From ced1d5c03e838bcef3c0ed8070342c6795891987 Mon Sep 17 00:00:00 2001
From: Yoshi Automation Bot <yoshi-automation@google.com>
Date: Wed, 1 Sep 2021 13:21:18 -0700
Subject: [PATCH] feat: add support for Key Reimport (#602)

PiperOrigin-RevId: 393749648

Source-Author: Google APIs <noreply@google.com>
Source-Date: Mon Aug 30 05:26:24 2021 -0700
Source-Repo: googleapis/googleapis
Source-Sha: e3d9b11abaec81e1c3c9c7cab1f3bb6fa3990651
Source-Link: https://github.com/googleapis/googleapis/commit/e3d9b11abaec81e1c3c9c7cab1f3bb6fa3990651
---
 .../kms/v1/KeyManagementServiceClient.java    |  70 ++-
 .../v1/KeyManagementServiceClientTest.java    |  27 +
 .../kms/v1/KeyManagementServiceGrpc.java      |  72 +--
 .../google/cloud/kms/v1/CryptoKeyVersion.java | 158 +++++-
 .../kms/v1/CryptoKeyVersionOrBuilder.java     |  29 +-
 .../kms/v1/ImportCryptoKeyVersionRequest.java | 319 +++++++++++-
 ...mportCryptoKeyVersionRequestOrBuilder.java |  65 ++-
 .../com/google/cloud/kms/v1/KmsProto.java     | 481 +++++++++---------
 .../cloud/kms/v1/KmsResourcesProto.java       | 146 +++---
 .../proto/google/cloud/kms/v1/resources.proto |  15 +-
 .../proto/google/cloud/kms/v1/service.proto   |  46 +-
 synth.metadata                                |   6 +-
 12 files changed, 1002 insertions(+), 432 deletions(-)

diff --git a/google-cloud-kms/src/main/java/com/google/cloud/kms/v1/KeyManagementServiceClient.java b/google-cloud-kms/src/main/java/com/google/cloud/kms/v1/KeyManagementServiceClient.java
index e5b6437e..0f770893 100644
--- a/google-cloud-kms/src/main/java/com/google/cloud/kms/v1/KeyManagementServiceClient.java
+++ b/google-cloud-kms/src/main/java/com/google/cloud/kms/v1/KeyManagementServiceClient.java
@@ -1748,11 +1748,12 @@ public final CryptoKeyVersion createCryptoKeyVersion(CreateCryptoKeyVersionReque
 
   // AUTO-GENERATED DOCUMENTATION AND METHOD.
   /**
-   * Imports a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an existing
-   * [CryptoKey][google.cloud.kms.v1.CryptoKey] using the wrapped key material provided in the
-   * request.
+   * Import wrapped key material into a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
    *
-   * <p>The version ID will be assigned the next sequential id within the
+   * <p>All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If a
+   * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is additionally specified in the
+   * request, key material will be reimported into that version. Otherwise, a new version will be
+   * created, and will be assigned the next sequential id within the
    * [CryptoKey][google.cloud.kms.v1.CryptoKey].
    *
    * <p>Sample code:
@@ -1765,6 +1766,14 @@ public final CryptoKeyVersion createCryptoKeyVersion(CreateCryptoKeyVersionReque
    *           .setParent(
    *               CryptoKeyName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]")
    *                   .toString())
+   *           .setCryptoKeyVersion(
+   *               CryptoKeyVersionName.of(
+   *                       "[PROJECT]",
+   *                       "[LOCATION]",
+   *                       "[KEY_RING]",
+   *                       "[CRYPTO_KEY]",
+   *                       "[CRYPTO_KEY_VERSION]")
+   *                   .toString())
    *           .setImportJob("importJob-208547368")
    *           .build();
    *   CryptoKeyVersion response = keyManagementServiceClient.importCryptoKeyVersion(request);
@@ -1780,11 +1789,12 @@ public final CryptoKeyVersion importCryptoKeyVersion(ImportCryptoKeyVersionReque
 
