When an ImportJob is created, Cloud KMS will
generate a "wrapping key", which is a public/private key pair. You use the
wrapping key to encrypt (also known as wrap) the pre-existing key material to
protect it during the import process. The nature of the wrapping key depends
on the choice of
import_method. When the
wrapping key generation is complete, the
state will be set to
ACTIVE and the
public_key can be fetched. The
fetched public key can then be used to wrap your pre-existing key material.
Once the key material is wrapped, it can be imported into a new
CryptoKeyVersion in an existing
CryptoKey by calling
ImportCryptoKeyVersion.
Multiple CryptoKeyVersions can be
imported with a single ImportJob. Cloud KMS
uses the private key portion of the wrapping key to unwrap the key material.
Only Cloud KMS has access to the private key.
An ImportJob expires 3 days after it is
created. Once expired, Cloud KMS will no longer be able to import or unwrap
any key material that was wrapped with the
ImportJob's public key.
For more information, see
Importing a key.
Generated from protobuf message google.cloud.kms.v1.ImportJob
Namespace
Google \ Cloud \ Kms \ V1
Methods
__construct
Constructor.
Parameter
Name
Description
data
mixed
getName
Output only. The resource name for this
ImportJob in the format
projects/*/locations/*/keyRings/*/importJobs/*.
Returns
Type
Description
string
setName
Output only. The resource name for this
ImportJob in the format
projects/*/locations/*/keyRings/*/importJobs/*.
Parameter
Name
Description
var
string
Returns
Type
Description
$this
getImportMethod
Required. Immutable. The wrapping method to be used for incoming key
material.
Output only. Statement that was generated and signed by the key creator
(for example, an HSM) at key creation time. Use this statement to verify
attributes of the key as stored on the HSM, independently of Google.
Only present if the chosen
ImportMethod is one with a
protection level of HSM.
Output only. Statement that was generated and signed by the key creator
(for example, an HSM) at key creation time. Use this statement to verify
attributes of the key as stored on the HSM, independently of Google.
Only present if the chosen
ImportMethod is one with a
protection level of HSM.
Immutable. The resource name of the backend environment where the key
material for the wrapping key resides and where all related cryptographic
operations are performed. Currently, this field is only populated for keys
stored in HSM_SINGLE_TENANT. Note, this list is non-exhaustive and may
apply to additional ProtectionLevels
in the future. Supported resources:
Immutable. The resource name of the backend environment where the key
material for the wrapping key resides and where all related cryptographic
operations are performed. Currently, this field is only populated for keys
stored in HSM_SINGLE_TENANT. Note, this list is non-exhaustive and may
apply to additional ProtectionLevels
in the future. Supported resources:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2026-03-18 UTC."],[],[]]
