KMSKeyName

Purpose

Specifies the customer-managed encryption key (CMEK) that the driver uses for executing queries. If it is not specified, the driver uses the default key encryption key from Google.

To learn more about CMEK, refer to the Google documentation.

Valid Values

projects/project/locations/location/KeyRings/keyring/cryptoKeys/key

where:

project: specifies the name of the project that you want the driver to connect to.

location: specifies the geographical location where your dataset is stored.

keyring: specifies the key ring value, which is a prerequisite for creating CMEK. To learn how to create a key ring, refer to the Google documentation.

key: specifies the CMEK value. To learn how to create a key, refer to the Google documentation.

Notes

Passing KMSKeyName as part of job configuration is not supported for DDL statements. Therefore, for Create statements, CMEK must be provided using the Options clause, in the following format:
```
CREATE TABLE <dataset_name>.<table_name>(<column_name> <column_type>)
OPTIONS(kms_key_name='projects/project/locations/location/KeyRings/keyring/cryptoKeys/key')
```
If a table is encrypted using CMEK, you can perform insert and select operations on it with or without specifying CMEK. However, you must not specify an incorrect CMEK, as it leads to query failure.
If you specify a CMEK to query a table that is not encrypted with CMEK, the query will fail.
CMEKs specified at connection are used to execute queries for the life of the connection.

Data Source Method

setKMSKeyName

Default

None

Data Type

String

Progress DataDirect Cloud Connector for Google BigQuery User's Guide Release 6.0.0

KMSKeyName

Table of Contents

KMSKeyName

Purpose

Valid Values

Notes

Data Source Method

Default

Data Type

Related Links