   // AUTO-GENERATED DOCUMENTATION AND METHOD.
   /**
-   * Imports a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an existing
-   * [CryptoKey][google.cloud.kms.v1.CryptoKey] using the wrapped key material provided in the
-   * request.
+   * Import wrapped key material into a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
    *
-   * <p>The version ID will be assigned the next sequential id within the
+   * <p>All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If a
+   * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is additionally specified in the
+   * request, key material will be reimported into that version. Otherwise, a new version will be
+   * created, and will be assigned the next sequential id within the
    * [CryptoKey][google.cloud.kms.v1.CryptoKey].
    *
    * <p>Sample code:
@@ -1797,6 +1807,14 @@ public final CryptoKeyVersion importCryptoKeyVersion(ImportCryptoKeyVersionReque
    *           .setParent(
    *               CryptoKeyName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]")
    *                   .toString())
+   *           .setCryptoKeyVersion(
+   *               CryptoKeyVersionName.of(
+   *                       "[PROJECT]",
+   *                       "[LOCATION]",
+   *                       "[KEY_RING]",
+   *                       "[CRYPTO_KEY]",
+   *                       "[CRYPTO_KEY_VERSION]")
+   *                   .toString())
    *           .setImportJob("importJob-208547368")
    *           .build();
    *   ApiFuture<CryptoKeyVersion> future =
@@ -2275,10 +2293,11 @@ public final CryptoKey updateCryptoKeyPrimaryVersion(
    *
    * <p>Upon calling this method,
    * [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
-   * [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
-   * and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to a time 24
-   * hours in the future, at which point the [state][google.cloud.kms.v1.CryptoKeyVersion.state]
-   * will be changed to
+   * [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
+   * and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time
+   * [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the
+   * future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will
+   * automatically change to
    * [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key
    * material will be irrevocably destroyed.
    *
@@ -2316,10 +2335,11 @@ public final CryptoKeyVersion destroyCryptoKeyVersion(CryptoKeyVersionName name)
    *
    * <p>Upon calling this method,
    * [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
-   * [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
-   * and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to a time 24
-   * hours in the future, at which point the [state][google.cloud.kms.v1.CryptoKeyVersion.state]
-   * will be changed to
+   * [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
+   * and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time
+   * [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the
+   * future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will
+   * automatically change to
    * [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key
    * material will be irrevocably destroyed.
    *
@@ -2356,10 +2376,11 @@ public final CryptoKeyVersion destroyCryptoKeyVersion(String name) {
    *
    * <p>Upon calling this method,
    * [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
-   * [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
-   * and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to a time 24
-   * hours in the future, at which point the [state][google.cloud.kms.v1.CryptoKeyVersion.state]
-   * will be changed to
+   * [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
+   * and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time
+   * [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the
+   * future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will
+   * automatically change to
    * [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key
    * material will be irrevocably destroyed.
    *
@@ -2400,10 +2421,11 @@ public final CryptoKeyVersion destroyCryptoKeyVersion(DestroyCryptoKeyVersionReq
    *
    * <p>Upon calling this method,
    * [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
-   * [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
-   * and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to a time 24
-   * hours in the future, at which point the [state][google.cloud.kms.v1.CryptoKeyVersion.state]
-   * will be changed to
+   * [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
+   * and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time
+   * [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the
+   * future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will
+   * automatically change to
    * [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key
    * material will be irrevocably destroyed.
    *
diff --git a/google-cloud-kms/src/test/java/com/google/cloud/kms/v1/KeyManagementServiceClientTest.java b/google-cloud-kms/src/test/java/com/google/cloud/kms/v1/KeyManagementServiceClientTest.java
index ba4e3107..ff588236 100644
--- a/google-cloud-kms/src/test/java/com/google/cloud/kms/v1/KeyManagementServiceClientTest.java
+++ b/google-cloud-kms/src/test/java/com/google/cloud/kms/v1/KeyManagementServiceClientTest.java
@@ -651,6 +651,7 @@ public void getCryptoKeyVersionTest() throws Exception {
             .setImportTime(Timestamp.newBuilder().build())
             .setImportFailureReason("importFailureReason985493705")
             .setExternalProtectionLevelOptions(ExternalProtectionLevelOptions.newBuilder().build())
+            .setReimportEligible(true)
             .build();
     mockKeyManagementService.addResponse(expectedResponse);
 
@@ -710,6 +711,7 @@ public void getCryptoKeyVersionTest2() throws Exception {
             .setImportTime(Timestamp.newBuilder().build())
             .setImportFailureReason("importFailureReason985493705")
             .setExternalProtectionLevelOptions(ExternalProtectionLevelOptions.newBuilder().build())
+            .setReimportEligible(true)
             .build();
     mockKeyManagementService.addResponse(expectedResponse);
 
@@ -1142,6 +1144,7 @@ public void createCryptoKeyVersionTest() throws Exception {
             .setImportTime(Timestamp.newBuilder().build())
             .setImportFailureReason("importFailureReason985493705")
             .setExternalProtectionLevelOptions(ExternalProtectionLevelOptions.newBuilder().build())
+            .setReimportEligible(true)
             .build();
     mockKeyManagementService.addResponse(expectedResponse);
 
