From 8facf125f13df16dcdf0b2bbc30951de7df4b715 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 15 Jun 2026 08:29:37 +0000 Subject: [PATCH] Publish proto files from 0c629bba29 --- endpoints.md | 7 + nebius/kms/v1/asymmetric_crypto_service.proto | 80 ++++++++++ nebius/kms/v1/asymmetric_key.proto | 65 ++++++++ nebius/kms/v1/asymmetric_key_service.proto | 140 +++++++++++++++++ nebius/kms/v1/key_state.proto | 19 +++ nebius/kms/v1/symmetric_crypto_service.proto | 106 +++++++++++++ nebius/kms/v1/symmetric_key.proto | 74 +++++++++ nebius/kms/v1/symmetric_key_service.proto | 146 ++++++++++++++++++ 8 files changed, 637 insertions(+) create mode 100644 nebius/kms/v1/asymmetric_crypto_service.proto create mode 100644 nebius/kms/v1/asymmetric_key.proto create mode 100644 nebius/kms/v1/asymmetric_key_service.proto create mode 100644 nebius/kms/v1/key_state.proto create mode 100644 nebius/kms/v1/symmetric_crypto_service.proto create mode 100644 nebius/kms/v1/symmetric_key.proto create mode 100644 nebius/kms/v1/symmetric_key_service.proto diff --git a/endpoints.md b/endpoints.md index 423bf85..2adbf1c 100755 --- a/endpoints.md +++ b/endpoints.md @@ -52,6 +52,10 @@ * [nebius.iam.v2.AccessKeyService](nebius/iam/v2/access_key_service.proto) * [nebius.iam.v2.ProjectService](nebius/iam/v2/project_service.proto) * [nebius.iam.v2.TenantService](nebius/iam/v2/tenant_service.proto) +* cpl.kms.api.nebius.cloud:443 + * [nebius.common.v1.OperationService](nebius/common/v1/operation_service.proto) + * [nebius.kms.v1.AsymmetricKeyService](nebius/kms/v1/asymmetric_key_service.proto) + * [nebius.kms.v1.SymmetricKeyService](nebius/kms/v1/symmetric_key_service.proto) * cpl.mysterybox.api.nebius.cloud:443 * [nebius.common.v1.OperationService](nebius/common/v1/operation_service.proto) * [nebius.mysterybox.v1.SecretService](nebius/mysterybox/v1/secret_service.proto) @@ -69,6 +73,9 @@ * [nebius.common.v1.OperationService](nebius/common/v1/operation_service.proto) * [nebius.dns.v1.RecordService](nebius/dns/v1/record_service.proto) * [nebius.dns.v1.ZoneService](nebius/dns/v1/zone_service.proto) +* dpl.kms.api.nebius.cloud:443 + * [nebius.kms.v1.AsymmetricCryptoService](nebius/kms/v1/asymmetric_crypto_service.proto) + * [nebius.kms.v1.SymmetricCryptoService](nebius/kms/v1/symmetric_crypto_service.proto) * dpl.mysterybox.api.nebius.cloud:443 * [nebius.mysterybox.v1.PayloadService](nebius/mysterybox/v1/payload_service.proto) * maintenance.msp.api.nebius.cloud:443 diff --git a/nebius/kms/v1/asymmetric_crypto_service.proto b/nebius/kms/v1/asymmetric_crypto_service.proto new file mode 100644 index 0000000..23f036e --- /dev/null +++ b/nebius/kms/v1/asymmetric_crypto_service.proto @@ -0,0 +1,80 @@ +syntax = "proto3"; + +package nebius.kms.v1; + +import "buf/validate/validate.proto"; +import "nebius/annotations.proto"; + +option go_package = "github.com/nebius/gosdk/proto/nebius/kms/v1"; +option java_multiple_files = true; +option java_outer_classname = "AsymmetricCryptoServiceProto"; +option java_package = "ai.nebius.pub.kms.v1"; + +// Data plane for KMS asymmetric cryptography operations. +service AsymmetricCryptoService { + option (api_service_name) = "dpl.kms"; + + // Signs a hashed value using an asymmetric key. + rpc SignHash(AsymmetricSignHashRequest) returns (AsymmetricSignHashResponse); + + // Retrieves the public key of an asymmetric key pair. + rpc GetPublicKey(AsymmetricGetPublicKeyRequest) returns (AsymmetricGetPublicKeyResponse); + + // Decrypts the ciphertext with the specified key. + rpc Decrypt(AsymmetricDecryptRequest) returns (AsymmetricDecryptResponse); +} + +message AsymmetricSignHashRequest { + // ID of the asymmetric