dns_keys
Creates, updates, deletes, gets or lists a dns_keys resource.
Overview
| Name | dns_keys |
| Type | Resource |
| Id | google.dns.dns_keys |
Fields
The following fields are returned by SELECT queries:
- get
- list
Successful response
| Name | Datatype | Description |
|---|---|---|
id | string | Unique identifier for the resource; defined by the server (output only). |
algorithm | string | String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. |
creationTime | string | The time that this resource was created in the control plane. This is in RFC3339 text format. Output only. |
description | string | A mutable string of at most 1024 characters associated with this resource for the user's convenience. Has no effect on the resource's function. |
digests | array | Cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Output only. |
isActive | boolean | Active keys are used to sign subsequent changes to the ManagedZone. Inactive keys are still present as DNSKEY Resource Records for the use of resolvers validating existing signatures. |
keyLength | integer (uint32) | Length of the key in bits. Specified at creation time, and then immutable. |
keyTag | integer (int32) | The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B. Output only. |
kind | string | (default: dns#dnsKey) |
publicKey | string | Base64 encoded public half of this key. Output only. |
type | string | One of "KEY_SIGNING" or "ZONE_SIGNING". Keys of type KEY_SIGNING have the Secure Entry Point flag set and, when active, are used to sign only resource record sets of type DNSKEY. Otherwise, the Secure Entry Point flag is cleared, and this key is used to sign only resource record sets of other types. Immutable after creation time. |
Successful response
| Name | Datatype | Description |
|---|---|---|
id | string | Unique identifier for the resource; defined by the server (output only). |
algorithm | string | String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. |
creationTime | string | The time that this resource was created in the control plane. This is in RFC3339 text format. Output only. |
description | string | A mutable string of at most 1024 characters associated with this resource for the user's convenience. Has no effect on the resource's function. |
digests | array | Cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Output only. |
isActive | boolean | Active keys are used to sign subsequent changes to the ManagedZone. Inactive keys are still present as DNSKEY Resource Records for the use of resolvers validating existing signatures. |
keyLength | integer (uint32) | Length of the key in bits. Specified at creation time, and then immutable. |
keyTag | integer (int32) | The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B. Output only. |
kind | string | (default: dns#dnsKey) |
publicKey | string | Base64 encoded public half of this key. Output only. |
type | string | One of "KEY_SIGNING" or "ZONE_SIGNING". Keys of type KEY_SIGNING have the Secure Entry Point flag set and, when active, are used to sign only resource record sets of type DNSKEY. Otherwise, the Secure Entry Point flag is cleared, and this key is used to sign only resource record sets of other types. Immutable after creation time. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | project, managedZone, dnsKeyId | clientOperationId, digestType | Fetches the representation of an existing DnsKey. |
list | select | project, managedZone | maxResults, pageToken, digestType | Enumerates DnsKeys to a ResourceRecordSet collection. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
dnsKeyId | string | |
managedZone | string | |
project | string | |
clientOperationId | string | |
digestType | string | |
maxResults | integer (int32) | |
pageToken | string |
SELECT examples
- get
- list
Fetches the representation of an existing DnsKey.
SELECT
id,
algorithm,
creationTime,
description,
digests,
isActive,
keyLength,
keyTag,
kind,
publicKey,
type
FROM google.dns.dns_keys
WHERE project = '{{ project }}' -- required
AND managedZone = '{{ managedZone }}' -- required
AND dnsKeyId = '{{ dnsKeyId }}' -- required
AND clientOperationId = '{{ clientOperationId }}'
AND digestType = '{{ digestType }}';
Enumerates DnsKeys to a ResourceRecordSet collection.
SELECT
id,
algorithm,
creationTime,
description,
digests,
isActive,
keyLength,
keyTag,
kind,
publicKey,
type
FROM google.dns.dns_keys
WHERE project = '{{ project }}' -- required
AND managedZone = '{{ managedZone }}' -- required
AND maxResults = '{{ maxResults }}'
AND pageToken = '{{ pageToken }}'
AND digestType = '{{ digestType }}';