import "cloud.google.com/go/kms/apiv1"
Manages keys and performs cryptographic operations in a central cloud service, for direct use by other cloud resources and applications.
The ctx passed to NewClient is used for authentication requests and for creating the underlying connection, but is not used for subsequent calls. Individual methods on the client use the ctx given to them.
To close the open connection, use the Close() method.
For information about setting deadlines, reusing contexts, and more please visit godoc.org/cloud.google.com/go.
doc.go iam.go key_management_client.go
DefaultAuthScopes reports the default set of authentication scopes to use with this package.
type CryptoKeyIterator struct {
// InternalFetch is for use by the Google Cloud Libraries only.
// It is not part of the stable interface of this package.
//
// InternalFetch returns results from a single call to the underlying RPC.
// The number of results is no greater than pageSize.
// If there are no more results, nextPageToken is empty and err is nil.
InternalFetch func(pageSize int, pageToken string) (results []*kmspb.CryptoKey, nextPageToken string, err error)
// contains filtered or unexported fields
}CryptoKeyIterator manages a stream of *kmspb.CryptoKey.
func (it *CryptoKeyIterator) Next() (*kmspb.CryptoKey, error)
Next returns the next result. Its second return value is iterator.Done if there are no more results. Once Next returns Done, all subsequent calls will return Done.
func (it *CryptoKeyIterator) PageInfo() *iterator.PageInfo
PageInfo supports pagination. See the google.golang.org/api/iterator package for details.
type CryptoKeyVersionIterator struct {
// InternalFetch is for use by the Google Cloud Libraries only.
// It is not part of the stable interface of this package.
//
// InternalFetch returns results from a single call to the underlying RPC.
// The number of results is no greater than pageSize.
// If there are no more results, nextPageToken is empty and err is nil.
InternalFetch func(pageSize int, pageToken string) (results []*kmspb.CryptoKeyVersion, nextPageToken string, err error)
// contains filtered or unexported fields
}CryptoKeyVersionIterator manages a stream of *kmspb.CryptoKeyVersion.
func (it *CryptoKeyVersionIterator) Next() (*kmspb.CryptoKeyVersion, error)
Next returns the next result. Its second return value is iterator.Done if there are no more results. Once Next returns Done, all subsequent calls will return Done.
func (it *CryptoKeyVersionIterator) PageInfo() *iterator.PageInfo
PageInfo supports pagination. See the google.golang.org/api/iterator package for details.
type KeyManagementCallOptions struct {
ListKeyRings []gax.CallOption
ListCryptoKeys []gax.CallOption
ListCryptoKeyVersions []gax.CallOption
GetKeyRing []gax.CallOption
GetCryptoKey []gax.CallOption
GetCryptoKeyVersion []gax.CallOption
CreateKeyRing []gax.CallOption
CreateCryptoKey []gax.CallOption
CreateCryptoKeyVersion []gax.CallOption
UpdateCryptoKey []gax.CallOption
UpdateCryptoKeyVersion []gax.CallOption
Encrypt []gax.CallOption
Decrypt []gax.CallOption
UpdateCryptoKeyPrimaryVersion []gax.CallOption
DestroyCryptoKeyVersion []gax.CallOption
RestoreCryptoKeyVersion []gax.CallOption
GetPublicKey []gax.CallOption
AsymmetricDecrypt []gax.CallOption
AsymmetricSign []gax.CallOption
}KeyManagementCallOptions contains the retry settings for each method of KeyManagementClient.
type KeyManagementClient struct {
// The call options for this service.
CallOptions *KeyManagementCallOptions
// contains filtered or unexported fields
}KeyManagementClient is a client for interacting with Cloud Key Management Service (KMS) API.
Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.
func NewKeyManagementClient(ctx context.Context, opts ...option.ClientOption) (*KeyManagementClient, error)
NewKeyManagementClient creates a new key management service client.
Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:
[KeyRing][google.cloud.kms.v1.KeyRing] [CryptoKey][google.cloud.kms.v1.CryptoKey] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
If you are using manual gRPC libraries, see Using gRPC with Cloud KMS (at https://cloud.google.com/kms/docs/grpc).
Code:
ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
// TODO: Handle error.
}
// TODO: Use client.
_ = c
func (c *KeyManagementClient) AsymmetricDecrypt(ctx context.Context, req *kmspb.AsymmetricDecryptRequest, opts ...gax.CallOption) (*kmspb.AsymmetricDecryptResponse, error)
AsymmetricDecrypt decrypts data that was encrypted with a public key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT.
Code:
ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
// TODO: Handle error.
}
req := &kmspb.AsymmetricDecryptRequest{
// TODO: Fill request struct fields.
}
resp, err := c.AsymmetricDecrypt(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
func (c *KeyManagementClient) AsymmetricSign(ctx context.Context, req *kmspb.AsymmetricSignRequest, opts ...gax.CallOption) (*kmspb.AsymmetricSignResponse, error)
AsymmetricSign signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
Code:
ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
// TODO: Handle error.
