Yandex.Cloud
  • Services
  • Why Yandex.Cloud
  • Pricing
  • Documentation
  • Contact us
Get started
Yandex Key Management Service
  • Getting started
  • Step-by-step instructions
    • All instructions
    • Keys
    • Key version
    • Data encryption
  • Concepts
    • Overview
    • Keys
    • Key version
    • Encryption
    • Envelope encryption
    • Key consistency
    • Quotas and limits
  • Use cases
    • All use cases
    • Data encryption
      • Which encryption method should I choose?
      • Encrypting data using the Yandex.Cloud CLI and API
      • Encrypting data using the Yandex.Cloud SDK
      • Encrypting data using the AWS Encryption SDK
      • Encrypting data using Google Tink
    • Encrypting secrets in Managed Service for Kubernetes
    • KMS key management with Hashicorp Terraform
    • Encrypting secrets in Hashicorp Terraform
  • Access management
  • Pricing policy
  • API reference
    • Authentication in the API
    • gRPC
      • Overview
      • SymmetricCryptoService
      • SymmetricKeyService
      • OperationService
    • REST
      • Overview
      • SymmetricCrypto
        • Overview
        • decrypt
        • encrypt
        • generateDataKey
        • reEncrypt
      • SymmetricKey
        • Overview
        • cancelVersionDestruction
        • create
        • delete
        • get
        • list
        • listAccessBindings
        • listOperations
        • listVersions
        • rotate
        • scheduleVersionDestruction
        • setAccessBindings
        • setPrimaryVersion
        • update
        • updateAccessBindings
  • Questions and answers
  1. API reference
  2. gRPC
  3. SymmetricKeyService

SymmetricKeyService

  • Calls SymmetricKeyService
  • Create
    • CreateSymmetricKeyRequest
    • Operation
    • CreateSymmetricKeyMetadata
    • SymmetricKey
    • SymmetricKeyVersion
  • Get
    • GetSymmetricKeyRequest
    • SymmetricKey
    • SymmetricKeyVersion
  • List
    • ListSymmetricKeysRequest
    • ListSymmetricKeysResponse
    • SymmetricKey
    • SymmetricKeyVersion
  • ListVersions
    • ListSymmetricKeyVersionsRequest
    • ListSymmetricKeyVersionsResponse
    • SymmetricKeyVersion
  • Update
    • UpdateSymmetricKeyRequest
    • Operation
    • UpdateSymmetricKeyMetadata
    • SymmetricKey
    • SymmetricKeyVersion
  • Delete
    • DeleteSymmetricKeyRequest
    • Operation
    • DeleteSymmetricKeyMetadata
    • SymmetricKey
    • SymmetricKeyVersion
  • SetPrimaryVersion
    • SetPrimarySymmetricKeyVersionRequest
    • Operation
    • SetPrimarySymmetricKeyVersionMetadata
    • SymmetricKey
    • SymmetricKeyVersion
  • ScheduleVersionDestruction
    • ScheduleSymmetricKeyVersionDestructionRequest
    • Operation
    • ScheduleSymmetricKeyVersionDestructionMetadata
    • SymmetricKeyVersion
  • CancelVersionDestruction
    • CancelSymmetricKeyVersionDestructionRequest
    • Operation
    • CancelSymmetricKeyVersionDestructionMetadata
    • SymmetricKeyVersion
  • Rotate
    • RotateSymmetricKeyRequest
    • Operation
    • RotateSymmetricKeyMetadata
    • SymmetricKey
    • SymmetricKeyVersion
  • ListOperations
    • ListSymmetricKeyOperationsRequest
    • ListSymmetricKeyOperationsResponse
    • Operation
  • ListAccessBindings
    • ListAccessBindingsRequest
    • ListAccessBindingsResponse
    • AccessBinding
    • Subject
  • SetAccessBindings
    • SetAccessBindingsRequest
    • AccessBinding
    • Subject
    • Operation
    • SetAccessBindingsMetadata
  • UpdateAccessBindings
    • UpdateAccessBindingsRequest
    • AccessBindingDelta
    • AccessBinding
    • Subject
    • Operation
    • UpdateAccessBindingsMetadata

Set of methods for managing symmetric KMS keys.

Call Description
Create --- control plane Creates a symmetric KMS key in the specified folder.
Get Returns the specified symmetric KMS key.
List Returns the list of symmetric KMS keys in the specified folder.
ListVersions Returns the list of versions of the specified symmetric KMS key.
Update Updates the specified symmetric KMS key.
Delete Deletes the specified symmetric KMS key.
SetPrimaryVersion Sets the primary version for the specified key.
ScheduleVersionDestruction Schedules the specified key version for destruction.
CancelVersionDestruction Cancels previously scheduled version destruction, if the version hasn't been destroyed yet.
Rotate Rotates the specified key: creates a new key version and makes it the primary version.
ListOperations Lists operations for the specified symmetric KMS key.
ListAccessBindings Lists existing access bindings for the specified key.
SetAccessBindings Sets access bindings for the key.
UpdateAccessBindings Updates access bindings for the specified key.

Calls SymmetricKeyService

Create

--- control plane Creates a symmetric KMS key in the specified folder.

rpc Create (CreateSymmetricKeyRequest) returns (operation.Operation)

Metadata and response of Operation:

    Operation.metadata:CreateSymmetricKeyMetadata

    Operation.response:SymmetricKey

CreateSymmetricKeyRequest

Field Description
folder_id string
Required. ID of the folder to create a symmetric KMS key in. The maximum string length in characters is 50.
name string
Name of the key. The maximum string length in characters is 100.
description string
Description of the key. The maximum string length in characters is 1024.
labels map<string,string>
Custom labels for the symmetric KMS key as key:value pairs. Maximum 64 per key. For example, "project": "mvp" or "source": "dictionary". No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression [-_0-9a-z]*. The maximum string length in characters for each key is 63. Each key must match the regular expression [a-z][-_0-9a-z]*.
default_algorithm enum SymmetricAlgorithm
Encryption algorithm to be used with a new key version, generated with the next rotation.
  • AES_128: AES algorithm with 128-bit keys.
  • AES_192: AES algorithm with 192-bit keys.
  • AES_256: AES algorithm with 256-bit keys.
    rotation_period google.protobuf.Duration
    Interval between automatic rotations. To disable automatic rotation, don't include this field in the creation request.
    deletion_protection bool
    Flag that inhibits deletion of the symmetric KMS key

    Operation

    Field Description
    id string
    ID of the operation.
    description string
    Description of the operation. 0-256 characters long.
    created_at google.protobuf.Timestamp
    Creation timestamp.
    created_by string
    ID of the user or service account who initiated the operation.
    modified_at google.protobuf.Timestamp
    The time when the Operation resource was last modified.
    done bool
    If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
    metadata google.protobuf.Any<CreateSymmetricKeyMetadata>
    Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
    result oneof: error or response
    The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
      error google.rpc.Status
    The error result of the operation in case of failure or cancellation.
      response google.protobuf.Any<SymmetricKey>
    if operation finished successfully.

    CreateSymmetricKeyMetadata

    Field Description
    key_id string
    ID of the key being created.
    primary_version_id string
    ID of the primary version of the key being created.

