CryptModeRSA returns CryptMode set to the specified RSA encryption padding.

CryptModeSymmetric returns CryptMode set to the specified symmetric cipher mode.

RsaEncryptionPaddingOAEPMGF1 returns RSA encryption padding set to OAEP with MGF1 using the specified hash algorithm.

RsaEncryptionPaddingPKCS1V15 returns RSA encryption padding set to PKCS#1 V1.5.

RsaSignaturePaddingPKCS1V15 returns RSA signature padding set to PKCS#1 V1.5.

RsaSignaturePaddingPSSMGF1 returns RSA signature padding set to PSS with MGF1 using the specified hash algorithm.

SignatureModeRSA returns SignatureMode set to the specified RSA signature padding.

SobjectByID returns a SobjectDescriptor that identifies a security object by id.

SobjectByName returns a SobjectDescriptor that identifies a security object by name.

Turns a value into a non-nil pointer.

TLSConfigGlobalRootCAs returns a TlsConfig set to global root CAs.

TLSConfigPinned returns a TlsConfig set to the given CA certificates.

TransientKey returns a SobjectDescriptor that identifies a transient key.

Controls if the user can act as a key custodian.

Controls if the user can act as an approval policy reviewer.

Permission to create account-level approval policy.

Permission to create various account-level security object policies including cryptographic policy, key metadata policy and key history policy.

Permission to create administrative apps.

Permission to create child accounts.

Permission to create users in child accounts.

Permission to create custom user roles.

Permission to create new group backed by external HSM/KMS.

Permission to create external roles.

Permission to create new local groups.

Permission to delete the account.

Permission to delete various account-level security object policies including cryptographic policy, key metadata policy and key history policy.

Permission to delete administrative apps.

Permission to delete child accounts.

Permission to delete custom user roles.

Permission to delete external roles.

Permission to remove users from the account.

Grants access to accounts::GetAccountUsage API.

Permission to get administrative apps.

Grants read access to **all** approval requests in the account.

Permission to get all users.

Permission to get child accounts.

Permission to get child account users.

Permission to get custom user roles.

Permission to get external roles.

Permission to invite users to the account.

Permission to manage account level client configurations.

Permission to update account name, custom logo, and other profile information.

Currently implies `CREATE_ACCOUNT_SOBJECT_POLICIES`, `UPDATE_ACCOUNT_SOBJECT_POLICIES`, and `DELETE_ACCOUNT_SOBJECT_POLICIES` permissions.

Permission to manage account subscription (only relevant for SaaS accounts).

Currently implies `INVITE_USERS_TO_ACCOUNT`, `DELETE_USERS_FROM_ACCOUNT`, `UPDATE_USERS_ACCOUNT_ROLE`, `UPDATE_USERS_ACCOUNT_ENABLED_STATE` and `GET_ALL_USERS` permissions.

Currently implies `CREATE_ADMIN_APPS`, `UPDATE_ADMIN_APPS`, `DELETE_ADMIN_APPS`, `RETRIEVE_ADMIN_APP_SECRETS` and `GET_ADMIN_APPS` permissions.

Permission to manage all approval request settings including approval request expiry.

Permission to manage SSO and password policy.

Currently implies `CREATE_CHILD_ACCOUNTS`, `UPDATE_CHILD_ACCOUNTS`, `DELETE_CHILD_ACCOUNTS`, `CREATE_CHILD_ACCOUNT_USERS`, `GET_CHILD_ACCOUNTS`, and `GET_CHILD_ACCOUNT_USERS` permissions.

Currently implies `CREATE_CUSTOM_ROLES`, `UPDATE_CUSTOM_ROLES`, `DELETE_CUSTOM_ROLES` and `GET_CUSTOM_ROLES` permissions.

Currently implies `CREATE_EXTERNAL_ROLES`, `SYNC_EXTERNAL_ROLES`, `DELETE_EXTERNAL_ROLES` and `GET_EXTERNAL_ROLES` permissions.

Permission to manage key expiry alert configurations.

Permission to manage logging integrations, and enable/disable error logging.

Permission to manage plugin code signing policy.

Permission to modify an account's `purpose` field (e.g., changing a replication account's settings), or to call any APIs involving replication credentials.

Permission to manage Workspace CSE configuration.

Permission to retrieve administrative apps' secrets.

Permission to set approval request expiry for all approval requests created in the account.

Permission to synchronize external roles.

Permission required for Workspace CSE PrivilegedUnwrap API.

Permission to update account's custom metadata attributes.

Permission to update various account-level security object policies including cryptographic policy, key metadata policy and key history policy.

Permission to update administrative apps.

Permission to update child accounts.

Permission to update custom user roles.

