usingGoogle.Cloud.Iam.V1;usingGoogle.Cloud.Kms.V1;publicclassIamAddMemberSample{publicPolicyIamAddMember(stringprojectId="my-project",stringlocationId="us-east1",stringkeyRingId="my-key-ring",stringkeyId="my-key",stringmember="user:foo@example.com"){// Create the client.KeyManagementServiceClientclient=KeyManagementServiceClient.Create();// Build the resource name.CryptoKeyNameresourceName=newCryptoKeyName(projectId,locationId,keyRingId,keyId);// The resource name could also be a key ring.// var resourceName = new KeyRingName(projectId, locationId, keyRingId);// Get the current IAM policy.Policypolicy=client.IAMPolicyClient.GetIamPolicy(newGetIamPolicyRequest{ResourceAsResourceName=resourceName});// Add the member to the policy.policy.AddRoleMember("roles/cloudkms.cryptoKeyEncrypterDecrypter",member);// Save the updated IAM policy.Policyresult=client.IAMPolicyClient.SetIamPolicy(newSetIamPolicyRequest{ResourceAsResourceName=resourceName,Policy=policy});// Return the resulting policy.returnresult;}}

import("context""fmt""io"kms"cloud.google.com/go/kms/apiv1")// iamAddMember adds a new IAM member to the Cloud KMS keyfunciamAddMember(wio.Writer,name,memberstring)error{// NOTE: The resource name can be either a key or a key ring. If IAM// permissions are granted on the key ring, the permissions apply to all keys// in the key ring.//// name := "projects/my-project/locations/us-east1/keyRings/my-key-ring/cryptoKeys/my-key"// member := "user:foo@example.com"// Create the client.ctx:=context.Background()client,err:=kms.NewKeyManagementClient(ctx)iferr!=nil{returnfmt.Errorf("failed to create kms client: %w",err)}deferclient.Close()// Get the current IAM policy.handle:=client.ResourceIAM(name)policy,err:=handle.Policy(ctx)iferr!=nil{returnfmt.Errorf("failed to get IAM policy: %w",err)}// Grant the member permissions. This example grants permission to use the key// to encrypt data.policy.Add(member,"roles/cloudkms.cryptoKeyEncrypterDecrypter")iferr:=handle.SetPolicy(ctx,policy);err!=nil{returnfmt.Errorf("failed to save policy: %w",err)}fmt.Fprintf(w,"Updated IAM policy for %s\n",name)returnnil}

importcom.google.cloud.kms.v1.CryptoKeyName;importcom.google.cloud.kms.v1.KeyManagementServiceClient;importcom.google.iam.v1.Binding;importcom.google.iam.v1.Policy;importjava.io.IOException;publicclassIamAddMember{publicvoidiamAddMember()throwsIOException{// TODO(developer): Replace these variables before running the sample.StringprojectId="your-project-id";StringlocationId="us-east1";StringkeyRingId="my-key-ring";StringkeyId="my-key";Stringmember="user:foo@example.com";iamAddMember(projectId,locationId,keyRingId,keyId,member);}// Add the given IAM member to the key.publicvoidiamAddMember(StringprojectId,StringlocationId,StringkeyRingId,StringkeyId,Stringmember)throwsIOException{// Initialize client that will be used to send requests. This client only// needs to be created once, and can be reused for multiple requests. After// completing all of your requests, call the "close" method on the client to// safely clean up any remaining background resources.try(KeyManagementServiceClientclient=KeyManagementServiceClient.create()){// Build the key version name from the project, location, key ring, key,// and key version.CryptoKeyNameresourceName=CryptoKeyName.of(projectId,locationId,keyRingId,keyId);// The resource name could also be a key ring.// KeyRingName resourceName = KeyRingName.of(projectId, locationId, keyRingId);// Get the current policy.Policypolicy=client.getIamPolicy(resourceName);// Create a new IAM binding for the member and role.Bindingbinding=Binding.newBuilder().setRole("roles/cloudkms.cryptoKeyEncrypterDecrypter").addMembers(member).build();// Add the binding to the policy.PolicynewPolicy=policy.toBuilder().addBindings(binding).build();client.setIamPolicy(resourceName,newPolicy);System.out.printf("Updated IAM policy for %s%n",resourceName.toString());}}}

//// TODO(developer): Uncomment these variables before running the sample.//// const projectId = 'my-project';// const locationId = 'us-east1';// const keyRingId = 'my-key-ring';// const keyId = 'my-key';// const member = 'user:foo@example.com';// Imports the Cloud KMS libraryconst{KeyManagementServiceClient}=require('@google-cloud/kms');// Instantiates a clientconstclient=newKeyManagementServiceClient();// Build the resource nameconstresourceName=client.cryptoKeyPath(projectId,locationId,keyRingId,keyId);// The resource name could also be a key ring.// const resourceName = client.keyRingPath(projectId, locationId, keyRingId);asyncfunctioniamAddMember(){// Get the current IAM policy.const[policy]=awaitclient.getIamPolicy({resource:resourceName,});// Add the member to the policy.policy.bindings.push({role:'roles/cloudkms.cryptoKeyEncrypterDecrypter',members:[member],});// Save the updated policy.const[updatedPolicy]=awaitclient.setIamPolicy({resource:resourceName,policy:policy,});console.log('Updated policy');returnupdatedPolicy;}returniamAddMember();