    SymmetricKey

    Field Description
    id string
    ID of the key.
    folder_id string
    ID of the folder that the key belongs to.
    created_at google.protobuf.Timestamp
    Time when the key was created.
    name string
    Name of the key.
    description string
    Description of the key.
    labels map<string,string>
    Custom labels for the key as key:value pairs. Maximum 64 per key.
    status enum Status
    Current status of the key.
    • CREATING: The key is being created.
    • ACTIVE: The key is active and can be used for encryption and decryption. Can be set to INACTIVE using the SymmetricKeyService.Update method.
    • INACTIVE: The key is inactive and unusable. Can be set to ACTIVE using the SymmetricKeyService.Update method.
      primary_version SymmetricKeyVersion
      Primary version of the key, used as the default for all encrypt/decrypt operations, when no version ID is specified.
      default_algorithm enum SymmetricAlgorithm
      Default encryption algorithm to be used with new versions of the key.
      • AES_128: AES algorithm with 128-bit keys.
      • AES_192: AES algorithm with 192-bit keys.
      • AES_256: AES algorithm with 256-bit keys.
        rotated_at google.protobuf.Timestamp
        Time of the last key rotation (time when the last version was created). Empty if the key does not have versions yet.
        rotation_period google.protobuf.Duration
        Time period between automatic key rotations.
        deletion_protection bool
        Flag that inhibits deletion of the key

        SymmetricKeyVersion

        Field Description
        id string
        ID of the key version.
        key_id string
        ID of the symmetric KMS key that the version belongs to.
        status enum Status
        Status of the key version.
        • ACTIVE: The version is active and can be used for encryption and decryption.
        • SCHEDULED_FOR_DESTRUCTION: The version is scheduled for destruction, the time when it will be destroyed is specified in the SymmetricKeyVersion.destroy_at field.
        • DESTROYED: The version is destroyed and cannot be recovered.
          algorithm enum SymmetricAlgorithm
          Encryption algorithm that should be used when using the key version to encrypt plaintext.
          • AES_128: AES algorithm with 128-bit keys.
          • AES_192: AES algorithm with 192-bit keys.
          • AES_256: AES algorithm with 256-bit keys.
            created_at google.protobuf.Timestamp
            Time when the key version was created.
            primary bool
            Indication of a primary version, that is to be used by default for all cryptographic operations that don't have a key version explicitly specified.
            destroy_at google.protobuf.Timestamp
            Time when the key version is going to be destroyed. Empty unless the status is SCHEDULED_FOR_DESTRUCTION.

            Get

            Returns the specified symmetric KMS key.
            To get the list of available symmetric KMS keys, make a SymmetricKeyService.List request.

            rpc Get (GetSymmetricKeyRequest) returns (SymmetricKey)

            GetSymmetricKeyRequest

            Field Description
            key_id string
            Required. ID of the symmetric KMS key to return. To get the ID of a symmetric KMS key use a SymmetricKeyService.List request. The maximum string length in characters is 50.

            SymmetricKey

            Field Description
            id string
            ID of the key.
            folder_id string
            ID of the folder that the key belongs to.
            created_at google.protobuf.Timestamp
            Time when the key was created.
            name string
            Name of the key.
            description string
            Description of the key.
            labels map<string,string>
            Custom labels for the key as key:value pairs. Maximum 64 per key.
            status enum Status
            Current status of the key.
            • CREATING: The key is being created.
            • ACTIVE: The key is active and can be used for encryption and decryption. Can be set to INACTIVE using the SymmetricKeyService.Update method.
            • INACTIVE: The key is inactive and unusable. Can be set to ACTIVE using the SymmetricKeyService.Update method.
              primary_version SymmetricKeyVersion
              Primary version of the key, used as the default for all encrypt/decrypt operations, when no version ID is specified.
              default_algorithm enum SymmetricAlgorithm
              Default encryption algorithm to be used with new versions of the key.
              • AES_128: AES algorithm with 128-bit keys.
              • AES_192: AES algorithm with 192-bit keys.
              • AES_256: AES algorithm with 256-bit keys.
                rotated_at google.protobuf.Timestamp
                Time of the last key rotation (time when the last version was created). Empty if the key does not have versions yet.
                rotation_period google.protobuf.Duration
                Time period between automatic key rotations.
                deletion_protection bool
                Flag that inhibits deletion of the key

                SymmetricKeyVersion

                Field Description
                id string
                ID of the key version.
                key_id string
                ID of the symmetric KMS key that the version belongs to.
                status enum Status
                Status of the key version.
                • ACTIVE: The version is active and can be used for encryption and decryption.
                • SCHEDULED_FOR_DESTRUCTION: The version is scheduled for destruction, the time when it will be destroyed is specified in the SymmetricKeyVersion.destroy_at field.
                • DESTROYED: The version is destroyed and cannot be recovered.
                  algorithm enum SymmetricAlgorithm
                  Encryption algorithm that should be used when using the key version to encrypt plaintext.
                  • AES_128: AES algorithm with 128-bit keys.
                  • AES_192: AES algorithm with 192-bit keys.
                  • AES_256: AES algorithm with 256-bit keys.
                    created_at google.protobuf.Timestamp
                    Time when the key version was created.
                    primary bool
                    Indication of a primary version, that is to be used by default for all cryptographic operations that don't have a key version explicitly specified.
                    destroy_at google.protobuf.Timestamp
                    Time when the key version is going to be destroyed. Empty unless the status is SCHEDULED_FOR_DESTRUCTION.

                    List

                    Returns the list of symmetric KMS keys in the specified folder.

                    rpc List (ListSymmetricKeysRequest) returns (ListSymmetricKeysResponse)

                    ListSymmetricKeysRequest

                    Field Description
                    folder_id string
                    Required. ID of the folder to list symmetric KMS keys in. The maximum string length in characters is 50.
                    page_size int64
                    The maximum number of results per page to return. If the number of available results is larger than page_size, the service returns a ListSymmetricKeysResponse.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100. The maximum value is 1000.
                    page_token string
                    Page token. To get the next page of results, set page_token to the ListSymmetricKeysResponse.next_page_token returned by a previous list request. The maximum string length in characters is 100.

                    ListSymmetricKeysResponse

                    Field Description
                    keys[] SymmetricKey
                    List of symmetric KMS keys in the specified folder.
                    next_page_token string
                    This token allows you to get the next page of results for list requests. If the number of results is greater than the specified ListSymmetricKeysRequest.page_size, use the next_page_token as the value for the ListSymmetricKeysRequest.page_token query parameter in the next list request. Each subsequent list request will have its own next_page_token to continue paging through the results.