Permission to enable/disable users in the account.

Permission to change users' role in the account.

List of supported ActionType values.

List of supported ActionType values.

List of supported ActionType values.

List of supported ActionType values.

List of supported ActionType values.

List of supported ActionType values.

Diffie-Hellman key exchange mechanism.

List of supported Algorithm values.

List of supported Algorithm values.

List of supported Algorithm values.

List of supported Algorithm values.

List of supported Algorithm values.

List of supported Algorithm values.

List of supported Algorithm values.

List of supported Algorithm values.

List of supported Algorithm values.

List of supported Algorithm values.

List of supported Algorithm values.

List of supported Algorithm values.

List of supported Algorithm values.

List of supported Algorithm values.

List of supported Algorithm values.

List of supported Algorithm values.

List of supported Algorithm values.

List of supported Algorithm values.

List of supported Algorithm values.

List of supported Algorithm values.

List of supported All values.

List of supported AppAccountRole values.

List of supported AppAccountRole values.

List of supported AppAccountRole values.

List of supported AppAuthType values.

List of supported AppAuthType values.

List of supported AppAuthType values.

List of supported AppAuthType values.

List of supported AppAuthType values.

List of supported AppAuthType values.

List of supported AppAuthType values.

List of supported AppAuthType values.

List of supported AppAuthType values.

List of supported AppGroupRole values.

List of supported AppGroupRole values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

List of supported AppPermissions values.

Can perform similar actions to an account admin user, but not crypto ops.

Can perform crypto ops.

List of supported ApprovalStatus values.

List of supported ApprovalStatus values.

List of supported ApprovalStatus values.

List of supported ApprovalStatus values.

RP wants attestation statement as generated by the authenticator.

RP wants attestation statement which can uniquely identify the authenticator.

RP prefers getting attestation statement but allows client to decide how to obtain it.

When RP is not interested in attestation.

Authenticator that can be removed and used on various devices via cross-platform transport protocols.

An authenticator that is part of the client device.

Over Bluetooth Smart (Bluetooth Low Energy / BLE).

Indicates the respective authenticator is contacted using a client device-specific transport, i.e., it is a platform authenticator.

Over Near Field Communication (NFC).

Over removable USB.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsRegion values.

List of supported AwskmsService values.

List of supported AwskmsService values.

List of supported AwsMultiRegionKeyType values.

List of supported AwsMultiRegionKeyType values.

Azure Managed HSM.

HSM-protected (with Premium SKU).

Software-protected.

List of supported BatchExecutionType values.

List of supported BatchExecutionType values.

List of supported Bip32Network values.

List of supported Bip32Network values.

List of supported BlsVariant values.

List of supported BlsVariant values.

List of supported CaSet values.

List of supported CipherMode values.

List of supported CipherMode values.

List of supported CipherMode values.

List of supported CipherMode values.

List of supported CipherMode values.

List of supported CipherMode values.

List of supported CipherMode values.

List of supported CipherMode values.

List of supported CipherMode values.

List of supported CipherMode values.

List of supported CipherMode values.

DefaultAPIEndpoint is used if no Endpoint is specified in Client.

List of supported DigestAlgorithm values.

List of supported DigestAlgorithm values.

List of supported DigestAlgorithm values.

List of supported DigestAlgorithm values.

List of supported DigestAlgorithm values.

List of supported DigestAlgorithm values.

List of supported DigestAlgorithm values.

List of supported DigestAlgorithm values.

List of supported DigestAlgorithm values.

List of supported DigestAlgorithm values.

List of supported DigestAlgorithm values.

List of supported DigestAlgorithm values.

List of supported DigestAlgorithm values.

List of supported DigestAlgorithm values.

List of supported DigestAlgorithm values.

List of supported DigestAlgorithm values.

List of supported DigestAlgorithm values.

If this is set, the key can be used for key agreement.

Without this operation, management operations like delete, destroy, rotate, activate, restore, revoke, revert, update, remove_private, etc.

If this is set, the key can be used for key decapsulation.

If this is set, the key can be used for decryption.

If this is set, the key can be used to derive another key.

If this is set, the key can be used for key encapsulation.

If this is set, the key can be used for encryption.

If this is set, the value of the key can be retrieved with an authenticated request.

If this is set, audit logs will not be recorded for the key.

If this is set, the key can be used to compute a cryptographic Message Authentication Code (MAC) on a message.

If they is set, the key can be used to verify a MAC.

If this is set, the key can be used for masked decryption only.

If this is set, the key can be used for signing.

If this is set, the key can be transformed.

If this is set, the key can be used to unwrap a wrapped key.

If this is set, the key can used for verifying a signature.

If this is set, the key can be used wrapping other keys.