@@ -1203,6 +1206,7 @@ public void createCryptoKeyVersionTest2() throws Exception {
             .setImportTime(Timestamp.newBuilder().build())
             .setImportFailureReason("importFailureReason985493705")
             .setExternalProtectionLevelOptions(ExternalProtectionLevelOptions.newBuilder().build())
+            .setReimportEligible(true)
             .build();
     mockKeyManagementService.addResponse(expectedResponse);
 
@@ -1262,6 +1266,7 @@ public void importCryptoKeyVersionTest() throws Exception {
             .setImportTime(Timestamp.newBuilder().build())
             .setImportFailureReason("importFailureReason985493705")
             .setExternalProtectionLevelOptions(ExternalProtectionLevelOptions.newBuilder().build())
+            .setReimportEligible(true)
             .build();
     mockKeyManagementService.addResponse(expectedResponse);
 
@@ -1270,6 +1275,14 @@ public void importCryptoKeyVersionTest() throws Exception {
             .setParent(
                 CryptoKeyName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]")
                     .toString())
+            .setCryptoKeyVersion(
+                CryptoKeyVersionName.of(
+                        "[PROJECT]",
+                        "[LOCATION]",
+                        "[KEY_RING]",
+                        "[CRYPTO_KEY]",
+                        "[CRYPTO_KEY_VERSION]")
+                    .toString())
             .setImportJob("importJob-208547368")
             .build();
 
@@ -1282,6 +1295,7 @@ public void importCryptoKeyVersionTest() throws Exception {
         ((ImportCryptoKeyVersionRequest) actualRequests.get(0));
 
     Assert.assertEquals(request.getParent(), actualRequest.getParent());
+    Assert.assertEquals(request.getCryptoKeyVersion(), actualRequest.getCryptoKeyVersion());
     Assert.assertEquals(request.getAlgorithm(), actualRequest.getAlgorithm());
     Assert.assertEquals(request.getImportJob(), actualRequest.getImportJob());
     Assert.assertEquals(request.getRsaAesWrappedKey(), actualRequest.getRsaAesWrappedKey());
@@ -1302,6 +1316,14 @@ public void importCryptoKeyVersionExceptionTest() throws Exception {
               .setParent(
                   CryptoKeyName.of("[PROJECT]", "[LOCATION]", "[KEY_RING]", "[CRYPTO_KEY]")
                       .toString())
+              .setCryptoKeyVersion(
+                  CryptoKeyVersionName.of(
+                          "[PROJECT]",
+                          "[LOCATION]",
+                          "[KEY_RING]",
+                          "[CRYPTO_KEY]",
+                          "[CRYPTO_KEY_VERSION]")
+                      .toString())
               .setImportJob("importJob-208547368")
               .build();
       client.importCryptoKeyVersion(request);
@@ -1489,6 +1511,7 @@ public void updateCryptoKeyVersionTest() throws Exception {
             .setImportTime(Timestamp.newBuilder().build())
             .setImportFailureReason("importFailureReason985493705")
             .setExternalProtectionLevelOptions(ExternalProtectionLevelOptions.newBuilder().build())
+            .setReimportEligible(true)
             .build();
     mockKeyManagementService.addResponse(expectedResponse);
 
@@ -1651,6 +1674,7 @@ public void destroyCryptoKeyVersionTest() throws Exception {
             .setImportTime(Timestamp.newBuilder().build())
             .setImportFailureReason("importFailureReason985493705")
             .setExternalProtectionLevelOptions(ExternalProtectionLevelOptions.newBuilder().build())
+            .setReimportEligible(true)
             .build();
     mockKeyManagementService.addResponse(expectedResponse);
 
@@ -1711,6 +1735,7 @@ public void destroyCryptoKeyVersionTest2() throws Exception {
             .setImportTime(Timestamp.newBuilder().build())
             .setImportFailureReason("importFailureReason985493705")
             .setExternalProtectionLevelOptions(ExternalProtectionLevelOptions.newBuilder().build())
+            .setReimportEligible(true)
             .build();
     mockKeyManagementService.addResponse(expectedResponse);
 
@@ -1767,6 +1792,7 @@ public void restoreCryptoKeyVersionTest() throws Exception {
             .setImportTime(Timestamp.newBuilder().build())
             .setImportFailureReason("importFailureReason985493705")
             .setExternalProtectionLevelOptions(ExternalProtectionLevelOptions.newBuilder().build())
+            .setReimportEligible(true)
             .build();
     mockKeyManagementService.addResponse(expectedResponse);
 