                    SymmetricKey

                    Field Description
                    id string
                    ID of the key.
                    folder_id string
                    ID of the folder that the key belongs to.
                    created_at google.protobuf.Timestamp
                    Time when the key was created.
                    name string
                    Name of the key.
                    description string
                    Description of the key.
                    labels map<string,string>
                    Custom labels for the key as key:value pairs. Maximum 64 per key.
                    status enum Status
                    Current status of the key.
                    • CREATING: The key is being created.
                    • ACTIVE: The key is active and can be used for encryption and decryption. Can be set to INACTIVE using the SymmetricKeyService.Update method.
                    • INACTIVE: The key is inactive and unusable. Can be set to ACTIVE using the SymmetricKeyService.Update method.
                      primary_version SymmetricKeyVersion
                      Primary version of the key, used as the default for all encrypt/decrypt operations, when no version ID is specified.
                      default_algorithm enum SymmetricAlgorithm
                      Default encryption algorithm to be used with new versions of the key.
                      • AES_128: AES algorithm with 128-bit keys.
                      • AES_192: AES algorithm with 192-bit keys.
                      • AES_256: AES algorithm with 256-bit keys.
                        rotated_at google.protobuf.Timestamp
                        Time of the last key rotation (time when the last version was created). Empty if the key does not have versions yet.
                        rotation_period google.protobuf.Duration
                        Time period between automatic key rotations.
                        deletion_protection bool
                        Flag that inhibits deletion of the key

                        SymmetricKeyVersion

                        Field Description
                        id string
                        ID of the key version.
                        key_id string
                        ID of the symmetric KMS key that the version belongs to.
                        status enum Status
                        Status of the key version.
                        • ACTIVE: The version is active and can be used for encryption and decryption.
                        • SCHEDULED_FOR_DESTRUCTION: The version is scheduled for destruction, the time when it will be destroyed is specified in the SymmetricKeyVersion.destroy_at field.
                        • DESTROYED: The version is destroyed and cannot be recovered.
                          algorithm enum SymmetricAlgorithm
                          Encryption algorithm that should be used when using the key version to encrypt plaintext.
                          • AES_128: AES algorithm with 128-bit keys.
                          • AES_192: AES algorithm with 192-bit keys.
                          • AES_256: AES algorithm with 256-bit keys.
                            created_at google.protobuf.Timestamp
                            Time when the key version was created.
                            primary bool
                            Indication of a primary version, that is to be used by default for all cryptographic operations that don't have a key version explicitly specified.
                            destroy_at google.protobuf.Timestamp
                            Time when the key version is going to be destroyed. Empty unless the status is SCHEDULED_FOR_DESTRUCTION.

                            ListVersions

                            Returns the list of versions of the specified symmetric KMS key.

                            rpc ListVersions (ListSymmetricKeyVersionsRequest) returns (ListSymmetricKeyVersionsResponse)

                            ListSymmetricKeyVersionsRequest

                            Field Description
                            key_id string
                            Required. ID of the symmetric KMS key to list versions for. The maximum string length in characters is 50.
                            page_size int64
                            The maximum number of results per page to return. If the number of available results is larger than page_size, the service returns a ListSymmetricKeyVersionsResponse.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100. The maximum value is 1000.
                            page_token string
                            Page token. To get the next page of results, set page_token to the ListSymmetricKeyVersionsResponse.next_page_token returned by a previous list request. The maximum string length in characters is 100.

                            ListSymmetricKeyVersionsResponse

                            Field Description
                            key_versions[] SymmetricKeyVersion
                            List of versions for the specified symmetric KMS key.
                            next_page_token string
                            This token allows you to get the next page of results for list requests. If the number of results is greater than the specified ListSymmetricKeyVersionsRequest.page_size, use the next_page_token as the value for the ListSymmetricKeyVersionsRequest.page_token query parameter in the next list request. Each subsequent list request will have its own next_page_token to continue paging through the results.

                            SymmetricKeyVersion

                            Field Description
                            id string
                            ID of the key version.
                            key_id string
                            ID of the symmetric KMS key that the version belongs to.
                            status enum Status
                            Status of the key version.
                            • ACTIVE: The version is active and can be used for encryption and decryption.
                            • SCHEDULED_FOR_DESTRUCTION: The version is scheduled for destruction, the time when it will be destroyed is specified in the SymmetricKeyVersion.destroy_at field.
                            • DESTROYED: The version is destroyed and cannot be recovered.
                              algorithm enum SymmetricAlgorithm
                              Encryption algorithm that should be used when using the key version to encrypt plaintext.
                              • AES_128: AES algorithm with 128-bit keys.
                              • AES_192: AES algorithm with 192-bit keys.
                              • AES_256: AES algorithm with 256-bit keys.
                                created_at google.protobuf.Timestamp
                                Time when the key version was created.
                                primary bool
                                Indication of a primary version, that is to be used by default for all cryptographic operations that don't have a key version explicitly specified.
                                destroy_at google.protobuf.Timestamp
                                Time when the key version is going to be destroyed. Empty unless the status is SCHEDULED_FOR_DESTRUCTION.

                                Update

                                Updates the specified symmetric KMS key.

                                rpc Update (UpdateSymmetricKeyRequest) returns (operation.Operation)

                                Metadata and response of Operation:

                                    Operation.metadata:UpdateSymmetricKeyMetadata

                                    Operation.response:SymmetricKey

                                UpdateSymmetricKeyRequest

                                Field Description
                                key_id string
                                Required. ID of the symmetric KMS key to update. To get the ID of a symmetric KMS key use a SymmetricKeyService.List request. The maximum string length in characters is 50.
                                update_mask google.protobuf.FieldMask
                                Required. Field mask that specifies which attributes of the symmetric KMS key are going to be updated.
                                name string
                                New name for the symmetric KMS key. The maximum string length in characters is 100.
                                description string
                                New description for the symmetric KMS key. The maximum string length in characters is 1024.
                                status SymmetricKey.Status
                                New status for the symmetric KMS key. Using the SymmetricKeyService.Update method you can only set ACTIVE or INACTIVE status.
                                labels map<string,string>
                                Custom labels for the symmetric KMS key as key:value pairs. Maximum 64 per key. No more than 64 per resource. The maximum string length in characters for each value is 63. Each value must match the regular expression [-_0-9a-z]*. The maximum string length in characters for each key is 63. Each key must match the regular expression [a-z][-_0-9a-z]*.
                                default_algorithm enum SymmetricAlgorithm
                                Default encryption algorithm to be used with new versions of the symmetric KMS key.
                                • AES_128: AES algorithm with 128-bit keys.
                                • AES_192: AES algorithm with 192-bit keys.
                                • AES_256: AES algorithm with 256-bit keys.
                                  rotation_period google.protobuf.Duration
                                  Time period between automatic symmetric KMS key rotations.
                                  deletion_protection bool
                                  Flag that inhibits deletion of the symmetric KMS key

                                  Operation

                                  Field Description
                                  id string
                                  ID of the operation.
                                  description string
                                  Description of the operation. 0-256 characters long.
                                  created_at google.protobuf.Timestamp
                                  Creation timestamp.
                                  created_by string
                                  ID of the user or service account who initiated the operation.
                                  modified_at google.protobuf.Timestamp
                                  The time when the Operation resource was last modified.
                                  done bool
                                  If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
                                  metadata google.protobuf.Any<UpdateSymmetricKeyMetadata>
                                  Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
                                  result oneof: error or response
                                  The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
                                    error google.rpc.Status
                                  The error result of the operation in case of failure or cancellation.
                                    response google.protobuf.Any<SymmetricKey>
                                  if operation finished successfully.

                                  UpdateSymmetricKeyMetadata

                                  Field Description
                                  key_id string
                                  ID of the key being updated.

