class Google::Cloud::Kms::V1::KeyManagementService::Client

Client for the KeyManagementService service.

Google Cloud Key Management Service

Manages cryptographic keys and operations using those keys. Implements a REST model with the following objects:

If you are using manual gRPC libraries, see [Using gRPC with Cloud KMS](cloud.google.com/kms/docs/grpc).

Attributes

key_management_service_stub[R]

@private

Public Class Methods

configure() { |configure| ... } click to toggle source

Configure the KeyManagementService Client class.

See {::Google::Cloud::Kms::V1::KeyManagementService::Client::Configuration} for a description of the configuration fields.

@example

# Modify the configuration for all KeyManagementService clients
::Google::Cloud::Kms::V1::KeyManagementService::Client.configure do |config|
  config.timeout = 10.0
end

@yield [config] Configure the Client client. @yieldparam config [Client::Configuration]

@return [Client::Configuration]

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 67
def self.configure
  @configure ||= begin
    namespace = ["Google", "Cloud", "Kms", "V1"]
    parent_config = while namespace.any?
                      parent_name = namespace.join "::"
                      parent_const = const_get parent_name
                      break parent_const.configure if parent_const.respond_to? :configure
                      namespace.pop
                    end
    default_config = Client::Configuration.new parent_config

    default_config.rpcs.list_key_rings.timeout = 60.0
    default_config.rpcs.list_key_rings.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.list_crypto_keys.timeout = 60.0
    default_config.rpcs.list_crypto_keys.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.list_crypto_key_versions.timeout = 60.0
    default_config.rpcs.list_crypto_key_versions.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.list_import_jobs.timeout = 60.0
    default_config.rpcs.list_import_jobs.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.get_key_ring.timeout = 60.0
    default_config.rpcs.get_key_ring.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.get_crypto_key.timeout = 60.0
    default_config.rpcs.get_crypto_key.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.get_crypto_key_version.timeout = 60.0
    default_config.rpcs.get_crypto_key_version.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.get_public_key.timeout = 60.0
    default_config.rpcs.get_public_key.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.get_import_job.timeout = 60.0
    default_config.rpcs.get_import_job.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.create_key_ring.timeout = 60.0
    default_config.rpcs.create_key_ring.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.create_crypto_key.timeout = 60.0
    default_config.rpcs.create_crypto_key.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.create_crypto_key_version.timeout = 60.0

    default_config.rpcs.import_crypto_key_version.timeout = 60.0

    default_config.rpcs.create_import_job.timeout = 60.0
    default_config.rpcs.create_import_job.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.update_crypto_key.timeout = 60.0
    default_config.rpcs.update_crypto_key.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.update_crypto_key_version.timeout = 60.0
    default_config.rpcs.update_crypto_key_version.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.update_crypto_key_primary_version.timeout = 60.0
    default_config.rpcs.update_crypto_key_primary_version.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.destroy_crypto_key_version.timeout = 60.0
    default_config.rpcs.destroy_crypto_key_version.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.restore_crypto_key_version.timeout = 60.0
    default_config.rpcs.restore_crypto_key_version.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.encrypt.timeout = 60.0
    default_config.rpcs.encrypt.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.decrypt.timeout = 60.0
    default_config.rpcs.decrypt.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.asymmetric_sign.timeout = 60.0
    default_config.rpcs.asymmetric_sign.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config.rpcs.asymmetric_decrypt.timeout = 60.0
    default_config.rpcs.asymmetric_decrypt.retry_policy = {
      initial_delay: 0.1, max_delay: 60.0, multiplier: 1.3, retry_codes: [14, 4]
    }

    default_config
  end
  yield @configure if block_given?
  @configure
end
new() { |config| ... } click to toggle source

Create a new KeyManagementService client object.

@example

# Create a client using the default configuration
client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new

# Create a client using a custom configuration
client = ::Google::Cloud::Kms::V1::KeyManagementService::Client.new do |config|
  config.timeout = 10.0
end

@yield [config] Configure the KeyManagementService client. @yieldparam config [Client::Configuration]

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 229
def initialize
  # These require statements are intentionally placed here to initialize
  # the gRPC module only when it's required.
  # See https://github.com/googleapis/toolkit/issues/446
  require "gapic/grpc"
  require "google/cloud/kms/v1/service_services_pb"

  # Create the configuration object
  @config = Configuration.new Client.configure

  # Yield the configuration if needed
  yield @config if block_given?

  # Create credentials
  credentials = @config.credentials
  # Use self-signed JWT if the endpoint is unchanged from default,
  # but only if the default endpoint does not have a region prefix.
  enable_self_signed_jwt = @config.endpoint == Client.configure.endpoint &&
                           !@config.endpoint.split(".").first.include?("-")
  credentials ||= Credentials.default scope: @config.scope,
                                      enable_self_signed_jwt: enable_self_signed_jwt
  if credentials.is_a?(::String) || credentials.is_a?(::Hash)
    credentials = Credentials.new credentials, scope: @config.scope
  end
  @quota_project_id = @config.quota_project
  @quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id

  @key_management_service_stub = ::Gapic::ServiceStub.new(
    ::Google::Cloud::Kms::V1::KeyManagementService::Stub,
    credentials:  credentials,
    endpoint:     @config.endpoint,
    channel_args: @config.channel_args,
    interceptors: @config.interceptors
  )
end

Public Instance Methods

asymmetric_decrypt(request, options = nil) { |response, operation| ... } click to toggle source

Decrypts data that was encrypted with a public key retrieved from {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey} corresponding to a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} ASYMMETRIC_DECRYPT.

