Reference documentation and code samples for the Cloud KMS V1 Client class KeyManagementServiceClient.
Service Description: Google Cloud Key Management Service
Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:
If you are using manual gRPC libraries, see Using gRPC with Cloud KMS .
This class provides the ability to make remote calls to the backing service through method calls that map to API methods.
Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parseName method to extract the individual identifiers contained within formatted names that are returned by the API.
Namespace
Google \ Cloud \ Kms \ V1 \ ClientMethods
__construct
Constructor.
options
array
Optional. Options for configuring the service API wrapper.
↳ apiEndpoint
string
The address of the API remote host. May optionally include the port, formatted as "
↳ credentials
string|array|FetchAuthTokenInterface|CredentialsWrapper
The credentials to be used by the client to authorize API calls. This option accepts either a path to a credentials file, or a decoded credentials file as a PHP array. Advanced usage : In addition, this option can also accept a pre-constructed Google\Auth\FetchAuthTokenInterface object or Google\ApiCore\CredentialsWrapper object. Note that when one of these objects are provided, any settings in $credentialsConfig will be ignored. Important : If you accept a credential configuration (credential JSON/File/Stream) from an external source for authentication to Google Cloud Platform, you must validate it before providing it to any Google API or library. Providing an unvalidated credential configuration to Google APIs can compromise the security of your systems and data. For more information https://cloud.google.com/docs/authentication/external/externally-sourced-credentials
↳ credentialsConfig
array
Options used to configure credentials, including auth token caching, for the client. For a full list of supporting configuration options, see Google\ApiCore\CredentialsWrapper::build() .
↳ disableRetries
bool
Determines whether or not retries defined by the client configuration should be disabled. Defaults to false
.
↳ clientConfig
string|array
Client method configuration, including retry settings. This option can be either a path to a JSON file, or a PHP array containing the decoded JSON data. By default this settings points to the default client config file, which is provided in the resources folder.
↳ transport
string|TransportInterface
The transport used for executing network requests. May be either the string rest
or grpc
. Defaults to grpc
if gRPC support is detected on the system. Advanced usage
: Additionally, it is possible to pass in an already instantiated Google\ApiCore\Transport\TransportInterface
object. Note that when this object is provided, any settings in $transportConfig, and any $apiEndpoint setting, will be ignored.
↳ transportConfig
array
Configuration options that will be used to construct the transport. Options for each supported transport type should be passed in a key for that transport. For example: $transportConfig = [ 'grpc' => [...], 'rest' => [...], ]; See the Google\ApiCore\Transport\GrpcTransport::build() and Google\ApiCore\Transport\RestTransport::build() methods for the supported options.
↳ clientCertSource
callable
A callable which returns the client cert as a string. This can be used to provide a certificate and private key to the transport layer for mTLS.
↳ logger
false|LoggerInterface
A PSR-3 compliant logger. If set to false, logging is disabled, ignoring the 'GOOGLE_SDK_PHP_LOGGING' environment flag
asymmetricDecrypt
Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT.
The async variant is KeyManagementServiceClient::asymmetricDecryptAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\AsymmetricDecryptRequest;
use Google\Cloud\Kms\V1\AsymmetricDecryptResponse;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
/**
* @param string $formattedName The resource name of the
* [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
* decryption. Please see
* {@see KeyManagementServiceClient::cryptoKeyVersionName()} for help formatting this field.
* @param string $ciphertext The data encrypted with the named
* [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s public key using
* OAEP.
*/
function asymmetric_decrypt_sample(string $formattedName, string $ciphertext): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$request = (new AsymmetricDecryptRequest())
->setName($formattedName)
->setCiphertext($ciphertext);
// Call the API and handle any network failures.
try {
/** @var AsymmetricDecryptResponse $response */
$response = $keyManagementServiceClient->asymmetricDecrypt($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = KeyManagementServiceClient::cryptoKeyVersionName(
'[PROJECT]',
'[LOCATION]',
'[KEY_RING]',
'[CRYPTO_KEY]',
'[CRYPTO_KEY_VERSION]'
);
$ciphertext = '...';
asymmetric_decrypt_sample($formattedName, $ciphertext);
}
asymmetricSign
Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey .
The async variant is KeyManagementServiceClient::asymmetricSignAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\AsymmetricSignRequest;
use Google\Cloud\Kms\V1\AsymmetricSignResponse;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\Digest;
/**
* @param string $formattedName The resource name of the
* [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
* signing. Please see
* {@see KeyManagementServiceClient::cryptoKeyVersionName()} for help formatting this field.
*/
function asymmetric_sign_sample(string $formattedName): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$digest = new Digest();
$request = (new AsymmetricSignRequest())
->setName($formattedName)
->setDigest($digest);
// Call the API and handle any network failures.
try {
/** @var AsymmetricSignResponse $response */
$response = $keyManagementServiceClient->asymmetricSign($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = KeyManagementServiceClient::cryptoKeyVersionName(
'[PROJECT]',
'[LOCATION]',
'[KEY_RING]',
'[CRYPTO_KEY]',
'[CRYPTO_KEY_VERSION]'
);
asymmetric_sign_sample($formattedName);
}
createCryptoKey
Create a new CryptoKey within a KeyRing .
CryptoKey.purpose and CryptoKey.version_template.algorithm are required.