KMS key to use for signing the hash. + string key_id = 1 [(buf.validate.field).required = true]; + + // Hash to sign. + bytes hash = 2 [ + (buf.validate.field).required = true, + (sensitive) = true + ]; +} + +message AsymmetricSignHashResponse { + // ID of the asymmetric KMS key used to produce the signature. + string key_id = 1; + + // Value of signature. + bytes signature = 2 [(sensitive) = true]; +} + +message AsymmetricGetPublicKeyRequest { + // ID of the asymmetric KMS key whose public key should be returned. + string key_id = 1 [(buf.validate.field).required = true]; +} + +message AsymmetricGetPublicKeyResponse { + // ID of the asymmetric KMS key whose public key was returned. + string key_id = 1; + + // Public key value. + // The value is a PEM-encoded X.509 public key, also known as SubjectPublicKeyInfo (SPKI), as defined in RFC 5280. + string public_key = 2; +} + +message AsymmetricDecryptRequest { + // ID of the asymmetric KMS key. + string key_id = 1 [(buf.validate.field).required = true]; + + // cipher text to be decrypted. + bytes ciphertext = 2 [ + (buf.validate.field) = { + bytes: {len: 512} + required: true + }, + (sensitive) = true + ]; +} + +message AsymmetricDecryptResponse { + // ID of the asymmetric KMS key that was used for decryption. + string key_id = 1; + + // Decrypted plaintext. + bytes plaintext = 2 [(sensitive) = true]; +} diff --git a/nebius/kms/v1/asymmetric_key.proto b/nebius/kms/v1/asymmetric_key.proto new file mode 100644 index 0000000..ded6786 --- /dev/null +++ b/nebius/kms/v1/asymmetric_key.proto @@ -0,0 +1,65 @@ +syntax = "proto3"; + +package nebius.kms.v1; + +import "buf/validate/validate.proto"; +import "google/protobuf/timestamp.proto"; +import "nebius/annotations.proto"; +import "nebius/common/v1/metadata.proto"; +import "nebius/kms/v1/key_state.proto"; + +option go_package = "github.com/nebius/gosdk/proto/nebius/kms/v1"; +option java_multiple_files = true; +option java_outer_classname = "AsymmetricKeyProto"; +option java_package = "ai.nebius.pub.kms.v1"; + +// Supported asymmetric algorithms. +enum AsymmetricAlgorithm { + ASYMMETRIC_ALGORITHM_UNSPECIFIED = 0; + + // ECDSA signature with NIST P-256 curve and SHA-256 + ECDSA_NIST_P256_SHA_256 = 1; + + // ECDSA signature with NIST P-384 curve and SHA-384 + ECDSA_NIST_P384_SHA_384 = 2; + + // RSA encryption with RSA-4096 key, OAEP padding and SHA-256. + RSA_4096_ENC_OAEP_SHA_256 = 3; +} + +// An asymmetric KMS key that may contain several versions of the cryptographic material. +message AsymmetricKey { + common.v1.ResourceMetadata metadata = 1; + + // The specifications of the asymmetric key. + AsymmetricKeySpec spec = 2; + + // The current status of the asymmetric key. + AsymmetricKeyStatus status = 3; +} + +message AsymmetricKeySpec { + // Description of the key. + string description = 1; + + // Cryptographic algorithm that should be used with the key. + // Must be specified only during create operations. Cannot be updated. + AsymmetricAlgorithm algorithm = 2 [ + (field_behavior) = IMMUTABLE, + (buf.validate.field) = { + enum: {defined_only: true} + required: true + } + ]; +} + +message AsymmetricKeyStatus { + // State (ACTIVE, SCHEDULED_FOR_DELETION) + KeyState state = 1; + + // Time when the key was scheduled for deletion. + google.protobuf.Timestamp deleted_at = 2; + + // Time when the key will be permanently deleted. + google.protobuf.Timestamp purge_at = 3; +} diff --git a/nebius/kms/v1/asymmetric_key_service.proto b/nebius/kms/v1/asymmetric_key_service.proto new file mode 100644 index 0000000..8d76275 --- /dev/null +++ b/nebius/kms/v1/asymmetric_key_service.proto @@ -0,0 +1,140 @@ +syntax = "proto3"; + +package nebius.kms.v1; + +import "buf/validate/validate.proto"; +import "google/protobuf/duration.proto"; +import "nebius/annotations.proto"; +import "nebius/common/v1/metadata.proto"; +import "nebius/common/v1/operation.proto"; +import "nebius/kms/v1/asymmetric_key.proto"; + +option go_package = "github.com/nebius/gosdk/proto/nebius/kms/v1"; +option java_multiple_files = true; +option java_outer_classname = "AsymmetricKeyServiceProto"; +option java_package = "ai.nebius.pub.kms.v1"; + +// Set of methods for managing asymmetric keys. +service AsymmetricKeyService { + // control plane + option (api_service_name) = "cpl.kms"; + + // Creates an asymmetric KMS key in the specified container. + rpc Create(CreateAsymmetricKeyRequest) returns (common.v1.Operation); + + // Updates an asymmetric KMS key. + rpc Update(UpdateAsymmetricKeyRequest) returns (common.v1.Operation); + + // Returns the specified asymmetric KMS key by id. + rpc Get(GetAsymmetricKeyRequest) returns (AsymmetricKey); + + // Returns the specified asymmetric KMS key by name. + rpc GetByName(GetAsymmetricKeyByNameRequest) returns (AsymmetricKey); + + // Returns the list of asymmetric KMS keys in the specified container. + rpc List(ListAsymmetricKeysRequest) returns (ListAsymmetricKeysResponse); + + // Schedules an asymmetric KMS key for deletion. + rpc Delete(DeleteAsymmetricKeyRequest) returns (common.v1.Operation); + + // Update deletion delay for an asymmetric KMS key scheduled for deletion. + rpc UpdateDeletionDelay(UpdateAsymmetricKeyDeletionDelayRequest) returns (common.v1.Operation); + + // Restores an asymmetric KMS key scheduled for deletion. + rpc Undelete(UndeleteAsymmetricKeyRequest) returns (common.v1.Operation); +} + +message CreateAsymmetricKeyRequest { + // The metadata for the resource. + common.v1.ResourceMetadata metadata = 1 [(buf.validate.field).required = true]; + + // The specifications for creating an asymmetric key. + AsymmetricKeySpec spec = 2 [(buf.validate.field).required = true]; +} + +message UpdateAsymmetricKeyRequest { + // The metadata for the resource. + common.v1.ResourceMetadata metadata = 1 [(buf.validate.field).required = true]; + + // The specifications for updating an asymmetric key. + AsymmetricKeySpec spec = 2; +} + +message GetAsymmetricKeyRequest { + // ID of the asymmetric KMS key to return. + // To get the ID of an asymmetric KMS key use an [AsymmetricKeyService.List] request. + string id = 1 [(buf.validate.field).required = true]; + + // By default, Get doesn't return resource if it is scheduled for deletion. + // If show_scheduled_for_deletion = true, the Get operation returns the resource even if it is scheduled for deletion. + // If show_scheduled_for_deletion = false, the Get method returns the NOT_FOUND gRPC status code. + bool show_scheduled_for_deletion = 2; +} + +message GetAsymmetricKeyByNameRequest { + // Parent Id and name of the asymmetric KMS key to return. + // To get the name of an asymmetric KMS key use an [AsymmetricKeyService.List] request. + string parent_id = 1 [(buf.validate.field).required = true]; + + string name = 2 [(buf.validate.field).required = true]; +} + +message ListAsymmetricKeysRequest { + // ID of the container to list asymmetric KMS keys in. + string parent_id = 1 [(buf.validate.field).required = true]; + + // The maximum number of results per page to return. If the number of available + // results is larger than [page_size], the service returns a [ListAsymmetricKeysResponse.next_page_token] + // that can be used to get the next page of results in subsequent list requests. + // Default value: 100. + int64 page_size = 2; + + // Page token. To get