Manages keys and performs cryptographic operations in a central cloud service, for direct use by other cloud resources and applications.
- REST Resource: v1.folders
- REST Resource: v1.organizations
- REST Resource: v1.projects
- REST Resource: v1.projects.locations
- REST Resource: v1.projects.locations.ekmConfig
- REST Resource: v1.projects.locations.ekmConnections
- REST Resource: v1.projects.locations.keyHandles
- REST Resource: v1.projects.locations.keyRings
- REST Resource: v1.projects.locations.keyRings.cryptoKeys
- REST Resource: v1.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions
- REST Resource: v1.projects.locations.keyRings.importJobs
- REST Resource: v1.projects.locations.operations
Service: cloudkms.googleapis.com
To call this service, we recommend that you use the Google-provided client libraries. If your application needs to use your own libraries to call this service, use the following information when you make the API requests.
Discovery document
A Discovery Document is a machine-readable specification for describing and consuming REST APIs. It is used to build client libraries, IDE plugins, and other tools that interact with Google APIs. One service may provide multiple discovery documents. This service provides the following discovery document:
Service endpoint
A service endpoint is a base URL that specifies the network address of an API service. One service might have multiple service endpoints. This service has the following service endpoint and all URIs below are relative to this service endpoint:
https://cloudkms.s3nsapis.fr
Regional service endpoint
A regional service endpoint is a base URL that specifies the network address of an API service in a single region. A service that is available in multiple regions might have multiple regional endpoints. Select a location to see its regional service endpoint for this service.
REST Resource: v1.folders
| Methods | |
|---|---|
getAutokeyConfig |
The method google.cloud.kms.v1.AutokeyAdmin.GetAutokeyConfig is not available in Trusted Cloud by S3NS. |
getKajPolicyConfig |
The method google.cloud.kms.v1.KeyAccessJustificationsConfig.GetKeyAccessJustificationsPolicyConfig is not available in Trusted Cloud by S3NS. |
updateAutokeyConfig |
The method google.cloud.kms.v1.AutokeyAdmin.UpdateAutokeyConfig is not available in Trusted Cloud by S3NS. |
updateKajPolicyConfig |
The method google.cloud.kms.v1.KeyAccessJustificationsConfig.UpdateKeyAccessJustificationsPolicyConfig is not available in Trusted Cloud by S3NS. |
REST Resource: v1.organizations
| Methods | |
|---|---|
getKajPolicyConfig |
The method google.cloud.kms.v1.KeyAccessJustificationsConfig.GetKeyAccessJustificationsPolicyConfig is not available in Trusted Cloud by S3NS. |
updateKajPolicyConfig |
The method google.cloud.kms.v1.KeyAccessJustificationsConfig.UpdateKeyAccessJustificationsPolicyConfig is not available in Trusted Cloud by S3NS. |
REST Resource: v1.projects
| Methods | |
|---|---|
getKajPolicyConfig |
The method google.cloud.kms.v1.KeyAccessJustificationsConfig.GetKeyAccessJustificationsPolicyConfig is not available in Trusted Cloud by S3NS. |
showEffectiveAutokeyConfig |
The method google.cloud.kms.v1.AutokeyAdmin.ShowEffectiveAutokeyConfig is not available in Trusted Cloud by S3NS. |
showEffectiveKeyAccessJustificationsEnrollmentConfig |
The method google.cloud.kms.v1.KeyAccessJustificationsConfig.ShowEffectiveKeyAccessJustificationsEnrollmentConfig is not available in Trusted Cloud by S3NS. |
showEffectiveKeyAccessJustificationsPolicyConfig |
The method google.cloud.kms.v1.KeyAccessJustificationsConfig.ShowEffectiveKeyAccessJustificationsPolicyConfig is not available in Trusted Cloud by S3NS. |
updateKajPolicyConfig |
The method google.cloud.kms.v1.KeyAccessJustificationsConfig.UpdateKeyAccessJustificationsPolicyConfig is not available in Trusted Cloud by S3NS. |
REST Resource: v1.projects.locations
| Methods | |
|---|---|
generateRandomBytes |
