Create a key. Create a key in a given region specified by the region
parameter. Keys only support symmetric encryption. You can use keys to
encrypt or decrypt arbitrary payloads, or to generate data encryption keys.
Data encryption keys are not stored in Key Manager.
The request CreateKeyRequest
A Promise of Key
Decrypt an encrypted payload. Decrypt an encrypted payload using an
existing key, specified by the key_id parameter. The maximum payload size
that can be decrypted is equivalent to the encrypted output of 64 KB of
data (around 131 KB).
The request DecryptRequest
A Promise of DecryptResponse
Delete a key. Permanently delete a key specified by the region and
key_id parameters. This action is irreversible. Any data encrypted with
this key, including data encryption keys, will no longer be decipherable.
The request DeleteKeyRequest
Delete key material. Delete previously imported key material. This renders
the associated cryptographic key unusable for any operation. The key's
origin must be external.
The request DeleteKeyMaterialRequest
Disable key. Disable a given key, preventing it to be used for
cryptographic operations. Disabling a key renders it unusable. You must
specify the region and key_id parameters.
The request DisableKeyRequest
A Promise of Key
Enable key. Enable a given key to be used for cryptographic operations.
Enabling a key allows you to make a disabled key usable again. You must
specify the region and key_id parameters.
The request EnableKeyRequest
A Promise of Key
Encrypt a payload. Encrypt a payload using an existing key, specified by
the key_id parameter. Only keys with a usage set to
symmetric_encryption are supported by this method. The maximum payload
size that can be encrypted is 64 KB of plaintext.
The request EncryptRequest
A Promise of EncryptResponse
Create a data encryption key. Create a new data encryption key for cryptographic operations outside of Key Manager. The data encryption key is encrypted and must be decrypted using the key you have created in Key Manager.
The data encryption key is returned in plaintext and ciphertext but it
should only be stored in its encrypted form (ciphertext). Key Manager does
not store your data encryption key. To retrieve your key's plaintext, use
the Decrypt method with your key's ID and ciphertext.
The request GenerateDataKeyRequest
A Promise of DataKey
Get key metadata. Retrieve metadata for a specified key using the region
and key_id parameters.
The request GetKeyRequest
A Promise of Key
Import key material. Import externally generated key material into Key
Manager to derive a new cryptographic key. The key's origin must be
external.
The request ImportKeyMaterialRequest
A Promise of Key
List keys. Retrieve a list of keys across all Projects in an Organization
or within a specific Project. You must specify the region, and either the
organization_id or the project_id.
The request ListKeysRequest
A Promise of ListKeysResponse
Apply key protection. Apply protection to a given key specified by the
key_id parameter. Applying key protection means that your key can be used
and modified, but it cannot be deleted.
The request ProtectKeyRequest
A Promise of Key
Rotate a key. Generate a new version of an existing key with new key material. Previous key versions remain usable to decrypt previously encrypted data, but the key's new version will be used for subsequent encryption operations and data key generation.
The request RotateKeyRequest
A Promise of Key
Remove key protection. Remove key protection from a given key specified by
the key_id parameter. Removing key protection means that your key can be
deleted anytime.
The request UnprotectKeyRequest
A Promise of Key
Update a key. Modify a key's metadata including name, description and tags,
specified by the key_id and region parameters.
The request UpdateKeyRequest
A Promise of Key
Key Manager API.
This API allows you to create, manage and use cryptographic keys in a centralized and secure service.