You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
// NextRotationAt: date at which the key will be rotated next.
253
+
// NextRotationAt: timestamp indicating the next scheduled rotation.
254
254
NextRotationAt*time.Time`json:"next_rotation_at"`
255
255
}
256
256
@@ -273,14 +273,14 @@ type Key struct {
273
273
// Name: name of the key.
274
274
Namestring`json:"name"`
275
275
276
-
// Usage: keys with a usage set to `symmetric_encryption` are used to encrypt and decrypt data. The only key algorithm currently supported by Key Manager is AES-256-GCM.
276
+
// Usage: keys with a usage set to `symmetric_encryption` can encrypt and decrypt data using the `AES-256-GCM` key algorithm. Key Manager currently only supports `AES-256-GCM`.
277
277
Usage*KeyUsage`json:"usage"`
278
278
279
-
// State: see the `Key.State` enum for a description of values.
279
+
// State: see the `Key.State` enum for a description of possible values.
280
280
// Default value: unknown_state
281
281
StateKeyState`json:"state"`
282
282
283
-
// RotationCount: the rotation count tracks the amount of times that the key was rotated.
283
+
// RotationCount: the rotation count tracks the number of times the key has been rotated.
284
284
RotationCountuint32`json:"rotation_count"`
285
285
286
286
// CreatedAt: key creation date.
@@ -311,7 +311,7 @@ type Key struct {
311
311
// Default value: unknown_origin
312
312
OriginKeyOrigin`json:"origin"`
313
313
314
-
// Region: region of the key.
314
+
// Region: region where the key is stored.
315
315
Region scw.Region`json:"region"`
316
316
}
317
317
@@ -351,7 +351,7 @@ type DataKey struct {
351
351
// KeyID: ID of the data encryption key.
352
352
KeyIDstring`json:"key_id"`
353
353
354
-
// Algorithm: symmetric encryption algorithm of the data encryption key.
354
+
// Algorithm: symmetric encryption algorithm of the data encryption key (`AES-256-GCM`).
@@ -483,13 +483,13 @@ type ImportKeyMaterialRequest struct {
483
483
// Region: region to target. If none is passed will use default region from the config.
484
484
Region scw.Region`json:"-"`
485
485
486
-
// KeyID: the key's origin must be 'external'.
486
+
// KeyID: the key's origin must be `external`.
487
487
KeyIDstring`json:"-"`
488
488
489
489
// KeyMaterial: the key material The key material is a random sequence of bytes used to derive a cryptographic key.
490
490
KeyMaterial []byte`json:"key_material"`
491
491
492
-
// Salt: a salt can be used to improve the quality of randomness when the key material is generated from a low entropy source.
492
+
// Salt: a salt is random data added to key material to ensure unique derived keys, even if the input is similar. It helps strengthen security when the key material has low randomness (low entropy).
493
493
Salt*[]byte`json:"salt,omitempty"`
494
494
}
495
495
@@ -609,7 +609,7 @@ func (s *API) Regions() []scw.Region {
// CreateKey: Create a key in a given region specified by the `region` parameter. Keys only support symmetric encryption. You can use keys to encrypt or decrypt arbitrary payloads, or to generate data encryption keys that can be used without being stored in Key Manager.
612
+
// CreateKey: Create a key in a given region specified by the `region` parameter. Keys only support symmetric encryption. You can use keys to encrypt or decrypt arbitrary payloads, or to generate data encryption keys. **Data encryption keys are not stored in Key Manager**.
// DeleteKey: Delete an existing key specified by the `region` and `key_id` parameters. Deleting a key is permanent and cannot be undone. All data encrypted using this key, including data encryption keys, will become unusable.
716
+
// DeleteKey: Permanently delete a key specified by the `region` and `key_id` parameters. This action is irreversible. Any data encrypted with this key, including data encryption keys, will no longer be decipherable.
// RotateKey: Generate a new version of an existing key with randomly generated key material. Rotated keys can still be used to decrypt previously encrypted data. The key's new material will be used for subsequent encryption operations and data key generation.
745
+
// RotateKey: Generate a new version of an existing key with new key material. Previous key versions remain usable to decrypt previously encrypted data, but the key's new version will be used for subsequent encryption operations and data key generation.
// ProtectKey: Apply key protection to a given key specified by the `key_id` parameter. Applying key protection means that your key can be used and modified, but it cannot be deleted.
781
+
// ProtectKey: Apply protection to a given key specified by the `key_id` parameter. Applying key protection means that your key can be used and modified, but it cannot be deleted.
// DisableKey: Disable a given key to be used for cryptographic operations. Disabling a key renders it unusable. You must specify the `region` and `key_id` parameters.
889
+
// DisableKey: Disable a given key, preventing it to be used for cryptographic operations. Disabling a key renders it unusable. You must specify the `region` and `key_id` parameters.
// ListKeys: Retrieve the list of keys created within all Projects of an Organization or in a given Project. You must specify the `region`, and either the `organization_id` or the `project_id`.
925
+
// ListKeys: Retrieve a list of keys across all Projects in an Organization or within a specific Project. You must specify the `region`, and either the `organization_id` or the `project_id`.
// GenerateDataKey: Generate a new data encryption key to use for cryptographic operations outside of Key Manager. Note that Key Manager does not store your data encryption key. The data encryption key is encrypted and must be decrypted using the key you have created in Key Manager. The data encryption key's plaintext is returned in the response object, for immediate usage.
967
+
// GenerateDataKey: Create a new data encryption key for cryptographic operations outside of Key Manager. The data encryption key is encrypted and must be decrypted using the key you have created in Key Manager.
968
968
//
969
-
// Always store the data encryption key's ciphertext, rather than its plaintext, which must not be stored. To retrieve your key's plaintext, call the Decrypt endpoint with your key's ID and ciphertext.
969
+
// The data encryption key is returned in plaintext and ciphertext but it should only be stored in its encrypted form (ciphertext). Key Manager does not store your data encryption key. To retrieve your key's plaintext, use the `Decrypt` method with your key's ID and ciphertext.
// Encrypt: Encrypt data using an existing key, specified by the `key_id` parameter. Only keys with a usage set to **symmetric_encryption** are supported by this method. The maximum payload size that can be encrypted is 64KB of plaintext.
1005
+
// Encrypt: Encrypt a payload using an existing key, specified by the `key_id` parameter. Only keys with a usage set to `symmetric_encryption` are supported by this method. The maximum payload size that can be encrypted is 64 KB of plaintext.
// Decrypt: Decrypt data using an existing key, specified by the `key_id` parameter. The maximum payload size that can be decrypted is the result of the encryption of 64KB of data (around 131KB).
1041
+
// Decrypt: Decrypt an encrypted payload using an existing key, specified by the `key_id` parameter. The maximum payload size that can be decrypted is equivalent to the encrypted output of 64 KB of data (around 131 KB).
// ImportKeyMaterial: Import key material to use to derive a new cryptographic key. The key's origin must be `external`.
1077
+
// ImportKeyMaterial: Import externally generated key material into Key Manager to derive a new cryptographic key. The key's origin must be `external`.
0 commit comments