RestoreDatabaseEncryptionConfig

Required. The encryption type of the restored database.

Optional. This field is maintained for backwards compatibility. For new callers, we recommend using kms_key_names to specify the KMS key. Only use kms_key_name if the location of the KMS key matches the database instance's configuration (location) exactly. For example, if the KMS location is in us-central1 or nam3, then the database instance must also be in us-central1 or nam3. The Cloud KMS key that is used to encrypt and decrypt the restored database. Set this field only when encryption_type is CUSTOMER_MANAGED_ENCRYPTION. Values are of the form projects//locations//keyRings//cryptoKeys/.

Optional. Specifies the KMS configuration for one or more keys used to encrypt the database. Values have the form projects//locations//keyRings//cryptoKeys/. The keys referenced by kms_key_names must fully cover all regions of the database's instance configuration. Some examples: * For regional (single-region) instance configurations, specify a regional location KMS key. * For multi-region instance configurations of type GOOGLE_MANAGED, either specify a multi-region location KMS key or multiple regional location KMS keys that cover all regions in the instance configuration. * For an instance configuration of type USER_MANAGED, specify only regional location KMS keys to cover each region in the instance configuration. Multi-region location KMS keys aren't supported for USER_MANAGED type instance configurations.