                                  SymmetricKey

                                  Field Description
                                  id string
                                  ID of the key.
                                  folder_id string
                                  ID of the folder that the key belongs to.
                                  created_at google.protobuf.Timestamp
                                  Time when the key was created.
                                  name string
                                  Name of the key.
                                  description string
                                  Description of the key.
                                  labels map<string,string>
                                  Custom labels for the key as key:value pairs. Maximum 64 per key.
                                  status enum Status
                                  Current status of the key.
                                  • CREATING: The key is being created.
                                  • ACTIVE: The key is active and can be used for encryption and decryption. Can be set to INACTIVE using the SymmetricKeyService.Update method.
                                  • INACTIVE: The key is inactive and unusable. Can be set to ACTIVE using the SymmetricKeyService.Update method.
                                    primary_version SymmetricKeyVersion
                                    Primary version of the key, used as the default for all encrypt/decrypt operations, when no version ID is specified.
                                    default_algorithm enum SymmetricAlgorithm
                                    Default encryption algorithm to be used with new versions of the key.
                                    • AES_128: AES algorithm with 128-bit keys.
                                    • AES_192: AES algorithm with 192-bit keys.
                                    • AES_256: AES algorithm with 256-bit keys.
                                      rotated_at google.protobuf.Timestamp
                                      Time of the last key rotation (time when the last version was created). Empty if the key does not have versions yet.
                                      rotation_period google.protobuf.Duration
                                      Time period between automatic key rotations.
                                      deletion_protection bool
                                      Flag that inhibits deletion of the key

                                      SymmetricKeyVersion

                                      Field Description
                                      id string
                                      ID of the key version.
                                      key_id string
                                      ID of the symmetric KMS key that the version belongs to.
                                      status enum Status
                                      Status of the key version.
                                      • ACTIVE: The version is active and can be used for encryption and decryption.
                                      • SCHEDULED_FOR_DESTRUCTION: The version is scheduled for destruction, the time when it will be destroyed is specified in the SymmetricKeyVersion.destroy_at field.
                                      • DESTROYED: The version is destroyed and cannot be recovered.
                                        algorithm enum SymmetricAlgorithm
                                        Encryption algorithm that should be used when using the key version to encrypt plaintext.
                                        • AES_128: AES algorithm with 128-bit keys.
                                        • AES_192: AES algorithm with 192-bit keys.
                                        • AES_256: AES algorithm with 256-bit keys.
                                          created_at google.protobuf.Timestamp
                                          Time when the key version was created.
                                          primary bool
                                          Indication of a primary version, that is to be used by default for all cryptographic operations that don't have a key version explicitly specified.
                                          destroy_at google.protobuf.Timestamp
                                          Time when the key version is going to be destroyed. Empty unless the status is SCHEDULED_FOR_DESTRUCTION.

                                          Delete

                                          Deletes the specified symmetric KMS key. This action also automatically schedules the destruction of all of the key's versions in 72 hours.
                                          The key and its versions appear absent in SymmetricKeyService.Get and SymmetricKeyService.List requests, but can be restored within 72 hours with a request to tech support.

                                          rpc Delete (DeleteSymmetricKeyRequest) returns (operation.Operation)

                                          Metadata and response of Operation:

                                              Operation.metadata:DeleteSymmetricKeyMetadata

                                              Operation.response:SymmetricKey

                                          DeleteSymmetricKeyRequest

                                          Field Description
                                          key_id string
                                          Required. ID of the key to be deleted. The maximum string length in characters is 50.

                                          Operation

                                          Field Description
                                          id string
                                          ID of the operation.
                                          description string
                                          Description of the operation. 0-256 characters long.
                                          created_at google.protobuf.Timestamp
                                          Creation timestamp.
                                          created_by string
                                          ID of the user or service account who initiated the operation.
                                          modified_at google.protobuf.Timestamp
                                          The time when the Operation resource was last modified.
                                          done bool
                                          If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
                                          metadata google.protobuf.Any<DeleteSymmetricKeyMetadata>
                                          Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
                                          result oneof: error or response
                                          The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
                                            error google.rpc.Status
                                          The error result of the operation in case of failure or cancellation.
                                            response google.protobuf.Any<SymmetricKey>
                                          if operation finished successfully.

                                          DeleteSymmetricKeyMetadata

                                          Field Description
                                          key_id string
                                          ID of the key being deleted.

                                          SymmetricKey

                                          Field Description
                                          id string
                                          ID of the key.
                                          folder_id string
                                          ID of the folder that the key belongs to.
                                          created_at google.protobuf.Timestamp
                                          Time when the key was created.
                                          name string
                                          Name of the key.
                                          description string
                                          Description of the key.
                                          labels map<string,string>
                                          Custom labels for the key as key:value pairs. Maximum 64 per key.
                                          status enum Status
                                          Current status of the key.
                                          • CREATING: The key is being created.
                                          • ACTIVE: The key is active and can be used for encryption and decryption. Can be set to INACTIVE using the SymmetricKeyService.Update method.
                                          • INACTIVE: The key is inactive and unusable. Can be set to ACTIVE using the SymmetricKeyService.Update method.
                                            primary_version SymmetricKeyVersion
                                            Primary version of the key, used as the default for all encrypt/decrypt operations, when no version ID is specified.
                                            default_algorithm enum SymmetricAlgorithm
                                            Default encryption algorithm to be used with new versions of the key.
                                            • AES_128: AES algorithm with 128-bit keys.
                                            • AES_192: AES algorithm with 192-bit keys.
                                            • AES_256: AES algorithm with 256-bit keys.
                                              rotated_at google.protobuf.Timestamp
                                              Time of the last key rotation (time when the last version was created). Empty if the key does not have versions yet.
                                              rotation_period google.protobuf.Duration
                                              Time period between automatic key rotations.
                                              deletion_protection bool
                                              Flag that inhibits deletion of the key

                                              SymmetricKeyVersion

                                              Field Description
                                              id string
                                              ID of the key version.
                                              key_id string
                                              ID of the symmetric KMS key that the version belongs to.
                                              status enum Status
                                              Status of the key version.
                                              • ACTIVE: The version is active and can be used for encryption and decryption.
                                              • SCHEDULED_FOR_DESTRUCTION: The version is scheduled for destruction, the time when it will be destroyed is specified in the SymmetricKeyVersion.destroy_at field.
                                              • DESTROYED: The version is destroyed and cannot be recovered.
                                                algorithm enum SymmetricAlgorithm
                                                Encryption algorithm that should be used when using the key version to encrypt plaintext.
                                                • AES_128: AES algorithm with 128-bit keys.
                                                • AES_192: AES algorithm with 192-bit keys.
                                                • AES_256: AES algorithm with 256-bit keys.
                                                  created_at google.protobuf.Timestamp
                                                  Time when the key version was created.
                                                  primary bool
                                                  Indication of a primary version, that is to be used by default for all cryptographic operations that don't have a key version explicitly specified.
                                                  destroy_at google.protobuf.Timestamp
                                                  Time when the key version is going to be destroyed. Empty unless the status is SCHEDULED_FOR_DESTRUCTION.

                                                  SetPrimaryVersion

                                                  Sets the primary version for the specified key. The primary version is used by default for all encrypt/decrypt operations where no version ID is specified.

                                                  rpc SetPrimaryVersion (SetPrimarySymmetricKeyVersionRequest) returns (operation.Operation)

                                                  Metadata and response of Operation:

                                                      Operation.metadata:SetPrimarySymmetricKeyVersionMetadata

                                                      Operation.response:SymmetricKey

                                                  SetPrimarySymmetricKeyVersionRequest

                                                  Field Description
                                                  key_id string
                                                  Required. ID of the key to set a primary version for. The maximum string length in characters is 50.
                                                  version_id string
                                                  Required. ID of the version that should become primary for the specified key. The maximum string length in characters is 50.

