Google Cloud Key Management Service v1 API - Enum EkmConnection.Types.KeyManagementMode (3.18.0)

All [CryptoKeys][google.cloud.kms.v1.CryptoKey] created with this [EkmConnection][google.cloud.kms.v1.EkmConnection] use EKM-side key management operations initiated from Cloud KMS. This means that:

• When a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] associated with this [EkmConnection][google.cloud.kms.v1.EkmConnection] is created, the EKM automatically generates new key material and a new key path. The caller cannot supply the key path of pre-existing external key material.
• Destruction of external key material associated with this [EkmConnection][google.cloud.kms.v1.EkmConnection] can be requested by calling [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion].
• Automatic rotation of key material is supported.

EKM-side key management operations on [CryptoKeys][google.cloud.kms.v1.CryptoKey] created with this [EkmConnection][google.cloud.kms.v1.EkmConnection] must be initiated from the EKM directly and cannot be performed from Cloud KMS. This means that:

• When creating a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] associated with this [EkmConnection][google.cloud.kms.v1.EkmConnection], the caller must supply the key path of pre-existing external key material that will be linked to the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
• Destruction of external key material cannot be requested via the Cloud KMS API and must be performed directly in the EKM.
• Automatic rotation of key material is not supported.

Not specified.