Package com.google.cloud.kms.v1

Interface KeyManagementServiceGrpc.AsyncService

  • All Known Implementing Classes:
    KeyManagementServiceGrpc.KeyManagementServiceImplBase
    Enclosing class:
    KeyManagementServiceGrpc
    public static interface KeyManagementServiceGrpc.AsyncService
     Google Cloud Key Management Service
 Manages cryptographic keys and operations using those keys. Implements a REST
 model with the following objects:
 * [KeyRing][google.cloud.kms.v1.KeyRing]
 * [CryptoKey][google.cloud.kms.v1.CryptoKey]
 * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
 * [ImportJob][google.cloud.kms.v1.ImportJob]
 If you are using manual gRPC libraries, see
 [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc).

    • Method Detail

      • getKeyRing

        default void getKeyRing​(GetKeyRingRequest request,
                        io.grpc.stub.StreamObserver<KeyRing> responseObserver)
         Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing].

      • getCryptoKey

        default void getCryptoKey​(GetCryptoKeyRequest request,
                          io.grpc.stub.StreamObserver<CryptoKey> responseObserver)
         Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as
 well as its [primary][google.cloud.kms.v1.CryptoKey.primary]
 [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].

      • getCryptoKeyVersion

        default void getCryptoKeyVersion​(GetCryptoKeyVersionRequest request,
                                 io.grpc.stub.StreamObserver<CryptoKeyVersion> responseObserver)
         Returns metadata for a given
 [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].

      • getPublicKey

        default void getPublicKey​(GetPublicKeyRequest request,
                          io.grpc.stub.StreamObserver<PublicKey> responseObserver)
         Returns the public key for the given
 [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The
 [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
 [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN]
 or
 [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT].

      • getImportJob

        default void getImportJob​(GetImportJobRequest request,
                          io.grpc.stub.StreamObserver<ImportJob> responseObserver)
         Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob].

      • createKeyRing

        default void createKeyRing​(CreateKeyRingRequest request,
                           io.grpc.stub.StreamObserver<KeyRing> responseObserver)
         Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and
 Location.

      • createCryptoKey

        default void createCryptoKey​(CreateCryptoKeyRequest request,
                             io.grpc.stub.StreamObserver<CryptoKey> responseObserver)
         Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a
 [KeyRing][google.cloud.kms.v1.KeyRing].
 [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and
 [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]
 are required.

      • createCryptoKeyVersion

        default void createCryptoKeyVersion​(CreateCryptoKeyVersionRequest request,
                                    io.grpc.stub.StreamObserver<CryptoKeyVersion> responseObserver)
         Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a
 [CryptoKey][google.cloud.kms.v1.CryptoKey].
 The server will assign the next sequential id. If unset,
 [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
 [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED].

      • importCryptoKeyVersion

        default void importCryptoKeyVersion​(ImportCryptoKeyVersionRequest request,
                                    io.grpc.stub.StreamObserver<CryptoKeyVersion> responseObserver)
         Import wrapped key material into a
 [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
 All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If
 a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is additionally
 specified in the request, key material will be reimported into that
 version. Otherwise, a new version will be created, and will be assigned the
 next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].

      • createImportJob

        default void createImportJob​(CreateImportJobRequest request,
                             io.grpc.stub.StreamObserver<ImportJob> responseObserver)
         Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a
 [KeyRing][google.cloud.kms.v1.KeyRing].
 [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is
 required.

      • updateCryptoKey

        default void updateCryptoKey​(UpdateCryptoKeyRequest request,
                             io.grpc.stub.StreamObserver<CryptoKey> responseObserver)
         Update a [CryptoKey][google.cloud.kms.v1.CryptoKey].

      • updateCryptoKeyVersion

        default void updateCryptoKeyVersion​(UpdateCryptoKeyVersionRequest request,
                                    io.grpc.stub.StreamObserver<CryptoKeyVersion> responseObserver)
         Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s
 metadata.
 [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between
 [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]
 and
 [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED]
 using this method. See
 [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion]
 and
 [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
 to move between other states.

      • updateCryptoKeyPrimaryVersion

        default void updateCryptoKeyPrimaryVersion​(UpdateCryptoKeyPrimaryVersionRequest request,
                                           io.grpc.stub.StreamObserver<CryptoKey> responseObserver)
         Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that
 will be used in
 [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
 Returns an error if called on a key whose purpose is not
 [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].

      • destroyCryptoKeyVersion

        default void destroyCryptoKeyVersion​(DestroyCryptoKeyVersionRequest request,
                                     io.grpc.stub.StreamObserver<CryptoKeyVersion> responseObserver)
         Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for
 destruction.
 Upon calling this method,
 [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will
 be set to
 [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
 and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
 be set to the time
 [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration]
 in the future. At that time, the
 [state][google.cloud.kms.v1.CryptoKeyVersion.state] will automatically
 change to
 [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED],
 and the key material will be irrevocably destroyed.
 Before the
 [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is
 reached,
 [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion]
 may be called to reverse the process.

      • restoreCryptoKeyVersion

        default void restoreCryptoKeyVersion​(RestoreCryptoKeyVersionRequest request,
                                     io.grpc.stub.StreamObserver<CryptoKeyVersion> responseObserver)
         Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the
 [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
 state.
 Upon restoration of the CryptoKeyVersion,
 [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
 [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],
 and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will
 be cleared.

      • encrypt

        default void encrypt​(EncryptRequest request,
                     io.grpc.stub.StreamObserver<EncryptResponse> responseObserver)
         Encrypts data, so that it can only be recovered by a call to
 [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]. The
 [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
 [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].

      • decrypt

        default void decrypt​(DecryptRequest request,
                     io.grpc.stub.StreamObserver<DecryptResponse> responseObserver)
         Decrypts data that was protected by
 [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The
 [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
 [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].

      • rawEncrypt

        default void rawEncrypt​(RawEncryptRequest request,
                        io.grpc.stub.StreamObserver<RawEncryptResponse> responseObserver)
         Encrypts data using portable cryptographic primitives. Most users should
 choose [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and
 [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt] rather than
 their raw counterparts. The
 [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
 [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT].

      • rawDecrypt

        default void rawDecrypt​(RawDecryptRequest request,
                        io.grpc.stub.StreamObserver<RawDecryptResponse> responseObserver)
         Decrypts data that was originally encrypted using a raw cryptographic
 mechanism. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
 must be
 [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT].

      • asymmetricSign

        default void asymmetricSign​(AsymmetricSignRequest request,
                            io.grpc.stub.StreamObserver<AsymmetricSignResponse> responseObserver)
         Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
 with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
 ASYMMETRIC_SIGN, producing a signature that can be verified with the public
 key retrieved from
 [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].

      • asymmetricDecrypt

        default void asymmetricDecrypt​(AsymmetricDecryptRequest request,
                               io.grpc.stub.StreamObserver<AsymmetricDecryptResponse> responseObserver)
         Decrypts data that was encrypted with a public key retrieved from
 [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]
 corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
 with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]
 ASYMMETRIC_DECRYPT.

      • macSign

        default void macSign​(MacSignRequest request,
                     io.grpc.stub.StreamObserver<MacSignResponse> responseObserver)
         Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]
 with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC,
 producing a tag that can be verified by another source with the same key.

      • macVerify

        default void macVerify​(MacVerifyRequest request,
                       io.grpc.stub.StreamObserver<MacVerifyResponse> responseObserver)
         Verifies MAC tag using a
 [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with
 [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] MAC, and returns
 a response that indicates whether or not the verification was successful.