blob: 262c6833e31f6a315e5a28bd6efd2f269d3bcb2b (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
syntax = "proto3";
package yandex.cloud.kms.v1;
import "google/protobuf/timestamp.proto";
import "google/protobuf/duration.proto";
option go_package = "github.com/yandex-cloud/go-genproto/yandex/cloud/kms/v1;kms";
option java_package = "yandex.cloud.api.kms.v1";
// Supported symmetric encryption algorithms.
enum SymmetricAlgorithm {
SYMMETRIC_ALGORITHM_UNSPECIFIED = 0;
// AES algorithm with 128-bit keys.
AES_128 = 1;
// AES algorithm with 192-bit keys.
AES_192 = 2;
// AES algorithm with 256-bit keys.
AES_256 = 3;
// AES algorithm with 256-bit keys hosted by HSM
AES_256_HSM = 4;
}
// A symmetric KMS key that may contain several versions of the cryptographic material.
message SymmetricKey {
enum Status {
STATUS_UNSPECIFIED = 0;
// The key is being created.
CREATING = 1;
// The key is active and can be used for encryption and decryption.
// Can be set to INACTIVE using the [SymmetricKeyService.Update] method.
ACTIVE = 2;
// The key is inactive and unusable.
// Can be set to ACTIVE using the [SymmetricKeyService.Update] method.
INACTIVE = 3;
}
// ID of the key.
string id = 1;
// ID of the folder that the key belongs to.
string folder_id = 2;
// Time when the key was created.
google.protobuf.Timestamp created_at = 3;
// Name of the key.
string name = 4;
// Description of the key.
string description = 5;
// Custom labels for the key as `key:value` pairs. Maximum 64 per key.
map<string, string> labels = 6;
// Current status of the key.
Status status = 7;
// Primary version of the key, used as the default for all encrypt/decrypt operations,
// when no version ID is specified.
SymmetricKeyVersion primary_version = 8;
// Default encryption algorithm to be used with new versions of the key.
SymmetricAlgorithm default_algorithm = 9;
// Time of the last key rotation (time when the last version was created).
// Empty if the key does not have versions yet.
google.protobuf.Timestamp rotated_at = 10;
// Time period between automatic key rotations.
google.protobuf.Duration rotation_period = 11;
// Flag that inhibits deletion of the key
bool deletion_protection = 12;
}
// Symmetric KMS key version: metadata about actual cryptographic data.
message SymmetricKeyVersion {
// Possible version status.
enum Status {
STATUS_UNSPECIFIED = 0;
// The version is active and can be used for encryption and decryption.
ACTIVE = 1;
// The version is scheduled for destruction, the time when it will be destroyed
// is specified in the [SymmetricKeyVersion.destroy_at] field.
SCHEDULED_FOR_DESTRUCTION = 2;
// The version is destroyed and cannot be recovered.
DESTROYED = 3;
}
// ID of the key version.
string id = 1;
// ID of the symmetric KMS key that the version belongs to.
string key_id = 2;
// Status of the key version.
Status status = 3;
// Encryption algorithm that should be used when using the key version to encrypt plaintext.
SymmetricAlgorithm algorithm = 4;
// Time when the key version was created.
google.protobuf.Timestamp created_at = 5;
// Indication of a primary version, that is to be used by default for all cryptographic
// operations that don't have a key version explicitly specified.
bool primary = 6;
// Time when the key version is going to be destroyed. Empty unless the status
// is `SCHEDULED_FOR_DESTRUCTION`.
google.protobuf.Timestamp destroy_at = 7;
// Indication of the version that is hosted by HSM.
bool hosted_by_hsm = 8;
}
|