The async variant is KeyManagementServiceClient::createCryptoKeyAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\CreateCryptoKeyRequest;
use Google\Cloud\Kms\V1\CryptoKey;
/**
* @param string $formattedParent The [name][google.cloud.kms.v1.KeyRing.name] of the KeyRing
* associated with the [CryptoKeys][google.cloud.kms.v1.CryptoKey]. Please see
* {@see KeyManagementServiceClient::keyRingName()} for help formatting this field.
* @param string $cryptoKeyId It must be unique within a KeyRing and match the regular
* expression `[a-zA-Z0-9_-]{1,63}`
*/
function create_crypto_key_sample(string $formattedParent, string $cryptoKeyId): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$cryptoKey = new CryptoKey();
$request = (new CreateCryptoKeyRequest())
->setParent($formattedParent)
->setCryptoKeyId($cryptoKeyId)
->setCryptoKey($cryptoKey);
// Call the API and handle any network failures.
try {
/** @var CryptoKey $response */
$response = $keyManagementServiceClient->createCryptoKey($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = KeyManagementServiceClient::keyRingName('[PROJECT]', '[LOCATION]', '[KEY_RING]');
$cryptoKeyId = '[CRYPTO_KEY_ID]';
create_crypto_key_sample($formattedParent, $cryptoKeyId);
}
createCryptoKeyVersion
Create a new CryptoKeyVersion in a CryptoKey .
The server will assign the next sequential id. If unset, state will be set to ENABLED .
The async variant is KeyManagementServiceClient::createCryptoKeyVersionAsync() .
request
Google\Cloud\Kms\V1\CreateCryptoKeyVersionRequest
A request to house fields associated with the call.
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\CreateCryptoKeyVersionRequest;
use Google\Cloud\Kms\V1\CryptoKeyVersion;
/**
* @param string $formattedParent The [name][google.cloud.kms.v1.CryptoKey.name] of the
* [CryptoKey][google.cloud.kms.v1.CryptoKey] associated with the
* [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]. Please see
* {@see KeyManagementServiceClient::cryptoKeyName()} for help formatting this field.
*/
function create_crypto_key_version_sample(string $formattedParent): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$cryptoKeyVersion = new CryptoKeyVersion();
$request = (new CreateCryptoKeyVersionRequest())
->setParent($formattedParent)
->setCryptoKeyVersion($cryptoKeyVersion);
// Call the API and handle any network failures.
try {
/** @var CryptoKeyVersion $response */
$response = $keyManagementServiceClient->createCryptoKeyVersion($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = KeyManagementServiceClient::cryptoKeyName(
'[PROJECT]',
'[LOCATION]',
'[KEY_RING]',
'[CRYPTO_KEY]'
);
create_crypto_key_version_sample($formattedParent);
}
createImportJob
Create a new ImportJob within a KeyRing .
ImportJob.import_method is required.
The async variant is KeyManagementServiceClient::createImportJobAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\CreateImportJobRequest;
use Google\Cloud\Kms\V1\ImportJob;
use Google\Cloud\Kms\V1\ImportJob\ImportMethod;
use Google\Cloud\Kms\V1\ProtectionLevel;
/**
* @param string $formattedParent The [name][google.cloud.kms.v1.KeyRing.name] of the
* [KeyRing][google.cloud.kms.v1.KeyRing] associated with the
* [ImportJobs][google.cloud.kms.v1.ImportJob]. Please see
* {@see KeyManagementServiceClient::keyRingName()} for help formatting this field.
* @param string $importJobId It must be unique within a KeyRing and match the regular
* expression `[a-zA-Z0-9_-]{1,63}`
* @param int $importJobImportMethod Immutable. The wrapping method to be used for incoming key
* material.
* @param int $importJobProtectionLevel Immutable. The protection level of the
* [ImportJob][google.cloud.kms.v1.ImportJob]. This must match the
* [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]
* of the [version_template][google.cloud.kms.v1.CryptoKey.version_template]
* on the [CryptoKey][google.cloud.kms.v1.CryptoKey] you attempt to import
* into.
*/
function create_import_job_sample(
string $formattedParent,
string $importJobId,
int $importJobImportMethod,
int $importJobProtectionLevel
): void {
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$importJob = (new ImportJob())
->setImportMethod($importJobImportMethod)
->setProtectionLevel($importJobProtectionLevel);
$request = (new CreateImportJobRequest())
->setParent($formattedParent)
->setImportJobId($importJobId)
->setImportJob($importJob);
// Call the API and handle any network failures.
try {
/** @var ImportJob $response */
$response = $keyManagementServiceClient->createImportJob($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = KeyManagementServiceClient::keyRingName('[PROJECT]', '[LOCATION]', '[KEY_RING]');
$importJobId = '[IMPORT_JOB_ID]';
$importJobImportMethod = ImportMethod::IMPORT_METHOD_UNSPECIFIED;
$importJobProtectionLevel = ProtectionLevel::PROTECTION_LEVEL_UNSPECIFIED;
create_import_job_sample(
$formattedParent,
$importJobId,
$importJobImportMethod,
$importJobProtectionLevel
);
}
createKeyRing
Create a new KeyRing in a given Project and Location.
The async variant is KeyManagementServiceClient::createKeyRingAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\CreateKeyRingRequest;
use Google\Cloud\Kms\V1\KeyRing;
/**
* @param string $formattedParent The resource name of the location associated with the
* [KeyRings][google.cloud.kms.v1.KeyRing], in the format
* `projects/*/locations/*`. Please see
* {@see KeyManagementServiceClient::locationName()} for help formatting this field.
* @param string $keyRingId It must be unique within a location and match the regular
* expression `[a-zA-Z0-9_-]{1,63}`
*/
function create_key_ring_sample(string $formattedParent, string $keyRingId): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$keyRing = new KeyRing();
$request = (new CreateKeyRingRequest())
->setParent($formattedParent)
->setKeyRingId($keyRingId)
->setKeyRing($keyRing);
// Call the API and handle any network failures.
try {
/** @var KeyRing $response */
$response = $keyManagementServiceClient->createKeyRing($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = KeyManagementServiceClient::locationName('[PROJECT]', '[LOCATION]');
$keyRingId = '[KEY_RING_ID]';
create_key_ring_sample($formattedParent, $keyRingId);
}
decrypt
Decrypts data that was protected by Encrypt . The CryptoKey.purpose must be ENCRYPT_DECRYPT .
The async variant is KeyManagementServiceClient::decryptAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\DecryptRequest;
use Google\Cloud\Kms\V1\DecryptResponse;
/**
* @param string $formattedName The resource name of the
* [CryptoKey][google.cloud.kms.v1.CryptoKey] to use for decryption. The
* server will choose the appropriate version. Please see
* {@see KeyManagementServiceClient::cryptoKeyName()} for help formatting this field.
* @param string $ciphertext The encrypted data originally returned in
* [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext].
*/
function decrypt_sample(string $formattedName, string $ciphertext): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$request = (new DecryptRequest())
->setName($formattedName)
->setCiphertext($ciphertext);
// Call the API and handle any network failures.
try {
/** @var DecryptResponse $response */
$response = $keyManagementServiceClient->decrypt($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = KeyManagementServiceClient::cryptoKeyName(
'[PROJECT]',
'[LOCATION]',
'[KEY_RING]',
'[CRYPTO_KEY]'
);
$ciphertext = '...';
decrypt_sample($formattedName, $ciphertext);
}
destroyCryptoKeyVersion
Schedule a CryptoKeyVersion for destruction.
Upon calling this method, CryptoKeyVersion.state will be set to DESTROY_SCHEDULED , and destroy_time will be set to the time destroy_scheduled_duration in the future. At that time, the state will automatically change to DESTROYED , and the key material will be irrevocably destroyed.
Before the destroy_time is reached, RestoreCryptoKeyVersion may be called to reverse the process.
The async variant is KeyManagementServiceClient::destroyCryptoKeyVersionAsync() .
request
Google\Cloud\Kms\V1\DestroyCryptoKeyVersionRequest
A request to house fields associated with the call.
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\CryptoKeyVersion;
use Google\Cloud\Kms\V1\DestroyCryptoKeyVersionRequest;
/**
* @param string $formattedName The resource name of the
* [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to destroy. Please see
* {@see KeyManagementServiceClient::cryptoKeyVersionName()} for help formatting this field.
*/
function destroy_crypto_key_version_sample(string $formattedName): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$request = (new DestroyCryptoKeyVersionRequest())
->setName($formattedName);
// Call the API and handle any network failures.
try {
/** @var CryptoKeyVersion $response */
$response = $keyManagementServiceClient->destroyCryptoKeyVersion($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = KeyManagementServiceClient::cryptoKeyVersionName(
'[PROJECT]',
'[LOCATION]',
'[KEY_RING]',
'[CRYPTO_KEY]',
'[CRYPTO_KEY_VERSION]'
);
destroy_crypto_key_version_sample($formattedName);
}
encrypt
Encrypts data, so that it can only be recovered by a call to Decrypt . The CryptoKey.purpose must be ENCRYPT_DECRYPT .
The async variant is KeyManagementServiceClient::encryptAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\EncryptRequest;
use Google\Cloud\Kms\V1\EncryptResponse;
/**
* @param string $name The resource name of the
* [CryptoKey][google.cloud.kms.v1.CryptoKey] or
* [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
* encryption.
*
* If a [CryptoKey][google.cloud.kms.v1.CryptoKey] is specified, the server
* will use its [primary version][google.cloud.kms.v1.CryptoKey.primary].
* @param string $plaintext The data to encrypt. Must be no larger than 64KiB.
*
* The maximum size depends on the key version's
* [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level].
* For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE],
* [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL], and
* [EXTERNAL_VPC][google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC] keys, the
* plaintext must be no larger than 64KiB. For
* [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of
* the plaintext and additional_authenticated_data fields must be no larger
* than 8KiB.
*/
function encrypt_sample(string $name, string $plaintext): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$request = (new EncryptRequest())
->setName($name)
->setPlaintext($plaintext);
// Call the API and handle any network failures.
try {
/** @var EncryptResponse $response */
$response = $keyManagementServiceClient->encrypt($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$name = '[NAME]';
$plaintext = '...';
encrypt_sample($name, $plaintext);
}
generateRandomBytes
Generate random bytes using the Cloud KMS randomness source in the provided location.
The async variant is KeyManagementServiceClient::generateRandomBytesAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\GenerateRandomBytesRequest;
use Google\Cloud\Kms\V1\GenerateRandomBytesResponse;
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function generate_random_bytes_sample(): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$request = new GenerateRandomBytesRequest();
// Call the API and handle any network failures.
try {
/** @var GenerateRandomBytesResponse $response */
$response = $keyManagementServiceClient->generateRandomBytes($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
getCryptoKey
Returns metadata for a given CryptoKey , as well as its primary CryptoKeyVersion .
