Class KeyManagementServiceClient (1.2.1)
Stay organized with collections
Save and categorize content based on your preferences.
KeyManagementServiceClient(
transport=None,
channel=None,
credentials=None,
client_config=None,
client_info=None,
client_options=None,
)Google Cloud Key Management Service
Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:
KeyRingCryptoKeyCryptoKeyVersion
If you are using manual gRPC libraries, see Using gRPC with Cloud
KMS <https://cloud.google.com/kms/docs/grpc>__.
Methods
KeyManagementServiceClient
KeyManagementServiceClient(
transport=None,
channel=None,
credentials=None,
client_config=None,
client_info=None,
client_options=None,
)Constructor.
channel
grpc.Channel
DEPRECATED. A Channel instance through which to make calls. This argument is mutually exclusive with credentials; providing both will raise an exception.
credentials
google.auth.credentials.Credentials
The authorization credentials to attach to requests. These credentials identify this application to the service. If none are specified, the client will attempt to ascertain the credentials from the environment. This argument is mutually exclusive with providing a transport instance to transport; doing so will raise an exception.
client_config
dict
DEPRECATED. A dictionary of call options for each method. If not specified, the default configuration is used.
client_info
google.api_core.gapic_v1.client_info.ClientInfo
The client info used to send a user-agent string along with API requests. If None, then default info will be used. Generally, you only need to set this if you're developing your own client library.
client_options
Union[dict, google.api_core.client_options.ClientOptions]
Client options used to set user options on the client. API Endpoint should be set through client_options.
asymmetric_decrypt
asymmetric_decrypt(name, ciphertext, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Decrypts data that was encrypted with a public key retrieved from
GetPublicKey corresponding to a CryptoKeyVersion with
CryptoKey.purpose ASYMMETRIC_DECRYPT.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]')
TODO: Initialize
ciphertext:ciphertext = b''
response = client.asymmetric_decrypt(name, ciphertext)
name
str
Required. The resource name of the CryptoKeyVersion to use for decryption.
ciphertext
bytes
Required. The data encrypted with the named CryptoKeyVersion's public key using OAEP.
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.
asymmetric_sign
asymmetric_sign(name, digest, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Signs data using a CryptoKeyVersion with CryptoKey.purpose
ASYMMETRIC_SIGN, producing a signature that can be verified with the
public key retrieved from GetPublicKey.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]')
TODO: Initialize
digest:digest = {}
response = client.asymmetric_sign(name, digest)
name
str
Required. The resource name of the CryptoKeyVersion to use for signing.
digest
Union[dict, Digest]
Required. The digest of the data to sign. The digest must be produced with the same digest algorithm as specified by the key version's algorithm. If a dict is provided, it must be of the same form as the protobuf message Digest
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.
create_crypto_key
create_crypto_key(parent, crypto_key_id, crypto_key, skip_initial_version_creation=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Create a new CryptoKey within a KeyRing.
CryptoKey.purpose and CryptoKey.version_template.algorithm are
required.
.. rubric:: Example
from google.cloud import kms_v1 from google.cloud.kms_v1 import enums
client = kms_v1.KeyManagementServiceClient()
parent = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]') crypto_key_id = 'my-app-key' purpose = enums.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT seconds = 2147483647 next_rotation_time = {'seconds': seconds} seconds_2 = 604800 rotation_period = {'seconds': seconds_2} crypto_key = {'purpose': purpose, 'next_rotation_time': next_rotation_time, 'rotation_period': rotation_period}
response = client.create_crypto_key(parent, crypto_key_id, crypto_key)
parent
str
Required. The name of the KeyRing associated with the CryptoKeys.
crypto_key_id
str
Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}
crypto_key
Union[dict, CryptoKey]
A CryptoKey with initial field values. If a dict is provided, it must be of the same form as the protobuf message CryptoKey
skip_initial_version_creation
bool
If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.
create_crypto_key_version
create_crypto_key_version(parent, crypto_key_version, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Create a new CryptoKeyVersion in a CryptoKey.
