Is there a way to specify a name when creating a key in Google KMS via the Python client?

Question

In the documentation here, you cannot specify a name for the key in the Python client (name is "Output only"). However, with the CLI tools you can specify the name of the key (KEY_NAME here) ala gcloud kms keys create KEY_NAME --location LOCATION --keyring KEYRING_NAME --purpose encryption. Is this functionality not available in the Python API?

Tim Dierks · Accepted Answer · 2018-03-28T23:24:23.513

The name for the new key goes into the top-level parameter called cryptoKeyId, and must be provided. The name field in the body cannot be provided when creating a key; the only mandatory field is purpose, which must be ENCRYPT_DECRYPT; then, when the response comes back, the name field will be populated.

Here's a request I just did from the API Explorer (on a project I control with a key ring I'd already created). You can see that the new key name is provided as a URL parameter, cryptoKeyId. (The key={YOUR_API_KEY} is a redaction made by the browser API Explorer UI).

Request:

POST https://cloudkms.googleapis.com/v1/projects/cloud-kms-demonstration/locations/global/keyRings/test01/cryptoKeys?cryptoKeyId=testKey01&key={YOUR_API_KEY}

{
 "purpose": "ENCRYPT_DECRYPT"
}

Response code: 200

Response:

{
 "name": "projects/cloud-kms-demonstration/locations/global/keyRings/test01/cryptoKeys/testKey01",
 "primary": {
  "name": "projects/cloud-kms-demonstration/locations/global/keyRings/test01/cryptoKeys/testKey01/cryptoKeyVersions/1",
  "state": "ENABLED",
  "createTime": "2018-03-28T23:17:32.485044241Z"
 },
 "purpose": "ENCRYPT_DECRYPT",
 "createTime": "2018-03-28T23:17:32.485044241Z"
}

Is there a way to specify a name when creating a key in Google KMS via the Python client?

1 Answers1