                                                  Operation

                                                  Field Description
                                                  id string
                                                  ID of the operation.
                                                  description string
                                                  Description of the operation. 0-256 characters long.
                                                  created_at google.protobuf.Timestamp
                                                  Creation timestamp.
                                                  created_by string
                                                  ID of the user or service account who initiated the operation.
                                                  modified_at google.protobuf.Timestamp
                                                  The time when the Operation resource was last modified.
                                                  done bool
                                                  If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
                                                  metadata google.protobuf.Any<SetPrimarySymmetricKeyVersionMetadata>
                                                  Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
                                                  result oneof: error or response
                                                  The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
                                                    error google.rpc.Status
                                                  The error result of the operation in case of failure or cancellation.
                                                    response google.protobuf.Any<SymmetricKey>
                                                  if operation finished successfully.

                                                  SetPrimarySymmetricKeyVersionMetadata

                                                  Field Description
                                                  key_id string
                                                  ID of the key that the primary version if being changed for.
                                                  version_id string
                                                  ID of the version that is being made primary for the key.

                                                  SymmetricKey

                                                  Field Description
                                                  id string
                                                  ID of the key.
                                                  folder_id string
                                                  ID of the folder that the key belongs to.
                                                  created_at google.protobuf.Timestamp
                                                  Time when the key was created.
                                                  name string
                                                  Name of the key.
                                                  description string
                                                  Description of the key.
                                                  labels map<string,string>
                                                  Custom labels for the key as key:value pairs. Maximum 64 per key.
                                                  status enum Status
                                                  Current status of the key.
                                                  • CREATING: The key is being created.
                                                  • ACTIVE: The key is active and can be used for encryption and decryption. Can be set to INACTIVE using the SymmetricKeyService.Update method.
                                                  • INACTIVE: The key is inactive and unusable. Can be set to ACTIVE using the SymmetricKeyService.Update method.
                                                    primary_version SymmetricKeyVersion
                                                    Primary version of the key, used as the default for all encrypt/decrypt operations, when no version ID is specified.
                                                    default_algorithm enum SymmetricAlgorithm
                                                    Default encryption algorithm to be used with new versions of the key.
                                                    • AES_128: AES algorithm with 128-bit keys.
                                                    • AES_192: AES algorithm with 192-bit keys.
                                                    • AES_256: AES algorithm with 256-bit keys.
                                                      rotated_at google.protobuf.Timestamp
                                                      Time of the last key rotation (time when the last version was created). Empty if the key does not have versions yet.
                                                      rotation_period google.protobuf.Duration
                                                      Time period between automatic key rotations.
                                                      deletion_protection bool
                                                      Flag that inhibits deletion of the key

                                                      SymmetricKeyVersion

                                                      Field Description
                                                      id string
                                                      ID of the key version.
                                                      key_id string
                                                      ID of the symmetric KMS key that the version belongs to.
                                                      status enum Status
                                                      Status of the key version.
                                                      • ACTIVE: The version is active and can be used for encryption and decryption.
                                                      • SCHEDULED_FOR_DESTRUCTION: The version is scheduled for destruction, the time when it will be destroyed is specified in the SymmetricKeyVersion.destroy_at field.
                                                      • DESTROYED: The version is destroyed and cannot be recovered.
                                                        algorithm enum SymmetricAlgorithm
                                                        Encryption algorithm that should be used when using the key version to encrypt plaintext.
                                                        • AES_128: AES algorithm with 128-bit keys.
                                                        • AES_192: AES algorithm with 192-bit keys.
                                                        • AES_256: AES algorithm with 256-bit keys.
                                                          created_at google.protobuf.Timestamp
                                                          Time when the key version was created.
                                                          primary bool
                                                          Indication of a primary version, that is to be used by default for all cryptographic operations that don't have a key version explicitly specified.
                                                          destroy_at google.protobuf.Timestamp
                                                          Time when the key version is going to be destroyed. Empty unless the status is SCHEDULED_FOR_DESTRUCTION.

                                                          ScheduleVersionDestruction

                                                          Schedules the specified key version for destruction.
                                                          Scheduled destruction can be cancelled with the SymmetricKeyService.CancelVersionDestruction method.

                                                          rpc ScheduleVersionDestruction (ScheduleSymmetricKeyVersionDestructionRequest) returns (operation.Operation)

                                                          Metadata and response of Operation:

                                                              Operation.metadata:ScheduleSymmetricKeyVersionDestructionMetadata

                                                              Operation.response:SymmetricKeyVersion

                                                          ScheduleSymmetricKeyVersionDestructionRequest

                                                          Field Description
                                                          key_id string
                                                          Required. ID of the key whose version should be scheduled for destruction. The maximum string length in characters is 50.
                                                          version_id string
                                                          Required. ID of the version to be destroyed. The maximum string length in characters is 50.
                                                          pending_period google.protobuf.Duration
                                                          Time interval between the version destruction request and actual destruction. Default value: 7 days.

                                                          Operation

                                                          Field Description
                                                          id string
                                                          ID of the operation.
                                                          description string
                                                          Description of the operation. 0-256 characters long.
                                                          created_at google.protobuf.Timestamp
                                                          Creation timestamp.
                                                          created_by string
                                                          ID of the user or service account who initiated the operation.
                                                          modified_at google.protobuf.Timestamp
                                                          The time when the Operation resource was last modified.
                                                          done bool
                                                          If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
                                                          metadata google.protobuf.Any<ScheduleSymmetricKeyVersionDestructionMetadata>
                                                          Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
                                                          result oneof: error or response
                                                          The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
                                                            error google.rpc.Status
                                                          The error result of the operation in case of failure or cancellation.
                                                            response google.protobuf.Any<SymmetricKeyVersion>
                                                          if operation finished successfully.

                                                          ScheduleSymmetricKeyVersionDestructionMetadata

                                                          Field Description
                                                          key_id string
                                                          ID of the key whose version is being scheduled for destruction.
                                                          version_id string
                                                          ID of the version that is being scheduled for destruction.
                                                          destroy_at google.protobuf.Timestamp
                                                          Time when the version is scheduled to be destroyed.

                                                          SymmetricKeyVersion

                                                          Field Description
                                                          id string
                                                          ID of the key version.
                                                          key_id string
                                                          ID of the symmetric KMS key that the version belongs to.
                                                          status enum Status
                                                          Status of the key version.
                                                          • ACTIVE: The version is active and can be used for encryption and decryption.
                                                          • SCHEDULED_FOR_DESTRUCTION: The version is scheduled for destruction, the time when it will be destroyed is specified in the SymmetricKeyVersion.destroy_at field.
                                                          • DESTROYED: The version is destroyed and cannot be recovered.
                                                            algorithm enum SymmetricAlgorithm
                                                            Encryption algorithm that should be used when using the key version to encrypt plaintext.
                                                            • AES_128: AES algorithm with 128-bit keys.
                                                            • AES_192: AES algorithm with 192-bit keys.
                                                            • AES_256: AES algorithm with 256-bit keys.
                                                              created_at google.protobuf.Timestamp
                                                              Time when the key version was created.
                                                              primary bool
                                                              Indication of a primary version, that is to be used by default for all cryptographic operations that don't have a key version explicitly specified.
                                                              destroy_at google.protobuf.Timestamp
                                                              Time when the key version is going to be destroyed. Empty unless the status is SCHEDULED_FOR_DESTRUCTION.

                                                              CancelVersionDestruction

                                                              Cancels previously scheduled version destruction, if the version hasn't been destroyed yet.

