Version
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
tessl/golang-cloud-google-com--go--kms
tessl install tessl/golang-cloud-google-com--go--kms@1.24.0Go Client Library for Google Cloud Key Management Service (KMS) API for managing cryptographic keys and performing cryptographic operations
enums.mddocs/
Enumerations and Constants
Overview
This document covers all enumeration types and constants in the Cloud KMS Go client library. Enums define valid values for algorithm types, key purposes, states, protection levels, and other categorical fields.
Package: cloud.google.com/go/kms/apiv1/kmspb
Protection Level
type ProtectionLevel int32ProtectionLevel specifies how cryptographic operations are performed.
Values
const (
ProtectionLevel_PROTECTION_LEVEL_UNSPECIFIED ProtectionLevel = 0 // Not specified
ProtectionLevel_SOFTWARE ProtectionLevel = 1 // Operations in software
ProtectionLevel_HSM ProtectionLevel = 2 // Operations in Hardware Security Module
ProtectionLevel_EXTERNAL ProtectionLevel = 3 // Operations by external key manager
ProtectionLevel_EXTERNAL_VPC ProtectionLevel = 4 // Operations by EKM in VPC
)Usage:
- SOFTWARE - Standard software-based key protection, suitable for most use cases
- HSM - FIPS 140-2 Level 3 certified hardware security modules
- EXTERNAL - Keys managed by external systems
- EXTERNAL_VPC - Keys managed by EKM connections in VPC
Crypto Key Purpose
type CryptoKey_CryptoKeyPurpose int32Describes the cryptographic capabilities of a CryptoKey. A given key can only be used for the operations allowed by its purpose.
Values
const (
CryptoKey_CRYPTO_KEY_PURPOSE_UNSPECIFIED CryptoKey_CryptoKeyPurpose = 0 // Not specified
CryptoKey_ENCRYPT_DECRYPT CryptoKey_CryptoKeyPurpose = 1 // Symmetric encryption/decryption
CryptoKey_ASYMMETRIC_SIGN CryptoKey_CryptoKeyPurpose = 5 // Asymmetric signing/verification
CryptoKey_ASYMMETRIC_DECRYPT CryptoKey_CryptoKeyPurpose = 6 // Asymmetric decryption
CryptoKey_RAW_ENCRYPT_DECRYPT CryptoKey_CryptoKeyPurpose = 7 // Raw encryption/decryption
CryptoKey_MAC CryptoKey_CryptoKeyPurpose = 9 // MAC generation/verification
CryptoKey_KEY_ENCAPSULATION CryptoKey_CryptoKeyPurpose = 10 // Key encapsulation
)Usage:
- ENCRYPT_DECRYPT - Use with
Encrypt()andDecrypt()methods - ASYMMETRIC_SIGN - Use with
AsymmetricSign()andGetPublicKey() - ASYMMETRIC_DECRYPT - Use with
AsymmetricDecrypt()andGetPublicKey() - RAW_ENCRYPT_DECRYPT - Use with
RawEncrypt()andRawDecrypt()for portable primitives - MAC - Use with
MacSign()andMacVerify() - KEY_ENCAPSULATION - Use with
Decapsulate()andGetPublicKey()
Crypto Key Version Algorithm
type CryptoKeyVersion_CryptoKeyVersionAlgorithm int32The algorithm of the CryptoKeyVersion, indicating what parameters must be used for cryptographic operations.