@overload asymmetric_decrypt(request, options = nil)

Pass arguments to `asymmetric_decrypt` via a request object, either of type
{::Google::Cloud::Kms::V1::AsymmetricDecryptRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::AsymmetricDecryptRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload asymmetric_decrypt(name: nil, ciphertext: nil, ciphertext_crc32c: nil)

Pass arguments to `asymmetric_decrypt` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param name [::String]
  Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for
  decryption.
@param ciphertext [::String]
  Required. The data encrypted with the named {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s public
  key using OAEP.
@param ciphertext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
  Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}.
  If specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
  received {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext} using this checksum.
  {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
  fails. If you receive a checksum error, your client should verify that
  CRC32C({::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext AsymmetricDecryptRequest.ciphertext}) is equal to
  {::Google::Cloud::Kms::V1::AsymmetricDecryptRequest#ciphertext_crc32c AsymmetricDecryptRequest.ciphertext_crc32c}, and if so, perform a
  limited number of retries. A persistent mismatch may indicate an issue in
  your computation of the CRC32C checksum.
  Note: This field is defined as int64 for reasons of compatibility across
  different languages. However, it is a non-negative integer, which will
  never exceed 2^32-1, and can be safely downconverted to uint32 in languages
  that support this type.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::Kms::V1::AsymmetricDecryptResponse] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::Kms::V1::AsymmetricDecryptResponse]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 2139
def asymmetric_decrypt request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::AsymmetricDecryptRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.asymmetric_decrypt.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "name" => request.name
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.asymmetric_decrypt.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.asymmetric_decrypt.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :asymmetric_decrypt, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
asymmetric_sign(request, options = nil) { |response, operation| ... } click to toggle source

Signs data using a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from {::Google::Cloud::Kms::V1::KeyManagementService::Client#get_public_key GetPublicKey}.

@overload asymmetric_sign(request, options = nil)

Pass arguments to `asymmetric_sign` via a request object, either of type
{::Google::Cloud::Kms::V1::AsymmetricSignRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::AsymmetricSignRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload asymmetric_sign(name: nil, digest: nil, digest_crc32c: nil)

Pass arguments to `asymmetric_sign` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param name [::String]
  Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for signing.
@param digest [::Google::Cloud::Kms::V1::Digest, ::Hash]
  Required. The digest of the data to sign. The digest must be produced with
  the same digest algorithm as specified by the key version's
  {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm}.
@param digest_crc32c [::Google::Protobuf::Int64Value, ::Hash]
  Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}. If
  specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
  received {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest} using this checksum.
  {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
  fails. If you receive a checksum error, your client should verify that
  CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest AsymmetricSignRequest.digest}) is equal to
  {::Google::Cloud::Kms::V1::AsymmetricSignRequest#digest_crc32c AsymmetricSignRequest.digest_crc32c}, and if so, perform a limited
  number of retries. A persistent mismatch may indicate an issue in your
  computation of the CRC32C checksum.
  Note: This field is defined as int64 for reasons of compatibility across
  different languages. However, it is a non-negative integer, which will
  never exceed 2^32-1, and can be safely downconverted to uint32 in languages
  that support this type.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::Kms::V1::AsymmetricSignResponse] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::Kms::V1::AsymmetricSignResponse]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 2051
def asymmetric_sign request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::AsymmetricSignRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.asymmetric_sign.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "name" => request.name
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.asymmetric_sign.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.asymmetric_sign.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :asymmetric_sign, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
configure() { |config| ... } click to toggle source

Configure the KeyManagementService Client instance.

The configuration is set to the derived mode, meaning that values can be changed, but structural changes (adding new fields, etc.) are not allowed. Structural changes should be made on {Client.configure}.

See {::Google::Cloud::Kms::V1::KeyManagementService::Client::Configuration} for a description of the configuration fields.

@yield [config] Configure the Client client. @yieldparam config [Client::Configuration]

@return [Client::Configuration]

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 208
def configure
  yield @config if block_given?
  @config
end
create_crypto_key(request, options = nil) { |response, operation| ... } click to toggle source

Create a new {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} within a {::Google::Cloud::Kms::V1::KeyRing KeyRing}.

{::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} and {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#algorithm CryptoKey.version_template.algorithm} are required.

@overload create_crypto_key(request, options = nil)

Pass arguments to `create_crypto_key` via a request object, either of type
{::Google::Cloud::Kms::V1::CreateCryptoKeyRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::CreateCryptoKeyRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload create_crypto_key(parent: nil, crypto_key_id: nil, crypto_key: nil, skip_initial_version_creation: nil)

Pass arguments to `create_crypto_key` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param parent [::String]
  Required. The {::Google::Cloud::Kms::V1::KeyRing#name name} of the KeyRing associated with the
  {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys}.
@param crypto_key_id [::String]
  Required. It must be unique within a KeyRing and match the regular
  expression `[a-zA-Z0-9_-]{1,63}`
@param crypto_key [::Google::Cloud::Kms::V1::CryptoKey, ::Hash]
  Required. A {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} with initial field values.
@param skip_initial_version_creation [::Boolean]
  If set to true, the request will create a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} without any
  {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}. You must manually call
  {::Google::Cloud::Kms::V1::KeyManagementService::Client#create_crypto_key_version CreateCryptoKeyVersion} or
  {::Google::Cloud::Kms::V1::KeyManagementService::Client#import_crypto_key_version ImportCryptoKeyVersion}
  before you can use this {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::Kms::V1::CryptoKey] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::Kms::V1::CryptoKey]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 1088
def create_crypto_key request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::CreateCryptoKeyRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.create_crypto_key.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "parent" => request.parent
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.create_crypto_key.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.create_crypto_key.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :create_crypto_key, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
create_crypto_key_version(request, options = nil) { |response, operation| ... } click to toggle source

Create a new {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} in a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}.

The server will assign the next sequential id. If unset, {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state} will be set to {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED}.

@overload create_crypto_key_version(request, options = nil)

Pass arguments to `create_crypto_key_version` via a request object, either of type
{::Google::Cloud::Kms::V1::CreateCryptoKeyVersionRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::CreateCryptoKeyVersionRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload create_crypto_key_version(parent: nil, crypto_key_version: nil)

Pass arguments to `create_crypto_key_version` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param parent [::String]
  Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} associated with
  the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}.
@param crypto_key_version [::Google::Cloud::Kms::V1::CryptoKeyVersion, ::Hash]
  Required. A {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with initial field values.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::Kms::V1::CryptoKeyVersion]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 1163
def create_crypto_key_version request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::CreateCryptoKeyVersionRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.create_crypto_key_version.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "parent" => request.parent
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.create_crypto_key_version.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.create_crypto_key_version.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :create_crypto_key_version, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
create_import_job(request, options = nil) { |response, operation| ... } click to toggle source

Create a new {::Google::Cloud::Kms::V1::ImportJob ImportJob} within a {::Google::Cloud::Kms::V1::KeyRing KeyRing}.

