$schema: "http://json-schema.org/draft-06/schema#"

title: compute beta CustomerEncryptionKey export schema
description: A gcloud export/import command YAML validation schema.
type: object
additionalProperties: false
properties:
  COMMENT:
    type: object
    description: User specified info ignored by gcloud import.
    additionalProperties: false
    properties:
      template-id:
        type: string
      region:
        type: string
      description:
        type: string
      date:
        type: string
      version:
        type: string
  UNKNOWN:
    type: array
    description: Unknown API fields that cannot be imported.
    items:
      type: string
  kmsKeyName:
    description: |-
      The name of the encryption key that is stored in Google Cloud KMS.
    type: string
  kmsKeyServiceAccount:
    description: |-
      The service account being used for the encryption request for the given
      KMS key. If absent, the Compute Engine default service account is used.
    type: string
  rawKey:
    description: |-
      Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648
      base64 to either encrypt or decrypt this resource.
    type: string
  rsaEncryptedKey:
    description: |-
      Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-
      supplied encryption key to either encrypt or decrypt this resource.  The
      key must meet the following requirements before you can provide it to
      Compute Engine:   - The key is wrapped using a RSA public key certificate
      provided by Google.  - After being wrapped, the key must be encoded in RFC
      4648 base64 encoding.  Gets the RSA public key certificate provided by
      Google at: https://cloud- certs.storage.googleapis.com/google-cloud-csek-
      ingress.pem
    type: string
  sha256:
    description: |-
      [Output only] The RFC 4648 base64 encoded SHA-256 hash of the customer-
      supplied encryption key that protects this resource.
    type: string