@google-cloud/kms

import type * as gax from 'google-gax'; import type { Callback, CallOptions, Descriptors, ClientOptions, PaginationCallback, IamClient, IamProtos, LocationsClient, LocationProtos } from 'google-gax'; import { Transform } from 'stream'; import * as protos from '../../protos/protos'; /** * Google Cloud Key Management Service * * Manages cryptographic keys and operations using those keys. Implements a REST * model with the following objects: * * * {@link protos.google.cloud.kms.v1.KeyRing|KeyRing} * * {@link protos.google.cloud.kms.v1.CryptoKey|CryptoKey} * * {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} * * {@link protos.google.cloud.kms.v1.ImportJob|ImportJob} * * If you are using manual gRPC libraries, see * [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc). * @class * @memberof v1 */ export declare class KeyManagementServiceClient { private _terminated; private _opts; private _providedCustomServicePath; private _gaxModule; private _gaxGrpc; private _protos; private _defaults; private _universeDomain; private _servicePath; private _log; auth: gax.GoogleAuth; descriptors: Descriptors; warn: (code: string, message: string, warnType?: string) => void; innerApiCalls: { [name: string]: Function; }; iamClient: IamClient; locationsClient: LocationsClient; pathTemplates: { [name: string]: gax.PathTemplate; }; keyManagementServiceStub?: Promise<{ [name: string]: Function; }>; /** * Construct an instance of KeyManagementServiceClient. * * @param {object} [options] - The configuration object. * The options accepted by the constructor are described in detail * in [this document](https://github.com/googleapis/gax-nodejs/blob/main/client-libraries.md#creating-the-client-instance). * The common options are: * @param {object} [options.credentials] - Credentials object. * @param {string} [options.credentials.client_email] * @param {string} [options.credentials.private_key] * @param {string} [options.email] - Account email address. Required when * using a .pem or .p12 keyFilename. * @param {string} [options.keyFilename] - Full path to the a .json, .pem, or * .p12 key downloaded from the Google Developers Console. If you provide * a path to a JSON file, the projectId option below is not necessary. * NOTE: .pem and .p12 require you to specify options.email as well. * @param {number} [options.port] - The port on which to connect to * the remote host. * @param {string} [options.projectId] - The project ID from the Google * Developer's Console, e.g. 'grape-spaceship-123'. We will also check * the environment variable GCLOUD_PROJECT for your project ID. If your * app is running in an environment which supports * {@link https://cloud.google.com/docs/authentication/application-default-credentials Application Default Credentials}, * your project ID will be detected automatically. * @param {string} [options.apiEndpoint] - The domain name of the * API remote host. * @param {gax.ClientConfig} [options.clientConfig] - Client configuration override. * Follows the structure of {@link gapicConfig}. * @param {boolean} [options.fallback] - Use HTTP/1.1 REST mode. * For more information, please check the * {@link https://github.com/googleapis/gax-nodejs/blob/main/client-libraries.md#http11-rest-api-mode documentation}. * @param {gax} [gaxInstance]: loaded instance of `google-gax`. Useful if you * need to avoid loading the default gRPC version and want to use the fallback * HTTP implementation. Load only fallback version and pass it to the constructor: * ``` * const gax = require('google-gax/build/src/fallback'); // avoids loading google-gax with gRPC * const client = new KeyManagementServiceClient({fallback: true}, gax); * ``` */ constructor(opts?: ClientOptions, gaxInstance?: typeof gax | typeof gax.fallback); /** * Initialize the client. * Performs asynchronous operations (such as authentication) and prepares the client. * This function will be called automatically when any class method is called for the * first time, but if you need to initialize it before calling an actual method, * feel free to call initialize() directly. * * You can await on this method if you want to make sure the client is initialized. * * @returns {Promise} A promise that resolves to an authenticated service stub. */ initialize(): Promise<{ [name: string]: Function; }>; /** * The DNS address for this API service. * @deprecated Use the apiEndpoint method of the client instance. * @returns {string} The DNS address for this service. */ static get servicePath(): string; /** * The DNS address for this API service - same as servicePath. * @deprecated Use the apiEndpoint method of the client instance. * @returns {string} The DNS address for this service. */ static get apiEndpoint(): string; /** * The DNS address for this API service. * @returns {string} The DNS address for this service. */ get apiEndpoint(): string; get universeDomain(): string; /** * The port for this API service. * @returns {number} The default port for this service. */ static get port(): number; /** * The scopes needed to make gRPC calls for every method defined * in this service. * @returns {string[]} List of default scopes. */ static get scopes(): string[]; getProjectId(): Promise<string>; getProjectId(callback: Callback<string, undefined, undefined>): void; /** * Returns metadata for a given {@link protos.google.cloud.kms.v1.KeyRing|KeyRing}. * * @param {Object} request * The request object that will be sent. * @param {string} request.name * Required. The {@link protos.google.cloud.kms.v1.KeyRing.name|name} of the * {@link protos.google.cloud.kms.v1.KeyRing|KeyRing} to get. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. * The first element of the array is an object representing {@link protos.google.cloud.kms.v1.KeyRing|KeyRing}. * Please see the {@link https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods | documentation } * for more details and examples. * @example <caption>include:samples/generated/v1/key_management_service.get_key_ring.js</caption> * region_tag:cloudkms_v1_generated_KeyManagementService_GetKeyRing_async */ getKeyRing(request?: protos.google.cloud.kms.v1.IGetKeyRingRequest, options?: CallOptions): Promise<[ protos.google.cloud.kms.v1.IKeyRing, protos.google.cloud.kms.v1.IGetKeyRingRequest | undefined, {} | undefined ]>; getKeyRing(request: protos.google.cloud.kms.v1.IGetKeyRingRequest, options: CallOptions, callback: Callback<protos.google.cloud.kms.v1.IKeyRing, protos.google.cloud.kms.v1.IGetKeyRingRequest | null | undefined, {} | null | undefined>): void; getKeyRing(request: protos.google.cloud.kms.v1.IGetKeyRingRequest, callback: Callback<protos.google.cloud.kms.v1.IKeyRing, protos.google.cloud.kms.v1.IGetKeyRingRequest | null | undefined, {} | null | undefined>): void; /** * Returns metadata for a given {@link protos.google.cloud.kms.v1.CryptoKey|CryptoKey}, as * well as its {@link protos.google.cloud.kms.v1.CryptoKey.primary|primary} * {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}. * * @param {Object} request * The request object that will be sent. * @param {string} request.name * Required. The {@link protos.google.cloud.kms.v1.CryptoKey.name|name} of the * {@link protos.google.cloud.kms.v1.CryptoKey|CryptoKey} to get. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. * The first element of the array is an object representing {@link protos.google.cloud.kms.v1.CryptoKey|CryptoKey}. * Please see the {@link https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods | documentation } * for more details and examples. * @example <caption>include:samples/generated/v1/key_management_service.get_crypto_key.js</caption> * region_tag:cloudkms_v1_generated_KeyManagementService_GetCryptoKey_async */ getCryptoKey(request?: protos.google.cloud.kms.v1.IGetCryptoKeyRequest, options?: CallOptions): Promise<[ protos.google.cloud.kms.v1.ICryptoKey, protos.google.cloud.kms.v1.IGetCryptoKeyRequest | undefined, {} | undefined ]>; getCryptoKey(request: protos.google.cloud.kms.v1.IGetCryptoKeyRequest, options: CallOptions, callback: Callback<protos.google.cloud.kms.v1.ICryptoKey, protos.google.cloud.kms.v1.IGetCryptoKeyRequest | null | undefined, {} | null | undefined>): void; getCryptoKey(request: protos.google.cloud.kms.v1.IGetCryptoKeyRequest, callback: Callback<protos.google.cloud.kms.v1.ICryptoKey, protos.google.cloud.kms.v1.IGetCryptoKeyRequest | null | undefined, {} | null | undefined>): void; /** * Returns metadata for a given * {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}. * * @param {Object} request * The request object that will be sent. * @param {string} request.name * Required. The {@link protos.google.cloud.kms.v1.CryptoKeyVersion.name|name} of the * {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} to get. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. * The first element of the array is an object representing {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}. * Please see the {@link https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods | documentation } * for more details and examples. * @example <caption>include:samples/generated/v1/key_management_service.get_crypto_key_version.js</caption> * region_tag:cloudkms_v1_generated_KeyManagementService_GetCryptoKeyVersion_async */ getCryptoKeyVersion(request?: protos.google.cloud.kms.v1.IGetCryptoKeyVersionRequest, options?: CallOptions): Promise<[ protos.google.cloud.kms.v1.ICryptoKeyVersion, protos.google.cloud.kms.v1.IGetCryptoKeyVersionRequest | undefined, {} | undefined ]>; getCryptoKeyVersion(request: protos.google.cloud.kms.v1.IGetCryptoKeyVersionRequest, options: CallOptions, callback: Callback<protos.google.cloud.kms.v1.ICryptoKeyVersion, protos.google.cloud.kms.v1.IGetCryptoKeyVersionRequest | null | undefined, {} | null | undefined>): void; getCryptoKeyVersion(request: protos.google.cloud.kms.v1.IGetCryptoKeyVersionRequest, callback: Callback<protos.google.cloud.kms.v1.ICryptoKeyVersion, protos.google.cloud.kms.v1.IGetCryptoKeyVersionRequest | null | undefined, {} | null | undefined>): void; /** * Returns the public key for the given * {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}. The * {@link protos.google.cloud.kms.v1.CryptoKey.purpose|CryptoKey.purpose} must be * {@link protos.google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN|ASYMMETRIC_SIGN} * or * {@link protos.google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT|ASYMMETRIC_DECRYPT}. * * @param {Object} request * The request object that will be sent. * @param {string} request.name * Required. The {@link protos.google.cloud.kms.v1.CryptoKeyVersion.name|name} of the * {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} public key to get. * @param {google.cloud.kms.v1.PublicKey.PublicKeyFormat} [request.publicKeyFormat] * Optional. The {@link protos.google.cloud.kms.v1.PublicKey|PublicKey} format specified * by the user. This field is required for PQC algorithms. If specified, the * public key will be exported through the * {@link protos.google.cloud.kms.v1.PublicKey.public_key|public_key} field in the * requested format. Otherwise, the {@link protos.google.cloud.kms.v1.PublicKey.pem|pem} * field will be populated for non-PQC algorithms, and an error will be * returned for PQC algorithms. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. * The first element of the array is an object representing {@link protos.google.cloud.kms.v1.PublicKey|PublicKey}. * Please see the {@link https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods | documentation } * for more details and examples. * @example <caption>include:samples/generated/v1/key_management_service.get_public_key.js</caption> * region_tag:cloudkms_v1_generated_KeyManagementService_GetPublicKey_async */ getPublicKey(request?: protos.google.cloud.kms.v1.IGetPublicKeyRequest, options?: CallOptions): Promise<[ protos.google.cloud.kms.v1.IPublicKey, protos.google.cloud.kms.v1.IGetPublicKeyRequest | undefined, {} | undefined ]>; getPublicKey(request: protos.google.cloud.kms.v1.IGetPublicKeyRequest, options: CallOptions, callback: Callback<protos.google.cloud.kms.v1.IPublicKey, protos.google.cloud.kms.v1.IGetPublicKeyRequest | null | undefined, {} | null | undefined>): void; getPublicKey(request: protos.google.cloud.kms.v1.IGetPublicKeyRequest, callback: Callback<protos.google.cloud.kms.v1.IPublicKey, protos.google.cloud.kms.v1.IGetPublicKeyRequest | null | undefined, {} | null | undefined>): void; /** * Returns metadata for a given {@link protos.google.cloud.kms.v1.ImportJob|ImportJob}. * * @param {Object} request * The request object that will be sent. * @param {string} request.name * Required. The {@link protos.google.cloud.kms.v1.ImportJob.name|name} of the * {@link protos.google.cloud.kms.v1.ImportJob|ImportJob} to get. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. * The first element of the array is an object representing {@link protos.google.cloud.kms.v1.ImportJob|ImportJob}. * Please see the {@link https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods | documentation } * for more details and examples. * @example <caption>include:samples/generated/v1/key_management_service.get_import_job.js</caption> * region_tag:cloudkms_v1_generated_KeyManagementService_GetImportJob_async */ getImportJob(request?: protos.google.cloud.kms.v1.IGetImportJobRequest, options?: CallOptions): Promise<[ protos.google.cloud.kms.v1.IImportJob, protos.google.cloud.kms.v1.IGetImportJobRequest | undefined, {} | undefined ]>; getImportJob(request: protos.google.cloud.kms.v1.IGetImportJobRequest, options: CallOptions, callback: Callback<protos.google.cloud.kms.v1.IImportJob, protos.google.cloud.kms.v1.IGetImportJobRequest | null | undefined, {} | null | undefined>): void; getImportJob(request: protos.google.cloud.kms.v1.IGetImportJobRequest, callback: Callback<protos.google.cloud.kms.v1.IImportJob, protos.google.cloud.kms.v1.IGetImportJobRequest | null | undefined, {} | null | undefined>): void; /** * Create a new {@link protos.google.cloud.kms.v1.KeyRing|KeyRing} in a given Project and * Location. * * @param {Object} request * The request object that will be sent. * @param {string} request.parent * Required. The resource name of the location associated with the * {@link protos.google.cloud.kms.v1.KeyRing|KeyRings}, in the format * `projects/* /locations/*`. * @param {string} request.keyRingId * Required. It must be unique within a location and match the regular * expression `[a-zA-Z0-9_-]{1,63}` * @param {google.cloud.kms.v1.KeyRing} request.keyRing * Required. A {@link protos.google.cloud.kms.v1.KeyRing|KeyRing} with initial field * values. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. * The first element of the array is an object representing {@link protos.google.cloud.kms.v1.KeyRing|KeyRing}. * Please see the {@link https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods | documentation } * for more details and examples. * @example <caption>include:samples/generated/v1/key_management_service.create_key_ring.js</caption> * region_tag:cloudkms_v1_generated_KeyManagementService_CreateKeyRing_async */ createKeyRing(request?: protos.google.cloud.kms.v1.ICreateKeyRingRequest, options?: CallOptions): Promise<[ protos.google.cloud.kms.v1.IKeyRing, protos.google.cloud.kms.v1.ICreateKeyRingRequest | undefined, {} | undefined ]>; createKeyRing(request: protos.google.cloud.kms.v1.ICreateKeyRingRequest, options: CallOptions, callback: Callback<protos.google.cloud.kms.v1.IKeyRing, protos.google.cloud.kms.v1.ICreateKeyRingRequest | null | undefined, {} | null | undefined>): void; createKeyRing(request: protos.google.cloud.kms.v1.ICreateKeyRingRequest, callback: Callback<protos.google.cloud.kms.v1.IKeyRing, protos.google.cloud.kms.v1.ICreateKeyRingRequest | null | undefined, {} | null | undefined>): void; /** * Create a new {@link