class Google::Apis::DlpV2::GooglePrivacyDlpV2CryptoKey

This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK.

Attributes

kms_wrapped[RW]

Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https:// cloud.google.com/kms/pricing). Corresponds to the JSON property `kmsWrapped` @return [Google::Apis::DlpV2::GooglePrivacyDlpV2KmsWrappedCryptoKey]

transient[RW]

Use this to have a random data crypto key generated. It will be discarded after the request finishes. Corresponds to the JSON property `transient` @return [Google::Apis::DlpV2::GooglePrivacyDlpV2TransientCryptoKey]

unwrapped[RW]

Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Corresponds to the JSON property `unwrapped` @return [Google::Apis::DlpV2::GooglePrivacyDlpV2UnwrappedCryptoKey]

Public Class Methods

new(**args) click to toggle source
# File lib/google/apis/dlp_v2/classes.rb, line 1379
def initialize(**args)
   update!(**args)
end

Public Instance Methods

update!(**args) click to toggle source

Update properties of this object

# File lib/google/apis/dlp_v2/classes.rb, line 1384
def update!(**args)
  @kms_wrapped = args[:kms_wrapped] if args.key?(:kms_wrapped)
  @transient = args[:transient] if args.key?(:transient)
  @unwrapped = args[:unwrapped] if args.key?(:unwrapped)
end