--- title: Getting Started with Datadog description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > Infrastructure > Datadog Resource Catalog --- # gcp_cloudkms_import_job{% #gcp_cloudkms_import_job %} ## `ancestors`{% #ancestors %} **Type**: `UNORDERED_LIST_STRING` ## `attestation`{% #attestation %} **Type**: `STRUCT`**Provider name**: `attestation`**Description**: Output only. Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only present if the chosen ImportMethod is one with a protection level of HSM. - `cert_chains`**Type**: `STRUCT`**Provider name**: `certChains`**Description**: Output only. The certificate chains needed to validate the attestation - `cavium_certs`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `caviumCerts`**Description**: Cavium certificate chain corresponding to the attestation. - `google_card_certs`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `googleCardCerts`**Description**: Google card certificate chain corresponding to the attestation. - `google_partition_certs`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `googlePartitionCerts`**Description**: Google partition certificate chain corresponding to the attestation. - `format`**Type**: `STRING`**Provider name**: `format`**Description**: Output only. The format of the attestation data.**Possible values**: - `ATTESTATION_FORMAT_UNSPECIFIED` - Not specified. - `CAVIUM_V1_COMPRESSED` - Cavium HSM attestation compressed with gzip. Note that this format is defined by Cavium and subject to change at any time. See [https://www.marvell.com/products/security-solutions/nitrox-hs-adapters/software-key-attestation.html](https://www.marvell.com/products/security-solutions/nitrox-hs-adapters/software-key-attestation.html). - `CAVIUM_V2_COMPRESSED` - Cavium HSM attestation V2 compressed with gzip. This is a new format introduced in Cavium's version 3.2-08. ## `create_time`{% #create_time %} **Type**: `TIMESTAMP`**Provider name**: `createTime`**Description**: Output only. The time at which this ImportJob was created. ## `crypto_key_backend`{% #crypto_key_backend %} **Type**: `STRING`**Provider name**: `cryptoKeyBackend`**Description**: Immutable. The resource name of the backend environment where the key material for the wrapping key resides and where all related cryptographic operations are performed. Currently, this field is only populated for keys stored in HSM_SINGLE_TENANT. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future. ## `expire_event_time`{% #expire_event_time %} **Type**: `TIMESTAMP`**Provider name**: `expireEventTime`**Description**: Output only. The time this ImportJob expired. Only present if state is EXPIRED. ## `expire_time`{% #expire_time %} **Type**: `TIMESTAMP`**Provider name**: `expireTime`**Description**: Output only. The time at which this ImportJob is scheduled for expiration and can no longer be used to import key material. ## `generate_time`{% #generate_time %} **Type**: `TIMESTAMP`**Provider name**: `generateTime`**Description**: Output only. The time this ImportJob's key material was generated. ## `import_method`{% #import_method %} **Type**: `STRING`**Provider name**: `importMethod`**Description**: Required. Immutable. The wrapping method to be used for incoming key material.**Possible values**: - `IMPORT_METHOD_UNSPECIFIED` - Not specified. - `RSA_OAEP_3072_SHA1_AES_256` - This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard. In summary, this involves wrapping the raw key with an ephemeral AES key, and wrapping the ephemeral AES key with a 3072 bit RSA key. For more details, see [RSA AES key wrap mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908). - `RSA_OAEP_4096_SHA1_AES_256` - This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard. In summary, this involves wrapping the raw key with an ephemeral AES key, and wrapping the ephemeral AES key with a 4096 bit RSA key. For more details, see [RSA AES key wrap mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908). - `RSA_OAEP_3072_SHA256_AES_256` - This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard. In summary, this involves wrapping the raw key with an ephemeral AES key, and wrapping the ephemeral AES key with a 3072 bit RSA key. For more details, see [RSA AES key wrap mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908). - `RSA_OAEP_4096_SHA256_AES_256` - This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard. In summary, this involves wrapping the raw key with an ephemeral AES key, and wrapping the ephemeral AES key with a 4096 bit RSA key. For more details, see [RSA AES key wrap mechanism](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc408226908). - `RSA_OAEP_3072_SHA256` - This ImportMethod represents RSAES-OAEP with a 3072 bit RSA key. The key material to be imported is wrapped directly with the RSA key. Due to technical limitations of RSA wrapping, this method cannot be used to wrap RSA keys for import. - `RSA_OAEP_4096_SHA256` - This ImportMethod represents RSAES-OAEP with a 4096 bit RSA key. The key material to be imported is wrapped directly with the RSA key. Due to technical limitations of RSA wrapping, this method cannot be used to wrap RSA keys for import. ## `labels`{% #labels %} **Type**: `UNORDERED_LIST_STRING` ## `name`{% #name %} **Type**: `STRING`**Provider name**: `name`**Description**: Output only. The resource name for this ImportJob in the format `projects/*/locations/*/keyRings/*/importJobs/*`. ## `organization_id`{% #organization_id %} **Type**: `STRING` ## `parent`{% #parent %} **Type**: `STRING` ## `project_id`{% #project_id %} **Type**: `STRING` ## `project_number`{% #project_number %} **Type**: `STRING` ## `protection_level`{% #protection_level %} **Type**: `STRING`**Provider name**: `protectionLevel`**Description**: Required. Immutable. The protection level of the ImportJob. This must match the protection_level of the version_template on the CryptoKey you attempt to import into.**Possible values**: - `PROTECTION_LEVEL_UNSPECIFIED` - Not specified. - `SOFTWARE` - Crypto operations are performed in software. - `HSM` - Crypto operations are performed in a Hardware Security Module. - `EXTERNAL` - Crypto operations are performed by an external key manager. - `EXTERNAL_VPC` - Crypto operations are performed in an EKM-over-VPC backend. - `HSM_SINGLE_TENANT` - Crypto operations are performed in a single-tenant HSM. ## `public_key`{% #public_key %} **Type**: `STRUCT`**Provider name**: `publicKey`**Description**: Output only. The public key with which to wrap key material prior to import. Only returned if state is ACTIVE. - `pem`**Type**: `STRING`**Provider name**: `pem`**Description**: The public key, encoded in PEM format. For more information, see the [RFC 7468](https://tools.ietf.org/html/rfc7468) sections for [General Considerations](https://tools.ietf.org/html/rfc7468#section-2) and [Textual Encoding of Subject Public Key Info] ([https://tools.ietf.org/html/rfc7468#section-13)](https://tools.ietf.org/html/rfc7468#section-13%29). ## `region_id`{% #region_id %} **Type**: `STRING` ## `resource_name`{% #resource_name %} **Type**: `STRING` ## `state`{% #state %} **Type**: `STRING`**Provider name**: `state`**Description**: Output only. The current state of the ImportJob, indicating if it can be used.**Possible values**: - `IMPORT_JOB_STATE_UNSPECIFIED` - Not specified. - `PENDING_GENERATION` - The wrapping key for this job is still being generated. It may not be used. Cloud KMS will automatically mark this job as ACTIVE as soon as the wrapping key is generated. - `ACTIVE` - This job may be used in CreateCryptoKey and CreateCryptoKeyVersion requests. - `EXPIRED` - This job can no longer be used and may not leave this state once entered. ## `tags`{% #tags %} **Type**: `UNORDERED_LIST_STRING` ## `zone_id`{% #zone_id %} **Type**: `STRING`