type: google.api.Service config_version: 3 name: cloudkms.googleapis.com title: Cloud Key Management Service (KMS) API apis: - name: google.cloud.kms.v1.EkmService - name: google.cloud.kms.v1.KeyManagementService - name: google.cloud.location.Locations - name: google.iam.v1.IAMPolicy types: - name: google.cloud.kms.v1.LocationMetadata documentation: summary: |- Manages keys and performs cryptographic operations in a central cloud service, for direct use by other cloud resources and applications. rules: - selector: google.cloud.location.Locations.GetLocation description: Gets information about a location. - selector: google.cloud.location.Locations.ListLocations description: Lists information about the supported locations for this service. - selector: google.iam.v1.IAMPolicy.GetIamPolicy description: |- Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set. - selector: google.iam.v1.IAMPolicy.SetIamPolicy description: |- Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors. - selector: google.iam.v1.IAMPolicy.TestIamPermissions description: |- Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a `NOT_FOUND` error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning. http: rules: - selector: google.cloud.location.Locations.GetLocation get: '/v1/{name=projects/*/locations/*}' - selector: google.cloud.location.Locations.ListLocations get: '/v1/{name=projects/*}/locations' - selector: google.iam.v1.IAMPolicy.GetIamPolicy get: '/v1/{resource=projects/*/locations/*/keyRings/*}:getIamPolicy' additional_bindings: - get: '/v1/{resource=projects/*/locations/*/keyRings/*/cryptoKeys/*}:getIamPolicy' - get: '/v1/{resource=projects/*/locations/*/keyRings/*/importJobs/*}:getIamPolicy' - get: '/v1/{resource=projects/*/locations/*/ekmConnections/*}:getIamPolicy' - selector: google.iam.v1.IAMPolicy.SetIamPolicy post: '/v1/{resource=projects/*/locations/*/keyRings/*}:setIamPolicy' body: '*' additional_bindings: - post: '/v1/{resource=projects/*/locations/*/keyRings/*/cryptoKeys/*}:setIamPolicy' body: '*' - post: '/v1/{resource=projects/*/locations/*/keyRings/*/importJobs/*}:setIamPolicy' body: '*' - post: '/v1/{resource=projects/*/locations/*/ekmConnections/*}:setIamPolicy' body: '*' - selector: google.iam.v1.IAMPolicy.TestIamPermissions post: '/v1/{resource=projects/*/locations/*/keyRings/*}:testIamPermissions' body: '*' additional_bindings: - post: '/v1/{resource=projects/*/locations/*/keyRings/*/cryptoKeys/*}:testIamPermissions' body: '*' - post: '/v1/{resource=projects/*/locations/*/keyRings/*/importJobs/*}:testIamPermissions' body: '*' - post: '/v1/{resource=projects/*/locations/*/ekmConnections/*}:testIamPermissions' body: '*' authentication: rules: - selector: 'google.cloud.kms.v1.EkmService.*' oauth: canonical_scopes: |- https://www.googleapis.com/auth/cloud-platform, https://www.googleapis.com/auth/cloudkms - selector: 'google.cloud.kms.v1.KeyManagementService.*' oauth: canonical_scopes: |- https://www.googleapis.com/auth/cloud-platform, https://www.googleapis.com/auth/cloudkms - selector: google.cloud.location.Locations.GetLocation oauth: canonical_scopes: |- https://www.googleapis.com/auth/cloud-platform, https://www.googleapis.com/auth/cloudkms - selector: google.cloud.location.Locations.ListLocations oauth: canonical_scopes: |- https://www.googleapis.com/auth/cloud-platform, https://www.googleapis.com/auth/cloudkms - selector: 'google.iam.v1.IAMPolicy.*' oauth: canonical_scopes: |- https://www.googleapis.com/auth/cloud-platform, https://www.googleapis.com/auth/cloudkms