The server will assign the next sequential id. If unset, state will
be set to ENABLED.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
parent = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]')
TODO: Initialize
crypto_key_version:crypto_key_version = {}
response = client.create_crypto_key_version(parent, crypto_key_version)
parent
str
Required. The name of the CryptoKey associated with the CryptoKeyVersions.
crypto_key_version
Union[dict, CryptoKeyVersion]
A CryptoKeyVersion with initial field values. If a dict is provided, it must be of the same form as the protobuf message CryptoKeyVersion
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.
create_import_job
create_import_job(parent, import_job_id, import_job, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Create a new ImportJob within a KeyRing.
ImportJob.import_method is required.
.. rubric:: Example
from google.cloud import kms_v1 from google.cloud.kms_v1 import enums
client = kms_v1.KeyManagementServiceClient()
parent = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]') import_job_id = 'my-import-job' import_method = enums.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256 protection_level = enums.ProtectionLevel.HSM import_job = {'import_method': import_method, 'protection_level': protection_level}
response = client.create_import_job(parent, import_job_id, import_job)
parent
str
Required. The name of the KeyRing associated with the ImportJobs.
import_job_id
str
Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}
import_job
Union[dict, ImportJob]
Required. An ImportJob with initial field values. If a dict is provided, it must be of the same form as the protobuf message ImportJob
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.
create_key_ring
create_key_ring(parent, key_ring_id, key_ring, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Create a new KeyRing in a given Project and Location.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
parent = client.location_path('[PROJECT]', '[LOCATION]')
TODO: Initialize
key_ring_id:key_ring_id = ''
TODO: Initialize
key_ring:key_ring = {}
response = client.create_key_ring(parent, key_ring_id, key_ring)
parent
str
Required. The resource name of the location associated with the KeyRings, in the format projects//locations/.
key_ring_id
str
Required. It must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}
key_ring
Union[dict, KeyRing]
A KeyRing with initial field values. If a dict is provided, it must be of the same form as the protobuf message KeyRing
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.
crypto_key_path
crypto_key_path(project, location, key_ring, crypto_key)Return a fully-qualified crypto_key string.
crypto_key_path_path
crypto_key_path_path(project, location, key_ring, crypto_key_path)Return a fully-qualified crypto_key_path string.
crypto_key_version_path
crypto_key_version_path(
project, location, key_ring, crypto_key, crypto_key_version
)Return a fully-qualified crypto_key_version string.
decrypt
decrypt(name, ciphertext, additional_authenticated_data=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Decrypts data that was protected by Encrypt. The
CryptoKey.purpose must be ENCRYPT_DECRYPT.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]')
TODO: Initialize
ciphertext:ciphertext = b''
response = client.decrypt(name, ciphertext)
name
str
Required. The resource name of the CryptoKey to use for decryption. The server will choose the appropriate version.
ciphertext
bytes
Required. The encrypted data originally returned in EncryptResponse.ciphertext.
additional_authenticated_data
bytes
Optional data that must match the data originally supplied in EncryptRequest.additional_authenticated_data.
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.
destroy_crypto_key_version
destroy_crypto_key_version(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Schedule a CryptoKeyVersion for destruction.
Upon calling this method, CryptoKeyVersion.state will be set to
DESTROY_SCHEDULED and destroy_time will be set to a time 24
hours in the future, at which point the state will be changed to
DESTROYED, and the key material will be irrevocably destroyed.
Before the destroy_time is reached, RestoreCryptoKeyVersion may
be called to reverse the process.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]')
response = client.destroy_crypto_key_version(name)
name
str
The resource name of the CryptoKeyVersion to destroy.