                                                              rpc CancelVersionDestruction (CancelSymmetricKeyVersionDestructionRequest) returns (operation.Operation)

                                                              Metadata and response of Operation:

                                                                  Operation.metadata:CancelSymmetricKeyVersionDestructionMetadata

                                                                  Operation.response:SymmetricKeyVersion

                                                              CancelSymmetricKeyVersionDestructionRequest

                                                              Field Description
                                                              key_id string
                                                              Required. ID of the key to cancel a version's destruction for. The maximum string length in characters is 50.
                                                              version_id string
                                                              Required. ID of the version whose scheduled destruction should be cancelled. The maximum string length in characters is 50.

                                                              Operation

                                                              Field Description
                                                              id string
                                                              ID of the operation.
                                                              description string
                                                              Description of the operation. 0-256 characters long.
                                                              created_at google.protobuf.Timestamp
                                                              Creation timestamp.
                                                              created_by string
                                                              ID of the user or service account who initiated the operation.
                                                              modified_at google.protobuf.Timestamp
                                                              The time when the Operation resource was last modified.
                                                              done bool
                                                              If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
                                                              metadata google.protobuf.Any<CancelSymmetricKeyVersionDestructionMetadata>
                                                              Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
                                                              result oneof: error or response
                                                              The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
                                                                error google.rpc.Status
                                                              The error result of the operation in case of failure or cancellation.
                                                                response google.protobuf.Any<SymmetricKeyVersion>
                                                              if operation finished successfully.

                                                              CancelSymmetricKeyVersionDestructionMetadata

                                                              Field Description
                                                              key_id string
                                                              ID of the key whose version's destruction is being cancelled.
                                                              version_id string
                                                              ID of the version whose scheduled destruction is being cancelled.

                                                              SymmetricKeyVersion

                                                              Field Description
                                                              id string
                                                              ID of the key version.
                                                              key_id string
                                                              ID of the symmetric KMS key that the version belongs to.
                                                              status enum Status
                                                              Status of the key version.
                                                              • ACTIVE: The version is active and can be used for encryption and decryption.
                                                              • SCHEDULED_FOR_DESTRUCTION: The version is scheduled for destruction, the time when it will be destroyed is specified in the SymmetricKeyVersion.destroy_at field.
                                                              • DESTROYED: The version is destroyed and cannot be recovered.
                                                                algorithm enum SymmetricAlgorithm
                                                                Encryption algorithm that should be used when using the key version to encrypt plaintext.
                                                                • AES_128: AES algorithm with 128-bit keys.
                                                                • AES_192: AES algorithm with 192-bit keys.
                                                                • AES_256: AES algorithm with 256-bit keys.
                                                                  created_at google.protobuf.Timestamp
                                                                  Time when the key version was created.
                                                                  primary bool
                                                                  Indication of a primary version, that is to be used by default for all cryptographic operations that don't have a key version explicitly specified.
                                                                  destroy_at google.protobuf.Timestamp
                                                                  Time when the key version is going to be destroyed. Empty unless the status is SCHEDULED_FOR_DESTRUCTION.

                                                                  Rotate

                                                                  Rotates the specified key: creates a new key version and makes it the primary version. The old version remains available for decryption of ciphertext encrypted with it.

                                                                  rpc Rotate (RotateSymmetricKeyRequest) returns (operation.Operation)

                                                                  Metadata and response of Operation:

                                                                      Operation.metadata:RotateSymmetricKeyMetadata

                                                                      Operation.response:SymmetricKey

                                                                  RotateSymmetricKeyRequest

                                                                  Field Description
                                                                  key_id string
                                                                  Required. ID of the key to be rotated. The maximum string length in characters is 50.

                                                                  Operation

                                                                  Field Description
                                                                  id string
                                                                  ID of the operation.
                                                                  description string
                                                                  Description of the operation. 0-256 characters long.
                                                                  created_at google.protobuf.Timestamp
                                                                  Creation timestamp.
                                                                  created_by string
                                                                  ID of the user or service account who initiated the operation.
                                                                  modified_at google.protobuf.Timestamp
                                                                  The time when the Operation resource was last modified.
                                                                  done bool
                                                                  If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
                                                                  metadata google.protobuf.Any<RotateSymmetricKeyMetadata>
                                                                  Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
                                                                  result oneof: error or response
                                                                  The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
                                                                    error google.rpc.Status
                                                                  The error result of the operation in case of failure or cancellation.
                                                                    response google.protobuf.Any<SymmetricKey>
                                                                  if operation finished successfully.

                                                                  RotateSymmetricKeyMetadata

                                                                  Field Description
                                                                  key_id string
                                                                  ID of the key being rotated.
                                                                  new_primary_version_id string
                                                                  ID of the version generated as a result of key rotation.

                                                                  SymmetricKey

                                                                  Field Description
                                                                  id string
                                                                  ID of the key.
                                                                  folder_id string
                                                                  ID of the folder that the key belongs to.
                                                                  created_at google.protobuf.Timestamp
                                                                  Time when the key was created.
                                                                  name string
                                                                  Name of the key.
                                                                  description string
                                                                  Description of the key.
                                                                  labels map<string,string>
                                                                  Custom labels for the key as key:value pairs. Maximum 64 per key.
                                                                  status enum Status
                                                                  Current status of the key.
                                                                  • CREATING: The key is being created.
                                                                  • ACTIVE: The key is active and can be used for encryption and decryption. Can be set to INACTIVE using the SymmetricKeyService.Update method.
                                                                  • INACTIVE: The key is inactive and unusable. Can be set to ACTIVE using the SymmetricKeyService.Update method.
                                                                    primary_version SymmetricKeyVersion
                                                                    Primary version of the key, used as the default for all encrypt/decrypt operations, when no version ID is specified.
                                                                    default_algorithm enum SymmetricAlgorithm
                                                                    Default encryption algorithm to be used with new versions of the key.
                                                                    • AES_128: AES algorithm with 128-bit keys.
                                                                    • AES_192: AES algorithm with 192-bit keys.
                                                                    • AES_256: AES algorithm with 256-bit keys.
                                                                      rotated_at google.protobuf.Timestamp
                                                                      Time of the last key rotation (time when the last version was created). Empty if the key does not have versions yet.
                                                                      rotation_period google.protobuf.Duration
                                                                      Time period between automatic key rotations.
                                                                      deletion_protection bool
                                                                      Flag that inhibits deletion of the key

                                                                      SymmetricKeyVersion

                                                                      Field Description
                                                                      id string
                                                                      ID of the key version.
                                                                      key_id string
                                                                      ID of the symmetric KMS key that the version belongs to.
                                                                      status enum Status
                                                                      Status of the key version.
                                                                      • ACTIVE: The version is active and can be used for encryption and decryption.
                                                                      • SCHEDULED_FOR_DESTRUCTION: The version is scheduled for destruction, the time when it will be destroyed is specified in the SymmetricKeyVersion.destroy_at field.
                                                                      • DESTROYED: The version is destroyed and cannot be recovered.
                                                                        algorithm enum SymmetricAlgorithm
                                                                        Encryption algorithm that should be used when using the key version to encrypt plaintext.
                                                                        • AES_128: AES algorithm with 128-bit keys.
                                                                        • AES_192: AES algorithm with 192-bit keys.
                                                                        • AES_256: AES algorithm with 256-bit keys.
                                                                          created_at google.protobuf.Timestamp
                                                                          Time when the key version was created.
                                                                          primary bool
                                                                          Indication of a primary version, that is to be used by default for all cryptographic operations that don't have a key version explicitly specified.
                                                                          destroy_at google.protobuf.Timestamp
                                                                          Time when the key version is going to be destroyed. Empty unless the status is SCHEDULED_FOR_DESTRUCTION.