protos.google.cloud.kms.v1.CryptoKey|CryptoKey} within a * {@link protos.google.cloud.kms.v1.KeyRing|KeyRing}. * * {@link protos.google.cloud.kms.v1.CryptoKey.purpose|CryptoKey.purpose} and * {@link protos.google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm|CryptoKey.version_template.algorithm} * are required. * * @param {Object} request * The request object that will be sent. * @param {string} request.parent * Required. The {@link protos.google.cloud.kms.v1.KeyRing.name|name} of the KeyRing * associated with the {@link protos.google.cloud.kms.v1.CryptoKey|CryptoKeys}. * @param {string} request.cryptoKeyId * Required. It must be unique within a KeyRing and match the regular * expression `[a-zA-Z0-9_-]{1,63}` * @param {google.cloud.kms.v1.CryptoKey} request.cryptoKey * Required. A {@link protos.google.cloud.kms.v1.CryptoKey|CryptoKey} with initial field * values. * @param {boolean} request.skipInitialVersionCreation * If set to true, the request will create a * {@link protos.google.cloud.kms.v1.CryptoKey|CryptoKey} without any * {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersions}. You must * manually call * {@link protos.google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion|CreateCryptoKeyVersion} * or * {@link protos.google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion|ImportCryptoKeyVersion} * before you can use this {@link protos.google.cloud.kms.v1.CryptoKey|CryptoKey}. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. * The first element of the array is an object representing {@link protos.google.cloud.kms.v1.CryptoKey|CryptoKey}. * Please see the {@link https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods | documentation } * for more details and examples. * @example <caption>include:samples/generated/v1/key_management_service.create_crypto_key.js</caption> * region_tag:cloudkms_v1_generated_KeyManagementService_CreateCryptoKey_async */ createCryptoKey(request?: protos.google.cloud.kms.v1.ICreateCryptoKeyRequest, options?: CallOptions): Promise<[ protos.google.cloud.kms.v1.ICryptoKey, protos.google.cloud.kms.v1.ICreateCryptoKeyRequest | undefined, {} | undefined ]>; createCryptoKey(request: protos.google.cloud.kms.v1.ICreateCryptoKeyRequest, options: CallOptions, callback: Callback<protos.google.cloud.kms.v1.ICryptoKey, protos.google.cloud.kms.v1.ICreateCryptoKeyRequest | null | undefined, {} | null | undefined>): void; createCryptoKey(request: protos.google.cloud.kms.v1.ICreateCryptoKeyRequest, callback: Callback<protos.google.cloud.kms.v1.ICryptoKey, protos.google.cloud.kms.v1.ICreateCryptoKeyRequest | null | undefined, {} | null | undefined>): void; /** * Create a new {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} in a * {@link protos.google.cloud.kms.v1.CryptoKey|CryptoKey}. * * The server will assign the next sequential id. If unset, * {@link protos.google.cloud.kms.v1.CryptoKeyVersion.state|state} will be set to * {@link protos.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED|ENABLED}. * * @param {Object} request * The request object that will be sent. * @param {string} request.parent * Required. The {@link protos.google.cloud.kms.v1.CryptoKey.name|name} of the * {@link protos.google.cloud.kms.v1.CryptoKey|CryptoKey} associated with the * {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersions}. * @param {google.cloud.kms.v1.CryptoKeyVersion} request.cryptoKeyVersion * Required. A {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} with * initial field values. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. * The first element of the array is an object representing {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}. * Please see the {@link https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods | documentation } * for more details and examples. * @example <caption>include:samples/generated/v1/key_management_service.create_crypto_key_version.js</caption> * region_tag:cloudkms_v1_generated_KeyManagementService_CreateCryptoKeyVersion_async */ createCryptoKeyVersion(request?: protos.google.cloud.kms.v1.ICreateCryptoKeyVersionRequest, options?: CallOptions): Promise<[ protos.google.cloud.kms.v1.ICryptoKeyVersion, protos.google.cloud.kms.v1.ICreateCryptoKeyVersionRequest | undefined, {} | undefined ]>; createCryptoKeyVersion(request: protos.google.cloud.kms.v1.ICreateCryptoKeyVersionRequest, options: CallOptions, callback: Callback<protos.google.cloud.kms.v1.ICryptoKeyVersion, protos.google.cloud.kms.v1.ICreateCryptoKeyVersionRequest | null | undefined, {} | null | undefined>): void; createCryptoKeyVersion(request: protos.google.cloud.kms.v1.ICreateCryptoKeyVersionRequest, callback: Callback<protos.google.cloud.kms.v1.ICryptoKeyVersion, protos.google.cloud.kms.v1.ICreateCryptoKeyVersionRequest | null | undefined, {} | null | undefined>): void; /** * Import wrapped key material into a * {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}. * * All requests must specify a {@link protos.google.cloud.kms.v1.CryptoKey|CryptoKey}. If * a {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} is additionally * specified in the request, key material will be reimported into that * version. Otherwise, a new version will be created, and will be assigned the * next sequential id within the {@link