use Google\Cloud\Iam\V1\Binding;use Google\Cloud\Iam\V1\GetIamPolicyRequest;use Google\Cloud\Iam\V1\SetIamPolicyRequest;use Google\Cloud\Kms\V1\Client\KeyManagementServiceClient;function iam_add_member(    string $projectId = 'my-project',    string $locationId = 'us-east1',    string $keyRingId = 'my-key-ring',    string $keyId = 'my-key',    string $member = 'user:foo@example.com') {    // Create the Cloud KMS client.    $client = new KeyManagementServiceClient();    // Build the resource name.    $resourceName = $client->cryptoKeyName($projectId, $locationId, $keyRingId, $keyId);    // The resource name could also be a key ring.    // $resourceName = $client->keyRingName($projectId, $locationId, $keyRingId);    // Get the current IAM policy.    $getIamPolicyRequest = (new GetIamPolicyRequest())        ->setResource($resourceName);    $policy = $client->getIamPolicy($getIamPolicyRequest);    // Add the member to the policy.    $bindings = $policy->getBindings();    $bindings[] = (new Binding())        ->setRole('roles/cloudkms.cryptoKeyEncrypterDecrypter')        ->setMembers([$member]);    $policy->setBindings($bindings);    // Save the updated IAM policy.    $setIamPolicyRequest = (new SetIamPolicyRequest())        ->setResource($resourceName)        ->setPolicy($policy);    $updatedPolicy = $client->setIamPolicy($setIamPolicyRequest);    printf('Added %s' . PHP_EOL, $member);    return $updatedPolicy;}

fromgoogle.cloudimportkmsfromgoogle.iam.v1importpolicy_pb2asiam_policydefiam_add_member(project_id:str,location_id:str,key_ring_id:str,key_id:str,member:str)->iam_policy.Policy:"""    Add an IAM member to a resource.    Args:        project_id (string): Google Cloud project ID (e.g. 'my-project').        location_id (string): Cloud KMS location (e.g. 'us-east1').        key_ring_id (string): ID of the Cloud KMS key ring (e.g. 'my-key-ring').        key_id (string): ID of the key to use (e.g. 'my-key').        member (string): Member to add (e.g. 'user:foo@example.com')    Returns:        Policy: Updated Cloud IAM policy.    """# Create the client.client=kms.KeyManagementServiceClient()# Build the resource name.resource_name=client.crypto_key_path(project_id,location_id,key_ring_id,key_id)# The resource name could also be a key ring.# resource_name = client.key_ring_path(project_id, location_id, key_ring_id);# Get the current policy.policy=client.get_iam_policy(request={"resource":resource_name})# Add the member to the policy.policy.bindings.add(role="roles/cloudkms.cryptoKeyEncrypterDecrypter",members=[member])# Save the updated IAM policy.request={"resource":resource_name,"policy":policy}updated_policy=client.set_iam_policy(request=request)print(f"Added{member} to{resource_name}")returnupdated_policy

# TODO(developer): uncomment these values before running the sample.# project_id  = "my-project"# location_id = "us-east1"# key_ring_id = "my-key-ring"# key_id      = "my-key"# member      = "user:foo@example.com"# Require the library.require"google/cloud/kms"# Create the client.client=Google::Cloud::Kms.key_management_service# Build the resource name.resource_name=client.crypto_key_pathproject:project_id,location:location_id,key_ring:key_ring_id,crypto_key:key_id# The resource name could also be a key ring.# resource_name = client.key_ring_path project: project_id, location: location_id, key_ring: key_ring_id# Create the IAM client.iam_client=Google::Cloud::Kms::V1::IAMPolicy::Client.new# Get the current IAM policy.policy=iam_client.get_iam_policyresource:resource_name# Add the member to the policy.policy.bindings <<Google::Iam::V1::Binding.new(members:[member],role:"roles/cloudkms.cryptoKeyEncrypterDecrypter")# Save the updated policy.updated_policy=iam_client.set_iam_policyresource:resource_name,policy:policyputs"Added#{member}"

namespacegcs=::google::cloud::storage;using::google::cloud::StatusOr;[](gcs::Clientclient,std::stringconst&bucket_name,std::stringconst&key_name){StatusOr<gcs::BucketMetadata>updated=client.PatchBucket(bucket_name,gcs::BucketMetadataPatchBuilder().SetEncryption(gcs::BucketEncryption{key_name}));if(!updated)throwstd::move(updated).status();if(!updated->has_encryption()){std::cerr <<"The change to set the encryption attribute on bucket "              <<updated->name()              <<" was successful, but the encryption is not set."              <<"This is unexpected, maybe a concurrent change?\n";return;}std::cout <<"Successfully set default KMS key on bucket "            <<updated->name() <<" to "            <<updated->encryption().default_kms_key_name <<"."            <<"\nFull metadata: " <<*updated <<"\n";}

namespacegcs=::google::cloud::storage;using::google::cloud::StatusOr;[](gcs::Clientclient,std::stringconst&bucket_name){StatusOr<gcs::BucketMetadata>updated=client.PatchBucket(bucket_name,gcs::BucketMetadataPatchBuilder().ResetEncryption());if(!updated)throwstd::move(updated).status();std::cout <<"Successfully removed default KMS key on bucket "            <<updated->name() <<"\n";}