POST /v1/{location=projects/*/locations/*}:generateRandomBytes Generate random bytes using the Cloud KMS randomness source in the provided location. |
getEkmConfig |
GET /v1/{name=projects/*/locations/*/ekmConfig} Returns the EkmConfig singleton resource for a given project and location. |
updateEkmConfig |
PATCH /v1/{ekmConfig.name=projects/*/locations/*/ekmConfig} Updates the EkmConfig singleton resource for a given project and location. |
get |
The method google.cloud.location.Locations.GetLocation is not available in Trusted Cloud by S3NS. |
list |
The method google.cloud.location.Locations.ListLocations is not available in Trusted Cloud by S3NS. |
REST Resource: v1.projects.locations.ekmConfig
| Methods | |
|---|---|
getIamPolicy |
The method google.iam.v1.IAMPolicy.GetIamPolicy is not available in Trusted Cloud by S3NS. |
setIamPolicy |
The method google.iam.v1.IAMPolicy.SetIamPolicy is not available in Trusted Cloud by S3NS. |
testIamPermissions |
The method google.iam.v1.IAMPolicy.TestIamPermissions is not available in Trusted Cloud by S3NS. |
REST Resource: v1.projects.locations.ekmConnections
| Methods | |
|---|---|
create |
POST /v1/{parent=projects/*/locations/*}/ekmConnections Only EXTERNAL_VPC connections are supported. Creates a new EkmConnection in a given Project and Location. |
get |
GET /v1/{name=projects/*/locations/*/ekmConnections/*} Only EXTERNAL_VPC connections are supported. Returns metadata for a given EkmConnection. |
list |
GET /v1/{parent=projects/*/locations/*}/ekmConnections Only EXTERNAL_VPC connections are supported. Lists EkmConnections. |
patch |
PATCH /v1/{ekmConnection.name=projects/*/locations/*/ekmConnections/*} Only EXTERNAL_VPC connections are supported. Updates an EkmConnection's metadata. |
verifyConnectivity |
GET /v1/{name=projects/*/locations/*/ekmConnections/*}:verifyConnectivity Only EXTERNAL_VPC connections are supported. Verifies that Cloud KMS can successfully connect to the external key manager specified by an EkmConnection. |
getIamPolicy |
The method google.iam.v1.IAMPolicy.GetIamPolicy is not available in Trusted Cloud by S3NS. |
setIamPolicy |
The method google.iam.v1.IAMPolicy.SetIamPolicy is not available in Trusted Cloud by S3NS. |
testIamPermissions |
The method google.iam.v1.IAMPolicy.TestIamPermissions is not available in Trusted Cloud by S3NS. |
REST Resource: v1.projects.locations.keyHandles
| Methods | |
|---|---|
create |
The method google.cloud.kms.v1.Autokey.CreateKeyHandle is not available in Trusted Cloud by S3NS. |
get |
The method google.cloud.kms.v1.Autokey.GetKeyHandle is not available in Trusted Cloud by S3NS. |
list |
The method google.cloud.kms.v1.Autokey.ListKeyHandles is not available in Trusted Cloud by S3NS. |
REST Resource: v1.projects.locations.keyRings
| Methods | |
|---|---|
create |
POST /v1/{parent=projects/*/locations/*}/keyRings Create a new KeyRing in a given Project and Location. |
get |
GET /v1/{name=projects/*/locations/*/keyRings/*} Returns metadata for a given KeyRing. |
list |
GET /v1/{parent=projects/*/locations/*}/keyRings Lists KeyRings. |
getIamPolicy |
The method google.iam.v1.IAMPolicy.GetIamPolicy is not available in Trusted Cloud by S3NS. |
setIamPolicy |
The method google.iam.v1.IAMPolicy.SetIamPolicy is not available in Trusted Cloud by S3NS. |
testIamPermissions |
The method google.iam.v1.IAMPolicy.TestIamPermissions is not available in Trusted Cloud by S3NS. |
REST Resource: v1.projects.locations.keyRings.cryptoKeys
| Methods | |
|---|---|
create |
POST /v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys Create a new CryptoKey within a KeyRing. |
decrypt |
POST /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:decrypt Decrypts data that was protected by Encrypt. |
encrypt |
POST /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/**}:encrypt Encrypts data, so that it can only be recovered by a call to Decrypt. |
get |
GET /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*} Returns metadata for a given CryptoKey, as well as its primary CryptoKeyVersion. |