}
req := &kmspb.AsymmetricSignRequest{
// TODO: Fill request struct fields.
}
resp, err := c.AsymmetricSign(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
func (c *KeyManagementClient) Close() error
Close closes the connection to the API service. The user should invoke this when the client is no longer required.
func (c *KeyManagementClient) Connection() *grpc.ClientConn
Connection returns the client's connection to the API service.
func (c *KeyManagementClient) CreateCryptoKey(ctx context.Context, req *kmspb.CreateCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error)
CreateCryptoKey create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing].
[CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm] are required.
Code:
ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
// TODO: Handle error.
}
req := &kmspb.CreateCryptoKeyRequest{
// TODO: Fill request struct fields.
}
resp, err := c.CreateCryptoKey(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
func (c *KeyManagementClient) CreateCryptoKeyVersion(ctx context.Context, req *kmspb.CreateCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error)
CreateCryptoKeyVersion create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey].
The server will assign the next sequential id. If unset, [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].
Code:
ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
// TODO: Handle error.
}
req := &kmspb.CreateCryptoKeyVersionRequest{
// TODO: Fill request struct fields.
}
resp, err := c.CreateCryptoKeyVersion(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
func (c *KeyManagementClient) CreateKeyRing(ctx context.Context, req *kmspb.CreateKeyRingRequest, opts ...gax.CallOption) (*kmspb.KeyRing, error)
CreateKeyRing create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location.
Code:
ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
// TODO: Handle error.
}
req := &kmspb.CreateKeyRingRequest{
// TODO: Fill request struct fields.
}
resp, err := c.CreateKeyRing(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
CryptoKeyIAM returns a handle to inspect and change permissions of a CryptoKey.
Deprecated: Please use ResourceIAM and provide the CryptoKey.Name as input.
func (c *KeyManagementClient) Decrypt(ctx context.Context, req *kmspb.DecryptRequest, opts ...gax.CallOption) (*kmspb.DecryptResponse, error)
Decrypt decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
Code:
ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
// TODO: Handle error.
}
req := &kmspb.DecryptRequest{
// TODO: Fill request struct fields.
}
resp, err := c.Decrypt(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
func (c *KeyManagementClient) DestroyCryptoKeyVersion(ctx context.Context, req *kmspb.DestroyCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error)
DestroyCryptoKeyVersion schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to a time 24 hours in the future, at which point the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be changed to [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key material will be irrevocably destroyed.
Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached, [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process.
Code:
ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
// TODO: Handle error.
}
req := &kmspb.DestroyCryptoKeyVersionRequest{
// TODO: Fill request struct fields.
}
resp, err := c.DestroyCryptoKeyVersion(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
func (c *KeyManagementClient) Encrypt(ctx context.Context, req *kmspb.EncryptRequest, opts ...gax.CallOption) (*kmspb.EncryptResponse, error)
Encrypt encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
Code:
ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
// TODO: Handle error.
}
req := &kmspb.EncryptRequest{
// TODO: Fill request struct fields.
}
resp, err := c.Encrypt(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
func (c *KeyManagementClient) GetCryptoKey(ctx context.Context, req *kmspb.GetCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error)
GetCryptoKey returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
Code:
ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
// TODO: Handle error.
}
req := &kmspb.GetCryptoKeyRequest{
// TODO: Fill request struct fields.
}
resp, err := c.GetCryptoKey(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
func (c *KeyManagementClient) GetCryptoKeyVersion(ctx context.Context, req *kmspb.GetCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error)
GetCryptoKeyVersion returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
Code:
ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
// TODO: Handle error.
}
req := &kmspb.GetCryptoKeyVersionRequest{
// TODO: Fill request struct fields.
}
resp, err := c.GetCryptoKeyVersion(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
func (c *KeyManagementClient) GetKeyRing(ctx context.Context, req *kmspb.GetKeyRingRequest, opts ...gax.CallOption) (*kmspb.KeyRing, error)
GetKeyRing returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].
Code:
ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
// TODO: Handle error.
}
req := &kmspb.GetKeyRingRequest{
// TODO: Fill request struct fields.
}
resp, err := c.GetKeyRing(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
func (c *KeyManagementClient) GetPublicKey(ctx context.Context, req *kmspb.GetPublicKeyRequest, opts ...gax.CallOption) (*kmspb.PublicKey, error)
GetPublicKey returns the public key for the given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].
Code:
ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
// TODO: Handle error.
}
req := &kmspb.GetPublicKeyRequest{
// TODO: Fill request struct fields.
}
resp, err := c.GetPublicKey(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
KeyRingIAM returns a handle to inspect and change permissions of a KeyRing.
Deprecated: Please use ResourceIAM and provide the KeyRing.Name as input.
func (c *KeyManagementClient) ListCryptoKeyVersions(ctx context.Context, req *kmspb.ListCryptoKeyVersionsRequest, opts ...gax.CallOption) *CryptoKeyVersionIterator
ListCryptoKeyVersions lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion].