The async variant is KeyManagementServiceClient::getCryptoKeyAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\CryptoKey;
use Google\Cloud\Kms\V1\GetCryptoKeyRequest;
/**
* @param string $formattedName The [name][google.cloud.kms.v1.CryptoKey.name] of the
* [CryptoKey][google.cloud.kms.v1.CryptoKey] to get. Please see
* {@see KeyManagementServiceClient::cryptoKeyName()} for help formatting this field.
*/
function get_crypto_key_sample(string $formattedName): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$request = (new GetCryptoKeyRequest())
->setName($formattedName);
// Call the API and handle any network failures.
try {
/** @var CryptoKey $response */
$response = $keyManagementServiceClient->getCryptoKey($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = KeyManagementServiceClient::cryptoKeyName(
'[PROJECT]',
'[LOCATION]',
'[KEY_RING]',
'[CRYPTO_KEY]'
);
get_crypto_key_sample($formattedName);
}
getCryptoKeyVersion
Returns metadata for a given CryptoKeyVersion .
The async variant is KeyManagementServiceClient::getCryptoKeyVersionAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\CryptoKeyVersion;
use Google\Cloud\Kms\V1\GetCryptoKeyVersionRequest;
/**
* @param string $formattedName The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the
* [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to get. Please see
* {@see KeyManagementServiceClient::cryptoKeyVersionName()} for help formatting this field.
*/
function get_crypto_key_version_sample(string $formattedName): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$request = (new GetCryptoKeyVersionRequest())
->setName($formattedName);
// Call the API and handle any network failures.
try {
/** @var CryptoKeyVersion $response */
$response = $keyManagementServiceClient->getCryptoKeyVersion($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = KeyManagementServiceClient::cryptoKeyVersionName(
'[PROJECT]',
'[LOCATION]',
'[KEY_RING]',
'[CRYPTO_KEY]',
'[CRYPTO_KEY_VERSION]'
);
get_crypto_key_version_sample($formattedName);
}
getImportJob
Returns metadata for a given ImportJob .
The async variant is KeyManagementServiceClient::getImportJobAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\GetImportJobRequest;
use Google\Cloud\Kms\V1\ImportJob;
/**
* @param string $formattedName The [name][google.cloud.kms.v1.ImportJob.name] of the
* [ImportJob][google.cloud.kms.v1.ImportJob] to get. Please see
* {@see KeyManagementServiceClient::importJobName()} for help formatting this field.
*/
function get_import_job_sample(string $formattedName): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$request = (new GetImportJobRequest())
->setName($formattedName);
// Call the API and handle any network failures.
try {
/** @var ImportJob $response */
$response = $keyManagementServiceClient->getImportJob($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = KeyManagementServiceClient::importJobName(
'[PROJECT]',
'[LOCATION]',
'[KEY_RING]',
'[IMPORT_JOB]'
);
get_import_job_sample($formattedName);
}
getKeyRing
Returns metadata for a given KeyRing .
The async variant is KeyManagementServiceClient::getKeyRingAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\GetKeyRingRequest;
use Google\Cloud\Kms\V1\KeyRing;
/**
* @param string $formattedName The [name][google.cloud.kms.v1.KeyRing.name] of the
* [KeyRing][google.cloud.kms.v1.KeyRing] to get. Please see
* {@see KeyManagementServiceClient::keyRingName()} for help formatting this field.
*/
function get_key_ring_sample(string $formattedName): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$request = (new GetKeyRingRequest())
->setName($formattedName);
// Call the API and handle any network failures.
try {
/** @var KeyRing $response */
$response = $keyManagementServiceClient->getKeyRing($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = KeyManagementServiceClient::keyRingName('[PROJECT]', '[LOCATION]', '[KEY_RING]');
get_key_ring_sample($formattedName);
}
getPublicKey
Returns the public key for the given CryptoKeyVersion . The CryptoKey.purpose must be ASYMMETRIC_SIGN or ASYMMETRIC_DECRYPT .
The async variant is KeyManagementServiceClient::getPublicKeyAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\GetPublicKeyRequest;
use Google\Cloud\Kms\V1\PublicKey;
/**
* @param string $formattedName The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the
* [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key to get. Please see
* {@see KeyManagementServiceClient::cryptoKeyVersionName()} for help formatting this field.
*/
function get_public_key_sample(string $formattedName): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$request = (new GetPublicKeyRequest())
->setName($formattedName);
// Call the API and handle any network failures.
try {
/** @var PublicKey $response */
$response = $keyManagementServiceClient->getPublicKey($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = KeyManagementServiceClient::cryptoKeyVersionName(
'[PROJECT]',
'[LOCATION]',
'[KEY_RING]',
'[CRYPTO_KEY]',
'[CRYPTO_KEY_VERSION]'
);
get_public_key_sample($formattedName);
}
importCryptoKeyVersion
Import wrapped key material into a CryptoKeyVersion .
All requests must specify a CryptoKey . If a CryptoKeyVersion is additionally specified in the request, key material will be reimported into that version. Otherwise, a new version will be created, and will be assigned the next sequential id within the CryptoKey .
The async variant is KeyManagementServiceClient::importCryptoKeyVersionAsync() .
request
Google\Cloud\Kms\V1\ImportCryptoKeyVersionRequest
A request to house fields associated with the call.
