key_handles
Creates, updates, deletes, gets or lists a key_handles resource.
Overview
| Name | key_handles |
| Type | Resource |
| Id | google.cloudkms.key_handles |
Fields
The following fields are returned by SELECT queries:
- get
- list
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Identifier. Name of the KeyHandle resource, e.g. projects/{PROJECT_ID}/locations/{LOCATION}/keyHandles/{KEY_HANDLE_ID}. |
kmsKey | string | Output only. Name of a CryptoKey that has been provisioned for Customer Managed Encryption Key (CMEK) use in the KeyHandle project and location for the requested resource type. The CryptoKey project will reflect the value configured in the AutokeyConfig on the resource project's ancestor folder at the time of the KeyHandle creation. If more than one ancestor folder has a configured AutokeyConfig, the nearest of these configurations is used. |
resourceTypeSelector | string | Required. Indicates the resource type that the resulting CryptoKey is meant to protect, e.g. {SERVICE}.googleapis.com/{TYPE}. See documentation for supported resource types. |
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Identifier. Name of the KeyHandle resource, e.g. projects/{PROJECT_ID}/locations/{LOCATION}/keyHandles/{KEY_HANDLE_ID}. |
kmsKey | string | Output only. Name of a CryptoKey that has been provisioned for Customer Managed Encryption Key (CMEK) use in the KeyHandle project and location for the requested resource type. The CryptoKey project will reflect the value configured in the AutokeyConfig on the resource project's ancestor folder at the time of the KeyHandle creation. If more than one ancestor folder has a configured AutokeyConfig, the nearest of these configurations is used. |
resourceTypeSelector | string | Required. Indicates the resource type that the resulting CryptoKey is meant to protect, e.g. {SERVICE}.googleapis.com/{TYPE}. See documentation for supported resource types. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | projectsId, locationsId, keyHandlesId | Returns the KeyHandle. | |
list | select | projectsId, locationsId | pageSize, pageToken, filter | Lists KeyHandles. |
create | insert | projectsId, locationsId | keyHandleId | Creates a new KeyHandle, triggering the provisioning of a new CryptoKey for CMEK use with the given resource type in the configured key project and the same location. GetOperation should be used to resolve the resulting long-running operation and get the resulting KeyHandle and CryptoKey. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
keyHandlesId | string | |
locationsId | string | |
projectsId | string | |
filter | string | |
keyHandleId | string | |
pageSize | integer (int32) | |
pageToken | string |
SELECT examples
- get
- list
Returns the KeyHandle.
SELECT
name,
kmsKey,
resourceTypeSelector
FROM google.cloudkms.key_handles
WHERE projectsId = '{{ projectsId }}' -- required
AND locationsId = '{{ locationsId }}' -- required
AND keyHandlesId = '{{ keyHandlesId }}' -- required;
Lists KeyHandles.
SELECT
name,
kmsKey,
resourceTypeSelector
FROM google.cloudkms.key_handles
WHERE projectsId = '{{ projectsId }}' -- required
AND locationsId = '{{ locationsId }}' -- required
AND pageSize = '{{ pageSize }}'
AND pageToken = '{{ pageToken }}'
AND filter = '{{ filter }}';
INSERT examples
- create
- Manifest
Creates a new KeyHandle, triggering the provisioning of a new CryptoKey for CMEK use with the given resource type in the configured key project and the same location. GetOperation should be used to resolve the resulting long-running operation and get the resulting KeyHandle and CryptoKey.
INSERT INTO google.cloudkms.key_handles (
data__name,
data__resourceTypeSelector,
projectsId,
locationsId,
keyHandleId
)
SELECT
'{{ name }}',
'{{ resourceTypeSelector }}',
'{{ projectsId }}',
'{{ locationsId }}',
'{{ keyHandleId }}'
RETURNING
name,
done,
error,
metadata,
response
;
# Description fields are for documentation purposes
- name: key_handles
props:
- name: projectsId
value: string
description: Required parameter for the key_handles resource.
- name: locationsId
value: string
description: Required parameter for the key_handles resource.
- name: name
value: string
description: >
Identifier. Name of the KeyHandle resource, e.g. `projects/{PROJECT_ID}/locations/{LOCATION}/keyHandles/{KEY_HANDLE_ID}`.
- name: resourceTypeSelector
value: string
description: >
Required. Indicates the resource type that the resulting CryptoKey is meant to protect, e.g. `{SERVICE}.googleapis.com/{TYPE}`. See documentation for supported resource types.
- name: keyHandleId
value: string