Key Management Service API, REST: SymmetricKey methods
Set of methods for managing symmetric KMS keys.
JSON Representation
{
"id": "string",
"folderId": "string",
"createdAt": "string",
"name": "string",
"description": "string",
"labels": "object",
"status": "string",
"primaryVersion": {
"id": "string",
"keyId": "string",
"status": "string",
"algorithm": "string",
"createdAt": "string",
"primary": true,
"destroyAt": "string",
"hostedByHsm": true
},
"defaultAlgorithm": "string",
"rotatedAt": "string",
"rotationPeriod": "string",
"deletionProtection": true
}
Field | Description |
---|---|
id | string ID of the key. |
folderId | string ID of the folder that the key belongs to. |
createdAt | string (date-time) Time when the key was created. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits). |
name | string Name of the key. |
description | string Description of the key. |
labels | object Custom labels for the key as |
status | string Current status of the key. |
primaryVersion | object Primary version of the key, used as the default for all encrypt/decrypt operations, when no version ID is specified. Symmetric KMS key version: metadata about actual cryptographic data. |
primaryVersion. id |
string ID of the key version. |
primaryVersion. keyId |
string ID of the symmetric KMS key that the version belongs to. |
primaryVersion. status |
string Status of the key version. Possible version status.
|
primaryVersion. algorithm |
string Encryption algorithm that should be used when using the key version to encrypt plaintext. Supported symmetric encryption algorithms.
|
primaryVersion. createdAt |
string (date-time) Time when the key version was created. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits). |
primaryVersion. primary |
boolean (boolean) Indication of a primary version, that is to be used by default for all cryptographic operations that don't have a key version explicitly specified. |
primaryVersion. destroyAt |
string (date-time) Time when the key version is going to be destroyed. Empty unless the status is String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits). |
primaryVersion. hostedByHsm |
boolean (boolean) Indication of the version that is hosted by HSM. |
defaultAlgorithm | string Default encryption algorithm to be used with new versions of the key. Supported symmetric encryption algorithms.
|
rotatedAt | string (date-time) Time of the last key rotation (time when the last version was created). Empty if the key does not have versions yet. String in RFC3339 text format. The range of possible values is from To work with values in this field, use the APIs described in the Protocol Buffers reference. In some languages, built-in datetime utilities do not support nanosecond precision (9 digits). |
rotationPeriod | string Time period between automatic key rotations. |
deletionProtection | boolean (boolean) Flag that inhibits deletion of the key |
Methods
Method | Description |
---|---|
cancelVersionDestruction | Cancels previously scheduled version destruction, if the version hasn't been destroyed yet. |
create | Creates a symmetric KMS key in the specified folder. |
delete | Deletes the specified symmetric KMS key. This action also automatically schedules the destruction of all of the key's versions in 72 hours. |
get | Returns the specified symmetric KMS key. |
list | Returns the list of symmetric KMS keys in the specified folder. |
listAccessBindings | Lists existing access bindings for the specified key. |
listOperations | Lists operations for the specified symmetric KMS key. |
listVersions | Returns the list of versions of the specified symmetric KMS key. |
rotate | Rotates the specified key: creates a new key version and makes it the primary version. The old version remains available for decryption of ciphertext encrypted with it. |
scheduleVersionDestruction | Schedules the specified key version for destruction. |
setAccessBindings | Sets access bindings for the key. |
setPrimaryVersion | Sets the primary version for the specified key. The primary version is used by default for all encrypt/decrypt operations where no version ID is specified. |
update | Updates the specified symmetric KMS key. |
updateAccessBindings | Updates access bindings for the specified key. |