package kms

import "cloud.google.com/go/kms/apiv1"

Manages keys and performs cryptographic operations in a central cloud service, for direct use by other cloud resources and applications.

Index ¶

• func DefaultAuthScopes() []string
• type CryptoKeyIterator
• func (it *CryptoKeyIterator) Next() (*kmspb.CryptoKey, error)
• func (it *CryptoKeyIterator) PageInfo() *iterator.PageInfo
• type CryptoKeyVersionIterator
• func (it *CryptoKeyVersionIterator) Next() (*kmspb.CryptoKeyVersion, error)
• func (it *CryptoKeyVersionIterator) PageInfo() *iterator.PageInfo
• type KeyManagementCallOptions
• type KeyManagementClient
• func NewKeyManagementClient(ctx context.Context, opts ...option.ClientOption) (*KeyManagementClient, error)
• func (c *KeyManagementClient) AsymmetricDecrypt(ctx context.Context, req *kmspb.AsymmetricDecryptRequest, opts ...gax.CallOption) (*kmspb.AsymmetricDecryptResponse, error)
• func (c *KeyManagementClient) AsymmetricSign(ctx context.Context, req *kmspb.AsymmetricSignRequest, opts ...gax.CallOption) (*kmspb.AsymmetricSignResponse, error)
• func (c *KeyManagementClient) Close() error
• func (c *KeyManagementClient) Connection() *grpc.ClientConn
• func (c *KeyManagementClient) CreateCryptoKey(ctx context.Context, req *kmspb.CreateCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error)
• func (c *KeyManagementClient) CreateCryptoKeyVersion(ctx context.Context, req *kmspb.CreateCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error)
• func (c *KeyManagementClient) CreateKeyRing(ctx context.Context, req *kmspb.CreateKeyRingRequest, opts ...gax.CallOption) (*kmspb.KeyRing, error)
• func (c *KeyManagementClient) CryptoKeyIAM(cryptoKey *kmspb.CryptoKey) *iam.Handle
• func (c *KeyManagementClient) Decrypt(ctx context.Context, req *kmspb.DecryptRequest, opts ...gax.CallOption) (*kmspb.DecryptResponse, error)
• func (c *KeyManagementClient) DestroyCryptoKeyVersion(ctx context.Context, req *kmspb.DestroyCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error)
• func (c *KeyManagementClient) Encrypt(ctx context.Context, req *kmspb.EncryptRequest, opts ...gax.CallOption) (*kmspb.EncryptResponse, error)
• func (c *KeyManagementClient) GetCryptoKey(ctx context.Context, req *kmspb.GetCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error)
• func (c *KeyManagementClient) GetCryptoKeyVersion(ctx context.Context, req *kmspb.GetCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error)
• func (c *KeyManagementClient) GetKeyRing(ctx context.Context, req *kmspb.GetKeyRingRequest, opts ...gax.CallOption) (*kmspb.KeyRing, error)
• func (c *KeyManagementClient) GetPublicKey(ctx context.Context, req *kmspb.GetPublicKeyRequest, opts ...gax.CallOption) (*kmspb.PublicKey, error)
• func (c *KeyManagementClient) KeyRingIAM(keyRing *kmspb.KeyRing) *iam.Handle
• func (c *KeyManagementClient) ListCryptoKeyVersions(ctx context.Context, req *kmspb.ListCryptoKeyVersionsRequest, opts ...gax.CallOption) *CryptoKeyVersionIterator
• func (c *KeyManagementClient) ListCryptoKeys(ctx context.Context, req *kmspb.ListCryptoKeysRequest, opts ...gax.CallOption) *CryptoKeyIterator
• func (c *KeyManagementClient) ListKeyRings(ctx context.Context, req *kmspb.ListKeyRingsRequest, opts ...gax.CallOption) *KeyRingIterator
• func (c *KeyManagementClient) ResourceIAM(resourcePath string) *iam.Handle
• func (c *KeyManagementClient) RestoreCryptoKeyVersion(ctx context.Context, req *kmspb.RestoreCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error)
• func (c *KeyManagementClient) UpdateCryptoKey(ctx context.Context, req *kmspb.UpdateCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error)
• func (c *KeyManagementClient) UpdateCryptoKeyPrimaryVersion(ctx context.Context, req *kmspb.UpdateCryptoKeyPrimaryVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error)
• func (c *KeyManagementClient) UpdateCryptoKeyVersion(ctx context.Context, req *kmspb.UpdateCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error)
• type KeyRingIterator
• func (it *KeyRingIterator) Next() (*kmspb.KeyRing, error)
• func (it *KeyRingIterator) PageInfo() *iterator.PageInfo