                                                                          ListOperations

                                                                          Lists operations for the specified symmetric KMS key.

                                                                          rpc ListOperations (ListSymmetricKeyOperationsRequest) returns (ListSymmetricKeyOperationsResponse)

                                                                          ListSymmetricKeyOperationsRequest

                                                                          Field Description
                                                                          key_id string
                                                                          Required. ID of the symmetric KMS key to get operations for.
                                                                          To get the key ID, use a SymmetricKeyService.List request. The maximum string length in characters is 50.
                                                                          page_size int64
                                                                          The maximum number of results per page that should be returned. If the number of available results is larger than page_size, the service returns a ListSymmetricKeyOperationsResponse.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100. The maximum value is 1000.
                                                                          page_token string
                                                                          Page token. To get the next page of results, set page_token to the ListSymmetricKeyOperationsResponse.next_page_token returned by a previous list request. The maximum string length in characters is 100.

                                                                          ListSymmetricKeyOperationsResponse

                                                                          Field Description
                                                                          operations[] operation.Operation
                                                                          List of operations for the specified key.
                                                                          next_page_token string
                                                                          This token allows you to get the next page of results for list requests. If the number of results is larger than ListSymmetricKeyOperationsRequest.page_size, use the next_page_token as the value for the ListSymmetricKeyOperationsRequest.page_token query parameter in the next list request. Each subsequent list request will have its own next_page_token to continue paging through the results.

                                                                          Operation

                                                                          Field Description
                                                                          id string
                                                                          ID of the operation.
                                                                          description string
                                                                          Description of the operation. 0-256 characters long.
                                                                          created_at google.protobuf.Timestamp
                                                                          Creation timestamp.
                                                                          created_by string
                                                                          ID of the user or service account who initiated the operation.
                                                                          modified_at google.protobuf.Timestamp
                                                                          The time when the Operation resource was last modified.
                                                                          done bool
                                                                          If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
                                                                          metadata google.protobuf.Any
                                                                          Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
                                                                          result oneof: error or response
                                                                          The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
                                                                            error google.rpc.Status
                                                                          The error result of the operation in case of failure or cancellation.
                                                                            response google.protobuf.Any
                                                                          The normal response of the operation in case of success. If the original method returns no data on success, such as Delete, the response is google.protobuf.Empty. If the original method is the standard Create/Update, the response should be the target resource of the operation. Any method that returns a long-running operation should document the response type, if any.

                                                                          ListAccessBindings

                                                                          Lists existing access bindings for the specified key.

                                                                          rpc ListAccessBindings (ListAccessBindingsRequest) returns (ListAccessBindingsResponse)

                                                                          ListAccessBindingsRequest

                                                                          Field Description
                                                                          resource_id string
                                                                          Required. ID of the resource to list access bindings for.
                                                                          To get the resource ID, use a corresponding List request. For example, use the yandex.cloud.resourcemanager.v1.CloudService.List request to get the Cloud resource ID. The maximum string length in characters is 50.
                                                                          page_size int64
                                                                          The maximum number of results per page that should be returned. If the number of available results is larger than page_size, the service returns a ListAccessBindingsResponse.next_page_token that can be used to get the next page of results in subsequent list requests. Default value: 100. The maximum value is 1000.
                                                                          page_token string
                                                                          Page token. Set page_token to the ListAccessBindingsResponse.next_page_token returned by a previous list request to get the next page of results. The maximum string length in characters is 100.

                                                                          ListAccessBindingsResponse

                                                                          Field Description
                                                                          access_bindings[] AccessBinding
                                                                          List of access bindings for the specified resource.
                                                                          next_page_token string
                                                                          This token allows you to get the next page of results for list requests. If the number of results is larger than ListAccessBindingsRequest.page_size, use the next_page_token as the value for the ListAccessBindingsRequest.page_token query parameter in the next list request. Each subsequent list request will have its own next_page_token to continue paging through the results.

                                                                          AccessBinding

                                                                          Field Description
                                                                          role_id string
                                                                          Required. ID of the yandex.cloud.iam.v1.Role that is assigned to the subject. The maximum string length in characters is 50.
                                                                          subject Subject
                                                                          Required. Identity for which access binding is being created. It can represent an account with a unique ID or several accounts with a system identifier.

                                                                          Subject

                                                                          Field Description
                                                                          id string
                                                                          Required.
                                                                          • allAuthenticatedUsers: A special system identifier that represents anyone
                                                                          • allUsers: A special system identifier that represents anyone. No authentication is required.
                                                                          • <cloud generated id>: An identifier that represents a user account.
                                                                          The maximum string length in characters is 50.
                                                                          type string
                                                                          Required.
                                                                          • userAccount: An account on Yandex or Yandex.Connect, added to Yandex.Cloud.
                                                                          • serviceAccount: A service account. This type represents the yandex.cloud.iam.v1.ServiceAccount resource.
                                                                          • federatedUser: A federated account. This type represents a user from an identity federation, like Active Directory.
                                                                          • system: System group. This type represents several accounts with a common system identifier.
                                                                          The maximum string length in characters is 100.

                                                                          SetAccessBindings

                                                                          Sets access bindings for the key.

                                                                          rpc SetAccessBindings (SetAccessBindingsRequest) returns (operation.Operation)

                                                                          Metadata and response of Operation:

                                                                              Operation.metadata:SetAccessBindingsMetadata

                                                                              Operation.response:google.protobuf.Empty

                                                                          SetAccessBindingsRequest

                                                                          Field Description
                                                                          resource_id string
                                                                          Required. ID of the resource for which access bindings are being set.
                                                                          To get the resource ID, use a corresponding List request. The maximum string length in characters is 50.
                                                                          access_bindings[] AccessBinding
                                                                          Required. Access bindings to be set. For more information, see Access Bindings.

                                                                          AccessBinding

                                                                          Field Description
                                                                          role_id string
                                                                          Required. ID of the yandex.cloud.iam.v1.Role that is assigned to the subject. The maximum string length in characters is 50.
                                                                          subject Subject
                                                                          Required. Identity for which access binding is being created. It can represent an account with a unique ID or several accounts with a system identifier.

                                                                          Subject

                                                                          Field Description
                                                                          id string
                                                                          Required.
                                                                          • allAuthenticatedUsers: A special system identifier that represents anyone
                                                                          • allUsers: A special system identifier that represents anyone. No authentication is required.
                                                                          • <cloud generated id>: An identifier that represents a user account.
                                                                          The maximum string length in characters is 50.
                                                                          type string
                                                                          Required.
                                                                          • userAccount: An account on Yandex or Yandex.Connect, added to Yandex.Cloud.
                                                                          • serviceAccount: A service account. This type represents the yandex.cloud.iam.v1.ServiceAccount resource.
                                                                          • federatedUser: A federated account. This type represents a user from an identity federation, like Active Directory.
                                                                          • system: System group. This type represents several accounts with a common system identifier.
                                                                          The maximum string length in characters is 100.