usingGoogle.Apis.Storage.v1.Data;usingGoogle.Cloud.Storage.V1;usingSystem;publicclassEnableDefaultKMSKeySample{publicBucketEnableDefaultKMSKey(stringprojectId="your-project-id",stringbucketName="your-unique-bucket-name",stringkeyLocation="us-west1",stringkmsKeyRing="kms-key-ring",stringkmsKeyName="key-name"){// KMS Key identifier of an already created KMS key.// If you use the Google.Cloud.Kms.V1 library, you can construct these names using helper class CryptoKeyName.// var fullKeyName = new CryptoKeyName(projectId, keyLocation, kmsKeyRing, kmsKeyName).ToString();stringkeyPrefix=$"projects/{projectId}/locations/{keyLocation}";stringfullKeyringName=$"{keyPrefix}/keyRings/{kmsKeyRing}";stringfullKeyName=$"{fullKeyringName}/cryptoKeys/{kmsKeyName}";varstorage=StorageClient.Create();varbucket=storage.GetBucket(bucketName,newGetBucketOptions{Projection=Projection.Full});bucket.Encryption=newBucket.EncryptionData{DefaultKmsKeyName=fullKeyName};varupdatedBucket=storage.UpdateBucket(bucket);Console.WriteLine($"Default KMS key for {bucketName} was set to {kmsKeyName}.");returnupdatedBucket;}}

usingGoogle.Apis.Storage.v1.Data;usingGoogle.Cloud.Storage.V1;usingSystem;publicclassBucketDeleteDefaultKmsKeySample{publicBucketBucketDeleteDefaultKmsKey(stringbucketName="your-bucket-name"){varstorage=StorageClient.Create();varbucket=storage.GetBucket(bucketName);if(bucket.Encryption==null){Console.WriteLine("No default kms key to remove");}else{bucket.Encryption.DefaultKmsKeyName=null;bucket=storage.UpdateBucket(bucket);Console.WriteLine($"Default KMS key was removed from {bucketName}. ");}returnbucket;}}

import("context""fmt""io""time""cloud.google.com/go/storage")// setBucketDefaultKMSKey sets the Cloud KMS encryption key for the bucket.funcsetBucketDefaultKMSKey(wio.Writer,bucketName,keyNamestring)error{// bucketName := "bucket-name"// keyName := "key"ctx:=context.Background()client,err:=storage.NewClient(ctx)iferr!=nil{returnfmt.Errorf("storage.NewClient: %w",err)}deferclient.Close()ctx,cancel:=context.WithTimeout(ctx,time.Second*10)defercancel()bucket:=client.Bucket(bucketName)bucketAttrsToUpdate:=storage.BucketAttrsToUpdate{Encryption:&storage.BucketEncryption{DefaultKMSKeyName:keyName},}if_,err:=bucket.Update(ctx,bucketAttrsToUpdate);err!=nil{returnfmt.Errorf("Bucket(%q).Update: %w",bucketName,err)}fmt.Fprintf(w,"Default KMS Key Name: %v",bucketAttrsToUpdate.Encryption.DefaultKMSKeyName)returnnil}

import("context""fmt""io""time""cloud.google.com/go/storage")// removeBucketDefaultKMSKey removes any default Cloud KMS key set on a bucket.funcremoveBucketDefaultKMSKey(wio.Writer,bucketNamestring)error{// bucketName := "bucket-name"ctx:=context.Background()client,err:=storage.NewClient(ctx)iferr!=nil{returnfmt.Errorf("storage.NewClient: %w",err)}deferclient.Close()ctx,cancel:=context.WithTimeout(ctx,time.Second*10)defercancel()bucket:=client.Bucket(bucketName)bucketAttrsToUpdate:=storage.BucketAttrsToUpdate{Encryption:&storage.BucketEncryption{},}if_,err:=bucket.Update(ctx,bucketAttrsToUpdate);err!=nil{returnfmt.Errorf("Bucket(%q).Update: %w",bucketName,err)}fmt.Fprintf(w,"Default KMS key was removed from: %v",bucketName)returnnil}

importcom.google.cloud.storage.Bucket;importcom.google.cloud.storage.Storage;importcom.google.cloud.storage.Storage.BucketTargetOption;importcom.google.cloud.storage.StorageException;importcom.google.cloud.storage.StorageOptions;publicclassSetBucketDefaultKmsKey{publicstaticvoidsetBucketDefaultKmsKey(StringprojectId,StringbucketName,StringkmsKeyName)throwsStorageException{// The ID of your GCP project// String projectId = "your-project-id";// The ID of your GCS bucket// String bucketName = "your-unique-bucket-name";// The name of the KMS key to use as a default// String kmsKeyName =// "projects/your-project-id/locations/us/keyRings/my_key_ring/cryptoKeys/my_key"Storagestorage=StorageOptions.newBuilder().setProjectId(projectId).build().getService();// first look up the bucket, so we will have its metagenerationBucketbucket=storage.get(bucketName);Bucketupdated=storage.update(bucket.toBuilder().setDefaultKmsKeyName(kmsKeyName).build(),BucketTargetOption.metagenerationMatch());System.out.println("KMS Key "+updated.getDefaultKmsKeyName()+"was set to default for bucket "+bucketName);}}

importcom.google.cloud.storage.Bucket;importcom.google.cloud.storage.Storage;importcom.google.cloud.storage.Storage.BucketTargetOption;importcom.google.cloud.storage.StorageOptions;publicclassRemoveBucketDefaultKmsKey{publicstaticvoidremoveBucketDefaultKmsKey(StringprojectId,StringbucketName){// The ID of your GCP project// String projectId = "your-project-id";// The ID of your GCS bucket// String bucketName = "your-unique-bucket-name";Storagestorage=StorageOptions.newBuilder().setProjectId(projectId).build().getService();// first look up the bucket, so we will have its metagenerationBucketbucket=storage.get(bucketName);storage.update(bucket.toBuilder().setDefaultKmsKeyName(null).build(),BucketTargetOption.metagenerationMatch());System.out.println("Default KMS key was removed from "+bucketName);}}

