class Google::Apis::DlpV2::GooglePrivacyDlpV2CryptoKey
This is a data encryption key (DEK) (as opposed to a key encryption key (KEK) stored by Cloud Key Management Service (Cloud KMS). When using Cloud KMS to wrap or unwrap a DEK, be sure to set an appropriate IAM policy on the KEK to ensure an attacker cannot unwrap the DEK.
Attributes
Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt For more information, see [Creating a wrapped key] (cloud.google.com/dlp/docs/create-wrapped-key). Note: When you use Cloud KMS for cryptographic operations, [charges apply](https:// cloud.google.com/kms/pricing). Corresponds to the JSON property `kmsWrapped` @return [Google::Apis::DlpV2::GooglePrivacyDlpV2KmsWrappedCryptoKey]
Use this to have a random data crypto key generated. It will be discarded after the request finishes. Corresponds to the JSON property `transient` @return [Google::Apis::DlpV2::GooglePrivacyDlpV2TransientCryptoKey]
Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Corresponds to the JSON property `unwrapped` @return [Google::Apis::DlpV2::GooglePrivacyDlpV2UnwrappedCryptoKey]
Public Class Methods
# File lib/google/apis/dlp_v2/classes.rb, line 1379 def initialize(**args) update!(**args) end
Public Instance Methods
Update properties of this object
# File lib/google/apis/dlp_v2/classes.rb, line 1384 def update!(**args) @kms_wrapped = args[:kms_wrapped] if args.key?(:kms_wrapped) @transient = args[:transient] if args.key?(:transient) @unwrapped = args[:unwrapped] if args.key?(:unwrapped) end