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.
encrypt
encrypt(name, plaintext, additional_authenticated_data=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Encrypts data, so that it can only be recovered by a call to
Decrypt. The CryptoKey.purpose must be ENCRYPT_DECRYPT.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
name = client.crypto_key_path_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY_PATH]')
TODO: Initialize
plaintext:plaintext = b''
response = client.encrypt(name, plaintext)
name
str
Required. The resource name of the CryptoKey or CryptoKeyVersion to use for encryption. If a CryptoKey is specified, the server will use its primary version.
plaintext
bytes
Required. The data to encrypt. Must be no larger than 64KiB. The maximum size depends on the key version's protection_level. For SOFTWARE keys, the plaintext must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.
additional_authenticated_data
bytes
Optional data that, if specified, must also be provided during decryption through DecryptRequest.additional_authenticated_data. The maximum size depends on the key version's protection_level. For SOFTWARE keys, the AAD must be no larger than 64KiB. For HSM keys, the combined length of the plaintext and additional_authenticated_data fields must be no larger than 8KiB.
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.
from_service_account_file
from_service_account_file(filename, *args, **kwargs)Creates an instance of this client using the provided credentials file.
filename
str
The path to the service account private key json file.
KeyManagementServiceClient
The constructed client.
from_service_account_json
from_service_account_json(filename, *args, **kwargs)Creates an instance of this client using the provided credentials file.
filename
str
The path to the service account private key json file.
KeyManagementServiceClient
The constructed client.
get_crypto_key
get_crypto_key(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Returns metadata for a given CryptoKey, as well as its primary
CryptoKeyVersion.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]')
response = client.get_crypto_key(name)
name
str
The name of the CryptoKey to get.
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.
get_crypto_key_version
get_crypto_key_version(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Returns metadata for a given CryptoKeyVersion.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]')
response = client.get_crypto_key_version(name)
name
str
The name of the CryptoKeyVersion to get.
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.
get_iam_policy
get_iam_policy(resource, options_=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
resource = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
response = client.get_iam_policy(resource)
resource
str
REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.
options_
Union[dict, GetPolicyOptions]
OPTIONAL: A GetPolicyOptions object for specifying options to GetIamPolicy. This field is only used by Cloud IAM. If a dict is provided, it must be of the same form as the protobuf message GetPolicyOptions
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.
get_import_job
get_import_job(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Returns metadata for a given ImportJob.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
name = client.import_job_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[IMPORT_JOB]')
response = client.get_import_job(name)
name
str
The name of the ImportJob to get.
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.
get_key_ring
get_key_ring(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Returns metadata for a given KeyRing.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
name = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
response = client.get_key_ring(name)
name
str
The name of the KeyRing to get.
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.
get_public_key
get_public_key(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Returns the public key for the given CryptoKeyVersion. The
CryptoKey.purpose must be ASYMMETRIC_SIGN or
ASYMMETRIC_DECRYPT.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]')
response = client.get_public_key(name)
name
str
The name of the CryptoKeyVersion public key to get.
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.
import_crypto_key_version
import_crypto_key_version(parent, algorithm, import_job, rsa_aes_wrapped_key=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Imports a new CryptoKeyVersion into an existing CryptoKey using
the wrapped key material provided in the request.
The version ID will be assigned the next sequential id within the
CryptoKey.
.. rubric:: Example
from google.cloud import kms_v1 from google.cloud.kms_v1 import enums
client = kms_v1.KeyManagementServiceClient()
parent = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]')
TODO: Initialize
algorithm:algorithm = enums.CryptoKeyVersion.CryptoKeyVersionAlgorithm.CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED
TODO: Initialize
import_job:import_job = ''
response = client.import_crypto_key_version(parent, algorithm, import_job)
parent
str
Required. The name of the CryptoKey to be imported into.
algorithm
CryptoKeyVersionAlgorithm
Required. The algorithm of the key being imported. This does not need to match the version_template of the CryptoKey this version imports into.
import_job
str
Required. The name of the ImportJob that was used to wrap this key material.
rsa_aes_wrapped_key
bytes
Wrapped key material produced with RSA_OAEP_3072_SHA1_AES_256 or RSA_OAEP_4096_SHA1_AES_256. This field contains the concatenation of two wrapped keys: .. raw:: html
- An ephemeral AES-256 wrapping key wrapped with the
public_keyusing RSAES-OAEP with SHA-1, MGF1 with SHA-1, and an empty label. - The key to be imported, wrapped with the ephemeral AES-256 key using AES-KWP (RFC 5649).