Symmetric Encryption Algorithms
const (
CryptoKeyVersion_CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED CryptoKeyVersion_CryptoKeyVersionAlgorithm = 0 // Not specified
CryptoKeyVersion_GOOGLE_SYMMETRIC_ENCRYPTION CryptoKeyVersion_CryptoKeyVersionAlgorithm = 1 // AES-256-GCM
CryptoKeyVersion_AES_128_GCM CryptoKeyVersion_CryptoKeyVersionAlgorithm = 41 // AES-GCM 128-bit
CryptoKeyVersion_AES_256_GCM CryptoKeyVersion_CryptoKeyVersionAlgorithm = 19 // AES-GCM 256-bit
CryptoKeyVersion_AES_128_CBC CryptoKeyVersion_CryptoKeyVersionAlgorithm = 42 // AES-CBC 128-bit
CryptoKeyVersion_AES_256_CBC CryptoKeyVersion_CryptoKeyVersionAlgorithm = 43 // AES-CBC 256-bit
CryptoKeyVersion_AES_128_CTR CryptoKeyVersion_CryptoKeyVersionAlgorithm = 44 // AES-CTR 128-bit
CryptoKeyVersion_AES_256_CTR CryptoKeyVersion_CryptoKeyVersionAlgorithm = 45 // AES-CTR 256-bit
)RSA Signing Algorithms
const (
// RSASSA-PSS with SHA-256 digest
CryptoKeyVersion_RSA_SIGN_PSS_2048_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 2 // 2048-bit key
CryptoKeyVersion_RSA_SIGN_PSS_3072_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 3 // 3072-bit key
CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 4 // 4096-bit key
CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 15 // 4096-bit key with SHA-512
// RSASSA-PKCS1-v1_5
CryptoKeyVersion_RSA_SIGN_PKCS1_2048_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 5 // 2048-bit with SHA-256
CryptoKeyVersion_RSA_SIGN_PKCS1_3072_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 6 // 3072-bit with SHA-256
CryptoKeyVersion_RSA_SIGN_PKCS1_4096_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 7 // 4096-bit with SHA-256
CryptoKeyVersion_RSA_SIGN_PKCS1_4096_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 16 // 4096-bit with SHA-512
// RSASSA-PKCS1-v1_5 Raw (no digest)
CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_2048 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 28 // 2048-bit raw
CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_3072 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 29 // 3072-bit raw
CryptoKeyVersion_RSA_SIGN_RAW_PKCS1_4096 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 30 // 4096-bit raw
)RSA Decryption Algorithms
const (
// RSAES-OAEP with SHA-256 digest
CryptoKeyVersion_RSA_DECRYPT_OAEP_2048_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 8 // 2048-bit key
CryptoKeyVersion_RSA_DECRYPT_OAEP_3072_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 9 // 3072-bit key
CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 10 // 4096-bit key
CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 17 // 4096-bit with SHA-512
// RSAES-OAEP with SHA-1 digest (legacy)
CryptoKeyVersion_RSA_DECRYPT_OAEP_2048_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 37 // 2048-bit with SHA-1
CryptoKeyVersion_RSA_DECRYPT_OAEP_3072_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 38 // 3072-bit with SHA-1
CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 39 // 4096-bit with SHA-1
)EC Signing Algorithms
const (
CryptoKeyVersion_EC_SIGN_P256_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 12 // ECDSA on P-256 with SHA-256
CryptoKeyVersion_EC_SIGN_P384_SHA384 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 13 // ECDSA on P-384 with SHA-384
CryptoKeyVersion_EC_SIGN_SECP256K1_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 31 // ECDSA on secp256k1 with SHA-256
CryptoKeyVersion_EC_SIGN_ED25519 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 40 // EdDSA on Curve25519 with SHA-512
)HMAC Algorithms
const (
CryptoKeyVersion_HMAC_SHA256 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 32 // HMAC-SHA256
CryptoKeyVersion_HMAC_SHA1 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 33 // HMAC-SHA1
CryptoKeyVersion_HMAC_SHA384 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 34 // HMAC-SHA384
CryptoKeyVersion_HMAC_SHA512 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 35 // HMAC-SHA512
CryptoKeyVersion_HMAC_SHA224 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 36 // HMAC-SHA224
)Post-Quantum Algorithms
const (
// Key Encapsulation Mechanisms (KEM)
CryptoKeyVersion_ML_KEM_768 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 47 // ML-KEM-768 (FIPS 203)
CryptoKeyVersion_ML_KEM_1024 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 48 // ML-KEM-1024 (FIPS 203)
CryptoKeyVersion_KEM_XWING CryptoKeyVersion_CryptoKeyVersionAlgorithm = 63 // X-Wing hybrid KEM
// Digital Signature Algorithms (DSA)
CryptoKeyVersion_PQ_SIGN_ML_DSA_65 CryptoKeyVersion_CryptoKeyVersionAlgorithm = 56 // ML-DSA-65 (FIPS 204)
CryptoKeyVersion_PQ_SIGN_SLH_DSA_SHA2_128S CryptoKeyVersion_CryptoKeyVersionAlgorithm = 57 // SLH-DSA-SHA2-128S (FIPS 205)
)External Key Manager
const (
CryptoKeyVersion_EXTERNAL_SYMMETRIC_ENCRYPTION CryptoKeyVersion_CryptoKeyVersionAlgorithm = 18 // External symmetric encryption
)Crypto Key Version State
type CryptoKeyVersion_CryptoKeyVersionState int32The state of a CryptoKeyVersion, indicating if it can be used.