/** * TODO(developer): Uncomment the following lines before running the sample. */// The ID of your GCS bucket// const bucketName = 'your-unique-bucket-name';// The name of the KMS-key to use as a default// const defaultKmsKeyName = 'my-key';// Imports the Google Cloud client libraryconst{Storage}=require('@google-cloud/storage');// Creates a clientconststorage=newStorage();asyncfunctionenableDefaultKMSKey(){awaitstorage.bucket(bucketName).setMetadata({encryption:{defaultKmsKeyName,},});console.log(`Default KMS key for${bucketName} was set to${defaultKmsKeyName}.`);}enableDefaultKMSKey().catch(console.error);

/** * TODO(developer): Uncomment the following lines before running the sample. */// The ID of your GCS bucket// const bucketName = 'your-unique-bucket-name';// Imports the Google Cloud client libraryconst{Storage}=require('@google-cloud/storage');// Creates a clientconststorage=newStorage();asyncfunctionremoveDefaultKMSKey(){awaitstorage.bucket(bucketName).setMetadata({encryption:{defaultKmsKeyName:null,},});console.log(`Default KMS key was removed from${bucketName}`);}removeDefaultKMSKey().catch(console.error);

use Google\Cloud\Storage\StorageClient;/** * Enable a bucket's requesterpays metadata. * * @param string $bucketName The name of your Cloud Storage bucket. *        (e.g. 'my-bucket') * @param string $kmsKeyName The KMS key to use as the default KMS key. *     Key names are provided in the following format: *     `projects/<PROJECT>/locations/<LOCATION>/keyRings/<RING_NAME>/cryptoKeys/<KEY_NAME>`. */function enable_default_kms_key(string $bucketName, string $kmsKeyName): void{    $storage = new StorageClient();    $bucket = $storage->bucket($bucketName);    $bucket->update([        'encryption' => [            'defaultKmsKeyName' => $kmsKeyName        ]    ]);    printf('Default KMS key for %s was set to %s' . PHP_EOL,        $bucketName,        $bucket->info()['encryption']['defaultKmsKeyName']);}

use Google\Cloud\Storage\StorageClient;/** * Delete the default KMS key on the given bucket. * * @param string $bucketName The name of your Cloud Storage bucket. *        (e.g. 'my-bucket') */function bucket_delete_default_kms_key(string $bucketName): void{    $storage = new StorageClient();    $bucket = $storage->bucket($bucketName);    $objects = $bucket->objects([        'encryption' => [            'defaultKmsKeyName' => null,        ]    ]);    printf('Default KMS key was removed from %s', $bucketName);}

fromgoogle.cloudimportstoragedefenable_default_kms_key(bucket_name,kms_key_name):"""Sets a bucket's default KMS key."""# bucket_name = "your-bucket-name"# kms_key_name = "projects/PROJ/locations/LOC/keyRings/RING/cryptoKey/KEY"storage_client=storage.Client()bucket=storage_client.get_bucket(bucket_name)bucket.default_kms_key_name=kms_key_namebucket.patch()print("Set default KMS key for bucket{} to{}.".format(bucket.name,bucket.default_kms_key_name))

fromgoogle.cloudimportstoragedefbucket_delete_default_kms_key(bucket_name):"""Delete a default KMS key of bucket"""# bucket_name = "your-bucket-name"storage_client=storage.Client()bucket=storage_client.get_bucket(bucket_name)bucket.default_kms_key_name=Nonebucket.patch()print(f"Default KMS key was removed from{bucket.name}")returnbucket

defset_bucket_default_kms_keybucket_name:,default_kms_key:# The ID of your GCS bucket# bucket_name = "your-unique-bucket-name"# The name of the KMS key to manage this object with# default_kms_key = "projects/your-project-id/locations/global/keyRings/your-key-ring/cryptoKeys/your-key"require"google/cloud/storage"storage=Google::Cloud::Storage.newbucket=storage.bucketbucket_namebucket.default_kms_key=default_kms_keyputs"Default KMS key for#{bucket.name} was set to#{bucket.default_kms_key}"end

defbucket_delete_default_kms_keybucket_name:# The ID of your GCS bucket# bucket_name = "your-unique-bucket-name"require"google/cloud/storage"storage=Google::Cloud::Storage.newbucket=storage.bucketbucket_namebucket.default_kms_key=nilputs"Default KMS key was removed from#{bucket_name}"end

namespacegcs=::google::cloud::storage;using::google::cloud::StatusOr;[](gcs::Clientclient,std::stringconst&bucket_name){StatusOr<gcs::BucketMetadata>metadata=client.GetBucketMetadata(bucket_name);if(!metadata)throwstd::move(metadata).status();if(!metadata->has_encryption()){std::cout <<"The bucket " <<metadata->name()              <<" does not have a default KMS key set.\n";return;}std::cout <<"The default KMS key for bucket " <<metadata->name()            <<" is: " <<metadata->encryption().default_kms_key_name <<"\n";}

