/// A \[KeyRing][google.cloud.kms.v1.KeyRing\] is a toplevel logical grouping of \[CryptoKeys][google.cloud.kms.v1.CryptoKey\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct KeyRing { /// Output only. The resource name for the \[KeyRing][google.cloud.kms.v1.KeyRing\] in the format /// `projects/*/locations/*/keyRings/*`. #[prost(string, tag = "1")] pub name: ::prost::alloc::string::String, /// Output only. The time at which this \[KeyRing][google.cloud.kms.v1.KeyRing\] was created. #[prost(message, optional, tag = "2")] pub create_time: ::core::option::Option<::prost_types::Timestamp>, } /// A \[CryptoKey][google.cloud.kms.v1.CryptoKey\] represents a logical key that can be used for cryptographic /// operations. /// /// A \[CryptoKey][google.cloud.kms.v1.CryptoKey\] is made up of zero or more \[versions][google.cloud.kms.v1.CryptoKeyVersion\], /// which represent the actual key material used in cryptographic operations. #[derive(Clone, PartialEq, ::prost::Message)] pub struct CryptoKey { /// Output only. The resource name for this \[CryptoKey][google.cloud.kms.v1.CryptoKey\] in the format /// `projects/*/locations/*/keyRings/*/cryptoKeys/*`. #[prost(string, tag = "1")] pub name: ::prost::alloc::string::String, /// Output only. A copy of the "primary" \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] that will be used /// by \[Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt\] when this \[CryptoKey][google.cloud.kms.v1.CryptoKey\] is given /// in \[EncryptRequest.name][google.cloud.kms.v1.EncryptRequest.name\]. /// /// The \[CryptoKey][google.cloud.kms.v1.CryptoKey\]'s primary version can be updated via /// \[UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion\]. /// /// Keys with \[purpose][google.cloud.kms.v1.CryptoKey.purpose\] /// \[ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT\] may have a /// primary. For other keys, this field will be omitted. #[prost(message, optional, tag = "2")] pub primary: ::core::option::Option, /// Immutable. The immutable purpose of this \[CryptoKey][google.cloud.kms.v1.CryptoKey\]. #[prost(enumeration = "crypto_key::CryptoKeyPurpose", tag = "3")] pub purpose: i32, /// Output only. The time at which this \[CryptoKey][google.cloud.kms.v1.CryptoKey\] was created. #[prost(message, optional, tag = "5")] pub create_time: ::core::option::Option<::prost_types::Timestamp>, /// At \[next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time\], the Key Management Service will automatically: /// /// 1. Create a new version of this \[CryptoKey][google.cloud.kms.v1.CryptoKey\]. /// 2. Mark the new version as primary. /// /// Key rotations performed manually via /// \[CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion\] and /// \[UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion\] /// do not affect \[next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time\]. /// /// Keys with \[purpose][google.cloud.kms.v1.CryptoKey.purpose\] /// \[ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT\] support /// automatic rotation. For other keys, this field must be omitted. #[prost(message, optional, tag = "7")] pub next_rotation_time: ::core::option::Option<::prost_types::Timestamp>, /// A template describing settings for new \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] instances. /// The properties of new \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] instances created by either /// \[CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion\] or /// auto-rotation are controlled by this template. #[prost(message, optional, tag = "11")] pub version_template: ::core::option::Option, /// Labels with user-defined metadata. For more information, see /// [Labeling Keys](). #[prost(map = "string, string", tag = "10")] pub labels: ::std::collections::HashMap<::prost::alloc::string::String, ::prost::alloc::string::String>, /// Immutable. Whether this key may contain imported versions only. #[prost(bool, tag = "13")] pub import_only: bool, /// Immutable. The period of time that versions of this key spend in the /// \[DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED\] /// state before transitioning to /// \[DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED\]. If not /// specified at creation time, the default duration is 24 hours. #[prost(message, optional, tag = "14")] pub destroy_scheduled_duration: ::core::option::Option<::prost_types::Duration>, /// Controls the rate of automatic rotation. #[prost(oneof = "crypto_key::RotationSchedule", tags = "8")] pub rotation_schedule: ::core::option::Option, } /// Nested message and enum types in `CryptoKey`. pub mod crypto_key { /// \[CryptoKeyPurpose][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose\] describes the cryptographic capabilities of a /// \[CryptoKey][google.cloud.kms.v1.CryptoKey\]. A given key can only be used for the operations allowed by /// its purpose. For more information, see /// [Key purposes](). #[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)] #[repr(i32)] pub enum CryptoKeyPurpose { /// Not specified. Unspecified = 0, /// \[CryptoKeys][google.cloud.kms.v1.CryptoKey\] with this purpose may be used with /// \[Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt\] and /// \[Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt\]. EncryptDecrypt = 1, /// \[CryptoKeys][google.cloud.kms.v1.CryptoKey\] with this purpose may be used with /// \[AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign\] and /// \[GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey\]. AsymmetricSign = 5, /// \[CryptoKeys][google.cloud.kms.v1.CryptoKey\] with this purpose may be used with /// \[AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt\] and /// \[GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey\]. AsymmetricDecrypt = 6, /// \[CryptoKeys][google.cloud.kms.v1.CryptoKey\] with this purpose may be used with /// \[MacSign][google.cloud.kms.v1.KeyManagementService.MacSign\]. Mac = 9, } /// Controls the rate of automatic rotation. #[derive(Clone, PartialEq, ::prost::Oneof)] pub enum RotationSchedule { /// \[next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time\] will be advanced by this period when the service /// automatically rotates a key. Must be at least 24 hours and at most /// 876,000 hours. /// /// If \[rotation_period][google.cloud.kms.v1.CryptoKey.rotation_period\] is set, \[next_rotation_time][google.cloud.kms.v1.CryptoKey.next_rotation_time\] must also be set. /// /// Keys with \[purpose][google.cloud.kms.v1.CryptoKey.purpose\] /// \[ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT\] support /// automatic rotation. For other keys, this field must be omitted. #[prost(message, tag = "8")] RotationPeriod(::prost_types::Duration), } } /// A \[CryptoKeyVersionTemplate][google.cloud.kms.v1.CryptoKeyVersionTemplate\] specifies the properties to use when creating /// a new \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\], either manually with /// \[CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion\] or /// automatically as a result of auto-rotation. #[derive(Clone, PartialEq, ::prost::Message)] pub struct CryptoKeyVersionTemplate { /// \[ProtectionLevel][google.cloud.kms.v1.ProtectionLevel\] to use when creating a \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] based on /// this template. Immutable. Defaults to \[SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE\]. #[prost(enumeration = "ProtectionLevel", tag = "1")] pub protection_level: i32, /// Required. \[Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm\] to use /// when creating a \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] based on this template. /// /// For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both /// this field is omitted and \[CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose\] is /// \[ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT\]. #[prost(enumeration = "crypto_key_version::CryptoKeyVersionAlgorithm", tag = "3")] pub algorithm: i32, } /// Contains an HSM-generated attestation about a key operation. For more /// information, see [Verifying attestations] /// (). #[derive(Clone, PartialEq, ::prost::Message)] pub struct KeyOperationAttestation { /// Output only. The format of the attestation data. #[prost(enumeration = "key_operation_attestation::AttestationFormat", tag = "4")] pub format: i32, /// Output only. The attestation data provided by the HSM when the key /// operation was performed. #[prost(bytes = "vec", tag = "5")] pub content: ::prost::alloc::vec::Vec, } /// Nested message and enum types in `KeyOperationAttestation`. pub mod key_operation_attestation { /// Attestation formats provided by the HSM. #[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)] #[repr(i32)] pub enum AttestationFormat { /// Not specified. Unspecified = 0, /// Cavium HSM attestation compressed with gzip. Note that this format is /// defined by Cavium and subject to change at any time. CaviumV1Compressed = 3, /// Cavium HSM attestation V2 compressed with gzip. This is a new format /// introduced in Cavium's version 3.2-08. CaviumV2Compressed = 4, } } /// A \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] represents an individual cryptographic key, and the /// associated key material. /// /// An \[ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED\] version can be /// used for cryptographic operations. /// /// For security reasons, the raw cryptographic key material represented by a /// \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] can never be viewed or exported. It can only be used to /// encrypt, decrypt, or sign data when an authorized user or application invokes /// Cloud KMS. #[derive(Clone, PartialEq, ::prost::Message)] pub struct CryptoKeyVersion { /// Output only. The resource name for this \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] in the format /// `projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*`. #[prost(string, tag = "1")] pub name: ::prost::alloc::string::String, /// The current state of the \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\]. #[prost(enumeration = "crypto_key_version::CryptoKeyVersionState", tag = "3")] pub state: i32, /// Output only. The \[ProtectionLevel][google.cloud.kms.v1.ProtectionLevel\] describing how crypto operations are /// performed with this \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\]. #[prost(enumeration = "ProtectionLevel", tag = "7")] pub protection_level: i32, /// Output only. The \[CryptoKeyVersionAlgorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm\] that this /// \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] supports. #[prost(enumeration = "crypto_key_version::CryptoKeyVersionAlgorithm", tag = "10")] pub algorithm: i32, /// Output only. Statement that was generated and signed by the HSM at key /// creation time. Use this statement to verify attributes of the key as stored /// on the HSM, independently of Google. Only provided for key versions with /// \[protection_level][google.cloud.kms.v1.CryptoKeyVersion.protection_level\] \[HSM][google.cloud.kms.v1.ProtectionLevel.HSM\]. #[prost(message, optional, tag = "8")] pub attestation: ::core::option::Option, /// Output only. The time at which this \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] was created. #[prost(message, optional, tag = "4")] pub create_time: ::core::option::Option<::prost_types::Timestamp>, /// Output only. The time this \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\]'s key material was /// generated. #[prost(message, optional, tag = "11")] pub generate_time: ::core::option::Option<::prost_types::Timestamp>, /// Output only. The time this \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\]'s key material is scheduled /// for destruction. Only present if \[state][google.cloud.kms.v1.CryptoKeyVersion.state\] is /// \[DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED\]. #[prost(message, optional, tag = "5")] pub destroy_time: ::core::option::Option<::prost_types::Timestamp>, /// Output only. The time this CryptoKeyVersion's key material was /// destroyed. Only present if \[state][google.cloud.kms.v1.CryptoKeyVersion.state\] is /// \[DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED\]. #[prost(message, optional, tag = "6")] pub destroy_event_time: ::core::option::Option<::prost_types::Timestamp>, /// Output only. The name of the \[ImportJob][google.cloud.kms.v1.ImportJob\] used in the most recent import of this /// \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\]. Only present if the underlying key material was /// imported. #[prost(string, tag = "14")] pub import_job: ::prost::alloc::string::String, /// Output only. The time at which this \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\]'s key material /// was most recently imported. #[prost(message, optional, tag = "15")] pub import_time: ::core::option::Option<::prost_types::Timestamp>, /// Output only. The root cause of the most recent import failure. Only present if /// \[state][google.cloud.kms.v1.CryptoKeyVersion.state\] is /// \[IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED\]. #[prost(string, tag = "16")] pub import_failure_reason: ::prost::alloc::string::String, /// ExternalProtectionLevelOptions stores a group of additional fields for /// configuring a \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] that are specific to the /// \[EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL\] protection level. #[prost(message, optional, tag = "17")] pub external_protection_level_options: ::core::option::Option, /// Output only. Whether or not this key version is eligible for reimport, by being /// specified as a target in /// \[ImportCryptoKeyVersionRequest.crypto_key_version][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.crypto_key_version\]. #[prost(bool, tag = "18")] pub reimport_eligible: bool, } /// Nested message and enum types in `CryptoKeyVersion`. pub mod crypto_key_version { /// The algorithm of the \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\], indicating what /// parameters must be used for each cryptographic operation. /// /// The /// \[GOOGLE_SYMMETRIC_ENCRYPTION][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION\] /// algorithm is usable with \[CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose\] /// \[ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT\]. /// /// Algorithms beginning with "RSA_SIGN_" are usable with \[CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose\] /// \[ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN\]. /// /// The fields in the name after "RSA_SIGN_" correspond to the following /// parameters: padding algorithm, modulus bit length, and digest algorithm. /// /// For PSS, the salt length used is equal to the length of digest /// algorithm. For example, /// \[RSA_SIGN_PSS_2048_SHA256][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm.RSA_SIGN_PSS_2048_SHA256\] /// will use PSS with a salt length of 256 bits or 32 bytes. /// /// Algorithms beginning with "RSA_DECRYPT_" are usable with /// \[CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose\] /// \[ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT\]. /// /// The fields in the name after "RSA_DECRYPT_" correspond to the following /// parameters: padding algorithm, modulus bit length, and digest algorithm. /// /// Algorithms beginning with "EC_SIGN_" are usable with \[CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose\] /// \[ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN\]. /// /// The fields in the name after "EC_SIGN_" correspond to the following /// parameters: elliptic curve, digest algorithm. /// /// Algorithms beginning with "HMAC_" are usable with \[CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose\] /// \[MAC][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.MAC\]. /// /// The suffix following "HMAC_" corresponds to the hash algorithm being used /// (eg. SHA256). /// /// For more information, see [Key purposes and algorithms] /// (). #[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)] #[repr(i32)] pub enum CryptoKeyVersionAlgorithm { /// Not specified. Unspecified = 0, /// Creates symmetric encryption keys. GoogleSymmetricEncryption = 1, /// RSASSA-PSS 2048 bit key with a SHA256 digest. RsaSignPss2048Sha256 = 2, /// RSASSA-PSS 3072 bit key with a SHA256 digest. RsaSignPss3072Sha256 = 3, /// RSASSA-PSS 4096 bit key with a SHA256 digest. RsaSignPss4096Sha256 = 4, /// RSASSA-PSS 4096 bit key with a SHA512 digest. RsaSignPss4096Sha512 = 15, /// RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest. RsaSignPkcs12048Sha256 = 5, /// RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest. RsaSignPkcs13072Sha256 = 6, /// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest. RsaSignPkcs14096Sha256 = 7, /// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest. RsaSignPkcs14096Sha512 = 16, /// RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key. RsaSignRawPkcs12048 = 28, /// RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key. RsaSignRawPkcs13072 = 29, /// RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key. RsaSignRawPkcs14096 = 30, /// RSAES-OAEP 2048 bit key with a SHA256 digest. RsaDecryptOaep2048Sha256 = 8, /// RSAES-OAEP 3072 bit key with a SHA256 digest. RsaDecryptOaep3072Sha256 = 9, /// RSAES-OAEP 4096 bit key with a SHA256 digest. RsaDecryptOaep4096Sha256 = 10, /// RSAES-OAEP 4096 bit key with a SHA512 digest. RsaDecryptOaep4096Sha512 = 17, /// RSAES-OAEP 2048 bit key with a SHA1 digest. RsaDecryptOaep2048Sha1 = 37, /// RSAES-OAEP 3072 bit key with a SHA1 digest. RsaDecryptOaep3072Sha1 = 38, /// RSAES-OAEP 4096 bit key with a SHA1 digest. RsaDecryptOaep4096Sha1 = 39, /// ECDSA on the NIST P-256 curve with a SHA256 digest. EcSignP256Sha256 = 12, /// ECDSA on the NIST P-384 curve with a SHA384 digest. EcSignP384Sha384 = 13, /// ECDSA on the non-NIST secp256k1 curve. This curve is only supported for /// HSM protection level. EcSignSecp256k1Sha256 = 31, /// HMAC-SHA256 signing with a 256 bit key. HmacSha256 = 32, /// Algorithm representing symmetric encryption by an external key manager. ExternalSymmetricEncryption = 18, } /// The state of a \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\], indicating if it can be used. #[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)] #[repr(i32)] pub enum CryptoKeyVersionState { /// Not specified. Unspecified = 0, /// This version is still being generated. It may not be used, enabled, /// disabled, or destroyed yet. Cloud KMS will automatically mark this /// version \[ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED\] as soon as the version is ready. PendingGeneration = 5, /// This version may be used for cryptographic operations. Enabled = 1, /// This version may not be used, but the key material is still available, /// and the version can be placed back into the \[ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED\] state. Disabled = 2, /// This version is destroyed, and the key material is no longer stored. /// This version may only become \[ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED\] again if this version is /// \[reimport_eligible][google.cloud.kms.v1.CryptoKeyVersion.reimport_eligible\] and the original /// key material is reimported with a call to /// \[KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion\]. Destroyed = 3, /// This version is scheduled for destruction, and will be destroyed soon. /// Call /// \[RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion\] /// to put it back into the \[DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED\] state. DestroyScheduled = 4, /// This version is still being imported. It may not be used, enabled, /// disabled, or destroyed yet. Cloud KMS will automatically mark this /// version \[ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED\] as soon as the version is ready. PendingImport = 6, /// This version was not imported successfully. It may not be used, enabled, /// disabled, or destroyed. The submitted key material has been discarded. /// Additional details can be found in /// \[CryptoKeyVersion.import_failure_reason][google.cloud.kms.v1.CryptoKeyVersion.import_failure_reason\]. ImportFailed = 7, } /// A view for \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\]s. Controls the level of detail returned /// for \[CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion\] in /// \[KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions\] and /// \[KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys\]. #[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)] #[repr(i32)] pub enum CryptoKeyVersionView { /// Default view for each \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\]. Does not include /// the \[attestation][google.cloud.kms.v1.CryptoKeyVersion.attestation\] field. Unspecified = 0, /// Provides all fields in each \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\], including the /// \[attestation][google.cloud.kms.v1.CryptoKeyVersion.attestation\]. Full = 1, } } /// The public key for a given \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\]. Obtained via /// \[GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct PublicKey { /// The public key, encoded in PEM format. For more information, see the /// [RFC 7468]() sections for /// [General Considerations]() and /// [Textual Encoding of Subject Public Key Info] /// (). #[prost(string, tag = "1")] pub pem: ::prost::alloc::string::String, /// The \[Algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm\] associated /// with this key. #[prost(enumeration = "crypto_key_version::CryptoKeyVersionAlgorithm", tag = "2")] pub algorithm: i32, /// Integrity verification field. A CRC32C checksum of the returned /// \[PublicKey.pem][google.cloud.kms.v1.PublicKey.pem\]. An integrity check of \[PublicKey.pem][google.cloud.kms.v1.PublicKey.pem\] can be performed /// by computing the CRC32C checksum of \[PublicKey.pem][google.cloud.kms.v1.PublicKey.pem\] and /// comparing your results to this field. Discard the response in case of /// non-matching checksum values, and perform a limited number of retries. A /// persistent mismatch may indicate an issue in your computation of the CRC32C /// checksum. /// Note: This field is defined as int64 for reasons of compatibility across /// different languages. However, it is a non-negative integer, which will /// never exceed 2^32-1, and can be safely downconverted to uint32 in languages /// that support this type. /// /// NOTE: This field is in Beta. #[prost(message, optional, tag = "3")] pub pem_crc32c: ::core::option::Option, /// The \[name][google.cloud.kms.v1.CryptoKeyVersion.name\] of the \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] public key. /// Provided here for verification. /// /// NOTE: This field is in Beta. #[prost(string, tag = "4")] pub name: ::prost::alloc::string::String, /// The \[ProtectionLevel][google.cloud.kms.v1.ProtectionLevel\] of the \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] public key. #[prost(enumeration = "ProtectionLevel", tag = "5")] pub protection_level: i32, } /// An \[ImportJob][google.cloud.kms.v1.ImportJob\] can be used to create \[CryptoKeys][google.cloud.kms.v1.CryptoKey\] and /// \[CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion\] using pre-existing key material, /// generated outside of Cloud KMS. /// /// When an \[ImportJob][google.cloud.kms.v1.ImportJob\] is created, Cloud KMS will generate a "wrapping key", /// which is a public/private key pair. You use the wrapping key to encrypt (also /// known as wrap) the pre-existing key material to protect it during the import /// process. The nature of the wrapping key depends on the choice of /// \[import_method][google.cloud.kms.v1.ImportJob.import_method\]. When the wrapping key generation /// is complete, the \[state][google.cloud.kms.v1.ImportJob.state\] will be set to /// \[ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE\] and the \[public_key][google.cloud.kms.v1.ImportJob.public_key\] /// can be fetched. The fetched public key can then be used to wrap your /// pre-existing key material. /// /// Once the key material is wrapped, it can be imported into a new /// \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] in an existing \[CryptoKey][google.cloud.kms.v1.CryptoKey\] by calling /// \[ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion\]. /// Multiple \[CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion\] can be imported with a single /// \[ImportJob][google.cloud.kms.v1.ImportJob\]. Cloud KMS uses the private key portion of the wrapping key to /// unwrap the key material. Only Cloud KMS has access to the private key. /// /// An \[ImportJob][google.cloud.kms.v1.ImportJob\] expires 3 days after it is created. Once expired, Cloud KMS /// will no longer be able to import or unwrap any key material that was wrapped /// with the \[ImportJob][google.cloud.kms.v1.ImportJob\]'s public key. /// /// For more information, see /// [Importing a key](). #[derive(Clone, PartialEq, ::prost::Message)] pub struct ImportJob { /// Output only. The resource name for this \[ImportJob][google.cloud.kms.v1.ImportJob\] in the format /// `projects/*/locations/*/keyRings/*/importJobs/*`. #[prost(string, tag = "1")] pub name: ::prost::alloc::string::String, /// Required. Immutable. The wrapping method to be used for incoming key material. #[prost(enumeration = "import_job::ImportMethod", tag = "2")] pub import_method: i32, /// Required. Immutable. The protection level of the \[ImportJob][google.cloud.kms.v1.ImportJob\]. This must match the /// \[protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level\] of the /// \[version_template][google.cloud.kms.v1.CryptoKey.version_template\] on the \[CryptoKey][google.cloud.kms.v1.CryptoKey\] you /// attempt to import into. #[prost(enumeration = "ProtectionLevel", tag = "9")] pub protection_level: i32, /// Output only. The time at which this \[ImportJob][google.cloud.kms.v1.ImportJob\] was created. #[prost(message, optional, tag = "3")] pub create_time: ::core::option::Option<::prost_types::Timestamp>, /// Output only. The time this \[ImportJob][google.cloud.kms.v1.ImportJob\]'s key material was generated. #[prost(message, optional, tag = "4")] pub generate_time: ::core::option::Option<::prost_types::Timestamp>, /// Output only. The time at which this \[ImportJob][google.cloud.kms.v1.ImportJob\] is scheduled for /// expiration and can no longer be used to import key material. #[prost(message, optional, tag = "5")] pub expire_time: ::core::option::Option<::prost_types::Timestamp>, /// Output only. The time this \[ImportJob][google.cloud.kms.v1.ImportJob\] expired. Only present if /// \[state][google.cloud.kms.v1.ImportJob.state\] is \[EXPIRED][google.cloud.kms.v1.ImportJob.ImportJobState.EXPIRED\]. #[prost(message, optional, tag = "10")] pub expire_event_time: ::core::option::Option<::prost_types::Timestamp>, /// Output only. The current state of the \[ImportJob][google.cloud.kms.v1.ImportJob\], indicating if it can /// be used. #[prost(enumeration = "import_job::ImportJobState", tag = "6")] pub state: i32, /// Output only. The public key with which to wrap key material prior to /// import. Only returned if \[state][google.cloud.kms.v1.ImportJob.state\] is /// \[ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE\]. #[prost(message, optional, tag = "7")] pub public_key: ::core::option::Option, /// Output only. Statement that was generated and signed by the key creator /// (for example, an HSM) at key creation time. Use this statement to verify /// attributes of the key as stored on the HSM, independently of Google. /// Only present if the chosen \[ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod\] is one with a protection /// level of \[HSM][google.cloud.kms.v1.ProtectionLevel.HSM\]. #[prost(message, optional, tag = "8")] pub attestation: ::core::option::Option, } /// Nested message and enum types in `ImportJob`. pub mod import_job { /// The public key component of the wrapping key. For details of the type of /// key this public key corresponds to, see the \[ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct WrappingPublicKey { /// The public key, encoded in PEM format. For more information, see the [RFC /// 7468]() sections for [General /// Considerations]() and /// [Textual Encoding of Subject Public Key Info] /// (). #[prost(string, tag = "1")] pub pem: ::prost::alloc::string::String, } /// \[ImportMethod][google.cloud.kms.v1.ImportJob.ImportMethod\] describes the key wrapping method chosen for this /// \[ImportJob][google.cloud.kms.v1.ImportJob\]. #[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)] #[repr(i32)] pub enum ImportMethod { /// Not specified. Unspecified = 0, /// This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping /// scheme defined in the PKCS #11 standard. In summary, this involves /// wrapping the raw key with an ephemeral AES key, and wrapping the /// ephemeral AES key with a 3072 bit RSA key. For more details, see /// [RSA AES key wrap /// mechanism](). RsaOaep3072Sha1Aes256 = 1, /// This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping /// scheme defined in the PKCS #11 standard. In summary, this involves /// wrapping the raw key with an ephemeral AES key, and wrapping the /// ephemeral AES key with a 4096 bit RSA key. For more details, see /// [RSA AES key wrap /// mechanism](). RsaOaep4096Sha1Aes256 = 2, } /// The state of the \[ImportJob][google.cloud.kms.v1.ImportJob\], indicating if it can be used. #[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)] #[repr(i32)] pub enum ImportJobState { /// Not specified. Unspecified = 0, /// The wrapping key for this job is still being generated. It may not be /// used. Cloud KMS will automatically mark this job as /// \[ACTIVE][google.cloud.kms.v1.ImportJob.ImportJobState.ACTIVE\] as soon as the wrapping key is generated. PendingGeneration = 1, /// This job may be used in /// \[CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey\] and /// \[CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion\] /// requests. Active = 2, /// This job can no longer be used and may not leave this state once entered. Expired = 3, } } /// ExternalProtectionLevelOptions stores a group of additional fields for /// configuring a \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] that are specific to the /// \[EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL\] protection level. #[derive(Clone, PartialEq, ::prost::Message)] pub struct ExternalProtectionLevelOptions { /// The URI for an external resource that this \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] represents. #[prost(string, tag = "1")] pub external_key_uri: ::prost::alloc::string::String, } /// \[ProtectionLevel][google.cloud.kms.v1.ProtectionLevel\] specifies how cryptographic operations are performed. /// For more information, see [Protection levels] /// (). #[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)] #[repr(i32)] pub enum ProtectionLevel { /// Not specified. Unspecified = 0, /// Crypto operations are performed in software. Software = 1, /// Crypto operations are performed in a Hardware Security Module. Hsm = 2, /// Crypto operations are performed by an external key manager. External = 3, } /// Request message for \[KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct ListKeyRingsRequest { /// Required. The resource name of the location associated with the /// \[KeyRings][google.cloud.kms.v1.KeyRing\], in the format `projects/*/locations/*`. #[prost(string, tag = "1")] pub parent: ::prost::alloc::string::String, /// Optional. Optional limit on the number of \[KeyRings][google.cloud.kms.v1.KeyRing\] to include in the /// response. Further \[KeyRings][google.cloud.kms.v1.KeyRing\] can subsequently be obtained by /// including the \[ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token\] in a subsequent /// request. If unspecified, the server will pick an appropriate default. #[prost(int32, tag = "2")] pub page_size: i32, /// Optional. Optional pagination token, returned earlier via /// \[ListKeyRingsResponse.next_page_token][google.cloud.kms.v1.ListKeyRingsResponse.next_page_token\]. #[prost(string, tag = "3")] pub page_token: ::prost::alloc::string::String, /// Optional. Only include resources that match the filter in the response. For /// more information, see /// [Sorting and filtering list /// results](). #[prost(string, tag = "4")] pub filter: ::prost::alloc::string::String, /// Optional. Specify how the results should be sorted. If not specified, the /// results will be sorted in the default order. For more information, see /// [Sorting and filtering list /// results](). #[prost(string, tag = "5")] pub order_by: ::prost::alloc::string::String, } /// Request message for \[KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct ListCryptoKeysRequest { /// Required. The resource name of the \[KeyRing][google.cloud.kms.v1.KeyRing\] to list, in the format /// `projects/*/locations/*/keyRings/*`. #[prost(string, tag = "1")] pub parent: ::prost::alloc::string::String, /// Optional. Optional limit on the number of \[CryptoKeys][google.cloud.kms.v1.CryptoKey\] to include in the /// response. Further \[CryptoKeys][google.cloud.kms.v1.CryptoKey\] can subsequently be obtained by /// including the \[ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token\] in a subsequent /// request. If unspecified, the server will pick an appropriate default. #[prost(int32, tag = "2")] pub page_size: i32, /// Optional. Optional pagination token, returned earlier via /// \[ListCryptoKeysResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeysResponse.next_page_token\]. #[prost(string, tag = "3")] pub page_token: ::prost::alloc::string::String, /// The fields of the primary version to include in the response. #[prost(enumeration = "crypto_key_version::CryptoKeyVersionView", tag = "4")] pub version_view: i32, /// Optional. Only include resources that match the filter in the response. For /// more information, see /// [Sorting and filtering list /// results](). #[prost(string, tag = "5")] pub filter: ::prost::alloc::string::String, /// Optional. Specify how the results should be sorted. If not specified, the /// results will be sorted in the default order. For more information, see /// [Sorting and filtering list /// results](). #[prost(string, tag = "6")] pub order_by: ::prost::alloc::string::String, } /// Request message for \[KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct ListCryptoKeyVersionsRequest { /// Required. The resource name of the \[CryptoKey][google.cloud.kms.v1.CryptoKey\] to list, in the format /// `projects/*/locations/*/keyRings/*/cryptoKeys/*`. #[prost(string, tag = "1")] pub parent: ::prost::alloc::string::String, /// Optional. Optional limit on the number of \[CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion\] to /// include in the response. Further \[CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion\] can /// subsequently be obtained by including the /// \[ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token\] in a subsequent request. /// If unspecified, the server will pick an appropriate default. #[prost(int32, tag = "2")] pub page_size: i32, /// Optional. Optional pagination token, returned earlier via /// \[ListCryptoKeyVersionsResponse.next_page_token][google.cloud.kms.v1.ListCryptoKeyVersionsResponse.next_page_token\]. #[prost(string, tag = "3")] pub page_token: ::prost::alloc::string::String, /// The fields to include in the response. #[prost(enumeration = "crypto_key_version::CryptoKeyVersionView", tag = "4")] pub view: i32, /// Optional. Only include resources that match the filter in the response. For /// more information, see /// [Sorting and filtering list /// results](). #[prost(string, tag = "5")] pub filter: ::prost::alloc::string::String, /// Optional. Specify how the results should be sorted. If not specified, the /// results will be sorted in the default order. For more information, see /// [Sorting and filtering list /// results](). #[prost(string, tag = "6")] pub order_by: ::prost::alloc::string::String, } /// Request message for \[KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct ListImportJobsRequest { /// Required. The resource name of the \[KeyRing][google.cloud.kms.v1.KeyRing\] to list, in the format /// `projects/*/locations/*/keyRings/*`. #[prost(string, tag = "1")] pub parent: ::prost::alloc::string::String, /// Optional. Optional limit on the number of \[ImportJobs][google.cloud.kms.v1.ImportJob\] to include in the /// response. Further \[ImportJobs][google.cloud.kms.v1.ImportJob\] can subsequently be obtained by /// including the \[ListImportJobsResponse.next_page_token][google.cloud.kms.v1.ListImportJobsResponse.next_page_token\] in a subsequent /// request. If unspecified, the server will pick an appropriate default. #[prost(int32, tag = "2")] pub page_size: i32, /// Optional. Optional pagination token, returned earlier via /// \[ListImportJobsResponse.next_page_token][google.cloud.kms.v1.ListImportJobsResponse.next_page_token\]. #[prost(string, tag = "3")] pub page_token: ::prost::alloc::string::String, /// Optional. Only include resources that match the filter in the response. For /// more information, see /// [Sorting and filtering list /// results](). #[prost(string, tag = "4")] pub filter: ::prost::alloc::string::String, /// Optional. Specify how the results should be sorted. If not specified, the /// results will be sorted in the default order. For more information, see /// [Sorting and filtering list /// results](). #[prost(string, tag = "5")] pub order_by: ::prost::alloc::string::String, } /// Response message for \[KeyManagementService.ListKeyRings][google.cloud.kms.v1.KeyManagementService.ListKeyRings\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct ListKeyRingsResponse { /// The list of \[KeyRings][google.cloud.kms.v1.KeyRing\]. #[prost(message, repeated, tag = "1")] pub key_rings: ::prost::alloc::vec::Vec, /// A token to retrieve next page of results. Pass this value in /// \[ListKeyRingsRequest.page_token][google.cloud.kms.v1.ListKeyRingsRequest.page_token\] to