kms

package

v1.26.0Latest Latest

This package is not in the latest version of its module.

Go to latest Published: Feb 19, 2026 License:Apache-2.0Imports:33Imported by:320

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/googleapis/google-cloud-go

Documentation ¶

Overview¶

Package kms is an auto-generated package for theCloud Key Management Service (KMS) API.

Manages keys and performs cryptographic operations in a central cloudservice, for direct use by other cloud resources and applications.

General documentation¶

For information that is relevant for all client libraries please referencehttps://pkg.go.dev/cloud.google.com/go#pkg-overview. Some information on thispage includes:

Example usage¶

To get started with this package, create a client.

// go get cloud.google.com/go/kms/apiv1@latestctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()

The client will use your default application credentials. Clients should be reused instead of created as needed.The methods of Client are safe for concurrent use by multiple goroutines.The returned client must be Closed when it is done being used.

Using the Client¶

The following is an example of making an API call with the newly created client, mentioned above.

req := &kmspb.CreateKeyHandleRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#CreateKeyHandleRequest.}op, err := c.CreateKeyHandle(ctx, req)if err != nil {// TODO: Handle error.}resp, err := op.Wait(ctx)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp

Use of Context¶

The ctx passed to NewAutokeyClient is used for authentication requests andfor creating the underlying connection, but is not used for subsequent calls.Individual methods on the client use the ctx given to them.

To close the open connection, use the Close() method.

Index¶

Examples¶

Constants¶

This section is empty.

Variables¶

This section is empty.

Functions¶

funcDefaultAuthScopes ¶

func DefaultAuthScopes() []string

DefaultAuthScopes reports the default set of authentication scopes to use with this package.

Types¶

typeAutokeyAdminCallOptions ¶added inv1.17.0

type AutokeyAdminCallOptions struct {UpdateAutokeyConfig        []gax.CallOptionGetAutokeyConfig           []gax.CallOptionShowEffectiveAutokeyConfig []gax.CallOptionGetLocation                []gax.CallOptionListLocations              []gax.CallOptionGetIamPolicy               []gax.CallOptionSetIamPolicy               []gax.CallOptionTestIamPermissions         []gax.CallOptionGetOperation               []gax.CallOption}

AutokeyAdminCallOptions contains the retry settings for each method of AutokeyAdminClient.

typeAutokeyAdminClient ¶added inv1.17.0

type AutokeyAdminClient struct {// The call options for this service.CallOptions *AutokeyAdminCallOptions// contains filtered or unexported fields}

AutokeyAdminClient is a client for interacting with Cloud Key Management Service (KMS) API.Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.

Provides interfaces for managing Cloud KMSAutokey (athttps://cloud.google.com/kms/help/autokey) folder-level orproject-level configurations. A configuration is inherited by all descendentfolders and projects. A configuration at a folder or project overrides anyother configurations in its ancestry. Setting a configuration on a folder isa prerequisite for Cloud KMS Autokey, so that users working in a descendantproject can request provisioned CryptoKeys,ready for Customer Managed Encryption Key (CMEK) use, on-demand when usingthe dedicated key project mode. This is not required when using the delegatedkey management mode for same-project keys.

funcNewAutokeyAdminClient ¶added inv1.17.0

func NewAutokeyAdminClient(ctxcontext.Context, opts ...option.ClientOption) (*AutokeyAdminClient,error)

NewAutokeyAdminClient creates a new autokey admin client based on gRPC.The returned client must be Closed when it is done being used to clean up its underlying connections.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyAdminClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()// TODO: Use client._ = c}

funcNewAutokeyAdminRESTClient ¶added inv1.17.0

func NewAutokeyAdminRESTClient(ctxcontext.Context, opts ...option.ClientOption) (*AutokeyAdminClient,error)

NewAutokeyAdminRESTClient creates a new autokey admin rest client.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyAdminRESTClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()// TODO: Use client._ = c}

func (*AutokeyAdminClient)Close ¶added inv1.17.0

func (c *AutokeyAdminClient) Close()error

Close closes the connection to the API service. The user should invoke this whenthe client is no longer required.

func (*AutokeyAdminClient)Connectiondeprecatedadded inv1.17.0

func (c *AutokeyAdminClient) Connection() *grpc.ClientConn

Connection returns a connection to the API service.

Deprecated: Connections are now pooled so this method does not alwaysreturn the same resource.

func (*AutokeyAdminClient)GetAutokeyConfig ¶added inv1.17.0

func (c *AutokeyAdminClient) GetAutokeyConfig(ctxcontext.Context, req *kmspb.GetAutokeyConfigRequest, opts ...gax.CallOption) (*kmspb.AutokeyConfig,error)

GetAutokeyConfig returns the AutokeyConfig for a folderor project.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyAdminClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.GetAutokeyConfigRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#GetAutokeyConfigRequest.}resp, err := c.GetAutokeyConfig(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*AutokeyAdminClient)GetIamPolicy ¶added inv1.17.0

func (c *AutokeyAdminClient) GetIamPolicy(ctxcontext.Context, req *iampb.GetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy,error)

GetIamPolicy gets the access control policy for a resource. Returns an empty policyif the resource exists and does not have a policy set.

Example¶

package mainimport ("context"iampb "cloud.google.com/go/iam/apiv1/iampb"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyAdminClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &iampb.GetIamPolicyRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/iam/apiv1/iampb#GetIamPolicyRequest.}resp, err := c.GetIamPolicy(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*AutokeyAdminClient)GetLocation ¶added inv1.17.0

func (c *AutokeyAdminClient) GetLocation(ctxcontext.Context, req *locationpb.GetLocationRequest, opts ...gax.CallOption) (*locationpb.Location,error)

GetLocation gets information about a location.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"locationpb "google.golang.org/genproto/googleapis/cloud/location")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyAdminClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &locationpb.GetLocationRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/google.golang.org/genproto/googleapis/cloud/location#GetLocationRequest.}resp, err := c.GetLocation(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*AutokeyAdminClient)GetOperation ¶added inv1.17.0

func (c *AutokeyAdminClient) GetOperation(ctxcontext.Context, req *longrunningpb.GetOperationRequest, opts ...gax.CallOption) (*longrunningpb.Operation,error)

GetOperation is a utility method from google.longrunning.Operations.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"longrunningpb "cloud.google.com/go/longrunning/autogen/longrunningpb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyAdminClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &longrunningpb.GetOperationRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/longrunning/autogen/longrunningpb#GetOperationRequest.}resp, err := c.GetOperation(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*AutokeyAdminClient)ListLocations ¶added inv1.17.0

func (c *AutokeyAdminClient) ListLocations(ctxcontext.Context, req *locationpb.ListLocationsRequest, opts ...gax.CallOption) *LocationIterator

ListLocations lists information about the supported locations for this service.This method can be called in two ways:

List all public locations: Use the path GET /v1/locations.List project-visible locations: Use the pathGET /v1/projects/{project_id}/locations. This may include publiclocations as well as private or other locations specifically visibleto the project.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1""google.golang.org/api/iterator"locationpb "google.golang.org/genproto/googleapis/cloud/location")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyAdminClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &locationpb.ListLocationsRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/google.golang.org/genproto/googleapis/cloud/location#ListLocationsRequest.}it := c.ListLocations(ctx, req)for {resp, err := it.Next()if err == iterator.Done {break}if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp// If you need to access the underlying RPC response,// you can do so by casting the `Response` as below.// Otherwise, remove this line. Only populated after// first call to Next(). Not safe for concurrent access._ = it.Response.(*locationpb.ListLocationsResponse)}}

Example (All)¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"locationpb "google.golang.org/genproto/googleapis/cloud/location")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyAdminClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &locationpb.ListLocationsRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/google.golang.org/genproto/googleapis/cloud/location#ListLocationsRequest.}for resp, err := range c.ListLocations(ctx, req).All() {if err != nil {// TODO: Handle error and break/return/continue. Iteration will stop after any error.}// TODO: Use resp._ = resp}}

func (*AutokeyAdminClient)SetIamPolicy ¶added inv1.17.0

func (c *AutokeyAdminClient) SetIamPolicy(ctxcontext.Context, req *iampb.SetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy,error)

SetIamPolicy sets the access control policy on the specified resource. Replacesany existing policy.

Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIEDerrors.

Example¶

package mainimport ("context"iampb "cloud.google.com/go/iam/apiv1/iampb"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyAdminClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &iampb.SetIamPolicyRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/iam/apiv1/iampb#SetIamPolicyRequest.}resp, err := c.SetIamPolicy(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*AutokeyAdminClient)ShowEffectiveAutokeyConfig ¶added inv1.17.0

func (c *AutokeyAdminClient) ShowEffectiveAutokeyConfig(ctxcontext.Context, req *kmspb.ShowEffectiveAutokeyConfigRequest, opts ...gax.CallOption) (*kmspb.ShowEffectiveAutokeyConfigResponse,error)

ShowEffectiveAutokeyConfig returns the effective Cloud KMS Autokey configuration for a given project.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyAdminClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.ShowEffectiveAutokeyConfigRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#ShowEffectiveAutokeyConfigRequest.}resp, err := c.ShowEffectiveAutokeyConfig(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*AutokeyAdminClient)TestIamPermissions ¶added inv1.17.0

func (c *AutokeyAdminClient) TestIamPermissions(ctxcontext.Context, req *iampb.TestIamPermissionsRequest, opts ...gax.CallOption) (*iampb.TestIamPermissionsResponse,error)

TestIamPermissions returns permissions that a caller has on the specified resource. If theresource does not exist, this will return an empty set ofpermissions, not a NOT_FOUND error.

Note: This operation is designed to be used for buildingpermission-aware UIs and command-line tools, not for authorizationchecking. This operation may “fail open” without warning.

Example¶

package mainimport ("context"iampb "cloud.google.com/go/iam/apiv1/iampb"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyAdminClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &iampb.TestIamPermissionsRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/iam/apiv1/iampb#TestIamPermissionsRequest.}resp, err := c.TestIamPermissions(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*AutokeyAdminClient)UpdateAutokeyConfig ¶added inv1.17.0

func (c *AutokeyAdminClient) UpdateAutokeyConfig(ctxcontext.Context, req *kmspb.UpdateAutokeyConfigRequest, opts ...gax.CallOption) (*kmspb.AutokeyConfig,error)

UpdateAutokeyConfig updates the AutokeyConfig for a folderor a project. The caller must have both cloudkms.autokeyConfigs.updatepermission on the parent folder and cloudkms.cryptoKeys.setIamPolicypermission on the provided key project. AKeyHandle creation in the folder’sdescendant projects will use this configuration to determine where tocreate the resulting CryptoKey.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyAdminClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.UpdateAutokeyConfigRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#UpdateAutokeyConfigRequest.}resp, err := c.UpdateAutokeyConfig(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

typeAutokeyCallOptions ¶added inv1.17.0

type AutokeyCallOptions struct {CreateKeyHandle    []gax.CallOptionGetKeyHandle       []gax.CallOptionListKeyHandles     []gax.CallOptionGetLocation        []gax.CallOptionListLocations      []gax.CallOptionGetIamPolicy       []gax.CallOptionSetIamPolicy       []gax.CallOptionTestIamPermissions []gax.CallOptionGetOperation       []gax.CallOption}

AutokeyCallOptions contains the retry settings for each method of AutokeyClient.

typeAutokeyClient ¶added inv1.17.0

type AutokeyClient struct {// The call options for this service.CallOptions *AutokeyCallOptions// LROClient is used internally to handle long-running operations.// It is exposed so that its CallOptions can be modified if required.// Users should not Close this client.LROClient *lroauto.OperationsClient// contains filtered or unexported fields}

AutokeyClient is a client for interacting with Cloud Key Management Service (KMS) API.Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.

Provides interfaces for using Cloud KMSAutokey (athttps://cloud.google.com/kms/help/autokey) to provision newCryptoKeys, ready for Customer ManagedEncryption Key (CMEK) use, on-demand. To support certain client tooling, thisfeature is modeled around a KeyHandleresource: creating a KeyHandle in a resourceproject and given location triggers Cloud KMS Autokey to provision aCryptoKey in the configured key project andthe same location.

Prior to use in a given resource project,UpdateAutokeyConfigshould have been called on an ancestor folder, setting the key project whereCloud KMS Autokey should create newCryptoKeys. See documentation for additionalprerequisites. To check what key project, if any, is currently configured ona resource project’s ancestor folder, seeShowEffectiveAutokeyConfig.

funcNewAutokeyClient ¶added inv1.17.0

func NewAutokeyClient(ctxcontext.Context, opts ...option.ClientOption) (*AutokeyClient,error)

NewAutokeyClient creates a new autokey client based on gRPC.The returned client must be Closed when it is done being used to clean up its underlying connections.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()// TODO: Use client._ = c}

funcNewAutokeyRESTClient ¶added inv1.17.0

func NewAutokeyRESTClient(ctxcontext.Context, opts ...option.ClientOption) (*AutokeyClient,error)

NewAutokeyRESTClient creates a new autokey rest client.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyRESTClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()// TODO: Use client._ = c}

func (*AutokeyClient)Close ¶added inv1.17.0

func (c *AutokeyClient) Close()error

Close closes the connection to the API service. The user should invoke this whenthe client is no longer required.

func (*AutokeyClient)Connectiondeprecatedadded inv1.17.0

func (c *AutokeyClient) Connection() *grpc.ClientConn

Connection returns a connection to the API service.

Deprecated: Connections are now pooled so this method does not alwaysreturn the same resource.

func (*AutokeyClient)CreateKeyHandle ¶added inv1.17.0

func (c *AutokeyClient) CreateKeyHandle(ctxcontext.Context, req *kmspb.CreateKeyHandleRequest, opts ...gax.CallOption) (*CreateKeyHandleOperation,error)

CreateKeyHandle creates a new KeyHandle, triggering theprovisioning of a new CryptoKey for CMEKuse with the given resource type in the configured key project and the samelocation. GetOperation shouldbe used to resolve the resulting long-running operation and get theresulting KeyHandle andCryptoKey.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.CreateKeyHandleRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#CreateKeyHandleRequest.}op, err := c.CreateKeyHandle(ctx, req)if err != nil {// TODO: Handle error.}resp, err := op.Wait(ctx)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*AutokeyClient)CreateKeyHandleOperation ¶added inv1.17.0

func (c *AutokeyClient) CreateKeyHandleOperation(namestring) *CreateKeyHandleOperation

CreateKeyHandleOperation returns a new CreateKeyHandleOperation from a given name.The name must be that of a previously created CreateKeyHandleOperation, possibly from a different process.

func (*AutokeyClient)GetIamPolicy ¶added inv1.17.0

func (c *AutokeyClient) GetIamPolicy(ctxcontext.Context, req *iampb.GetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy,error)

GetIamPolicy gets the access control policy for a resource. Returns an empty policyif the resource exists and does not have a policy set.