usingGoogle.Apis.Storage.v1.Data;usingGoogle.Cloud.Storage.V1;usingSystem;publicclassGetBucketMetadataSample{publicBucketGetBucketMetadata(stringbucketName="your-unique-bucket-name"){varstorage=StorageClient.Create();varbucket=storage.GetBucket(bucketName,newGetBucketOptions{Projection=Projection.Full});Console.WriteLine($"Bucket:\t{bucket.Name}");Console.WriteLine($"Acl:\t{bucket.Acl}");Console.WriteLine($"Billing:\t{bucket.Billing}");Console.WriteLine($"Cors:\t{bucket.Cors}");Console.WriteLine($"DefaultEventBasedHold:\t{bucket.DefaultEventBasedHold}");Console.WriteLine($"DefaultObjectAcl:\t{bucket.DefaultObjectAcl}");Console.WriteLine($"Encryption:\t{bucket.Encryption}");if(bucket.Encryption!=null){Console.WriteLine($"KmsKeyName:\t{bucket.Encryption.DefaultKmsKeyName}");}Console.WriteLine($"Id:\t{bucket.Id}");Console.WriteLine($"Kind:\t{bucket.Kind}");Console.WriteLine($"Lifecycle:\t{bucket.Lifecycle}");Console.WriteLine($"Location:\t{bucket.Location}");Console.WriteLine($"LocationType:\t{bucket.LocationType}");Console.WriteLine($"Logging:\t{bucket.Logging}");Console.WriteLine($"Metageneration:\t{bucket.Metageneration}");Console.WriteLine($"ObjectRetention:\t{bucket.ObjectRetention}");Console.WriteLine($"Owner:\t{bucket.Owner}");Console.WriteLine($"ProjectNumber:\t{bucket.ProjectNumber}");Console.WriteLine($"RetentionPolicy:\t{bucket.RetentionPolicy}");Console.WriteLine($"SelfLink:\t{bucket.SelfLink}");Console.WriteLine($"StorageClass:\t{bucket.StorageClass}");Console.WriteLine($"TimeCreated:\t{bucket.TimeCreated}");Console.WriteLine($"Updated:\t{bucket.Updated}");Console.WriteLine($"Versioning:\t{bucket.Versioning}");Console.WriteLine($"Website:\t{bucket.Website}");Console.WriteLine($"TurboReplication:\t{bucket.Rpo}");if(bucket.Labels!=null){Console.WriteLine("Labels:");foreach(varlabelinbucket.Labels){Console.WriteLine($"{label.Key}:\t{label.Value}");}}returnbucket;}}

import("context""fmt""io""time""cloud.google.com/go/storage")// getBucketMetadata gets the bucket metadata.funcgetBucketMetadata(wio.Writer,bucketNamestring)(*storage.BucketAttrs,error){// bucketName := "bucket-name"ctx:=context.Background()client,err:=storage.NewClient(ctx)iferr!=nil{returnnil,fmt.Errorf("storage.NewClient: %w",err)}deferclient.Close()ctx,cancel:=context.WithTimeout(ctx,time.Second*10)defercancel()attrs,err:=client.Bucket(bucketName).Attrs(ctx)iferr!=nil{returnnil,fmt.Errorf("Bucket(%q).Attrs: %w",bucketName,err)}fmt.Fprintf(w,"BucketName: %v\n",attrs.Name)fmt.Fprintf(w,"Location: %v\n",attrs.Location)fmt.Fprintf(w,"LocationType: %v\n",attrs.LocationType)fmt.Fprintf(w,"StorageClass: %v\n",attrs.StorageClass)fmt.Fprintf(w,"Turbo replication (RPO): %v\n",attrs.RPO)fmt.Fprintf(w,"TimeCreated: %v\n",attrs.Created)fmt.Fprintf(w,"Metageneration: %v\n",attrs.MetaGeneration)fmt.Fprintf(w,"PredefinedACL: %v\n",attrs.PredefinedACL)ifattrs.Encryption!=nil{fmt.Fprintf(w,"DefaultKmsKeyName: %v\n",attrs.Encryption.DefaultKMSKeyName)}ifattrs.Website!=nil{fmt.Fprintf(w,"IndexPage: %v\n",attrs.Website.MainPageSuffix)fmt.Fprintf(w,"NotFoundPage: %v\n",attrs.Website.NotFoundPage)}fmt.Fprintf(w,"DefaultEventBasedHold: %v\n",attrs.DefaultEventBasedHold)ifattrs.RetentionPolicy!=nil{fmt.Fprintf(w,"RetentionEffectiveTime: %v\n",attrs.RetentionPolicy.EffectiveTime)fmt.Fprintf(w,"RetentionPeriod: %v\n",attrs.RetentionPolicy.RetentionPeriod)fmt.Fprintf(w,"RetentionPolicyIsLocked: %v\n",attrs.RetentionPolicy.IsLocked)}fmt.Fprintf(w,"ObjectRetentionMode: %v\n",attrs.ObjectRetentionMode)fmt.Fprintf(w,"RequesterPays: %v\n",attrs.RequesterPays)fmt.Fprintf(w,"VersioningEnabled: %v\n",attrs.VersioningEnabled)ifattrs.Logging!=nil{fmt.Fprintf(w,"LogBucket: %v\n",attrs.Logging.LogBucket)fmt.Fprintf(w,"LogObjectPrefix: %v\n",attrs.Logging.LogObjectPrefix)}ifattrs.CORS!=nil{fmt.Fprintln(w,"CORS:")for_,v:=rangeattrs.CORS{fmt.Fprintf(w,"\tMaxAge: %v\n",v.MaxAge)fmt.Fprintf(w,"\tMethods: %v\n",v.Methods)fmt.Fprintf(w,"\tOrigins: %v\n",v.Origins)fmt.Fprintf(w,"\tResponseHeaders: %v\n",v.ResponseHeaders)}}ifattrs.Labels!=nil{fmt.Fprintf(w,"\n\n\nLabels:")forkey,value:=rangeattrs.Labels{fmt.Fprintf(w,"\t%v = %v\n",key,value)}}returnattrs,nil}