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\CryptoKeyVersion;
use Google\Cloud\Kms\V1\CryptoKeyVersion\CryptoKeyVersionAlgorithm;
use Google\Cloud\Kms\V1\ImportCryptoKeyVersionRequest;
/**
* @param string $formattedParent The [name][google.cloud.kms.v1.CryptoKey.name] of the
* [CryptoKey][google.cloud.kms.v1.CryptoKey] to be imported into.
*
* The create permission is only required on this key when creating a new
* [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Please see
* {@see KeyManagementServiceClient::cryptoKeyName()} for help formatting this field.
* @param int $algorithm The
* [algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm]
* of the key being imported. This does not need to match the
* [version_template][google.cloud.kms.v1.CryptoKey.version_template] of the
* [CryptoKey][google.cloud.kms.v1.CryptoKey] this version imports into.
* @param string $importJob The [name][google.cloud.kms.v1.ImportJob.name] of the
* [ImportJob][google.cloud.kms.v1.ImportJob] that was used to wrap this key
* material.
*/
function import_crypto_key_version_sample(
string $formattedParent,
int $algorithm,
string $importJob
): void {
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$request = (new ImportCryptoKeyVersionRequest())
->setParent($formattedParent)
->setAlgorithm($algorithm)
->setImportJob($importJob);
// Call the API and handle any network failures.
try {
/** @var CryptoKeyVersion $response */
$response = $keyManagementServiceClient->importCryptoKeyVersion($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = KeyManagementServiceClient::cryptoKeyName(
'[PROJECT]',
'[LOCATION]',
'[KEY_RING]',
'[CRYPTO_KEY]'
);
$algorithm = CryptoKeyVersionAlgorithm::CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED;
$importJob = '[IMPORT_JOB]';
import_crypto_key_version_sample($formattedParent, $algorithm, $importJob);
}
listCryptoKeyVersions
Lists CryptoKeyVersions .
The async variant is KeyManagementServiceClient::listCryptoKeyVersionsAsync() .
request
Google\Cloud\Kms\V1\ListCryptoKeyVersionsRequest
A request to house fields associated with the call.
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\CryptoKeyVersion;
use Google\Cloud\Kms\V1\ListCryptoKeyVersionsRequest;
/**
* @param string $formattedParent The resource name of the
* [CryptoKey][google.cloud.kms.v1.CryptoKey] to list, in the format
* `projects/*/locations/*/keyRings/*/cryptoKeys/*`. Please see
* {@see KeyManagementServiceClient::cryptoKeyName()} for help formatting this field.
*/
function list_crypto_key_versions_sample(string $formattedParent): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$request = (new ListCryptoKeyVersionsRequest())
->setParent($formattedParent);
// Call the API and handle any network failures.
try {
/** @var PagedListResponse $response */
$response = $keyManagementServiceClient->listCryptoKeyVersions($request);
/** @var CryptoKeyVersion $element */
foreach ($response as $element) {
printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = KeyManagementServiceClient::cryptoKeyName(
'[PROJECT]',
'[LOCATION]',
'[KEY_RING]',
'[CRYPTO_KEY]'
);
list_crypto_key_versions_sample($formattedParent);
}
listCryptoKeys
Lists CryptoKeys .
The async variant is KeyManagementServiceClient::listCryptoKeysAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\CryptoKey;
use Google\Cloud\Kms\V1\ListCryptoKeysRequest;
/**
* @param string $formattedParent The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing]
* to list, in the format `projects/*/locations/*/keyRings/*`. Please see
* {@see KeyManagementServiceClient::keyRingName()} for help formatting this field.
*/
function list_crypto_keys_sample(string $formattedParent): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$request = (new ListCryptoKeysRequest())
->setParent($formattedParent);
// Call the API and handle any network failures.
try {
/** @var PagedListResponse $response */
$response = $keyManagementServiceClient->listCryptoKeys($request);
/** @var CryptoKey $element */
foreach ($response as $element) {
printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = KeyManagementServiceClient::keyRingName('[PROJECT]', '[LOCATION]', '[KEY_RING]');
list_crypto_keys_sample($formattedParent);
}
listImportJobs
Lists ImportJobs .
The async variant is KeyManagementServiceClient::listImportJobsAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\ImportJob;
use Google\Cloud\Kms\V1\ListImportJobsRequest;
/**
* @param string $formattedParent The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing]
* to list, in the format `projects/*/locations/*/keyRings/*`. Please see
* {@see KeyManagementServiceClient::keyRingName()} for help formatting this field.
*/
function list_import_jobs_sample(string $formattedParent): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$request = (new ListImportJobsRequest())
->setParent($formattedParent);
// Call the API and handle any network failures.
try {
/** @var PagedListResponse $response */
$response = $keyManagementServiceClient->listImportJobs($request);
/** @var ImportJob $element */
foreach ($response as $element) {
printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = KeyManagementServiceClient::keyRingName('[PROJECT]', '[LOCATION]', '[KEY_RING]');
list_import_jobs_sample($formattedParent);
}
listKeyRings
Lists KeyRings .
The async variant is KeyManagementServiceClient::listKeyRingsAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\KeyRing;
use Google\Cloud\Kms\V1\ListKeyRingsRequest;
/**
* @param string $formattedParent The resource name of the location associated with the
* [KeyRings][google.cloud.kms.v1.KeyRing], in the format
* `projects/*/locations/*`. Please see
* {@see KeyManagementServiceClient::locationName()} for help formatting this field.