List of supported EllipticCurve values.

List of supported EllipticCurve values.

List of supported EllipticCurve values.

List of supported EllipticCurve values.

List of supported EllipticCurve values.

List of supported EllipticCurve values.

List of supported EllipticCurve values.

List of supported EllipticCurve values.

List of supported EllipticCurve values.

List of supported EllipticCurve values.

List of supported EllipticCurve values.

List of supported EllipticCurve values.

List of supported ExternalRoleKind values.

Used to indicate that a token part represents a day.

Used to indicate that a token part represents a month.

Used to indicate that a token part represents a year, with any zero value being treated as a leap year.

List of supported GcpAppPermissions values.

List of supported GcpAppPermissions values.

List of supported GoogleAccessReason values.

Customer uses their own account or grants IAM permission to some partner of theirs to perform any access to their own data which is authorized by their own IAM policy.

Access Transparency Types, public documentation can be found at: https://cloud.google.com/logging/docs/audit/reading-access-transparency-logs#justification-reason-codes.

List of supported GoogleAccessReason values.

List of supported GoogleAccessReason values.

Google access to data to help optimize the data's structure or quality for future uses by the customer.

Refers to Google-initiated access to maintain system reliability.

A Customer uses their account to perform any access to their own data which is authorized by their own IAM policy, however a Google administrator has reset the superuser account associated with the user’s Organization within the last 7 days.

Google accesses customer data to help optimize the structure of the data or quality for future uses by the customer.

No reason is expected for this key request as the service in question has never integrated with Key Access Justifications, or is still in Pre GA state and therefore may still have residual methods that call the External Key Manager but still do not provide a justification.

No reason is available for the access.

List of supported GoogleAccessReason values.

Permission to activate security objects.

Permission to add users to the group.

Permission to copy security objects.

Permission to create cryptographic apps.

Permission to create group-level approval policy.

Permission to create key custodian policy for the group.

Permission to create various group-level security object policies including cryptographic policy, key metadata policy and key history policy.

Permission to create plugins.

Permission to create security objects.

Permission to decapsulate security objects.

Permission to delete cryptographic apps.

Permission to delete the group.

Permission to delete group's key custodian policy.

Permission to delete various group-level security object policies including cryptographic policy, key metadata policy and key history policy.

Permission to delete key material including removing the private key part of an asymmetric key pair and removing key material of security objects backed by external HSM/KMS.

Permission to delete plugins.

Permission to delete security objects.

Permission to remove users from the group.

Permission to derive other security objects.

Permission to destroy security objects.

Permission to encapsulate security objects.

Permission to export security objects.

Permission to get cryptographic apps in the group.

Permission to get audit logs related to the group.

Permission to get information about the group.

Permission to get approval requests related to the group.

Permission to get plugin in the group.

Permission to get security objects stored in the group.

Permission to invoke plugins.

Currently implies `CREATE_APPS`, `UPDATE_APPS`, `RETRIEVE_APP_SECRETS`, `DELETE_APPS`, and `GET_APPS` permissions.

Permission to manage group-level client configurations.

Currently implies `CREATE_GROUP_CUSTODIAN_POLICY`, `UPDATE_GROUP_CUSTODIAN_POLICY`, `DELETE_GROUP_CUSTODIAN_POLICY`, and `GET_GROUP` permissions.

Currently implies `CREATE_GROUP_SOBJECT_POLICIES`, `UPDATE_GROUP_SOBJECT_POLICIES`, `DELETE_GROUP_SOBJECT_POLICIES`, and `GET_GROUP` permissions.

Currently implies `ADD_USERS_TO_GROUP`, `DELETE_USERS_FROM_GROUP`, and `UPDATE_USERS_GROUP_ROLE` permissions.

Permission to update or remove wrapping key of the group.

Currently implies `CREATE_PLUGINS`, `UPDATE_PLUGINS`, `INVOKE_PLUGINS`, `DELETE_PLUGINS`, and `GET_PLUGINS` permissions.

Currently implies `MAP_EXTERNAL_ROLES_FOR_APPS`, `MAP_EXTERNAL_ROLES_FOR_USERS`, and `GET_GROUP` permissions.

Permission to map external roles to DSM groups for apps authorized through LDAP.

Permission to map external roles to DSM groups for users authorized through LDAP.

Permission to move security objects.

Permission to restore key material of security objects backed by external HSM/KMS.

Permission to retrieve cryptographic apps' secrets.

Permission to revert changes to security objects.

Permission to revoke security objects, i.e.

Permission to rotate (a.k.a.

Permission to scan for security objects in external HSM/KMS.

Permission to transform security objects.

Permission to unwrap security objects.

Permission to call Workspace CSE Unwrap API.