the next page of results, set [page_token] to the + // [ListAsymmetricKeysResponse.next_page_token] returned by a previous list request. + string page_token = 3; + + // By default, List operation doesn't include resources that are scheduled for deletion. + // If show_scheduled_for_deletion = true, the listing includes resources that are scheduled for deletion. + bool show_scheduled_for_deletion = 4; +} + +message ListAsymmetricKeysResponse { + // List of asymmetric KMS keys in the specified container. + repeated AsymmetricKey items = 1; + + // This token allows you to get the next page of results for list requests. If the number + // of results is greater than the specified [ListAsymmetricKeysRequest.page_size], use + // the [next_page_token] as the value for the [ListAsymmetricKeysRequest.page_token] query parameter + // in the next list request. Each subsequent list request will have its own + // [next_page_token] to continue paging through the results. + string next_page_token = 2; +} + +message DeleteAsymmetricKeyRequest { + // ID of the asymmetric KMS key to schedule for deletion. + // To get the ID of an asymmetric KMS key use an [AsymmetricKeyService.List] request. + string id = 1 [(buf.validate.field).required = true]; +} + +message UpdateAsymmetricKeyDeletionDelayRequest { + // ID of the asymmetric KMS key scheduled for deletion. + string id = 1 [(buf.validate.field).required = true]; + + // Deletion delay applied from the update timestamp. + // Example: "86400s" (1 day). Valid range: 86400s (1 day) to 2592000s (30 days). + google.protobuf.Duration deletion_delay = 2 [(buf.validate.field) = { + duration: { + lte: {seconds: 2592000} + gte: {seconds: 86400} + } + required: true + }]; +} + +message UndeleteAsymmetricKeyRequest { + // ID of the asymmetric KMS key to restore. + string id = 1 [(buf.validate.field).required = true]; + + // A new name in case the current one is already in use. + string name = 2; +} diff --git a/nebius/kms/v1/key_state.proto b/nebius/kms/v1/key_state.proto new file mode 100644 index 0000000..e1a11da --- /dev/null +++ b/nebius/kms/v1/key_state.proto @@ -0,0 +1,19 @@ +syntax = "proto3"; + +package nebius.kms.v1; + +option go_package = "github.com/nebius/gosdk/proto/nebius/kms/v1"; +option java_multiple_files = true; +option java_outer_classname = "KeyStateProto"; +option java_package = "ai.nebius.pub.kms.v1"; + +// Key state +enum KeyState { + KEY_STATE_UNSPECIFIED = 0; + + // Key is active, ready for use + ACTIVE = 1; + + // Key is scheduled for deletion. + SCHEDULED_FOR_DELETION = 2; +} diff --git a/nebius/kms/v1/symmetric_crypto_service.proto b/nebius/kms/v1/symmetric_crypto_service.proto new file mode 100644 index 0000000..5faff61 --- /dev/null +++ b/nebius/kms/v1/symmetric_crypto_service.proto @@ -0,0 +1,106 @@ +syntax = "proto3"; + +package nebius.kms.v1; + +import "buf/validate/validate.proto"; +import "nebius/annotations.proto"; +import "nebius/kms/v1/symmetric_key.proto"; + +option go_package = "github.com/nebius/gosdk/proto/nebius/kms/v1"; +option java_multiple_files = true; +option java_outer_classname = "SymmetricCryptoServiceProto"; +option java_package = "ai.nebius.pub.kms.v1"; + +// --- Data plane for KMS symmetric cryptography operations + +// Set of methods that perform symmetric encryption and decryption. +service SymmetricCryptoService { + option (api_service_name) = "dpl.kms"; + + // Encrypts given plaintext with the specified key. + rpc Encrypt(SymmetricEncryptRequest) returns (SymmetricEncryptResponse); + + // Decrypts the given ciphertext with the specified key. + rpc Decrypt(SymmetricDecryptRequest) returns (SymmetricDecryptResponse); + + // Generates