@@ -1827,6 +1853,7 @@ public void restoreCryptoKeyVersionTest2() throws Exception {
             .setImportTime(Timestamp.newBuilder().build())
             .setImportFailureReason("importFailureReason985493705")
             .setExternalProtectionLevelOptions(ExternalProtectionLevelOptions.newBuilder().build())
+            .setReimportEligible(true)
             .build();
     mockKeyManagementService.addResponse(expectedResponse);
 
diff --git a/grpc-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/KeyManagementServiceGrpc.java b/grpc-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/KeyManagementServiceGrpc.java
index 6567eab9..f0a13259 100644
--- a/grpc-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/KeyManagementServiceGrpc.java
+++ b/grpc-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/KeyManagementServiceGrpc.java
@@ -1477,10 +1477,11 @@ public void createCryptoKeyVersion(
      *
      *
      * <pre>
-     * Imports a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the
-     * wrapped key material provided in the request.
-     * The version ID will be assigned the next sequential id within the
-     * [CryptoKey][google.cloud.kms.v1.CryptoKey].
+     * Import wrapped key material into a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
+     * All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is
+     * additionally specified in the request, key material will be reimported into
+     * that version. Otherwise, a new version will be created, and will be
+     * assigned the next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
      * </pre>
      */
     public void importCryptoKeyVersion(
@@ -1560,10 +1561,11 @@ public void updateCryptoKeyPrimaryVersion(
      * <pre>
      * Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
      * Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
-     * [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
-     * and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to a time 24
-     * hours in the future, at which point the [state][google.cloud.kms.v1.CryptoKeyVersion.state]
-     * will be changed to
+     * [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
+     * and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time
+     * [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the
+     * future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will
+     * automatically change to
      * [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key
      * material will be irrevocably destroyed.
      * Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached,
@@ -2116,10 +2118,11 @@ public void createCryptoKeyVersion(
      *
      *
      * <pre>
-     * Imports a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the
-     * wrapped key material provided in the request.
-     * The version ID will be assigned the next sequential id within the
-     * [CryptoKey][google.cloud.kms.v1.CryptoKey].
+     * Import wrapped key material into a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
+     * All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is
+     * additionally specified in the request, key material will be reimported into
+     * that version. Otherwise, a new version will be created, and will be
+     * assigned the next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
      * </pre>
      */
     public void importCryptoKeyVersion(
@@ -2209,10 +2212,11 @@ public void updateCryptoKeyPrimaryVersion(
      * <pre>
      * Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
      * Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
-     * [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
-     * and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to a time 24
-     * hours in the future, at which point the [state][google.cloud.kms.v1.CryptoKeyVersion.state]
-     * will be changed to
+     * [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
+     * and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time
+     * [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the
+     * future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will
+     * automatically change to
      * [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key
      * material will be irrevocably destroyed.
      * Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached,
@@ -2567,10 +2571,11 @@ public com.google.cloud.kms.v1.CryptoKeyVersion createCryptoKeyVersion(
      *
      *
      * <pre>
-     * Imports a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the
-     * wrapped key material provided in the request.
-     * The version ID will be assigned the next sequential id within the
-     * [CryptoKey][google.cloud.kms.v1.CryptoKey].
+     * Import wrapped key material into a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
+     * All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is
+     * additionally specified in the request, key material will be reimported into
+     * that version. Otherwise, a new version will be created, and will be
+     * assigned the next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
      * </pre>
      */
     public com.google.cloud.kms.v1.CryptoKeyVersion importCryptoKeyVersion(
@@ -2645,10 +2650,11 @@ public com.google.cloud.kms.v1.CryptoKey updateCryptoKeyPrimaryVersion(
      * <pre>
      * Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
      * Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
-     * [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
-     * and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to a time 24
-     * hours in the future, at which point the [state][google.cloud.kms.v1.CryptoKeyVersion.state]
-     * will be changed to
+     * [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
+     * and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time
+     * [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the
+     * future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will
+     * automatically change to
      * [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key
      * material will be irrevocably destroyed.
      * Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached,
@@ -2987,10 +2993,11 @@ protected KeyManagementServiceFutureStub build(
      *
      *
      * <pre>
-     * Imports a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the
-     * wrapped key material provided in the request.
-     * The version ID will be assigned the next sequential id within the
-     * [CryptoKey][google.cloud.kms.v1.CryptoKey].
+     * Import wrapped key material into a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
+     * All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is
+     * additionally specified in the request, key material will be reimported into
+     * that version. Otherwise, a new version will be created, and will be
+     * assigned the next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
      * </pre>
      */
     public com.google.common.util.concurrent.ListenableFuture<
@@ -3069,10 +3076,11 @@ protected KeyManagementServiceFutureStub build(
      * <pre>
      * Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
      * Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
-     * [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
-     * and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to a time 24
-     * hours in the future, at which point the [state][google.cloud.kms.v1.CryptoKeyVersion.state]
-     * will be changed to
+     * [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
+     * and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time
+     * [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the
+     * future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will
+     * automatically change to
      * [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key
      * material will be irrevocably destroyed.
      * Before the [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] is reached,
diff --git a/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/CryptoKeyVersion.java b/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/CryptoKeyVersion.java
index eda6c568..26bacda4 100644
--- a/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/CryptoKeyVersion.java
+++ b/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/CryptoKeyVersion.java
@@ -230,6 +230,11 @@ private CryptoKeyVersion(
                 externalProtectionLevelOptions_ = subBuilder.buildPartial();
               }
 