Example¶

package mainimport ("context"iampb "cloud.google.com/go/iam/apiv1/iampb"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &iampb.GetIamPolicyRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/iam/apiv1/iampb#GetIamPolicyRequest.}resp, err := c.GetIamPolicy(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*AutokeyClient)GetKeyHandle ¶added inv1.17.0

func (c *AutokeyClient) GetKeyHandle(ctxcontext.Context, req *kmspb.GetKeyHandleRequest, opts ...gax.CallOption) (*kmspb.KeyHandle,error)

GetKeyHandle returns the KeyHandle.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.GetKeyHandleRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#GetKeyHandleRequest.}resp, err := c.GetKeyHandle(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*AutokeyClient)GetLocation ¶added inv1.17.0

func (c *AutokeyClient) GetLocation(ctxcontext.Context, req *locationpb.GetLocationRequest, opts ...gax.CallOption) (*locationpb.Location,error)

GetLocation gets information about a location.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"locationpb "google.golang.org/genproto/googleapis/cloud/location")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &locationpb.GetLocationRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/google.golang.org/genproto/googleapis/cloud/location#GetLocationRequest.}resp, err := c.GetLocation(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*AutokeyClient)GetOperation ¶added inv1.17.0

func (c *AutokeyClient) GetOperation(ctxcontext.Context, req *longrunningpb.GetOperationRequest, opts ...gax.CallOption) (*longrunningpb.Operation,error)

GetOperation is a utility method from google.longrunning.Operations.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"longrunningpb "cloud.google.com/go/longrunning/autogen/longrunningpb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &longrunningpb.GetOperationRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/longrunning/autogen/longrunningpb#GetOperationRequest.}resp, err := c.GetOperation(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*AutokeyClient)ListKeyHandles ¶added inv1.17.0

func (c *AutokeyClient) ListKeyHandles(ctxcontext.Context, req *kmspb.ListKeyHandlesRequest, opts ...gax.CallOption) *KeyHandleIterator

ListKeyHandles lists KeyHandles.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb""google.golang.org/api/iterator")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.ListKeyHandlesRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#ListKeyHandlesRequest.}it := c.ListKeyHandles(ctx, req)for {resp, err := it.Next()if err == iterator.Done {break}if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp// If you need to access the underlying RPC response,// you can do so by casting the `Response` as below.// Otherwise, remove this line. Only populated after// first call to Next(). Not safe for concurrent access._ = it.Response.(*kmspb.ListKeyHandlesResponse)}}

Example (All)¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.ListKeyHandlesRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#ListKeyHandlesRequest.}for resp, err := range c.ListKeyHandles(ctx, req).All() {if err != nil {// TODO: Handle error and break/return/continue. Iteration will stop after any error.}// TODO: Use resp._ = resp}}

func (*AutokeyClient)ListLocations ¶added inv1.17.0

func (c *AutokeyClient) ListLocations(ctxcontext.Context, req *locationpb.ListLocationsRequest, opts ...gax.CallOption) *LocationIterator

ListLocations lists information about the supported locations for this service.This method can be called in two ways:

List all public locations: Use the path GET /v1/locations.List project-visible locations: Use the pathGET /v1/projects/{project_id}/locations. This may include publiclocations as well as private or other locations specifically visibleto the project.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1""google.golang.org/api/iterator"locationpb "google.golang.org/genproto/googleapis/cloud/location")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &locationpb.ListLocationsRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/google.golang.org/genproto/googleapis/cloud/location#ListLocationsRequest.}it := c.ListLocations(ctx, req)for {resp, err := it.Next()if err == iterator.Done {break}if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp// If you need to access the underlying RPC response,// you can do so by casting the `Response` as below.// Otherwise, remove this line. Only populated after// first call to Next(). Not safe for concurrent access._ = it.Response.(*locationpb.ListLocationsResponse)}}

Example (All)¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"locationpb "google.golang.org/genproto/googleapis/cloud/location")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &locationpb.ListLocationsRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/google.golang.org/genproto/googleapis/cloud/location#ListLocationsRequest.}for resp, err := range c.ListLocations(ctx, req).All() {if err != nil {// TODO: Handle error and break/return/continue. Iteration will stop after any error.}// TODO: Use resp._ = resp}}

func (*AutokeyClient)SetIamPolicy ¶added inv1.17.0

func (c *AutokeyClient) SetIamPolicy(ctxcontext.Context, req *iampb.SetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy,error)

SetIamPolicy sets the access control policy on the specified resource. Replacesany existing policy.

Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIEDerrors.

Example¶

package mainimport ("context"iampb "cloud.google.com/go/iam/apiv1/iampb"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &iampb.SetIamPolicyRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/iam/apiv1/iampb#SetIamPolicyRequest.}resp, err := c.SetIamPolicy(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*AutokeyClient)TestIamPermissions ¶added inv1.17.0

func (c *AutokeyClient) TestIamPermissions(ctxcontext.Context, req *iampb.TestIamPermissionsRequest, opts ...gax.CallOption) (*iampb.TestIamPermissionsResponse,error)

TestIamPermissions returns permissions that a caller has on the specified resource. If theresource does not exist, this will return an empty set ofpermissions, not a NOT_FOUND error.

Note: This operation is designed to be used for buildingpermission-aware UIs and command-line tools, not for authorizationchecking. This operation may “fail open” without warning.

Example¶

package mainimport ("context"iampb "cloud.google.com/go/iam/apiv1/iampb"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewAutokeyClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &iampb.TestIamPermissionsRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/iam/apiv1/iampb#TestIamPermissionsRequest.}resp, err := c.TestIamPermissions(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

typeCreateKeyHandleOperation ¶added inv1.17.0

type CreateKeyHandleOperation struct {// contains filtered or unexported fields}

CreateKeyHandleOperation manages a long-running operation from CreateKeyHandle.

func (*CreateKeyHandleOperation)Done ¶added inv1.17.0

func (op *CreateKeyHandleOperation) Done()bool

Done reports whether the long-running operation has completed.

func (*CreateKeyHandleOperation)Metadata ¶added inv1.17.0

func (op *CreateKeyHandleOperation) Metadata() (*kmspb.CreateKeyHandleMetadata,error)

Metadata returns metadata associated with the long-running operation.Metadata itself does not contact the server, but Poll does.To get the latest metadata, call this method after a successful call to Poll.If the metadata is not available, the returned metadata and error are both nil.

func (*CreateKeyHandleOperation)Name ¶added inv1.17.0

func (op *CreateKeyHandleOperation) Name()string

Name returns the name of the long-running operation.The name is assigned by the server and is unique within the service from which the operation is created.

func (*CreateKeyHandleOperation)Poll ¶added inv1.17.0

func (op *CreateKeyHandleOperation) Poll(ctxcontext.Context, opts ...gax.CallOption) (*kmspb.KeyHandle,error)

Poll fetches the latest state of the long-running operation.

Poll also fetches the latest metadata, which can be retrieved by Metadata.

If Poll fails, the error is returned and op is unmodified. If Poll succeeds andthe operation has completed with failure, the error is returned and op.Done will return true.If Poll succeeds and the operation has completed successfully,op.Done will return true, and the response of the operation is returned.If Poll succeeds and the operation has not completed, the returned response and error are both nil.

func (*CreateKeyHandleOperation)Wait ¶added inv1.17.0

func (op *CreateKeyHandleOperation) Wait(ctxcontext.Context, opts ...gax.CallOption) (*kmspb.KeyHandle,error)

Wait blocks until the long-running operation is completed, returning the response and any errors encountered.

See documentation of Poll for error-handling information.

typeCreateSingleTenantHsmInstanceOperation ¶added inv1.25.0

type CreateSingleTenantHsmInstanceOperation struct {// contains filtered or unexported fields}

CreateSingleTenantHsmInstanceOperation manages a long-running operation from CreateSingleTenantHsmInstance.

func (*CreateSingleTenantHsmInstanceOperation)Done ¶added inv1.25.0

func (op *CreateSingleTenantHsmInstanceOperation) Done()bool

Done reports whether the long-running operation has completed.

func (*CreateSingleTenantHsmInstanceOperation)Metadata ¶added inv1.25.0

func (op *CreateSingleTenantHsmInstanceOperation) Metadata() (*kmspb.CreateSingleTenantHsmInstanceMetadata,error)

func (*CreateSingleTenantHsmInstanceOperation)Name ¶added inv1.25.0

func (op *CreateSingleTenantHsmInstanceOperation) Name()string

Name returns the name of the long-running operation.The name is assigned by the server and is unique within the service from which the operation is created.

func (*CreateSingleTenantHsmInstanceOperation)Poll ¶added inv1.25.0

func (op *CreateSingleTenantHsmInstanceOperation) Poll(ctxcontext.Context, opts ...gax.CallOption) (*kmspb.SingleTenantHsmInstance,error)

Poll fetches the latest state of the long-running operation.

Poll also fetches the latest metadata, which can be retrieved by Metadata.

func (*CreateSingleTenantHsmInstanceOperation)Wait ¶added inv1.25.0

func (op *CreateSingleTenantHsmInstanceOperation) Wait(ctxcontext.Context, opts ...gax.CallOption) (*kmspb.SingleTenantHsmInstance,error)

Wait blocks until the long-running operation is completed, returning the response and any errors encountered.

See documentation of Poll for error-handling information.

typeCreateSingleTenantHsmInstanceProposalOperation ¶added inv1.25.0

type CreateSingleTenantHsmInstanceProposalOperation struct {// contains filtered or unexported fields}

CreateSingleTenantHsmInstanceProposalOperation manages a long-running operation from CreateSingleTenantHsmInstanceProposal.

func (*CreateSingleTenantHsmInstanceProposalOperation)Done ¶added inv1.25.0

func (op *CreateSingleTenantHsmInstanceProposalOperation) Done()bool

Done reports whether the long-running operation has completed.

func (*CreateSingleTenantHsmInstanceProposalOperation)Metadata ¶added inv1.25.0

func (op *CreateSingleTenantHsmInstanceProposalOperation) Metadata() (*kmspb.CreateSingleTenantHsmInstanceProposalMetadata,error)

func (*CreateSingleTenantHsmInstanceProposalOperation)Name ¶added inv1.25.0

func (op *CreateSingleTenantHsmInstanceProposalOperation) Name()string

Name returns the name of the long-running operation.The name is assigned by the server and is unique within the service from which the operation is created.

func (*CreateSingleTenantHsmInstanceProposalOperation)Poll ¶added inv1.25.0

func (op *CreateSingleTenantHsmInstanceProposalOperation) Poll(ctxcontext.Context, opts ...gax.CallOption) (*kmspb.SingleTenantHsmInstanceProposal,error)

Poll fetches the latest state of the long-running operation.

Poll also fetches the latest metadata, which can be retrieved by Metadata.

func (*CreateSingleTenantHsmInstanceProposalOperation)Wait ¶added inv1.25.0

func (op *CreateSingleTenantHsmInstanceProposalOperation) Wait(ctxcontext.Context, opts ...gax.CallOption) (*kmspb.SingleTenantHsmInstanceProposal,error)

Wait blocks until the long-running operation is completed, returning the response and any errors encountered.

See documentation of Poll for error-handling information.

typeCryptoKeyIterator ¶

type CryptoKeyIterator struct {// Response is the raw response for the current page.// It must be cast to the RPC response type.// Calling Next() or InternalFetch() updates this value.Response interface{}// InternalFetch is for use by the Google Cloud Libraries only.// It is not part of the stable interface of this package.//// InternalFetch returns results from a single call to the underlying RPC.// The number of results is no greater than pageSize.// If there are no more results, nextPageToken is empty and err is nil.InternalFetch func(pageSizeint, pageTokenstring) (results []*kmspb.CryptoKey, nextPageTokenstring, errerror)// contains filtered or unexported fields}

CryptoKeyIterator manages a stream of *kmspb.CryptoKey.

func (*CryptoKeyIterator)All ¶added inv1.19.1

func (it *CryptoKeyIterator) All()iter.Seq2[*kmspb.CryptoKey,error]

All returns an iterator. If an error is returned by the iterator, theiterator will stop after that iteration.

func (*CryptoKeyIterator)Next ¶

func (it *CryptoKeyIterator) Next() (*kmspb.CryptoKey,error)

Next returns the next result. Its second return value is iterator.Done if there are no moreresults. Once Next returns Done, all subsequent calls will return Done.

func (*CryptoKeyIterator)PageInfo ¶

func (it *CryptoKeyIterator) PageInfo() *iterator.PageInfo

PageInfo supports pagination. See thegoogle.golang.org/api/iterator package for details.

typeCryptoKeyVersionIterator ¶

type CryptoKeyVersionIterator struct {// Response is the raw response for the current page.// It must be cast to the RPC response type.// Calling Next() or InternalFetch() updates this value.Response interface{}// InternalFetch is for use by the Google Cloud Libraries only.// It is not part of the stable interface of this package.//// InternalFetch returns results from a single call to the underlying RPC.// The number of results is no greater than pageSize.// If there are no more results, nextPageToken is empty and err is nil.InternalFetch func(pageSizeint, pageTokenstring) (results []*kmspb.CryptoKeyVersion, nextPageTokenstring, errerror)// contains filtered or unexported fields}

CryptoKeyVersionIterator manages a stream of *kmspb.CryptoKeyVersion.

func (*CryptoKeyVersionIterator)All ¶added inv1.19.1

func (it *CryptoKeyVersionIterator) All()iter.Seq2[*kmspb.CryptoKeyVersion,error]

All returns an iterator. If an error is returned by the iterator, theiterator will stop after that iteration.

func (*CryptoKeyVersionIterator)Next ¶

func (it *CryptoKeyVersionIterator) Next() (*kmspb.CryptoKeyVersion,error)

Next returns the next result. Its second return value is iterator.Done if there are no moreresults. Once Next returns Done, all subsequent calls will return Done.

func (*CryptoKeyVersionIterator)PageInfo ¶

func (it *CryptoKeyVersionIterator) PageInfo() *iterator.PageInfo

PageInfo supports pagination. See thegoogle.golang.org/api/iterator package for details.

typeDeleteCryptoKeyOperation ¶added inv1.26.0

type DeleteCryptoKeyOperation struct {// contains filtered or unexported fields}

DeleteCryptoKeyOperation manages a long-running operation from DeleteCryptoKey.

func (*DeleteCryptoKeyOperation)Done ¶added inv1.26.0

func (op *DeleteCryptoKeyOperation) Done()bool

Done reports whether the long-running operation has completed.

func (*DeleteCryptoKeyOperation)Metadata ¶added inv1.26.0

func (op *DeleteCryptoKeyOperation) Metadata() (*kmspb.DeleteCryptoKeyMetadata,error)

func (*DeleteCryptoKeyOperation)Name ¶added inv1.26.0

func (op *DeleteCryptoKeyOperation) Name()string

Name returns the name of the long-running operation.The name is assigned by the server and is unique within the service from which the operation is created.

func (*DeleteCryptoKeyOperation)Poll ¶added inv1.26.0

func (op *DeleteCryptoKeyOperation) Poll(ctxcontext.Context, opts ...gax.CallOption)error

Poll fetches the latest state of the long-running operation.

