public sealed class CustomerManagedEncryption : IMessage<CustomerManagedEncryption>, IEquatable<CustomerManagedEncryption>, IDeepCloneable<CustomerManagedEncryption>, IBufferMessage, IMessage
Reference documentation and code samples for the Secret Manager v1 API class CustomerManagedEncryption.
Configuration for encrypting secret payloads using customer-managed
encryption keys (CMEK).
Required. The resource name of the Cloud KMS CryptoKey used to encrypt
secret payloads.
For secrets using the
[UserManaged][google.cloud.secretmanager.v1.Replication.UserManaged]
replication policy type, Cloud KMS CryptoKeys must reside in the same
location as the [replica location][Secret.UserManaged.Replica.location].
For secrets using the
[Automatic][google.cloud.secretmanager.v1.Replication.Automatic]
replication policy type, Cloud KMS CryptoKeys must reside in global.
The expected format is projects/*/locations/*/keyRings/*/cryptoKeys/*.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThis documentation covers the \u003ccode\u003eCustomerManagedEncryption\u003c/code\u003e class within the Google Cloud Secret Manager v1 API, which is used for configuring encryption of secret payloads with customer-managed encryption keys (CMEK).\u003c/p\u003e\n"],["\u003cp\u003eThe latest version of the \u003ccode\u003eCustomerManagedEncryption\u003c/code\u003e class is 2.5.0, and the documentation provides details on multiple versions, from 1.3.0 to 2.5.0.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eCustomerManagedEncryption\u003c/code\u003e class inherits from \u003ccode\u003eObject\u003c/code\u003e and implements interfaces such as \u003ccode\u003eIMessage\u003c/code\u003e, \u003ccode\u003eIEquatable\u003c/code\u003e, \u003ccode\u003eIDeepCloneable\u003c/code\u003e, and \u003ccode\u003eIBufferMessage\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eKmsKeyName\u003c/code\u003e property, which is a required field, specifies the resource name of the Cloud KMS CryptoKey used for encryption, and its location must align with the secret's replication policy.\u003c/p\u003e\n"],["\u003cp\u003eThe class includes constructors for creating new \u003ccode\u003eCustomerManagedEncryption\u003c/code\u003e objects, both with default values and by cloning existing instances.\u003c/p\u003e\n"]]],[],null,[]]