importcom.google.cloud.storage.Bucket;importcom.google.cloud.storage.BucketInfo;importcom.google.cloud.storage.Storage;importcom.google.cloud.storage.StorageOptions;importjava.util.Map;publicclassGetBucketMetadata{publicstaticvoidgetBucketMetadata(StringprojectId,StringbucketName){// The ID of your GCP project// String projectId = "your-project-id";// The ID of your GCS bucket// String bucketName = "your-unique-bucket-name";Storagestorage=StorageOptions.newBuilder().setProjectId(projectId).build().getService();// Select all fields. Fields can be selected individually e.g. Storage.BucketField.NAMEBucketbucket=storage.get(bucketName,Storage.BucketGetOption.fields(Storage.BucketField.values()));// Print bucket metadataSystem.out.println("BucketName: "+bucket.getName());System.out.println("DefaultEventBasedHold: "+bucket.getDefaultEventBasedHold());System.out.println("DefaultKmsKeyName: "+bucket.getDefaultKmsKeyName());System.out.println("Id: "+bucket.getGeneratedId());System.out.println("IndexPage: "+bucket.getIndexPage());System.out.println("Location: "+bucket.getLocation());System.out.println("LocationType: "+bucket.getLocationType());System.out.println("Metageneration: "+bucket.getMetageneration());System.out.println("NotFoundPage: "+bucket.getNotFoundPage());System.out.println("RetentionEffectiveTime: "+bucket.getRetentionEffectiveTime());System.out.println("RetentionPeriod: "+bucket.getRetentionPeriod());System.out.println("RetentionPolicyIsLocked: "+bucket.retentionPolicyIsLocked());System.out.println("RequesterPays: "+bucket.requesterPays());System.out.println("SelfLink: "+bucket.getSelfLink());System.out.println("StorageClass: "+bucket.getStorageClass().name());System.out.println("TimeCreated: "+bucket.getCreateTime());System.out.println("VersioningEnabled: "+bucket.versioningEnabled());System.out.println("ObjectRetention: "+bucket.getObjectRetention());if(bucket.getLabels()!=null){System.out.println("\n\n\nLabels:");for(Map.Entry<String,String>label:bucket.getLabels().entrySet()){System.out.println(label.getKey()+"="+label.getValue());}}if(bucket.getLifecycleRules()!=null){System.out.println("\n\n\nLifecycle Rules:");for(BucketInfo.LifecycleRulerule:bucket.getLifecycleRules()){System.out.println(rule);}}}}

// Imports the Google Cloud client libraryconst{Storage}=require('@google-cloud/storage');// Creates a clientconststorage=newStorage();asyncfunctiongetBucketMetadata(){/**   * TODO(developer): Uncomment the following lines before running the sample.   */// The ID of your GCS bucket// const bucketName = 'your-unique-bucket-name';// Get Bucket Metadataconst[metadata]=awaitstorage.bucket(bucketName).getMetadata();console.log(JSON.stringify(metadata,null,2));}

use Google\Cloud\Storage\StorageClient;/** * Get bucket metadata. * * @param string $bucketName The name of your Cloud Storage bucket. *        (e.g. 'my-bucket') */function get_bucket_metadata(string $bucketName): void{    $storage = new StorageClient();    $bucket = $storage->bucket($bucketName);    $info = $bucket->info();    printf('Bucket Metadata: %s' . PHP_EOL, print_r($info, true));}

fromgoogle.cloudimportstoragedefbucket_metadata(bucket_name):"""Prints out a bucket's metadata."""# bucket_name = 'your-bucket-name'storage_client=storage.Client()bucket=storage_client.get_bucket(bucket_name)print(f"ID:{bucket.id}")print(f"Name:{bucket.name}")print(f"Storage Class:{bucket.storage_class}")print(f"Location:{bucket.location}")print(f"Location Type:{bucket.location_type}")print(f"Cors:{bucket.cors}")print(f"Default Event Based Hold:{bucket.default_event_based_hold}")print(f"Default KMS Key Name:{bucket.default_kms_key_name}")print(f"Metageneration:{bucket.metageneration}")print(f"Public Access Prevention:{bucket.iam_configuration.public_access_prevention}")print(f"Retention Effective Time:{bucket.retention_policy_effective_time}")print(f"Retention Period:{bucket.retention_period}")print(f"Retention Policy Locked:{bucket.retention_policy_locked}")print(f"Object Retention Mode:{bucket.object_retention_mode}")print(f"Requester Pays:{bucket.requester_pays}")print(f"Self Link:{bucket.self_link}")print(f"Time Created:{bucket.time_created}")print(f"Versioning Enabled:{bucket.versioning_enabled}")print(f"Labels:{bucket.labels}")

