cmek_config
Creates, updates, deletes, gets or lists a cmek_config resource.
Overview
| Name | cmek_config |
| Type | Resource |
| Id | google.cloudtasks.cmek_config |
Fields
The following fields are returned by SELECT queries:
- get_cmek_config
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Output only. The config resource name which includes the project and location and must end in 'cmekConfig', in the format projects/PROJECT_ID/locations/LOCATION_ID/cmekConfig` |
kmsKey | string | Resource name of the Cloud KMS key, of the form projects/PROJECT_ID/locations/LOCATION_ID/keyRings/KEY_RING_ID/cryptoKeys/KEY_ID, that will be used to encrypt the Queues & Tasks in the region. Setting this as blank will turn off CMEK encryption. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get_cmek_config | select | projectsId, locationsId | Gets the CMEK config. Gets the Customer Managed Encryption Key configured with the Cloud Tasks lcoation. By default there is no kms_key configured. | |
update_cmek_config | update | projectsId, locationsId | updateMask | Creates or Updates a CMEK config. Updates the Customer Managed Encryption Key assotiated with the Cloud Tasks location (Creates if the key does not already exist). All new tasks created in the location will be encrypted at-rest with the KMS-key provided in the config. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
locationsId | string | |
projectsId | string | |
updateMask | string (google-fieldmask) |
SELECT examples
- get_cmek_config
Gets the CMEK config. Gets the Customer Managed Encryption Key configured with the Cloud Tasks lcoation. By default there is no kms_key configured.
SELECT
name,
kmsKey
FROM google.cloudtasks.cmek_config
WHERE projectsId = '{{ projectsId }}' -- required
AND locationsId = '{{ locationsId }}' -- required;
UPDATE examples
- update_cmek_config
Creates or Updates a CMEK config. Updates the Customer Managed Encryption Key assotiated with the Cloud Tasks location (Creates if the key does not already exist). All new tasks created in the location will be encrypted at-rest with the KMS-key provided in the config.
UPDATE google.cloudtasks.cmek_config
SET
data__kmsKey = '{{ kmsKey }}'
WHERE
projectsId = '{{ projectsId }}' --required
AND locationsId = '{{ locationsId }}' --required
AND updateMask = '{{ updateMask}}'
RETURNING
name,
kmsKey;