InstanceEncryptionConfig

Optional. This field is maintained for backwards compatibility. For new callers, we recommend using kms_key_names to specify the KMS key. kms_key_name should only be used if the location of the KMS key matches the database instance’s configuration (location) exactly. E.g. The KMS location is in us-central1 or nam3 and the database instance is also in us-central1 or nam3. The Cloud KMS key to be used for encrypting and decrypting the database. Values are of the form projects//locations//keyRings//cryptoKeys/.

Optional. Specifies the KMS configuration for one or more keys used to encrypt the database. Values are of the form projects//locations//keyRings//cryptoKeys/. The keys referenced by kms_key_names must fully cover all regions of the database's instance configuration. Some examples: * For regional (single-region) instance configurations, specify a regional location KMS key. * For multi-region instance configurations of type GOOGLE_MANAGED, either specify a multi-region location KMS key or multiple regional location KMS keys that cover all regions in the instance configuration. * For an instance configuration of type USER_MANAGED, specify only regional location KMS keys to cover each region in the instance configuration. Multi-region location KMS keys aren't supported for USER_MANAGED type instance configurations.