*/
function list_key_rings_sample(string $formattedParent): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$request = (new ListKeyRingsRequest())
->setParent($formattedParent);
// Call the API and handle any network failures.
try {
/** @var PagedListResponse $response */
$response = $keyManagementServiceClient->listKeyRings($request);
/** @var KeyRing $element */
foreach ($response as $element) {
printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = KeyManagementServiceClient::locationName('[PROJECT]', '[LOCATION]');
list_key_rings_sample($formattedParent);
}
macSign
Signs data using a CryptoKeyVersion with CryptoKey.purpose MAC, producing a tag that can be verified by another source with the same key.
The async variant is KeyManagementServiceClient::macSignAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\MacSignRequest;
use Google\Cloud\Kms\V1\MacSignResponse;
/**
* @param string $formattedName The resource name of the
* [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
* signing. Please see
* {@see KeyManagementServiceClient::cryptoKeyVersionName()} for help formatting this field.
* @param string $data The data to sign. The MAC tag is computed over this data field
* based on the specific algorithm.
*/
function mac_sign_sample(string $formattedName, string $data): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$request = (new MacSignRequest())
->setName($formattedName)
->setData($data);
// Call the API and handle any network failures.
try {
/** @var MacSignResponse $response */
$response = $keyManagementServiceClient->macSign($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = KeyManagementServiceClient::cryptoKeyVersionName(
'[PROJECT]',
'[LOCATION]',
'[KEY_RING]',
'[CRYPTO_KEY]',
'[CRYPTO_KEY_VERSION]'
);
$data = '...';
mac_sign_sample($formattedName, $data);
}
macVerify
Verifies MAC tag using a CryptoKeyVersion with CryptoKey.purpose MAC, and returns a response that indicates whether or not the verification was successful.
The async variant is KeyManagementServiceClient::macVerifyAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\MacVerifyRequest;
use Google\Cloud\Kms\V1\MacVerifyResponse;
/**
* @param string $formattedName The resource name of the
* [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
* verification. Please see
* {@see KeyManagementServiceClient::cryptoKeyVersionName()} for help formatting this field.
* @param string $data The data used previously as a
* [MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data] to generate
* the MAC tag.
* @param string $mac The signature to verify.
*/
function mac_verify_sample(string $formattedName, string $data, string $mac): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$request = (new MacVerifyRequest())
->setName($formattedName)
->setData($data)
->setMac($mac);
// Call the API and handle any network failures.
try {
/** @var MacVerifyResponse $response */
$response = $keyManagementServiceClient->macVerify($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = KeyManagementServiceClient::cryptoKeyVersionName(
'[PROJECT]',
'[LOCATION]',
'[KEY_RING]',
'[CRYPTO_KEY]',
'[CRYPTO_KEY_VERSION]'
);
$data = '...';
$mac = '...';
mac_verify_sample($formattedName, $data, $mac);
}
rawDecrypt
Decrypts data that was originally encrypted using a raw cryptographic mechanism. The CryptoKey.purpose must be RAW_ENCRYPT_DECRYPT .
The async variant is KeyManagementServiceClient::rawDecryptAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\RawDecryptRequest;
use Google\Cloud\Kms\V1\RawDecryptResponse;
/**
* @param string $name The resource name of the
* [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
* decryption.
* @param string $ciphertext The encrypted data originally returned in
* [RawEncryptResponse.ciphertext][google.cloud.kms.v1.RawEncryptResponse.ciphertext].
* @param string $initializationVector The initialization vector (IV) used during encryption, which must
* match the data originally provided in
* [RawEncryptResponse.initialization_vector][google.cloud.kms.v1.RawEncryptResponse.initialization_vector].
*/
function raw_decrypt_sample(string $name, string $ciphertext, string $initializationVector): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$request = (new RawDecryptRequest())
->setName($name)
->setCiphertext($ciphertext)
->setInitializationVector($initializationVector);
// Call the API and handle any network failures.
try {
/** @var RawDecryptResponse $response */
$response = $keyManagementServiceClient->rawDecrypt($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$name = '[NAME]';
$ciphertext = '...';
$initializationVector = '...';
raw_decrypt_sample($name, $ciphertext, $initializationVector);
}
rawEncrypt
Encrypts data using portable cryptographic primitives. Most users should choose Encrypt and Decrypt rather than their raw counterparts. The CryptoKey.purpose must be RAW_ENCRYPT_DECRYPT .
The async variant is KeyManagementServiceClient::rawEncryptAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\RawEncryptRequest;
use Google\Cloud\Kms\V1\RawEncryptResponse;
/**
* @param string $name The resource name of the
* [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
* encryption.
* @param string $plaintext The data to encrypt. Must be no larger than 64KiB.
*
* The maximum size depends on the key version's
* [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level].
* For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the
* plaintext must be no larger than 64KiB. For
* [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of
* the plaintext and additional_authenticated_data fields must be no larger
* than 8KiB.
*/
function raw_encrypt_sample(string $name, string $plaintext): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$request = (new RawEncryptRequest())
->setName($name)
->setPlaintext($plaintext);
// Call the API and handle any network failures.
try {
/** @var RawEncryptResponse $response */
$response = $keyManagementServiceClient->rawEncrypt($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$name = '[NAME]';
$plaintext = '...';
raw_encrypt_sample($name, $plaintext);
}
restoreCryptoKeyVersion
Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state.
Upon restoration of the CryptoKeyVersion, state will be set to DISABLED , and destroy_time will be cleared.
