Add support for BigQuery customer-managed encryption keys #58
Labels
api: bigquery
Issues related to the googleapis/nodejs-bigquery API.
priority: p2
Moderately-important priority. Fix may not be included in next release.
🚨
This issue needs some love.
type: question
Request for information or clarification. Not an issue.
Copied from original issue: googleapis/google-cloud-node#2801
@choenden
February 6, 2018 4:33 PM
BigQuery customer-managed encryption keys allow users to specify a Cloud KMS key to protect their BigQuery table.
API:
Jobs: https://cloud.google.com/bigquery/docs/reference/rest/v2/jobs
In a job, there is a destinationEncryptionConfiguration field, which indicates which Cloud KMS key should be used for the destination.
Tables: https://cloud.google.com/bigquery/docs/reference/rest/v2/tables
In a table, there is a encryptionConfiguration field, which indicates which Cloud KMS key protects (or should protect in case of CreateTable) a BigQuery table.
These are the main APIs that are required for day-to-day interaction.
With lower priority, support for getServiceAccount would also be nice: https://cloud.google.com/bigquery/docs/reference/rest/v2/projects/getServiceAccount
Note that unlike the other methods mentioned above, this would generally only be called once and the resulting value (the email address) does not change - so it can easily also be called from UI/API/CLI without much hindrance (hence lower priority).
The text was updated successfully, but these errors were encountered: