Skip to main content

key_handles

Creates, updates, deletes, gets or lists a key_handles resource.

Overview

Namekey_handles
TypeResource
Idgoogle.cloudkms.key_handles

Fields

NameDatatypeDescription
namestringIdentifier. Name of the KeyHandle resource, e.g. projects/{PROJECT_ID}/locations/{LOCATION}/keyHandles/{KEY_HANDLE_ID}.
kmsKeystringOutput only. Name of a CryptoKey that has been provisioned for Customer Managed Encryption Key (CMEK) use in the KeyHandle project and location for the requested resource type. The CryptoKey project will reflect the value configured in the AutokeyConfig on the resource project's ancestor folder at the time of the KeyHandle creation. If more than one ancestor folder has a configured AutokeyConfig, the nearest of these configurations is used.
resourceTypeSelectorstringRequired. Indicates the resource type that the resulting CryptoKey is meant to protect, e.g. {SERVICE}.googleapis.com/{TYPE}. See documentation for supported resource types.

Methods

NameAccessible byRequired ParamsDescription
getSELECTkeyHandlesId, locationsId, projectsIdReturns the KeyHandle.
listSELECTlocationsId, projectsIdLists KeyHandles.
createINSERTlocationsId, projectsIdCreates a new KeyHandle, triggering the provisioning of a new CryptoKey for CMEK use with the given resource type in the configured key project and the same location. GetOperation should be used to resolve the resulting long-running operation and get the resulting KeyHandle and CryptoKey.

SELECT examples

Lists KeyHandles.

SELECT
name,
kmsKey,
resourceTypeSelector
FROM google.cloudkms.key_handles
WHERE locationsId = '{{ locationsId }}'
AND projectsId = '{{ projectsId }}';

INSERT example

Use the following StackQL query and manifest file to create a new key_handles resource.

/*+ create */
INSERT INTO google.cloudkms.key_handles (
locationsId,
projectsId,
name,
resourceTypeSelector
)
SELECT 
'{{ locationsId }}',
'{{ projectsId }}',
'{{ name }}',
'{{ resourceTypeSelector }}'
;