autokey_config
Creates, updates, deletes, gets or lists an autokey_config resource.
Overview
| Name | autokey_config |
| Type | Resource |
| Id | google.cloudkms.autokey_config |
Fields
The following fields are returned by SELECT queries:
- get_autokey_config
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Identifier. Name of the AutokeyConfig resource, e.g. folders/{FOLDER_NUMBER}/autokeyConfig projects/{PROJECT_NUMBER}/autokeyConfig. |
etag | string | Optional. A checksum computed by the server based on the value of other fields. This may be sent on update requests to ensure that the client has an up-to-date value before proceeding. The request will be rejected with an ABORTED error on a mismatched etag. |
keyProject | string | Optional. Name of the key project, e.g. projects/{PROJECT_ID} or projects/{PROJECT_NUMBER}, where Cloud KMS Autokey will provision a new CryptoKey when a KeyHandle is created. On UpdateAutokeyConfig, the caller will require cloudkms.cryptoKeys.setIamPolicy permission on this key project. Once configured, for Cloud KMS Autokey to function properly, this key project must have the Cloud KMS API activated and the Cloud KMS Service Agent for this key project must be granted the cloudkms.admin role (or pertinent permissions). A request with an empty key project field will clear the configuration. |
state | string | Output only. The state for the AutokeyConfig. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get_autokey_config | select | foldersId | Returns the AutokeyConfig for a folder. | |
update_autokey_config | update | foldersId | updateMask | Updates the AutokeyConfig for a folder. The caller must have both cloudkms.autokeyConfigs.update permission on the parent folder and cloudkms.cryptoKeys.setIamPolicy permission on the provided key project. A KeyHandle creation in the folder's descendant projects will use this configuration to determine where to create the resulting CryptoKey. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
foldersId | string | |
updateMask | string (google-fieldmask) |
SELECT examples
- get_autokey_config
Returns the AutokeyConfig for a folder.
SELECT
name,
etag,
keyProject,
state
FROM google.cloudkms.autokey_config
WHERE foldersId = '{{ foldersId }}' -- required;
UPDATE examples
- update_autokey_config
Updates the AutokeyConfig for a folder. The caller must have both cloudkms.autokeyConfigs.update permission on the parent folder and cloudkms.cryptoKeys.setIamPolicy permission on the provided key project. A KeyHandle creation in the folder's descendant projects will use this configuration to determine where to create the resulting CryptoKey.
UPDATE google.cloudkms.autokey_config
SET
data__name = '{{ name }}',
data__keyProject = '{{ keyProject }}',
data__etag = '{{ etag }}'
WHERE
foldersId = '{{ foldersId }}' --required
AND updateMask = '{{ updateMask}}'
RETURNING
name,
etag,
keyProject,
state;