Reference documentation and code samples for the Cloud KMS V1 Client class KeyManagementMode.
KeyManagementMode describes who can perform control plane cryptographic operations using this EkmConnection .
Protobuf type google.cloud.kms.v1.EkmConnection.KeyManagementMode
Namespace
Google \ Cloud \ Kms \ V1 \ EkmConnectionMethods
static::name
value
mixed
static::value
name
mixed
Constants
KEY_MANAGEMENT_MODE_UNSPECIFIED
Value: 0
Not specified.
Generated from protobuf enum KEY_MANAGEMENT_MODE_UNSPECIFIED = 0;
MANUAL
Value: 1
EKM-side key management operations on CryptoKeys created with this EkmConnection must be initiated from the EKM directly and cannot be performed from Cloud KMS. This means that:
-
When creating a CryptoKeyVersion associated with this EkmConnection , the caller must supply the key path of pre-existing external key material that will be linked to the CryptoKeyVersion .
-
Destruction of external key material cannot be requested via the Cloud KMS API and must be performed directly in the EKM.
- Automatic rotation of key material is not supported.
Generated from protobuf enum MANUAL = 1;
CLOUD_KMS
Value: 2
All CryptoKeys created with this EkmConnection use EKM-side key management operations initiated from Cloud KMS. This means that:
-
When a CryptoKeyVersion associated with this EkmConnection is created, the EKM automatically generates new key material and a new key path. The caller cannot supply the key path of pre-existing external key material.
-
Destruction of external key material associated with this EkmConnection can be requested by calling DestroyCryptoKeyVersion .
- Automatic rotation of key material is supported.
Generated from protobuf enum CLOUD_KMS = 2;