Values
const (
CryptoKeyVersion_CRYPTO_KEY_VERSION_STATE_UNSPECIFIED CryptoKeyVersion_CryptoKeyVersionState = 0 // Not specified
CryptoKeyVersion_PENDING_GENERATION CryptoKeyVersion_CryptoKeyVersionState = 5 // Not yet generated
CryptoKeyVersion_ENABLED CryptoKeyVersion_CryptoKeyVersionState = 1 // Can be used
CryptoKeyVersion_DISABLED CryptoKeyVersion_CryptoKeyVersionState = 2 // Cannot be used, can be enabled
CryptoKeyVersion_DESTROYED CryptoKeyVersion_CryptoKeyVersionState = 3 // Destroyed permanently
CryptoKeyVersion_DESTROY_SCHEDULED CryptoKeyVersion_CryptoKeyVersionState = 4 // Scheduled for destruction
CryptoKeyVersion_PENDING_IMPORT CryptoKeyVersion_CryptoKeyVersionState = 6 // Created for import
CryptoKeyVersion_IMPORT_FAILED CryptoKeyVersion_CryptoKeyVersionState = 7 // Import failed
CryptoKeyVersion_GENERATION_FAILED CryptoKeyVersion_CryptoKeyVersionState = 8 // Generation failed
CryptoKeyVersion_PENDING_EXTERNAL_DESTRUCTION CryptoKeyVersion_CryptoKeyVersionState = 9 // External key awaiting destruction
CryptoKeyVersion_EXTERNAL_DESTRUCTION_FAILED CryptoKeyVersion_CryptoKeyVersionState = 10 // External destruction failed
)State Transitions:
PENDING_GENERATION→ENABLED(after generation)ENABLED↔DISABLED(can toggle)ENABLEDorDISABLED→DESTROY_SCHEDULED(via DestroyCryptoKeyVersion)DESTROY_SCHEDULED→DISABLED(via RestoreCryptoKeyVersion)DESTROY_SCHEDULED→DESTROYED(after scheduled duration)
Crypto Key Version View
type CryptoKeyVersion_CryptoKeyVersionView int32A view for CryptoKeyVersion resources.
Values
const (
CryptoKeyVersion_CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED CryptoKeyVersion_CryptoKeyVersionView = 0 // Default (same as FULL)
CryptoKeyVersion_FULL CryptoKeyVersion_CryptoKeyVersionView = 1 // All fields populated
)Import Job Types
ImportJob_ImportMethod
type ImportJob_ImportMethod int32Describes the wrapping method to use when importing key material.
