EncryptionInfo describes the encryption information of a cluster or a backup.
| JSON representation |
|---|
{ "encryptionType" : enum ( |
| Fields | |
|---|---|
encryptionType
|
Output only. Type of encryption. |
kmsKeyVersions[]
|
Output only. KMS key versions that are being used to protect the data at-rest. |
kmsKeyPrimaryState
|
Output only. The state of the primary version of the KMS key perceived by the system. This field is not populated in backups. |
lastUpdateTime
|
Output only. The most recent time when the encryption info was updated. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
Type
Possible encryption types.
| Enums | |
|---|---|
TYPE_UNSPECIFIED
|
Encryption type not specified. Defaults to GOOGLE_DEFAULT_ENCRYPTION. |
GOOGLE_DEFAULT_ENCRYPTION
|
The data is encrypted at rest with a key that is fully managed by Google. No key version will be populated. This is the default state. |
CUSTOMER_MANAGED_ENCRYPTION
|
The data is encrypted at rest with a key that is managed by the customer. KMS key versions will be populated. |
KmsKeyState
The state of the KMS key perceived by the system. Refer to the public documentation for the impact of each state.
| Enums | |
|---|---|
KMS_KEY_STATE_UNSPECIFIED
|
The default value. This value is unused. |
ENABLED
|
The KMS key is enabled and correctly configured. |
PERMISSION_DENIED
|
Permission denied on the KMS key. |
DISABLED
|
The KMS key is disabled. |
DESTROYED
|
The KMS key is destroyed. |
DESTROY_SCHEDULED
|
The KMS key is scheduled to be destroyed. |
EKM_KEY_UNREACHABLE_DETECTED
|
The EKM key is unreachable. |
BILLING_DISABLED
|
Billing is disabled for the project. |
UNKNOWN_FAILURE
|
All other unknown failures. |