Examples ¶

• KeyManagementClient.AsymmetricDecrypt
• KeyManagementClient.AsymmetricSign
• KeyManagementClient.CreateCryptoKey
• KeyManagementClient.CreateCryptoKeyVersion
• KeyManagementClient.CreateKeyRing
• KeyManagementClient.Decrypt
• KeyManagementClient.DestroyCryptoKeyVersion
• KeyManagementClient.Encrypt
• KeyManagementClient.GetCryptoKey
• KeyManagementClient.GetCryptoKeyVersion
• KeyManagementClient.GetKeyRing
• KeyManagementClient.GetPublicKey
• KeyManagementClient.ListCryptoKeyVersions
• KeyManagementClient.ListCryptoKeys
• KeyManagementClient.ListKeyRings
• KeyManagementClient.ResourceIAM
• KeyManagementClient.RestoreCryptoKeyVersion
• KeyManagementClient.UpdateCryptoKey
• KeyManagementClient.UpdateCryptoKeyPrimaryVersion
• KeyManagementClient.UpdateCryptoKeyVersion
• NewKeyManagementClient

Package Files ¶

doc.go iam.go key_management_client.go

func DefaultAuthScopes ¶ Uses

func DefaultAuthScopes() []string

DefaultAuthScopes reports the default set of authentication scopes to use with this package.

type CryptoKeyIterator ¶ Uses

type CryptoKeyIterator struct {

    // InternalFetch is for use by the Google Cloud Libraries only.
    // It is not part of the stable interface of this package.
    //
    // InternalFetch returns results from a single call to the underlying RPC.
    // The number of results is no greater than pageSize.
    // If there are no more results, nextPageToken is empty and err is nil.
    InternalFetch func(pageSize int, pageToken string) (results []*kmspb.CryptoKey, nextPageToken string, err error)
    // contains filtered or unexported fields
}

CryptoKeyIterator manages a stream of *kmspb.CryptoKey.

func (*CryptoKeyIterator) Next ¶ Uses

func (it *CryptoKeyIterator) Next() (*kmspb.CryptoKey, error)

Next returns the next result. Its second return value is iterator.Done if there are no more results. Once Next returns Done, all subsequent calls will return Done.

func (*CryptoKeyIterator) PageInfo ¶ Uses

func (it *CryptoKeyIterator) PageInfo() *iterator.PageInfo

PageInfo supports pagination. See the google.golang.org/api/iterator package for details.

type CryptoKeyVersionIterator ¶ Uses

type CryptoKeyVersionIterator struct {

    // InternalFetch is for use by the Google Cloud Libraries only.
    // It is not part of the stable interface of this package.
    //
    // InternalFetch returns results from a single call to the underlying RPC.
    // The number of results is no greater than pageSize.
    // If there are no more results, nextPageToken is empty and err is nil.
    InternalFetch func(pageSize int, pageToken string) (results []*kmspb.CryptoKeyVersion, nextPageToken string, err error)
    // contains filtered or unexported fields
}

CryptoKeyVersionIterator manages a stream of *kmspb.CryptoKeyVersion.

func (*CryptoKeyVersionIterator) Next ¶ Uses

func (it *CryptoKeyVersionIterator) Next() (*kmspb.CryptoKeyVersion, error)

Next returns the next result. Its second return value is iterator.Done if there are no more results. Once Next returns Done, all subsequent calls will return Done.

func (*CryptoKeyVersionIterator) PageInfo ¶ Uses

func (it *CryptoKeyVersionIterator) PageInfo() *iterator.PageInfo

PageInfo supports pagination. See the google.golang.org/api/iterator package for details.

type KeyManagementCallOptions ¶ Uses

type KeyManagementCallOptions struct {
    ListKeyRings                  []gax.CallOption
    ListCryptoKeys                []gax.CallOption
    ListCryptoKeyVersions         []gax.CallOption
    GetKeyRing                    []gax.CallOption
    GetCryptoKey                  []gax.CallOption
    GetCryptoKeyVersion           []gax.CallOption
    CreateKeyRing                 []gax.CallOption
    CreateCryptoKey               []gax.CallOption
    CreateCryptoKeyVersion        []gax.CallOption
    UpdateCryptoKey               []gax.CallOption
    UpdateCryptoKeyVersion        []gax.CallOption
    Encrypt                       []gax.CallOption
    Decrypt                       []gax.CallOption
    UpdateCryptoKeyPrimaryVersion []gax.CallOption
    DestroyCryptoKeyVersion       []gax.CallOption
    RestoreCryptoKeyVersion       []gax.CallOption
    GetPublicKey                  []gax.CallOption
    AsymmetricDecrypt             []gax.CallOption
    AsymmetricSign                []gax.CallOption
}