Values
const (
ImportJob_IMPORT_METHOD_UNSPECIFIED ImportJob_ImportMethod = 0 // Not specified
ImportJob_RSA_OAEP_3072_SHA1_AES_256 ImportJob_ImportMethod = 1 // RSA-OAEP 3072, SHA-1, AES-256
ImportJob_RSA_OAEP_4096_SHA1_AES_256 ImportJob_ImportMethod = 2 // RSA-OAEP 4096, SHA-1, AES-256
ImportJob_RSA_OAEP_3072_SHA256_AES_256 ImportJob_ImportMethod = 3 // RSA-OAEP 3072, SHA-256, AES-256
ImportJob_RSA_OAEP_4096_SHA256_AES_256 ImportJob_ImportMethod = 4 // RSA-OAEP 4096, SHA-256, AES-256
ImportJob_RSA_OAEP_3072_SHA256 ImportJob_ImportMethod = 5 // RSA-OAEP 3072, SHA-256 (no AES)
ImportJob_RSA_OAEP_4096_SHA256 ImportJob_ImportMethod = 6 // RSA-OAEP 4096, SHA-256 (no AES)
)ImportJob_ImportJobState
type ImportJob_ImportJobState int32The state of an ImportJob, indicating if it can be used.
Values
const (
ImportJob_IMPORT_JOB_STATE_UNSPECIFIED ImportJob_ImportJobState = 0 // Not specified
ImportJob_PENDING_GENERATION ImportJob_ImportJobState = 1 // Generating wrapping key
ImportJob_ACTIVE ImportJob_ImportJobState = 2 // Active, can be used
ImportJob_EXPIRED ImportJob_ImportJobState = 3 // Expired, cannot be used
)Public Key Format
type PublicKey_PublicKeyFormat int32Format of the public key.
Values
const (
PublicKey_PUBLIC_KEY_FORMAT_UNSPECIFIED PublicKey_PublicKeyFormat = 0 // Not specified
PublicKey_PEM PublicKey_PublicKeyFormat = 1 // PEM format (base64 DER with header/footer)
PublicKey_DER PublicKey_PublicKeyFormat = 2 // DER format (binary)
PublicKey_NIST_PQC PublicKey_PublicKeyFormat = 3 // NIST post-quantum format
PublicKey_XWING_RAW_BYTES PublicKey_PublicKeyFormat = 4 // Raw bytes for X-Wing
)Attestation Format
type KeyOperationAttestation_AttestationFormat int32Attestation format for HSM operations.
Values
const (
KeyOperationAttestation_ATTESTATION_FORMAT_UNSPECIFIED KeyOperationAttestation_AttestationFormat = 0 // Not specified
KeyOperationAttestation_CAVIUM_V1_COMPRESSED KeyOperationAttestation_AttestationFormat = 3 // Cavium V1 gzip compressed
KeyOperationAttestation_CAVIUM_V2_COMPRESSED KeyOperationAttestation_AttestationFormat = 4 // Cavium V2 gzip compressed
)Autokey Types
AutokeyConfig_State
type AutokeyConfig_State int32The state of an AutokeyConfig.
Values
const (
AutokeyConfig_STATE_UNSPECIFIED AutokeyConfig_State = 0 // Not specified
AutokeyConfig_ACTIVE AutokeyConfig_State = 1 // Autokey is enabled and functioning
AutokeyConfig_KEY_PROJECT_DELETED AutokeyConfig_State = 2 // Disabled, key project deleted
AutokeyConfig_UNINITIALIZED AutokeyConfig_State = 3 // Autokey not configured
)EKM Types
EkmConnection_KeyManagementMode
type EkmConnection_KeyManagementMode int32Key management mode of the EkmConnection.
Values
const (
EkmConnection_KEY_MANAGEMENT_MODE_UNSPECIFIED EkmConnection_KeyManagementMode = 0 // Not specified
EkmConnection_MANUAL EkmConnection_KeyManagementMode = 1 // Keys manually managed
EkmConnection_CLOUD_KMS EkmConnection_KeyManagementMode = 2 // Keys managed by Cloud KMS
)Access Reason
type AccessReason int32Reason codes for access to cryptographic keys (for Key Access Justifications).