Poll also fetches the latest metadata, which can be retrieved by Metadata.

func (*DeleteCryptoKeyOperation)Wait ¶added inv1.26.0

func (op *DeleteCryptoKeyOperation) Wait(ctxcontext.Context, opts ...gax.CallOption)error

Wait blocks until the long-running operation is completed, returning the response and any errors encountered.

See documentation of Poll for error-handling information.

typeDeleteCryptoKeyVersionOperation ¶added inv1.26.0

type DeleteCryptoKeyVersionOperation struct {// contains filtered or unexported fields}

DeleteCryptoKeyVersionOperation manages a long-running operation from DeleteCryptoKeyVersion.

func (*DeleteCryptoKeyVersionOperation)Done ¶added inv1.26.0

func (op *DeleteCryptoKeyVersionOperation) Done()bool

Done reports whether the long-running operation has completed.

func (*DeleteCryptoKeyVersionOperation)Metadata ¶added inv1.26.0

func (op *DeleteCryptoKeyVersionOperation) Metadata() (*kmspb.DeleteCryptoKeyVersionMetadata,error)

func (*DeleteCryptoKeyVersionOperation)Name ¶added inv1.26.0

func (op *DeleteCryptoKeyVersionOperation) Name()string

Name returns the name of the long-running operation.The name is assigned by the server and is unique within the service from which the operation is created.

func (*DeleteCryptoKeyVersionOperation)Poll ¶added inv1.26.0

func (op *DeleteCryptoKeyVersionOperation) Poll(ctxcontext.Context, opts ...gax.CallOption)error

Poll fetches the latest state of the long-running operation.

Poll also fetches the latest metadata, which can be retrieved by Metadata.

func (*DeleteCryptoKeyVersionOperation)Wait ¶added inv1.26.0

func (op *DeleteCryptoKeyVersionOperation) Wait(ctxcontext.Context, opts ...gax.CallOption)error

Wait blocks until the long-running operation is completed, returning the response and any errors encountered.

See documentation of Poll for error-handling information.

typeEkmCallOptions ¶added inv1.2.0

type EkmCallOptions struct {ListEkmConnections  []gax.CallOptionGetEkmConnection    []gax.CallOptionCreateEkmConnection []gax.CallOptionUpdateEkmConnection []gax.CallOptionGetEkmConfig        []gax.CallOptionUpdateEkmConfig     []gax.CallOptionVerifyConnectivity  []gax.CallOptionGetLocation         []gax.CallOptionListLocations       []gax.CallOptionGetIamPolicy        []gax.CallOptionSetIamPolicy        []gax.CallOptionTestIamPermissions  []gax.CallOptionGetOperation        []gax.CallOption}

EkmCallOptions contains the retry settings for each method of EkmClient.

typeEkmClient ¶added inv1.2.0

type EkmClient struct {// The call options for this service.CallOptions *EkmCallOptions// contains filtered or unexported fields}

EkmClient is a client for interacting with Cloud Key Management Service (KMS) API.Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.

Google Cloud Key Management EKM Service¶

Manages external cryptographic keys and operations using those keys.Implements a REST model with the following objects:

EkmConnection

funcNewEkmClient ¶added inv1.2.0

func NewEkmClient(ctxcontext.Context, opts ...option.ClientOption) (*EkmClient,error)

NewEkmClient creates a new ekm service client based on gRPC.The returned client must be Closed when it is done being used to clean up its underlying connections.

Google Cloud Key Management EKM Service¶

Manages external cryptographic keys and operations using those keys.Implements a REST model with the following objects:

EkmConnection

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewEkmClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()// TODO: Use client._ = c}

funcNewEkmRESTClient ¶added inv1.8.0

func NewEkmRESTClient(ctxcontext.Context, opts ...option.ClientOption) (*EkmClient,error)

NewEkmRESTClient creates a new ekm service rest client.

Google Cloud Key Management EKM Service¶

Manages external cryptographic keys and operations using those keys.Implements a REST model with the following objects:

EkmConnection

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewEkmRESTClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()// TODO: Use client._ = c}

func (*EkmClient)Close ¶added inv1.2.0

func (c *EkmClient) Close()error

Close closes the connection to the API service. The user should invoke this whenthe client is no longer required.

func (*EkmClient)Connectiondeprecatedadded inv1.2.0

func (c *EkmClient) Connection() *grpc.ClientConn

Connection returns a connection to the API service.

Deprecated: Connections are now pooled so this method does not alwaysreturn the same resource.

func (*EkmClient)CreateEkmConnection ¶added inv1.2.0

func (c *EkmClient) CreateEkmConnection(ctxcontext.Context, req *kmspb.CreateEkmConnectionRequest, opts ...gax.CallOption) (*kmspb.EkmConnection,error)

CreateEkmConnection creates a new EkmConnection in a givenProject and Location.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewEkmClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.CreateEkmConnectionRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#CreateEkmConnectionRequest.}resp, err := c.CreateEkmConnection(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*EkmClient)GetEkmConfig ¶added inv1.10.0

func (c *EkmClient) GetEkmConfig(ctxcontext.Context, req *kmspb.GetEkmConfigRequest, opts ...gax.CallOption) (*kmspb.EkmConfig,error)

GetEkmConfig returns the EkmConfig singleton resourcefor a given project and location.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewEkmClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.GetEkmConfigRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#GetEkmConfigRequest.}resp, err := c.GetEkmConfig(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*EkmClient)GetEkmConnection ¶added inv1.2.0

func (c *EkmClient) GetEkmConnection(ctxcontext.Context, req *kmspb.GetEkmConnectionRequest, opts ...gax.CallOption) (*kmspb.EkmConnection,error)

GetEkmConnection returns metadata for a givenEkmConnection.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewEkmClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.GetEkmConnectionRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#GetEkmConnectionRequest.}resp, err := c.GetEkmConnection(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*EkmClient)GetIamPolicy ¶added inv1.2.0

func (c *EkmClient) GetIamPolicy(ctxcontext.Context, req *iampb.GetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy,error)

GetIamPolicy gets the access control policy for a resource. Returns an empty policyif the resource exists and does not have a policy set.

Example¶

package mainimport ("context"iampb "cloud.google.com/go/iam/apiv1/iampb"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewEkmClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &iampb.GetIamPolicyRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/iam/apiv1/iampb#GetIamPolicyRequest.}resp, err := c.GetIamPolicy(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*EkmClient)GetLocation ¶added inv1.5.0

func (c *EkmClient) GetLocation(ctxcontext.Context, req *locationpb.GetLocationRequest, opts ...gax.CallOption) (*locationpb.Location,error)

GetLocation gets information about a location.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"locationpb "google.golang.org/genproto/googleapis/cloud/location")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewEkmClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &locationpb.GetLocationRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/google.golang.org/genproto/googleapis/cloud/location#GetLocationRequest.}resp, err := c.GetLocation(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*EkmClient)GetOperation ¶added inv1.16.0

func (c *EkmClient) GetOperation(ctxcontext.Context, req *longrunningpb.GetOperationRequest, opts ...gax.CallOption) (*longrunningpb.Operation,error)

GetOperation is a utility method from google.longrunning.Operations.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"longrunningpb "cloud.google.com/go/longrunning/autogen/longrunningpb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewEkmClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &longrunningpb.GetOperationRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/longrunning/autogen/longrunningpb#GetOperationRequest.}resp, err := c.GetOperation(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*EkmClient)ListEkmConnections ¶added inv1.2.0

func (c *EkmClient) ListEkmConnections(ctxcontext.Context, req *kmspb.ListEkmConnectionsRequest, opts ...gax.CallOption) *EkmConnectionIterator

ListEkmConnections lists EkmConnections.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb""google.golang.org/api/iterator")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewEkmClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.ListEkmConnectionsRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#ListEkmConnectionsRequest.}it := c.ListEkmConnections(ctx, req)for {resp, err := it.Next()if err == iterator.Done {break}if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp// If you need to access the underlying RPC response,// you can do so by casting the `Response` as below.// Otherwise, remove this line. Only populated after// first call to Next(). Not safe for concurrent access._ = it.Response.(*kmspb.ListEkmConnectionsResponse)}}

Example (All)¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewEkmClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.ListEkmConnectionsRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#ListEkmConnectionsRequest.}for resp, err := range c.ListEkmConnections(ctx, req).All() {if err != nil {// TODO: Handle error and break/return/continue. Iteration will stop after any error.}// TODO: Use resp._ = resp}}

func (*EkmClient)ListLocations ¶added inv1.5.0

func (c *EkmClient) ListLocations(ctxcontext.Context, req *locationpb.ListLocationsRequest, opts ...gax.CallOption) *LocationIterator

ListLocations lists information about the supported locations for this service.This method can be called in two ways:

List all public locations: Use the path GET /v1/locations.List project-visible locations: Use the pathGET /v1/projects/{project_id}/locations. This may include publiclocations as well as private or other locations specifically visibleto the project.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1""google.golang.org/api/iterator"locationpb "google.golang.org/genproto/googleapis/cloud/location")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewEkmClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &locationpb.ListLocationsRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/google.golang.org/genproto/googleapis/cloud/location#ListLocationsRequest.}it := c.ListLocations(ctx, req)for {resp, err := it.Next()if err == iterator.Done {break}if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp// If you need to access the underlying RPC response,// you can do so by casting the `Response` as below.// Otherwise, remove this line. Only populated after// first call to Next(). Not safe for concurrent access._ = it.Response.(*locationpb.ListLocationsResponse)}}

Example (All)¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"locationpb "google.golang.org/genproto/googleapis/cloud/location")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewEkmClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &locationpb.ListLocationsRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/google.golang.org/genproto/googleapis/cloud/location#ListLocationsRequest.}for resp, err := range c.ListLocations(ctx, req).All() {if err != nil {// TODO: Handle error and break/return/continue. Iteration will stop after any error.}// TODO: Use resp._ = resp}}

func (*EkmClient)SetIamPolicy ¶added inv1.2.0

func (c *EkmClient) SetIamPolicy(ctxcontext.Context, req *iampb.SetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy,error)

SetIamPolicy sets the access control policy on the specified resource. Replacesany existing policy.

Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIEDerrors.

Example¶

package mainimport ("context"iampb "cloud.google.com/go/iam/apiv1/iampb"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewEkmClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &iampb.SetIamPolicyRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/iam/apiv1/iampb#SetIamPolicyRequest.}resp, err := c.SetIamPolicy(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*EkmClient)TestIamPermissions ¶added inv1.2.0

func (c *EkmClient) TestIamPermissions(ctxcontext.Context, req *iampb.TestIamPermissionsRequest, opts ...gax.CallOption) (*iampb.TestIamPermissionsResponse,error)

TestIamPermissions returns permissions that a caller has on the specified resource. If theresource does not exist, this will return an empty set ofpermissions, not a NOT_FOUND error.

Note: This operation is designed to be used for buildingpermission-aware UIs and command-line tools, not for authorizationchecking. This operation may “fail open” without warning.

Example¶

package mainimport ("context"iampb "cloud.google.com/go/iam/apiv1/iampb"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewEkmClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &iampb.TestIamPermissionsRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/iam/apiv1/iampb#TestIamPermissionsRequest.}resp, err := c.TestIamPermissions(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*EkmClient)UpdateEkmConfig ¶added inv1.10.0

func (c *EkmClient) UpdateEkmConfig(ctxcontext.Context, req *kmspb.UpdateEkmConfigRequest, opts ...gax.CallOption) (*kmspb.EkmConfig,error)

UpdateEkmConfig updates the EkmConfig singleton resourcefor a given project and location.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewEkmClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.UpdateEkmConfigRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#UpdateEkmConfigRequest.}resp, err := c.UpdateEkmConfig(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*EkmClient)UpdateEkmConnection ¶added inv1.2.0

func (c *EkmClient) UpdateEkmConnection(ctxcontext.Context, req *kmspb.UpdateEkmConnectionRequest, opts ...gax.CallOption) (*kmspb.EkmConnection,error)

UpdateEkmConnection updates an EkmConnection's metadata.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewEkmClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.UpdateEkmConnectionRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#UpdateEkmConnectionRequest.}resp, err := c.UpdateEkmConnection(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*EkmClient)VerifyConnectivity ¶added inv1.11.0

func (c *EkmClient) VerifyConnectivity(ctxcontext.Context, req *kmspb.VerifyConnectivityRequest, opts ...gax.CallOption) (*kmspb.VerifyConnectivityResponse,error)

VerifyConnectivity verifies that Cloud KMS can successfully connect to the external keymanager specified by an EkmConnection.If there is an error connecting to the EKM, this method returns aFAILED_PRECONDITION status containing structured information as describedathttps://cloud.google.com/kms/docs/reference/ekm_errors (athttps://cloud.google.com/kms/docs/reference/ekm_errors).