a new symmetric data encryption key (not a KMS key) and returns + // the generated key as plaintext and as ciphertext encrypted with the specified symmetric KMS key. + rpc GenerateDataKey(GenerateDataKeyRequest) returns (GenerateDataKeyResponse); +} + +message SymmetricEncryptRequest { + // ID of the symmetric KMS key to use for encryption. + string key_id = 1 [(buf.validate.field).required = true]; + + // Additional authenticated data (AAD context), optional. + // If specified, this data will be required for decryption with the [SymmetricDecryptRequest]. + // Should be encoded with base64. + bytes aad_context = 2 [(sensitive) = true]; + + // Plaintext to be encrypted. + // Should be encoded with base64. + bytes plaintext = 3 [(sensitive) = true]; +} + +message SymmetricEncryptResponse { + // ID of the symmetric KMS key that was used for encryption. + string key_id = 1; + + // Resulting ciphertext. + bytes ciphertext = 2 [(sensitive) = true]; +} + +message SymmetricDecryptRequest { + // ID of the symmetric KMS key to use for decryption. + string key_id = 1 [(buf.validate.field).required = true]; + + // Additional authenticated data, must be the same as was provided + // in the corresponding [SymmetricEncryptRequest]. + // Should be encoded with base64. + bytes aad_context = 2 [(sensitive) = true]; + + // Ciphertext to be decrypted. + // Should be encoded with base64. + bytes ciphertext = 3 [(sensitive) = true]; +} + +message SymmetricDecryptResponse { + // ID of the symmetric KMS key that was used for decryption. + string key_id = 1; + + // Decrypted plaintext. + bytes plaintext = 2 [(sensitive) = true]; +} + +message GenerateDataKeyRequest { + // ID of the symmetric KMS key that the generated data key should be encrypted with. + string key_id = 1 [(buf.validate.field).required = true]; + + // Additional authenticated data (AAD context), optional. + // If specified, this data will be required for decryption with the [SymmetricDecryptRequest]. + // Should be encoded with base64. + bytes aad_context = 2 [(sensitive) = true]; + + // Encryption algorithm and key length for the generated data key. + SymmetricAlgorithm data_key_spec = 3 [(buf.validate.field) = { + enum: {defined_only: true} + required: true + }]; + + // If `true`, the method won't return the data key as plaintext. + // Default value is `false`. + bool skip_plaintext = 4; +} + +message GenerateDataKeyResponse { + // ID of the symmetric KMS key that was used to encrypt the generated data key. + string key_id = 1; + + // Generated data key as plaintext. + // The field is empty, if the [GenerateDataKeyRequest.skip_plaintext] parameter + // was set to `true`. + bytes data_key_plaintext = 2 [(sensitive) = true]; + + // The encrypted data key. + bytes data_key_ciphertext = 3 [(sensitive) = true]; +} diff --git a/nebius/kms/v1/symmetric_key.proto b/nebius/kms/v1/symmetric_key.proto new file mode 100644 index 0000000..23f77bd --- /dev/null +++ b/nebius/kms/v1/symmetric_key.proto @@ -0,0 +1,74 @@ +syntax = "proto3"; + +package nebius.kms.v1; + +import "buf/validate/validate.proto"; +import "google/protobuf/duration.proto"; +import "google/protobuf/timestamp.proto"; +import "nebius/annotations.proto"; +import "nebius/common/v1/metadata.proto"; +import "nebius/kms/v1/key_state.proto"; + +option go_package = "github.com/nebius/gosdk/proto/nebius/kms/v1"; +option java_multiple_files = true; +option java_outer_classname = "SymmetricKeyProto"; +option java_package = "ai.nebius.pub.kms.v1"; + +// Supported symmetric encryption algorithms. +enum SymmetricAlgorithm { + SYMMETRIC_ALGORITHM_UNSPECIFIED = 0; + + // Deprecated. It is impossible