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.
import_job_path
import_job_path(project, location, key_ring, import_job)Return a fully-qualified import_job string.
key_ring_path
key_ring_path(project, location, key_ring)Return a fully-qualified key_ring string.
list_crypto_key_versions
list_crypto_key_versions(parent, page_size=None, view=None, filter_=None, order_by=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Lists CryptoKeyVersions.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
parent = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]')
Iterate over all results
for element in client.list_crypto_key_versions(parent): ... # process element ... pass
Alternatively:
Iterate over results one page at a time
for page in client.list_crypto_key_versions(parent).pages: ... for element in page: ... # process element ... pass
parent
str
Required. The resource name of the CryptoKey to list, in the format projects//locations//keyRings//cryptoKeys/.
page_size
int
The maximum number of resources contained in the underlying API response. If page streaming is performed per- resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.
view
CryptoKeyVersionView
The fields to include in the response.
filter_
str
Optional. Only include resources that match the filter in the response.
order_by
str
Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order.
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.
list_crypto_keys
list_crypto_keys(parent, page_size=None, version_view=None, filter_=None, order_by=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Lists CryptoKeys.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
parent = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
Iterate over all results
for element in client.list_crypto_keys(parent): ... # process element ... pass
Alternatively:
Iterate over results one page at a time
for page in client.list_crypto_keys(parent).pages: ... for element in page: ... # process element ... pass
parent
str
Required. The resource name of the KeyRing to list, in the format projects//locations//keyRings/*.
page_size
int
The maximum number of resources contained in the underlying API response. If page streaming is performed per- resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.
version_view
CryptoKeyVersionView
The fields of the primary version to include in the response.
filter_
str
Optional. Only include resources that match the filter in the response.
order_by
str
Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order.
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.
list_import_jobs
list_import_jobs(parent, page_size=None, filter_=None, order_by=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Lists ImportJobs.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
parent = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
Iterate over all results
for element in client.list_import_jobs(parent): ... # process element ... pass
Alternatively:
Iterate over results one page at a time
for page in client.list_import_jobs(parent).pages: ... for element in page: ... # process element ... pass
parent
str
Required. The resource name of the KeyRing to list, in the format projects//locations//keyRings/*.
page_size
int
The maximum number of resources contained in the underlying API response. If page streaming is performed per- resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.
filter_
str
Optional. Only include resources that match the filter in the response.
order_by
str
Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order.
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.
list_key_rings
list_key_rings(parent, page_size=None, filter_=None, order_by=None, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Lists KeyRings.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
parent = client.location_path('[PROJECT]', '[LOCATION]')
Iterate over all results
for element in client.list_key_rings(parent): ... # process element ... pass
Alternatively:
Iterate over results one page at a time
for page in client.list_key_rings(parent).pages: ... for element in page: ... # process element ... pass
parent
str
Required. The resource name of the location associated with the KeyRings, in the format projects//locations/.
page_size
int
The maximum number of resources contained in the underlying API response. If page streaming is performed per- resource, this parameter does not affect the return value. If page streaming is performed per-page, this determines the maximum number of resources in a page.
filter_
str
Optional. Only include resources that match the filter in the response.
order_by
str
Optional. Specify how the results should be sorted. If not specified, the results will be sorted in the default order.
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.
location_path
location_path(project, location)Return a fully-qualified location string.
restore_crypto_key_version
restore_crypto_key_version(name, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state.