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewEkmClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.VerifyConnectivityRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#VerifyConnectivityRequest.}resp, err := c.VerifyConnectivity(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

typeEkmConnectionIterator ¶added inv1.2.0

type EkmConnectionIterator struct {// Response is the raw response for the current page.// It must be cast to the RPC response type.// Calling Next() or InternalFetch() updates this value.Response interface{}// InternalFetch is for use by the Google Cloud Libraries only.// It is not part of the stable interface of this package.//// InternalFetch returns results from a single call to the underlying RPC.// The number of results is no greater than pageSize.// If there are no more results, nextPageToken is empty and err is nil.InternalFetch func(pageSizeint, pageTokenstring) (results []*kmspb.EkmConnection, nextPageTokenstring, errerror)// contains filtered or unexported fields}

EkmConnectionIterator manages a stream of *kmspb.EkmConnection.

func (*EkmConnectionIterator)All ¶added inv1.19.1

func (it *EkmConnectionIterator) All()iter.Seq2[*kmspb.EkmConnection,error]

All returns an iterator. If an error is returned by the iterator, theiterator will stop after that iteration.

func (*EkmConnectionIterator)Next ¶added inv1.2.0

func (it *EkmConnectionIterator) Next() (*kmspb.EkmConnection,error)

Next returns the next result. Its second return value is iterator.Done if there are no moreresults. Once Next returns Done, all subsequent calls will return Done.

func (*EkmConnectionIterator)PageInfo ¶added inv1.2.0

func (it *EkmConnectionIterator) PageInfo() *iterator.PageInfo

PageInfo supports pagination. See thegoogle.golang.org/api/iterator package for details.

typeExecuteSingleTenantHsmInstanceProposalOperation ¶added inv1.25.0

type ExecuteSingleTenantHsmInstanceProposalOperation struct {// contains filtered or unexported fields}

ExecuteSingleTenantHsmInstanceProposalOperation manages a long-running operation from ExecuteSingleTenantHsmInstanceProposal.

func (*ExecuteSingleTenantHsmInstanceProposalOperation)Done ¶added inv1.25.0

func (op *ExecuteSingleTenantHsmInstanceProposalOperation) Done()bool

Done reports whether the long-running operation has completed.

func (*ExecuteSingleTenantHsmInstanceProposalOperation)Metadata ¶added inv1.25.0

func (op *ExecuteSingleTenantHsmInstanceProposalOperation) Metadata() (*kmspb.ExecuteSingleTenantHsmInstanceProposalMetadata,error)

func (*ExecuteSingleTenantHsmInstanceProposalOperation)Name ¶added inv1.25.0

func (op *ExecuteSingleTenantHsmInstanceProposalOperation) Name()string

Name returns the name of the long-running operation.The name is assigned by the server and is unique within the service from which the operation is created.

func (*ExecuteSingleTenantHsmInstanceProposalOperation)Poll ¶added inv1.25.0

func (op *ExecuteSingleTenantHsmInstanceProposalOperation) Poll(ctxcontext.Context, opts ...gax.CallOption) (*kmspb.ExecuteSingleTenantHsmInstanceProposalResponse,error)

Poll fetches the latest state of the long-running operation.

Poll also fetches the latest metadata, which can be retrieved by Metadata.

func (*ExecuteSingleTenantHsmInstanceProposalOperation)Wait ¶added inv1.25.0

func (op *ExecuteSingleTenantHsmInstanceProposalOperation) Wait(ctxcontext.Context, opts ...gax.CallOption) (*kmspb.ExecuteSingleTenantHsmInstanceProposalResponse,error)

Wait blocks until the long-running operation is completed, returning the response and any errors encountered.

See documentation of Poll for error-handling information.

typeHsmManagementCallOptions ¶added inv1.25.0

type HsmManagementCallOptions struct {ListSingleTenantHsmInstances           []gax.CallOptionGetSingleTenantHsmInstance             []gax.CallOptionCreateSingleTenantHsmInstance          []gax.CallOptionCreateSingleTenantHsmInstanceProposal  []gax.CallOptionApproveSingleTenantHsmInstanceProposal []gax.CallOptionExecuteSingleTenantHsmInstanceProposal []gax.CallOptionGetSingleTenantHsmInstanceProposal     []gax.CallOptionListSingleTenantHsmInstanceProposals   []gax.CallOptionDeleteSingleTenantHsmInstanceProposal  []gax.CallOptionGetLocation                            []gax.CallOptionListLocations                          []gax.CallOptionGetIamPolicy                           []gax.CallOptionSetIamPolicy                           []gax.CallOptionTestIamPermissions                     []gax.CallOptionGetOperation                           []gax.CallOption}

HsmManagementCallOptions contains the retry settings for each method of HsmManagementClient.

typeHsmManagementClient ¶added inv1.25.0

type HsmManagementClient struct {// The call options for this service.CallOptions *HsmManagementCallOptions// LROClient is used internally to handle long-running operations.// It is exposed so that its CallOptions can be modified if required.// Users should not Close this client.LROClient *lroauto.OperationsClient// contains filtered or unexported fields}

HsmManagementClient is a client for interacting with Cloud Key Management Service (KMS) API.Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.

Google Cloud HSM Management Service¶

Provides interfaces for managing HSM instances.

Implements a REST model with the following objects:

SingleTenantHsmInstanceSingleTenantHsmInstanceProposal

funcNewHsmManagementClient ¶added inv1.25.0

func NewHsmManagementClient(ctxcontext.Context, opts ...option.ClientOption) (*HsmManagementClient,error)

NewHsmManagementClient creates a new hsm management client based on gRPC.The returned client must be Closed when it is done being used to clean up its underlying connections.

Google Cloud HSM Management Service¶

Provides interfaces for managing HSM instances.

Implements a REST model with the following objects:

SingleTenantHsmInstanceSingleTenantHsmInstanceProposal

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewHsmManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()// TODO: Use client._ = c}

funcNewHsmManagementRESTClient ¶added inv1.25.0

func NewHsmManagementRESTClient(ctxcontext.Context, opts ...option.ClientOption) (*HsmManagementClient,error)

NewHsmManagementRESTClient creates a new hsm management rest client.

Google Cloud HSM Management Service¶

Provides interfaces for managing HSM instances.

Implements a REST model with the following objects:

SingleTenantHsmInstanceSingleTenantHsmInstanceProposal

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewHsmManagementRESTClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()// TODO: Use client._ = c}

func (*HsmManagementClient)ApproveSingleTenantHsmInstanceProposal ¶added inv1.25.0

func (c *HsmManagementClient) ApproveSingleTenantHsmInstanceProposal(ctxcontext.Context, req *kmspb.ApproveSingleTenantHsmInstanceProposalRequest, opts ...gax.CallOption) (*kmspb.ApproveSingleTenantHsmInstanceProposalResponse,error)

ApproveSingleTenantHsmInstanceProposal approves aSingleTenantHsmInstanceProposalfor a givenSingleTenantHsmInstance. Theproposal must be in thePENDINGstate.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewHsmManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.ApproveSingleTenantHsmInstanceProposalRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#ApproveSingleTenantHsmInstanceProposalRequest.}resp, err := c.ApproveSingleTenantHsmInstanceProposal(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*HsmManagementClient)Close ¶added inv1.25.0

func (c *HsmManagementClient) Close()error

Close closes the connection to the API service. The user should invoke this whenthe client is no longer required.

func (*HsmManagementClient)Connectiondeprecatedadded inv1.25.0

func (c *HsmManagementClient) Connection() *grpc.ClientConn

Connection returns a connection to the API service.

Deprecated: Connections are now pooled so this method does not alwaysreturn the same resource.

func (*HsmManagementClient)CreateSingleTenantHsmInstance ¶added inv1.25.0

func (c *HsmManagementClient) CreateSingleTenantHsmInstance(ctxcontext.Context, req *kmspb.CreateSingleTenantHsmInstanceRequest, opts ...gax.CallOption) (*CreateSingleTenantHsmInstanceOperation,error)

CreateSingleTenantHsmInstance creates a newSingleTenantHsmInstance in agiven Project and Location. User must create a RegisterTwoFactorAuthKeysproposal with this single-tenant HSM instance to finish setup of theinstance.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewHsmManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.CreateSingleTenantHsmInstanceRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#CreateSingleTenantHsmInstanceRequest.}op, err := c.CreateSingleTenantHsmInstance(ctx, req)if err != nil {// TODO: Handle error.}resp, err := op.Wait(ctx)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*HsmManagementClient)CreateSingleTenantHsmInstanceOperation ¶added inv1.25.0

func (c *HsmManagementClient) CreateSingleTenantHsmInstanceOperation(namestring) *CreateSingleTenantHsmInstanceOperation

CreateSingleTenantHsmInstanceOperation returns a new CreateSingleTenantHsmInstanceOperation from a given name.The name must be that of a previously created CreateSingleTenantHsmInstanceOperation, possibly from a different process.

func (*HsmManagementClient)CreateSingleTenantHsmInstanceProposal ¶added inv1.25.0

func (c *HsmManagementClient) CreateSingleTenantHsmInstanceProposal(ctxcontext.Context, req *kmspb.CreateSingleTenantHsmInstanceProposalRequest, opts ...gax.CallOption) (*CreateSingleTenantHsmInstanceProposalOperation,error)

CreateSingleTenantHsmInstanceProposal creates a newSingleTenantHsmInstanceProposalfor a givenSingleTenantHsmInstance.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewHsmManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.CreateSingleTenantHsmInstanceProposalRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#CreateSingleTenantHsmInstanceProposalRequest.}op, err := c.CreateSingleTenantHsmInstanceProposal(ctx, req)if err != nil {// TODO: Handle error.}resp, err := op.Wait(ctx)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*HsmManagementClient)CreateSingleTenantHsmInstanceProposalOperation ¶added inv1.25.0

func (c *HsmManagementClient) CreateSingleTenantHsmInstanceProposalOperation(namestring) *CreateSingleTenantHsmInstanceProposalOperation

CreateSingleTenantHsmInstanceProposalOperation returns a new CreateSingleTenantHsmInstanceProposalOperation from a given name.The name must be that of a previously created CreateSingleTenantHsmInstanceProposalOperation, possibly from a different process.

func (*HsmManagementClient)DeleteSingleTenantHsmInstanceProposal ¶added inv1.25.0

func (c *HsmManagementClient) DeleteSingleTenantHsmInstanceProposal(ctxcontext.Context, req *kmspb.DeleteSingleTenantHsmInstanceProposalRequest, opts ...gax.CallOption)error

DeleteSingleTenantHsmInstanceProposal deletes aSingleTenantHsmInstanceProposal.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewHsmManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.DeleteSingleTenantHsmInstanceProposalRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#DeleteSingleTenantHsmInstanceProposalRequest.}err = c.DeleteSingleTenantHsmInstanceProposal(ctx, req)if err != nil {// TODO: Handle error.}}

func (*HsmManagementClient)ExecuteSingleTenantHsmInstanceProposal ¶added inv1.25.0

func (c *HsmManagementClient) ExecuteSingleTenantHsmInstanceProposal(ctxcontext.Context, req *kmspb.ExecuteSingleTenantHsmInstanceProposalRequest, opts ...gax.CallOption) (*ExecuteSingleTenantHsmInstanceProposalOperation,error)

ExecuteSingleTenantHsmInstanceProposal executes aSingleTenantHsmInstanceProposalfor a givenSingleTenantHsmInstance. Theproposal must be in theAPPROVEDstate.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewHsmManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.ExecuteSingleTenantHsmInstanceProposalRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#ExecuteSingleTenantHsmInstanceProposalRequest.}op, err := c.ExecuteSingleTenantHsmInstanceProposal(ctx, req)if err != nil {// TODO: Handle error.}resp, err := op.Wait(ctx)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*HsmManagementClient)ExecuteSingleTenantHsmInstanceProposalOperation ¶added inv1.25.0

func (c *HsmManagementClient) ExecuteSingleTenantHsmInstanceProposalOperation(namestring) *ExecuteSingleTenantHsmInstanceProposalOperation

ExecuteSingleTenantHsmInstanceProposalOperation returns a new ExecuteSingleTenantHsmInstanceProposalOperation from a given name.The name must be that of a previously created ExecuteSingleTenantHsmInstanceProposalOperation, possibly from a different process.

func (*HsmManagementClient)GetIamPolicy ¶added inv1.25.0

func (c *HsmManagementClient) GetIamPolicy(ctxcontext.Context, req *iampb.GetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy,error)

GetIamPolicy gets the access control policy for a resource. Returns an empty policyif the resource exists and does not have a policy set.

Example¶

package mainimport ("context"iampb "cloud.google.com/go/iam/apiv1/iampb"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewHsmManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &iampb.GetIamPolicyRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/iam/apiv1/iampb#GetIamPolicyRequest.}resp, err := c.GetIamPolicy(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*HsmManagementClient)GetLocation ¶added inv1.25.0

func (c *HsmManagementClient) GetLocation(ctxcontext.Context, req *locationpb.GetLocationRequest, opts ...gax.CallOption) (*locationpb.Location,error)

GetLocation gets information about a location.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"locationpb "google.golang.org/genproto/googleapis/cloud/location")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewHsmManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &locationpb.GetLocationRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/google.golang.org/genproto/googleapis/cloud/location#GetLocationRequest.}resp, err := c.GetLocation(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*HsmManagementClient)GetOperation ¶added inv1.25.0

func (c *HsmManagementClient) GetOperation(ctxcontext.Context, req *longrunningpb.GetOperationRequest, opts ...gax.CallOption) (*longrunningpb.Operation,error)

GetOperation is a utility method from google.longrunning.Operations.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"longrunningpb "cloud.google.com/go/longrunning/autogen/longrunningpb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewHsmManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &longrunningpb.GetOperationRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/longrunning/autogen/longrunningpb#GetOperationRequest.}resp, err := c.GetOperation(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*HsmManagementClient)GetSingleTenantHsmInstance ¶added inv1.25.0

func (c *HsmManagementClient) GetSingleTenantHsmInstance(ctxcontext.Context, req *kmspb.GetSingleTenantHsmInstanceRequest, opts ...gax.CallOption) (*kmspb.SingleTenantHsmInstance,error)

GetSingleTenantHsmInstance returns metadata for a givenSingleTenantHsmInstance.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewHsmManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.GetSingleTenantHsmInstanceRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#GetSingleTenantHsmInstanceRequest.}resp, err := c.GetSingleTenantHsmInstance(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*HsmManagementClient)GetSingleTenantHsmInstanceProposal ¶added inv1.25.0

func (c *HsmManagementClient) GetSingleTenantHsmInstanceProposal(ctxcontext.Context, req *kmspb.GetSingleTenantHsmInstanceProposalRequest, opts ...gax.CallOption) (*kmspb.SingleTenantHsmInstanceProposal,error)

GetSingleTenantHsmInstanceProposal returns metadata for a givenSingleTenantHsmInstanceProposal.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewHsmManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.GetSingleTenantHsmInstanceProposalRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#GetSingleTenantHsmInstanceProposalRequest.}resp, err := c.GetSingleTenantHsmInstanceProposal(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*HsmManagementClient)ListLocations ¶added inv1.25.0

func (c *HsmManagementClient) ListLocations(ctxcontext.Context, req *locationpb.ListLocationsRequest, opts ...gax.CallOption) *LocationIterator

