Google Cloud KMS · Schema
CryptoKey
A Google Cloud KMS cryptographic key resource used for encryption, decryption, signing, or verification operations.
CryptographyEncryptionGoogle CloudKey ManagementKMSSecurity
Properties
| Name | Type | Description |
|---|---|---|
| name | string | Resource name of the crypto key. |
| primary | object | The primary version of the crypto key. |
| purpose | string | Immutable purpose of the crypto key. |
| createTime | string | Timestamp when the key was created. |
| nextRotationTime | string | Timestamp of the next scheduled key rotation. |
| rotationPeriod | string | Rotation period of the key in seconds format. |
| versionTemplate | object | Template describing settings for new crypto key versions. |
| destroyScheduledDuration | string | Duration before scheduled destruction completes. |
| labels | object | Labels applied to the crypto key. |
| importOnly | boolean | Whether this key may contain imported versions only. |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://raw.githubusercontent.com/api-evangelist/google-cloud-kms/refs/heads/main/json-schema/crypto-key.json",
"title": "CryptoKey",
"description": "A Google Cloud KMS cryptographic key resource used for encryption, decryption, signing, or verification operations.",
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "Resource name of the crypto key."
},
"primary": {
"type": "object",
"description": "The primary version of the crypto key.",
"properties": {
"name": {
"type": "string",
"description": "Resource name of the crypto key version."
},
"state": {
"type": "string",
"enum": [
"CRYPTO_KEY_VERSION_STATE_UNSPECIFIED",
"PENDING_GENERATION",
"ENABLED",
"DISABLED",
"DESTROYED",
"DESTROY_SCHEDULED",
"PENDING_IMPORT",
"IMPORT_FAILED"
],
"description": "Current state of the key version."
},
"protectionLevel": {
"type": "string",
"enum": ["PROTECTION_LEVEL_UNSPECIFIED", "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC"],
"description": "Protection level of the key version."
},
"algorithm": {
"type": "string",
"description": "Algorithm of the key version."
},
"createTime": {
"type": "string",
"format": "date-time",
"description": "Timestamp when the version was created."
},
"generateTime": {
"type": "string",
"format": "date-time",
"description": "Timestamp when the key material was generated."
}
}
},
"purpose": {
"type": "string",
"enum": [
"CRYPTO_KEY_PURPOSE_UNSPECIFIED",
"ENCRYPT_DECRYPT",
"ASYMMETRIC_SIGN",
"ASYMMETRIC_DECRYPT",
"MAC"
],
"description": "Immutable purpose of the crypto key."
},
"createTime": {
"type": "string",
"format": "date-time",
"description": "Timestamp when the key was created."
},
"nextRotationTime": {
"type": "string",
"format": "date-time",
"description": "Timestamp of the next scheduled key rotation."
},
"rotationPeriod": {
"type": "string",
"description": "Rotation period of the key in seconds format."
},
"versionTemplate": {
"type": "object",
"description": "Template describing settings for new crypto key versions.",
"properties": {
"protectionLevel": {
"type": "string",
"enum": ["PROTECTION_LEVEL_UNSPECIFIED", "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC"]
},
"algorithm": {
"type": "string"
}
}
},
"destroyScheduledDuration": {
"type": "string",
"description": "Duration before scheduled destruction completes."
},
"labels": {
"type": "object",
"additionalProperties": {
"type": "string"
},
"description": "Labels applied to the crypto key."
},
"importOnly": {
"type": "boolean",
"description": "Whether this key may contain imported versions only."
}
},
"required": ["purpose"]
}