Upon restoration of the CryptoKeyVersion, state will be set to
DISABLED, and destroy_time will be cleared.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
name = client.crypto_key_version_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]', '[CRYPTO_KEY_VERSION]')
response = client.restore_crypto_key_version(name)
name
str
The resource name of the CryptoKeyVersion to restore.
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.
set_iam_policy
set_iam_policy(resource, policy, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Sets the access control policy on the specified resource. Replaces any existing policy.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
resource = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
TODO: Initialize
policy:policy = {}
response = client.set_iam_policy(resource, policy)
resource
str
REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.
policy
Union[dict, Policy]
REQUIRED: The complete policy to be applied to the resource. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them. If a dict is provided, it must be of the same form as the protobuf message Policy
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.
test_iam_permissions
test_iam_permissions(resource, permissions, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error.
Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
resource = client.key_ring_path('[PROJECT]', '[LOCATION]', '[KEY_RING]')
TODO: Initialize
permissions:permissions = []
response = client.test_iam_permissions(resource, permissions)
resource
str
REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.
permissions
list[str]
The set of permissions to check for the resource. Permissions with wildcards (such as '' or 'storage.') are not allowed. For more information see IAM Overview https://cloud.google.com/iam/docs/overview#permissions __.
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.
update_crypto_key
update_crypto_key(crypto_key, update_mask, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Update a CryptoKey.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
TODO: Initialize
crypto_key:crypto_key = {}
TODO: Initialize
update_mask:update_mask = {}
response = client.update_crypto_key(crypto_key, update_mask)
crypto_key
Union[dict, CryptoKey]
CryptoKey with updated values. If a dict is provided, it must be of the same form as the protobuf message CryptoKey
update_mask
Union[dict, FieldMask]
Required list of fields to be updated in this request. If a dict is provided, it must be of the same form as the protobuf message FieldMask
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.
update_crypto_key_primary_version
update_crypto_key_primary_version(name, crypto_key_version_id, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Update the version of a CryptoKey that will be used in Encrypt.
Returns an error if called on an asymmetric key.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
name = client.crypto_key_path('[PROJECT]', '[LOCATION]', '[KEY_RING]', '[CRYPTO_KEY]')
TODO: Initialize
crypto_key_version_id:crypto_key_version_id = ''
response = client.update_crypto_key_primary_version(name, crypto_key_version_id)
name
str
The resource name of the CryptoKey to update.
crypto_key_version_id
str
The id of the child CryptoKeyVersion to use as primary.
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.
update_crypto_key_version
update_crypto_key_version(crypto_key_version, update_mask, retry=<_MethodDefault._DEFAULT_VALUE: <object object>>, timeout=<_MethodDefault._DEFAULT_VALUE: <object object>>, metadata=None)Update a CryptoKeyVersion's metadata.
state may be changed between ENABLED and DISABLED using this
method. See DestroyCryptoKeyVersion and RestoreCryptoKeyVersion
to move between other states.
.. rubric:: Example
from google.cloud import kms_v1
client = kms_v1.KeyManagementServiceClient()
TODO: Initialize
crypto_key_version:crypto_key_version = {}
TODO: Initialize
update_mask:update_mask = {}
response = client.update_crypto_key_version(crypto_key_version, update_mask)
crypto_key_version
Union[dict, CryptoKeyVersion]
CryptoKeyVersion with updated values. If a dict is provided, it must be of the same form as the protobuf message CryptoKeyVersion
update_mask
Union[dict, FieldMask]
Required list of fields to be updated in this request. If a dict is provided, it must be of the same form as the protobuf message FieldMask
retry
Optional[google.api_core.retry.Retry]
A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.
timeout
Optional[float]
The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.
metadata
Optional[Sequence[Tuple[str, str]]]
Additional metadata that is provided to the method.
google.api_core.exceptions.GoogleAPICallError
If the request failed for any reason.
google.api_core.exceptions.RetryError
If the request failed due to a retryable error and retry attempts failed.
ValueError
If the parameters are invalid.