{::Google::Cloud::Kms::V1::ImportJob#import_method ImportJob.import_method} is required.

@overload create_import_job(request, options = nil)

Pass arguments to `create_import_job` via a request object, either of type
{::Google::Cloud::Kms::V1::CreateImportJobRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::CreateImportJobRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload create_import_job(parent: nil, import_job_id: nil, import_job: nil)

Pass arguments to `create_import_job` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param parent [::String]
  Required. The {::Google::Cloud::Kms::V1::KeyRing#name name} of the {::Google::Cloud::Kms::V1::KeyRing KeyRing} associated with the
  {::Google::Cloud::Kms::V1::ImportJob ImportJobs}.
@param import_job_id [::String]
  Required. It must be unique within a KeyRing and match the regular
  expression `[a-zA-Z0-9_-]{1,63}`
@param import_job [::Google::Cloud::Kms::V1::ImportJob, ::Hash]
  Required. An {::Google::Cloud::Kms::V1::ImportJob ImportJob} with initial field values.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::Kms::V1::ImportJob] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::Kms::V1::ImportJob]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 1363
def create_import_job request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::CreateImportJobRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.create_import_job.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "parent" => request.parent
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.create_import_job.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.create_import_job.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :create_import_job, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
create_key_ring(request, options = nil) { |response, operation| ... } click to toggle source

Create a new {::Google::Cloud::Kms::V1::KeyRing KeyRing} in a given Project and Location.

@overload create_key_ring(request, options = nil)

Pass arguments to `create_key_ring` via a request object, either of type
{::Google::Cloud::Kms::V1::CreateKeyRingRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::CreateKeyRingRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload create_key_ring(parent: nil, key_ring_id: nil, key_ring: nil)

Pass arguments to `create_key_ring` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param parent [::String]
  Required. The resource name of the location associated with the
  {::Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format `projects/*/locations/*`.
@param key_ring_id [::String]
  Required. It must be unique within a location and match the regular
  expression `[a-zA-Z0-9_-]{1,63}`
@param key_ring [::Google::Cloud::Kms::V1::KeyRing, ::Hash]
  Required. A {::Google::Cloud::Kms::V1::KeyRing KeyRing} with initial field values.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::Kms::V1::KeyRing] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::Kms::V1::KeyRing]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 1004
def create_key_ring request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::CreateKeyRingRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.create_key_ring.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "parent" => request.parent
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.create_key_ring.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.create_key_ring.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :create_key_ring, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
decrypt(request, options = nil) { |response, operation| ... } click to toggle source

Decrypts data that was protected by {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt}. The {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} must be {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.

@overload decrypt(request, options = nil)

Pass arguments to `decrypt` via a request object, either of type
{::Google::Cloud::Kms::V1::DecryptRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::DecryptRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload decrypt(name: nil, ciphertext: nil, additional_authenticated_data: nil, ciphertext_crc32c: nil, additional_authenticated_data_crc32c: nil)

Pass arguments to `decrypt` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param name [::String]
  Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to use for decryption.
  The server will choose the appropriate version.
@param ciphertext [::String]
  Required. The encrypted data originally returned in
  {::Google::Cloud::Kms::V1::EncryptResponse#ciphertext EncryptResponse.ciphertext}.
@param additional_authenticated_data [::String]
  Optional. Optional data that must match the data originally supplied in
  {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}.
@param ciphertext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
  Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}. If
  specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
  received {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext} using this checksum.
  {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
  fails. If you receive a checksum error, your client should verify that
  CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#ciphertext DecryptRequest.ciphertext}) is equal to
  {::Google::Cloud::Kms::V1::DecryptRequest#ciphertext_crc32c DecryptRequest.ciphertext_crc32c}, and if so, perform a limited number
  of retries. A persistent mismatch may indicate an issue in your computation
  of the CRC32C checksum.
  Note: This field is defined as int64 for reasons of compatibility across
  different languages. However, it is a non-negative integer, which will
  never exceed 2^32-1, and can be safely downconverted to uint32 in languages
  that support this type.
@param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
  Optional. An optional CRC32C checksum of the
  {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}. If specified,
  {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
  {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data} using this checksum.
  {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
  fails. If you receive a checksum error, your client should verify that
  CRC32C({::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}) is equal to
  {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data_crc32c DecryptRequest.additional_authenticated_data_crc32c}, and if so, perform
  a limited number of retries. A persistent mismatch may indicate an issue in
  your computation of the CRC32C checksum.
  Note: This field is defined as int64 for reasons of compatibility across
  different languages. However, it is a non-negative integer, which will
  never exceed 2^32-1, and can be safely downconverted to uint32 in languages
  that support this type.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::Kms::V1::DecryptResponse] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::Kms::V1::DecryptResponse]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 1963
def decrypt request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::DecryptRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.decrypt.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "name" => request.name
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.decrypt.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.decrypt.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :decrypt, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
destroy_crypto_key_version(request, options = nil) { |response, operation| ... } click to toggle source

Schedule a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} for destruction.

Upon calling this method, {::Google::Cloud::Kms::V1::CryptoKeyVersion#state CryptoKeyVersion.state} will be set to {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED}, and {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will be set to the time {::Google::Cloud::Kms::V1::CryptoKey#destroy_scheduled_duration destroy_scheduled_duration} in the future. At that time, the {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state} will automatically change to {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED}, and the key material will be irrevocably destroyed.

Before the {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} is reached, {::Google::Cloud::Kms::V1::KeyManagementService::Client#restore_crypto_key_version RestoreCryptoKeyVersion} may be called to reverse the process.

@overload destroy_crypto_key_version(request, options = nil)

Pass arguments to `destroy_crypto_key_version` via a request object, either of type
{::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload destroy_crypto_key_version(name: nil)

Pass arguments to `destroy_crypto_key_version` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param name [::String]
  Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to destroy.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::Kms::V1::CryptoKeyVersion]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 1662
def destroy_crypto_key_version request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::DestroyCryptoKeyVersionRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.destroy_crypto_key_version.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "name" => request.name
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.destroy_crypto_key_version.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.destroy_crypto_key_version.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :destroy_crypto_key_version, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
encrypt(request, options = nil) { |response, operation| ... } click to toggle source

Encrypts data, so that it can only be recovered by a call to {::Google::Cloud::Kms::V1::KeyManagementService::Client#decrypt Decrypt}. The {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} must be {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.

@overload encrypt(request, options = nil)

Pass arguments to `encrypt` via a request object, either of type
{::Google::Cloud::Kms::V1::EncryptRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::EncryptRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload encrypt(name: nil, plaintext: nil, additional_authenticated_data: nil, plaintext_crc32c: nil, additional_authenticated_data_crc32c: nil)

Pass arguments to `encrypt` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param name [::String]
  Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} or {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}
  to use for encryption.

  If a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} is specified, the server will use its
  {::Google::Cloud::Kms::V1::CryptoKey#primary primary version}.
@param plaintext [::String]
  Required. The data to encrypt. Must be no larger than 64KiB.

  The maximum size depends on the key version's
  {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}. For
  {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the plaintext must be no larger
  than 64KiB. For {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of the
  plaintext and additional_authenticated_data fields must be no larger than
  8KiB.
@param additional_authenticated_data [::String]
  Optional. Optional data that, if specified, must also be provided during decryption
  through {::Google::Cloud::Kms::V1::DecryptRequest#additional_authenticated_data DecryptRequest.additional_authenticated_data}.

  The maximum size depends on the key version's
  {::Google::Cloud::Kms::V1::CryptoKeyVersionTemplate#protection_level protection_level}. For
  {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE} keys, the AAD must be no larger than
  64KiB. For {::Google::Cloud::Kms::V1::ProtectionLevel::HSM HSM} keys, the combined length of the
  plaintext and additional_authenticated_data fields must be no larger than
  8KiB.
@param plaintext_crc32c [::Google::Protobuf::Int64Value, ::Hash]
  Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}. If
  specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
  received {::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext} using this checksum.
  {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
  fails. If you receive a checksum error, your client should verify that
  CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#plaintext EncryptRequest.plaintext}) is equal to
  {::Google::Cloud::Kms::V1::EncryptRequest#plaintext_crc32c EncryptRequest.plaintext_crc32c}, and if so, perform a limited number of
  retries. A persistent mismatch may indicate an issue in your computation of
  the CRC32C checksum.
  Note: This field is defined as int64 for reasons of compatibility across
  different languages. However, it is a non-negative integer, which will
  never exceed 2^32-1, and can be safely downconverted to uint32 in languages
  that support this type.
@param additional_authenticated_data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
  Optional. An optional CRC32C checksum of the
  {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}. If specified,
  {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the received
  {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data} using this checksum.
  {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
  fails. If you receive a checksum error, your client should verify that
  CRC32C({::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data EncryptRequest.additional_authenticated_data}) is equal to
  {::Google::Cloud::Kms::V1::EncryptRequest#additional_authenticated_data_crc32c EncryptRequest.additional_authenticated_data_crc32c}, and if so, perform
  a limited number of retries. A persistent mismatch may indicate an issue in
  your computation of the CRC32C checksum.
  Note: This field is defined as int64 for reasons of compatibility across
  different languages. However, it is a non-negative integer, which will
  never exceed 2^32-1, and can be safely downconverted to uint32 in languages
  that support this type.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::Kms::V1::EncryptResponse] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::Kms::V1::EncryptResponse]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 1858
def encrypt request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::EncryptRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.encrypt.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "name" => request.name
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.encrypt.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.encrypt.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :encrypt, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
generate_random_bytes(request, options = nil) { |response, operation| ... } click to toggle source

Generate random bytes using the Cloud KMS randomness source in the provided location.

@overload generate_random_bytes(request, options = nil)

Pass arguments to `generate_random_bytes` via a request object, either of type
{::Google::Cloud::Kms::V1::GenerateRandomBytesRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::GenerateRandomBytesRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload generate_random_bytes(location: nil, length_bytes: nil, protection_level: nil)

Pass arguments to `generate_random_bytes` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param location [::String]
  The project-specific location in which to generate random bytes.
  For example, "projects/my-project/locations/us-central1".
@param length_bytes [::Integer]
  The length in bytes of the amount of randomness to retrieve.  Minimum 8
  bytes, maximum 1024 bytes.
@param protection_level [::Google::Cloud::Kms::V1::ProtectionLevel]
  The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} to use when generating the random data. Defaults to
  {::Google::Cloud::Kms::V1::ProtectionLevel::SOFTWARE SOFTWARE}.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::Kms::V1::GenerateRandomBytesResponse] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::Kms::V1::GenerateRandomBytesResponse]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 2405
def generate_random_bytes request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::GenerateRandomBytesRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.generate_random_bytes.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "location" => request.location
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.generate_random_bytes.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.generate_random_bytes.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :generate_random_bytes, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
get_crypto_key(request, options = nil) { |response, operation| ... } click to toggle source

Returns metadata for a given {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}, as well as its {::Google::Cloud::Kms::V1::CryptoKey#primary primary} {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.

@overload get_crypto_key(request, options = nil)

Pass arguments to `get_crypto_key` via a request object, either of type
{::Google::Cloud::Kms::V1::GetCryptoKeyRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::GetCryptoKeyRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload get_crypto_key(name: nil)

Pass arguments to `get_crypto_key` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param name [::String]
  Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to get.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::Kms::V1::CryptoKey] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::Kms::V1::CryptoKey]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 722
def get_crypto_key request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::GetCryptoKeyRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.get_crypto_key.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "name" => request.name
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.get_crypto_key.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.get_crypto_key.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :get_crypto_key, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
get_crypto_key_version(request, options = nil) { |response, operation| ... } click to toggle source

Returns metadata for a given {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.

@overload get_crypto_key_version(request, options = nil)

Pass arguments to `get_crypto_key_version` via a request object, either of type
{::Google::Cloud::Kms::V1::GetCryptoKeyVersionRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::GetCryptoKeyVersionRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload get_crypto_key_version(name: nil)

Pass arguments to `get_crypto_key_version` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param name [::String]
  Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to get.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::Kms::V1::CryptoKeyVersion]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 790
def get_crypto_key_version request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::GetCryptoKeyVersionRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.get_crypto_key_version.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "name" => request.name
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.get_crypto_key_version.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.get_crypto_key_version.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :get_crypto_key_version, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
get_import_job(request, options = nil) { |response, operation| ... } click to toggle source

Returns metadata for a given {::Google::Cloud::Kms::V1::ImportJob ImportJob}.

