pharnexbase
/
kratos
11
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
244 Commits
46 Branches
62 Tags
68 MiB
Tag: Branch: Tree: 1bf8b97deb
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1bf8b97deb'
${ noResults }
kratos/third_party/google/cloud/kms/v1/service.proto

657 lines
26 KiB
Raw Normal View History Unescape

add third_party proto
6 years ago
// Copyright 2018 Google LLC.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
syntax = "proto3";
package google.cloud.kms.v1;
import "google/api/annotations.proto";
import "google/cloud/kms/v1/resources.proto";
import "google/protobuf/field_mask.proto";
import "google/protobuf/struct.proto";
import "google/protobuf/wrappers.proto";
option cc_enable_arenas = true;
option csharp_namespace = "Google.Cloud.Kms.V1";
option go_package = "google.golang.org/genproto/googleapis/cloud/kms/v1;kms";
option java_multiple_files = true;
option java_outer_classname = "KmsProto";
option java_package = "com.google.cloud.kms.v1";
option php_namespace = "Google\\Cloud\\Kms\\V1";
// Google Cloud Key Management Service
//
// Manages cryptographic keys and operations using those keys. Implements a REST
// model with the following objects:
//
// * [KeyRing][google.cloud.kms.v1.KeyRing]
// * [CryptoKey][google.cloud.kms.v1.CryptoKey]
// * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
//
// If you are using manual gRPC libraries, see
// [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc).
service KeyManagementService {
// Lists [KeyRings][google.cloud.kms.v1.KeyRing].
rpc ListKeyRings(ListKeyRingsRequest) returns (ListKeyRingsResponse) {
option (google.api.http) = {
get: "/v1/{parent=projects/*/locations/*}/keyRings"
};
}
// Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey].
rpc ListCryptoKeys(ListCryptoKeysRequest) returns (ListCryptoKeysResponse) {
option (google.api.http) = {
get: "/v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys"
};
}
// Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
rpc ListCryptoKeyVersions(ListCryptoKeyVersionsRequest)
returns (ListCryptoKeyVersionsResponse) {
option (google.api.http) = {
get: "/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions"
};
}
// Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
rpc GetKeyRing(GetKeyRingRequest) returns (KeyRing) {
option (google.api.http) = {
get: "/v1/{name=projects/*/locations/*/keyRings/*}"
};
}
// Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as
// well as its [primary][google.cloud.kms.v1.CryptoKey.primary]
// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
rpc GetCryptoKey(GetCryptoKeyRequest) returns (CryptoKey) {
option (google.api.http) = {
get: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}"
};
}
// Returns metadata for a given
// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
rpc GetCryptoKeyVersion(GetCryptoKeyVersionRequest)
returns (CryptoKeyVersion) {
option (google.api.http) = {
get: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}"
};
}
// Returns the public key for the given
// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
// [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]
// or
// [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
rpc GetPublicKey(GetPublicKeyRequest) returns (PublicKey) {
option (google.api.http) = {
get: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}/publicKey"
};
}
// Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and
// Location.
rpc CreateKeyRing(CreateKeyRingRequest) returns (KeyRing) {
option (google.api.http) = {
post: "/v1/{parent=projects/*/locations/*}/keyRings"
body: "key_ring"
};
}
// Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a
// [KeyRing][google.cloud.kms.v1.KeyRing].
//
// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
// [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
// are required.
rpc CreateCryptoKey(CreateCryptoKeyRequest) returns (CryptoKey) {
option (google.api.http) = {
post: "/v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys"
body: "crypto_key"
};
}
// Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a
// [CryptoKey][google.cloud.kms.v1.CryptoKey].
//
// The server will assign the next sequential id. If unset,
// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
rpc CreateCryptoKeyVersion(CreateCryptoKeyVersionRequest)
returns (CryptoKeyVersion) {
option (google.api.http) = {
post: "/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions"
body: "crypto_key_version"
};
}
// Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
rpc UpdateCryptoKey(UpdateCryptoKeyRequest) returns (CryptoKey) {
option (google.api.http) = {
patch: "/v1/{crypto_key.name=projects/*/locations/*/keyRings/*/cryptoKeys/*}"
body: "crypto_key"
};
}
// Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
// metadata.