+              break;
+            }
+          case 144:
+            {
+              reimportEligible_ = input.readBool();
               break;
             }
           default:
@@ -866,6 +871,10 @@ public enum CryptoKeyVersionState implements com.google.protobuf.ProtocolMessage
      *
      * <pre>
      * This version is destroyed, and the key material is no longer stored.
+     * This version may only become [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] again if this version is
+     * [reimport_eligible][google.cloud.kms.v1.CryptoKeyVersion.reimport_eligible] and the original
+     * key material is reimported with a call to
+     * [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion].
      * </pre>
      *
      * <code>DESTROYED = 3;</code>
@@ -960,6 +969,10 @@ public enum CryptoKeyVersionState implements com.google.protobuf.ProtocolMessage
      *
      * <pre>
      * This version is destroyed, and the key material is no longer stored.
+     * This version may only become [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] again if this version is
+     * [reimport_eligible][google.cloud.kms.v1.CryptoKeyVersion.reimport_eligible] and the original
+     * key material is reimported with a call to
+     * [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion].
      * </pre>
      *
      * <code>DESTROYED = 3;</code>
@@ -1710,7 +1723,7 @@ public com.google.protobuf.TimestampOrBuilder getDestroyEventTimeOrBuilder() {
    *
    *
    * <pre>
-   * Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used to import this
+   * Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used in the most recent import of this
    * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Only present if the underlying key material was
    * imported.
    * </pre>
@@ -1735,7 +1748,7 @@ public java.lang.String getImportJob() {
    *
    *
    * <pre>
-   * Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used to import this
+   * Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used in the most recent import of this
    * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Only present if the underlying key material was
    * imported.
    * </pre>
@@ -1764,7 +1777,7 @@ public com.google.protobuf.ByteString getImportJobBytes() {
    *
    * <pre>
    * Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material
-   * was imported.
+   * was most recently imported.
    * </pre>
    *
    * <code>.google.protobuf.Timestamp import_time = 15 [(.google.api.field_behavior) = OUTPUT_ONLY];
@@ -1781,7 +1794,7 @@ public boolean hasImportTime() {
    *
    * <pre>
    * Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material
-   * was imported.
+   * was most recently imported.
    * </pre>
    *
    * <code>.google.protobuf.Timestamp import_time = 15 [(.google.api.field_behavior) = OUTPUT_ONLY];
@@ -1798,7 +1811,7 @@ public com.google.protobuf.Timestamp getImportTime() {
    *
    * <pre>
    * Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material
-   * was imported.
+   * was most recently imported.
    * </pre>
    *
    * <code>.google.protobuf.Timestamp import_time = 15 [(.google.api.field_behavior) = OUTPUT_ONLY];
@@ -1815,7 +1828,7 @@ public com.google.protobuf.TimestampOrBuilder getImportTimeOrBuilder() {
    *
    *
    * <pre>
-   * Output only. The root cause of an import failure. Only present if
+   * Output only. The root cause of the most recent import failure. Only present if
    * [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
    * [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED].
    * </pre>
@@ -1840,7 +1853,7 @@ public java.lang.String getImportFailureReason() {
    *
    *
    * <pre>
-   * Output only. The root cause of an import failure. Only present if
+   * Output only. The root cause of the most recent import failure. Only present if
    * [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
    * [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED].
    * </pre>
@@ -1924,6 +1937,26 @@ public boolean hasExternalProtectionLevelOptions() {
     return getExternalProtectionLevelOptions();
   }
 
+  public static final int REIMPORT_ELIGIBLE_FIELD_NUMBER = 18;
+  private boolean reimportEligible_;
+  /**
+   *
+   *
+   * <pre>
+   * Output only. Whether or not this key version is eligible for reimport, by being
+   * specified as a target in
+   * [ImportCryptoKeyVersionRequest.crypto_key_version][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.crypto_key_version].
+   * </pre>
+   *
+   * <code>bool reimport_eligible = 18 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The reimportEligible.
+   */
+  @java.lang.Override
+  public boolean getReimportEligible() {
+    return reimportEligible_;
+  }
+
   private byte memoizedIsInitialized = -1;
 
