsResponse

Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error.

Examples:

require "google/cloud/kms"

key_management_service_client = Google::Cloud::Kms.new(version: :v1)
formatted_resource = Google::Cloud::Kms::V1::KeyManagementServiceClient.key_ring_path("[PROJECT]", "[LOCATION]", "[KEY_RING]")

# TODO: Initialize `permissions`:
permissions = []
response = key_management_service_client.test_iam_permissions(formatted_resource, permissions)

Parameters:

• resource (String) —

  REQUIRED: The resource for which the policy detail is being requested. resource is usually specified as a path. For example, a Project resource is specified as projects/{project}.

• permissions (Array<String>) —

  The set of permissions to check for the resource. Permissions with wildcards (such as '' or 'storage.') are not allowed. For more information see IAM Overview.

• options (Google::Gax::CallOptions) (defaults to: nil) —

  Overrides the default settings for this call, e.g, timeout, retries, etc.

Yields:

• (result, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• result (Google::Iam::V1::TestIamPermissionsResponse)
• operation (GRPC::ActiveCall::Operation)

Returns:

• (Google::Iam::V1::TestIamPermissionsResponse)

Raises:

• (Google::Gax::GaxError) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 1442

def test_iam_permissions \
    resource,
    permissions,
    options: nil,
    &block
  req = {
    resource: resource,
    permissions: permissions
  }.delete_if { |_, v| v.nil? }
  req = Google::Gax::to_proto(req, Google::Iam::V1::TestIamPermissionsRequest)
  @test_iam_permissions.call(req, options, &block)
end

#update_crypto_key(crypto_key, update_mask, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::CryptoKey

Update a CryptoKey.

Examples:

require "google/cloud/kms"

key_management_service_client = Google::Cloud::Kms.new(version: :v1)

# TODO: Initialize `crypto_key`:
crypto_key = {}

# TODO: Initialize `update_mask`:
update_mask = {}
response = key_management_service_client.update_crypto_key(crypto_key, update_mask)

Parameters:

• crypto_key (Google::Cloud::Kms::V1::CryptoKey | Hash) —

  CryptoKey with updated values. A hash of the same form as Google::Cloud::Kms::V1::CryptoKey can also be provided.

• update_mask (Google::Protobuf::FieldMask | Hash) —

  Required list of fields to be updated in this request. A hash of the same form as Google::Protobuf::FieldMask can also be provided.

• options (Google::Gax::CallOptions) (defaults to: nil) —

  Overrides the default settings for this call, e.g, timeout, retries, etc.

Yields:

• (result, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• result (Google::Cloud::Kms::V1::CryptoKey)
• operation (GRPC::ActiveCall::Operation)

Returns:

• (Google::Cloud::Kms::V1::CryptoKey)

Raises:

• (Google::Gax::GaxError) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 929

def update_crypto_key \
    crypto_key,
    update_mask,
    options: nil,
    &block
  req = {
    crypto_key: crypto_key,
    update_mask: update_mask
  }.delete_if { |_, v| v.nil? }
  req = Google::Gax::to_proto(req, Google::Cloud::Kms::V1::UpdateCryptoKeyRequest)
  @update_crypto_key.call(req, options, &block)
end

#update_crypto_key_primary_version(name, crypto_key_version_id, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::CryptoKey

Update the version of a CryptoKey that will be used in Encrypt.

Returns an error if called on an asymmetric key.

Examples:

require "google/cloud/kms"

key_management_service_client = Google::Cloud::Kms.new(version: :v1)
formatted_name = Google::Cloud::Kms::V1::KeyManagementServiceClient.crypto_key_path("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]")

# TODO: Initialize `crypto_key_version_id`:
crypto_key_version_id = ''
response = key_management_service_client.update_crypto_key_primary_version(formatted_name, crypto_key_version_id)

Parameters:

• name (String) —

  The resource name of the CryptoKey to update.

• crypto_key_version_id (String) —

  The id of the child CryptoKeyVersion to use as primary.

• options (Google::Gax::CallOptions) (defaults to: nil) —

  Overrides the default settings for this call, e.g, timeout, retries, etc.

Yields:

• (result, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• result (Google::Cloud::Kms::V1::CryptoKey)
• operation (GRPC::ActiveCall::Operation)

Returns:

• (Google::Cloud::Kms::V1::CryptoKey)

Raises:

• (Google::Gax::GaxError) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 1124

def update_crypto_key_primary_version \
    name,
    crypto_key_version_id,
    options: nil,
    &block
  req = {
    name: name,
    crypto_key_version_id: crypto_key_version_id
  }.delete_if { |_, v| v.nil? }
  req = Google::Gax::to_proto(req, Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest)
  @update_crypto_key_primary_version.call(req, options, &block)
end

#update_crypto_key_version(crypto_key_version, update_mask, options: nil) {|result, operation| ... } ⇒ Google::Cloud::Kms::V1::CryptoKeyVersion

Update a CryptoKeyVersion's metadata.

state may be changed between ENABLED and DISABLED using this method. See DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to move between other states.

Examples:

require "google/cloud/kms"

key_management_service_client = Google::Cloud::Kms.new(version: :v1)

# TODO: Initialize `crypto_key_version`:
crypto_key_version = {}

# TODO: Initialize `update_mask`:
update_mask = {}
response = key_management_service_client.update_crypto_key_version(crypto_key_version, update_mask)

Parameters:

• crypto_key_version (Google::Cloud::Kms::V1::CryptoKeyVersion | Hash) —

  CryptoKeyVersion with updated values. A hash of the same form as Google::Cloud::Kms::V1::CryptoKeyVersion can also be provided.

• update_mask (Google::Protobuf::FieldMask | Hash) —

  Required list of fields to be updated in this request. A hash of the same form as Google::Protobuf::FieldMask can also be provided.

• options (Google::Gax::CallOptions) (defaults to: nil) —

  Overrides the default settings for this call, e.g, timeout, retries, etc.

Yields:

• (result, operation) —

  Access the result along with the RPC operation

Yield Parameters:

• result (Google::Cloud::Kms::V1::CryptoKeyVersion)
• operation (GRPC::ActiveCall::Operation)

Returns:

• (Google::Cloud::Kms::V1::CryptoKeyVersion)

Raises:

• (Google::Gax::GaxError) —

  if the RPC is aborted.

# File 'lib/google/cloud/kms/v1/key_management_service_client.rb', line 978

def update_crypto_key_version \
    crypto_key_version,
    update_mask,
    options: nil,
    &block
  req = {
    crypto_key_version: crypto_key_version,
    update_mask: update_mask
  }.delete_if { |_, v| v.nil? }
  req = Google::Gax::to_proto(req, Google::Cloud::Kms::V1::UpdateCryptoKeyVersionRequest)
  @update_crypto_key_version.call(req, options, &block)
end