Cloud Key Management Service (KMS) API

Manages keys and performs cryptographic operations in a central cloud service, for direct use by other cloud resources and applications.

Service: cloudkms.googleapis.com

The Service name cloudkms.googleapis.com is needed to create RPC client stubs.

google.cloud.kms.v1.Autokey

Methods
CreateKeyHandle Creates a new KeyHandle, triggering the provisioning of a new CryptoKey for CMEK use with the given resource type in the configured key project and the same location.
GetKeyHandle Returns the KeyHandle.
ListKeyHandles Lists KeyHandles.

google.cloud.kms.v1.AutokeyAdmin

Methods
GetAutokeyConfig Returns the AutokeyConfig for a folder or project.
ShowEffectiveAutokeyConfig Returns the effective Cloud KMS Autokey configuration for a given project.
UpdateAutokeyConfig Updates the AutokeyConfig for a folder.

google.cloud.kms.v1.EkmService

Methods
CreateEkmConnection Creates a new EkmConnection in a given Project and Location.
GetEkmConfig Returns the EkmConfig singleton resource for a given project and location.
GetEkmConnection Returns metadata for a given EkmConnection.
ListEkmConnections Lists EkmConnections.
UpdateEkmConfig Updates the EkmConfig singleton resource for a given project and location.
UpdateEkmConnection Updates an EkmConnection's metadata.
VerifyConnectivity Verifies that Cloud KMS can successfully connect to the external key manager specified by an EkmConnection.

google.cloud.kms.v1.KeyAccessJustificationsConfig

Methods
GetKeyAccessJustificationsPolicyConfig Gets the KeyAccessJustificationsPolicyConfig for a given organization, folder, or project.
ShowEffectiveKeyAccessJustificationsEnrollmentConfig Returns the KeyAccessJustificationsEnrollmentConfig of the resource closest to the given project in hierarchy.
ShowEffectiveKeyAccessJustificationsPolicyConfig Returns the KeyAccessJustificationsPolicyConfig of the resource closest to the given project in hierarchy.
UpdateKeyAccessJustificationsPolicyConfig Updates the KeyAccessJustificationsPolicyConfig for a given organization, folder, or project.

google.cloud.kms.v1.KeyManagementService

Methods
AsymmetricDecrypt Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT.
AsymmetricSign Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey.
CreateCryptoKey Create a new CryptoKey within a KeyRing.
CreateCryptoKeyVersion Create a new CryptoKeyVersion in a CryptoKey.
CreateImportJob Create a new ImportJob within a KeyRing.
CreateKeyRing Create a new KeyRing in a given Project and Location.
Decapsulate Decapsulates data that was encapsulated with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose KEY_ENCAPSULATION.
Decrypt Decrypts data that was protected by Encrypt.
DestroyCryptoKeyVersion Schedule a CryptoKeyVersion for destruction.
Encrypt Encrypts data, so that it can only be recovered by a call to Decrypt.
GenerateRandomBytes Generate random bytes using the Cloud KMS randomness source in the provided location.
GetCryptoKey Returns metadata for a given CryptoKey, as well as its primary CryptoKeyVersion.
GetCryptoKeyVersion Returns metadata for a given CryptoKeyVersion.
GetImportJob Returns metadata for a given ImportJob.
GetKeyRing Returns metadata for a given KeyRing.
GetPublicKey Returns the public key for the given CryptoKeyVersion.
ImportCryptoKeyVersion Import wrapped key material into a CryptoKeyVersion.
ListCryptoKeyVersions Lists CryptoKeyVersions.
ListCryptoKeys Lists CryptoKeys.
ListImportJobs Lists ImportJobs.
ListKeyRings Lists KeyRings.
MacSign Signs data using a CryptoKeyVersion with CryptoKey.purpose MAC, producing a tag that can be verified by another source with the same key.
MacVerify Verifies MAC tag using a CryptoKeyVersion with CryptoKey.purpose MAC, and returns a response that indicates whether or not the verification was successful.
RawDecrypt Decrypts data that was originally encrypted using a raw cryptographic mechanism.
RawEncrypt Encrypts data using portable cryptographic primitives.
RestoreCryptoKeyVersion Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state.
UpdateCryptoKey Update a CryptoKey.
UpdateCryptoKeyPrimaryVersion Update the version of a CryptoKey that will be used in Encrypt.
UpdateCryptoKeyVersion Update a CryptoKeyVersion's metadata.

google.cloud.location.Locations

Methods
GetLocation Gets information about a location.
ListLocations Lists information about the supported locations for this service.

google.iam.v1.IAMPolicy

Methods
GetIamPolicy Gets the access control policy for a resource.
SetIamPolicy Sets the access control policy on the specified resource.
TestIamPermissions Returns permissions that a caller has on the specified resource.

google.longrunning.Operations

Methods
GetOperation Gets the latest state of a long-running operation.