or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

ca-pool-management.mdcertificate-authority-operations.mdcertificate-management.mdcertificate-revocation-lists.mdcertificate-templates.mdindex.md

index.mddocs/

0
# Google Cloud Private Certificate Authority
1


2
A comprehensive Python client library for Google Cloud Certificate Authority Service (Private CA), which simplifies the deployment and management of private Certificate Authorities without managing infrastructure. The library enables developers to programmatically create, manage, and revoke digital certificates through a comprehensive API that supports certificate lifecycle management, certificate authority operations, and security policy enforcement.
3


4
## Package Information
5


6
- **Package Name**: google-cloud-private-ca
7
- **Language**: Python
8
- **Installation**: `pip install google-cloud-private-ca`
9
- **Version**: 1.15.0
10


11
## Core Imports
12


13
```python
14
from google.cloud.security.privateca import (
15
    CertificateAuthorityServiceClient,
16
    CertificateAuthorityServiceAsyncClient
17
)
18
```
19


20
Import specific types:
21


22
```python
23
from google.cloud.security.privateca import (
24
    Certificate,
25
    CertificateAuthority,
26
    CaPool,
27
    CertificateTemplate,
28
    CertificateRevocationList
29
)
30
```
31


32
Import pagers for list operations:
33


34
```python
35
from google.cloud.security.privateca_v1.services.certificate_authority_service import pagers
36
```
37


38
Common request and response types:
39


40
```python
41
from google.cloud.security.privateca import (
42
    CreateCertificateRequest,
43
    GetCertificateRequest,
44
    ListCertificatesRequest,
45
    RevokeCertificateRequest,
46
    UpdateCertificateRequest,
47
    CreateCertificateAuthorityRequest,
48
    ActivateCertificateAuthorityRequest,
49
    GetCertificateAuthorityRequest,
50
    ListCertificateAuthoritiesRequest,
51
    CreateCaPoolRequest,
52
    GetCaPoolRequest,
53
    ListCaPoolsRequest,
54
    FetchCaCertsRequest,
55
    FetchCaCertsResponse,
56
    CreateCertificateTemplateRequest,
57
    GetCertificateTemplateRequest,
58
    ListCertificateTemplatesRequest,
59
    GetCertificateRevocationListRequest,
60
    ListCertificateRevocationListsRequest
61
)
62
```
63


64
## Basic Usage
65


66
```python
67
from google.cloud.security.privateca import CertificateAuthorityServiceClient
68


69
# Initialize the client
70
client = CertificateAuthorityServiceClient()
71


72
# Create a certificate authority pool
73
ca_pool_request = {
74
    "parent": "projects/my-project/locations/us-central1",
75
    "ca_pool_id": "my-ca-pool",
76
    "ca_pool": {
77
        "tier": "ENTERPRISE",
78
    }
79
}
80
operation = client.create_ca_pool(ca_pool_request)
81
ca_pool = operation.result()
82


83
# List certificates in a pool
84
parent = "projects/my-project/locations/us-central1/caPools/my-ca-pool"
85
certificates = client.list_certificates(parent=parent)
86
for certificate in certificates:
87
    print(f"Certificate: {certificate.name}")
88
```
89


90
## Architecture
91


92
The Google Cloud Private CA library follows a service-oriented architecture:
93


94
- **CertificateAuthorityServiceClient**: Main synchronous client for all Private CA operations
95
- **CertificateAuthorityServiceAsyncClient**: Asynchronous version for concurrent operations
96
- **Resource Types**: Structured data classes representing certificates, CAs, pools, and templates
97
- **Request/Response Types**: Typed request and response objects for all API operations
98
- **Path Helpers**: Utility methods for constructing proper resource paths
99
- **Transport Layer**: Supports gRPC and REST protocols with automatic retry and authentication
100


101
## Capabilities
102


103
### Certificate Management
104


105
Core certificate lifecycle operations including creation, retrieval, listing, revocation, and metadata updates. Supports X.509 certificates with comprehensive configuration options.
106


107
```python { .api }
108
def create_certificate(request: CreateCertificateRequest) -> Certificate: ...
109
def get_certificate(request: GetCertificateRequest) -> Certificate: ...
110
def list_certificates(request: ListCertificatesRequest) -> pagers.ListCertificatesPager: ...
111
def revoke_certificate(request: RevokeCertificateRequest) -> Certificate: ...
112
def update_certificate(request: UpdateCertificateRequest) -> Certificate: ...
113
```
114


115
[Certificate Management](./certificate-management.md)
116


117
### Certificate Authority Operations
118


119
Complete certificate authority lifecycle management including creation, activation, disabling, enabling, and deletion. Supports both root and subordinate certificate authorities.
120


121
```python { .api }
122
def create_certificate_authority(request: CreateCertificateAuthorityRequest) -> Operation: ...
123
def activate_certificate_authority(request: ActivateCertificateAuthorityRequest) -> Operation: ...
124
def disable_certificate_authority(request: DisableCertificateAuthorityRequest) -> Operation: ...
125
def enable_certificate_authority(request: EnableCertificateAuthorityRequest) -> Operation: ...
126
def get_certificate_authority(request: GetCertificateAuthorityRequest) -> CertificateAuthority: ...
127
def list_certificate_authorities(request: ListCertificateAuthoritiesRequest) -> pagers.ListCertificateAuthoritiesPager: ...
128
def update_certificate_authority(request: UpdateCertificateAuthorityRequest) -> Operation: ...
129
def delete_certificate_authority(request: DeleteCertificateAuthorityRequest) -> Operation: ...
130
def undelete_certificate_authority(request: UndeleteCertificateAuthorityRequest) -> Operation: ...
131
def fetch_certificate_authority_csr(request: FetchCertificateAuthorityCsrRequest) -> FetchCertificateAuthorityCsrResponse: ...
132
```
133


