wrapprivatekey action

The wrapprivatekey action means that a wrapprivatekey request has been made. This is the case whenever a user’s private key is encrypted for Gmail.

This action generates an "info" severity log in the event of success, or a "crit" severity log in the event of an error.

The log fields for these actions are as follows:

Field

Description

Type

Required/
Optional

tenant_id

Tenant identifier.

Example: 025f02fe-bee2-444b-bf76-b5ead30327c0

String in uuid v4 format Mandatory
kek_id

Identifier of the KEK used.

Example: ed7e4c13-6199-30a3-7bce-1c82a9e31e21

String Mandatory
perimeter_id

Identifier for additional verification of authentication and authorization requests.

Example: Perimeter_id of the request

String Mandatory
private_key_supported_algorithms

Encryption and signature algorithms supported by this key.

Example: "["RSA/ECB/PKCS1Padding","SHA1withRSA",
"SHA256withRSA"]

String Mandatory
private_key_mode

Type of private key used during the operation.

Prescribed values:

  • private-key-pem: Users' private keys are stored encrypted at Google,

  • private-key-name: Users' private keys are stored in a KMS and never removed. Only the names of the private keys are stored at Google.

String Mandatory