to create new keys with this algorithm. + // AES algorithm with 128-bit keys. + AES_128 = 1; + + reserved 2; + + // AES algorithm with 256-bit keys. + AES_256 = 3; +} + +// A symmetric KMS key. +message SymmetricKey { + common.v1.ResourceMetadata metadata = 1; + + // The specifications of the symmetric key. + SymmetricKeySpec spec = 2; + + // The current status of the symmetric key. + SymmetricKeyStatus status = 3; +} + +message SymmetricKeySpec { + // Description of the key. + string description = 1; + + // Encryption algorithm that should be used when using the key to encrypt plaintext. + // Must be specified only during create operations. Cannot be updated. + SymmetricAlgorithm algorithm = 2 [ + (field_behavior) = IMMUTABLE, + (buf.validate.field) = { + enum: {defined_only: true} + required: true + } + ]; + + // Key rotation period. + google.protobuf.Duration rotation_period = 3 [(buf.validate.field) = { + duration: { + lte: {seconds: 315360000} + gte: {seconds: 86400} + } + }]; +} + +message SymmetricKeyStatus { + // State (ACTIVE, SCHEDULED_FOR_DELETION). + KeyState state = 1; + + // Time when the key was scheduled for deletion. + google.protobuf.Timestamp deleted_at = 2; + + // Time when the key will be permanently deleted. + google.protobuf.Timestamp purge_at = 3; +} diff --git a/nebius/kms/v1/symmetric_key_service.proto b/nebius/kms/v1/symmetric_key_service.proto new file mode 100644 index 0000000..92bce3e --- /dev/null +++ b/nebius/kms/v1/symmetric_key_service.proto @@ -0,0 +1,146 @@ +syntax = "proto3"; + +package nebius.kms.v1; + +import "buf/validate/validate.proto"; +import "google/protobuf/duration.proto"; +import "nebius/annotations.proto"; +import "nebius/common/v1/metadata.proto"; +import "nebius/common/v1/operation.proto"; +import "nebius/kms/v1/symmetric_key.proto"; + +option go_package = "github.com/nebius/gosdk/proto/nebius/kms/v1"; +option java_multiple_files = true; +option java_outer_classname = "SymmetricKeyServiceProto"; +option java_package = "ai.nebius.pub.kms.v1"; + +// Set of methods for managing symmetric KMS keys. +service SymmetricKeyService { + // --- control plane + option (api_service_name) = "cpl.kms"; + + // Creates a symmetric KMS key in the specified container. + rpc Create(CreateSymmetricKeyRequest) returns (common.v1.Operation); + + // Updates a symmetric KMS key. + rpc Update(UpdateSymmetricKeyRequest) returns (common.v1.Operation); + + // Rotates the specified key: creates a new key version and makes it the primary version. + // The old version remains available for decryption of ciphertext encrypted with it. + rpc Rotate(RotateSymmetricKeyRequest) returns (common.v1.Operation); + + // Returns the specified symmetric KMS key by id. + rpc Get(GetSymmetricKeyRequest) returns (SymmetricKey); + + // Returns the specified symmetric KMS key by name. + rpc GetByName(GetSymmetricKeyByNameRequest) returns (SymmetricKey); + + // Returns the list of symmetric KMS keys in the specified container. + rpc List(ListSymmetricKeysRequest) returns (ListSymmetricKeysResponse); + + // Schedules a symmetric KMS key for deletion. + rpc Delete(DeleteSymmetricKeyRequest) returns (common.v1.Operation); + + // Update deletion delay for a symmetric KMS key scheduled for deletion. + rpc UpdateDeletionDelay(UpdateSymmetricKeyDeletionDelayRequest) returns (common.v1.Operation); + + // Restores a symmetric KMS key scheduled for deletion. + rpc Undelete(UndeleteSymmetricKeyRequest) returns (common.v1.Operation); +} + +message CreateSymmetricKeyRequest { + common.v1.ResourceMetadata metadata = 1 [(buf.validate.field).required = true]; + + SymmetricKeySpec spec = 2 [(buf.validate.field).required = true]; +} + +message UpdateSymmetricKeyRequest { + // The metadata for the resource. + common.v1.ResourceMetadata metadata = 1 [(buf.validate.field).required = true]; + + // The specifications for updating a symmetric key. + SymmetricKeySpec spec = 2; +} + +message GetSymmetricKeyRequest { + // ID of the symmetric KMS key to return. + // To get the ID of a symmetric KMS key use a [SymmetricKeyService.List] request. + string id = 1 [(buf.validate.field).required = true]; + + // By default, Get doesn't return resource if it is scheduled for deletion. + // If show_scheduled_for_deletion = true, the Get operation returns the resource even if it is scheduled for deletion. + // If show_scheduled_for_deletion = false, the Get method returns the NOT_FOUND gRPC status code. + bool show_scheduled_for_deletion = 2; +} + +message GetSymmetricKeyByNameRequest { + // ParentId and name of the symmetric KMS key to return. + // To get the name of a symmetric KMS key use a [SymmetricKeyService.List] request. + string parent_id = 1 [(buf.validate.field).required = true]; + + string name = 2 [(buf.validate.field).required = true]; +} + +message ListSymmetricKeysRequest { + string parent_id = 1 [(buf.validate.field).required = true]; + + // The maximum number of results per page to return. If the number of available + // results is larger than [page_size], the service returns a [ListSymmetricKeysResponse.next_page_token] + // that can be used to get the next page of results in subsequent list requests. + // Default value: 100. + int64 page_size = 2; + + // Page token. To get the next page of results, set [page_token] to the + // [ListSymmetricKeysResponse.next_page_token] returned by a previous list request. + string page_token = 3; + + // By default, List operation doesn't include resources that are scheduled for deletion. + // If show_scheduled_for_deletion = true, the listing includes resources that are scheduled for deletion. + bool show_scheduled_for_deletion = 4; +} + +message ListSymmetricKeysResponse { + // List of symmetric KMS keys in the specified container. + repeated SymmetricKey items = 1; + + // This token allows you to get the next page of results for list requests. If the number + // of results is greater than the specified [ListSymmetricKeysRequest.page_size], use + // the [next_page_token] as the value for the [ListSymmetricKeysRequest.page_token] query parameter + // in the next list request. Each subsequent list request will have its own + // [next_page_token] to continue paging through the results. + string next_page_token = 2; +} + +message RotateSymmetricKeyRequest { + // ID of the key to be rotated. + string id = 1 [(buf.validate.field).required = true]; +} + +message DeleteSymmetricKeyRequest { + // ID of the symmetric KMS key to schedule for deletion. + // To get the ID of a symmetric KMS key use a [SymmetricKeyService.List] request. + string id = 1 [(buf.validate.field).required = true]; +} + +message UpdateSymmetricKeyDeletionDelayRequest { + // ID of the symmetric KMS key scheduled for deletion. + string id = 1 [(buf.validate.field).required = true]; + + // Deletion delay applied from the update timestamp. + // Example: "86400s" (1 day). Valid range: 86400s (1 day) to 2592000s (30 days). + google.protobuf.Duration deletion_delay = 2 [(buf.validate.field) = { + duration: { + lte: {seconds: 2592000} + gte: {seconds: 86400} + } + required: true + }]; +} + +message UndeleteSymmetricKeyRequest { + // ID of the symmetric KMS key to restore. + string id = 1 [(buf.validate.field).required = true]; + + // A new name in case the current one is already in use. + string name = 2; +}