134
[Certificate Authority Operations](./certificate-authority-operations.md)
135


136
### CA Pool Management
137


138
Certificate Authority pool operations for organizing and managing multiple CAs. Pools provide organizational structure and shared configuration for certificate authorities.
139


140
```python { .api }
141
def create_ca_pool(request: CreateCaPoolRequest) -> Operation: ...
142
def get_ca_pool(request: GetCaPoolRequest) -> CaPool: ...
143
def list_ca_pools(request: ListCaPoolsRequest) -> pagers.ListCaPoolsPager: ...
144
def update_ca_pool(request: UpdateCaPoolRequest) -> Operation: ...
145
def delete_ca_pool(request: DeleteCaPoolRequest) -> Operation: ...
146
def fetch_ca_certs(request: FetchCaCertsRequest) -> FetchCaCertsResponse: ...
147
```
148


149
[CA Pool Management](./ca-pool-management.md)
150


151
### Certificate Templates
152


153
Template-based certificate issuance with predefined configurations, constraints, and policies. Templates standardize certificate properties and simplify bulk certificate operations.
154


155
```python { .api }
156
def create_certificate_template(request: CreateCertificateTemplateRequest) -> Operation: ...
157
def get_certificate_template(request: GetCertificateTemplateRequest) -> CertificateTemplate: ...
158
def list_certificate_templates(request: ListCertificateTemplatesRequest) -> pagers.ListCertificateTemplatesPager: ...
159
def update_certificate_template(request: UpdateCertificateTemplateRequest) -> Operation: ...
160
def delete_certificate_template(request: DeleteCertificateTemplateRequest) -> Operation: ...
161
```
162


163
[Certificate Templates](./certificate-templates.md)
164


165
### Certificate Revocation Lists
166


167
Certificate Revocation List (CRL) management for publishing and maintaining lists of revoked certificates. Supports automatic CRL generation and custom update schedules.
168


169
```python { .api }
170
def get_certificate_revocation_list(request: GetCertificateRevocationListRequest) -> CertificateRevocationList: ...
171
def list_certificate_revocation_lists(request: ListCertificateRevocationListsRequest) -> pagers.ListCertificateRevocationListsPager: ...
172
def update_certificate_revocation_list(request: UpdateCertificateRevocationListRequest) -> Operation: ...
173
```
174


175
[Certificate Revocation Lists](./certificate-revocation-lists.md)
176


177
### Operations and IAM Management
178


179
Long-running operation management and Identity and Access Management (IAM) operations for controlling access to Private CA resources.
180


181
```python { .api }
182
def list_operations(request: ListOperationsRequest) -> pagers.ListOperationsPager: ...
183
def get_operation(request: GetOperationRequest) -> Operation: ...
184
def delete_operation(request: DeleteOperationRequest) -> None: ...
185
def cancel_operation(request: CancelOperationRequest) -> None: ...
186
def set_iam_policy(request: SetIamPolicyRequest) -> Policy: ...
187
def get_iam_policy(request: GetIamPolicyRequest) -> Policy: ...
188
def test_iam_permissions(request: TestIamPermissionsRequest) -> TestIamPermissionsResponse: ...
189
def get_location(request: GetLocationRequest) -> Location: ...
190
def list_locations(request: ListLocationsRequest) -> pagers.ListLocationsPager: ...
191
```
192


193
## Core Types
194


195
```python { .api }
196
class CertificateAuthorityServiceClient:
197
    """Synchronous client for Certificate Authority Service."""
198
    
199
    def __init__(
200
        self,
201
        *,
202
        credentials: Optional[ga_credentials.Credentials] = None,
203
        transport: Optional[Union[str, CertificateAuthorityServiceTransport]] = None,
204
        client_options: Optional[Union[client_options_lib.ClientOptions, dict]] = None,
205
        client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
206
    ) -> None: ...
207


208
class CertificateAuthorityServiceAsyncClient:
209
    """Asynchronous client for Certificate Authority Service."""
210
    
211
    def __init__(
212
        self,
213
        *,
214
        credentials: Optional[ga_credentials.Credentials] = None,
215
        transport: Optional[Union[str, CertificateAuthorityServiceTransport]] = None,
216
        client_options: Optional[Union[client_options_lib.ClientOptions, dict]] = None,
217
        client_info: gapic_v1.client_info.ClientInfo = DEFAULT_CLIENT_INFO,
218
    ) -> None: ...
219


220
    # Path Helper Methods
221
    @staticmethod
222
    def ca_pool_path(project: str, location: str, ca_pool: str) -> str: ...
223
    @staticmethod
224
    def certificate_path(project: str, location: str, ca_pool: str, certificate: str) -> str: ...
225
    @staticmethod
226
    def certificate_authority_path(project: str, location: str, ca_pool: str, certificate_authority: str) -> str: ...
227
    @staticmethod
228
    def certificate_template_path(project: str, location: str, certificate_template: str) -> str: ...
229
    @staticmethod
230
    def parse_ca_pool_path(path: str) -> Dict[str, str]: ...
231
    @staticmethod
232
    def parse_certificate_path(path: str) -> Dict[str, str]: ...
233
```