The async variant is KeyManagementServiceClient::restoreCryptoKeyVersionAsync() .
request
Google\Cloud\Kms\V1\RestoreCryptoKeyVersionRequest
A request to house fields associated with the call.
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\CryptoKeyVersion;
use Google\Cloud\Kms\V1\RestoreCryptoKeyVersionRequest;
/**
* @param string $formattedName The resource name of the
* [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to restore. Please see
* {@see KeyManagementServiceClient::cryptoKeyVersionName()} for help formatting this field.
*/
function restore_crypto_key_version_sample(string $formattedName): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$request = (new RestoreCryptoKeyVersionRequest())
->setName($formattedName);
// Call the API and handle any network failures.
try {
/** @var CryptoKeyVersion $response */
$response = $keyManagementServiceClient->restoreCryptoKeyVersion($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = KeyManagementServiceClient::cryptoKeyVersionName(
'[PROJECT]',
'[LOCATION]',
'[KEY_RING]',
'[CRYPTO_KEY]',
'[CRYPTO_KEY_VERSION]'
);
restore_crypto_key_version_sample($formattedName);
}
updateCryptoKey
Update a CryptoKey .
The async variant is KeyManagementServiceClient::updateCryptoKeyAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\CryptoKey;
use Google\Cloud\Kms\V1\UpdateCryptoKeyRequest;
use Google\Protobuf\FieldMask;
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function update_crypto_key_sample(): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$cryptoKey = new CryptoKey();
$updateMask = new FieldMask();
$request = (new UpdateCryptoKeyRequest())
->setCryptoKey($cryptoKey)
->setUpdateMask($updateMask);
// Call the API and handle any network failures.
try {
/** @var CryptoKey $response */
$response = $keyManagementServiceClient->updateCryptoKey($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
updateCryptoKeyPrimaryVersion
Update the version of a CryptoKey that will be used in Encrypt .
Returns an error if called on a key whose purpose is not ENCRYPT_DECRYPT .
The async variant is KeyManagementServiceClient::updateCryptoKeyPrimaryVersionAsync() .
request
Google\Cloud\Kms\V1\UpdateCryptoKeyPrimaryVersionRequest
A request to house fields associated with the call.
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\CryptoKey;
use Google\Cloud\Kms\V1\UpdateCryptoKeyPrimaryVersionRequest;
/**
* @param string $formattedName The resource name of the
* [CryptoKey][google.cloud.kms.v1.CryptoKey] to update. Please see
* {@see KeyManagementServiceClient::cryptoKeyName()} for help formatting this field.
* @param string $cryptoKeyVersionId The id of the child
* [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use as primary.
*/
function update_crypto_key_primary_version_sample(
string $formattedName,
string $cryptoKeyVersionId
): void {
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$request = (new UpdateCryptoKeyPrimaryVersionRequest())
->setName($formattedName)
->setCryptoKeyVersionId($cryptoKeyVersionId);
// Call the API and handle any network failures.
try {
/** @var CryptoKey $response */
$response = $keyManagementServiceClient->updateCryptoKeyPrimaryVersion($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = KeyManagementServiceClient::cryptoKeyName(
'[PROJECT]',
'[LOCATION]',
'[KEY_RING]',
'[CRYPTO_KEY]'
);
$cryptoKeyVersionId = '[CRYPTO_KEY_VERSION_ID]';
update_crypto_key_primary_version_sample($formattedName, $cryptoKeyVersionId);
}
updateCryptoKeyVersion
Update a CryptoKeyVersion 's metadata.
state may be changed between ENABLED and DISABLED using this method. See DestroyCryptoKeyVersion and RestoreCryptoKeyVersion to move between other states.
The async variant is KeyManagementServiceClient::updateCryptoKeyVersionAsync() .
request
Google\Cloud\Kms\V1\UpdateCryptoKeyVersionRequest
A request to house fields associated with the call.
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Kms\V1\CryptoKeyVersion;
use Google\Cloud\Kms\V1\UpdateCryptoKeyVersionRequest;
use Google\Protobuf\FieldMask;
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function update_crypto_key_version_sample(): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$cryptoKeyVersion = new CryptoKeyVersion();
$updateMask = new FieldMask();
$request = (new UpdateCryptoKeyVersionRequest())
->setCryptoKeyVersion($cryptoKeyVersion)
->setUpdateMask($updateMask);
// Call the API and handle any network failures.
try {
/** @var CryptoKeyVersion $response */
$response = $keyManagementServiceClient->updateCryptoKeyVersion($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
getLocation
Gets information about a location.
The async variant is KeyManagementServiceClient::getLocationAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Location\GetLocationRequest;
use Google\Cloud\Location\Location;
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function get_location_sample(): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$request = new GetLocationRequest();
// Call the API and handle any network failures.
try {
/** @var Location $response */
$response = $keyManagementServiceClient->getLocation($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
listLocations
Lists information about the supported locations for this service.
The async variant is KeyManagementServiceClient::listLocationsAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
use Google\Cloud\Location\ListLocationsRequest;
use Google\Cloud\Location\Location;
/**
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function list_locations_sample(): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$request = new ListLocationsRequest();
// Call the API and handle any network failures.
try {
/** @var PagedListResponse $response */
$response = $keyManagementServiceClient->listLocations($request);
/** @var Location $element */
foreach ($response as $element) {
printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
getIamPolicy
Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.
The async variant is KeyManagementServiceClient::getIamPolicyAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Iam\V1\GetIamPolicyRequest;
use Google\Cloud\Iam\V1\Policy;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
/**
* @param string $resource REQUIRED: The resource for which the policy is being requested.