defget_bucket_metadatabucket_name:# The ID of your GCS bucket# bucket_name = "your-unique-bucket-name"require"google/cloud/storage"storage=Google::Cloud::Storage.newbucket=storage.bucketbucket_nameputs"ID:#{bucket.id}"puts"Name:#{bucket.name}"puts"Storage Class:#{bucket.storage_class}"puts"Location:#{bucket.location}"puts"Location Type:#{bucket.location_type}"puts"Cors:#{bucket.cors}"puts"Default Event Based Hold:#{bucket.default_event_based_hold?}"puts"Default KMS Key Name:#{bucket.default_kms_key}"puts"Logging Bucket:#{bucket.logging_bucket}"puts"Logging Prefix:#{bucket.logging_prefix}"puts"Metageneration:#{bucket.metageneration}"puts"Retention Effective Time:#{bucket.retention_effective_at}"puts"Retention Period:#{bucket.retention_period}"puts"Retention Policy Locked:#{bucket.retention_policy_locked?}"puts"Requester Pays:#{bucket.requester_pays}"puts"Self Link:#{bucket.api_url}"puts"Time Created:#{bucket.created_at}"puts"Versioning Enabled:#{bucket.versioning?}"puts"Index Page:#{bucket.website_main}"puts"Not Found Page:#{bucket.website_404}"puts"Labels:"bucket.labels.eachdo|key,value|puts" -#{key} =#{value}"endputs"Lifecycle Rules:"bucket.lifecycle.eachdo|rule|puts"#{rule.action} -#{rule.storage_class} -#{rule.age} -#{rule.matches_storage_class}"endend

namespacegcs=::google::cloud::storage;using::google::cloud::StatusOr;[](gcs::Clientclient,std::stringconst&bucket_name,std::stringconst&object_name,std::stringconst&kms_key_name){gcs::ObjectWriteStreamstream=client.WriteObject(bucket_name,object_name,gcs::KmsKeyName(kms_key_name));// Line numbers start at 1.for(intlineno=1;lineno<=10;++lineno){stream <<lineno <<": placeholder text for CMEK example.\n";}stream.Close();StatusOr<gcs::ObjectMetadata>metadata=std::move(stream).metadata();if(!metadata)throwstd::move(metadata).status();std::cout <<"Successfully wrote to object " <<metadata->name()            <<" its size is: " <<metadata->size()            <<"\nFull metadata: " <<*metadata <<"\n";}

usingGoogle.Cloud.Storage.V1;usingSystem;usingSystem.IO;publicclassUploadFileWithKmsKeySample{publicvoidUploadFileWithKmsKey(stringprojectId="your-project-id",stringbucketName="your-unique-bucket-name",stringkeyLocation="us-west1",stringkmsKeyRing="kms-key-ring",stringkmsKeyName="key-name",stringlocalPath="my-local-path/my-file-name",stringobjectName="my-file-name"){// KMS Key identifier of an already created KMS key.// If you use the Google.Cloud.Kms.V1 library, you can construct these names using helper class CryptoKeyName.// var fullKeyName = new CryptoKeyName(projectId, keyLocation, kmsKeyRing, kmsKeyName).ToString();stringkeyPrefix=$"projects/{projectId}/locations/{keyLocation}";stringfullKeyringName=$"{keyPrefix}/keyRings/{kmsKeyRing}";stringfullKeyName=$"{fullKeyringName}/cryptoKeys/{kmsKeyName}";varstorage=StorageClient.Create();usingvarfileStream=File.OpenRead(localPath);storage.UploadObject(bucketName,objectName,null,fileStream,newUploadObjectOptions{KmsKeyName=fullKeyName});Console.WriteLine($"Uploaded {objectName}.");}}

import("context""fmt""io""time""cloud.google.com/go/storage")// uploadWithKMSKey writes an object using Cloud KMS encryption.funcuploadWithKMSKey(wio.Writer,bucket,object,keyNamestring)error{// bucket := "bucket-name"// object := "object-name"// keyName := "projects/projectId/locations/global/keyRings/keyRingID/cryptoKeys/cryptoKeyID"ctx:=context.Background()client,err:=storage.NewClient(ctx)iferr!=nil{returnfmt.Errorf("storage.NewClient: %w",err)}deferclient.Close()ctx,cancel:=context.WithTimeout(ctx,time.Second*50)defercancel()o:=client.Bucket(bucket).Object(object)// Optional: set a generation-match precondition to avoid potential race// conditions and data corruptions. The request to upload is aborted if the// object's generation number does not match your precondition.// For an object that does not yet exist, set the DoesNotExist precondition.o=o.If(storage.Conditions{DoesNotExist:true})// If the live object already exists in your bucket, set instead a// generation-match precondition using the live object's generation number.// attrs, err := o.Attrs(ctx)// if err != nil {// return fmt.Errorf("object.Attrs: %w", err)// }// o = o.If(storage.Conditions{GenerationMatch: attrs.Generation})// Encrypt the object's contents.wc:=o.NewWriter(ctx)wc.KMSKeyName=keyNameif_,err:=wc.Write([]byte("top secret"));err!=nil{returnfmt.Errorf("Writer.Write: %w",err)}iferr:=wc.Close();err!=nil{returnfmt.Errorf("Writer.Close: %w",err)}fmt.Fprintf(w,"Uploaded blob %v with KMS key.\n",object)returnnil}