//
// [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
// [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
// and
// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]
// using this method. See
// [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]
// and
// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
// to move between other states.
rpc UpdateCryptoKeyVersion(UpdateCryptoKeyVersionRequest)
returns (CryptoKeyVersion) {
option (google.api.http) = {
patch: "/v1/{crypto_key_version.name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}"
body: "crypto_key_version"
};
}
// Encrypts data, so that it can only be recovered by a call to
// [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The
// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
rpc Encrypt(EncryptRequest) returns (EncryptResponse) {
option (google.api.http) = {
post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/**}:encrypt"
body: "*"
};
}
// Decrypts data that was protected by
// [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The
// [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
// [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
rpc Decrypt(DecryptRequest) returns (DecryptResponse) {
option (google.api.http) = {
post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:decrypt"
body: "*"
};
}
// Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
// ASYMMETRIC_SIGN, producing a signature that can be verified with the public
// key retrieved from
// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
rpc AsymmetricSign(AsymmetricSignRequest) returns (AsymmetricSignResponse) {
option (google.api.http) = {
post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:asymmetricSign"
body: "*"
};
}
// Decrypts data that was encrypted with a public key retrieved from
// [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
// corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
// with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
// ASYMMETRIC_DECRYPT.
rpc AsymmetricDecrypt(AsymmetricDecryptRequest)
returns (AsymmetricDecryptResponse) {
option (google.api.http) = {
post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:asymmetricDecrypt"
body: "*"
};
}
// Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that
// will be used in
// [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
//
// Returns an error if called on an asymmetric key.
rpc UpdateCryptoKeyPrimaryVersion(UpdateCryptoKeyPrimaryVersionRequest)
returns (CryptoKey) {
option (google.api.http) = {
post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:updatePrimaryVersion"
body: "*"
};
}
// Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for
// destruction.
//
// Upon calling this method,
// [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will
// be set to
// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
// be set to a time 24 hours in the future, at which point the
// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be changed to
// [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
// and the key material will be irrevocably destroyed.
//
// Before the
// [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is
// reached,
// [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
// may be called to reverse the process.
rpc DestroyCryptoKeyVersion(DestroyCryptoKeyVersionRequest)
returns (CryptoKeyVersion) {
option (google.api.http) = {
post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:destroy"
body: "*"
};
}
// Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
// [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
// state.
//
// Upon restoration of the CryptoKeyVersion,
// [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
// [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
// and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
// be cleared.
rpc RestoreCryptoKeyVersion(RestoreCryptoKeyVersionRequest)
returns (CryptoKeyVersion) {
option (google.api.http) = {
post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:restore"
body: "*"
};
}
}
// Request message for
// [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings].
message ListKeyRingsRequest {
// Required. The resource name of the location associated with the
// [KeyRings][google.cloud.kms.v1.KeyRing], in the format
// `projects/*/locations/*`.
string parent = 1;
// Optional limit on the number of [KeyRings][google.cloud.kms.v1.KeyRing] to
// include in the response. Further [KeyRings][google.cloud.kms.v1.KeyRing]
// can subsequently be obtained by including the
// [ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token]
// in a subsequent request. If unspecified, the server will pick an
// appropriate default.
int32 page_size = 2;
// Optional pagination token, returned earlier via
// [ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token].
string page_token = 3;
}
// Request message for
// [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys].
message ListCryptoKeysRequest {
// Required. The resource name of the [KeyRing][google.cloud.kms.v1.KeyRing]
// to list, in the format `projects/*/locations/*/keyRings/*`.
string parent = 1;
// Optional limit on the number of [CryptoKeys][google.cloud.kms.v1.CryptoKey]
// to include in the response. Further
// [CryptoKeys][google.cloud.kms.v1.CryptoKey] can subsequently be obtained by
// including the
// [ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token]
// in a subsequent request. If unspecified, the server will pick an
// appropriate default.
int32 page_size = 2;
// Optional pagination token, returned earlier via
// [ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token].
string page_token = 3;
// The fields of the primary version to include in the response.
CryptoKeyVersion.CryptoKeyVersionView version_view = 4;
}
// Request message for
// [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions].
message ListCryptoKeyVersionsRequest {
// Required. The resource name of the
// [CryptoKey][google.cloud.kms.v1.CryptoKey] to list, in the format
// `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
string parent = 1;
// Optional limit on the number of
// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] to include in the
// response. Further [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]
// can subsequently be obtained by including the
// [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token]
// in a subsequent request. If unspecified, the server will pick an
// appropriate default.
int32 page_size = 2;
// Optional pagination token, returned earlier via
// [ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token].
string page_token = 3;
// The fields to include in the response.