Code:
ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
// TODO: Handle error.
}
req := &kmspb.ListCryptoKeyVersionsRequest{
// TODO: Fill request struct fields.
}
it := c.ListCryptoKeyVersions(ctx, req)
for {
resp, err := it.Next()
if err == iterator.Done {
break
}
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
}
func (c *KeyManagementClient) ListCryptoKeys(ctx context.Context, req *kmspb.ListCryptoKeysRequest, opts ...gax.CallOption) *CryptoKeyIterator
ListCryptoKeys lists [CryptoKeys][google.cloud.kms.v1.CryptoKey].
Code:
ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
// TODO: Handle error.
}
req := &kmspb.ListCryptoKeysRequest{
// TODO: Fill request struct fields.
}
it := c.ListCryptoKeys(ctx, req)
for {
resp, err := it.Next()
if err == iterator.Done {
break
}
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
}
func (c *KeyManagementClient) ListKeyRings(ctx context.Context, req *kmspb.ListKeyRingsRequest, opts ...gax.CallOption) *KeyRingIterator
ListKeyRings lists [KeyRings][google.cloud.kms.v1.KeyRing].
Code:
ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
// TODO: Handle error.
}
req := &kmspb.ListKeyRingsRequest{
// TODO: Fill request struct fields.
}
it := c.ListKeyRings(ctx, req)
for {
resp, err := it.Next()
if err == iterator.Done {
break
}
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
}
func (c *KeyManagementClient) ResourceIAM(resourcePath string) *iam.Handle
ResourceIAM returns a handle to inspect and change permissions of the resource indicated by the given resource path.
Code:
ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
// TODO: Handle error.
}
// TODO: fill in key ring resource path
keyRing := "projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEY_RING]"
handle := c.ResourceIAM(keyRing)
policy, err := handle.Policy(ctx)
if err != nil {
// TODO: Handle error.
}
// TODO: Use policy.
_ = policy
func (c *KeyManagementClient) RestoreCryptoKeyVersion(ctx context.Context, req *kmspb.RestoreCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error)
RestoreCryptoKeyVersion restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] state.
Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED], and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared.
Code:
ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
// TODO: Handle error.
}
req := &kmspb.RestoreCryptoKeyVersionRequest{
// TODO: Fill request struct fields.
}
resp, err := c.RestoreCryptoKeyVersion(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
func (c *KeyManagementClient) UpdateCryptoKey(ctx context.Context, req *kmspb.UpdateCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error)
UpdateCryptoKey update a [CryptoKey][google.cloud.kms.v1.CryptoKey].
Code:
ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
// TODO: Handle error.
}
req := &kmspb.UpdateCryptoKeyRequest{
// TODO: Fill request struct fields.
}
resp, err := c.UpdateCryptoKey(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
func (c *KeyManagementClient) UpdateCryptoKeyPrimaryVersion(ctx context.Context, req *kmspb.UpdateCryptoKeyPrimaryVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKey, error)
UpdateCryptoKeyPrimaryVersion update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
Returns an error if called on an asymmetric key.
Code:
ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
// TODO: Handle error.
}
req := &kmspb.UpdateCryptoKeyPrimaryVersionRequest{
// TODO: Fill request struct fields.
}
resp, err := c.UpdateCryptoKeyPrimaryVersion(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
func (c *KeyManagementClient) UpdateCryptoKeyVersion(ctx context.Context, req *kmspb.UpdateCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion, error)
UpdateCryptoKeyVersion update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata.
[state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] and [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to move between other states.
Code:
ctx := context.Background()
c, err := kms.NewKeyManagementClient(ctx)
if err != nil {
// TODO: Handle error.
}
req := &kmspb.UpdateCryptoKeyVersionRequest{
// TODO: Fill request struct fields.
}
resp, err := c.UpdateCryptoKeyVersion(ctx, req)
if err != nil {
// TODO: Handle error.
}
// TODO: Use resp.
_ = resp
type KeyRingIterator struct {
// InternalFetch is for use by the Google Cloud Libraries only.
// It is not part of the stable interface of this package.
//
// InternalFetch returns results from a single call to the underlying RPC.
// The number of results is no greater than pageSize.
// If there are no more results, nextPageToken is empty and err is nil.
InternalFetch func(pageSize int, pageToken string) (results []*kmspb.KeyRing, nextPageToken string, err error)
// contains filtered or unexported fields
}KeyRingIterator manages a stream of *kmspb.KeyRing.
func (it *KeyRingIterator) Next() (*kmspb.KeyRing, error)
Next returns the next result. Its second return value is iterator.Done if there are no more results. Once Next returns Done, all subsequent calls will return Done.
func (it *KeyRingIterator) PageInfo() *iterator.PageInfo
PageInfo supports pagination. See the google.golang.org/api/iterator package for details.
Package kms imports 17 packages (graph) and is imported by 13 packages. Updated 2019-06-13. Refresh now. Tools for package owners.