Struct googapis::google::cloud::kms::v1::CryptoKey [−][src]
pub struct CryptoKey {
pub name: String,
pub primary: Option<CryptoKeyVersion>,
pub purpose: i32,
pub create_time: Option<Timestamp>,
pub next_rotation_time: Option<Timestamp>,
pub version_template: Option<CryptoKeyVersionTemplate>,
pub labels: HashMap<String, String>,
pub import_only: bool,
pub destroy_scheduled_duration: Option<Duration>,
pub rotation_schedule: Option<RotationSchedule>,
}
Expand description
A [CryptoKey][google.cloud.kms.v1.CryptoKey] represents a logical key that can be used for cryptographic operations.
A [CryptoKey][google.cloud.kms.v1.CryptoKey] is made up of zero or more [versions][google.cloud.kms.v1.CryptoKeyVersion], which represent the actual key material used in cryptographic operations.
Fields
name: String
Output only. The resource name for this [CryptoKey][google.cloud.kms.v1.CryptoKey] in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*
.
primary: Option<CryptoKeyVersion>
Output only. A copy of the “primary” [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that will be used by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] when this [CryptoKey][google.cloud.kms.v1.CryptoKey] is given in [EncryptRequest.name][google.cloud.kms.v1.EncryptRequest.name].
The [CryptoKey][google.cloud.kms.v1.CryptoKey]’s primary version can be updated via [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion].
Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] may have a primary. For other keys, this field will be omitted.
purpose: i32
Immutable. The immutable purpose of this [CryptoKey][google.cloud.kms.v1.CryptoKey].
create_time: Option<Timestamp>
Output only. The time at which this [CryptoKey][google.cloud.kms.v1.CryptoKey] was created.
next_rotation_time: Option<Timestamp>
At [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time], the Key Management Service will automatically:
- Create a new version of this [CryptoKey][google.cloud.kms.v1.CryptoKey].
- Mark the new version as primary.
Key rotations performed manually via [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] and [UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion] do not affect [next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time].
Keys with [purpose][google.cloud.kms.v1.CryptoKey.purpose] [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT] support automatic rotation. For other keys, this field must be omitted.
version_template: Option<CryptoKeyVersionTemplate>
A template describing settings for new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] instances. The properties of new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] instances created by either [CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion] or auto-rotation are controlled by this template.
labels: HashMap<String, String>
Labels with user-defined metadata. For more information, see Labeling Keys.
import_only: bool
Immutable. Whether this key may contain imported versions only.
destroy_scheduled_duration: Option<Duration>
Immutable. The period of time that versions of this key spend in the [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED] state before transitioning to [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED]. If not specified at creation time, the default duration is 24 hours.
rotation_schedule: Option<RotationSchedule>
Controls the rate of automatic rotation.
Implementations
Returns the enum value of purpose
, or the default if the field is set to an invalid enum value.
Sets purpose
to the provided enum value.
Trait Implementations
fn merge_field<B>(
&mut self,
tag: u32,
wire_type: WireType,
buf: &mut B,
ctx: DecodeContext
) -> Result<(), DecodeError> where
B: Buf,
Returns the encoded length of the message without a length delimiter.
Encodes the message to a buffer. Read more
Encodes the message to a newly allocated buffer.
Encodes the message with a length-delimiter to a buffer. Read more
Encodes the message with a length-delimiter to a newly allocated buffer.
Decodes an instance of the message from a buffer. Read more
fn decode_length_delimited<B>(buf: B) -> Result<Self, DecodeError> where
Self: Default,
B: Buf,
fn decode_length_delimited<B>(buf: B) -> Result<Self, DecodeError> where
Self: Default,
B: Buf,
Decodes a length-delimited instance of the message from the buffer.
Decodes an instance of the message from a buffer, and merges it into self
. Read more
Decodes a length-delimited instance of the message from buffer, and
merges it into self
. Read more
Auto Trait Implementations
impl RefUnwindSafe for CryptoKey
impl UnwindSafe for CryptoKey
Blanket Implementations
Mutably borrows from an owned value. Read more
Wrap the input message T
in a tonic::Request
pub fn vzip(self) -> V
Attaches the provided Subscriber
to this type, returning a
WithDispatch
wrapper. Read more
Attaches the current default Subscriber
to this type, returning a
WithDispatch
wrapper. Read more