EncryptionConfig
Stay organized with collections
Save and categorize content based on your preferences.
Encryption configuration for a new database being created from another source.
The source could be a Backup .
| Fields |
Union field encryption_type. The method for encrypting the database. encryption_type can be only one of the following: |
googleDefaultEncryption |
object (GoogleDefaultEncryptionOptions)
Use Google default encryption.
|
useSourceEncryption |
object (SourceEncryptionOptions)
The database will use the same encryption configuration as the source.
|
customerManagedEncryption |
object (CustomerManagedEncryptionOptions)
Use Customer Managed Encryption Keys (CMEK) for encryption.
|
GoogleDefaultEncryptionOptions
This type has no fields.
The configuration options for using Google default encryption.
SourceEncryptionOptions
This type has no fields.
The configuration options for using the same encryption method as the source.
CustomerManagedEncryptionOptions
The configuration options for using CMEK (Customer Managed Encryption Key) encryption.
| JSON representation |
{
"kmsKeyName": string
} |
| Fields |
kmsKeyName |
string
Required. Only keys in the same location as the database are allowed to be used for encryption. For Firestore's nam5 multi-region, this corresponds to Cloud KMS multi-region us. For Firestore's eur3 multi-region, this corresponds to Cloud KMS multi-region europe. See https://cloud.google.com/kms/docs/locations. The expected format is projects/{projectId}/locations/{kms_location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.
|
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-08-01 UTC.
[null,null,["Last updated 2025-08-01 UTC."],[],[],null,["# EncryptionConfig\n\nEncryption configuration for a new database being created from another source.\n\nThe source could be a [Backup](/docs/firestore/reference/rest/v1/projects.locations.backups#Backup) .\n\n| JSON representation |\n|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| ``` { // Union field `encryption_type` can be only one of the following: \"googleDefaultEncryption\": { object (/docs/firestore/reference/rest/v1/EncryptionConfig#GoogleDefaultEncryptionOptions) }, \"useSourceEncryption\": { object (/docs/firestore/reference/rest/v1/EncryptionConfig#SourceEncryptionOptions) }, \"customerManagedEncryption\": { object (/docs/firestore/reference/rest/v1/EncryptionConfig#CustomerManagedEncryptionOptions) } // End of list of possible types for union field `encryption_type`. } ``` |\n\n| Fields ||\n|-----------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| Union field `encryption_type`. The method for encrypting the database. `encryption_type` can be only one of the following: ||\n| `googleDefaultEncryption` | `object (`[GoogleDefaultEncryptionOptions](/docs/firestore/reference/rest/v1/EncryptionConfig#GoogleDefaultEncryptionOptions)`)` Use Google default encryption. |\n| `useSourceEncryption` | `object (`[SourceEncryptionOptions](/docs/firestore/reference/rest/v1/EncryptionConfig#SourceEncryptionOptions)`)` The database will use the same encryption configuration as the source. |\n| `customerManagedEncryption` | `object (`[CustomerManagedEncryptionOptions](/docs/firestore/reference/rest/v1/EncryptionConfig#CustomerManagedEncryptionOptions)`)` Use Customer Managed Encryption Keys (CMEK) for encryption. |\n\nGoogleDefaultEncryptionOptions\n------------------------------\n\nThis type has no fields.\nThe configuration options for using Google default encryption.\n\nSourceEncryptionOptions\n-----------------------\n\nThis type has no fields.\nThe configuration options for using the same encryption method as the source.\n\nCustomerManagedEncryptionOptions\n--------------------------------\n\nThe configuration options for using CMEK (Customer Managed Encryption Key) encryption.\n\n| JSON representation |\n|----------------------------------|\n| ``` { \"kmsKeyName\": string } ``` |\n\n| Fields ||\n|--------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| `kmsKeyName` | `string` Required. Only keys in the same location as the database are allowed to be used for encryption. For Firestore's nam5 multi-region, this corresponds to Cloud KMS multi-region us. For Firestore's eur3 multi-region, this corresponds to Cloud KMS multi-region europe. See \u003chttps://cloud.google.com/kms/docs/locations\u003e. The expected format is `projects/{projectId}/locations/{kms_location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}`. |"]]