   @java.lang.Override
@@ -1984,6 +2017,9 @@ public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io
     if (externalProtectionLevelOptions_ != null) {
       output.writeMessage(17, getExternalProtectionLevelOptions());
     }
+    if (reimportEligible_ != false) {
+      output.writeBool(18, reimportEligible_);
+    }
     unknownFields.writeTo(output);
   }
 
@@ -2041,6 +2077,9 @@ public int getSerializedSize() {
           com.google.protobuf.CodedOutputStream.computeMessageSize(
               17, getExternalProtectionLevelOptions());
     }
+    if (reimportEligible_ != false) {
+      size += com.google.protobuf.CodedOutputStream.computeBoolSize(18, reimportEligible_);
+    }
     size += unknownFields.getSerializedSize();
     memoizedSize = size;
     return size;
@@ -2092,6 +2131,7 @@ public boolean equals(final java.lang.Object obj) {
       if (!getExternalProtectionLevelOptions().equals(other.getExternalProtectionLevelOptions()))
         return false;
     }
+    if (getReimportEligible() != other.getReimportEligible()) return false;
     if (!unknownFields.equals(other.unknownFields)) return false;
     return true;
   }
@@ -2143,6 +2183,8 @@ public int hashCode() {
       hash = (37 * hash) + EXTERNAL_PROTECTION_LEVEL_OPTIONS_FIELD_NUMBER;
       hash = (53 * hash) + getExternalProtectionLevelOptions().hashCode();
     }
+    hash = (37 * hash) + REIMPORT_ELIGIBLE_FIELD_NUMBER;
+    hash = (53 * hash) + com.google.protobuf.Internal.hashBoolean(getReimportEligible());
     hash = (29 * hash) + unknownFields.hashCode();
     memoizedHashCode = hash;
     return hash;
@@ -2349,6 +2391,8 @@ public Builder clear() {
         externalProtectionLevelOptions_ = null;
         externalProtectionLevelOptionsBuilder_ = null;
       }
+      reimportEligible_ = false;
+
       return this;
     }
 
