Class CryptoKey (2.7.0)
CryptoKey(mapping=None,*,ignore_unknown_fields=False,**kwargs)ACryptoKey represents a logicalkey that can be used for cryptographic operations.
ACryptoKey is made up of zero ormoreversions, whichrepresent the actual key material used in cryptographic operations.
Attributes
| Name | Description |
name | strOutput only. The resource name for thisCryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*. |
primary | google.cloud.kms_v1.types.CryptoKeyVersionOutput only. A copy of the "primary"CryptoKeyVersion that will be used byEncrypt when thisCryptoKey is given inEncryptRequest.name. TheCryptoKey's primary version can be updated viaUpdateCryptoKeyPrimaryVersion. Keys withpurposeENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted. |
purpose | google.cloud.kms_v1.types.CryptoKey.CryptoKeyPurposeImmutable. The immutable purpose of thisCryptoKey. |
create_time | google.protobuf.timestamp_pb2.TimestampOutput only. The time at which thisCryptoKey was created. |
next_rotation_time | google.protobuf.timestamp_pb2.TimestampAtnext_rotation_time, the Key Management Service will automatically: 1. Create a new version of thisCryptoKey. 2. Mark the new version as primary. Key rotations performed manually viaCreateCryptoKeyVersion andUpdateCryptoKeyPrimaryVersion do not affectnext_rotation_time. Keys withpurposeENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted. |
rotation_period | google.protobuf.duration_pb2.Durationnext_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. Ifrotation_period is set,next_rotation_time must also be set. Keys withpurposeENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted. |
version_template | google.cloud.kms_v1.types.CryptoKeyVersionTemplateA template describing settings for newCryptoKeyVersion instances. The properties of newCryptoKeyVersion instances created by eitherCreateCryptoKeyVersion or auto-rotation are controlled by this template. |
labels | Sequence[google.cloud.kms_v1.types.CryptoKey.LabelsEntry]Labels with user-defined metadata. For more information, see `Labeling Keys |
import_only | boolImmutable. Whether this key may contain imported versions only. |
destroy_scheduled_duration | google.protobuf.duration_pb2.DurationImmutable. The period of time that versions of this key spend in theDESTROY_SCHEDULED state before transitioning toDESTROYED. If not specified at creation time, the default duration is 24 hours. |
Classes
CryptoKeyPurpose
CryptoKeyPurpose(value)CryptoKeyPurposedescribes the cryptographic capabilities of aCryptoKey. A given key can only beused for the operations allowed by its purpose. For moreinformation, seeKeypurposes <https://cloud.google.com/kms/docs/algorithms#key_purposes>__.
LabelsEntry
LabelsEntry(mapping=None,*,ignore_unknown_fields=False,**kwargs)The abstract base class for a message.
| Name | Description |
kwargs | dictKeys and values corresponding to the fields of the message. |
mapping | Union[dict,A dictionary or message to be used to determine the values for this message. |
ignore_unknown_fields | Optional(bool)If True, do not raise errors for unknown fields. Only applied if |
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-11-13 UTC.