ListLocations lists information about the supported locations for this service.This method can be called in two ways:

List all public locations: Use the path GET /v1/locations.List project-visible locations: Use the pathGET /v1/projects/{project_id}/locations. This may include publiclocations as well as private or other locations specifically visibleto the project.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1""google.golang.org/api/iterator"locationpb "google.golang.org/genproto/googleapis/cloud/location")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewHsmManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &locationpb.ListLocationsRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/google.golang.org/genproto/googleapis/cloud/location#ListLocationsRequest.}it := c.ListLocations(ctx, req)for {resp, err := it.Next()if err == iterator.Done {break}if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp// If you need to access the underlying RPC response,// you can do so by casting the `Response` as below.// Otherwise, remove this line. Only populated after// first call to Next(). Not safe for concurrent access._ = it.Response.(*locationpb.ListLocationsResponse)}}

Example (All)¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"locationpb "google.golang.org/genproto/googleapis/cloud/location")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewHsmManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &locationpb.ListLocationsRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/google.golang.org/genproto/googleapis/cloud/location#ListLocationsRequest.}for resp, err := range c.ListLocations(ctx, req).All() {if err != nil {// TODO: Handle error and break/return/continue. Iteration will stop after any error.}// TODO: Use resp._ = resp}}

func (*HsmManagementClient)ListSingleTenantHsmInstanceProposals ¶added inv1.25.0

func (c *HsmManagementClient) ListSingleTenantHsmInstanceProposals(ctxcontext.Context, req *kmspb.ListSingleTenantHsmInstanceProposalsRequest, opts ...gax.CallOption) *SingleTenantHsmInstanceProposalIterator

ListSingleTenantHsmInstanceProposals listsSingleTenantHsmInstanceProposals.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb""google.golang.org/api/iterator")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewHsmManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.ListSingleTenantHsmInstanceProposalsRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#ListSingleTenantHsmInstanceProposalsRequest.}it := c.ListSingleTenantHsmInstanceProposals(ctx, req)for {resp, err := it.Next()if err == iterator.Done {break}if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp// If you need to access the underlying RPC response,// you can do so by casting the `Response` as below.// Otherwise, remove this line. Only populated after// first call to Next(). Not safe for concurrent access._ = it.Response.(*kmspb.ListSingleTenantHsmInstanceProposalsResponse)}}

Example (All)¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewHsmManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.ListSingleTenantHsmInstanceProposalsRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#ListSingleTenantHsmInstanceProposalsRequest.}for resp, err := range c.ListSingleTenantHsmInstanceProposals(ctx, req).All() {if err != nil {// TODO: Handle error and break/return/continue. Iteration will stop after any error.}// TODO: Use resp._ = resp}}

func (*HsmManagementClient)ListSingleTenantHsmInstances ¶added inv1.25.0

func (c *HsmManagementClient) ListSingleTenantHsmInstances(ctxcontext.Context, req *kmspb.ListSingleTenantHsmInstancesRequest, opts ...gax.CallOption) *SingleTenantHsmInstanceIterator

ListSingleTenantHsmInstances listsSingleTenantHsmInstances.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb""google.golang.org/api/iterator")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewHsmManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.ListSingleTenantHsmInstancesRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#ListSingleTenantHsmInstancesRequest.}it := c.ListSingleTenantHsmInstances(ctx, req)for {resp, err := it.Next()if err == iterator.Done {break}if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp// If you need to access the underlying RPC response,// you can do so by casting the `Response` as below.// Otherwise, remove this line. Only populated after// first call to Next(). Not safe for concurrent access._ = it.Response.(*kmspb.ListSingleTenantHsmInstancesResponse)}}

Example (All)¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewHsmManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.ListSingleTenantHsmInstancesRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#ListSingleTenantHsmInstancesRequest.}for resp, err := range c.ListSingleTenantHsmInstances(ctx, req).All() {if err != nil {// TODO: Handle error and break/return/continue. Iteration will stop after any error.}// TODO: Use resp._ = resp}}

func (*HsmManagementClient)SetIamPolicy ¶added inv1.25.0

func (c *HsmManagementClient) SetIamPolicy(ctxcontext.Context, req *iampb.SetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy,error)

SetIamPolicy sets the access control policy on the specified resource. Replacesany existing policy.

Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIEDerrors.

Example¶

package mainimport ("context"iampb "cloud.google.com/go/iam/apiv1/iampb"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewHsmManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &iampb.SetIamPolicyRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/iam/apiv1/iampb#SetIamPolicyRequest.}resp, err := c.SetIamPolicy(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*HsmManagementClient)TestIamPermissions ¶added inv1.25.0

func (c *HsmManagementClient) TestIamPermissions(ctxcontext.Context, req *iampb.TestIamPermissionsRequest, opts ...gax.CallOption) (*iampb.TestIamPermissionsResponse,error)

TestIamPermissions returns permissions that a caller has on the specified resource. If theresource does not exist, this will return an empty set ofpermissions, not a NOT_FOUND error.

Note: This operation is designed to be used for buildingpermission-aware UIs and command-line tools, not for authorizationchecking. This operation may “fail open” without warning.

Example¶

package mainimport ("context"iampb "cloud.google.com/go/iam/apiv1/iampb"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewHsmManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &iampb.TestIamPermissionsRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/iam/apiv1/iampb#TestIamPermissionsRequest.}resp, err := c.TestIamPermissions(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

typeImportJobIterator ¶

type ImportJobIterator struct {// Response is the raw response for the current page.// It must be cast to the RPC response type.// Calling Next() or InternalFetch() updates this value.Response interface{}// InternalFetch is for use by the Google Cloud Libraries only.// It is not part of the stable interface of this package.//// InternalFetch returns results from a single call to the underlying RPC.// The number of results is no greater than pageSize.// If there are no more results, nextPageToken is empty and err is nil.InternalFetch func(pageSizeint, pageTokenstring) (results []*kmspb.ImportJob, nextPageTokenstring, errerror)// contains filtered or unexported fields}

ImportJobIterator manages a stream of *kmspb.ImportJob.

func (*ImportJobIterator)All ¶added inv1.19.1

func (it *ImportJobIterator) All()iter.Seq2[*kmspb.ImportJob,error]

All returns an iterator. If an error is returned by the iterator, theiterator will stop after that iteration.

func (*ImportJobIterator)Next ¶

func (it *ImportJobIterator) Next() (*kmspb.ImportJob,error)

Next returns the next result. Its second return value is iterator.Done if there are no moreresults. Once Next returns Done, all subsequent calls will return Done.

func (*ImportJobIterator)PageInfo ¶

func (it *ImportJobIterator) PageInfo() *iterator.PageInfo

PageInfo supports pagination. See thegoogle.golang.org/api/iterator package for details.

typeKeyHandleIterator ¶added inv1.20.0

type KeyHandleIterator struct {// Response is the raw response for the current page.// It must be cast to the RPC response type.// Calling Next() or InternalFetch() updates this value.Response interface{}// InternalFetch is for use by the Google Cloud Libraries only.// It is not part of the stable interface of this package.//// InternalFetch returns results from a single call to the underlying RPC.// The number of results is no greater than pageSize.// If there are no more results, nextPageToken is empty and err is nil.InternalFetch func(pageSizeint, pageTokenstring) (results []*kmspb.KeyHandle, nextPageTokenstring, errerror)// contains filtered or unexported fields}

KeyHandleIterator manages a stream of *kmspb.KeyHandle.

func (*KeyHandleIterator)All ¶added inv1.20.0

func (it *KeyHandleIterator) All()iter.Seq2[*kmspb.KeyHandle,error]

All returns an iterator. If an error is returned by the iterator, theiterator will stop after that iteration.

func (*KeyHandleIterator)Next ¶added inv1.20.0

func (it *KeyHandleIterator) Next() (*kmspb.KeyHandle,error)

Next returns the next result. Its second return value is iterator.Done if there are no moreresults. Once Next returns Done, all subsequent calls will return Done.

func (*KeyHandleIterator)PageInfo ¶added inv1.20.0

func (it *KeyHandleIterator) PageInfo() *iterator.PageInfo

PageInfo supports pagination. See thegoogle.golang.org/api/iterator package for details.

typeKeyManagementCallOptions ¶

type KeyManagementCallOptions struct {ListKeyRings                  []gax.CallOptionListCryptoKeys                []gax.CallOptionListCryptoKeyVersions         []gax.CallOptionListImportJobs                []gax.CallOptionListRetiredResources          []gax.CallOptionGetKeyRing                    []gax.CallOptionGetCryptoKey                  []gax.CallOptionGetCryptoKeyVersion           []gax.CallOptionGetPublicKey                  []gax.CallOptionGetImportJob                  []gax.CallOptionGetRetiredResource            []gax.CallOptionCreateKeyRing                 []gax.CallOptionCreateCryptoKey               []gax.CallOptionCreateCryptoKeyVersion        []gax.CallOptionDeleteCryptoKey               []gax.CallOptionDeleteCryptoKeyVersion        []gax.CallOptionImportCryptoKeyVersion        []gax.CallOptionCreateImportJob               []gax.CallOptionUpdateCryptoKey               []gax.CallOptionUpdateCryptoKeyVersion        []gax.CallOptionUpdateCryptoKeyPrimaryVersion []gax.CallOptionDestroyCryptoKeyVersion       []gax.CallOptionRestoreCryptoKeyVersion       []gax.CallOptionEncrypt                       []gax.CallOptionDecrypt                       []gax.CallOptionRawEncrypt                    []gax.CallOptionRawDecrypt                    []gax.CallOptionAsymmetricSign                []gax.CallOptionAsymmetricDecrypt             []gax.CallOptionMacSign                       []gax.CallOptionMacVerify                     []gax.CallOptionDecapsulate                   []gax.CallOptionGenerateRandomBytes           []gax.CallOptionGetLocation                   []gax.CallOptionListLocations                 []gax.CallOptionGetIamPolicy                  []gax.CallOptionSetIamPolicy                  []gax.CallOptionTestIamPermissions            []gax.CallOptionGetOperation                  []gax.CallOption}

KeyManagementCallOptions contains the retry settings for each method of KeyManagementClient.

typeKeyManagementClient ¶

type KeyManagementClient struct {// The call options for this service.CallOptions *KeyManagementCallOptions// LROClient is used internally to handle long-running operations.// It is exposed so that its CallOptions can be modified if required.// Users should not Close this client.LROClient *lroauto.OperationsClient// contains filtered or unexported fields}

KeyManagementClient is a client for interacting with Cloud Key Management Service (KMS) API.Methods, except Close, may be called concurrently. However, fields must not be modified concurrently with method calls.

Google Cloud Key Management Service¶

Manages cryptographic keys and operations using those keys. Implements a RESTmodel with the following objects:

KeyRingCryptoKeyCryptoKeyVersionImportJob

If you are using manual gRPC libraries, seeUsing gRPC with Cloud KMS (athttps://cloud.google.com/kms/docs/grpc).

funcNewKeyManagementClient ¶

func NewKeyManagementClient(ctxcontext.Context, opts ...option.ClientOption) (*KeyManagementClient,error)

NewKeyManagementClient creates a new key management service client based on gRPC.The returned client must be Closed when it is done being used to clean up its underlying connections.

Google Cloud Key Management Service¶

Manages cryptographic keys and operations using those keys. Implements a RESTmodel with the following objects:

KeyRingCryptoKeyCryptoKeyVersionImportJob

If you are using manual gRPC libraries, seeUsing gRPC with Cloud KMS (athttps://cloud.google.com/kms/docs/grpc).

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()// TODO: Use client._ = c}

funcNewKeyManagementRESTClient ¶added inv1.8.0

func NewKeyManagementRESTClient(ctxcontext.Context, opts ...option.ClientOption) (*KeyManagementClient,error)

NewKeyManagementRESTClient creates a new key management service rest client.

Google Cloud Key Management Service¶

Manages cryptographic keys and operations using those keys. Implements a RESTmodel with the following objects:

KeyRingCryptoKeyCryptoKeyVersionImportJob

If you are using manual gRPC libraries, seeUsing gRPC with Cloud KMS (athttps://cloud.google.com/kms/docs/grpc).

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementRESTClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()// TODO: Use client._ = c}

func (*KeyManagementClient)AsymmetricDecrypt ¶

func (c *KeyManagementClient) AsymmetricDecrypt(ctxcontext.Context, req *kmspb.AsymmetricDecryptRequest, opts ...gax.CallOption) (*kmspb.AsymmetricDecryptResponse,error)

AsymmetricDecrypt decrypts data that was encrypted with a public key retrieved fromGetPublicKeycorresponding to a CryptoKeyVersionwith CryptoKey.purposeASYMMETRIC_DECRYPT.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.AsymmetricDecryptRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#AsymmetricDecryptRequest.}resp, err := c.AsymmetricDecrypt(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)AsymmetricSign ¶

func (c *KeyManagementClient) AsymmetricSign(ctxcontext.Context, req *kmspb.AsymmetricSignRequest, opts ...gax.CallOption) (*kmspb.AsymmetricSignResponse,error)

AsymmetricSign signs data using a CryptoKeyVersionwith CryptoKey.purposeASYMMETRIC_SIGN, producing a signature that can be verified with the publickey retrieved fromGetPublicKey.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.AsymmetricSignRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#AsymmetricSignRequest.}resp, err := c.AsymmetricSign(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)Close ¶

func (c *KeyManagementClient) Close()error

Close closes the connection to the API service. The user should invoke this whenthe client is no longer required.

func (*KeyManagementClient)Connectiondeprecated

func (c *KeyManagementClient) Connection() *grpc.ClientConn

Connection returns a connection to the API service.

Deprecated: Connections are now pooled so this method does not alwaysreturn the same resource.

func (*KeyManagementClient)CreateCryptoKey ¶

func (c *KeyManagementClient) CreateCryptoKey(ctxcontext.Context, req *kmspb.CreateCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey,error)

CreateCryptoKey create a new CryptoKey within aKeyRing.

CryptoKey.purpose andCryptoKey.version_template.algorithmare required.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.CreateCryptoKeyRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#CreateCryptoKeyRequest.}resp, err := c.CreateCryptoKey(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)CreateCryptoKeyVersion ¶

func (c *KeyManagementClient) CreateCryptoKeyVersion(ctxcontext.Context, req *kmspb.CreateCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion,error)

CreateCryptoKeyVersion create a new CryptoKeyVersion in aCryptoKey.