CryptoKeyVersion.CryptoKeyVersionView view = 4;
}
// Response message for
// [KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings].
message ListKeyRingsResponse {
// The list of [KeyRings][google.cloud.kms.v1.KeyRing].
repeated KeyRing key_rings = 1;
// A token to retrieve next page of results. Pass this value in
// [ListKeyRingsRequest.page_token][google.cloud.kms.v1.ListKeyRingsRequest.page_token]
// to retrieve the next page of results.
string next_page_token = 2;
// The total number of [KeyRings][google.cloud.kms.v1.KeyRing] that matched
// the query.
int32 total_size = 3;
}
// Response message for
// [KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys].
message ListCryptoKeysResponse {
// The list of [CryptoKeys][google.cloud.kms.v1.CryptoKey].
repeated CryptoKey crypto_keys = 1;
// A token to retrieve next page of results. Pass this value in
// [ListCryptoKeysRequest.page_token][google.cloud.kms.v1.ListCryptoKeysRequest.page_token]
// to retrieve the next page of results.
string next_page_token = 2;
// The total number of [CryptoKeys][google.cloud.kms.v1.CryptoKey] that
// matched the query.
int32 total_size = 3;
}
// Response message for
// [KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions].
message ListCryptoKeyVersionsResponse {
// The list of [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
repeated CryptoKeyVersion crypto_key_versions = 1;
// A token to retrieve next page of results. Pass this value in
// [ListCryptoKeyVersionsRequest.page_token][google.cloud.kms.v1.ListCryptoKeyVersionsRequest.page_token]
// to retrieve the next page of results.
string next_page_token = 2;
// The total number of
// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion] that matched the
// query.
int32 total_size = 3;
}
// Request message for
// [KeyManagementService.GetKeyRing][google.cloud.kms.v1.KeyManagementService.GetKeyRing].
message GetKeyRingRequest {
// The [name][google.cloud.kms.v1.KeyRing.name] of the
// [KeyRing][google.cloud.kms.v1.KeyRing] to get.
string name = 1;
}
// Request message for
// [KeyManagementService.GetCryptoKey][google.cloud.kms.v1.KeyManagementService.GetCryptoKey].
message GetCryptoKeyRequest {
// The [name][google.cloud.kms.v1.CryptoKey.name] of the
// [CryptoKey][google.cloud.kms.v1.CryptoKey] to get.
string name = 1;
}
// Request message for
// [KeyManagementService.GetCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.GetCryptoKeyVersion].
message GetCryptoKeyVersionRequest {
// The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the
// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to get.
string name = 1;
}
// Request message for
// [KeyManagementService.GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
message GetPublicKeyRequest {
// The [name][google.cloud.kms.v1.CryptoKeyVersion.name] of the
// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] public key to get.
string name = 1;
}
// Request message for
// [KeyManagementService.CreateKeyRing][google.cloud.kms.v1.KeyManagementService.CreateKeyRing].
message CreateKeyRingRequest {
// Required. The resource name of the location associated with the
// [KeyRings][google.cloud.kms.v1.KeyRing], in the format
// `projects/*/locations/*`.
string parent = 1;
// Required. It must be unique within a location and match the regular
// expression `[a-zA-Z0-9_-]{1,63}`
string key_ring_id = 2;
// A [KeyRing][google.cloud.kms.v1.KeyRing] with initial field values.
KeyRing key_ring = 3;
}
// Request message for
// [KeyManagementService.CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey].
message CreateCryptoKeyRequest {
// Required. The [name][google.cloud.kms.v1.KeyRing.name] of the KeyRing
// associated with the [CryptoKeys][google.cloud.kms.v1.CryptoKey].
string parent = 1;
// Required. It must be unique within a KeyRing and match the regular
// expression `[a-zA-Z0-9_-]{1,63}`
string crypto_key_id = 2;
// A [CryptoKey][google.cloud.kms.v1.CryptoKey] with initial field values.
CryptoKey crypto_key = 3;
}
// Request message for
// [KeyManagementService.CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion].
message CreateCryptoKeyVersionRequest {
// Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the
// [CryptoKey][google.cloud.kms.v1.CryptoKey] associated with the
// [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
string parent = 1;
// A [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with initial
// field values.
CryptoKeyVersion crypto_key_version = 2;
}
// Request message for
// [KeyManagementService.UpdateCryptoKey][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKey].
message UpdateCryptoKeyRequest {
// [CryptoKey][google.cloud.kms.v1.CryptoKey] with updated values.