Permission to update cryptographic apps.

Permission to update group's key custodian policy.

Permission to update external HSM/KMS configurations.

Permission to update name, description and custom metadata of the group.

Permission to update various group-level security object policies including cryptographic policy, key metadata policy and key history policy.

Permission to update key operations of security objects.

Permission to update plugins.

Permission to update individual security objects' policies.

Permission to enable/disable security objects.

Permission to update name, description, custom metadata, key links (currently only create parent link), and publish public key settings of security objects.

Permission to change users' role in the group.

List of supported GroupPermissions values.

Permission to wrap security objects.

Permission to call Workspace CSE Wrap API.

List of supported HealthStatus values.

List of supported HealthStatus values.

Go through the list of `HmgConfig`s in the order specified in each one's `hsm_order` field.

This is calculated by computing the CMAC (Cipher-based Message Authentication Code) on an all-zero block using the key, then taking the leftmost 40 bits of the output.

This is calculated by encrypting an all-zero block using the key and taking the leftmost 24 bits of the output.

The attestation statement is formatted as a DER-encoded X.509 certificate.

List of supported KeyFormat values.

List of supported KeyFormat values.

If this is set, the key can be used for key agreement.

Without this operation, management operations like delete, destroy, rotate, activate, restore, revoke, revert, update, remove_private, etc.

If this is set, the key can be used for key decapsulation.

If this is set, the key can be used for decryption.

If this is set, the key can be used to derive another key.

If this is set, the key can be used for key encapsulation.

If this is set, the key can be used for encryption.

If this is set, the value of the key can be retrieved with an authenticated request.

If this is set, audit logs will not be recorded for the key.

If this is set, the key can be used to compute a cryptographic Message Authentication Code (MAC) on a message.

If they is set, the key can be used to verify a MAC.

If this is set, the key can be used to for signing.

If this is set, the key can be transformed.

If this is set, the key can be used to unwrap a wrapped key.

If this is set, the key can used for verifying a signature.

If this is set, the key can be used wrapping other keys.

List of supported Language values.

In this mode (which cannot be selected for new LDAP integrations and is only meant for LDAP integrations that existed before custom roles), DSM rejects any external role mapping involving custom roles and in case of conflicting role assignments it takes the maximal legacy role.

In case of a role conflict, all role assignments where the role is marked as exclusive are ignored and the rest are assigned to the user.

List of supported LdapSearchScope values.

List of supported LdapSearchScope values.

The key can be used for all purposes.

The key cannot be used for any crypto operations until it becomes compliant.

The key can only be used for these crypto operations: - DECRYPT - VERIFY - MACVERIFY - UNWRAPKEY.

List of supported LegacyLdapAccountRole values.

List of supported LegacyLdapAccountRole values.

List of supported LegacyLdapAccountRole values.

List of supported LegacyLdapAccountRole values.

List of supported LegacyLdapAccountRole values.

List of supported LegacyUserAccountRole values.

List of supported LegacyUserAccountRole values.

List of supported LegacyUserAccountRole values.

List of supported LegacyUserGroupRole values.

List of supported LegacyUserGroupRole values.

Common HTTP methods.

Common HTTP methods.

Common HTTP methods.

Common HTTP methods.

Common HTTP methods.

RFC 5789.

Common HTTP methods.

Common HTTP methods.

Common HTTP methods.

List of supported MfaDeviceType values.

List of supported MfaDeviceType values.

FIDO2 protocol.

U2f protocol.

List of supported MlDsaParamSet values.

List of supported MlDsaParamSet values.

List of supported MlDsaParamSet values.

List of supported MlKemParamSet values.

List of supported MlKemParamSet values.

List of supported MlKemParamSet values.

List of supported NotificationPref values.

List of supported NotificationPref values.

List of supported NotificationPref values.

List of supported NotificationPref values.

The Authorization Server SHOULD display the authentication and consent UI consistent with a full User Agent page view.

The Authorization Server SHOULD display the authentication and consent UI consistent with a popup User Agent window.

The Authorization Server SHOULD display the authentication and consent UI consistent with a device that leverages a touch interface.

The Authorization Server SHOULD display the authentication and consent UI consistent with a "feature phone" type display.

The Authorization Server SHOULD prompt the End-User for consent before returning information to the Client.

The Authorization Server SHOULD prompt the End-User for reauthentication.

The Authorization Server MUST NOT display any authentication or consent user interface pages.

The Authorization Server SHOULD prompt the End-User to select a user account.

List of supported OauthScope values.

List of supported OauthScope values.

List of supported OauthScope values.

List of supported OauthScope values.

List of supported ObjectOrigin values.

List of supported ObjectOrigin values.

