Skip to content

Commit 83d590e

Browse files
gcf-owl-bot[bot]gcf-owl-bot[bot]
authored
feat: [parametermanager] add CMEK support (#6196)
* feat: add CMEK support PiperOrigin-RevId: 738501501 Source-Link: googleapis/googleapis@e51fec1 Source-Link: googleapis/googleapis-gen@091777b Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNsb3VkLXBhcmFtZXRlcm1hbmFnZXIvLk93bEJvdC55YW1sIiwiaCI6IjA5MTc3N2JjNGQ0MzEyYzdhZWFjMTZmNWI2OGYwNzllNTViM2M3ZjAifQ== * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md --------- Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
1 parent e1cedff commit 83d590e

4 files changed

Lines changed: 149 additions & 1 deletion

File tree

packages/google-cloud-parametermanager/protos/google/cloud/parametermanager/v1/service.proto

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -204,6 +204,13 @@ message Parameter {
204204
// resource.
205205
google.iam.v1.ResourcePolicyMember policy_member = 6
206206
[(google.api.field_behavior) = OUTPUT_ONLY];
207+
208+
// Optional. Customer managed encryption key (CMEK) to use for encrypting the
209+
// Parameter Versions. If not set, the default Google-managed encryption key
210+
// will be used. Cloud KMS CryptoKeys must reside in the same location as the
211+
// Parameter. The expected format is
212+
// `projects/*/locations/*/keyRings/*/cryptoKeys/*`.
213+
optional string kms_key = 7 [(google.api.field_behavior) = OPTIONAL];
207214
}
208215

209216
// Message for requesting list of Parameters
@@ -390,6 +397,15 @@ message ParameterVersion {
390397
(google.api.field_behavior) = REQUIRED,
391398
(google.api.field_behavior) = IMMUTABLE
392399
];
400+
401+
// Optional. Output only. [Output only] The resource name of the KMS key
402+
// version used to encrypt the ParameterVersion payload. This field is
403+
// populated only if the Parameter resource has customer managed encryption
404+
// key (CMEK) configured.
405+
optional string kms_key_version = 6 [
406+
(google.api.field_behavior) = OUTPUT_ONLY,
407+
(google.api.field_behavior) = OPTIONAL
408+
];
393409
}
394410

395411
// Message for storing a ParameterVersion resource's payload data
@@ -480,7 +496,7 @@ message RenderParameterVersionResponse {
480496

481497
// Output only. Server generated rendered version of the user provided payload
482498
// data (ParameterVersionPayload) which has substitutions of all (if any)
483-
// references to a SecretManager SecretVersion resources. This substituion
499+
// references to a SecretManager SecretVersion resources. This substitution
484500
// only works for a Parameter which is in JSON or YAML format.
485501
bytes rendered_payload = 3 [(google.api.field_behavior) = OUTPUT_ONLY];
486502
}

packages/google-cloud-parametermanager/protos/protos.d.ts

Lines changed: 18 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/google-cloud-parametermanager/protos/protos.js

Lines changed: 84 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/google-cloud-parametermanager/protos/protos.json

Lines changed: 30 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)