Console
    Contact Us Start free

    Cloud KMS V1 Client - Class CryptoKey (2.3.1)

    Reference documentation and code samples for the Cloud KMS V1 Client class CryptoKey.

    A CryptoKey represents a logical key that can be used for cryptographic operations.

    A CryptoKey is made up of zero or more versions , which represent the actual key material used in cryptographic operations.

    Generated from protobuf message google.cloud.kms.v1.CryptoKey

    Namespace

    Google \ Cloud \ Kms \ V1

    Methods

    __construct

    Constructor.

    Parameters
    Name
    Description
    data
    array

    Optional. Data for populating the Message object.

    ↳ name
    string

    Output only. The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/* .

    ↳ primary
    CryptoKeyVersion

    Output only. A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name . The CryptoKey 's primary version can be updated via UpdateCryptoKeyPrimaryVersion . Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

    ↳ purpose
    int

    Immutable. The immutable purpose of this CryptoKey .

    ↳ create_time
    Google\Protobuf\Timestamp

    Output only. The time at which this CryptoKey was created.

    ↳ next_rotation_time
    Google\Protobuf\Timestamp

    At next_rotation_time , the Key Management Service will automatically: 1. Create a new version of this CryptoKey . 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time . Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

    ↳ rotation_period
    Google\Protobuf\Duration

    next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

    ↳ version_template
    CryptoKeyVersionTemplate

    A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

    ↳ labels
    array| Google\Protobuf\Internal\MapField

    Labels with user-defined metadata. For more information, see Labeling Keys .

    ↳ import_only
    bool

    Immutable. Whether this key may contain imported versions only.

    ↳ destroy_scheduled_duration
    Google\Protobuf\Duration

    Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED . If not specified at creation time, the default duration is 30 days.

    ↳ crypto_key_backend
    string

    Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC , with the resource name in the format projects/*/locations/*/ekmConnections/* . Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.

    ↳ key_access_justifications_policy
    KeyAccessJustificationsPolicy

    Optional. The policy used for Key Access Justifications Policy Enforcement. If this field is present and this key is enrolled in Key Access Justifications Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if rejected by the policy. The policy is defined by specifying zero or more allowed justification codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes By default, this field is absent, and all justification codes are allowed.

    getName

    Output only. The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/* .

    Returns
    Type
    Description
    string

    setName

    Output only. The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/* .

    Parameter
    Name
    Description
    var
    string
    Returns
    Type
    Description
    $this

    getPrimary

    Output only. A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name .

    The CryptoKey 's primary version can be updated via UpdateCryptoKeyPrimaryVersion . Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

    Returns
    Type
    Description
    CryptoKeyVersion |null

    hasPrimary

    clearPrimary

    setPrimary

    Output only. A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name .

    The CryptoKey 's primary version can be updated via UpdateCryptoKeyPrimaryVersion . Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

    Parameter
    Name
    Description
    var
    CryptoKeyVersion
    Returns
    Type
    Description
    $this

    getPurpose

    Immutable. The immutable purpose of this CryptoKey .

    Returns
    Type
    Description
    int

    setPurpose

    Immutable. The immutable purpose of this CryptoKey .

    Parameter
    Name
    Description
    var
    int
    Returns
    Type
    Description
    $this

    getCreateTime

    Output only. The time at which this CryptoKey was created.

    Returns
    Type
    Description
    Google\Protobuf\Timestamp |null

    hasCreateTime

    clearCreateTime

    setCreateTime

    Output only. The time at which this CryptoKey was created.

    Parameter
    Name
    Description
    var
    Google\Protobuf\Timestamp
    Returns
    Type
    Description
    $this

    getNextRotationTime

    At next_rotation_time , the Key Management Service will automatically:

    1. Create a new version of this CryptoKey .

    2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time . Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

    Returns
    Type
    Description
    Google\Protobuf\Timestamp |null

    hasNextRotationTime

    clearNextRotationTime

    setNextRotationTime

    At next_rotation_time , the Key Management Service will automatically:

    1. Create a new version of this CryptoKey .

    2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time . Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

    Parameter
    Name
    Description
    var
    Google\Protobuf\Timestamp
    Returns
    Type
    Description
    $this

    getRotationPeriod

    next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

    If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

    Returns
    Type
    Description
    Google\Protobuf\Duration |null

    hasRotationPeriod

    setRotationPeriod

    next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

    If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

    Parameter
    Name
    Description
    var
    Google\Protobuf\Duration
    Returns
    Type
    Description
    $this

    getVersionTemplate

    A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

    Returns
    Type
    Description
    CryptoKeyVersionTemplate |null

    hasVersionTemplate

    clearVersionTemplate

    setVersionTemplate

    A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

    Parameter
    Name
    Description
    var
    CryptoKeyVersionTemplate
    Returns
    Type
    Description
    $this

    getLabels

    Labels with user-defined metadata. For more information, see Labeling Keys .

    Returns
    Type
    Description
    Google\Protobuf\Internal\MapField

    setLabels

    Labels with user-defined metadata. For more information, see Labeling Keys .

    Parameter
    Name
    Description
    var
    array| Google\Protobuf\Internal\MapField
    Returns
    Type
    Description
    $this

    getImportOnly

    Immutable. Whether this key may contain imported versions only.

    Returns
    Type
    Description
    bool

    setImportOnly

    Immutable. Whether this key may contain imported versions only.

    Parameter
    Name
    Description
    var
    bool
    Returns
    Type
    Description
    $this

    getDestroyScheduledDuration

    Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED .

    If not specified at creation time, the default duration is 30 days.

    Returns
    Type
    Description
    Google\Protobuf\Duration |null

    hasDestroyScheduledDuration

    clearDestroyScheduledDuration

    setDestroyScheduledDuration

    Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED .

    If not specified at creation time, the default duration is 30 days.

    Parameter
    Name
    Description
    var
    Google\Protobuf\Duration
    Returns
    Type
    Description
    $this

    getCryptoKeyBackend

    Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC , with the resource name in the format projects/*/locations/*/ekmConnections/* .

    Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.

    Returns
    Type
    Description
    string

    setCryptoKeyBackend

    Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC , with the resource name in the format projects/*/locations/*/ekmConnections/* .

    Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.

    Parameter
    Name
    Description
    var
    string
    Returns
    Type
    Description
    $this

    getKeyAccessJustificationsPolicy

    Optional. The policy used for Key Access Justifications Policy Enforcement.

    If this field is present and this key is enrolled in Key Access Justifications Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if rejected by the policy. The policy is defined by specifying zero or more allowed justification codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes By default, this field is absent, and all justification codes are allowed.

    Returns
    Type
    Description
    KeyAccessJustificationsPolicy |null

    hasKeyAccessJustificationsPolicy

    clearKeyAccessJustificationsPolicy

    setKeyAccessJustificationsPolicy

    Optional. The policy used for Key Access Justifications Policy Enforcement.

    If this field is present and this key is enrolled in Key Access Justifications Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if rejected by the policy. The policy is defined by specifying zero or more allowed justification codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes By default, this field is absent, and all justification codes are allowed.

    Parameter
    Name
    Description
    var
    KeyAccessJustificationsPolicy
    Returns
    Type
    Description
    $this

    getRotationSchedule

    Returns
    Type
    Description
    string
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: