class Google::Cloud::Bigtable::EncryptionInfo

# EncryptionInfo

Encryption information for a given resource.

See {Backup#encryption_info} and {Table::ClusterState#encryption_infos}.

@example

require "google/cloud/bigtable"

bigtable = Google::Cloud::Bigtable.new
instance = bigtable.instance "my-instance"
cluster = instance.cluster "my-cluster"

backup = cluster.backup "my-backup"

encryption_info = backup.encryption_info
encryption_info.encryption_type #=> :GOOGLE_DEFAULT_ENCRYPTION

@example Retrieve a table with cluster states containing encryption info.

require "google/cloud/bigtable"

bigtable = Google::Cloud::Bigtable.new

table = bigtable.table "my-instance", "my-table", view: :ENCRYPTION_VIEW, perform_lookup: true

table.cluster_states.each do |cs|
  puts cs.cluster_name
  puts cs.encryption_infos.first.encryption_type
end

Public Class Methods

from_grpc(grpc) click to toggle source

@private

Creates a new EncryptionInfo instance from a Google::Cloud::Bigtable::Admin::V2::EncryptionInfo.

@param grpc [Google::Cloud::Bigtable::Admin::V2::EncryptionInfo] @return [Google::Cloud::Bigtable::EncryptionInfo]

# File lib/google/cloud/bigtable/encryption_info.rb, line 112
def self.from_grpc grpc
  new grpc
end
new(grpc) click to toggle source

@private

Creates a new EncryptionInfo instance.

# File lib/google/cloud/bigtable/encryption_info.rb, line 58
def initialize grpc
  @grpc = grpc
end

Public Instance Methods

encryption_status() click to toggle source

The status of encrypt/decrypt calls on underlying data for the resource. Regardless of status, the existing data is always encrypted at rest.

See also {#encryption_type}, {#kms_key_version} and {Instance::ClusterMap#add}.

@return [Google::Cloud::Bigtable::Status, nil] The encryption status object, or `nil` if not present.

# File lib/google/cloud/bigtable/encryption_info.rb, line 89
def encryption_status
  status_grpc = @grpc.encryption_status
  Status.from_grpc status_grpc if status_grpc
end
encryption_type() click to toggle source

The type of encryption used to protect the resource. Possible values:

  • `ENCRYPTION_TYPE_UNSPECIFIED` - Encryption type was not specified, though data at rest remains encrypted.

  • `GOOGLE_DEFAULT_ENCRYPTION` - The data backing the resource is encrypted at rest with a key that is fully managed by Google. No key version or status will be populated. This is the default state.

  • `CUSTOMER_MANAGED_ENCRYPTION` - The data backing the resource is encrypted at rest with a key that is managed by the customer. The in-use version of the key and its status are populated for CMEK-protected tables. CMEK-protected backups are pinned to the key version that was in use at the time the backup was taken. This key version is populated but its status is not tracked and is reported as `UNKNOWN`.

See also {#encryption_status}, {#kms_key_version} and {Instance::ClusterMap#add}.

@return [Symbol] The encryption type code as an uppercase symbol.

# File lib/google/cloud/bigtable/encryption_info.rb, line 77
def encryption_type
  @grpc.encryption_type
end
kms_key_version() click to toggle source

The version of the Cloud KMS key specified in the parent cluster that is in use for the data underlying the table.

See also {#encryption_type}, {#encryption_status} and {Instance::ClusterMap#add}.

@return [String, nil] The Cloud KMS key version, or `nil` if not present.

# File lib/google/cloud/bigtable/encryption_info.rb, line 102
def kms_key_version
  @grpc.kms_key_version unless @grpc.kms_key_version.empty?
end