                                                                          Operation

                                                                          Field Description
                                                                          id string
                                                                          ID of the operation.
                                                                          description string
                                                                          Description of the operation. 0-256 characters long.
                                                                          created_at google.protobuf.Timestamp
                                                                          Creation timestamp.
                                                                          created_by string
                                                                          ID of the user or service account who initiated the operation.
                                                                          modified_at google.protobuf.Timestamp
                                                                          The time when the Operation resource was last modified.
                                                                          done bool
                                                                          If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
                                                                          metadata google.protobuf.Any<SetAccessBindingsMetadata>
                                                                          Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
                                                                          result oneof: error or response
                                                                          The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
                                                                            error google.rpc.Status
                                                                          The error result of the operation in case of failure or cancellation.
                                                                            response google.protobuf.Any<google.protobuf.Empty>
                                                                          if operation finished successfully.

                                                                          SetAccessBindingsMetadata

                                                                          Field Description
                                                                          resource_id string
                                                                          ID of the resource for which access bindings are being set.

                                                                          UpdateAccessBindings

                                                                          Updates access bindings for the specified key.

                                                                          rpc UpdateAccessBindings (UpdateAccessBindingsRequest) returns (operation.Operation)

                                                                          Metadata and response of Operation:

                                                                              Operation.metadata:UpdateAccessBindingsMetadata

                                                                              Operation.response:google.protobuf.Empty

                                                                          UpdateAccessBindingsRequest

                                                                          Field Description
                                                                          resource_id string
                                                                          Required. ID of the resource for which access bindings are being updated. The maximum string length in characters is 50.
                                                                          access_binding_deltas[] AccessBindingDelta
                                                                          Required. Updates to access bindings. The number of elements must be greater than 0.

                                                                          AccessBindingDelta

                                                                          Field Description
                                                                          action enum AccessBindingAction
                                                                          Required. The action that is being performed on an access binding.
                                                                          • ADD: Addition of an access binding.
                                                                          • REMOVE: Removal of an access binding.
                                                                            access_binding AccessBinding
                                                                            Required. Access binding. For more information, see Access Bindings.

                                                                            AccessBinding

                                                                            Field Description
                                                                            role_id string
                                                                            Required. ID of the yandex.cloud.iam.v1.Role that is assigned to the subject. The maximum string length in characters is 50.
                                                                            subject Subject
                                                                            Required. Identity for which access binding is being created. It can represent an account with a unique ID or several accounts with a system identifier.

                                                                            Subject

                                                                            Field Description
                                                                            id string
                                                                            Required.
                                                                            • allAuthenticatedUsers: A special system identifier that represents anyone
                                                                            • allUsers: A special system identifier that represents anyone. No authentication is required.
                                                                            • <cloud generated id>: An identifier that represents a user account.
                                                                            The maximum string length in characters is 50.
                                                                            type string
                                                                            Required.
                                                                            • userAccount: An account on Yandex or Yandex.Connect, added to Yandex.Cloud.
                                                                            • serviceAccount: A service account. This type represents the yandex.cloud.iam.v1.ServiceAccount resource.
                                                                            • federatedUser: A federated account. This type represents a user from an identity federation, like Active Directory.
                                                                            • system: System group. This type represents several accounts with a common system identifier.
                                                                            The maximum string length in characters is 100.

                                                                            Operation

                                                                            Field Description
                                                                            id string
                                                                            ID of the operation.
                                                                            description string
                                                                            Description of the operation. 0-256 characters long.
                                                                            created_at google.protobuf.Timestamp
                                                                            Creation timestamp.
                                                                            created_by string
                                                                            ID of the user or service account who initiated the operation.
                                                                            modified_at google.protobuf.Timestamp
                                                                            The time when the Operation resource was last modified.
                                                                            done bool
                                                                            If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
                                                                            metadata google.protobuf.Any<UpdateAccessBindingsMetadata>
                                                                            Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
                                                                            result oneof: error or response
                                                                            The operation result. If done == false and there was no failure detected, neither error nor response is set. If done == false and there was a failure detected, error is set. If done == true, exactly one of error or response is set.
                                                                              error google.rpc.Status
                                                                            The error result of the operation in case of failure or cancellation.
                                                                              response google.protobuf.Any<google.protobuf.Empty>
                                                                            if operation finished successfully.

                                                                            UpdateAccessBindingsMetadata

                                                                            Field Description
                                                                            resource_id string
                                                                            ID of the resource for which access bindings are being updated.
                                                                            In this article:
                                                                            • Calls SymmetricKeyService
                                                                            • Create
                                                                            • CreateSymmetricKeyRequest
                                                                            • Operation
                                                                            • CreateSymmetricKeyMetadata
                                                                            • SymmetricKey
                                                                            • SymmetricKeyVersion
                                                                            • Get
                                                                            • GetSymmetricKeyRequest
                                                                            • SymmetricKey
                                                                            • SymmetricKeyVersion
                                                                            • List
                                                                            • ListSymmetricKeysRequest
                                                                            • ListSymmetricKeysResponse
                                                                            • SymmetricKey
                                                                            • SymmetricKeyVersion
                                                                            • ListVersions
                                                                            • ListSymmetricKeyVersionsRequest
                                                                            • ListSymmetricKeyVersionsResponse
                                                                            • SymmetricKeyVersion
                                                                            • Update
                                                                            • UpdateSymmetricKeyRequest
                                                                            • Operation
                                                                            • UpdateSymmetricKeyMetadata
                                                                            • SymmetricKey
                                                                            • SymmetricKeyVersion
                                                                            • Delete
                                                                            • DeleteSymmetricKeyRequest
                                                                            • Operation
                                                                            • DeleteSymmetricKeyMetadata
                                                                            • SymmetricKey
                                                                            • SymmetricKeyVersion
                                                                            • SetPrimaryVersion
                                                                            • SetPrimarySymmetricKeyVersionRequest
                                                                            • Operation
                                                                            • SetPrimarySymmetricKeyVersionMetadata
                                                                            • SymmetricKey
                                                                            • SymmetricKeyVersion
                                                                            • ScheduleVersionDestruction
                                                                            • ScheduleSymmetricKeyVersionDestructionRequest
                                                                            • Operation
                                                                            • ScheduleSymmetricKeyVersionDestructionMetadata
                                                                            • SymmetricKeyVersion
                                                                            • CancelVersionDestruction
                                                                            • CancelSymmetricKeyVersionDestructionRequest
                                                                            • Operation
                                                                            • CancelSymmetricKeyVersionDestructionMetadata
                                                                            • SymmetricKeyVersion
                                                                            • Rotate
                                                                            • RotateSymmetricKeyRequest
                                                                            • Operation
                                                                            • RotateSymmetricKeyMetadata
                                                                            • SymmetricKey
                                                                            • SymmetricKeyVersion
                                                                            • ListOperations
                                                                            • ListSymmetricKeyOperationsRequest
                                                                            • ListSymmetricKeyOperationsResponse
                                                                            • Operation
                                                                            • ListAccessBindings
                                                                            • ListAccessBindingsRequest
                                                                            • ListAccessBindingsResponse
                                                                            • AccessBinding
                                                                            • Subject
                                                                            • SetAccessBindings
                                                                            • SetAccessBindingsRequest
                                                                            • AccessBinding
                                                                            • Subject
                                                                            • Operation
                                                                            • SetAccessBindingsMetadata
                                                                            • UpdateAccessBindings
                                                                            • UpdateAccessBindingsRequest
                                                                            • AccessBindingDelta
                                                                            • AccessBinding
                                                                            • Subject
                                                                            • Operation
                                                                            • UpdateAccessBindingsMetadata
                                                                            Language
                                                                            Careers
                                                                            Privacy policy
                                                                            Terms of use
                                                                            © 2021 Yandex.Cloud LLC