Skip to main content

types

SymmetricKey

A symmetric KMS key that may contain several versions of the cryptographic material.

Status

  • STATUS_UNSPECIFIED

  • CREATING

    The key is being created.

  • ACTIVE

    The key is active and can be used for encryption and decryption. Can be set to INACTIVE using the [SymmetricKeyService.Update][1] method.

  • INACTIVE

    The key is inactive and unusable. Can be set to ACTIVE using the [SymmetricKeyService.Update][2] method.

id : string

ID of the key.

folderId : string

ID of the folder that the key belongs to.

createdAt : google.protobuf.Timestamp

Time when the key was created.

name : string

Name of the key.

description : string

Description of the key.

labels : string

Custom labels for the key as key:value pairs. Maximum 64 per key.

status : Status

Current status of the key.

primaryVersion : SymmetricKeyVersion

Primary version of the key, used as the default for all encrypt/decrypt operations, when no version ID is specified.

defaultAlgorithm : SymmetricAlgorithm

Default encryption algorithm to be used with new versions of the key.

rotatedAt : google.protobuf.Timestamp

Time of the last key rotation (time when the last version was created). Empty if the key does not have versions yet.

rotationPeriod : google.protobuf.Duration

Time period between automatic key rotations.

deletionProtection : bool

Flag that inhibits deletion of the key

SymmetricKeyVersion

Symmetric KMS key version: metadata about actual cryptographic data.

Status

Possible version status.

  • STATUS_UNSPECIFIED

    Possible version status.

  • ACTIVE

    The version is active and can be used for encryption and decryption.

  • SCHEDULED_FOR_DESTRUCTION

    The version is scheduled for destruction, the time when it will be destroyed is specified in the [SymmetricKeyVersion.destroy_at][3] field.

  • DESTROYED

    The version is destroyed and cannot be recovered.

id : string

ID of the key version.

keyId : string

ID of the symmetric KMS key that the version belongs to.

status : Status

Status of the key version.

algorithm : SymmetricAlgorithm

Encryption algorithm that should be used when using the key version to encrypt plaintext.

createdAt : google.protobuf.Timestamp

Time when the key version was created.

primary : bool

Indication of a primary version, that is to be used by default for all cryptographic operations that don't have a key version explicitly specified.

destroyAt : google.protobuf.Timestamp

Time when the key version is going to be destroyed. Empty unless the status is SCHEDULED_FOR_DESTRUCTION.

hostedByHsm : bool

Indication of the version that is hosted by HSM.