Generated from protobuf enumKEY_MANAGEMENT_MODE_UNSPECIFIED = 0;
MANUAL
Value: 1
EKM-side key management operations onCryptoKeyscreated with thisEkmConnectionmust be initiated from
the EKM directly and cannot be performed from Cloud KMS. This means that:
When creating aCryptoKeyVersionassociated with
thisEkmConnection, the caller must
supply the key path of pre-existing external key material that will be
linked to theCryptoKeyVersion.
Destruction of external key material cannot be requested via the
Cloud KMS API and must be performed directly in the EKM.
Automatic rotation of key material is not supported.
Generated from protobuf enumMANUAL = 1;
CLOUD_KMS
Value: 2
AllCryptoKeyscreated with thisEkmConnectionuse EKM-side key
management operations initiated from Cloud KMS. This means that:
When aCryptoKeyVersionassociated with thisEkmConnectionis
created, the EKM automatically generates new key material and a new
key path. The caller cannot supply the key path of pre-existing
external key material.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Cloud KMS V1 Client - Class KeyManagementMode (2.3.1)\n\nVersion latestkeyboard_arrow_down\n\n- [2.3.1 (latest)](/php/docs/reference/cloud-kms/latest/V1.EkmConnection.KeyManagementMode)\n- [2.3.0](/php/docs/reference/cloud-kms/2.3.0/V1.EkmConnection.KeyManagementMode)\n- [2.2.0](/php/docs/reference/cloud-kms/2.2.0/V1.EkmConnection.KeyManagementMode)\n- [2.1.6](/php/docs/reference/cloud-kms/2.1.6/V1.EkmConnection.KeyManagementMode)\n- [2.0.0](/php/docs/reference/cloud-kms/2.0.0/V1.EkmConnection.KeyManagementMode)\n- [1.23.0](/php/docs/reference/cloud-kms/1.23.0/V1.EkmConnection.KeyManagementMode)\n- [1.22.1](/php/docs/reference/cloud-kms/1.22.1/V1.EkmConnection.KeyManagementMode)\n- [1.21.4](/php/docs/reference/cloud-kms/1.21.4/V1.EkmConnection.KeyManagementMode)\n- [1.20.3](/php/docs/reference/cloud-kms/1.20.3/V1.EkmConnection.KeyManagementMode)\n- [1.19.0](/php/docs/reference/cloud-kms/1.19.0/V1.EkmConnection.KeyManagementMode)\n- [1.18.1](/php/docs/reference/cloud-kms/1.18.1/V1.EkmConnection.KeyManagementMode)\n- [1.17.0](/php/docs/reference/cloud-kms/1.17.0/V1.EkmConnection.KeyManagementMode)\n- [1.16.4](/php/docs/reference/cloud-kms/1.16.4/V1.EkmConnection.KeyManagementMode)\n- [1.15.3](/php/docs/reference/cloud-kms/1.15.3/V1.EkmConnection.KeyManagementMode) \nReference documentation and code samples for the Cloud KMS V1 Client class KeyManagementMode.\n\n[KeyManagementMode](/php/docs/reference/cloud-kms/latest/V1.EkmConnection.KeyManagementMode)\ndescribes who can perform control plane cryptographic operations using this\n[EkmConnection](/php/docs/reference/cloud-kms/latest/V1.EkmConnection).\n\nProtobuf type `google.cloud.kms.v1.EkmConnection.KeyManagementMode`\n\nNamespace\n---------\n\nGoogle \\\\ Cloud \\\\ Kms \\\\ V1 \\\\ EkmConnection\n\nMethods\n-------\n\n### static::name\n\n### static::value\n\nConstants\n---------\n\n### KEY_MANAGEMENT_MODE_UNSPECIFIED\n\n Value: 0\n\nNot specified.\n\nGenerated from protobuf enum `KEY_MANAGEMENT_MODE_UNSPECIFIED = 0;`\n\n### MANUAL\n\n Value: 1\n\nEKM-side key management operations on\n[CryptoKeys](/php/docs/reference/cloud-kms/latest/V1.CryptoKey) created with this\n[EkmConnection](/php/docs/reference/cloud-kms/latest/V1.EkmConnection) must be initiated from\nthe EKM directly and cannot be performed from Cloud KMS. This means that:\n\n- When creating a\n [CryptoKeyVersion](/php/docs/reference/cloud-kms/latest/V1.CryptoKeyVersion) associated with\n this\n [EkmConnection](/php/docs/reference/cloud-kms/latest/V1.EkmConnection), the caller must\n supply the key path of pre-existing external key material that will be\n linked to the [CryptoKeyVersion](/php/docs/reference/cloud-kms/latest/V1.CryptoKeyVersion).\n\n- Destruction of external key material cannot be requested via the\n Cloud KMS API and must be performed directly in the EKM.\n\n- Automatic rotation of key material is not supported.\n\nGenerated from protobuf enum `MANUAL = 1;`\n\n### CLOUD_KMS\n\n Value: 2\n\nAll [CryptoKeys](/php/docs/reference/cloud-kms/latest/V1.CryptoKey) created with this\n[EkmConnection](/php/docs/reference/cloud-kms/latest/V1.EkmConnection) use EKM-side key\nmanagement operations initiated from Cloud KMS. This means that:\n\n- When a [CryptoKeyVersion](/php/docs/reference/cloud-kms/latest/V1.CryptoKeyVersion)\n associated with this [EkmConnection](/php/docs/reference/cloud-kms/latest/V1.EkmConnection)\n is\n created, the EKM automatically generates new key material and a new\n key path. The caller cannot supply the key path of pre-existing\n external key material.\n\n- Destruction of external key material associated with this\n [EkmConnection](/php/docs/reference/cloud-kms/latest/V1.EkmConnection) can be requested by\n calling\n [DestroyCryptoKeyVersion](/php/docs/reference/cloud-kms/latest/V1.Client.KeyManagementServiceClient#_Google_Cloud_Kms_V1_Client_KeyManagementServiceClient__destroyCryptoKeyVersion__).\n\n- Automatic rotation of key material is supported.\n\nGenerated from protobuf enum `CLOUD_KMS = 2;`"]]