retrieve the next page of results. #[prost(string, tag = "2")] pub next_page_token: ::prost::alloc::string::String, /// The total number of \[KeyRings][google.cloud.kms.v1.KeyRing\] that matched the query. #[prost(int32, tag = "3")] pub total_size: i32, } /// Response message for \[KeyManagementService.ListCryptoKeys][google.cloud.kms.v1.KeyManagementService.ListCryptoKeys\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct ListCryptoKeysResponse { /// The list of \[CryptoKeys][google.cloud.kms.v1.CryptoKey\]. #[prost(message, repeated, tag = "1")] pub crypto_keys: ::prost::alloc::vec::Vec, /// A token to retrieve next page of results. Pass this value in /// \[ListCryptoKeysRequest.page_token][google.cloud.kms.v1.ListCryptoKeysRequest.page_token\] to retrieve the next page of results. #[prost(string, tag = "2")] pub next_page_token: ::prost::alloc::string::String, /// The total number of \[CryptoKeys][google.cloud.kms.v1.CryptoKey\] that matched the query. #[prost(int32, tag = "3")] pub total_size: i32, } /// Response message for \[KeyManagementService.ListCryptoKeyVersions][google.cloud.kms.v1.KeyManagementService.ListCryptoKeyVersions\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct ListCryptoKeyVersionsResponse { /// The list of \[CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion\]. #[prost(message, repeated, tag = "1")] pub crypto_key_versions: ::prost::alloc::vec::Vec, /// A token to retrieve next page of results. Pass this value in /// \[ListCryptoKeyVersionsRequest.page_token][google.cloud.kms.v1.ListCryptoKeyVersionsRequest.page_token\] to retrieve the next page of /// results. #[prost(string, tag = "2")] pub next_page_token: ::prost::alloc::string::String, /// The total number of \[CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion\] that matched the /// query. #[prost(int32, tag = "3")] pub total_size: i32, } /// Response message for \[KeyManagementService.ListImportJobs][google.cloud.kms.v1.KeyManagementService.ListImportJobs\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct ListImportJobsResponse { /// The list of \[ImportJobs][google.cloud.kms.v1.ImportJob\]. #[prost(message, repeated, tag = "1")] pub import_jobs: ::prost::alloc::vec::Vec, /// A token to retrieve next page of results. Pass this value in /// \[ListImportJobsRequest.page_token][google.cloud.kms.v1.ListImportJobsRequest.page_token\] to retrieve the next page of results. #[prost(string, tag = "2")] pub next_page_token: ::prost::alloc::string::String, /// The total number of \[ImportJobs][google.cloud.kms.v1.ImportJob\] that matched the query. #[prost(int32, tag = "3")] pub total_size: i32, } /// Request message for \[KeyManagementService.GetKeyRing][google.cloud.kms.v1.KeyManagementService.GetKeyRing\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct GetKeyRingRequest { /// Required. The \[name][google.cloud.kms.v1.KeyRing.name\] of the \[KeyRing][google.cloud.kms.v1.KeyRing\] to get. #[prost(string, tag = "1")] pub name: ::prost::alloc::string::String, } /// Request message for \[KeyManagementService.GetCryptoKey][google.cloud.kms.v1.KeyManagementService.GetCryptoKey\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct GetCryptoKeyRequest { /// Required. The \[name][google.cloud.kms.v1.CryptoKey.name\] of the \[CryptoKey][google.cloud.kms.v1.CryptoKey\] to get. #[prost(string, tag = "1")] pub name: ::prost::alloc::string::String, } /// Request message for \[KeyManagementService.GetCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.GetCryptoKeyVersion\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct GetCryptoKeyVersionRequest { /// Required. The \[name][google.cloud.kms.v1.CryptoKeyVersion.name\] of the \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] to get. #[prost(string, tag = "1")] pub name: ::prost::alloc::string::String, } /// Request message for \[KeyManagementService.GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct GetPublicKeyRequest { /// Required. The \[name][google.cloud.kms.v1.CryptoKeyVersion.name\] of the \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] public key to /// get. #[prost(string, tag = "1")] pub name: ::prost::alloc::string::String, } /// Request message for \[KeyManagementService.GetImportJob][google.cloud.kms.v1.KeyManagementService.GetImportJob\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct GetImportJobRequest { /// Required. The \[name][google.cloud.kms.v1.ImportJob.name\] of the \[ImportJob][google.cloud.kms.v1.ImportJob\] to get. #[prost(string, tag = "1")] pub name: ::prost::alloc::string::String, } /// Request message for \[KeyManagementService.CreateKeyRing][google.cloud.kms.v1.KeyManagementService.CreateKeyRing\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct CreateKeyRingRequest { /// Required. The resource name of the location associated with the /// \[KeyRings][google.cloud.kms.v1.KeyRing\], in the format `projects/*/locations/*`. #[prost(string, tag = "1")] pub parent: ::prost::alloc::string::String, /// Required. It must be unique within a location and match the regular /// expression `\[a-zA-Z0-9_-\]{1,63}` #[prost(string, tag = "2")] pub key_ring_id: ::prost::alloc::string::String, /// Required. A \[KeyRing][google.cloud.kms.v1.KeyRing\] with initial field values. #[prost(message, optional, tag = "3")] pub key_ring: ::core::option::Option, } /// Request message for \[KeyManagementService.CreateCryptoKey][google.cloud.kms.v1.KeyManagementService.CreateCryptoKey\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct CreateCryptoKeyRequest { /// Required. The \[name][google.cloud.kms.v1.KeyRing.name\] of the KeyRing associated with the /// \[CryptoKeys][google.cloud.kms.v1.CryptoKey\]. #[prost(string, tag = "1")] pub parent: ::prost::alloc::string::String, /// Required. It must be unique within a KeyRing and match the regular /// expression `\[a-zA-Z0-9_-\]{1,63}` #[prost(string, tag = "2")] pub crypto_key_id: ::prost::alloc::string::String, /// Required. A \[CryptoKey][google.cloud.kms.v1.CryptoKey\] with initial field values. #[prost(message, optional, tag = "3")] pub crypto_key: ::core::option::Option, /// If set to true, the request will create a \[CryptoKey][google.cloud.kms.v1.CryptoKey\] without any /// \[CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion\]. You must manually call /// \[CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion\] or /// \[ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion\] /// before you can use this \[CryptoKey][google.cloud.kms.v1.CryptoKey\]. #[prost(bool, tag = "5")] pub skip_initial_version_creation: bool, } /// Request message for \[KeyManagementService.CreateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.CreateCryptoKeyVersion\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct CreateCryptoKeyVersionRequest { /// Required. The \[name][google.cloud.kms.v1.CryptoKey.name\] of the \[CryptoKey][google.cloud.kms.v1.CryptoKey\] associated with /// the \[CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion\]. #[prost(string, tag = "1")] pub parent: ::prost::alloc::string::String, /// Required. A \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] with initial field values. #[prost(message, optional, tag = "2")] pub crypto_key_version: ::core::option::Option, } /// Request message for \[KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct ImportCryptoKeyVersionRequest { /// Required. The \[name][google.cloud.kms.v1.CryptoKey.name\] of the \[CryptoKey][google.cloud.kms.v1.CryptoKey\] to be imported into. /// /// The create permission is only required on this key when creating a new /// \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\]. #[prost(string, tag = "1")] pub parent: ::prost::alloc::string::String, /// Optional. The optional \[name][google.cloud.kms.v1.CryptoKeyVersion.name\] of an existing /// \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] to target for an import operation. /// If this field is not present, a new \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] containing the /// supplied key material is created. /// /// If this field is present, the supplied key material is imported into /// the existing \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\]. To import into an existing /// \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\], the \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] must be a child of /// \[ImportCryptoKeyVersionRequest.parent][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent\], have been previously created via /// \[ImportCryptoKeyVersion][\], and be in /// \[DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED\] or /// \[IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED\] /// state. The key material and algorithm must match the previous /// \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] exactly if the \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] has ever contained /// key material. #[prost(string, tag = "6")] pub crypto_key_version: ::prost::alloc::string::String, /// Required. The \[algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm\] of /// the key being imported. This does not need to match the /// \[version_template][google.cloud.kms.v1.CryptoKey.version_template\] of the \[CryptoKey][google.cloud.kms.v1.CryptoKey\] this /// version imports into. #[prost(enumeration = "crypto_key_version::CryptoKeyVersionAlgorithm", tag = "2")] pub algorithm: i32, /// Required. The \[name][google.cloud.kms.v1.ImportJob.name\] of the \[ImportJob][google.cloud.kms.v1.ImportJob\] that was used to /// wrap this key material. #[prost(string, tag = "4")] pub import_job: ::prost::alloc::string::String, /// Required. The incoming wrapped key material that is to be imported. #[prost(oneof = "import_crypto_key_version_request::WrappedKeyMaterial", tags = "5")] pub wrapped_key_material: ::core::option::Option, } /// Nested message and enum types in `ImportCryptoKeyVersionRequest`. pub mod import_crypto_key_version_request { /// Required. The incoming wrapped key material that is to be imported. #[derive(Clone, PartialEq, ::prost::Oneof)] pub enum WrappedKeyMaterial { /// Wrapped key material produced with /// \[RSA_OAEP_3072_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_3072_SHA1_AES_256\] /// or /// \[RSA_OAEP_4096_SHA1_AES_256][google.cloud.kms.v1.ImportJob.ImportMethod.RSA_OAEP_4096_SHA1_AES_256\]. /// /// This field contains the concatenation of two wrapped keys: ///
    ///
  1. An ephemeral AES-256 wrapping key wrapped with the /// \[public_key][google.cloud.kms.v1.ImportJob.public_key\] using RSAES-OAEP with SHA-1, /// MGF1 with SHA-1, and an empty label. ///
  2. ///
  3. The key to be imported, wrapped with the ephemeral AES-256 key /// using AES-KWP (RFC 5649). ///
  4. ///
/// /// If importing symmetric key material, it is expected that the unwrapped /// key contains plain bytes. If importing asymmetric key material, it is /// expected that the unwrapped key is in PKCS#8-encoded DER format (the /// PrivateKeyInfo structure from RFC 5208). /// /// This format is the same as the format produced by PKCS#11 mechanism /// CKM_RSA_AES_KEY_WRAP. #[prost(bytes, tag = "5")] RsaAesWrappedKey(::prost::alloc::vec::Vec), } } /// Request message for \[KeyManagementService.CreateImportJob][google.cloud.kms.v1.KeyManagementService.CreateImportJob\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct CreateImportJobRequest { /// Required. The \[name][google.cloud.kms.v1.KeyRing.name\] of the \[KeyRing][google.cloud.kms.v1.KeyRing\] associated with the /// \[ImportJobs][google.cloud.kms.v1.ImportJob\]. #[prost(string, tag = "1")] pub parent: ::prost::alloc::string::String, /// Required. It must be unique within a KeyRing and match the regular /// expression `\[a-zA-Z0-9_-\]{1,63}` #[prost(string, tag = "2")] pub import_job_id: ::prost::alloc::string::String, /// Required. An \[ImportJob][google.cloud.kms.v1.ImportJob\] with initial field values. #[prost(message, optional, tag = "3")] pub import_job: ::core::option::Option, } /// Request message for \[KeyManagementService.UpdateCryptoKey][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKey\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct UpdateCryptoKeyRequest { /// Required. \[CryptoKey][google.cloud.kms.v1.CryptoKey\] with updated values. #[prost(message, optional, tag = "1")] pub crypto_key: ::core::option::Option, /// Required. List of fields to be updated in this request. #[prost(message, optional, tag = "2")] pub update_mask: ::core::option::Option<::prost_types::FieldMask>, } /// Request message for \[KeyManagementService.UpdateCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyVersion\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct UpdateCryptoKeyVersionRequest { /// Required. \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] with updated values. #[prost(message, optional, tag = "1")] pub crypto_key_version: ::core::option::Option, /// Required. List of fields to be updated in this request. #[prost(message, optional, tag = "2")] pub update_mask: ::core::option::Option<::prost_types::FieldMask>, } /// Request message for \[KeyManagementService.UpdateCryptoKeyPrimaryVersion][google.cloud.kms.v1.KeyManagementService.UpdateCryptoKeyPrimaryVersion\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct UpdateCryptoKeyPrimaryVersionRequest { /// Required. The resource name of the \[CryptoKey][google.cloud.kms.v1.CryptoKey\] to update. #[prost(string, tag = "1")] pub name: ::prost::alloc::string::String, /// Required. The id of the child \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] to use as primary. #[prost(string, tag = "2")] pub crypto_key_version_id: ::prost::alloc::string::String, } /// Request message for \[KeyManagementService.DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct DestroyCryptoKeyVersionRequest { /// Required. The resource name of the \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] to destroy. #[prost(string, tag = "1")] pub name: ::prost::alloc::string::String, } /// Request message for \[KeyManagementService.RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct RestoreCryptoKeyVersionRequest { /// Required. The resource name of the \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] to restore. #[prost(string, tag = "1")] pub name: ::prost::alloc::string::String, } /// Request message for \[KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct EncryptRequest { /// Required. The resource name of the \[CryptoKey][google.cloud.kms.v1.CryptoKey\] or \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] /// to use for encryption. /// /// If a \[CryptoKey][google.cloud.kms.v1.CryptoKey\] is specified, the server will use its /// [primary version]\[google.cloud.kms.v1.CryptoKey.primary\]. #[prost(string, tag = "1")] pub name: ::prost::alloc::string::String, /// Required. The data to encrypt. Must be no larger than 64KiB. /// /// The maximum size depends on the key version's /// \[protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level\]. For /// \[SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE\] keys, the plaintext must be no larger /// than 64KiB. For \[HSM][google.cloud.kms.v1.ProtectionLevel.HSM\] keys, the combined length of the /// plaintext and additional_authenticated_data fields must be no larger than /// 8KiB. #[prost(bytes = "vec", tag = "2")] pub plaintext: ::prost::alloc::vec::Vec, /// Optional. Optional data that, if specified, must also be provided during decryption /// through \[DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data\]. /// /// The maximum size depends on the key version's /// \[protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level\]. For /// \[SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE\] keys, the AAD must be no larger than /// 64KiB. For \[HSM][google.cloud.kms.v1.ProtectionLevel.HSM\] keys, the combined length of the /// plaintext and additional_authenticated_data fields must be no larger than /// 8KiB. #[prost(bytes = "vec", tag = "3")] pub additional_authenticated_data: ::prost::alloc::vec::Vec, /// Optional. An optional CRC32C checksum of the \[EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext\]. If /// specified, \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] will verify the integrity of the /// received \[EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext\] using this checksum. /// \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] will report an error if the checksum verification /// fails. If you receive a checksum error, your client should verify that /// CRC32C(\[EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext\]) is equal to /// \[EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c\], and if so, perform a limited number of /// retries. A persistent mismatch may indicate an issue in your computation of /// the CRC32C checksum. /// Note: This field is defined as int64 for reasons of compatibility across /// different languages. However, it is a non-negative integer, which will /// never exceed 2^32-1, and can be safely downconverted to uint32 in languages /// that support this type. #[prost(message, optional, tag = "7")] pub plaintext_crc32c: ::core::option::Option, /// Optional. An optional CRC32C checksum of the /// \[EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data\]. If specified, /// \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] will verify the integrity of the received /// \[EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data\] using this checksum. /// \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] will report an error if the checksum verification /// fails. If you receive a checksum error, your client should verify that /// CRC32C(\[EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data\]) is equal to /// \[EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c\], and if so, perform /// a limited number of retries. A persistent mismatch may indicate an issue in /// your computation of the CRC32C checksum. /// Note: This field is defined as int64 for reasons of compatibility across /// different languages. However, it is a non-negative integer, which will /// never exceed 2^32-1, and can be safely downconverted to uint32 in languages /// that support this type. #[prost(message, optional, tag = "8")] pub additional_authenticated_data_crc32c: ::core::option::Option, } /// Request message for \[KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct DecryptRequest { /// Required. The resource name of the \[CryptoKey][google.cloud.kms.v1.CryptoKey\] to use for decryption. /// The server will choose the appropriate version. #[prost(string, tag = "1")] pub name: ::prost::alloc::string::String, /// Required. The encrypted data originally returned in /// \[EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext\]. #[prost(bytes = "vec", tag = "2")] pub ciphertext: ::prost::alloc::vec::Vec, /// Optional. Optional data that must match the data originally supplied in /// \[EncryptRequest.additional_authenticated_data][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data\]. #[prost(bytes = "vec", tag = "3")] pub additional_authenticated_data: ::prost::alloc::vec::Vec, /// Optional. An optional CRC32C checksum of the \[DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext\]. If /// specified, \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] will verify the integrity of the /// received \[DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext\] using this checksum. /// \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] will report an error if the checksum verification /// fails. If you receive a checksum error, your client should verify that /// CRC32C(\[DecryptRequest.ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext\]) is equal to /// \[DecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.DecryptRequest.ciphertext_crc32c\], and if so, perform a limited number /// of retries. A persistent mismatch may indicate an issue in your computation /// of the CRC32C checksum. /// Note: This field is defined as int64 for reasons of compatibility across /// different languages. However, it is a non-negative integer, which will /// never exceed 2^32-1, and can be safely downconverted to uint32 in languages /// that support this type. #[prost(message, optional, tag = "5")] pub ciphertext_crc32c: ::core::option::Option, /// Optional. An optional CRC32C checksum of the /// \[DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data\]. If specified, /// \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] will verify the integrity of the received /// \[DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data\] using this checksum. /// \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] will report an error if the checksum verification /// fails. If you receive a checksum error, your client should verify that /// CRC32C(\[DecryptRequest.additional_authenticated_data][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data\]) is equal to /// \[DecryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.DecryptRequest.additional_authenticated_data_crc32c\], and if so, perform /// a limited number of retries. A persistent mismatch may indicate an issue in /// your computation of the CRC32C checksum. /// Note: This field is defined as int64 for reasons of compatibility across /// different languages. However, it is a non-negative integer, which will /// never exceed 2^32-1, and can be safely downconverted to uint32 in languages /// that support this type. #[prost(message, optional, tag = "6")] pub additional_authenticated_data_crc32c: ::core::option::Option, } /// Request message for \[KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct AsymmetricSignRequest { /// Required. The resource name of the \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] to use for signing. #[prost(string, tag = "1")] pub name: ::prost::alloc::string::String, /// Optional. The digest of the data to sign. The digest must be produced with /// the same digest algorithm as specified by the key version's /// \[algorithm][google.cloud.kms.v1.CryptoKeyVersion.algorithm\]. #[prost(message, optional, tag = "3")] pub digest: ::core::option::Option, /// Optional. An optional CRC32C checksum of the \[AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest\]. If /// specified, \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] will verify the integrity of the /// received \[AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest\] using this checksum. /// \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] will report an error if the checksum verification /// fails. If you receive a checksum error, your client should verify that /// CRC32C(\[AsymmetricSignRequest.digest][google.cloud.kms.v1.AsymmetricSignRequest.digest\]) is equal to /// \[AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c\], and if so, perform a limited /// number of retries. A persistent mismatch may indicate an issue in your /// computation of the CRC32C checksum. /// Note: This field is defined as int64 for reasons of compatibility across /// different languages. However, it is a non-negative integer, which will /// never exceed 2^32-1, and can be safely downconverted to uint32 in languages /// that support this type. #[prost(message, optional, tag = "4")] pub digest_crc32c: ::core::option::Option, /// Optional. This field will only be honored for RAW_PKCS1 keys. /// The data to sign. A digest is computed over the data that will be signed, /// PKCS #1 padding is applied to the digest directly and then encrypted. #[prost(bytes = "vec", tag = "6")] pub data: ::prost::alloc::vec::Vec, /// Optional. An optional CRC32C checksum of the \[AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data\]. If /// specified, \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] will verify the integrity of the /// received \[AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data\] using this checksum. /// \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] will report an error if the checksum verification /// fails. If you receive a checksum error, your client should verify that /// CRC32C(\[AsymmetricSignRequest.data][google.cloud.kms.v1.AsymmetricSignRequest.data\]) is equal to /// \[AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c\], and if so, perform a limited /// number of retries. A persistent mismatch may indicate an issue in your /// computation of the CRC32C checksum. /// Note: This field is defined as int64 for reasons of compatibility across /// different languages. However, it is a non-negative integer, which will /// never exceed 2^32-1, and can be safely downconverted to uint32 in languages /// that support this type. #[prost(message, optional, tag = "7")] pub data_crc32c: ::core::option::Option, } /// Request message for \[KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct AsymmetricDecryptRequest { /// Required. The resource name of the \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] to use for /// decryption. #[prost(string, tag = "1")] pub name: ::prost::alloc::string::String, /// Required. The data encrypted with the named \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\]'s public /// key using OAEP. #[prost(bytes = "vec", tag = "3")] pub ciphertext: ::prost::alloc::vec::Vec, /// Optional. An optional CRC32C checksum of the \[AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext\]. /// If specified, \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] will verify the integrity of the /// received \[AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext\] using this checksum. /// \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] will report an error if the checksum verification /// fails. If you receive a checksum error, your client should verify that /// CRC32C(\[AsymmetricDecryptRequest.ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext\]) is equal to /// \[AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c\], and if so, perform a /// limited number of retries. A persistent mismatch may indicate an issue in /// your computation of the CRC32C checksum. /// Note: This field is defined as int64 for reasons of compatibility across /// different languages. However, it is a non-negative integer, which will /// never exceed 2^32-1, and can be safely downconverted to uint32 in languages /// that support this type. #[prost(message, optional, tag = "4")] pub ciphertext_crc32c: ::core::option::Option, } /// Request message for \[KeyManagementService.MacSign][google.cloud.kms.v1.KeyManagementService.MacSign\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct MacSignRequest { /// Required. The resource name of the \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] to use for signing. #[prost(string, tag = "1")] pub name: ::prost::alloc::string::String, /// Required. The data to sign. The MAC tag is computed over this data field based on /// the specific algorithm. #[prost(bytes = "vec", tag = "2")] pub data: ::prost::alloc::vec::Vec, /// Optional. An optional CRC32C checksum of the \[MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data\]. If /// specified, \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] will verify the integrity of the /// received \[MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data\] using this checksum. /// \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] will report an error if the checksum verification /// fails. If you receive a checksum error, your client should verify that /// CRC32C(\[MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data\]) is equal to /// \[MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c\], and if so, perform a limited /// number of retries. A persistent mismatch may indicate an issue in your /// computation of the CRC32C checksum. /// Note: This field is defined as int64 for reasons of compatibility across /// different languages. However, it is a non-negative integer, which will /// never exceed 2^32-1, and can be safely downconverted to uint32 in languages /// that support this type. #[prost(message, optional, tag = "3")] pub data_crc32c: ::core::option::Option, } /// Request message for \[KeyManagementService.MacVerify][google.cloud.kms.v1.KeyManagementService.MacVerify\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct MacVerifyRequest { /// Required. The resource name of the \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] to use for verification. #[prost(string, tag = "1")] pub name: ::prost::alloc::string::String, /// Required. The data used previously as a \[MacSignRequest.data][google.cloud.kms.v1.MacSignRequest.data\] to generate the MAC /// tag. #[prost(bytes = "vec", tag = "2")] pub data: ::prost::alloc::vec::Vec, /// Optional. An optional CRC32C checksum of the \[MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data\]. If /// specified, \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] will verify the integrity of the /// received \[MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data\] using this checksum. /// \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] will report an error if the checksum verification /// fails. If you receive a checksum error, your client should verify that /// CRC32C(\[MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data\]) is equal to /// \[MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c\], and if so, perform a limited /// number of retries. A persistent mismatch may indicate an issue in your /// computation of the CRC32C checksum. /// Note: This field is defined as int64 for reasons of compatibility across /// different languages. However, it is a non-negative integer, which will /// never exceed 2^32-1, and can be safely downconverted to uint32 in languages /// that support this type. #[prost(message, optional, tag = "3")] pub data_crc32c: ::core::option::Option, /// Required. The signature to verify. #[prost(bytes = "vec", tag = "4")] pub mac: ::prost::alloc::vec::Vec, /// Optional. An optional CRC32C checksum of the \[MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac\]. If /// specified, \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] will verify the integrity of the /// received \[MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac\] using this checksum. /// \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] will report an error if the checksum verification /// fails. If you receive a checksum error, your client should verify that /// CRC32C(\[MacVerifyRequest.tag][\]) is equal to /// \[MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c\], and if so, perform a limited /// number of retries. A persistent mismatch may indicate an issue in your /// computation of the CRC32C checksum. /// Note: This field is defined as int64 for reasons of compatibility across /// different languages. However, it is a non-negative integer, which will /// never exceed 2^32-1, and can be safely downconverted to uint32 in languages /// that support this type. #[prost(message, optional, tag = "5")] pub mac_crc32c: ::core::option::Option, } /// Request message for \[KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct GenerateRandomBytesRequest { /// The project-specific location in which to generate random bytes. /// For example, "projects/my-project/locations/us-central1". #[prost(string, tag = "1")] pub location: ::prost::alloc::string::String, /// The length in bytes of the amount of randomness to retrieve. Minimum 8 /// bytes, maximum 1024 bytes. #[prost(int32, tag = "2")] pub length_bytes: i32, /// The \[ProtectionLevel][google.cloud.kms.v1.ProtectionLevel\] to use when generating the random data. Defaults to /// \[SOFTWARE][google.cloud.kms.v1.ProtectionLevel.SOFTWARE\]. #[prost(enumeration = "ProtectionLevel", tag = "3")] pub protection_level: i32, } /// Response message for \[KeyManagementService.Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct EncryptResponse { /// The resource name of the \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] used in encryption. Check /// this field to verify that the intended resource was used for encryption. #[prost(string, tag = "1")] pub name: ::prost::alloc::string::String, /// The encrypted data. #[prost(bytes = "vec", tag = "2")] pub ciphertext: ::prost::alloc::vec::Vec, /// Integrity verification field. A CRC32C checksum of the returned /// \[EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext\]. An integrity check of /// \[EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext\] can be performed by computing the CRC32C /// checksum of \[EncryptResponse.ciphertext][google.cloud.kms.v1.EncryptResponse.ciphertext\] and comparing your results to /// this field. Discard the response in case of non-matching checksum values, /// and perform a limited number of retries. A persistent mismatch may indicate /// an issue in your computation of the CRC32C checksum. /// Note: This field is defined as int64 for reasons of compatibility across /// different languages. However, it is a non-negative integer, which will /// never exceed 2^32-1, and can be safely downconverted to uint32 in languages /// that support this type. #[prost(message, optional, tag = "4")] pub ciphertext_crc32c: ::core::option::Option, /// Integrity verification field. A flag indicating whether /// \[EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c\] was received by /// \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] and used for the integrity verification of the /// \[plaintext][google.cloud.kms.v1.EncryptRequest.plaintext\]. A false value of this field /// indicates either that \[EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c\] was left unset or /// that it was not delivered to \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\]. If you've set /// \[EncryptRequest.plaintext_crc32c][google.cloud.kms.v1.EncryptRequest.plaintext_crc32c\] but this field is still false, discard /// the response and perform a limited number of retries. #[prost(bool, tag = "5")] pub verified_plaintext_crc32c: bool, /// Integrity verification field. A flag indicating whether /// \[EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c\] was received by /// \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] and used for the integrity verification of the /// \[AAD][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data\]. A false value of this /// field indicates either that /// \[EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c\] was left unset or /// that it was not delivered to \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\]. If you've set /// \[EncryptRequest.additional_authenticated_data_crc32c][google.cloud.kms.v1.EncryptRequest.additional_authenticated_data_crc32c\] but this field is /// still false, discard the response and perform a limited number of retries. #[prost(bool, tag = "6")] pub verified_additional_authenticated_data_crc32c: bool, /// The \[ProtectionLevel][google.cloud.kms.v1.ProtectionLevel\] of the \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] used in encryption. #[prost(enumeration = "ProtectionLevel", tag = "7")] pub protection_level: i32, } /// Response message for \[KeyManagementService.Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct DecryptResponse { /// The decrypted data originally supplied in \[EncryptRequest.plaintext][google.cloud.kms.v1.EncryptRequest.plaintext\]. #[prost(bytes = "vec", tag = "1")] pub plaintext: ::prost::alloc::vec::Vec, /// Integrity verification field. A CRC32C checksum of the returned /// \[DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext\]. An integrity check of /// \[DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext\] can be performed by computing the CRC32C /// checksum of \[DecryptResponse.plaintext][google.cloud.kms.v1.DecryptResponse.plaintext\] and comparing your results to /// this field. Discard the response in case of non-matching checksum values, /// and perform a limited number of retries. A persistent mismatch may indicate /// an issue in your computation of the CRC32C checksum. Note: receiving this /// response message indicates that \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] is able to /// successfully decrypt the \[ciphertext][google.cloud.kms.v1.DecryptRequest.ciphertext\]. /// Note: This field is defined as int64 for reasons of compatibility across /// different languages. However, it is a non-negative integer, which will /// never exceed 2^32-1, and can be safely downconverted to uint32 in languages /// that support this type. #[prost(message, optional, tag = "2")] pub plaintext_crc32c: ::core::option::Option, /// Whether the Decryption was performed using the primary key version. #[prost(bool, tag = "3")] pub used_primary: bool, /// The \[ProtectionLevel][google.cloud.kms.v1.ProtectionLevel\] of the \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] used in decryption. #[prost(enumeration = "ProtectionLevel", tag = "4")] pub protection_level: i32, } /// Response message for \[KeyManagementService.AsymmetricSign][google.cloud.kms.v1.KeyManagementService.AsymmetricSign\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct AsymmetricSignResponse { /// The created signature. #[prost(bytes = "vec", tag = "1")] pub signature: ::prost::alloc::vec::Vec, /// Integrity verification field. A CRC32C checksum of the returned /// \[AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature\]. An integrity check of /// \[AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature\] can be performed by computing the /// CRC32C checksum of \[AsymmetricSignResponse.signature][google.cloud.kms.v1.AsymmetricSignResponse.signature\] and comparing your /// results to this field. Discard the response in case of non-matching /// checksum values, and perform a limited number of retries. A persistent /// mismatch may indicate an issue in your computation of the CRC32C checksum. /// Note: This field is defined as int64 for reasons of compatibility across /// different languages. However, it is a non-negative integer, which will /// never exceed 2^32-1, and can be safely downconverted to uint32 in languages /// that support this