The server will assign the next sequential id. If unset,state will be set toENABLED.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.CreateCryptoKeyVersionRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#CreateCryptoKeyVersionRequest.}resp, err := c.CreateCryptoKeyVersion(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)CreateImportJob ¶

func (c *KeyManagementClient) CreateImportJob(ctxcontext.Context, req *kmspb.CreateImportJobRequest, opts ...gax.CallOption) (*kmspb.ImportJob,error)

CreateImportJob create a new ImportJob within aKeyRing.

ImportJob.import_method isrequired.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.CreateImportJobRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#CreateImportJobRequest.}resp, err := c.CreateImportJob(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)CreateKeyRing ¶

func (c *KeyManagementClient) CreateKeyRing(ctxcontext.Context, req *kmspb.CreateKeyRingRequest, opts ...gax.CallOption) (*kmspb.KeyRing,error)

CreateKeyRing create a new KeyRing in a given Project andLocation.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.CreateKeyRingRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#CreateKeyRingRequest.}resp, err := c.CreateKeyRing(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)CryptoKeyIAMdeprecated

func (c *KeyManagementClient) CryptoKeyIAM(cryptoKey *kmspb.CryptoKey) *iam.Handle

CryptoKeyIAM returns a handle to inspect and change permissions of a CryptoKey.

Deprecated: Please use ResourceIAM and provide the CryptoKey.Name as input.

func (*KeyManagementClient)Decapsulate ¶added inv1.23.0

func (c *KeyManagementClient) Decapsulate(ctxcontext.Context, req *kmspb.DecapsulateRequest, opts ...gax.CallOption) (*kmspb.DecapsulateResponse,error)

Decapsulate decapsulates data that was encapsulated with a public key retrieved fromGetPublicKeycorresponding to a CryptoKeyVersionwith CryptoKey.purposeKEY_ENCAPSULATION.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.DecapsulateRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#DecapsulateRequest.}resp, err := c.Decapsulate(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)Decrypt ¶

func (c *KeyManagementClient) Decrypt(ctxcontext.Context, req *kmspb.DecryptRequest, opts ...gax.CallOption) (*kmspb.DecryptResponse,error)

Decrypt decrypts data that was protected byEncrypt. TheCryptoKey.purpose must beENCRYPT_DECRYPT.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.DecryptRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#DecryptRequest.}resp, err := c.Decrypt(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)DeleteCryptoKey ¶added inv1.26.0

func (c *KeyManagementClient) DeleteCryptoKey(ctxcontext.Context, req *kmspb.DeleteCryptoKeyRequest, opts ...gax.CallOption) (*DeleteCryptoKeyOperation,error)

DeleteCryptoKey permanently deletes the given CryptoKey.All child CryptoKeyVersions musthave been previously deleted usingKeyManagementService.DeleteCryptoKeyVersion.The specified crypto key will be immediately and permanently deleted uponcalling this method. This action cannot be undone.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.DeleteCryptoKeyRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#DeleteCryptoKeyRequest.}op, err := c.DeleteCryptoKey(ctx, req)if err != nil {// TODO: Handle error.}err = op.Wait(ctx)if err != nil {// TODO: Handle error.}}

func (*KeyManagementClient)DeleteCryptoKeyOperation ¶added inv1.26.0

func (c *KeyManagementClient) DeleteCryptoKeyOperation(namestring) *DeleteCryptoKeyOperation

DeleteCryptoKeyOperation returns a new DeleteCryptoKeyOperation from a given name.The name must be that of a previously created DeleteCryptoKeyOperation, possibly from a different process.

func (*KeyManagementClient)DeleteCryptoKeyVersion ¶added inv1.26.0

func (c *KeyManagementClient) DeleteCryptoKeyVersion(ctxcontext.Context, req *kmspb.DeleteCryptoKeyVersionRequest, opts ...gax.CallOption) (*DeleteCryptoKeyVersionOperation,error)

DeleteCryptoKeyVersion permanently deletes the givenCryptoKeyVersion. Only possible ifthe version has not been previously imported and if itsstate is one ofDESTROYED,IMPORT_FAILED, orGENERATION_FAILED.Successfully importedCryptoKeyVersions cannot be deletedat this time. The specified version will be immediately and permanentlydeleted upon calling this method. This action cannot be undone.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.DeleteCryptoKeyVersionRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#DeleteCryptoKeyVersionRequest.}op, err := c.DeleteCryptoKeyVersion(ctx, req)if err != nil {// TODO: Handle error.}err = op.Wait(ctx)if err != nil {// TODO: Handle error.}}

func (*KeyManagementClient)DeleteCryptoKeyVersionOperation ¶added inv1.26.0

func (c *KeyManagementClient) DeleteCryptoKeyVersionOperation(namestring) *DeleteCryptoKeyVersionOperation

DeleteCryptoKeyVersionOperation returns a new DeleteCryptoKeyVersionOperation from a given name.The name must be that of a previously created DeleteCryptoKeyVersionOperation, possibly from a different process.

func (*KeyManagementClient)DestroyCryptoKeyVersion ¶

func (c *KeyManagementClient) DestroyCryptoKeyVersion(ctxcontext.Context, req *kmspb.DestroyCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion,error)

DestroyCryptoKeyVersion schedule a CryptoKeyVersion fordestruction.

Upon calling this method,CryptoKeyVersion.state willbe set toDESTROY_SCHEDULED,and destroy_time willbe set to the timedestroy_scheduled_durationin the future. At that time, thestate will automaticallychange toDESTROYED,and the key material will be irrevocably destroyed.

Before thedestroy_time isreached,RestoreCryptoKeyVersionmay be called to reverse the process.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.DestroyCryptoKeyVersionRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#DestroyCryptoKeyVersionRequest.}resp, err := c.DestroyCryptoKeyVersion(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)Encrypt ¶

func (c *KeyManagementClient) Encrypt(ctxcontext.Context, req *kmspb.EncryptRequest, opts ...gax.CallOption) (*kmspb.EncryptResponse,error)

Encrypt encrypts data, so that it can only be recovered by a call toDecrypt. TheCryptoKey.purpose must beENCRYPT_DECRYPT.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.EncryptRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#EncryptRequest.}resp, err := c.Encrypt(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)GenerateRandomBytes ¶

func (c *KeyManagementClient) GenerateRandomBytes(ctxcontext.Context, req *kmspb.GenerateRandomBytesRequest, opts ...gax.CallOption) (*kmspb.GenerateRandomBytesResponse,error)

GenerateRandomBytes generate random bytes using the Cloud KMS randomness source in the providedlocation.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.GenerateRandomBytesRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#GenerateRandomBytesRequest.}resp, err := c.GenerateRandomBytes(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)GetCryptoKey ¶

func (c *KeyManagementClient) GetCryptoKey(ctxcontext.Context, req *kmspb.GetCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey,error)

GetCryptoKey returns metadata for a given CryptoKey, aswell as its primaryCryptoKeyVersion.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.GetCryptoKeyRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#GetCryptoKeyRequest.}resp, err := c.GetCryptoKey(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)GetCryptoKeyVersion ¶

func (c *KeyManagementClient) GetCryptoKeyVersion(ctxcontext.Context, req *kmspb.GetCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion,error)

GetCryptoKeyVersion returns metadata for a givenCryptoKeyVersion.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.GetCryptoKeyVersionRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#GetCryptoKeyVersionRequest.}resp, err := c.GetCryptoKeyVersion(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)GetIamPolicy ¶

func (c *KeyManagementClient) GetIamPolicy(ctxcontext.Context, req *iampb.GetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy,error)

GetIamPolicy gets the access control policy for a resource. Returns an empty policyif the resource exists and does not have a policy set.

Example¶

package mainimport ("context"iampb "cloud.google.com/go/iam/apiv1/iampb"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &iampb.GetIamPolicyRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/iam/apiv1/iampb#GetIamPolicyRequest.}resp, err := c.GetIamPolicy(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)GetImportJob ¶

func (c *KeyManagementClient) GetImportJob(ctxcontext.Context, req *kmspb.GetImportJobRequest, opts ...gax.CallOption) (*kmspb.ImportJob,error)

GetImportJob returns metadata for a given ImportJob.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.GetImportJobRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#GetImportJobRequest.}resp, err := c.GetImportJob(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)GetKeyRing ¶

func (c *KeyManagementClient) GetKeyRing(ctxcontext.Context, req *kmspb.GetKeyRingRequest, opts ...gax.CallOption) (*kmspb.KeyRing,error)

GetKeyRing returns metadata for a given KeyRing.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.GetKeyRingRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#GetKeyRingRequest.}resp, err := c.GetKeyRing(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)GetLocation ¶added inv1.5.0

func (c *KeyManagementClient) GetLocation(ctxcontext.Context, req *locationpb.GetLocationRequest, opts ...gax.CallOption) (*locationpb.Location,error)

GetLocation gets information about a location.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"locationpb "google.golang.org/genproto/googleapis/cloud/location")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &locationpb.GetLocationRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/google.golang.org/genproto/googleapis/cloud/location#GetLocationRequest.}resp, err := c.GetLocation(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)GetOperation ¶added inv1.16.0

func (c *KeyManagementClient) GetOperation(ctxcontext.Context, req *longrunningpb.GetOperationRequest, opts ...gax.CallOption) (*longrunningpb.Operation,error)

GetOperation is a utility method from google.longrunning.Operations.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"longrunningpb "cloud.google.com/go/longrunning/autogen/longrunningpb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &longrunningpb.GetOperationRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/longrunning/autogen/longrunningpb#GetOperationRequest.}resp, err := c.GetOperation(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)GetPublicKey ¶

func (c *KeyManagementClient) GetPublicKey(ctxcontext.Context, req *kmspb.GetPublicKeyRequest, opts ...gax.CallOption) (*kmspb.PublicKey,error)

GetPublicKey returns the public key for the givenCryptoKeyVersion. TheCryptoKey.purpose must beASYMMETRIC_SIGNorASYMMETRIC_DECRYPT.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.GetPublicKeyRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#GetPublicKeyRequest.}resp, err := c.GetPublicKey(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)GetRetiredResource ¶added inv1.26.0

func (c *KeyManagementClient) GetRetiredResource(ctxcontext.Context, req *kmspb.GetRetiredResourceRequest, opts ...gax.CallOption) (*kmspb.RetiredResource,error)

GetRetiredResource retrieves a specific RetiredResourceresource, which represents the record of a deletedCryptoKey.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.GetRetiredResourceRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#GetRetiredResourceRequest.}resp, err := c.GetRetiredResource(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)ImportCryptoKeyVersion ¶

func (c *KeyManagementClient) ImportCryptoKeyVersion(ctxcontext.Context, req *kmspb.ImportCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion,error)

ImportCryptoKeyVersion import wrapped key material into aCryptoKeyVersion.

All requests must specify a CryptoKey. Ifa CryptoKeyVersion is additionallyspecified in the request, key material will be reimported into thatversion. Otherwise, a new version will be created, and will be assigned thenext sequential id within the CryptoKey.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.ImportCryptoKeyVersionRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#ImportCryptoKeyVersionRequest.}resp, err := c.ImportCryptoKeyVersion(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)KeyRingIAMdeprecated

func (c *KeyManagementClient) KeyRingIAM(keyRing *kmspb.KeyRing) *iam.Handle

KeyRingIAM returns a handle to inspect and change permissions of a KeyRing.

Deprecated: Please use ResourceIAM and provide the KeyRing.Name as input.

func (*KeyManagementClient)ListCryptoKeyVersions ¶

func (c *KeyManagementClient) ListCryptoKeyVersions(ctxcontext.Context, req *kmspb.ListCryptoKeyVersionsRequest, opts ...gax.CallOption) *CryptoKeyVersionIterator

ListCryptoKeyVersions lists CryptoKeyVersions.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb""google.golang.org/api/iterator")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.ListCryptoKeyVersionsRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#ListCryptoKeyVersionsRequest.}it := c.ListCryptoKeyVersions(ctx, req)for {resp, err := it.Next()if err == iterator.Done {break}if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp// If you need to access the underlying RPC response,// you can do so by casting the `Response` as below.// Otherwise, remove this line. Only populated after// first call to Next(). Not safe for concurrent access._ = it.Response.(*kmspb.ListCryptoKeyVersionsResponse)}}

Example (All)¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.ListCryptoKeyVersionsRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#ListCryptoKeyVersionsRequest.}for resp, err := range c.ListCryptoKeyVersions(ctx, req).All() {if err != nil {// TODO: Handle error and break/return/continue. Iteration will stop after any error.}// TODO: Use resp._ = resp}}

func (*KeyManagementClient)ListCryptoKeys ¶

func (c *KeyManagementClient) ListCryptoKeys(ctxcontext.Context, req *kmspb.ListCryptoKeysRequest, opts ...gax.CallOption) *CryptoKeyIterator

ListCryptoKeys lists CryptoKeys.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb""google.golang.org/api/iterator")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.ListCryptoKeysRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#ListCryptoKeysRequest.}it := c.ListCryptoKeys(ctx, req)for {resp, err := it.Next()if err == iterator.Done {break}if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp// If you need to access the underlying RPC response,// you can do so by casting the `Response` as below.// Otherwise, remove this line. Only populated after// first call to Next(). Not safe for concurrent access._ = it.Response.(*kmspb.ListCryptoKeysResponse)}}

Example (All)¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.ListCryptoKeysRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#ListCryptoKeysRequest.}for resp, err := range c.ListCryptoKeys(ctx, req).All() {if err != nil {// TODO: Handle error and break/return/continue. Iteration will stop after any error.}// TODO: Use resp._ = resp}}

func (*KeyManagementClient)ListImportJobs ¶

func (c *KeyManagementClient) ListImportJobs(ctxcontext.Context, req *kmspb.ListImportJobsRequest, opts ...gax.CallOption) *ImportJobIterator

ListImportJobs lists ImportJobs.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb""google.golang.org/api/iterator")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.ListImportJobsRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#ListImportJobsRequest.}it := c.ListImportJobs(ctx, req)for {resp, err := it.Next()if err == iterator.Done {break}if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp// If you need to access the underlying RPC response,// you can do so by casting the `Response` as below.// Otherwise, remove this line. Only populated after// first call to Next(). Not safe for concurrent access._ = it.Response.(*kmspb.ListImportJobsResponse)}}

Example (All)¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.ListImportJobsRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#ListImportJobsRequest.}for resp, err := range c.ListImportJobs(ctx, req).All() {if err != nil {// TODO: Handle error and break/return/continue. Iteration will stop after any error.}// TODO: Use resp._ = resp}}

func (*KeyManagementClient)ListKeyRings ¶

func (c *KeyManagementClient) ListKeyRings(ctxcontext.Context, req *kmspb.ListKeyRingsRequest, opts ...gax.CallOption) *KeyRingIterator