CryptoKey crypto_key = 1;
// Required list of fields to be updated in this request.
google.protobuf.FieldMask update_mask = 2;
}
// Request message for
// [KeyManagementService.UpdateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyVersion].
message UpdateCryptoKeyVersionRequest {
// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with updated
// values.
CryptoKeyVersion crypto_key_version = 1;
// Required list of fields to be updated in this request.
google.protobuf.FieldMask update_mask = 2;
}
// Request message for
// [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
message EncryptRequest {
// Required. The resource name of the
// [CryptoKey][google.cloud.kms.v1.CryptoKey] or
// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
// encryption.
//
// If a [CryptoKey][google.cloud.kms.v1.CryptoKey] is specified, the server
// will use its [primary version][google.cloud.kms.v1.CryptoKey.primary].
string name = 1;
// Required. The data to encrypt. Must be no larger than 64KiB.
//
// The maximum size depends on the key version's
// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level].
// For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the
// plaintext must be no larger than 64KiB. For
// [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of
// the plaintext and additional_authenticated_data fields must be no larger
// than 8KiB.
bytes plaintext = 2;
// Optional data that, if specified, must also be provided during decryption
// through
// [DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data].
//
// The maximum size depends on the key version's
// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level].
// For [SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE] keys, the AAD
// must be no larger than 64KiB. For
// [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] keys, the combined length of
// the plaintext and additional_authenticated_data fields must be no larger
// than 8KiB.
bytes additional_authenticated_data = 3;
}
// Request message for
// [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
message DecryptRequest {
// Required. The resource name of the
// [CryptoKey][google.cloud.kms.v1.CryptoKey] to use for decryption. The
// server will choose the appropriate version.
string name = 1;
// Required. The encrypted data originally returned in
// [EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext].
bytes ciphertext = 2;
// Optional data that must match the data originally supplied in
// [EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data].
bytes additional_authenticated_data = 3;
}
// Request message for
// [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign].
message AsymmetricSignRequest {
// Required. The resource name of the
// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
// signing.
string name = 1;
// Required. The digest of the data to sign. The digest must be produced with
// the same digest algorithm as specified by the key version's
// [algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm].
Digest digest = 3;
}
// Request message for
// [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt].
message AsymmetricDecryptRequest {
// Required. The resource name of the
// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use for
// decryption.
string name = 1;
// Required. The data encrypted with the named
// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s public key using
// OAEP.
bytes ciphertext = 3;
}
// Response message for
// [KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt].
message DecryptResponse {
// The decrypted data originally supplied in
// [EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext].
bytes plaintext = 1;
}
// Response message for
// [KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
message EncryptResponse {
// The resource name of the
// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] used in
// encryption.
string name = 1;
// The encrypted data.
bytes ciphertext = 2;
}
// Response message for
// [KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign].
message AsymmetricSignResponse {
// The created signature.
bytes signature = 1;
}
// Response message for
// [KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt].
message AsymmetricDecryptResponse {
// The decrypted data originally encrypted with the matching public key.
bytes plaintext = 1;
}
// Request message for
// [KeyManagementService.UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion].
message UpdateCryptoKeyPrimaryVersionRequest {
// The resource name of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to
// update.
string name = 1;
// The id of the child
// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to use as primary.
string crypto_key_version_id = 2;
}
// Request message for
// [KeyManagementService.DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion].
message DestroyCryptoKeyVersionRequest {
// The resource name of the
// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to destroy.
string name = 1;
}
// Request message for
// [KeyManagementService.RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion].
message RestoreCryptoKeyVersionRequest {
// The resource name of the
// [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to restore.
string name = 1;
}
// A [Digest][google.cloud.kms.v1.Digest] holds a cryptographic message digest.
message Digest {
// Required. The message digest.
oneof digest {
// A message digest produced with the SHA-256 algorithm.
bytes sha256 = 1;
// A message digest produced with the SHA-384 algorithm.
bytes sha384 = 2;
// A message digest produced with the SHA-512 algorithm.
bytes sha512 = 3;
}
}
// Cloud KMS metadata for the given
// [google.cloud.location.Location][google.cloud.location.Location].
message LocationMetadata {
// Indicates whether [CryptoKeys][google.cloud.kms.v1.CryptoKey] with
// [protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level]
// [HSM][google.cloud.kms.v1.ProtectionLevel.HSM] can be created in this
// location.
bool hsm_available = 1;
}