Values
const (
AccessReason_REASON_UNSPECIFIED AccessReason = 0 // Not specified
AccessReason_CUSTOMER_INITIATED_SUPPORT AccessReason = 1 // Customer-initiated support
AccessReason_GOOGLE_INITIATED_SERVICE AccessReason = 2 // Google-initiated service maintenance
AccessReason_THIRD_PARTY_DATA_REQUEST AccessReason = 3 // Third-party data request
AccessReason_GOOGLE_INITIATED_REVIEW AccessReason = 4 // Google-initiated review
AccessReason_CUSTOMER_INITIATED_ACCESS AccessReason = 5 // Customer-initiated access
AccessReason_GOOGLE_INITIATED_SYSTEM_OPERATION AccessReason = 6 // Google-initiated system operation
AccessReason_REASON_NOT_EXPECTED AccessReason = 7 // Reason not expected
AccessReason_MODIFIED_CUSTOMER_INITIATED_ACCESS AccessReason = 8 // Modified customer-initiated access
AccessReason_MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION AccessReason = 9 // Modified Google system operation
AccessReason_GOOGLE_RESPONSE_TO_PRODUCTION_ALERT AccessReason = 10 // Google response to production alert
AccessReason_CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING AccessReason = 11 // Customer-authorized workflow servicing
)gRPC Method Name Constants
KeyManagementService
const (
KeyManagementService_ListKeyRings_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/ListKeyRings"
KeyManagementService_ListCryptoKeys_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/ListCryptoKeys"
KeyManagementService_ListCryptoKeyVersions_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/ListCryptoKeyVersions"
KeyManagementService_ListImportJobs_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/ListImportJobs"
KeyManagementService_GetKeyRing_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/GetKeyRing"
KeyManagementService_GetCryptoKey_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/GetCryptoKey"
KeyManagementService_GetCryptoKeyVersion_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/GetCryptoKeyVersion"
KeyManagementService_GetPublicKey_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/GetPublicKey"
KeyManagementService_GetImportJob_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/GetImportJob"
KeyManagementService_CreateKeyRing_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/CreateKeyRing"
KeyManagementService_CreateCryptoKey_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/CreateCryptoKey"
KeyManagementService_CreateCryptoKeyVersion_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/CreateCryptoKeyVersion"
KeyManagementService_ImportCryptoKeyVersion_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/ImportCryptoKeyVersion"
KeyManagementService_CreateImportJob_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/CreateImportJob"
KeyManagementService_UpdateCryptoKey_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/UpdateCryptoKey"
KeyManagementService_UpdateCryptoKeyVersion_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/UpdateCryptoKeyVersion"
KeyManagementService_UpdateCryptoKeyPrimaryVersion_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/UpdateCryptoKeyPrimaryVersion"
KeyManagementService_DestroyCryptoKeyVersion_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/DestroyCryptoKeyVersion"
KeyManagementService_RestoreCryptoKeyVersion_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/RestoreCryptoKeyVersion"
KeyManagementService_Encrypt_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/Encrypt"
KeyManagementService_Decrypt_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/Decrypt"
KeyManagementService_RawEncrypt_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/RawEncrypt"
