This product is not supported for your selected Datadog site. ().
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

gcp_cloudkms_import_job

ancestors

Type: UNORDERED_LIST_STRING

attestation

Type: STRUCT
Provider name: attestation
Description: Output only. Statement that was generated and signed by the key creator (for example, an HSM) at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only present if the chosen ImportMethod is one with a protection level of HSM.

  • cert_chains
    Type: STRUCT
    Provider name: certChains
    Description: Output only. The certificate chains needed to validate the attestation
    • cavium_certs
      Type: UNORDERED_LIST_STRING
      Provider name: caviumCerts
      Description: Cavium certificate chain corresponding to the attestation.
    • google_card_certs
      Type: UNORDERED_LIST_STRING
      Provider name: googleCardCerts
      Description: Google card certificate chain corresponding to the attestation.
    • google_partition_certs
      Type: UNORDERED_LIST_STRING
      Provider name: googlePartitionCerts
      Description: Google partition certificate chain corresponding to the attestation.
  • format
    Type: STRING
    Provider name: format
    Description: Output only. The format of the attestation data.
    Possible values:

create_time

Type: TIMESTAMP
Provider name: createTime
Description: Output only. The time at which this ImportJob was created.

expire_event_time

Type: TIMESTAMP
Provider name: expireEventTime
Description: Output only. The time this ImportJob expired. Only present if state is EXPIRED.

expire_time

Type: TIMESTAMP
Provider name: expireTime
Description: Output only. The time at which this ImportJob is scheduled for expiration and can no longer be used to import key material.

generate_time

Type: TIMESTAMP
Provider name: generateTime
Description: Output only. The time this ImportJob’s key material was generated.

import_method

Type: STRING
Provider name: importMethod
Description: Required. Immutable. The wrapping method to be used for incoming key material.
Possible values:

  • IMPORT_METHOD_UNSPECIFIED - Not specified.
  • RSA_OAEP_3072_SHA1_AES_256 - This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard. In summary, this involves wrapping the raw key with an ephemeral AES key, and wrapping the ephemeral AES key with a 3072 bit RSA key. For more details, see RSA AES key wrap mechanism.
  • RSA_OAEP_4096_SHA1_AES_256 - This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard. In summary, this involves wrapping the raw key with an ephemeral AES key, and wrapping the ephemeral AES key with a 4096 bit RSA key. For more details, see RSA AES key wrap mechanism.
  • RSA_OAEP_3072_SHA256_AES_256 - This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard. In summary, this involves wrapping the raw key with an ephemeral AES key, and wrapping the ephemeral AES key with a 3072 bit RSA key. For more details, see RSA AES key wrap mechanism.
  • RSA_OAEP_4096_SHA256_AES_256 - This ImportMethod represents the CKM_RSA_AES_KEY_WRAP key wrapping scheme defined in the PKCS #11 standard. In summary, this involves wrapping the raw key with an ephemeral AES key, and wrapping the ephemeral AES key with a 4096 bit RSA key. For more details, see RSA AES key wrap mechanism.
  • RSA_OAEP_3072_SHA256 - This ImportMethod represents RSAES-OAEP with a 3072 bit RSA key. The key material to be imported is wrapped directly with the RSA key. Due to technical limitations of RSA wrapping, this method cannot be used to wrap RSA keys for import.
  • RSA_OAEP_4096_SHA256 - This ImportMethod represents RSAES-OAEP with a 4096 bit RSA key. The key material to be imported is wrapped directly with the RSA key. Due to technical limitations of RSA wrapping, this method cannot be used to wrap RSA keys for import.

labels

Type: UNORDERED_LIST_STRING

name

Type: STRING
Provider name: name
Description: Output only. The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*.

organization_id

Type: STRING

parent

Type: STRING

project_id

Type: STRING

project_number

Type: STRING

protection_level

Type: STRING
Provider name: protectionLevel
Description: Required. Immutable. The protection level of the ImportJob. This must match the protection_level of the version_template on the CryptoKey you attempt to import into.
Possible values:

  • PROTECTION_LEVEL_UNSPECIFIED - Not specified.
  • SOFTWARE - Crypto operations are performed in software.
  • HSM - Crypto operations are performed in a Hardware Security Module.
  • EXTERNAL - Crypto operations are performed by an external key manager.
  • EXTERNAL_VPC - Crypto operations are performed in an EKM-over-VPC backend.

public_key

Type: STRUCT
Provider name: publicKey
Description: Output only. The public key with which to wrap key material prior to import. Only returned if state is ACTIVE.

resource_name

Type: STRING

state

Type: STRING
Provider name: state
Description: Output only. The current state of the ImportJob, indicating if it can be used.
Possible values:

  • IMPORT_JOB_STATE_UNSPECIFIED - Not specified.
  • PENDING_GENERATION - The wrapping key for this job is still being generated. It may not be used. Cloud KMS will automatically mark this job as ACTIVE as soon as the wrapping key is generated.
  • ACTIVE - This job may be used in CreateCryptoKey and CreateCryptoKeyVersion requests.
  • EXPIRED - This job can no longer be used and may not leave this state once entered.

tags

Type: UNORDERED_LIST_STRING