@overload get_import_job(request, options = nil)

Pass arguments to `get_import_job` via a request object, either of type
{::Google::Cloud::Kms::V1::GetImportJobRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::GetImportJobRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload get_import_job(name: nil)

Pass arguments to `get_import_job` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param name [::String]
  Required. The {::Google::Cloud::Kms::V1::ImportJob#name name} of the {::Google::Cloud::Kms::V1::ImportJob ImportJob} to get.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::Kms::V1::ImportJob] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::Kms::V1::ImportJob]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 930
def get_import_job request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::GetImportJobRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.get_import_job.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "name" => request.name
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.get_import_job.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.get_import_job.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :get_import_job, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
get_key_ring(request, options = nil) { |response, operation| ... } click to toggle source

Returns metadata for a given {::Google::Cloud::Kms::V1::KeyRing KeyRing}.

@overload get_key_ring(request, options = nil)

Pass arguments to `get_key_ring` via a request object, either of type
{::Google::Cloud::Kms::V1::GetKeyRingRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::GetKeyRingRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload get_key_ring(name: nil)

Pass arguments to `get_key_ring` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param name [::String]
  Required. The {::Google::Cloud::Kms::V1::KeyRing#name name} of the {::Google::Cloud::Kms::V1::KeyRing KeyRing} to get.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::Kms::V1::KeyRing] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::Kms::V1::KeyRing]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 653
def get_key_ring request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::GetKeyRingRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.get_key_ring.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "name" => request.name
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.get_key_ring.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.get_key_ring.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :get_key_ring, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
get_public_key(request, options = nil) { |response, operation| ... } click to toggle source

Returns the public key for the given {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. The {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} must be {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ASYMMETRIC_SIGN ASYMMETRIC_SIGN} or {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ASYMMETRIC_DECRYPT ASYMMETRIC_DECRYPT}.

@overload get_public_key(request, options = nil)

Pass arguments to `get_public_key` via a request object, either of type
{::Google::Cloud::Kms::V1::GetPublicKeyRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::GetPublicKeyRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload get_public_key(name: nil)

Pass arguments to `get_public_key` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param name [::String]
  Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} public key to
  get.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::Kms::V1::PublicKey] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::Kms::V1::PublicKey]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 862
def get_public_key request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::GetPublicKeyRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.get_public_key.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "name" => request.name
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.get_public_key.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.get_public_key.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :get_public_key, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
import_crypto_key_version(request, options = nil) { |response, operation| ... } click to toggle source

Import wrapped key material into a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.

All requests must specify a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}. If a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} is additionally specified in the request, key material will be reimported into that version. Otherwise, a new version will be created, and will be assigned the next sequential id within the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}.

@overload import_crypto_key_version(request, options = nil)

Pass arguments to `import_crypto_key_version` via a request object, either of type
{::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload import_crypto_key_version(parent: nil, crypto_key_version: nil, algorithm: nil, import_job: nil, rsa_aes_wrapped_key: nil)

Pass arguments to `import_crypto_key_version` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param parent [::String]
  Required. The {::Google::Cloud::Kms::V1::CryptoKey#name name} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to be imported into.

  The create permission is only required on this key when creating a new
  {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}.
@param crypto_key_version [::String]
  Optional. The optional {::Google::Cloud::Kms::V1::CryptoKeyVersion#name name} of an existing
  {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to target for an import operation.
  If this field is not present, a new {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} containing the
  supplied key material is created.

  If this field is present, the supplied key material is imported into
  the existing {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}. To import into an existing
  {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}, the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} must be a child of
  {::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest#parent ImportCryptoKeyVersionRequest.parent}, have been previously created via
  [ImportCryptoKeyVersion][], and be in
  {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROYED DESTROYED} or
  {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::IMPORT_FAILED IMPORT_FAILED}
  state. The key material and algorithm must match the previous
  {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} exactly if the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} has ever contained
  key material.
@param algorithm [::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm]
  Required. The {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionAlgorithm algorithm} of
  the key being imported. This does not need to match the
  {::Google::Cloud::Kms::V1::CryptoKey#version_template version_template} of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} this
  version imports into.
@param import_job [::String]
  Required. The {::Google::Cloud::Kms::V1::ImportJob#name name} of the {::Google::Cloud::Kms::V1::ImportJob ImportJob} that was used to
  wrap this key material.
@param rsa_aes_wrapped_key [::String]
  Wrapped key material produced with
  {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_3072_SHA1_AES_256 RSA_OAEP_3072_SHA1_AES_256}
  or
  {::Google::Cloud::Kms::V1::ImportJob::ImportMethod::RSA_OAEP_4096_SHA1_AES_256 RSA_OAEP_4096_SHA1_AES_256}.

  This field contains the concatenation of two wrapped keys:
  <ol>
    <li>An ephemeral AES-256 wrapping key wrapped with the
        {::Google::Cloud::Kms::V1::ImportJob#public_key public_key} using RSAES-OAEP with SHA-1,
        MGF1 with SHA-1, and an empty label.
    </li>
    <li>The key to be imported, wrapped with the ephemeral AES-256 key
        using AES-KWP (RFC 5649).
    </li>
  </ol>

  If importing symmetric key material, it is expected that the unwrapped
  key contains plain bytes. If importing asymmetric key material, it is
  expected that the unwrapped key is in PKCS#8-encoded DER format (the
  PrivateKeyInfo structure from RFC 5208).

  This format is the same as the format produced by PKCS#11 mechanism
  CKM_RSA_AES_KEY_WRAP.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::Kms::V1::CryptoKeyVersion]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 1287
def import_crypto_key_version request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::ImportCryptoKeyVersionRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.import_crypto_key_version.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "parent" => request.parent
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.import_crypto_key_version.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.import_crypto_key_version.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :import_crypto_key_version, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
list_crypto_key_versions(request, options = nil) { |response, operation| ... } click to toggle source

Lists {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions}.

@overload list_crypto_key_versions(request, options = nil)

Pass arguments to `list_crypto_key_versions` via a request object, either of type
{::Google::Cloud::Kms::V1::ListCryptoKeyVersionsRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::ListCryptoKeyVersionsRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload list_crypto_key_versions(parent: nil, page_size: nil, page_token: nil, view: nil, filter: nil, order_by: nil)

Pass arguments to `list_crypto_key_versions` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param parent [::String]
  Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to list, in the format
  `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
@param page_size [::Integer]
  Optional. Optional limit on the number of {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} to
  include in the response. Further {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersions} can
  subsequently be obtained by including the
  {::Google::Cloud::Kms::V1::ListCryptoKeyVersionsResponse#next_page_token ListCryptoKeyVersionsResponse.next_page_token} in a subsequent request.
  If unspecified, the server will pick an appropriate default.
@param page_token [::String]
  Optional. Optional pagination token, returned earlier via
  {::Google::Cloud::Kms::V1::ListCryptoKeyVersionsResponse#next_page_token ListCryptoKeyVersionsResponse.next_page_token}.
@param view [::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionView]
  The fields to include in the response.
@param filter [::String]
  Optional. Only include resources that match the filter in the response. For
  more information, see
  [Sorting and filtering list
  results](https://cloud.google.com/kms/docs/sorting-and-filtering).
@param order_by [::String]
  Optional. Specify how the results should be sorted. If not specified, the
  results will be sorted in the default order. For more information, see
  [Sorting and filtering list
  results](https://cloud.google.com/kms/docs/sorting-and-filtering).

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::CryptoKeyVersion>] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::CryptoKeyVersion>]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 496
def list_crypto_key_versions request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::ListCryptoKeyVersionsRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.list_crypto_key_versions.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "parent" => request.parent
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.list_crypto_key_versions.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.list_crypto_key_versions.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :list_crypto_key_versions, request, options: options do |response, operation|
    response = ::Gapic::PagedEnumerable.new @key_management_service_stub, :list_crypto_key_versions, request, response, operation, options
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
list_crypto_keys(request, options = nil) { |response, operation| ... } click to toggle source

Lists {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys}.

@overload list_crypto_keys(request, options = nil)

Pass arguments to `list_crypto_keys` via a request object, either of type
{::Google::Cloud::Kms::V1::ListCryptoKeysRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::ListCryptoKeysRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload list_crypto_keys(parent: nil, page_size: nil, page_token: nil, version_view: nil, filter: nil, order_by: nil)

Pass arguments to `list_crypto_keys` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param parent [::String]
  Required. The resource name of the {::Google::Cloud::Kms::V1::KeyRing KeyRing} to list, in the format
  `projects/*/locations/*/keyRings/*`.
@param page_size [::Integer]
  Optional. Optional limit on the number of {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} to include in the
  response.  Further {::Google::Cloud::Kms::V1::CryptoKey CryptoKeys} can subsequently be obtained by
  including the {::Google::Cloud::Kms::V1::ListCryptoKeysResponse#next_page_token ListCryptoKeysResponse.next_page_token} in a subsequent
  request.  If unspecified, the server will pick an appropriate default.
@param page_token [::String]
  Optional. Optional pagination token, returned earlier via
  {::Google::Cloud::Kms::V1::ListCryptoKeysResponse#next_page_token ListCryptoKeysResponse.next_page_token}.
@param version_view [::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionView]
  The fields of the primary version to include in the response.
@param filter [::String]
  Optional. Only include resources that match the filter in the response. For
  more information, see
  [Sorting and filtering list
  results](https://cloud.google.com/kms/docs/sorting-and-filtering).
@param order_by [::String]
  Optional. Specify how the results should be sorted. If not specified, the
  results will be sorted in the default order. For more information, see
  [Sorting and filtering list
  results](https://cloud.google.com/kms/docs/sorting-and-filtering).

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::CryptoKey>] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::CryptoKey>]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 405
def list_crypto_keys request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::ListCryptoKeysRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.list_crypto_keys.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "parent" => request.parent
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.list_crypto_keys.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.list_crypto_keys.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :list_crypto_keys, request, options: options do |response, operation|
    response = ::Gapic::PagedEnumerable.new @key_management_service_stub, :list_crypto_keys, request, response, operation, options
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
list_import_jobs(request, options = nil) { |response, operation| ... } click to toggle source

Lists {::Google::Cloud::Kms::V1::ImportJob ImportJobs}.

@overload list_import_jobs(request, options = nil)

Pass arguments to `list_import_jobs` via a request object, either of type
{::Google::Cloud::Kms::V1::ListImportJobsRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::ListImportJobsRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload list_import_jobs(parent: nil, page_size: nil, page_token: nil, filter: nil, order_by: nil)

Pass arguments to `list_import_jobs` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param parent [::String]
  Required. The resource name of the {::Google::Cloud::Kms::V1::KeyRing KeyRing} to list, in the format
  `projects/*/locations/*/keyRings/*`.
@param page_size [::Integer]
  Optional. Optional limit on the number of {::Google::Cloud::Kms::V1::ImportJob ImportJobs} to include in the
  response. Further {::Google::Cloud::Kms::V1::ImportJob ImportJobs} can subsequently be obtained by
  including the {::Google::Cloud::Kms::V1::ListImportJobsResponse#next_page_token ListImportJobsResponse.next_page_token} in a subsequent
  request. If unspecified, the server will pick an appropriate default.
@param page_token [::String]
  Optional. Optional pagination token, returned earlier via
  {::Google::Cloud::Kms::V1::ListImportJobsResponse#next_page_token ListImportJobsResponse.next_page_token}.
@param filter [::String]
  Optional. Only include resources that match the filter in the response. For
  more information, see
  [Sorting and filtering list
  results](https://cloud.google.com/kms/docs/sorting-and-filtering).
@param order_by [::String]
  Optional. Specify how the results should be sorted. If not specified, the
  results will be sorted in the default order. For more information, see
  [Sorting and filtering list
  results](https://cloud.google.com/kms/docs/sorting-and-filtering).

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::ImportJob>] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::ImportJob>]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 584
def list_import_jobs request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::ListImportJobsRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.list_import_jobs.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "parent" => request.parent
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.list_import_jobs.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.list_import_jobs.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :list_import_jobs, request, options: options do |response, operation|
    response = ::Gapic::PagedEnumerable.new @key_management_service_stub, :list_import_jobs, request, response, operation, options
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
list_key_rings(request, options = nil) { |response, operation| ... } click to toggle source

Lists {::Google::Cloud::Kms::V1::KeyRing KeyRings}.