protos.google.cloud.kms.v1.CryptoKey|CryptoKey}. * * @param {Object} request * The request object that will be sent. * @param {string} request.parent * Required. The {@link protos.google.cloud.kms.v1.CryptoKey.name|name} of the * {@link protos.google.cloud.kms.v1.CryptoKey|CryptoKey} to be imported into. * * The create permission is only required on this key when creating a new * {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}. * @param {string} [request.cryptoKeyVersion] * Optional. The optional {@link protos.google.cloud.kms.v1.CryptoKeyVersion.name|name} of * an existing {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} to * target for an import operation. If this field is not present, a new * {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} containing the * supplied key material is created. * * If this field is present, the supplied key material is imported into * the existing {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}. To * import into an existing * {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}, the * {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} must be a child of * {@link protos.google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent|ImportCryptoKeyVersionRequest.parent}, * have been previously created via * {@link protos.google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion|ImportCryptoKeyVersion}, * and be in * {@link protos.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED|DESTROYED} * or * {@link protos.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED|IMPORT_FAILED} * state. The key material and algorithm must match the previous * {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} exactly if the * {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} has ever contained * key material. * @param {google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm} request.algorithm * Required. The * {@link protos.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm|algorithm} * of the key being imported. This does not need to match the * {@link protos.google.cloud.kms.v1.CryptoKey.version_template|version_template} of the * {@link protos.google.cloud.kms.v1.CryptoKey|CryptoKey} this version imports into. * @param {string} request.importJob * Required. The {@link protos.google.cloud.kms.v1.ImportJob.name|name} of the * {@link protos.google.cloud.kms.v1.ImportJob|ImportJob} that was used to wrap this key * material. * @param {Buffer} [request.wrappedKey] * Optional. The wrapped key material to import. * * Before wrapping, key material must be formatted. If importing symmetric key * material, the expected key material format is plain bytes. If importing * asymmetric key material, the expected key material format is PKCS#8-encoded * DER (the PrivateKeyInfo structure from RFC 5208). * * When wrapping with import methods * ({@link protos.google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256|RSA_OAEP_3072_SHA1_AES_256} * or * {@link protos.google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256|RSA_OAEP_4096_SHA1_AES_256} * or * {@link protos.google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256_AES_256|RSA_OAEP_3072_SHA256_AES_256} * or * {@link protos.google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256_AES_256|RSA_OAEP_4096_SHA256_AES_256}), * * this field must contain the concatenation of: * <ol> * <li>An ephemeral AES-256 wrapping key wrapped with the * {@link protos.google.cloud.kms.v1.ImportJob.public_key|public_key} using * RSAES-OAEP with SHA-1/SHA-256, MGF1 with SHA-1/SHA-256, and an empty * label. * </li> * <li>The formatted key to be imported, wrapped with the ephemeral AES-256 * key using AES-KWP (RFC 5649). * </li> * </ol> * * This format is the same as the format produced by PKCS#11 mechanism * CKM_RSA_AES_KEY_WRAP. * * When wrapping with import methods * ({@link protos.google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA256|RSA_OAEP_3072_SHA256} * or * {@link protos.google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA256|RSA_OAEP_4096_SHA256}), * * this field must contain the formatted key to be imported, wrapped with the * {@link protos.google.cloud.kms.v1.ImportJob.public_key|public_key} using RSAES-OAEP * with SHA-256, MGF1 with SHA-256, and an empty label. * @param {Buffer} [request.rsaAesWrappedKey] * Optional. This field has the same meaning as * {@link protos.google.cloud.kms.v1.ImportCryptoKeyVersionRequest.wrapped_key|wrapped_key}. * Prefer to use that field in new work. Either that field or this field * (but not both) must be specified. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. * The first element of the array is an object representing {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}. * Please see the {@link https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods | documentation } * for more details and examples. * @example <caption>include:samples/generated/v1/key_management_service.import_crypto_key_version.js</caption> * region_tag:cloudkms_v1_generated_KeyManagementService_ImportCryptoKeyVersion_async */ importCryptoKeyVersion(request?: protos.google.cloud.kms.v1.IImportCryptoKeyVersionRequest, options?: CallOptions): Promise<[ protos.google.cloud.kms.v1.ICryptoKeyVersion, protos.google.cloud.kms.v1.IImportCryptoKeyVersionRequest | undefined, {} | undefined ]>; importCryptoKeyVersion(request: protos.google.cloud.kms.v1.IImportCryptoKeyVersionRequest, options: CallOptions, callback: Callback<protos.google.cloud.kms.v1.ICryptoKeyVersion, protos.google.cloud.kms.v1.IImportCryptoKeyVersionRequest | null | undefined, {} | null | undefined>): void; importCryptoKeyVersion(request: protos.google.cloud.kms.v1.IImportCryptoKeyVersionRequest, callback: Callback<protos.google.cloud.kms.v1.ICryptoKeyVersion, protos.google.cloud.kms.v1.IImportCryptoKeyVersionRequest | null | undefined, {} | null | undefined>): void; /** * Create a new {@link protos.google.cloud.kms.v1.ImportJob|ImportJob} within a * {@link protos.google.cloud.kms.v1.KeyRing|KeyRing}. * * {@link protos.google.cloud.kms.v1.ImportJob.import_method|ImportJob.import_method} is * required. * * @param {Object} request * The request object that will be sent. * @param {string} request.parent * Required. The {@link protos.google.cloud.kms.v1.KeyRing.name|name} of the * {@link protos.google.cloud.kms.v1.KeyRing|KeyRing} associated with the * {@link protos.google.cloud.kms.v1.ImportJob|ImportJobs}. * @param {string} request.importJobId * Required. It must be unique within a KeyRing and match the regular * expression `[a-zA-Z0-9_-]{1,63}` * @param {google.cloud.kms.v1.ImportJob} request.importJob * Required. An {@link protos.google.cloud.kms.v1.ImportJob|ImportJob} with initial field * values. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. * The first element of the array is an object representing {@link protos.google.cloud.kms.v1.ImportJob|ImportJob}. * Please see the {@link https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods | documentation } * for more details and examples. * @example <caption>include:samples/generated/v1/key_management_service.create_import_job.js</caption> * region_tag:cloudkms_v1_generated_KeyManagementService_CreateImportJob_async */ createImportJob(request?: protos.google.cloud.kms.v1.ICreateImportJobRequest, options?: CallOptions): Promise<[ protos.google.cloud.kms.v1.IImportJob, protos.google.cloud.kms.v1.ICreateImportJobRequest | undefined, {} | undefined ]>; createImportJob(request: protos.google.cloud.kms.v1.ICreateImportJobRequest, options: CallOptions, callback: Callback<protos.google.cloud.kms.v1.IImportJob, protos.google.cloud.kms.v1.ICreateImportJobRequest | null | undefined, {} | null | undefined>): void; createImportJob(request: protos.google.cloud.kms.v1.ICreateImportJobRequest, callback: Callback<protos.google.cloud.kms.v1.IImportJob, protos.google.cloud.kms.v1.ICreateImportJobRequest | null | undefined, {} | null | undefined>): void; /** * Update a {@link protos.google.cloud.kms.v1.CryptoKey|CryptoKey}. * * @param {Object} request * The request object that will be sent. * @param {google.cloud.kms.v1.CryptoKey} request.cryptoKey * Required. {@link protos.google.cloud.kms.v1.CryptoKey|CryptoKey} with updated values. * @param {google.protobuf.FieldMask} request.updateMask * Required. List of fields to be updated in this request. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. * The first element of the array is an object representing {@link protos.google.cloud.kms.v1.CryptoKey|CryptoKey}. * Please see the {@link https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods | documentation } * for more details and examples. * @example <caption>include:samples/generated/v1/key_management_service.update_crypto_key.js</caption> * region_tag:cloudkms_v1_generated_KeyManagementService_UpdateCryptoKey_async */ updateCryptoKey(request?: protos.google.cloud.kms.v1.IUpdateCryptoKeyRequest, options?: CallOptions): Promise<[ protos.google.cloud.kms.v1.ICryptoKey, protos.google.cloud.kms.v1.IUpdateCryptoKeyRequest | undefined, {} | undefined ]>; updateCryptoKey(request: protos.google.cloud.kms.v1.IUpdateCryptoKeyRequest, options: CallOptions, callback: Callback<protos.google.cloud.kms.v1.ICryptoKey, protos.google.cloud.kms.v1.IUpdateCryptoKeyRequest | null | undefined, {} | null | undefined>): void; updateCryptoKey(request: protos.google.cloud.kms.v1.IUpdateCryptoKeyRequest, callback: Callback<protos.google.cloud.kms.v1.ICryptoKey, protos.google.cloud.kms.v1.IUpdateCryptoKeyRequest | null | undefined, {} | null | undefined>): void; /** * Update a {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}'s * metadata. * * {@link protos.google.cloud.kms.v1.CryptoKeyVersion.state|state} may be changed between * {@link protos.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED|ENABLED} * and * {@link protos.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED|DISABLED} * using this method. See * {@link protos.google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion|DestroyCryptoKeyVersion} * and * {@link protos.google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion|RestoreCryptoKeyVersion} * to move between other states. * * @param {Object} request * The request object that will be sent. * @param {google.cloud.kms.v1.CryptoKeyVersion} request.cryptoKeyVersion * Required. {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} with * updated values. * @param {google.protobuf.FieldMask} request.updateMask * Required. List of fields to be updated in this request. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. * The first element of the array is an object representing {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}. * Please see the {@link https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods | documentation } * for more details and examples. * @example <caption>include:samples/generated/v1/key_management_service.update_crypto_key_version.js</caption> * region_tag:cloudkms_v1_generated_KeyManagementService_UpdateCryptoKeyVersion_async */ updateCryptoKeyVersion(request?: protos.google.cloud.kms.v1.IUpdateCryptoKeyVersionRequest, options?: CallOptions): Promise<[ protos.google.cloud.kms.v1.ICryptoKeyVersion, protos.google.cloud.kms.v1.IUpdateCryptoKeyVersionRequest | undefined, {} | undefined ]>; updateCryptoKeyVersion(request: protos.google.cloud.kms.v1.IUpdateCryptoKeyVersionRequest, options: CallOptions, callback: Callback<protos.google.cloud.kms.v1.ICryptoKeyVersion, protos.google.cloud.kms.v1.IUpdateCryptoKeyVersionRequest | null | undefined, {} | null | undefined>): void; updateCryptoKeyVersion(request: protos.google.cloud.kms.v1.IUpdateCryptoKeyVersionRequest, callback: Callback<protos.google.cloud.kms.v1.ICryptoKeyVersion, protos.google.cloud.kms.v1.IUpdateCryptoKeyVersionRequest | null | undefined, {} | null | undefined>): void; /** * Update the version of a {@link protos.google.cloud.kms.v1.CryptoKey|CryptoKey} that * will be used in * {@link protos.google.cloud.kms.v1.KeyManagementService.Encrypt|Encrypt}. * * Returns an error if called on a key whose purpose is not * {@link protos.google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT|ENCRYPT_DECRYPT}. * * @param {Object} request * The request object that will be sent. * @param {string} request.name * Required. The resource name of the * {@link protos.google.cloud.kms.v1.CryptoKey|CryptoKey} to update. * @param {string} request.cryptoKeyVersionId * Required. The id of the child * {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} to use as primary. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. * The first element of the array is an object representing {@link protos.google.cloud.kms.v1.CryptoKey|CryptoKey}. * Please see the {@link https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods | documentation } * for more details and examples. * @example <caption>include:samples/generated/v1/key_management_service.update_crypto_key_primary_version.js</caption> * region_tag:cloudkms_v1_generated_KeyManagementService_UpdateCryptoKeyPrimaryVersion_async */ updateCryptoKeyPrimaryVersion(request?: protos.google.cloud.kms.v1.IUpdateCryptoKeyPrimaryVersionRequest, options?: CallOptions): Promise<[ protos.google.cloud.kms.v1.ICryptoKey, (protos.google.cloud.kms.v1.IUpdateCryptoKeyPrimaryVersionRequest | undefined), {} | undefined ]>; updateCryptoKeyPrimaryVersion(request: protos.google.cloud.kms.v1.IUpdateCryptoKeyPrimaryVersionRequest, options: CallOptions, callback: Callback<protos.google.cloud.kms.v1.ICryptoKey, protos.google.cloud.kms.v1.IUpdateCryptoKeyPrimaryVersionRequest | null | undefined, {} | null | undefined>): void; updateCryptoKeyPrimaryVersion(request: protos.google.cloud.kms.v1.IUpdateCryptoKeyPrimaryVersionRequest, callback: Callback<protos.google.cloud.kms.v1.ICryptoKey, protos.google.cloud.kms.v1.IUpdateCryptoKeyPrimaryVersionRequest | null | undefined, {} | null | undefined>): void; /** * Schedule a {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} for * destruction. * * Upon calling this method, * {@link protos.google.cloud.kms.v1.CryptoKeyVersion.state|CryptoKeyVersion.state} will * be set to * {@link protos.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED|DESTROY_SCHEDULED}, * and {@link protos.google.cloud.kms.v1.CryptoKeyVersion.destroy_time|destroy_time} will * be set to the time * {@link protos.google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration|destroy_scheduled_duration} * in the future. At that time, the * {@link protos.google.cloud.kms.v1.CryptoKeyVersion.state|state} will automatically * change to * {@link protos.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED|DESTROYED}, * and the key material will be irrevocably destroyed. * * Before the * {@link protos.google.cloud.kms.v1.CryptoKeyVersion.destroy_time|destroy_time} is * reached, * {@link protos.google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion|RestoreCryptoKeyVersion} * may be called to reverse the process. * * @param {Object} request * The request object that will be sent. * @param {string} request.name * Required. The resource name of the * {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} to destroy. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. * The first element of the array is an object representing {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}. * Please see the {@link https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods | documentation } * for more details and examples. * @example <caption>include:samples/generated/v1/key_management_service.destroy_crypto_key_version.js</caption> * region_tag:cloudkms_v1_generated_KeyManagementService_DestroyCryptoKeyVersion_async */ destroyCryptoKeyVersion(request?: protos.google.cloud.kms.v1.IDestroyCryptoKeyVersionRequest, options?: CallOptions): Promise<[ protos.google.cloud.kms.v1.ICryptoKeyVersion, protos.google.cloud.kms.v1.IDestroyCryptoKeyVersionRequest | undefined, {} | undefined ]>; destroyCryptoKeyVersion(request: protos.google.cloud.kms.v1.IDestroyCryptoKeyVersionRequest, options: CallOptions, callback: Callback<protos.google.cloud.kms.v1.ICryptoKeyVersion, protos.google.cloud.kms.v1.IDestroyCryptoKeyVersionRequest | null | undefined, {} | null | undefined>): void; destroyCryptoKeyVersion(request: protos.google.cloud.kms.v1.IDestroyCryptoKeyVersionRequest, callback: Callback<protos.google.cloud.kms.v1.ICryptoKeyVersion, protos.google.cloud.kms.v1.IDestroyCryptoKeyVersionRequest | null | undefined, {} | null | undefined>): void; /** * Restore a {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} in the * {@link protos.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED|DESTROY_SCHEDULED} * state. * * Upon restoration of the CryptoKeyVersion, * {@link protos.google.cloud.kms.v1.CryptoKeyVersion.state|state} will be set to * {@link protos.google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED|DISABLED}, * and {@link protos.google.cloud.kms.v1.CryptoKeyVersion.destroy_time|destroy_time} will * be cleared. * * @param {Object} request * The request object that will be sent. * @param {string} request.name * Required. The resource name of the * {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} to restore. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. * The first element of the array is an object representing {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion}. * Please see the {@link https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods | documentation } * for more details and examples. * @example <caption>include:samples/generated/v1/key_management_service.restore_crypto_key_version.js</caption> * region_tag:cloudkms_v1_generated_KeyManagementService_RestoreCryptoKeyVersion_async */ restoreCryptoKeyVersion(request?: protos.google.cloud.kms.v1.IRestoreCryptoKeyVersionRequest, options?: CallOptions): Promise<[ protos.google.cloud.kms.v1.ICryptoKeyVersion, protos.google.cloud.kms.v1.IRestoreCryptoKeyVersionRequest | undefined, {} | undefined ]>; restoreCryptoKeyVersion(request: protos.google.cloud.kms.v1.IRestoreCryptoKeyVersionRequest, options: CallOptions, callback: Callback<protos.google.cloud.kms.v1.ICryptoKeyVersion, protos.google.cloud.kms.v1.IRestoreCryptoKeyVersionRequest | null | undefined, {} | null | undefined>): void; restoreCryptoKeyVersion(request: protos.google.cloud.kms.v1.IRestoreCryptoKeyVersionRequest, callback: Callback<protos.google.cloud.kms.v1.ICryptoKeyVersion, protos.google.cloud.kms.v1.IRestoreCryptoKeyVersionRequest | null | undefined, {} | null | undefined>): void; /** * Encrypts data, so that it can only be recovered by a call to * {@link protos.google.cloud.kms.v1.KeyManagementService.Decrypt|Decrypt}. The * {@link protos.google.cloud.kms.v1.CryptoKey.purpose|CryptoKey.purpose} must be * {@link protos.google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT|ENCRYPT_DECRYPT}. * * @param {Object} request * The request object that will be sent. * @param {string} request.name * Required. The resource name of the * {@link protos.google.cloud.kms.v1.CryptoKey|CryptoKey} or * {@link protos.google.cloud.kms.v1.CryptoKeyVersion|CryptoKeyVersion} to use for * encryption. * * If a {@link protos.google.cloud.kms.v1.CryptoKey|CryptoKey} is specified, the server * will use its {@link protos.google.cloud.kms.v1.CryptoKey.primary|primary version}. * @param {Buffer} request.plaintext * Required. The data to encrypt. Must be no larger than 64KiB. * * The maximum size depends on the key version's * {@link protos.google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level|protection_level}. * For {@link protos.google.cloud.kms.v1.ProtectionLevel.SOFTWARE|SOFTWARE}, * {@link protos.google.cloud.kms.v1.ProtectionLevel.EXTERNAL|EXTERNAL}, and * {@link protos.google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC|EXTERNAL_VPC} keys, the * plaintext must be no larger than 64KiB. For * {@link protos.google.cloud.kms.v1.ProtectionLevel.HSM|HSM} keys, the combined length of * the plaintext and additional_authenticated_data fields must be no larger * than 8KiB. * @param {Buffer} [request.additionalAuthenticatedData] * Optional. Optional data that, if specified, must also be provided during * decryption through * {@link protos.google.cloud.kms.v1.DecryptRequest.additional_authenticated_data|DecryptRequest.additional_authenticated_data}. * * The maximum size depends on the key version's * {@link protos.google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level|protection_level}. * For {@link protos.google.cloud.kms.v1.ProtectionLevel.SOFTWARE|SOFTWARE}, * {@link protos.google.cloud.kms.v1.ProtectionLevel.EXTERNAL|EXTERNAL}, and * {@link protos.google.cloud.kms.v1.ProtectionLevel.EXTERNAL_VPC|EXTERNAL_VPC} keys the * AAD must be no larger than 64KiB. For * {@link protos.google.cloud.kms.v1.ProtectionLevel.HSM|HSM} keys, the combined length of * the plaintext and additional_authenticated_data fields must be no larger * than 8KiB. * @param {google.protobuf.Int64Value} [request.plaintextCrc32c] * Optional. An optional CRC32C checksum of the * {@link protos.google.cloud.kms.v1.En