$schema: "http://json-schema.org/draft-06/schema#"

title: compute v1 CustomerEncryptionKey export schema
description: A gcloud export/import command YAML validation schema.
type: object
additionalProperties: false
properties:
  COMMENT:
    type: object
    description: User specified info ignored by gcloud import.
    additionalProperties: false
    properties:
      template-id:
        type: string
      region:
        type: string
      description:
        type: string
      date:
        type: string
      version:
        type: string
  UNKNOWN:
    type: array
    description: Unknown API fields that cannot be imported.
    items:
      type: string
  kmsKeyName:
    description: |-
      The name of the encryption key that is stored in Google Cloud KMS. For
      example: "kmsKeyName": "projects/kms_project_id/locations/region/keyRings/
      key_region/cryptoKeys/key
    type: string
  kmsKeyServiceAccount:
    description: |-
      The service account being used for the encryption request for the given
      KMS key. If absent, the Compute Engine default service account is used.
      For example: "kmsKeyServiceAccount":
      "name@project_id.iam.gserviceaccount.com/
    type: string
  rawKey:
    description: |-
      Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648
      base64 to either encrypt or decrypt this resource. You can provide either
      the rawKey or the rsaEncryptedKey. For example: "rawKey":
      "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="
    type: string
  rsaEncryptedKey:
    description: |-
      Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-
      supplied encryption key to either encrypt or decrypt this resource. You
      can provide either the rawKey or the rsaEncryptedKey. For example:
      "rsaEncryptedKey":
      "ieCx/NcW06PcT7Ep1X6LUTc/hLvUDYyzSZPPVCVPTVEohpeHASqC8uw5TzyO9U+Fka9JFH
      z0mBibXUInrC/jEk014kCK/NPjYgEMOyssZ4ZINPKxlUh2zn1bV+MCaTICrdmuSBTWlUUiFo D
      D6PYznLwh8ZNdaheCeZ8ewEXgFQ8V+sDroLaN3Xs3MDTXQEMMoNUXMCZEIpg9Vtp9x2oe=="
      The key must meet the following requirements before you can provide it to
      Compute Engine: 1. The key is wrapped using a RSA public key certificate
      provided by Google. 2. After being wrapped, the key must be encoded in RFC
      4648 base64 encoding. Gets the RSA public key certificate provided by
      Google at: https://cloud- certs.storage.googleapis.com/google-cloud-csek-
      ingress.pem
    type: string
  sha256:
    description: |-
      [Output only] The RFC 4648 base64 encoded SHA-256 hash of the customer-
      supplied encryption key that protects this resource.
    type: string