@overload list_key_rings(request, options = nil)

Pass arguments to `list_key_rings` via a request object, either of type
{::Google::Cloud::Kms::V1::ListKeyRingsRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::ListKeyRingsRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload list_key_rings(parent: nil, page_size: nil, page_token: nil, filter: nil, order_by: nil)

Pass arguments to `list_key_rings` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param parent [::String]
  Required. The resource name of the location associated with the
  {::Google::Cloud::Kms::V1::KeyRing KeyRings}, in the format `projects/*/locations/*`.
@param page_size [::Integer]
  Optional. Optional limit on the number of {::Google::Cloud::Kms::V1::KeyRing KeyRings} to include in the
  response.  Further {::Google::Cloud::Kms::V1::KeyRing KeyRings} can subsequently be obtained by
  including the {::Google::Cloud::Kms::V1::ListKeyRingsResponse#next_page_token ListKeyRingsResponse.next_page_token} in a subsequent
  request.  If unspecified, the server will pick an appropriate default.
@param page_token [::String]
  Optional. Optional pagination token, returned earlier via
  {::Google::Cloud::Kms::V1::ListKeyRingsResponse#next_page_token ListKeyRingsResponse.next_page_token}.
@param filter [::String]
  Optional. Only include resources that match the filter in the response. For
  more information, see
  [Sorting and filtering list
  results](https://cloud.google.com/kms/docs/sorting-and-filtering).
@param order_by [::String]
  Optional. Specify how the results should be sorted. If not specified, the
  results will be sorted in the default order.  For more information, see
  [Sorting and filtering list
  results](https://cloud.google.com/kms/docs/sorting-and-filtering).

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::KeyRing>] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Gapic::PagedEnumerable<::Google::Cloud::Kms::V1::KeyRing>]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 315
def list_key_rings request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::ListKeyRingsRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.list_key_rings.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "parent" => request.parent
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.list_key_rings.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.list_key_rings.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :list_key_rings, request, options: options do |response, operation|
    response = ::Gapic::PagedEnumerable.new @key_management_service_stub, :list_key_rings, request, response, operation, options
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
mac_sign(request, options = nil) { |response, operation| ... } click to toggle source

Signs data using a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} MAC, producing a tag that can be verified by another source with the same key.

@overload mac_sign(request, options = nil)

Pass arguments to `mac_sign` via a request object, either of type
{::Google::Cloud::Kms::V1::MacSignRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::MacSignRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload mac_sign(name: nil, data: nil, data_crc32c: nil)

Pass arguments to `mac_sign` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param name [::String]
  Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for signing.
@param data [::String]
  Required. The data to sign. The MAC tag is computed over this data field based on
  the specific algorithm.
@param data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
  Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}. If
  specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
  received {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} using this checksum.
  {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
  fails. If you receive a checksum error, your client should verify that
  CRC32C({::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data}) is equal to
  {::Google::Cloud::Kms::V1::MacSignRequest#data_crc32c MacSignRequest.data_crc32c}, and if so, perform a limited
  number of retries. A persistent mismatch may indicate an issue in your
  computation of the CRC32C checksum.
  Note: This field is defined as int64 for reasons of compatibility across
  different languages. However, it is a non-negative integer, which will
  never exceed 2^32-1, and can be safely downconverted to uint32 in languages
  that support this type.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::Kms::V1::MacSignResponse] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::Kms::V1::MacSignResponse]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 2226
def mac_sign request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::MacSignRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.mac_sign.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "name" => request.name
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.mac_sign.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.mac_sign.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :mac_sign, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
mac_verify(request, options = nil) { |response, operation| ... } click to toggle source

Verifies MAC tag using a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with {::Google::Cloud::Kms::V1::CryptoKey#purpose CryptoKey.purpose} MAC, and returns a response that indicates whether or not the verification was successful.

@overload mac_verify(request, options = nil)

Pass arguments to `mac_verify` via a request object, either of type
{::Google::Cloud::Kms::V1::MacVerifyRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::MacVerifyRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload mac_verify(name: nil, data: nil, data_crc32c: nil, mac: nil, mac_crc32c: nil)

Pass arguments to `mac_verify` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param name [::String]
  Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for verification.
@param data [::String]
  Required. The data used previously as a {::Google::Cloud::Kms::V1::MacSignRequest#data MacSignRequest.data} to generate the MAC
  tag.
@param data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
  Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data}. If
  specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
  received {::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data} using this checksum.
  {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
  fails. If you receive a checksum error, your client should verify that
  CRC32C({::Google::Cloud::Kms::V1::MacVerifyRequest#data MacVerifyRequest.data}) is equal to
  {::Google::Cloud::Kms::V1::MacVerifyRequest#data_crc32c MacVerifyRequest.data_crc32c}, and if so, perform a limited
  number of retries. A persistent mismatch may indicate an issue in your
  computation of the CRC32C checksum.
  Note: This field is defined as int64 for reasons of compatibility across
  different languages. However, it is a non-negative integer, which will
  never exceed 2^32-1, and can be safely downconverted to uint32 in languages
  that support this type.
@param mac [::String]
  Required. The signature to verify.
@param mac_crc32c [::Google::Protobuf::Int64Value, ::Hash]
  Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac}. If
  specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
  received {::Google::Cloud::Kms::V1::MacVerifyRequest#mac MacVerifyRequest.mac} using this checksum.
  {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
  fails. If you receive a checksum error, your client should verify that
  CRC32C([MacVerifyRequest.tag][]) is equal to
  {::Google::Cloud::Kms::V1::MacVerifyRequest#mac_crc32c MacVerifyRequest.mac_crc32c}, and if so, perform a limited
  number of retries. A persistent mismatch may indicate an issue in your
  computation of the CRC32C checksum.
  Note: This field is defined as int64 for reasons of compatibility across
  different languages. However, it is a non-negative integer, which will
  never exceed 2^32-1, and can be safely downconverted to uint32 in languages
  that support this type.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::Kms::V1::MacVerifyResponse] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::Kms::V1::MacVerifyResponse]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 2329
def mac_verify request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::MacVerifyRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.mac_verify.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "name" => request.name
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.mac_verify.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.mac_verify.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :mac_verify, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
restore_crypto_key_version(request, options = nil) { |response, operation| ... } click to toggle source

Restore a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} in the {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DESTROY_SCHEDULED DESTROY_SCHEDULED} state.