import staticjava.nio.charset.StandardCharsets.UTF_8;importcom.google.cloud.storage.BlobId;importcom.google.cloud.storage.BlobInfo;importcom.google.cloud.storage.Storage;importcom.google.cloud.storage.StorageOptions;publicclassUploadKmsEncryptedObject{publicstaticvoiduploadKmsEncryptedObject(StringprojectId,StringbucketName,StringobjectName,StringkmsKeyName){// The ID of your GCP project// String projectId = "your-project-id";// The ID of your GCS bucket// String bucketName = "your-unique-bucket-name";// The ID of your GCS object// String objectName = "your-object-name";// The name of the KMS key to encrypt with// String kmsKeyName = "projects/my-project/locations/us/keyRings/my_key_ring/cryptoKeys/my_key"Storagestorage=StorageOptions.newBuilder().setProjectId(projectId).build().getService();byte[]data="Hello, World!".getBytes(UTF_8);BlobIdblobId=BlobId.of(bucketName,objectName);BlobInfoblobInfo=BlobInfo.newBuilder(blobId).setContentType("text/plain").build();// Optional: set a generation-match precondition to avoid potential race// conditions and data corruptions. The request returns a 412 error if the// preconditions are not met.Storage.BlobTargetOptionprecondition;if(storage.get(bucketName,objectName)==null){// For a target object that does not yet exist, set the DoesNotExist precondition.// This will cause the request to fail if the object is created before the request runs.precondition=Storage.BlobTargetOption.doesNotExist();}else{// If the destination already exists in your bucket, instead set a generation-match// precondition. This will cause the request to fail if the existing object's generation// changes before the request runs.precondition=Storage.BlobTargetOption.generationMatch(storage.get(bucketName,objectName).getGeneration());}storage.create(blobInfo,data,Storage.BlobTargetOption.kmsKeyName(kmsKeyName),precondition);System.out.println("Uploaded object "+objectName+" in bucket "+bucketName+" encrypted with "+kmsKeyName);}}

/** * TODO(developer): Uncomment the following lines before running the sample. */// The ID of your GCS bucket// const bucketName = 'your-unique-bucket-name';// The path to your file to upload// const filePath = 'path/to/your/file';// The name of the KMS-key// const kmsKeyName = 'my-key';// Imports the Google Cloud client libraryconst{Storage}=require('@google-cloud/storage');// Creates a clientconststorage=newStorage();asyncfunctionuploadFileWithKmsKey(){constoptions={kmsKeyName,// Optional:// Set a generation-match precondition to avoid potential race conditions// and data corruptions. The request to upload is aborted if the object's// generation number does not match your precondition. For a destination// object that does not yet exist, set the ifGenerationMatch precondition to 0// If the destination object already exists in your bucket, set instead a// generation-match precondition using its generation number.preconditionOpts:{ifGenerationMatch:generationMatchPrecondition},};awaitstorage.bucket(bucketName).upload(filePath,options);console.log(`${filePath} uploaded to${bucketName} using${kmsKeyName}.`);}uploadFileWithKmsKey().catch(console.error);

use Google\Cloud\Storage\StorageClient;/** * Upload a file using KMS encryption. * * @param string $bucketName The name of your Cloud Storage bucket. *        (e.g. 'my-bucket') * @param string $objectName The name of your Cloud Storage object. *        (e.g. 'my-object') * @param string $source The path to the file to upload. *        (e.g. '/path/to/your/file') * @param string $kmsKeyName The KMS key used to encrypt objects server side. *     Key names are provided in the following format: *     `projects/<PROJECT>/locations/<LOCATION>/keyRings/<RING_NAME>/cryptoKeys/<KEY_NAME>`. */function upload_with_kms_key(string $bucketName, string $objectName, string $source, string $kmsKeyName): void{    $storage = new StorageClient();    if (!$file = fopen($source, 'r')) {        throw new \InvalidArgumentException('Unable to open file for reading');    }    $bucket = $storage->bucket($bucketName);    $object = $bucket->upload($file, [        'name' => $objectName,        'destinationKmsKeyName' => $kmsKeyName,    ]);    printf('Uploaded %s to gs://%s/%s using encryption key %s' . PHP_EOL,        basename($source),        $bucketName,        $objectName,        $kmsKeyName);}

fromgoogle.cloudimportstoragedefupload_blob_with_kms(bucket_name,source_file_name,destination_blob_name,kms_key_name,):"""Uploads a file to the bucket, encrypting it with the given KMS key."""# bucket_name = "your-bucket-name"# source_file_name = "local/path/to/file"# destination_blob_name = "storage-object-name"# kms_key_name = "projects/PROJ/locations/LOC/keyRings/RING/cryptoKey/KEY"storage_client=storage.Client()bucket=storage_client.bucket(bucket_name)blob=bucket.blob(destination_blob_name,kms_key_name=kms_key_name)# Optional: set a generation-match precondition to avoid potential race conditions# and data corruptions. The request to upload is aborted if the object's# generation number does not match your precondition. For a destination# object that does not yet exist, set the if_generation_match precondition to 0.# If the destination object already exists in your bucket, set instead a# generation-match precondition using its generation number.generation_match_precondition=0blob.upload_from_filename(source_file_name,if_generation_match=generation_match_precondition)print("File{} uploaded to{} with encryption key{}.".format(source_file_name,destination_blob_name,kms_key_name))

defupload_with_kms_keybucket_name:,local_file_path:,file_name:nil,kms_key:# The ID of your GCS bucket# bucket_name = "your-unique-bucket-name"# The path to your file to upload# local_file_path = "/local/path/to/file.txt"# The ID of your GCS object# file_name = "your-file-name"# The name of the KMS key to manage this object with# kms_key = "projects/your-project-id/locations/global/keyRings/your-key-ring/cryptoKeys/your-key"require"google/cloud/storage"storage=Google::Cloud::Storage.newbucket=storage.bucketbucket_name,skip_lookup:truefile=bucket.create_filelocal_file_path,file_name,kms_key:kms_keyputs"Uploaded#{file.name} and encrypted service side using#{file.kms_key}"end