List of supported ObjectOrigin values.

List of supported ObjectType values.

List of supported ObjectType values.

List of supported ObjectType values.

List of supported ObjectType values.

List of supported ObjectType values.

List of supported ObjectType values.

List of supported ObjectType values.

List of supported ObjectType values.

List of supported ObjectType values.

List of supported ObjectType values.

List of supported ObjectType values.

List of supported ObjectType values.

List of supported ObjectType values.

List of supported ObjectType values.

List of supported ObjectType values.

List of supported ObjectType values.

List of supported ObjectType values.

List of supported ObjectType values.

List of supported ObjectType values.

List of supported ObjectType values.

List of supported ObjectType values.

List of supported ObjectType values.

List of supported ObjectType values.

List of values for Order.

List of values for Order.

List of supported PluginType values.

List of supported PluginType values.

List of supported PluginType values.

Public key credential.

List of supported QuorumGroupPermissions values.

List of supported QuorumGroupPermissions values.

List of supported QuorumGroupPermissions values.

List of supported QuorumGroupPermissions values.

List of supported QuorumGroupPermissions values.

List of supported QuorumGroupPermissions values.

List of supported QuorumGroupPermissions values.

List of supported QuorumGroupPermissions values.

List of supported QuorumGroupPermissions values.

List of supported QuorumGroupPermissions values.

List of supported QuorumGroupPermissions values.

List of supported QuorumGroupPermissions values.

List of supported QuorumGroupPermissions values.

List of supported QuorumGroupPermissions values.

Indicates that the relying party "prefers" that client-side discoverable creds aren't created.

Indicates that relying party prefers resident keys.

Indicates that relying party requires resident keys.

List of supported RevocationReasonCode values.

List of supported RevocationReasonCode values.

List of supported RevocationReasonCode values.

List of supported RevocationReasonCode values.

List of supported RevocationReasonCode values.

List of supported RevocationReasonCode values.

List of supported RevocationReasonCode values.

List of supported RoleKind values.

List of supported RoleKind values.

List of supported ServerMode values.

List of supported ServerMode values.

List of supported SeverityLevel values.

List of supported SeverityLevel values.

List of supported SeverityLevel values.

List of supported SeverityLevel values.

JSON format.

Value format.

The security object can be used for any cryptographic purpose.

The security object can not be used for applying cryptographic protection but can be used for processing cryptographically protected information.

The security object can not be used for applying cryptographic protection, but can be used for processing cryptographically protected information.

The security object does not exist in DSM.

The security object can not perform any cryptographic operations, as the key material gets deleted.

The security object exists but can not be used for any cryptographic purpose until it's activated.

Logical XOR operation.

List of supported SubscriptionFeatures values.

List of supported SubscriptionFeatures values.

List of supported SubscriptionFeatures values.

List of supported SubscriptionFeatures values.

List of supported SubscriptionFeatures values.

List of supported SubscriptionFeatures values.

List of supported SyslogFacility values.

List of supported SyslogFacility values.

List of supported SyslogFacility values.

List of supported SyslogFacility values.

List of supported SyslogFacility values.

List of supported SyslogFacility values.

List of supported SyslogFacility values.

List of supported SyslogFacility values.

List of supported SyslogFacility values.

List of supported TepKeyContext values.

List of supported TepKeyContext values.

List of supported TokenType values.

List of supported TokenType values.

List of supported UserAccountFlag values.

List of supported UserAccountFlag values.

UV isn't "preferred" by RP.

UV is preferred by the RP but op won't fail if it isn't satisfied.

Indicates the requirement of UV by RP and op fails if this wasn't satisfied.

Each CSE user is represented by a DSM app and only needs access to cse specific endpoints.

Each CSE user must be registered as a DSM user.

Account approval policy.

The model used to create a new account extension.

Describes the purpose of the account.

The purpose of the account (minus any configuration-related details).

Settings for how a replication account should connect to a source cluster.

Settings for how DSM should go about replicating objects from the source account once a connection has been established.

Request body to perform key agreement.

App authentication mechanisms.

SigV4 credentials used for AWS XKS APIs.

An App's service account for communicating with Google APIs and Cloud.

App credential response.

Authentication using a signed JWT directly as a bearer token.

OAuth settings for an app.

Request for resetting the app secret.

ApprovableResult is the result of an operation performed through approval requests.

Authentication requirements for approval request reviewers.

Settings that apply to quorum approval requests.

A request struct for modifying settings that apply to quorum approval requests.

Identifies an object acted upon by an approval request.

Configurations for waiting for quorum approval.

Sort apps as per given ordering.

Sort apps on the basis of their app_id.

Sort apps on the basis of their app_name.

