googleapis
diff --git a/‎google/cloud/spanner_admin_database_v1/gapic/database_admin_client.py
Lines changed: 18 additions & 0 deletions b/‎google/cloud/spanner_admin_database_v1/gapic/database_admin_client.py
Lines changed: 18 additions & 0 deletions
diff --git a/‎google/cloud/spanner_admin_database_v1/gapic/enums.py
Lines changed: 21 additions & 0 deletions b/‎google/cloud/spanner_admin_database_v1/gapic/enums.py
Lines changed: 21 additions & 0 deletions
diff --git a/‎google/cloud/spanner_admin_database_v1/proto/backup.proto
Lines changed: 5 additions & 1 deletion b/‎google/cloud/spanner_admin_database_v1/proto/backup.proto
Lines changed: 5 additions & 1 deletion
diff --git a/‎google/cloud/spanner_admin_database_v1/proto/backup_pb2.py
Lines changed: 55 additions & 28 deletions b/‎google/cloud/spanner_admin_database_v1/proto/backup_pb2.py
Lines changed: 55 additions & 28 deletions
@@ -40,6 +40,7 @@
     database_admin_grpc_transport,
 )
 from google.cloud.spanner_admin_database_v1.proto import backup_pb2
+from google.cloud.spanner_admin_database_v1.proto import common_pb2
 from google.cloud.spanner_admin_database_v1.proto import spanner_database_admin_pb2
 from google.cloud.spanner_admin_database_v1.proto import spanner_database_admin_pb2_grpc
 from google.iam.v1 import iam_policy_pb2
@@ -100,6 +101,17 @@ def backup_path(cls, project, instance, backup):
             backup=backup,
         )
 
+    @classmethod
+    def crypto_key_path(cls, project, location, key_ring, crypto_key):
+        """Return a fully-qualified crypto_key string."""
+        return google.api_core.path_template.expand(
+            "projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}",
+            project=project,
+            location=location,
+            key_ring=key_ring,
+            crypto_key=crypto_key,
+        )
+
     @classmethod
     def database_path(cls, project, instance, database):
         """Return a fully-qualified database string."""
@@ -237,6 +249,7 @@ def create_database(
         parent,
         create_statement,
         extra_statements=None,
+        encryption_config=None,
         retry=google.api_core.gapic_v1.method.DEFAULT,
         timeout=google.api_core.gapic_v1.method.DEFAULT,
         metadata=None,
@@ -282,6 +295,10 @@ def create_database(
                 database. Statements can create tables, indexes, etc. These
                 statements execute atomically with the creation of the database:
                 if there is an error in any statement, the database is not created.
+            encryption_config (Union[dict, ~google.cloud.spanner_admin_database_v1.types.EncryptionConfig]): Optional.
+
+                If a dict is provided, it must be of the same form as the protobuf
+                message :class:`~google.cloud.spanner_admin_database_v1.types.EncryptionConfig`
             retry (Optional[google.api_core.retry.Retry]):  A retry object used
                 to retry requests. If ``None`` is specified, requests will
                 be retried using a default configuration.
@@ -316,6 +333,7 @@ def create_database(
             parent=parent,
             create_statement=create_statement,
             extra_statements=extra_statements,
+            encryption_config=encryption_config,
         )
         if metadata is None:
             metadata = []
 
@@ -72,3 +72,24 @@ class State(enum.IntEnum):
         CREATING = 1
         READY = 2
         READY_OPTIMIZING = 3
+
+
+class EncryptionInfo(object):
+    class Type(enum.IntEnum):
+        """
+        Possible encryption types for a resource.
+
+        Attributes:
+          TYPE_UNSPECIFIED (int): Encryption type was not specified, though data at rest remains encrypted.
+          GOOGLE_DEFAULT_ENCRYPTION (int): The data backing this resource is encrypted at rest with a key that is
+          fully managed by Google. No key version or status will be populated.
+          This is the default state.
+          CUSTOMER_MANAGED_ENCRYPTION (int): The data backing this resource is encrypted at rest with a key that
+          is managed by the customer. The active version of the key.
+          'kms_key_version' will be populated, and 'encryption_status' may be
+          populated.
+        """
+
+        TYPE_UNSPECIFIED = 0
+        GOOGLE_DEFAULT_ENCRYPTION = 1
+        CUSTOMER_MANAGED_ENCRYPTION = 2
@@ -22,7 +22,6 @@ import "google/longrunning/operations.proto";
 import "google/protobuf/field_mask.proto";
 import "google/protobuf/timestamp.proto";
 import "google/spanner/admin/database/v1/common.proto";
-import "google/api/annotations.proto";
 
 option csharp_namespace = "Google.Cloud.Spanner.Admin.Database.V1";
 option go_package = "google.golang.org/genproto/googleapis/spanner/admin/database/v1;database";
@@ -104,6 +103,11 @@ message Backup {
   // restored database from the backup enters the `READY` state, the reference
   // to the backup is removed.
   repeated string referencing_databases = 7 [(google.api.field_behavior) = OUTPUT_ONLY];
+
+  // Output only. The encryption information for the backup.
+  // If the encryption key protecting this resource is customer managed, then
+  // kms_key_version will be filled.
+  EncryptionInfo encryption_info = 8 [(google.api.field_behavior) = OUTPUT_ONLY];
 }
 
 // The request for [CreateBackup][google.spanner.admin.database.v1.DatabaseAdmin.CreateBackup].