@@ -2417,6 +2461,7 @@ public com.google.cloud.kms.v1.CryptoKeyVersion buildPartial() {
       } else {
         result.externalProtectionLevelOptions_ = externalProtectionLevelOptionsBuilder_.build();
       }
+      result.reimportEligible_ = reimportEligible_;
       onBuilt();
       return result;
     }
@@ -2508,6 +2553,9 @@ public Builder mergeFrom(com.google.cloud.kms.v1.CryptoKeyVersion other) {
       if (other.hasExternalProtectionLevelOptions()) {
         mergeExternalProtectionLevelOptions(other.getExternalProtectionLevelOptions());
       }
+      if (other.getReimportEligible() != false) {
+        setReimportEligible(other.getReimportEligible());
+      }
       this.mergeUnknownFields(other.unknownFields);
       onChanged();
       return this;
@@ -4047,7 +4095,7 @@ public com.google.protobuf.TimestampOrBuilder getDestroyEventTimeOrBuilder() {
      *
      *
      * <pre>
-     * Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used to import this
+     * Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used in the most recent import of this
      * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Only present if the underlying key material was
      * imported.
      * </pre>
@@ -4071,7 +4119,7 @@ public java.lang.String getImportJob() {
      *
      *
      * <pre>
-     * Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used to import this
+     * Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used in the most recent import of this
      * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Only present if the underlying key material was
      * imported.
      * </pre>
@@ -4095,7 +4143,7 @@ public com.google.protobuf.ByteString getImportJobBytes() {
      *
      *
      * <pre>
-     * Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used to import this
+     * Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used in the most recent import of this
      * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Only present if the underlying key material was
      * imported.
      * </pre>
@@ -4118,7 +4166,7 @@ public Builder setImportJob(java.lang.String value) {
      *
      *
      * <pre>
-     * Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used to import this
+     * Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used in the most recent import of this
      * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Only present if the underlying key material was
      * imported.
      * </pre>
@@ -4137,7 +4185,7 @@ public Builder clearImportJob() {
      *
      *
      * <pre>
-     * Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used to import this
+     * Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used in the most recent import of this
      * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Only present if the underlying key material was
      * imported.
      * </pre>
@@ -4169,7 +4217,7 @@ public Builder setImportJobBytes(com.google.protobuf.ByteString value) {
      *
      * <pre>
      * Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material
-     * was imported.
+     * was most recently imported.
      * </pre>
      *
      * <code>
@@ -4186,7 +4234,7 @@ public boolean hasImportTime() {
      *
      * <pre>
      * Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material
-     * was imported.
+     * was most recently imported.
      * </pre>
      *
      * <code>
@@ -4209,7 +4257,7 @@ public com.google.protobuf.Timestamp getImportTime() {
      *
      * <pre>
      * Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material
-     * was imported.
+     * was most recently imported.
      * </pre>
      *
      * <code>
@@ -4234,7 +4282,7 @@ public Builder setImportTime(com.google.protobuf.Timestamp value) {
      *
      * <pre>
      * Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material
-     * was imported.
+     * was most recently imported.
      * </pre>
      *
      * <code>
@@ -4256,7 +4304,7 @@ public Builder setImportTime(com.google.protobuf.Timestamp.Builder builderForVal
      *
      * <pre>
      * Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material
-     * was imported.
+     * was most recently imported.
      * </pre>
      *
      * <code>
@@ -4283,7 +4331,7 @@ public Builder mergeImportTime(com.google.protobuf.Timestamp value) {
      *
      * <pre>
      * Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material
-     * was imported.
+     * was most recently imported.
      * </pre>
      *
      * <code>
@@ -4306,7 +4354,7 @@ public Builder clearImportTime() {
      *
      * <pre>
      * Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material
-     * was imported.
+     * was most recently imported.
      * </pre>
      *
      * <code>
@@ -4323,7 +4371,7 @@ public com.google.protobuf.Timestamp.Builder getImportTimeBuilder() {
      *
      * <pre>
      * Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material
-     * was imported.
+     * was most recently imported.
      * </pre>
      *
      * <code>
@@ -4344,7 +4392,7 @@ public com.google.protobuf.TimestampOrBuilder getImportTimeOrBuilder() {
      *
      * <pre>
      * Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material
-     * was imported.
+     * was most recently imported.
      * </pre>
      *
      * <code>
@@ -4373,7 +4421,7 @@ public com.google.protobuf.TimestampOrBuilder getImportTimeOrBuilder() {
      *
      *
      * <pre>
-     * Output only. The root cause of an import failure. Only present if
+     * Output only. The root cause of the most recent import failure. Only present if
      * [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
      * [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED].
      * </pre>
@@ -4397,7 +4445,7 @@ public java.lang.String getImportFailureReason() {
      *
      *
      * <pre>
-     * Output only. The root cause of an import failure. Only present if
+     * Output only. The root cause of the most recent import failure. Only present if
      * [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
      * [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED].
      * </pre>
@@ -4421,7 +4469,7 @@ public com.google.protobuf.ByteString getImportFailureReasonBytes() {
      *
      *
      * <pre>
-     * Output only. The root cause of an import failure. Only present if
+     * Output only. The root cause of the most recent import failure. Only present if
      * [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
      * [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED].
      * </pre>
@@ -4444,7 +4492,7 @@ public Builder setImportFailureReason(java.lang.String value) {
      *
      *
      * <pre>
-     * Output only. The root cause of an import failure. Only present if
+     * Output only. The root cause of the most recent import failure. Only present if
      * [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
      * [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED].
      * </pre>
@@ -4463,7 +4511,7 @@ public Builder clearImportFailureReason() {
      *
      *
      * <pre>
-     * Output only. The root cause of an import failure. Only present if
+     * Output only. The root cause of the most recent import failure. Only present if
      * [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
      * [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED].
      * </pre>
@@ -4713,6 +4761,64 @@ public Builder clearExternalProtectionLevelOptions() {
       return externalProtectionLevelOptionsBuilder_;
     }
 