Account authentication settings.

LDAP authentication settings.

OAuth single sign-on authentication settings.

Password authentication settings.

Signed JWT authentication settings.

Vcd single sign-on authentication settings.

Extensions for webauthn.

This is the response of extension inputs.

AuthenticationResponse is the response returned by AuthenticateWith* APIs.

<https://www.w3.org/TR/webauthn-2/#iface-authenticatorassertionresponse>.

This represents the authenticator's response to a client’s request for the creation of a new public key credential.

Parameters for deciding which authenticators should be selected.

Hints by relying party on how client should communicate with the authenticator.

Login using a DSM user password and, optionally, a captcha.

Settings for automatic scanning in DSM-backed groups or replication accounts.

Information and properties of AWS KMS resources.

This structure mentions various properties of AWS multi region keys.

Temporary credentials to be used for AWS KMS.

The set of endpoints to use when connecting with Azure cloud.

BackendError is an error returned by SDKMS backend.

BasicAuth is used for user authentication.

Request body of each item in batch decryption **Note** : Provide the key ID in the *`kid`* field.

BatchDecryptResponseItem is returned by BatchDecrypt operation.

Request body of each item in batch encryption **Note** : Provide the key ID in the *`kid`* field.

BatchEncryptResponseItem is returned by BatchEncrypt operation.

BatchSignResponseItem is returned by BatchSign operation.

BatchVerifyResponseItem is returned by BatchVerify operation.

CA settings.

Details about a certificate-based admin app credential used for account replication.

Client is an SDKMS client.

Request to start configuring U2F.

Request to copy a security object.

An indicator of how accurate a count of objects is.

Request for assigning a group membership to an (AppRole::Admin) app.

A request to create a new admin app credential for account replication purposes.

`CipherMode` or `RsaEncryptionPadding`, depending on the encryption algorithm.

Custom subscription type.

Request body to perform key decapsulation.

Request body to finalize a multi-part decryption.

Final response body of a multi-part decryption.

Request body to initialize multi-part decryption.

Response body for initializing multi-part decryption.

Request to decrypt data.

Response of a decryption request.

Request body for multi-part decryption.

Response body of multi-part decryption.

Mechanism to be used when deriving a new key from an existing key.

Request body to derive a key.

Cryptographic policy for triple DES objects.

Request to compute the hash of arbitrary data.

Response body of a hash operation.

An aggregation of policies and permissions of the session creator for a security object.

Request body to perform key encapsulation.

Result of an encapsulation request.

Request body to finalize a multi-part encryption.

Final response body of a multi-part encryption.

Request body to initialize multi-part encryption.

Response body of initializing multi-part encryption.

Request to encrypt data.

Response of an encryption request.

Request body for continuing multi part encryption.

Response body of multi-part encryption.

Response parameters to show Audit log details.

Response structure of a single log.

Response for Audit log Query.

Export security object by components response.

The sobject can only be exported wrapped by a key as specified by the `WrappingKeys`.

Request to Export a security object by components.

Information specific to an external KMS.

This describes an external object -- specifically, information about its source object.

Fido2 options when requesting assertion or attestation to a device.

This contains the request for adding a FIDO device to user's data.

Initiate password reset sequence.

Structure of a compound portion of a complex tokenization data type, itself composed of smaller parts.

Represents a concatenation of multiple structures (in a particular order).

Indicates a part that is possibly repeated multiple times.

Represents an OR of multiple structures.

Constraints on a portion of a complex tokenization data type.

A structure indicating which subparts to which to apply a set of constraints.

Structure for specifying (part of) a complex tokenization data type.

A section of the data type that is not to be tokenized (e.g., a delimiter).

A structure for specifying a token part representing a date that occurs after a specified date and/or occurs before a specified date.

Possible date-related constraint types for a portion of a complex tokenization data type.

Represents a date that consists of a Month subpart, a Day subpart, and a Year subpart.

Represents a date that consists of a Month subpart and a Day subpart.

Represents a date that consists of a Month subpart and a Year subpart.

A structure for specifying a particular date consisting of a day and a month, for use in an FpeDate structure.

A structure for specifying a particular date consisting of a day, month, and year, for use in an FpeDate structure.

Structure of a tokenized portion of a complex tokenization data type.

A structure for specifying a particular date consisting of a month and a year, for use in an FpeDate structure.

FPE-specific options (for specifying the format of the data to be encrypted).

Advanced FPE options.

Basic FPE-specific options.

A structure indicating which indices in an encrypted part to mask or preserve.

Information about a group's recent scans.

The response for the GetAllGroupMembership endpoint.

Query params for individual App APIs.

Parameters to show sobject details.

Policy specifying acceptable access reasons by Google Service Account at App or Sobject level.

A Google service account key object.

Group approval policy.

Type for updating a group membership.

Additional information or context regarding the groups the entity holds membership in.

Request to import a security object by components.

The IPs that are allowed for an application.

Request to retrieve a key attestation certificate for a security object.

Key attestation response.

A key attestation statement.

Request for getting the KCV of a security object.

KCV of a key.

Linked security objects.

Role of a user or app in an account for the purpose of LDAP configurations.

LDAP authorization settings.

Distinguished Name (DN) resolution method.

Transform the user email through a pattern to derive the DN.

Credentials used by the service to authenticate itself to an LDAP server.

LDAP user self-provisioning settings.

A structure indicating how self-provisioned LDAP users will be assigned account roles.

Map all self-provisioned users to a single specified account role.

Legacy user group role name or custom role id.

Query params for Get all apps API.

The response of the get all apps API.

A response that includes metadata.

The response of the get all groups API.

A response that includes metadata.

Query parameters to get Plugins.

Response body for a GET call to retrieve all replication credentials.

Request parameters for filtering and listing security objects.

Response structure from list security objects query.

LMS specific options.

Query parameters to get audit logs.

Request to compute a MAC.

Response of a MAC computation request.

Params for Mfa challenge.

Request to delete a FIDO device.

A FIDO device that may be used for second factor authentication.

Request to rename a FIDO device.

Specifies the Mask Generating Function (MGF) to use.

MGF1 algorithm.

MGF policy.

ML-DSA specific options.

ML-KEM specific options.

Parameters for the OpenID Connect Authentication Request https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest.

Counts of objects of various types in an account.

Request to compute digest of a key.

Digest of a key.

Request to change user's password.

Request to perform a password reset.

Request to persist a transient key.

Plugin code signing policy.

Sorting order on listed Plugins.

Sort plugins by Plugin Id.

Plugin code that will be executed inside SGX enclave.

Expired app-credentials that are still valid for a transitional period.

A security principal.

UserViaApp signifies a user authorizing some app to act on its behalf through OAuth.

Accept/reject invitations to join account.

<https://www.w3.org/TR/webauthn-2/#dictionary-makecredentialoptions>.

Used to in registration response (telling about existing creds) to prevent creation of duplicate creds on the same authenticator.

https://www.w3.org/TR/webauthn-2/#dictionary-credential-params.

<https://www.w3.org/TR/webauthn-2/#dictionary-assertion-options>.

<https://www.w3.org/TR/webauthn-2/#dictionary-rp-credential-params>.

<https://www.w3.org/TR/webauthn-2/#dictionary-user-credential-params>.

If enabled, the public key will be available publicly (without authentication) through the GetPublicKey API.

Quorum approval policy.

Quorum Policy Configurations in clients.

Approval policy.

A summary of the latest scans for a replication account.

Request to authenticate using U2F recovery code.

U2F recovery codes.

Details about the admin app credential used to replicate objects from the source account.

A request to generate a new self-signed certificate for a replication credential.

Response from the endpoint to generate a new self-signed cert for a replication credential.

Information about a scan performed under a replication account.

Reseller subscription type.

Reviewer of an approval request.

A Principal who can approve or deny an approval request.

Reason for revoking a key.

Type of padding to use for RSA encryption.

Optimal Asymmetric Encryption Padding (PKCS#1 v2.1).

RSA encryption padding policy.

The Optional Asymmetric Encryption Padding scheme, as defined in RFC 8017 (PKCS #1 version 2.2).

Constraints on RSA encryption parameters.

RSA-specific options.

Type of padding to use for RSA signatures.

RSA signature padding policy.

Probabilistic Signature Scheme (PKCS#1 v2.1).

Constraints on RSA signature parameters.

An object for representing a scan of objects from a source HSM, DSM cluster, or cloud KMS.

The result of a scan.

Indicates that a scan has failed.

A warning "thrown" by a scan.

Request to select an account.

Response to select account request.

Signature mechanism.

Signing keys used to validate JSON Web Signature objects including signed JSON Web Tokens.

Request to sign data (or hashed data) using an asymmetric key.

Response of a signing request.

Request to signup a new user.

Component of security object, held by a custodian.

Uniquely identifies a persisted or transient sobject.

Uniquely identifies a persisted sobject.

Request to rekey a security object.

Request to rotate a security object to an existing security object.

Sorting order on listed security objects.

Security object UUID.

Security object name.

Splunk logging configuration.

Stackdriver logging configuration.

A request to update subscription type.

Type of subscription.

TLS client settings.

Options for mechanism to be used when transforming a key.

Request body to transform a key.

`TrustedCa` app auth.

