@@ -419,8 +419,10 @@ def create_data_key(self, kms_provider, master_key=None,
419419 "aws" and "local".
420420 - `master_key`: Identifies a KMS-specific key used to encrypt the
421421 new data key. If the kmsProvider is "local" the `master_key` is
422- not applicable and may be omitted. If the `kms_provider` is "aws"
423- it is required and has the following fields::
422+ not applicable and may be omitted.
423+
424+ If the `kms_provider` is "aws" it is required and has the
425+ following fields::
424426
425427 - `region` (string): Required. The AWS region, e.g. "us-east-1".
426428 - `key` (string): Required. The Amazon Resource Name (ARN) to
@@ -429,6 +431,26 @@ def create_data_key(self, kms_provider, master_key=None,
429431 requests to. May include port number, e.g.
430432 "kms.us-east-1.amazonaws.com:443".
431433
434+ If the `kms_provider` is "azure" it is required and has the
435+ following fields::
436+
437+ - `keyVaultEndpoint` (string): Required. Host with optional
438+ port, e.g. "example.vault.azure.net".
439+ - `keyName` (string): Required. Key name in the key vault.
440+ - `keyVersion` (string): Optional. Version of the key to use.
441+
442+ If the `kms_provider` is "gcp" it is required and has the
443+ following fields::
444+
445+ - `projectId` (string): Required. The Google cloud project ID.
446+ - `location` (string): Required. The GCP location, e.g. "us-east1".
447+ - `keyRing` (string): Required. Name of the key ring that contains
448+ the key to use.
449+ - `keyName` (string): Required. Name of the key to use.
450+ - `keyVersion` (string): Optional. Version of the key to use.
451+ - `endpoint` (string): Optional. Host with optional port.
452+ Defaults to "cloudkms.googleapis.com".
453+
432454 - `key_alt_names` (optional): An optional list of string alternate
433455 names used to reference a key. If a key is created with alternate
434456 names, then encryption may refer to the key by the unique alternate
0 commit comments