* See the operation documentation for the appropriate value for this field.
*/
function get_iam_policy_sample(string $resource): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$request = (new GetIamPolicyRequest())
->setResource($resource);
// Call the API and handle any network failures.
try {
/** @var Policy $response */
$response = $keyManagementServiceClient->getIamPolicy($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$resource = '[RESOURCE]';
get_iam_policy_sample($resource);
}
setIamPolicy
Sets the access control policy on the specified resource. Replaces any existing policy.
Can return NOT_FOUND
, INVALID_ARGUMENT
, and PERMISSION_DENIED
errors.
The async variant is KeyManagementServiceClient::setIamPolicyAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Iam\V1\Policy;
use Google\Cloud\Iam\V1\SetIamPolicyRequest;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
/**
* @param string $resource REQUIRED: The resource for which the policy is being specified.
* See the operation documentation for the appropriate value for this field.
*/
function set_iam_policy_sample(string $resource): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$policy = new Policy();
$request = (new SetIamPolicyRequest())
->setResource($resource)
->setPolicy($policy);
// Call the API and handle any network failures.
try {
/** @var Policy $response */
$response = $keyManagementServiceClient->setIamPolicy($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$resource = '[RESOURCE]';
set_iam_policy_sample($resource);
}
testIamPermissions
Returns permissions that a caller has on the specified resource. If the
resource does not exist, this will return an empty set of
permissions, not a NOT_FOUND
error.
Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.
The async variant is KeyManagementServiceClient::testIamPermissionsAsync() .
request
callOptions
array
Optional.
↳ retrySettings
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.
use Google\ApiCore\ApiException;
use Google\Cloud\Iam\V1\TestIamPermissionsRequest;
use Google\Cloud\Iam\V1\TestIamPermissionsResponse;
use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;
/**
* @param string $resource REQUIRED: The resource for which the policy detail is being requested.
* See the operation documentation for the appropriate value for this field.
* @param string $permissionsElement The set of permissions to check for the `resource`. Permissions with
* wildcards (such as '*' or 'storage.*') are not allowed. For more
* information see
* [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
*/
function test_iam_permissions_sample(string $resource, string $permissionsElement): void
{
// Create a client.
$keyManagementServiceClient = new KeyManagementServiceClient();
// Prepare the request message.
$permissions = [$permissionsElement,];
$request = (new TestIamPermissionsRequest())
->setResource($resource)
->setPermissions($permissions);
// Call the API and handle any network failures.
try {
/** @var TestIamPermissionsResponse $response */
$response = $keyManagementServiceClient->testIamPermissions($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$resource = '[RESOURCE]';
$permissionsElement = '[PERMISSIONS]';
test_iam_permissions_sample($resource, $permissionsElement);
}
asymmetricDecryptAsync
asymmetricSignAsync
createCryptoKeyAsync
createCryptoKeyVersionAsync
optionalArgs
array
createImportJobAsync
createKeyRingAsync
decryptAsync
destroyCryptoKeyVersionAsync
optionalArgs
array
encryptAsync
generateRandomBytesAsync
optionalArgs
array
getCryptoKeyAsync
getCryptoKeyVersionAsync
optionalArgs
array
getImportJobAsync
getKeyRingAsync
getPublicKeyAsync
importCryptoKeyVersionAsync
optionalArgs
array
listCryptoKeyVersionsAsync
optionalArgs
array
listCryptoKeysAsync
listImportJobsAsync
listKeyRingsAsync
macSignAsync
macVerifyAsync
rawDecryptAsync
rawEncryptAsync
restoreCryptoKeyVersionAsync
optionalArgs
array
updateCryptoKeyAsync
updateCryptoKeyPrimaryVersionAsync
optionalArgs
array
updateCryptoKeyVersionAsync
optionalArgs
array
getLocationAsync
listLocationsAsync
getIamPolicyAsync
setIamPolicyAsync
testIamPermissionsAsync
optionalArgs
array
static::cryptoKeyName
Formats a string containing the fully-qualified path to represent a crypto_key resource.
project
string
location
string
keyRing
string
cryptoKey
string
string
static::cryptoKeyVersionName
Formats a string containing the fully-qualified path to represent a crypto_key_version resource.
project
string
location
string
keyRing
string
cryptoKey
string
cryptoKeyVersion
string
string
static::importJobName
Formats a string containing the fully-qualified path to represent a import_job resource.
project
string
location
string
keyRing
string
importJob
string
string
static::keyRingName
Formats a string containing the fully-qualified path to represent a key_ring resource.
project
string
location
string
keyRing
string
string
static::locationName
Formats a string containing the fully-qualified path to represent a location resource.
project
string
location
string
string
static::parseName
Parses a formatted name string and returns an associative array of the components in the name.
The following name formats are supported: Template: Pattern
- cryptoKey: projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}
- cryptoKeyVersion: projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{crypto_key_version}
- importJob: projects/{project}/locations/{location}/keyRings/{key_ring}/importJobs/{import_job}
- keyRing: projects/{project}/locations/{location}/keyRings/{key_ring}
- location: projects/{project}/locations/{location}
The optional $template argument can be supplied to specify a particular pattern, and must match one of the templates listed above. If no $template argument is provided, or if the $template argument does not match one of the templates listed, then parseName will check each of the supported templates, and return the first match.
formattedName
string
The formatted name string
template
?string
Optional name of template to match
array
