ekm_connections
Creates, updates, deletes, gets or lists an ekm_connections resource.
Overview
| Name | ekm_connections |
| Type | Resource |
| Id | google.cloudkms.ekm_connections |
Fields
The following fields are returned by SELECT queries:
- get
- list
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Output only. The resource name for the EkmConnection in the format projects/*/locations/*/ekmConnections/*. |
createTime | string (google-datetime) | Output only. The time at which the EkmConnection was created. |
cryptoSpacePath | string | Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS. |
etag | string | Optional. Etag of the currently stored EkmConnection. |
keyManagementMode | string | Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL. |
serviceResolvers | array | Optional. A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported. |
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Output only. The resource name for the EkmConnection in the format projects/*/locations/*/ekmConnections/*. |
createTime | string (google-datetime) | Output only. The time at which the EkmConnection was created. |
cryptoSpacePath | string | Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS. |
etag | string | Optional. Etag of the currently stored EkmConnection. |
keyManagementMode | string | Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL. |
serviceResolvers | array | Optional. A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | projectsId, locationsId, ekmConnectionsId | Returns metadata for a given EkmConnection. | |
list | select | projectsId, locationsId | pageSize, pageToken, filter, orderBy | Lists EkmConnections. |
create | insert | projectsId, locationsId | ekmConnectionId | Creates a new EkmConnection in a given Project and Location. |
patch | update | projectsId, locationsId, ekmConnectionsId | updateMask | Updates an EkmConnection's metadata. |
verify_connectivity | exec | projectsId, locationsId, ekmConnectionsId | Verifies that Cloud KMS can successfully connect to the external key manager specified by an EkmConnection. If there is an error connecting to the EKM, this method returns a FAILED_PRECONDITION status containing structured information as described at https://cloud.google.com/kms/docs/reference/ekm_errors. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
ekmConnectionsId | string | |
locationsId | string | |
projectsId | string | |
ekmConnectionId | string | |
filter | string | |
orderBy | string | |
pageSize | integer (int32) | |
pageToken | string | |
updateMask | string (google-fieldmask) |
SELECT examples
- get
- list
Returns metadata for a given EkmConnection.
SELECT
name,
createTime,
cryptoSpacePath,
etag,
keyManagementMode,
serviceResolvers
FROM google.cloudkms.ekm_connections
WHERE projectsId = '{{ projectsId }}' -- required
AND locationsId = '{{ locationsId }}' -- required
AND ekmConnectionsId = '{{ ekmConnectionsId }}' -- required;
Lists EkmConnections.
SELECT
name,
createTime,
cryptoSpacePath,
etag,
keyManagementMode,
serviceResolvers
FROM google.cloudkms.ekm_connections
WHERE projectsId = '{{ projectsId }}' -- required
AND locationsId = '{{ locationsId }}' -- required
AND pageSize = '{{ pageSize }}'
AND pageToken = '{{ pageToken }}'
AND filter = '{{ filter }}'
AND orderBy = '{{ orderBy }}';
INSERT examples
- create
- Manifest
Creates a new EkmConnection in a given Project and Location.
INSERT INTO google.cloudkms.ekm_connections (
data__serviceResolvers,
data__etag,
data__keyManagementMode,
data__cryptoSpacePath,
projectsId,
locationsId,
ekmConnectionId
)
SELECT
'{{ serviceResolvers }}',
'{{ etag }}',
'{{ keyManagementMode }}',
'{{ cryptoSpacePath }}',
'{{ projectsId }}',
'{{ locationsId }}',
'{{ ekmConnectionId }}'
RETURNING
name,
createTime,
cryptoSpacePath,
etag,
keyManagementMode,
serviceResolvers
;
# Description fields are for documentation purposes
- name: ekm_connections
props:
- name: projectsId
value: string
description: Required parameter for the ekm_connections resource.
- name: locationsId
value: string
description: Required parameter for the ekm_connections resource.
- name: serviceResolvers
value: array
description: >
Optional. A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported.
- name: etag
value: string
description: >
Optional. Etag of the currently stored EkmConnection.
- name: keyManagementMode
value: string
description: >
Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL.
valid_values: ['KEY_MANAGEMENT_MODE_UNSPECIFIED', 'MANUAL', 'CLOUD_KMS']
- name: cryptoSpacePath
value: string
description: >
Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS.
- name: ekmConnectionId
value: string
UPDATE examples
- patch
Updates an EkmConnection's metadata.
UPDATE google.cloudkms.ekm_connections
SET
data__serviceResolvers = '{{ serviceResolvers }}',
data__etag = '{{ etag }}',
data__keyManagementMode = '{{ keyManagementMode }}',
data__cryptoSpacePath = '{{ cryptoSpacePath }}'
WHERE
projectsId = '{{ projectsId }}' --required
AND locationsId = '{{ locationsId }}' --required
AND ekmConnectionsId = '{{ ekmConnectionsId }}' --required
AND updateMask = '{{ updateMask}}'
RETURNING
name,
createTime,
cryptoSpacePath,
etag,
keyManagementMode,
serviceResolvers;
Lifecycle Methods
- verify_connectivity
Verifies that Cloud KMS can successfully connect to the external key manager specified by an EkmConnection. If there is an error connecting to the EKM, this method returns a FAILED_PRECONDITION status containing structured information as described at https://cloud.google.com/kms/docs/reference/ekm_errors.
EXEC google.cloudkms.ekm_connections.verify_connectivity
@projectsId='{{ projectsId }}' --required,
@locationsId='{{ locationsId }}' --required,
@ekmConnectionsId='{{ ekmConnectionsId }}' --required;