EncryptionConfig

Encryption configuration for a new database being created from another source.

The source could be a Backup .

JSON representation
{

  // Union field encryption_type can be only one of the following:
  "googleDefaultEncryption": {
    object (GoogleDefaultEncryptionOptions)
  },
  "useSourceEncryption": {
    object (SourceEncryptionOptions)
  },
  "customerManagedEncryption": {
    object (CustomerManagedEncryptionOptions)
  }
  // End of list of possible types for union field encryption_type.
}
Fields
Union field encryption_type. The method for encrypting the database. encryption_type can be only one of the following:
googleDefaultEncryption

object (GoogleDefaultEncryptionOptions)

Use Google default encryption.

useSourceEncryption

object (SourceEncryptionOptions)

The database will use the same encryption configuration as the source.

customerManagedEncryption

object (CustomerManagedEncryptionOptions)

Use Customer Managed Encryption Keys (CMEK) for encryption.

GoogleDefaultEncryptionOptions

This type has no fields.

The configuration options for using Google default encryption.

SourceEncryptionOptions

This type has no fields.

The configuration options for using the same encryption method as the source.

CustomerManagedEncryptionOptions

The configuration options for using CMEK (Customer Managed Encryption Key) encryption.

JSON representation
{
  "kmsKeyName": string
}
Fields
kmsKeyName

string

Required. Only keys in the same location as the database are allowed to be used for encryption.

For Firestore's nam5 multi-region, this corresponds to Cloud KMS multi-region us. For Firestore's eur3 multi-region, this corresponds to Cloud KMS multi-region europe. See https://cloud.google.com/kms/docs/locations.

The expected format is projects/{projectId}/locations/{kms_location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.