Class: Google::Cloud::Firestore::Admin::V1::Database::CmekConfig

Inherits:

Object

Object
Google::Cloud::Firestore::Admin::V1::Database::CmekConfig

show all

Extended by:: Protobuf::MessageExts::ClassMethods

Includes:: Protobuf::MessageExts

Defined in:: proto_docs/google/firestore/admin/v1/database.rb

Overview

The CMEK (Customer Managed Encryption Key) configuration for a Firestore database. If not present, the database is secured by the default Google encryption key.

Instance Attribute Summary collapse

#active_key_version ⇒ ::Array<::String> readonly
Output only.
#kms_key_name ⇒ ::String
Required.

Instance Attribute Details

#active_key_version ⇒ `::Array<::String>` (readonly)

Returns Output only. Currently in-use KMS key versions. During key rotation, there can be multiple in-use key versions.

The expected format is projects/{project_id}/locations/{kms_location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{key_version}.

Returns:

(::Array<::String>) —
Output only. Currently in-use KMS key versions. During key rotation, there can be multiple in-use key versions.

The expected format is projects/{project_id}/locations/{kms_location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{key_version}.

# File 'proto_docs/google/firestore/admin/v1/database.rb', line 141

class CmekConfig
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end

#kms_key_name ⇒ `::String`

Returns Required. Only keys in the same location as this database are allowed to be used for encryption.

For Firestore's nam5 multi-region, this corresponds to Cloud KMS multi-region us. For Firestore's eur3 multi-region, this corresponds to Cloud KMS multi-region europe. See https://cloud.google.com/kms/docs/locations.

The expected format is projects/{project_id}/locations/{kms_location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.