Description of a U2F device to add for two factor authentication.

Use of U2F is deprecated, use FIDO2 for second factor authentication.

A challenge used for multi-factor authentication.

Description of a registered U2F device.

Request to unwrap a security object.

Request to unwrap an sobject with another sobject.

A request to update a certificate-based replication credential.

A request to update a replication credential (e.g., associating it with an app ID).

User account flag or legacy user account role name or custom role id.

Verify KCV of a key.

Key Checksum Value verification status.

Request to verify a MAC.

Request to verify a signature using an asymmetric key.

Result of verifying a signature or MAC.

Information about the service version.

Information specific to a virtual key.

These settings will allow the service to validate the Google-issued authorization tokens used in Workspace CSE APIs.

Workspace CSE API settings.

An identity provider trusted to authenticate users for Workspace CSE APIs.

Wrapping key parameters.

Request to wrap an sobject with another sobject.

Result of a key wrapping request.

Only keys in this list can be used to wrap the sobject.

XMSS specific options.

Authorization provides an HTTP authorization header.

Options to use for key agreement mechanism.

A cryptographic algorithm.

A helper enum with a single variant, All, which indicates that something should apply to an entire part.

APIKey is used for app authentication.

Authentication method of an app.

AppGroups contains a list of groups and optionally permissions granted to an app in each group.

Operations allowed to be performed by an app.

App's role.

Approval request status.

<https://www.w3.org/TR/webauthn-2/#enum-attestation-convey> <https://www.w3.org/TR/webauthn-2/#sctn-attestation> If you really want to understand attestation, read the following: <https://fidoalliance.org/fido-technotes-the-truth-about-attestation/> <https://medium.com/webauthnworks/webauthn-fido2-demystifying-attestation-and-mds-efc3b3cb3651> This enum just specified how the attestation should be conveyed to the RP.

<https://www.w3.org/TR/webauthn-2/#enumdef-authenticatorattachment>.

See [AuthenticatorTransport] type.

AWS KMS resources are hosted in multiple locations world-wide and each AWS Region is a separate geographic area https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html.

Specifies the AWS service.

Specifies the type of multi-Region keys.

Types of Azure Key Vault based on the protection level.

BearerToken is used for established sessions.

The BIP32 network The Testnet network is usually an actual network with nodes and miners, and free cryptocurrency.

Blob represents binary data.

Signature/public-key size trade-off for BLS.

Predefined CA sets.

Char represents a single `rune` encoded as a JSON string.

Cipher mode used for symmetric key algorithms.

A hash algorithm.

Operations allowed to be performed on a given key by a given User or an app.

Identifies a standardized elliptic curve.

Type of an external role.

The alphabet to use for an encrypted portion of a complex tokenization data type.

Possible date-related constraint types that do not form a complete date (by themselves) for a complex tokenization data type.

An index for listing subparts of a compound part to which certain constraints are to be applied.

An access reason provided by Google when making EKMS API calls.

The scheme for determining how multiple `HmgConfig`s on a group should behave.

Methods for calculating a Key Checksum Value.

Key Format.

Operations allowed to be performed on a given key.

Language of plugin code.

Controls how we resolve conflicting role assignments with LDAP authorization.

Role of a user or app in an account for the purpose of LDAP configurations.

Legacy user account role.

Legacy user group role.

Type of MFA device.

Protocols for MFA.

ML-DSA parameter sets.

ML-KEM parameter sets.

Notification preferences.

Corresponds to the `display` parameter in https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest.

Corresponds to the `prompt` parameter in https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest.

OAuth scope.

The origin of a security object - where it was created / generated.

Type of security object.

Order specifies sort order of objects returned.

PluginOutput is returned by the InvokePlugin operation.

Type of a plugin.

https://www.w3.org/TR/webauthn-2/#enum-credentialType This enum defines valid cred types.

Subset of GroupPermissions to represent GroupPermissions flags in use.

The ID of a replication credential.

<https://www.w3.org/TR/webauthn-2/#enum-residentKeyRequirement> Tells Relying Party's requirement about client side discoverable creds (formely known as resident keys).

Reasons to revoke a security object.

Server execution mode.

Response data encoding.

Security object operational state.

Method used to split the key into multiple components.

Features in subscription.

Time in ISO 8601 format.

User account flag.

User's role(s) and state in an account.

User's role(s) in a group.

https://www.w3.org/TR/webauthn-2/#enum-userVerificationRequirement https://www.w3.org/TR/webauthn-2/#user-verification.

UUID is a universally-unique identifier in hyphenated format.

Authentication method for Google Workspace CSE, `User` (default choice) requires each CSE user to be registered as a DSM user, while `App` requires each CSE user to be represented by a DSM app.