list |
GET /v1/{parent=projects/*/locations/*/keyRings/*}/cryptoKeys Lists CryptoKeys. |
patch |
PATCH /v1/{cryptoKey.name=projects/*/locations/*/keyRings/*/cryptoKeys/*} Update a CryptoKey. |
updatePrimaryVersion |
POST /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:updatePrimaryVersion Update the version of a CryptoKey that will be used in Encrypt. |
getIamPolicy |
The method google.iam.v1.IAMPolicy.GetIamPolicy is not available in Trusted Cloud by S3NS. |
setIamPolicy |
The method google.iam.v1.IAMPolicy.SetIamPolicy is not available in Trusted Cloud by S3NS. |
testIamPermissions |
The method google.iam.v1.IAMPolicy.TestIamPermissions is not available in Trusted Cloud by S3NS. |
REST Resource: v1.projects.locations.keyRings.cryptoKeys.cryptoKeyVersions
| Methods | |
|---|---|
asymmetricDecrypt |
POST /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:asymmetricDecrypt Decrypts data that was encrypted with a public key retrieved from GetPublicKey corresponding to a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_DECRYPT. |
asymmetricSign |
POST /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:asymmetricSign Signs data using a CryptoKeyVersion with CryptoKey.purpose ASYMMETRIC_SIGN, producing a signature that can be verified with the public key retrieved from GetPublicKey. |
create |
POST /v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions Create a new CryptoKeyVersion in a CryptoKey. |
destroy |
POST /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:destroy Schedule a CryptoKeyVersion for destruction. |
get |
GET /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*} Returns metadata for a given CryptoKeyVersion. |
getPublicKey |
GET /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}/publicKey Returns the public key for the given CryptoKeyVersion. |
import |
POST /v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions:import Import wrapped key material into a CryptoKeyVersion. |
list |
GET /v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions Lists CryptoKeyVersions. |
macSign |
POST /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:macSign Signs data using a CryptoKeyVersion with CryptoKey.purpose MAC, producing a tag that can be verified by another source with the same key. |
macVerify |
POST /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:macVerify Verifies MAC tag using a CryptoKeyVersion with CryptoKey.purpose MAC, and returns a response that indicates whether or not the verification was successful. |
patch |
PATCH /v1/{cryptoKeyVersion.name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*} Update a CryptoKeyVersion's metadata. |
rawDecrypt |
POST /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:rawDecrypt Decrypts data that was originally encrypted using a raw cryptographic mechanism. |
rawEncrypt |
POST /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:rawEncrypt Encrypts data using portable cryptographic primitives. |
restore |
POST /v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*}:restore Restore a CryptoKeyVersion in the DESTROY_SCHEDULED state. |
REST Resource: v1.projects.locations.keyRings.importJobs
| Methods | |
|---|---|
create |
POST /v1/{parent=projects/*/locations/*/keyRings/*}/importJobs Create a new ImportJob within a KeyRing. |
get |
GET /v1/{name=projects/*/locations/*/keyRings/*/importJobs/*} Returns metadata for a given ImportJob. |
list |
GET /v1/{parent=projects/*/locations/*/keyRings/*}/importJobs Lists ImportJobs. |
getIamPolicy |
The method google.iam.v1.IAMPolicy.GetIamPolicy is not available in Trusted Cloud by S3NS. |
setIamPolicy |
The method google.iam.v1.IAMPolicy.SetIamPolicy is not available in Trusted Cloud by S3NS. |
testIamPermissions |
The method google.iam.v1.IAMPolicy.TestIamPermissions is not available in Trusted Cloud by S3NS. |
REST Resource: v1.projects.locations.operations
| Methods | |
|---|---|
get |
The method google.longrunning.Operations.GetOperation is not available in Trusted Cloud by S3NS. |