KeyManagementService_RawDecrypt_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/RawDecrypt"
KeyManagementService_AsymmetricSign_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/AsymmetricSign"
KeyManagementService_AsymmetricDecrypt_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/AsymmetricDecrypt"
KeyManagementService_MacSign_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/MacSign"
KeyManagementService_MacVerify_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/MacVerify"
KeyManagementService_Decapsulate_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/Decapsulate"
KeyManagementService_GenerateRandomBytes_FullMethodName = "/google.cloud.kms.v1.KeyManagementService/GenerateRandomBytes"
)Autokey Services
const (
Autokey_CreateKeyHandle_FullMethodName = "/google.cloud.kms.v1.Autokey/CreateKeyHandle"
Autokey_GetKeyHandle_FullMethodName = "/google.cloud.kms.v1.Autokey/GetKeyHandle"
Autokey_ListKeyHandles_FullMethodName = "/google.cloud.kms.v1.Autokey/ListKeyHandles"
AutokeyAdmin_UpdateAutokeyConfig_FullMethodName = "/google.cloud.kms.v1.AutokeyAdmin/UpdateAutokeyConfig"
AutokeyAdmin_GetAutokeyConfig_FullMethodName = "/google.cloud.kms.v1.AutokeyAdmin/GetAutokeyConfig"
AutokeyAdmin_ShowEffectiveAutokeyConfig_FullMethodName = "/google.cloud.kms.v1.AutokeyAdmin/ShowEffectiveAutokeyConfig"
)EKM Service
const (
EkmService_ListEkmConnections_FullMethodName = "/google.cloud.kms.v1.EkmService/ListEkmConnections"
EkmService_GetEkmConnection_FullMethodName = "/google.cloud.kms.v1.EkmService/GetEkmConnection"
EkmService_CreateEkmConnection_FullMethodName = "/google.cloud.kms.v1.EkmService/CreateEkmConnection"
EkmService_UpdateEkmConnection_FullMethodName = "/google.cloud.kms.v1.EkmService/UpdateEkmConnection"
EkmService_GetEkmConfig_FullMethodName = "/google.cloud.kms.v1.EkmService/GetEkmConfig"
EkmService_UpdateEkmConfig_FullMethodName = "/google.cloud.kms.v1.EkmService/UpdateEkmConfig"
EkmService_VerifyConnectivity_FullMethodName = "/google.cloud.kms.v1.EkmService/VerifyConnectivity"
)Inventory Services
const (
KeyDashboardService_ListCryptoKeys_FullMethodName = "/google.cloud.kms.inventory.v1.KeyDashboardService/ListCryptoKeys"
KeyTrackingService_GetProtectedResourcesSummary_FullMethodName = "/google.cloud.kms.inventory.v1.KeyTrackingService/GetProtectedResourcesSummary"
KeyTrackingService_SearchProtectedResources_FullMethodName = "/google.cloud.kms.inventory.v1.KeyTrackingService/SearchProtectedResources"
)Usage Examples
Choosing Algorithm Based on Purpose
func createKeyForPurpose(purpose kmspb.CryptoKey_CryptoKeyPurpose) *kmspb.CryptoKeyVersionTemplate {
var algorithm kmspb.CryptoKeyVersion_CryptoKeyVersionAlgorithm
switch purpose {
case kmspb.CryptoKey_ENCRYPT_DECRYPT:
algorithm = kmspb.CryptoKeyVersion_GOOGLE_SYMMETRIC_ENCRYPTION
case kmspb.CryptoKey_ASYMMETRIC_SIGN:
algorithm = kmspb.CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA256
case kmspb.CryptoKey_ASYMMETRIC_DECRYPT:
algorithm = kmspb.CryptoKeyVersion_RSA_DECRYPT_OAEP_4096_SHA256
case kmspb.CryptoKey_MAC:
algorithm = kmspb.CryptoKeyVersion_HMAC_SHA256
default:
algorithm = kmspb.CryptoKeyVersion_GOOGLE_SYMMETRIC_ENCRYPTION
}
return &kmspb.CryptoKeyVersionTemplate{
Algorithm: algorithm,
ProtectionLevel: kmspb.ProtectionLevel_HSM,
}
}Checking State Before Operations
func canUseVersion(version *kmspb.CryptoKeyVersion) bool {
return version.State == kmspb.CryptoKeyVersion_ENABLED
}
func canRestore(version *kmspb.CryptoKeyVersion) bool {
return version.State == kmspb.CryptoKeyVersion_DESTROY_SCHEDULED
}