KeyManagementCallOptions contains the retry settings for each method of KeyManagementClient.

type KeyManagementClient ¶ Uses

type KeyManagementClient struct {

    // The call options for this service.
    CallOptions *KeyManagementCallOptions
    // contains filtered or unexported fields
}

KeyManagementClient is a client for interacting with Cloud Key Management Service (KMS) API.

Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.

func NewKeyManagementClient ¶ Uses

func NewKeyManagementClient(ctx context.Context, opts ...option.ClientOption) (*KeyManagementClient, error)

NewKeyManagementClient creates a new key management service client.

Google Cloud Key Management Service ¶

Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:

[KeyRing][google.cloud.kms.v1.KeyRing]

[CryptoKey][google.cloud.kms.v1.CryptoKey]

[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]

If you are using manual gRPC libraries, see Using gRPC with Cloud KMS (at https://cloud.google.com/kms/docs/grpc).

ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use client.
_ = c

func (*KeyManagementClient) AsymmetricDecrypt ¶ Uses

func (c *KeyManagementClient) AsymmetricDecrypt(ctx context.Context, req *kmspb.AsymmetricDecryptRequest, opts ...gax.CallOption) (*kmspb.AsymmetricDecryptResponse, error)

AsymmetricDecrypt decrypts data that was encrypted with a public key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.

ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &kmspb.AsymmetricDecryptRequest{
    // TODO: Fill request struct fields.
}
resp, err := c.AsymmetricDecrypt(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

func (*KeyManagementClient) AsymmetricSign ¶ Uses

func (c *KeyManagementClient) AsymmetricSign(ctx context.Context, req *kmspb.AsymmetricSignRequest, opts ...gax.CallOption) (*kmspb.AsymmetricSignResponse, error)

AsymmetricSign signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].

ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &kmspb.AsymmetricSignRequest{
    // TODO: Fill request struct fields.
}
resp, err := c.AsymmetricSign(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

func (*KeyManagementClient) Close ¶ Uses

func (c *KeyManagementClient) Close() error

Close closes the connection to the API service. The user should invoke this when the client is no longer required.

func (*KeyManagementClient) Connection ¶ Uses

func (c *KeyManagementClient) Connection() *grpc.ClientConn

Connection returns the client's connection to the API service.

func (*KeyManagementClient) CreateCryptoKey ¶ Uses

func (c *KeyManagementClient) CreateCryptoKey(ctx context.Context, req *kmspb.CreateCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error)

CreateCryptoKey create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing].

[CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm] are required.

ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &kmspb.CreateCryptoKeyRequest{
    // TODO: Fill request struct fields.
}
resp, err := c.CreateCryptoKey(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

func (*KeyManagementClient) CreateCryptoKeyVersion ¶ Uses

func (c *KeyManagementClient) CreateCryptoKeyVersion(ctx context.Context, req *kmspb.CreateCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error)

CreateCryptoKeyVersion create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey].

The server will assign the next sequential id. If unset, [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].

ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &kmspb.CreateCryptoKeyVersionRequest{
    // TODO: Fill request struct fields.
}
resp, err := c.CreateCryptoKeyVersion(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

func (*KeyManagementClient) CreateKeyRing ¶ Uses

func (c *KeyManagementClient) CreateKeyRing(ctx context.Context, req *kmspb.CreateKeyRingRequest, opts ...gax.CallOption) (*kmspb.KeyRing, error)

CreateKeyRing create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location.

ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &kmspb.CreateKeyRingRequest{
    // TODO: Fill request struct fields.
}
resp, err := c.CreateKeyRing(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

func (*KeyManagementClient) CryptoKeyIAM ¶ Uses

func (c *KeyManagementClient) CryptoKeyIAM(cryptoKey *kmspb.CryptoKey) *iam.Handle

CryptoKeyIAM returns a handle to inspect and change permissions of a CryptoKey.

Deprecated: Please use ResourceIAM and provide the CryptoKey.Name as input.

func (*KeyManagementClient) Decrypt ¶ Uses

func (c *KeyManagementClient) Decrypt(ctx context.Context, req *kmspb.DecryptRequest, opts ...gax.CallOption) (*kmspb.DecryptResponse, error)

Decrypt decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].

ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &kmspb.DecryptRequest{
    // TODO: Fill request struct fields.
}
resp, err := c.Decrypt(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

func (*KeyManagementClient) DestroyCryptoKeyVersion ¶ Uses

func (c *KeyManagementClient) DestroyCryptoKeyVersion(ctx context.Context, req *kmspb.DestroyCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error)

DestroyCryptoKeyVersion schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.

Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to a time 24 hours in the future, at which point the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be changed to [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key material will be irrevocably destroyed.

Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached, [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process.

ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &kmspb.DestroyCryptoKeyVersionRequest{
    // TODO: Fill request struct fields.
}
resp, err := c.DestroyCryptoKeyVersion(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

func (*KeyManagementClient) Encrypt ¶ Uses

func (c *KeyManagementClient) Encrypt(ctx context.Context, req *kmspb.EncryptRequest, opts ...gax.CallOption) (*kmspb.EncryptResponse, error)

Encrypt encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].

ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &kmspb.EncryptRequest{
    // TODO: Fill request struct fields.
}
resp, err := c.Encrypt(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

func (*KeyManagementClient) GetCryptoKey ¶ Uses

func (c *KeyManagementClient) GetCryptoKey(ctx context.Context, req *kmspb.GetCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error)

GetCryptoKey returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].

ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &kmspb.GetCryptoKeyRequest{
    // TODO: Fill request struct fields.
}
resp, err := c.GetCryptoKey(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

func (*KeyManagementClient) GetCryptoKeyVersion ¶ Uses

func (c *KeyManagementClient) GetCryptoKeyVersion(ctx context.Context, req *kmspb.GetCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error)

GetCryptoKeyVersion returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].

ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &kmspb.GetCryptoKeyVersionRequest{
    // TODO: Fill request struct fields.
}
resp, err := c.GetCryptoKeyVersion(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

func (*KeyManagementClient) GetKeyRing ¶ Uses

func (c *KeyManagementClient) GetKeyRing(ctx context.Context, req *kmspb.GetKeyRingRequest, opts ...gax.CallOption) (*kmspb.KeyRing, error)

GetKeyRing returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].

ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &kmspb.GetKeyRingRequest{
    // TODO: Fill request struct fields.
}
resp, err := c.GetKeyRing(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

func (*KeyManagementClient) GetPublicKey ¶ Uses

func (c *KeyManagementClient) GetPublicKey(ctx context.Context, req *kmspb.GetPublicKeyRequest, opts ...gax.CallOption) (*kmspb.PublicKey, error)

GetPublicKey returns the public key for the given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].

ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &kmspb.GetPublicKeyRequest{
    // TODO: Fill request struct fields.
}
resp, err := c.GetPublicKey(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

func (*KeyManagementClient) KeyRingIAM ¶ Uses

func (c *KeyManagementClient) KeyRingIAM(keyRing *kmspb.KeyRing) *iam.Handle

KeyRingIAM returns a handle to inspect and change permissions of a KeyRing.

Deprecated: Please use ResourceIAM and provide the KeyRing.Name as input.

func (*KeyManagementClient) ListCryptoKeyVersions ¶ Uses

func (c *KeyManagementClient) ListCryptoKeyVersions(ctx context.Context, req *kmspb.ListCryptoKeyVersionsRequest, opts ...gax.CallOption) *CryptoKeyVersionIterator

ListCryptoKeyVersions lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].

ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &kmspb.ListCryptoKeyVersionsRequest{
    // TODO: Fill request struct fields.
}
it := c.ListCryptoKeyVersions(ctx, req)
for {
    resp, err := it.Next()
    if err == iterator.Done {
        break
    }
    if err != nil {
        // TODO: Handle error.
    }
    // TODO: Use resp.
    _ = resp
}

func (*KeyManagementClient) ListCryptoKeys ¶ Uses

func (c *KeyManagementClient) ListCryptoKeys(ctx context.Context, req *kmspb.ListCryptoKeysRequest, opts ...gax.CallOption) *CryptoKeyIterator

ListCryptoKeys lists [CryptoKeys][google.cloud.kms.v1.CryptoKey].

ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &kmspb.ListCryptoKeysRequest{
    // TODO: Fill request struct fields.
}
it := c.ListCryptoKeys(ctx, req)
for {
    resp, err := it.Next()
    if err == iterator.Done {
        break
    }
    if err != nil {
        // TODO: Handle error.
    }
    // TODO: Use resp.
    _ = resp
}

func (*KeyManagementClient) ListKeyRings ¶ Uses

func (c *KeyManagementClient) ListKeyRings(ctx context.Context, req *kmspb.ListKeyRingsRequest, opts ...gax.CallOption) *KeyRingIterator

ListKeyRings lists [KeyRings][google.cloud.kms.v1.KeyRing].

ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &kmspb.ListKeyRingsRequest{
    // TODO: Fill request struct fields.
}
it := c.ListKeyRings(ctx, req)
for {
    resp, err := it.Next()
    if err == iterator.Done {
        break
    }
    if err != nil {
        // TODO: Handle error.
    }
    // TODO: Use resp.
    _ = resp
}

func (*KeyManagementClient) ResourceIAM ¶ Uses

func (c *KeyManagementClient) ResourceIAM(resourcePath string) *iam.Handle

ResourceIAM returns a handle to inspect and change permissions of the resource indicated by the given resource path.

ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
    // TODO: Handle error.
}

// TODO: fill in key ring resource path
keyRing := "projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEY_RING]"
handle := c.ResourceIAM(keyRing)

policy, err := handle.Policy(ctx)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use policy.
_ = policy

func (*KeyManagementClient) RestoreCryptoKeyVersion ¶ Uses

func (c *KeyManagementClient) RestoreCryptoKeyVersion(ctx context.Context, req *kmspb.RestoreCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error)

RestoreCryptoKeyVersion restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] state.

Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED], and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared.

ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &kmspb.RestoreCryptoKeyVersionRequest{
    // TODO: Fill request struct fields.
}
resp, err := c.RestoreCryptoKeyVersion(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

func (*KeyManagementClient) UpdateCryptoKey ¶ Uses

func (c *KeyManagementClient) UpdateCryptoKey(ctx context.Context, req *kmspb.UpdateCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error)

UpdateCryptoKey update a [CryptoKey][google.cloud.kms.v1.CryptoKey].

ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &kmspb.UpdateCryptoKeyRequest{
    // TODO: Fill request struct fields.
}
resp, err := c.UpdateCryptoKey(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

func (*KeyManagementClient) UpdateCryptoKeyPrimaryVersion ¶ Uses

func (c *KeyManagementClient) UpdateCryptoKeyPrimaryVersion(ctx context.Context, req *kmspb.UpdateCryptoKeyPrimaryVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error)

UpdateCryptoKeyPrimaryVersion update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].

Returns an error if called on an asymmetric key.

ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &kmspb.UpdateCryptoKeyPrimaryVersionRequest{
    // TODO: Fill request struct fields.
}
resp, err := c.UpdateCryptoKeyPrimaryVersion(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

func (*KeyManagementClient) UpdateCryptoKeyVersion ¶ Uses

func (c *KeyManagementClient) UpdateCryptoKeyVersion(ctx context.Context, req *kmspb.UpdateCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error)

UpdateCryptoKeyVersion update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata.

[state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] and [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to move between other states.

ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
    // TODO: Handle error.
}

req := &kmspb.UpdateCryptoKeyVersionRequest{
    // TODO: Fill request struct fields.
}
resp, err := c.UpdateCryptoKeyVersion(ctx, req)
if err != nil {
    // TODO: Handle error.
}
// TODO: Use resp.
_ = resp

type KeyRingIterator ¶ Uses

type KeyRingIterator struct {

    // InternalFetch is for use by the Google Cloud Libraries only.
    // It is not part of the stable interface of this package.
    //
    // InternalFetch returns results from a single call to the underlying RPC.
    // The number of results is no greater than pageSize.
    // If there are no more results, nextPageToken is empty and err is nil.
    InternalFetch func(pageSize int, pageToken string) (results []*kmspb.KeyRing, nextPageToken string, err error)
    // contains filtered or unexported fields
}

KeyRingIterator manages a stream of *kmspb.KeyRing.

func (*KeyRingIterator) Next ¶ Uses

func (it *KeyRingIterator) Next() (*kmspb.KeyRing, error)

Next returns the next result. Its second return value is iterator.Done if there are no more results. Once Next returns Done, all subsequent calls will return Done.

func (*KeyRingIterator) PageInfo ¶ Uses

func (it *KeyRingIterator) PageInfo() *iterator.PageInfo

PageInfo supports pagination. See the google.golang.org/api/iterator package for details.