ListKeyRings lists KeyRings.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb""google.golang.org/api/iterator")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.ListKeyRingsRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#ListKeyRingsRequest.}it := c.ListKeyRings(ctx, req)for {resp, err := it.Next()if err == iterator.Done {break}if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp// If you need to access the underlying RPC response,// you can do so by casting the `Response` as below.// Otherwise, remove this line. Only populated after// first call to Next(). Not safe for concurrent access._ = it.Response.(*kmspb.ListKeyRingsResponse)}}

Example (All)¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.ListKeyRingsRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#ListKeyRingsRequest.}for resp, err := range c.ListKeyRings(ctx, req).All() {if err != nil {// TODO: Handle error and break/return/continue. Iteration will stop after any error.}// TODO: Use resp._ = resp}}

func (*KeyManagementClient)ListLocations ¶added inv1.5.0

func (c *KeyManagementClient) ListLocations(ctxcontext.Context, req *locationpb.ListLocationsRequest, opts ...gax.CallOption) *LocationIterator

ListLocations lists information about the supported locations for this service.This method can be called in two ways:

List all public locations: Use the path GET /v1/locations.List project-visible locations: Use the pathGET /v1/projects/{project_id}/locations. This may include publiclocations as well as private or other locations specifically visibleto the project.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1""google.golang.org/api/iterator"locationpb "google.golang.org/genproto/googleapis/cloud/location")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &locationpb.ListLocationsRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/google.golang.org/genproto/googleapis/cloud/location#ListLocationsRequest.}it := c.ListLocations(ctx, req)for {resp, err := it.Next()if err == iterator.Done {break}if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp// If you need to access the underlying RPC response,// you can do so by casting the `Response` as below.// Otherwise, remove this line. Only populated after// first call to Next(). Not safe for concurrent access._ = it.Response.(*locationpb.ListLocationsResponse)}}

Example (All)¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"locationpb "google.golang.org/genproto/googleapis/cloud/location")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &locationpb.ListLocationsRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/google.golang.org/genproto/googleapis/cloud/location#ListLocationsRequest.}for resp, err := range c.ListLocations(ctx, req).All() {if err != nil {// TODO: Handle error and break/return/continue. Iteration will stop after any error.}// TODO: Use resp._ = resp}}

func (*KeyManagementClient)ListRetiredResources ¶added inv1.26.0

func (c *KeyManagementClient) ListRetiredResources(ctxcontext.Context, req *kmspb.ListRetiredResourcesRequest, opts ...gax.CallOption) *RetiredResourceIterator

ListRetiredResources lists the RetiredResources which arethe records of deleted CryptoKeys.RetiredResources prevent the reuse of these resource names after deletion.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb""google.golang.org/api/iterator")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.ListRetiredResourcesRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#ListRetiredResourcesRequest.}it := c.ListRetiredResources(ctx, req)for {resp, err := it.Next()if err == iterator.Done {break}if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp// If you need to access the underlying RPC response,// you can do so by casting the `Response` as below.// Otherwise, remove this line. Only populated after// first call to Next(). Not safe for concurrent access._ = it.Response.(*kmspb.ListRetiredResourcesResponse)}}

Example (All)¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.ListRetiredResourcesRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#ListRetiredResourcesRequest.}for resp, err := range c.ListRetiredResources(ctx, req).All() {if err != nil {// TODO: Handle error and break/return/continue. Iteration will stop after any error.}// TODO: Use resp._ = resp}}

func (*KeyManagementClient)MacSign ¶

func (c *KeyManagementClient) MacSign(ctxcontext.Context, req *kmspb.MacSignRequest, opts ...gax.CallOption) (*kmspb.MacSignResponse,error)

MacSign signs data using a CryptoKeyVersionwith CryptoKey.purpose MAC,producing a tag that can be verified by another source with the same key.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.MacSignRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#MacSignRequest.}resp, err := c.MacSign(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)MacVerify ¶

func (c *KeyManagementClient) MacVerify(ctxcontext.Context, req *kmspb.MacVerifyRequest, opts ...gax.CallOption) (*kmspb.MacVerifyResponse,error)

MacVerify verifies MAC tag using aCryptoKeyVersion withCryptoKey.purpose MAC, and returnsa response that indicates whether or not the verification was successful.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.MacVerifyRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#MacVerifyRequest.}resp, err := c.MacVerify(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)RawDecrypt ¶added inv1.13.0

func (c *KeyManagementClient) RawDecrypt(ctxcontext.Context, req *kmspb.RawDecryptRequest, opts ...gax.CallOption) (*kmspb.RawDecryptResponse,error)

RawDecrypt decrypts data that was originally encrypted using a raw cryptographicmechanism. The CryptoKey.purposemust beRAW_ENCRYPT_DECRYPT.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.RawDecryptRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#RawDecryptRequest.}resp, err := c.RawDecrypt(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)RawEncrypt ¶added inv1.13.0

func (c *KeyManagementClient) RawEncrypt(ctxcontext.Context, req *kmspb.RawEncryptRequest, opts ...gax.CallOption) (*kmspb.RawEncryptResponse,error)

RawEncrypt encrypts data using portable cryptographic primitives. Most users shouldchoose Encrypt andDecrypt rather thantheir raw counterparts. TheCryptoKey.purpose must beRAW_ENCRYPT_DECRYPT.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.RawEncryptRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#RawEncryptRequest.}resp, err := c.RawEncrypt(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)ResourceIAM ¶

func (c *KeyManagementClient) ResourceIAM(resourcePathstring) *iam.Handle

ResourceIAM returns a handle to inspect and change permissions of the resourceindicated by the given resource path.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()c, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}// TODO: fill in key ring resource pathkeyRing := "projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEY_RING]"handle := c.ResourceIAM(keyRing)policy, err := handle.Policy(ctx)if err != nil {// TODO: Handle error.}// TODO: Use policy._ = policy}

func (*KeyManagementClient)RestoreCryptoKeyVersion ¶

func (c *KeyManagementClient) RestoreCryptoKeyVersion(ctxcontext.Context, req *kmspb.RestoreCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion,error)

RestoreCryptoKeyVersion restore a CryptoKeyVersion in theDESTROY_SCHEDULEDstate.

Upon restoration of the CryptoKeyVersion,state will be set toDISABLED,and destroy_time willbe cleared.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.RestoreCryptoKeyVersionRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#RestoreCryptoKeyVersionRequest.}resp, err := c.RestoreCryptoKeyVersion(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)SetIamPolicy ¶

func (c *KeyManagementClient) SetIamPolicy(ctxcontext.Context, req *iampb.SetIamPolicyRequest, opts ...gax.CallOption) (*iampb.Policy,error)

SetIamPolicy sets the access control policy on the specified resource. Replacesany existing policy.

Can return NOT_FOUND, INVALID_ARGUMENT, and PERMISSION_DENIEDerrors.

Example¶

package mainimport ("context"iampb "cloud.google.com/go/iam/apiv1/iampb"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &iampb.SetIamPolicyRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/iam/apiv1/iampb#SetIamPolicyRequest.}resp, err := c.SetIamPolicy(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)TestIamPermissions ¶

func (c *KeyManagementClient) TestIamPermissions(ctxcontext.Context, req *iampb.TestIamPermissionsRequest, opts ...gax.CallOption) (*iampb.TestIamPermissionsResponse,error)

TestIamPermissions returns permissions that a caller has on the specified resource. If theresource does not exist, this will return an empty set ofpermissions, not a NOT_FOUND error.

Note: This operation is designed to be used for buildingpermission-aware UIs and command-line tools, not for authorizationchecking. This operation may “fail open” without warning.

Example¶

package mainimport ("context"iampb "cloud.google.com/go/iam/apiv1/iampb"kms "cloud.google.com/go/kms/apiv1")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &iampb.TestIamPermissionsRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/iam/apiv1/iampb#TestIamPermissionsRequest.}resp, err := c.TestIamPermissions(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)UpdateCryptoKey ¶

func (c *KeyManagementClient) UpdateCryptoKey(ctxcontext.Context, req *kmspb.UpdateCryptoKeyRequest, opts ...gax.CallOption) (*kmspb.CryptoKey,error)

UpdateCryptoKey update a CryptoKey.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.UpdateCryptoKeyRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#UpdateCryptoKeyRequest.}resp, err := c.UpdateCryptoKey(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)UpdateCryptoKeyPrimaryVersion ¶

func (c *KeyManagementClient) UpdateCryptoKeyPrimaryVersion(ctxcontext.Context, req *kmspb.UpdateCryptoKeyPrimaryVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKey,error)

UpdateCryptoKeyPrimaryVersion update the version of a CryptoKey thatwill be used inEncrypt.

Returns an error if called on a key whose purpose is notENCRYPT_DECRYPT.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.UpdateCryptoKeyPrimaryVersionRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#UpdateCryptoKeyPrimaryVersionRequest.}resp, err := c.UpdateCryptoKeyPrimaryVersion(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

func (*KeyManagementClient)UpdateCryptoKeyVersion ¶

func (c *KeyManagementClient) UpdateCryptoKeyVersion(ctxcontext.Context, req *kmspb.UpdateCryptoKeyVersionRequest, opts ...gax.CallOption) (*kmspb.CryptoKeyVersion,error)

UpdateCryptoKeyVersion update a CryptoKeyVersion'smetadata.

state may be changed betweenENABLEDandDISABLEDusing this method. SeeDestroyCryptoKeyVersionandRestoreCryptoKeyVersionto move between other states.

Example¶

package mainimport ("context"kms "cloud.google.com/go/kms/apiv1"kmspb "cloud.google.com/go/kms/apiv1/kmspb")func main() {ctx := context.Background()// This snippet has been automatically generated and should be regarded as a code template only.// It will require modifications to work:// - It may require correct/in-range values for request initialization.// - It may require specifying regional endpoints when creating the service client as shown in://   https://pkg.go.dev/cloud.google.com/go#hdr-Client_Optionsc, err := kms.NewKeyManagementClient(ctx)if err != nil {// TODO: Handle error.}defer c.Close()req := &kmspb.UpdateCryptoKeyVersionRequest{// TODO: Fill request struct fields.// See https://pkg.go.dev/cloud.google.com/go/kms/apiv1/kmspb#UpdateCryptoKeyVersionRequest.}resp, err := c.UpdateCryptoKeyVersion(ctx, req)if err != nil {// TODO: Handle error.}// TODO: Use resp._ = resp}

typeKeyRingIterator ¶

type KeyRingIterator struct {// Response is the raw response for the current page.// It must be cast to the RPC response type.// Calling Next() or InternalFetch() updates this value.Response interface{}// InternalFetch is for use by the Google Cloud Libraries only.// It is not part of the stable interface of this package.//// InternalFetch returns results from a single call to the underlying RPC.// The number of results is no greater than pageSize.// If there are no more results, nextPageToken is empty and err is nil.InternalFetch func(pageSizeint, pageTokenstring) (results []*kmspb.KeyRing, nextPageTokenstring, errerror)// contains filtered or unexported fields}

KeyRingIterator manages a stream of *kmspb.KeyRing.

func (*KeyRingIterator)All ¶added inv1.19.1

func (it *KeyRingIterator) All()iter.Seq2[*kmspb.KeyRing,error]

All returns an iterator. If an error is returned by the iterator, theiterator will stop after that iteration.

func (*KeyRingIterator)Next ¶

func (it *KeyRingIterator) Next() (*kmspb.KeyRing,error)

Next returns the next result. Its second return value is iterator.Done if there are no moreresults. Once Next returns Done, all subsequent calls will return Done.

func (*KeyRingIterator)PageInfo ¶

func (it *KeyRingIterator) PageInfo() *iterator.PageInfo

PageInfo supports pagination. See thegoogle.golang.org/api/iterator package for details.

typeLocationIterator ¶added inv1.5.0

type LocationIterator struct {// Response is the raw response for the current page.// It must be cast to the RPC response type.// Calling Next() or InternalFetch() updates this value.Response interface{}// InternalFetch is for use by the Google Cloud Libraries only.// It is not part of the stable interface of this package.//// InternalFetch returns results from a single call to the underlying RPC.// The number of results is no greater than pageSize.// If there are no more results, nextPageToken is empty and err is nil.InternalFetch func(pageSizeint, pageTokenstring) (results []*locationpb.Location, nextPageTokenstring, errerror)// contains filtered or unexported fields}

LocationIterator manages a stream of *locationpb.Location.

func (*LocationIterator)All ¶added inv1.19.1

func (it *LocationIterator) All()iter.Seq2[*locationpb.Location,error]

All returns an iterator. If an error is returned by the iterator, theiterator will stop after that iteration.

func (*LocationIterator)Next ¶added inv1.5.0

func (it *LocationIterator) Next() (*locationpb.Location,error)

Next returns the next result. Its second return value is iterator.Done if there are no moreresults. Once Next returns Done, all subsequent calls will return Done.

func (*LocationIterator)PageInfo ¶added inv1.5.0

func (it *LocationIterator) PageInfo() *iterator.PageInfo

PageInfo supports pagination. See thegoogle.golang.org/api/iterator package for details.

typeRetiredResourceIterator ¶added inv1.26.0

type RetiredResourceIterator struct {// Response is the raw response for the current page.// It must be cast to the RPC response type.// Calling Next() or InternalFetch() updates this value.Response interface{}// InternalFetch is for use by the Google Cloud Libraries only.// It is not part of the stable interface of this package.//// InternalFetch returns results from a single call to the underlying RPC.// The number of results is no greater than pageSize.// If there are no more results, nextPageToken is empty and err is nil.InternalFetch func(pageSizeint, pageTokenstring) (results []*kmspb.RetiredResource, nextPageTokenstring, errerror)// contains filtered or unexported fields}

RetiredResourceIterator manages a stream of *kmspb.RetiredResource.

func (*RetiredResourceIterator)All ¶added inv1.26.0

func (it *RetiredResourceIterator) All()iter.Seq2[*kmspb.RetiredResource,error]

All returns an iterator. If an error is returned by the iterator, theiterator will stop after that iteration.

func (*RetiredResourceIterator)Next ¶added inv1.26.0

func (it *RetiredResourceIterator) Next() (*kmspb.RetiredResource,error)

Next returns the next result. Its second return value is iterator.Done if there are no moreresults. Once Next returns Done, all subsequent calls will return Done.