Upon restoration of the CryptoKeyVersion, {::Google::Cloud::Kms::V1::CryptoKeyVersion#state state} will be set to {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DISABLED DISABLED}, and {::Google::Cloud::Kms::V1::CryptoKeyVersion#destroy_time destroy_time} will be cleared.

@overload restore_crypto_key_version(request, options = nil)

Pass arguments to `restore_crypto_key_version` via a request object, either of type
{::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload restore_crypto_key_version(name: nil)

Pass arguments to `restore_crypto_key_version` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param name [::String]
  Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to restore.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::Kms::V1::CryptoKeyVersion]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 1736
def restore_crypto_key_version request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::RestoreCryptoKeyVersionRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.restore_crypto_key_version.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "name" => request.name
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.restore_crypto_key_version.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.restore_crypto_key_version.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :restore_crypto_key_version, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
update_crypto_key(request, options = nil) { |response, operation| ... } click to toggle source

Update a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey}.

@overload update_crypto_key(request, options = nil)

Pass arguments to `update_crypto_key` via a request object, either of type
{::Google::Cloud::Kms::V1::UpdateCryptoKeyRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::UpdateCryptoKeyRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload update_crypto_key(crypto_key: nil, update_mask: nil)

Pass arguments to `update_crypto_key` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param crypto_key [::Google::Cloud::Kms::V1::CryptoKey, ::Hash]
  Required. {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} with updated values.
@param update_mask [::Google::Protobuf::FieldMask, ::Hash]
  Required. List of fields to be updated in this request.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::Kms::V1::CryptoKey] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::Kms::V1::CryptoKey]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 1433
def update_crypto_key request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::UpdateCryptoKeyRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.update_crypto_key.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "crypto_key.name" => request.crypto_key.name
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.update_crypto_key.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.update_crypto_key.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :update_crypto_key, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
update_crypto_key_primary_version(request, options = nil) { |response, operation| ... } click to toggle source

Update the version of a {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} that will be used in {::Google::Cloud::Kms::V1::KeyManagementService::Client#encrypt Encrypt}.

Returns an error if called on a key whose purpose is not {::Google::Cloud::Kms::V1::CryptoKey::CryptoKeyPurpose::ENCRYPT_DECRYPT ENCRYPT_DECRYPT}.

@overload update_crypto_key_primary_version(request, options = nil)

Pass arguments to `update_crypto_key_primary_version` via a request object, either of type
{::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload update_crypto_key_primary_version(name: nil, crypto_key_version_id: nil)

Pass arguments to `update_crypto_key_primary_version` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param name [::String]
  Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKey CryptoKey} to update.
@param crypto_key_version_id [::String]
  Required. The id of the child {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use as primary.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::Kms::V1::CryptoKey] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::Kms::V1::CryptoKey]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 1582
def update_crypto_key_primary_version request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::UpdateCryptoKeyPrimaryVersionRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.update_crypto_key_primary_version.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "name" => request.name
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.update_crypto_key_primary_version.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.update_crypto_key_primary_version.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :update_crypto_key_primary_version, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end
update_crypto_key_version(request, options = nil) { |response, operation| ... } click to toggle source

Update a {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion}'s metadata.

{::Google::Cloud::Kms::V1::CryptoKeyVersion#state state} may be changed between {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::ENABLED ENABLED} and {::Google::Cloud::Kms::V1::CryptoKeyVersion::CryptoKeyVersionState::DISABLED DISABLED} using this method. See {::Google::Cloud::Kms::V1::KeyManagementService::Client#destroy_crypto_key_version DestroyCryptoKeyVersion} and {::Google::Cloud::Kms::V1::KeyManagementService::Client#restore_crypto_key_version RestoreCryptoKeyVersion} to move between other states.

@overload update_crypto_key_version(request, options = nil)

Pass arguments to `update_crypto_key_version` via a request object, either of type
{::Google::Cloud::Kms::V1::UpdateCryptoKeyVersionRequest} or an equivalent Hash.

@param request [::Google::Cloud::Kms::V1::UpdateCryptoKeyVersionRequest, ::Hash]
  A request object representing the call parameters. Required. To specify no
  parameters, or to keep all the default parameter values, pass an empty Hash.
@param options [::Gapic::CallOptions, ::Hash]
  Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.

@overload update_crypto_key_version(crypto_key_version: nil, update_mask: nil)

Pass arguments to `update_crypto_key_version` via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).

@param crypto_key_version [::Google::Cloud::Kms::V1::CryptoKeyVersion, ::Hash]
  Required. {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} with updated values.
@param update_mask [::Google::Protobuf::FieldMask, ::Hash]
  Required. List of fields to be updated in this request.

@yield [response, operation] Access the result along with the RPC operation @yieldparam response [::Google::Cloud::Kms::V1::CryptoKeyVersion] @yieldparam operation [::GRPC::ActiveCall::Operation]

@return [::Google::Cloud::Kms::V1::CryptoKeyVersion]

@raise [::Google::Cloud::Error] if the RPC is aborted.

# File lib/google/cloud/kms/v1/key_management_service/client.rb, line 1509
def update_crypto_key_version request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::Kms::V1::UpdateCryptoKeyVersionRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  metadata = @config.rpcs.update_crypto_key_version.metadata.to_h

  # Set x-goog-api-client and x-goog-user-project headers
  metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::Kms::V1::VERSION
  metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  header_params = {
    "crypto_key_version.name" => request.crypto_key_version.name
  }
  request_params_header = header_params.map { |k, v| "#{k}=#{v}" }.join("&")
  metadata[:"x-goog-request-params"] ||= request_params_header

  options.apply_defaults timeout:      @config.rpcs.update_crypto_key_version.timeout,
                         metadata:     metadata,
                         retry_policy: @config.rpcs.update_crypto_key_version.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @key_management_service_stub.call_rpc :update_crypto_key_version, request, options: options do |response, operation|
    yield response, operation if block_given?
    return response
  end
rescue ::GRPC::BadStatus => e
  raise ::Google::Cloud::Error.from_error(e)
end