type. #[prost(message, optional, tag = "2")] pub signature_crc32c: ::core::option::Option, /// Integrity verification field. A flag indicating whether /// \[AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c\] was received by /// \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] and used for the integrity verification of the /// \[digest][google.cloud.kms.v1.AsymmetricSignRequest.digest\]. A false value of this field /// indicates either that \[AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c\] was left /// unset or that it was not delivered to \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\]. If you've /// set \[AsymmetricSignRequest.digest_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.digest_crc32c\] but this field is still false, /// discard the response and perform a limited number of retries. #[prost(bool, tag = "3")] pub verified_digest_crc32c: bool, /// The resource name of the \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] used for signing. Check /// this field to verify that the intended resource was used for signing. #[prost(string, tag = "4")] pub name: ::prost::alloc::string::String, /// Integrity verification field. A flag indicating whether /// \[AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c\] was received by /// \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] and used for the integrity verification of the /// \[data][google.cloud.kms.v1.AsymmetricSignRequest.data\]. A false value of this field /// indicates either that \[AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c\] was left /// unset or that it was not delivered to \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\]. If you've /// set \[AsymmetricSignRequest.data_crc32c][google.cloud.kms.v1.AsymmetricSignRequest.data_crc32c\] but this field is still false, /// discard the response and perform a limited number of retries. #[prost(bool, tag = "5")] pub verified_data_crc32c: bool, /// The \[ProtectionLevel][google.cloud.kms.v1.ProtectionLevel\] of the \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] used for signing. #[prost(enumeration = "ProtectionLevel", tag = "6")] pub protection_level: i32, } /// Response message for \[KeyManagementService.AsymmetricDecrypt][google.cloud.kms.v1.KeyManagementService.AsymmetricDecrypt\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct AsymmetricDecryptResponse { /// The decrypted data originally encrypted with the matching public key. #[prost(bytes = "vec", tag = "1")] pub plaintext: ::prost::alloc::vec::Vec, /// Integrity verification field. A CRC32C checksum of the returned /// \[AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext\]. An integrity check of /// \[AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext\] can be performed by computing the /// CRC32C checksum of \[AsymmetricDecryptResponse.plaintext][google.cloud.kms.v1.AsymmetricDecryptResponse.plaintext\] and comparing /// your results to this field. Discard the response in case of non-matching /// checksum values, and perform a limited number of retries. A persistent /// mismatch may indicate an issue in your computation of the CRC32C checksum. /// Note: This field is defined as int64 for reasons of compatibility across /// different languages. However, it is a non-negative integer, which will /// never exceed 2^32-1, and can be safely downconverted to uint32 in languages /// that support this type. #[prost(message, optional, tag = "2")] pub plaintext_crc32c: ::core::option::Option, /// Integrity verification field. A flag indicating whether /// \[AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c\] was received by /// \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] and used for the integrity verification of the /// \[ciphertext][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext\]. A false value of this /// field indicates either that \[AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c\] /// was left unset or that it was not delivered to \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\]. If /// you've set \[AsymmetricDecryptRequest.ciphertext_crc32c][google.cloud.kms.v1.AsymmetricDecryptRequest.ciphertext_crc32c\] but this field is /// still false, discard the response and perform a limited number of retries. #[prost(bool, tag = "3")] pub verified_ciphertext_crc32c: bool, /// The \[ProtectionLevel][google.cloud.kms.v1.ProtectionLevel\] of the \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] used in decryption. #[prost(enumeration = "ProtectionLevel", tag = "4")] pub protection_level: i32, } /// Response message for \[KeyManagementService.MacSign][google.cloud.kms.v1.KeyManagementService.MacSign\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct MacSignResponse { /// The resource name of the \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] used for signing. Check /// this field to verify that the intended resource was used for signing. #[prost(string, tag = "1")] pub name: ::prost::alloc::string::String, /// The created signature. #[prost(bytes = "vec", tag = "2")] pub mac: ::prost::alloc::vec::Vec, /// Integrity verification field. A CRC32C checksum of the returned /// \[MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac\]. An integrity check of /// \[MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac\] can be performed by computing the /// CRC32C checksum of \[MacSignResponse.mac][google.cloud.kms.v1.MacSignResponse.mac\] and comparing your /// results to this field. Discard the response in case of non-matching /// checksum values, and perform a limited number of retries. A persistent /// mismatch may indicate an issue in your computation of the CRC32C checksum. /// Note: This field is defined as int64 for reasons of compatibility across /// different languages. However, it is a non-negative integer, which will /// never exceed 2^32-1, and can be safely downconverted to uint32 in languages /// that support this type. #[prost(message, optional, tag = "3")] pub mac_crc32c: ::core::option::Option, /// Integrity verification field. A flag indicating whether /// \[MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c\] was received by /// \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] and used for the integrity verification of the /// \[data][google.cloud.kms.v1.MacSignRequest.data\]. A false value of this field /// indicates either that \[MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c\] was left /// unset or that it was not delivered to \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\]. If you've /// set \[MacSignRequest.data_crc32c][google.cloud.kms.v1.MacSignRequest.data_crc32c\] but this field is still false, /// discard the response and perform a limited number of retries. #[prost(bool, tag = "4")] pub verified_data_crc32c: bool, /// The \[ProtectionLevel][google.cloud.kms.v1.ProtectionLevel\] of the \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] used for signing. #[prost(enumeration = "ProtectionLevel", tag = "5")] pub protection_level: i32, } /// Response message for \[KeyManagementService.MacVerify][google.cloud.kms.v1.KeyManagementService.MacVerify\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct MacVerifyResponse { /// The resource name of the \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] used for verification. /// Check this field to verify that the intended resource was used for /// verification. #[prost(string, tag = "1")] pub name: ::prost::alloc::string::String, /// This field indicates whether or not the verification operation for /// \[MacVerifyRequest.mac][google.cloud.kms.v1.MacVerifyRequest.mac\] over \[MacVerifyRequest.data][google.cloud.kms.v1.MacVerifyRequest.data\] was successful. #[prost(bool, tag = "2")] pub success: bool, /// Integrity verification field. A flag indicating whether /// \[MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c\] was received by /// \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] and used for the integrity verification of the /// \[data][google.cloud.kms.v1.MacVerifyRequest.data\]. A false value of this field /// indicates either that \[MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c\] was left /// unset or that it was not delivered to \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\]. If you've /// set \[MacVerifyRequest.data_crc32c][google.cloud.kms.v1.MacVerifyRequest.data_crc32c\] but this field is still false, /// discard the response and perform a limited number of retries. #[prost(bool, tag = "3")] pub verified_data_crc32c: bool, /// Integrity verification field. A flag indicating whether /// \[MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c\] was received by /// \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\] and used for the integrity verification of the /// \[data][google.cloud.kms.v1.MacVerifyRequest.mac\]. A false value of this field /// indicates either that \[MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c\] was left /// unset or that it was not delivered to \[KeyManagementService][google.cloud.kms.v1.KeyManagementService\]. If you've /// set \[MacVerifyRequest.mac_crc32c][google.cloud.kms.v1.MacVerifyRequest.mac_crc32c\] but this field is still false, /// discard the response and perform a limited number of retries. #[prost(bool, tag = "4")] pub verified_mac_crc32c: bool, /// Integrity verification field. This value is used for the integrity /// verification of \[MacVerifyResponse.success\]. If the value of this field /// contradicts the value of \[MacVerifyResponse.success\], discard the response /// and perform a limited number of retries. #[prost(bool, tag = "5")] pub verified_success_integrity: bool, /// The \[ProtectionLevel][google.cloud.kms.v1.ProtectionLevel\] of the \[CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion\] used for verification. #[prost(enumeration = "ProtectionLevel", tag = "6")] pub protection_level: i32, } /// Response message for \[KeyManagementService.GenerateRandomBytes][google.cloud.kms.v1.KeyManagementService.GenerateRandomBytes\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct GenerateRandomBytesResponse { /// The generated data. #[prost(bytes = "vec", tag = "1")] pub data: ::prost::alloc::vec::Vec, /// Integrity verification field. A CRC32C checksum of the returned /// \[GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data\]. An integrity check of /// \[GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data\] can be performed by computing the /// CRC32C checksum of \[GenerateRandomBytesResponse.data][google.cloud.kms.v1.GenerateRandomBytesResponse.data\] and comparing your /// results to this field. Discard the response in case of non-matching /// checksum values, and perform a limited number of retries. A persistent /// mismatch may indicate an issue in your computation of the CRC32C checksum. /// Note: This field is defined as int64 for reasons of compatibility across /// different languages. However, it is a non-negative integer, which will /// never exceed 2^32-1, and can be safely downconverted to uint32 in languages /// that support this type. #[prost(message, optional, tag = "3")] pub data_crc32c: ::core::option::Option, } /// A \[Digest][google.cloud.kms.v1.Digest\] holds a cryptographic message digest. #[derive(Clone, PartialEq, ::prost::Message)] pub struct Digest { /// Required. The message digest. #[prost(oneof = "digest::Digest", tags = "1, 2, 3")] pub digest: ::core::option::Option, } /// Nested message and enum types in `Digest`. pub mod digest { /// Required. The message digest. #[derive(Clone, PartialEq, ::prost::Oneof)] pub enum Digest { /// A message digest produced with the SHA-256 algorithm. #[prost(bytes, tag = "1")] Sha256(::prost::alloc::vec::Vec), /// A message digest produced with the SHA-384 algorithm. #[prost(bytes, tag = "2")] Sha384(::prost::alloc::vec::Vec), /// A message digest produced with the SHA-512 algorithm. #[prost(bytes, tag = "3")] Sha512(::prost::alloc::vec::Vec), } } /// Cloud KMS metadata for the given \[google.cloud.location.Location][google.cloud.location.Location\]. #[derive(Clone, PartialEq, ::prost::Message)] pub struct LocationMetadata { /// Indicates whether \[CryptoKeys][google.cloud.kms.v1.CryptoKey\] with /// \[protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level\] /// \[HSM][google.cloud.kms.v1.ProtectionLevel.HSM\] can be created in this location. #[prost(bool, tag = "1")] pub hsm_available: bool, /// Indicates whether \[CryptoKeys][google.cloud.kms.v1.CryptoKey\] with /// \[protection_level][google.cloud.kms.v1.CryptoKeyVersionTemplate.protection_level\] /// \[EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL\] can be created in this location. #[prost(bool, tag = "2")] pub ekm_available: bool, } #[doc = r" Generated client implementations."] pub mod key_management_service_client { #![allow(unused_variables, dead_code, missing_docs, clippy::let_unit_value)] use tonic::codegen::*; #[doc = " Google Cloud Key Management Service"] #[doc = ""] #[doc = " Manages cryptographic keys and operations using those keys. Implements a REST"] #[doc = " model with the following objects:"] #[doc = ""] #[doc = " * [KeyRing][google.cloud.kms.v1.KeyRing]"] #[doc = " * [CryptoKey][google.cloud.kms.v1.CryptoKey]"] #[doc = " * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]"] #[doc = " * [ImportJob][google.cloud.kms.v1.ImportJob]"] #[doc = ""] #[doc = " If you are using manual gRPC libraries, see"] #[doc = " [Using gRPC with Cloud KMS](https://cloud.google.com/kms/docs/grpc)."] #[derive(Debug, Clone)] pub struct KeyManagementServiceClient { inner: tonic::client::Grpc, } impl KeyManagementServiceClient where T: tonic::client::GrpcService, T::ResponseBody: Body + Send + 'static, T::Error: Into, ::Error: Into + Send, { pub fn new(inner: T) -> Self { let inner = tonic::client::Grpc::new(inner); Self { inner } } pub fn with_interceptor( inner: T, interceptor: F, ) -> KeyManagementServiceClient> where F: tonic::service::Interceptor, T: tonic::codegen::Service< http::Request, Response = http::Response< >::ResponseBody, >, >, >>::Error: Into + Send + Sync, { KeyManagementServiceClient::new(InterceptedService::new(inner, interceptor)) } #[doc = r" Compress requests with `gzip`."] #[doc = r""] #[doc = r" This requires the server to support it otherwise it might respond with an"] #[doc = r" error."] pub fn send_gzip(mut self) -> Self { self.inner = self.inner.send_gzip(); self } #[doc = r" Enable decompressing responses with `gzip`."] pub fn accept_gzip(mut self) -> Self { self.inner = self.inner.accept_gzip(); self } #[doc = " Lists [KeyRings][google.cloud.kms.v1.KeyRing]."] pub async fn list_key_rings( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/ListKeyRings", ); self.inner.unary(request.into_request(), path, codec).await } #[doc = " Lists [CryptoKeys][google.cloud.kms.v1.CryptoKey]."] pub async fn list_crypto_keys( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/ListCryptoKeys", ); self.inner.unary(request.into_request(), path, codec).await } #[doc = " Lists [CryptoKeyVersions][google.cloud.kms.v1.CryptoKeyVersion]."] pub async fn list_crypto_key_versions( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/ListCryptoKeyVersions", ); self.inner.unary(request.into_request(), path, codec).await } #[doc = " Lists [ImportJobs][google.cloud.kms.v1.ImportJob]."] pub async fn list_import_jobs( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/ListImportJobs", ); self.inner.unary(request.into_request(), path, codec).await } #[doc = " Returns metadata for a given [KeyRing][google.cloud.kms.v1.KeyRing]."] pub async fn get_key_ring( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/GetKeyRing", ); self.inner.unary(request.into_request(), path, codec).await } #[doc = " Returns metadata for a given [CryptoKey][google.cloud.kms.v1.CryptoKey], as well as its"] #[doc = " [primary][google.cloud.kms.v1.CryptoKey.primary] [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]."] pub async fn get_crypto_key( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/GetCryptoKey", ); self.inner.unary(request.into_request(), path, codec).await } #[doc = " Returns metadata for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]."] pub async fn get_crypto_key_version( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/GetCryptoKeyVersion", ); self.inner.unary(request.into_request(), path, codec).await } #[doc = " Returns the public key for the given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. The"] #[doc = " [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be"] #[doc = " [ASYMMETRIC_SIGN][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_SIGN] or"] #[doc = " [ASYMMETRIC_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ASYMMETRIC_DECRYPT]."] pub async fn get_public_key( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/GetPublicKey", ); self.inner.unary(request.into_request(), path, codec).await } #[doc = " Returns metadata for a given [ImportJob][google.cloud.kms.v1.ImportJob]."] pub async fn get_import_job( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/GetImportJob", ); self.inner.unary(request.into_request(), path, codec).await } #[doc = " Create a new [KeyRing][google.cloud.kms.v1.KeyRing] in a given Project and Location."] pub async fn create_key_ring( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/CreateKeyRing", ); self.inner.unary(request.into_request(), path, codec).await } #[doc = " Create a new [CryptoKey][google.cloud.kms.v1.CryptoKey] within a [KeyRing][google.cloud.kms.v1.KeyRing]."] #[doc = ""] #[doc = " [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] and"] #[doc = " [CryptoKey.version_template.algorithm][google.cloud.kms.v1.CryptoKeyVersionTemplate.algorithm]"] #[doc = " are required."] pub async fn create_crypto_key( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/CreateCryptoKey", ); self.inner.unary(request.into_request(), path, codec).await } #[doc = " Create a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in a [CryptoKey][google.cloud.kms.v1.CryptoKey]."] #[doc = ""] #[doc = " The server will assign the next sequential id. If unset,"] #[doc = " [state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to"] #[doc = " [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED]."] pub async fn create_crypto_key_version( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/CreateCryptoKeyVersion", ); self.inner.unary(request.into_request(), path, codec).await } #[doc = " Import wrapped key material into a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]."] #[doc = ""] #[doc = " All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is"] #[doc = " additionally specified in the request, key material will be reimported into"] #[doc = " that version. Otherwise, a new version will be created, and will be"] #[doc = " assigned the next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey]."] pub async fn import_crypto_key_version( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/ImportCryptoKeyVersion", ); self.inner.unary(request.into_request(), path, codec).await } #[doc = " Create a new [ImportJob][google.cloud.kms.v1.ImportJob] within a [KeyRing][google.cloud.kms.v1.KeyRing]."] #[doc = ""] #[doc = " [ImportJob.import_method][google.cloud.kms.v1.ImportJob.import_method] is required."] pub async fn create_import_job( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/CreateImportJob", ); self.inner.unary(request.into_request(), path, codec).await } #[doc = " Update a [CryptoKey][google.cloud.kms.v1.CryptoKey]."] pub async fn update_crypto_key( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/UpdateCryptoKey", ); self.inner.unary(request.into_request(), path, codec).await } #[doc = " Update a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s metadata."] #[doc = ""] #[doc = " [state][google.cloud.kms.v1.CryptoKeyVersion.state] may be changed between"] #[doc = " [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] and"] #[doc = " [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED] using this"] #[doc = " method. See [DestroyCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.DestroyCryptoKeyVersion] and [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] to"] #[doc = " move between other states."] pub async fn update_crypto_key_version( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/UpdateCryptoKeyVersion", ); self.inner.unary(request.into_request(), path, codec).await } #[doc = " Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]."] #[doc = ""] #[doc = " Returns an error if called on a key whose purpose is not"] #[doc = " [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]."] pub async fn update_crypto_key_primary_version( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/UpdateCryptoKeyPrimaryVersion", ); self.inner.unary(request.into_request(), path, codec).await } #[doc = " Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction."] #[doc = ""] #[doc = " Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to"] #[doc = " [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],"] #[doc = " and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time"] #[doc = " [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the"] #[doc = " future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will"] #[doc = " automatically change to"] #[doc = " [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key"] #[doc = " material will be irrevocably destroyed."] #[doc = ""] #[doc = " Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached,"] #[doc = " [RestoreCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.RestoreCryptoKeyVersion] may be called to reverse the process."] pub async fn destroy_crypto_key_version( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/DestroyCryptoKeyVersion", ); self.inner.unary(request.into_request(), path, codec).await } #[doc = " Restore a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] in the"] #[doc = " [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]"] #[doc = " state."] #[doc = ""] #[doc = " Upon restoration of the CryptoKeyVersion, [state][google.cloud.kms.v1.CryptoKeyVersion.state]"] #[doc = " will be set to [DISABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DISABLED],"] #[doc = " and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be cleared."] pub async fn restore_crypto_key_version( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/RestoreCryptoKeyVersion", ); self.inner.unary(request.into_request(), path, codec).await } #[doc = " Encrypts data, so that it can only be recovered by a call to [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt]."] #[doc = " The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be"] #[doc = " [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]."] pub async fn encrypt( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/Encrypt", ); self.inner.unary(request.into_request(), path, codec).await } #[doc = " Decrypts data that was protected by [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt]. The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]"] #[doc = " must be [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT]."] pub async fn decrypt( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/Decrypt", ); self.inner.unary(request.into_request(), path, codec).await } #[doc = " Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]"] #[doc = " ASYMMETRIC_SIGN, producing a signature that can be verified with the public"] #[doc = " key retrieved from [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey]."] pub async fn asymmetric_sign( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/AsymmetricSign", ); self.inner.unary(request.into_request(), path, codec).await } #[doc = " Decrypts data that was encrypted with a public key retrieved from"] #[doc = " [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey] corresponding to a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with"] #[doc = " [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] ASYMMETRIC_DECRYPT."] pub async fn asymmetric_decrypt( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/AsymmetricDecrypt", ); self.inner.unary(request.into_request(), path, codec).await } #[doc = " Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]"] #[doc = " MAC, producing a tag that can be verified by another source with the"] #[doc = " same key."] pub async fn mac_sign( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/MacSign", ); self.inner.unary(request.into_request(), path, codec).await } #[doc = " Verifies MAC tag using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose]"] #[doc = " MAC, and returns a response that indicates whether or not the verification"] #[doc = " was successful."] pub async fn mac_verify( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/MacVerify", ); self.inner.unary(request.into_request(), path, codec).await } #[doc = " Generate random bytes using the Cloud KMS randomness source in the provided"] #[doc = " location."] pub async fn generate_random_bytes( &mut self, request: impl tonic::IntoRequest, ) -> Result, tonic::Status> { self.inner.ready().await.map_err(|e| { tonic::Status::new( tonic::Code::Unknown, format!("Service was not ready: {}", e.into()), ) })?; let codec = tonic::codec::ProstCodec::default(); let path = http::uri::PathAndQuery::from_static( "/google.cloud.kms.v1.KeyManagementService/GenerateRandomBytes", ); self.inner.unary(request.into_request(), path, codec).await } } }