func (*RetiredResourceIterator)PageInfo ¶added inv1.26.0

func (it *RetiredResourceIterator) PageInfo() *iterator.PageInfo

PageInfo supports pagination. See thegoogle.golang.org/api/iterator package for details.

typeSingleTenantHsmInstanceIterator ¶added inv1.25.0

type SingleTenantHsmInstanceIterator struct {// Response is the raw response for the current page.// It must be cast to the RPC response type.// Calling Next() or InternalFetch() updates this value.Response interface{}// InternalFetch is for use by the Google Cloud Libraries only.// It is not part of the stable interface of this package.//// InternalFetch returns results from a single call to the underlying RPC.// The number of results is no greater than pageSize.// If there are no more results, nextPageToken is empty and err is nil.InternalFetch func(pageSizeint, pageTokenstring) (results []*kmspb.SingleTenantHsmInstance, nextPageTokenstring, errerror)// contains filtered or unexported fields}

SingleTenantHsmInstanceIterator manages a stream of *kmspb.SingleTenantHsmInstance.

func (*SingleTenantHsmInstanceIterator)All ¶added inv1.25.0

func (it *SingleTenantHsmInstanceIterator) All()iter.Seq2[*kmspb.SingleTenantHsmInstance,error]

All returns an iterator. If an error is returned by the iterator, theiterator will stop after that iteration.

func (*SingleTenantHsmInstanceIterator)Next ¶added inv1.25.0

func (it *SingleTenantHsmInstanceIterator) Next() (*kmspb.SingleTenantHsmInstance,error)

Next returns the next result. Its second return value is iterator.Done if there are no moreresults. Once Next returns Done, all subsequent calls will return Done.

func (*SingleTenantHsmInstanceIterator)PageInfo ¶added inv1.25.0

func (it *SingleTenantHsmInstanceIterator) PageInfo() *iterator.PageInfo

PageInfo supports pagination. See thegoogle.golang.org/api/iterator package for details.

typeSingleTenantHsmInstanceProposalIterator ¶added inv1.25.0

type SingleTenantHsmInstanceProposalIterator struct {// Response is the raw response for the current page.// It must be cast to the RPC response type.// Calling Next() or InternalFetch() updates this value.Response interface{}// InternalFetch is for use by the Google Cloud Libraries only.// It is not part of the stable interface of this package.//// InternalFetch returns results from a single call to the underlying RPC.// The number of results is no greater than pageSize.// If there are no more results, nextPageToken is empty and err is nil.InternalFetch func(pageSizeint, pageTokenstring) (results []*kmspb.SingleTenantHsmInstanceProposal, nextPageTokenstring, errerror)// contains filtered or unexported fields}

SingleTenantHsmInstanceProposalIterator manages a stream of *kmspb.SingleTenantHsmInstanceProposal.

func (*SingleTenantHsmInstanceProposalIterator)All ¶added inv1.25.0

func (it *SingleTenantHsmInstanceProposalIterator) All()iter.Seq2[*kmspb.SingleTenantHsmInstanceProposal,error]

All returns an iterator. If an error is returned by the iterator, theiterator will stop after that iteration.

func (*SingleTenantHsmInstanceProposalIterator)Next ¶added inv1.25.0

func (it *SingleTenantHsmInstanceProposalIterator) Next() (*kmspb.SingleTenantHsmInstanceProposal,error)

Next returns the next result. Its second return value is iterator.Done if there are no moreresults. Once Next returns Done, all subsequent calls will return Done.

func (*SingleTenantHsmInstanceProposalIterator)PageInfo ¶added inv1.25.0

func (it *SingleTenantHsmInstanceProposalIterator) PageInfo() *iterator.PageInfo

PageInfo supports pagination. See thegoogle.golang.org/api/iterator package for details.

Source Files¶

View all Source files

Directories¶

Path	Synopsis
kmspb

?	: This menu
/	: Search site
f orF	: Jump to
y orY	: Canonical URL

Movatterモバイル変換

Details

Repository

Links

Documentation¶

Overview¶

General documentation¶

Example usage¶

Using the Client¶

Use of Context¶

Index¶

Examples¶

Constants¶

Variables¶

Functions¶

funcDefaultAuthScopes¶

Types¶

typeAutokeyAdminCallOptions¶added inv1.17.0

typeAutokeyAdminClient¶added inv1.17.0

funcNewAutokeyAdminClient¶added inv1.17.0

funcNewAutokeyAdminRESTClient¶added inv1.17.0

func (*AutokeyAdminClient)Close¶added inv1.17.0

func (*AutokeyAdminClient)Connectiondeprecatedadded inv1.17.0

func (*AutokeyAdminClient)GetAutokeyConfig¶added inv1.17.0

func (*AutokeyAdminClient)GetIamPolicy¶added inv1.17.0

func (*AutokeyAdminClient)GetLocation¶added inv1.17.0

func (*AutokeyAdminClient)GetOperation¶added inv1.17.0

func (*AutokeyAdminClient)ListLocations¶added inv1.17.0

func (*AutokeyAdminClient)SetIamPolicy¶added inv1.17.0

func (*AutokeyAdminClient)ShowEffectiveAutokeyConfig¶added inv1.17.0

func (*AutokeyAdminClient)TestIamPermissions¶added inv1.17.0

func (*AutokeyAdminClient)UpdateAutokeyConfig¶added inv1.17.0

typeAutokeyCallOptions¶added inv1.17.0

typeAutokeyClient¶added inv1.17.0

funcNewAutokeyClient¶added inv1.17.0

funcNewAutokeyRESTClient¶added inv1.17.0

func (*AutokeyClient)Close¶added inv1.17.0

func (*AutokeyClient)Connectiondeprecatedadded inv1.17.0

func (*AutokeyClient)CreateKeyHandle¶added inv1.17.0

func (*AutokeyClient)CreateKeyHandleOperation¶added inv1.17.0

func (*AutokeyClient)GetIamPolicy¶added inv1.17.0

func (*AutokeyClient)GetKeyHandle¶added inv1.17.0

func (*AutokeyClient)GetLocation¶added inv1.17.0

func (*AutokeyClient)GetOperation¶added inv1.17.0

func (*AutokeyClient)ListKeyHandles¶added inv1.17.0

func (*AutokeyClient)ListLocations¶added inv1.17.0

func (*AutokeyClient)SetIamPolicy¶added inv1.17.0

func (*AutokeyClient)TestIamPermissions¶added inv1.17.0

typeCreateKeyHandleOperation¶added inv1.17.0

func (*CreateKeyHandleOperation)Done¶added inv1.17.0

func (*CreateKeyHandleOperation)Metadata¶added inv1.17.0

func (*CreateKeyHandleOperation)Name¶added inv1.17.0

func (*CreateKeyHandleOperation)Poll¶added inv1.17.0

func (*CreateKeyHandleOperation)Wait¶added inv1.17.0

typeCreateSingleTenantHsmInstanceOperation¶added inv1.25.0

func (*CreateSingleTenantHsmInstanceOperation)Done¶added inv1.25.0

func (*CreateSingleTenantHsmInstanceOperation)Metadata¶added inv1.25.0

func (*CreateSingleTenantHsmInstanceOperation)Name¶added inv1.25.0

func (*CreateSingleTenantHsmInstanceOperation)Poll¶added inv1.25.0

func (*CreateSingleTenantHsmInstanceOperation)Wait¶added inv1.25.0

typeCreateSingleTenantHsmInstanceProposalOperation¶added inv1.25.0

func (*CreateSingleTenantHsmInstanceProposalOperation)Done¶added inv1.25.0

func (*CreateSingleTenantHsmInstanceProposalOperation)Metadata¶added inv1.25.0

func (*CreateSingleTenantHsmInstanceProposalOperation)Name¶added inv1.25.0

func (*CreateSingleTenantHsmInstanceProposalOperation)Poll¶added inv1.25.0

func (*CreateSingleTenantHsmInstanceProposalOperation)Wait¶added inv1.25.0

typeCryptoKeyIterator¶

func (*CryptoKeyIterator)All¶added inv1.19.1

func (*CryptoKeyIterator)Next¶

func (*CryptoKeyIterator)PageInfo¶

typeCryptoKeyVersionIterator¶

func (*CryptoKeyVersionIterator)All¶added inv1.19.1

func (*CryptoKeyVersionIterator)Next¶

func (*CryptoKeyVersionIterator)PageInfo¶

typeDeleteCryptoKeyOperation¶added inv1.26.0

func (*DeleteCryptoKeyOperation)Done¶added inv1.26.0

func (*DeleteCryptoKeyOperation)Metadata¶added inv1.26.0

func (*DeleteCryptoKeyOperation)Name¶added inv1.26.0

func (*DeleteCryptoKeyOperation)Poll¶added inv1.26.0

func (*DeleteCryptoKeyOperation)Wait¶added inv1.26.0

Documentation ¶

funcDefaultAuthScopes ¶

typeAutokeyAdminCallOptions ¶added inv1.17.0

typeAutokeyAdminClient ¶added inv1.17.0

funcNewAutokeyAdminClient ¶added inv1.17.0

funcNewAutokeyAdminRESTClient ¶added inv1.17.0

func (*AutokeyAdminClient)Close ¶added inv1.17.0

func (*AutokeyAdminClient)GetAutokeyConfig ¶added inv1.17.0

func (*AutokeyAdminClient)GetIamPolicy ¶added inv1.17.0

func (*AutokeyAdminClient)GetLocation ¶added inv1.17.0

func (*AutokeyAdminClient)GetOperation ¶added inv1.17.0

func (*AutokeyAdminClient)ListLocations ¶added inv1.17.0

func (*AutokeyAdminClient)SetIamPolicy ¶added inv1.17.0

func (*AutokeyAdminClient)ShowEffectiveAutokeyConfig ¶added inv1.17.0

func (*AutokeyAdminClient)TestIamPermissions ¶added inv1.17.0

func (*AutokeyAdminClient)UpdateAutokeyConfig ¶added inv1.17.0

typeAutokeyCallOptions ¶added inv1.17.0

typeAutokeyClient ¶added inv1.17.0

funcNewAutokeyClient ¶added inv1.17.0

funcNewAutokeyRESTClient ¶added inv1.17.0

func (*AutokeyClient)Close ¶added inv1.17.0

func (*AutokeyClient)CreateKeyHandle ¶added inv1.17.0

func (*AutokeyClient)CreateKeyHandleOperation ¶added inv1.17.0

func (*AutokeyClient)GetIamPolicy ¶added inv1.17.0

func (*AutokeyClient)GetKeyHandle ¶added inv1.17.0

func (*AutokeyClient)GetLocation ¶added inv1.17.0

func (*AutokeyClient)GetOperation ¶added inv1.17.0

func (*AutokeyClient)ListKeyHandles ¶added inv1.17.0

func (*AutokeyClient)ListLocations ¶added inv1.17.0

func (*AutokeyClient)SetIamPolicy ¶added inv1.17.0

func (*AutokeyClient)TestIamPermissions ¶added inv1.17.0

typeCreateKeyHandleOperation ¶added inv1.17.0

func (*CreateKeyHandleOperation)Done ¶added inv1.17.0

func (*CreateKeyHandleOperation)Metadata ¶added inv1.17.0

func (*CreateKeyHandleOperation)Name ¶added inv1.17.0

func (*CreateKeyHandleOperation)Poll ¶added inv1.17.0

func (*CreateKeyHandleOperation)Wait ¶added inv1.17.0

typeCreateSingleTenantHsmInstanceOperation ¶added inv1.25.0

func (*CreateSingleTenantHsmInstanceOperation)Done ¶added inv1.25.0

func (*CreateSingleTenantHsmInstanceOperation)Metadata ¶added inv1.25.0

func (*CreateSingleTenantHsmInstanceOperation)Name ¶added inv1.25.0

func (*CreateSingleTenantHsmInstanceOperation)Poll ¶added inv1.25.0

func (*CreateSingleTenantHsmInstanceOperation)Wait ¶added inv1.25.0

typeCreateSingleTenantHsmInstanceProposalOperation ¶added inv1.25.0

func (*CreateSingleTenantHsmInstanceProposalOperation)Done ¶added inv1.25.0

func (*CreateSingleTenantHsmInstanceProposalOperation)Metadata ¶added inv1.25.0

func (*CreateSingleTenantHsmInstanceProposalOperation)Name ¶added inv1.25.0

func (*CreateSingleTenantHsmInstanceProposalOperation)Poll ¶added inv1.25.0

func (*CreateSingleTenantHsmInstanceProposalOperation)Wait ¶added inv1.25.0

typeCryptoKeyIterator ¶

func (*CryptoKeyIterator)All ¶added inv1.19.1

func (*CryptoKeyIterator)Next ¶

func (*CryptoKeyIterator)PageInfo ¶

typeCryptoKeyVersionIterator ¶

func (*CryptoKeyVersionIterator)All ¶added inv1.19.1

func (*CryptoKeyVersionIterator)Next ¶

func (*CryptoKeyVersionIterator)PageInfo ¶

typeDeleteCryptoKeyOperation ¶added inv1.26.0

func (*DeleteCryptoKeyOperation)Done ¶added inv1.26.0

func (*DeleteCryptoKeyOperation)Metadata ¶added inv1.26.0

func (*DeleteCryptoKeyOperation)Name ¶added inv1.26.0

func (*DeleteCryptoKeyOperation)Poll ¶added inv1.26.0

func (*DeleteCryptoKeyOperation)Wait ¶added inv1.26.0

typeDeleteCryptoKeyVersionOperation ¶added inv1.26.0

func (*DeleteCryptoKeyVersionOperation)Done ¶added inv1.26.0

func (*DeleteCryptoKeyVersionOperation)Metadata ¶added inv1.26.0

func (*DeleteCryptoKeyVersionOperation)Name ¶added inv1.26.0

func (*DeleteCryptoKeyVersionOperation)Poll ¶added inv1.26.0

func (*DeleteCryptoKeyVersionOperation)Wait ¶added inv1.26.0

typeEkmCallOptions ¶added inv1.2.0

typeEkmClient ¶added inv1.2.0

funcNewEkmClient ¶added inv1.2.0

funcNewEkmRESTClient ¶added inv1.8.0

func (*EkmClient)Close ¶added inv1.2.0

func (*EkmClient)CreateEkmConnection ¶added inv1.2.0

func (*EkmClient)GetEkmConfig ¶added inv1.10.0

func (*EkmClient)GetEkmConnection ¶added inv1.2.0

func (*EkmClient)GetIamPolicy ¶added inv1.2.0

func (*EkmClient)GetLocation ¶added inv1.5.0

func (*EkmClient)GetOperation ¶added inv1.16.0