+    private boolean reimportEligible_;
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Whether or not this key version is eligible for reimport, by being
+     * specified as a target in
+     * [ImportCryptoKeyVersionRequest.crypto_key_version][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.crypto_key_version].
+     * </pre>
+     *
+     * <code>bool reimport_eligible = 18 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return The reimportEligible.
+     */
+    @java.lang.Override
+    public boolean getReimportEligible() {
+      return reimportEligible_;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Whether or not this key version is eligible for reimport, by being
+     * specified as a target in
+     * [ImportCryptoKeyVersionRequest.crypto_key_version][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.crypto_key_version].
+     * </pre>
+     *
+     * <code>bool reimport_eligible = 18 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @param value The reimportEligible to set.
+     * @return This builder for chaining.
+     */
+    public Builder setReimportEligible(boolean value) {
+
+      reimportEligible_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Output only. Whether or not this key version is eligible for reimport, by being
+     * specified as a target in
+     * [ImportCryptoKeyVersionRequest.crypto_key_version][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.crypto_key_version].
+     * </pre>
+     *
+     * <code>bool reimport_eligible = 18 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearReimportEligible() {
+
+      reimportEligible_ = false;
+      onChanged();
+      return this;
+    }
+
     @java.lang.Override
     public final Builder setUnknownFields(final com.google.protobuf.UnknownFieldSet unknownFields) {
       return super.setUnknownFields(unknownFields);
diff --git a/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/CryptoKeyVersionOrBuilder.java b/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/CryptoKeyVersionOrBuilder.java
index 7aa12401..e348a5d6 100644
--- a/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/CryptoKeyVersionOrBuilder.java
+++ b/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/CryptoKeyVersionOrBuilder.java
@@ -364,7 +364,7 @@ public interface CryptoKeyVersionOrBuilder
    *
    *
    * <pre>
-   * Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used to import this
+   * Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used in the most recent import of this
    * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Only present if the underlying key material was
    * imported.
    * </pre>
@@ -378,7 +378,7 @@ public interface CryptoKeyVersionOrBuilder
    *
    *
    * <pre>
-   * Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used to import this
+   * Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used in the most recent import of this
    * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Only present if the underlying key material was
    * imported.
    * </pre>
@@ -394,7 +394,7 @@ public interface CryptoKeyVersionOrBuilder
    *
    * <pre>
    * Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material
-   * was imported.
+   * was most recently imported.
    * </pre>
    *
    * <code>.google.protobuf.Timestamp import_time = 15 [(.google.api.field_behavior) = OUTPUT_ONLY];
@@ -408,7 +408,7 @@ public interface CryptoKeyVersionOrBuilder
    *
    * <pre>
    * Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material
-   * was imported.
+   * was most recently imported.
    * </pre>
    *
    * <code>.google.protobuf.Timestamp import_time = 15 [(.google.api.field_behavior) = OUTPUT_ONLY];
@@ -422,7 +422,7 @@ public interface CryptoKeyVersionOrBuilder
    *
    * <pre>
    * Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material
-   * was imported.
+   * was most recently imported.
    * </pre>
    *
    * <code>.google.protobuf.Timestamp import_time = 15 [(.google.api.field_behavior) = OUTPUT_ONLY];
@@ -434,7 +434,7 @@ public interface CryptoKeyVersionOrBuilder
    *
    *
    * <pre>
-   * Output only. The root cause of an import failure. Only present if
+   * Output only. The root cause of the most recent import failure. Only present if
    * [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
    * [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED].
    * </pre>
@@ -448,7 +448,7 @@ public interface CryptoKeyVersionOrBuilder
    *
    *
    * <pre>
-   * Output only. The root cause of an import failure. Only present if
+   * Output only. The root cause of the most recent import failure. Only present if
    * [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
    * [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED].
    * </pre>
@@ -506,4 +506,19 @@ public interface CryptoKeyVersionOrBuilder
    */
   com.google.cloud.kms.v1.ExternalProtectionLevelOptionsOrBuilder
       getExternalProtectionLevelOptionsOrBuilder();
+
+  /**
+   *
+   *
+   * <pre>
+   * Output only. Whether or not this key version is eligible for reimport, by being
+   * specified as a target in
+   * [ImportCryptoKeyVersionRequest.crypto_key_version][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.crypto_key_version].
+   * </pre>
+   *
+   * <code>bool reimport_eligible = 18 [(.google.api.field_behavior) = OUTPUT_ONLY];</code>
+   *
+   * @return The reimportEligible.
+   */
+  boolean getReimportEligible();
 }
diff --git a/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ImportCryptoKeyVersionRequest.java b/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ImportCryptoKeyVersionRequest.java
index 8da68ca5..244f6364 100644
--- a/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ImportCryptoKeyVersionRequest.java
+++ b/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ImportCryptoKeyVersionRequest.java
@@ -39,6 +39,7 @@ private ImportCryptoKeyVersionRequest(com.google.protobuf.GeneratedMessageV3.Bui
 
   private ImportCryptoKeyVersionRequest() {
     parent_ = "";
+    cryptoKeyVersion_ = "";
     algorithm_ = 0;
     importJob_ = "";
   }
@@ -99,6 +100,13 @@ private ImportCryptoKeyVersionRequest(
               wrappedKeyMaterial_ = input.readBytes();
               break;
             }
+          case 50:
+            {
+              java.lang.String s = input.readStringRequireUtf8();
+
+              cryptoKeyVersion_ = s;
+              break;
+            }
           default:
             {
               if (!parseUnknownField(input, unknownFields, extensionRegistry, tag)) {
@@ -183,8 +191,9 @@ public WrappedKeyMaterialCase getWrappedKeyMaterialCase() {
    *
    *
    * <pre>
-   * Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to
-   * be imported into.
+   * Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to be imported into.
+   * The create permission is only required on this key when creating a new
+   * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
    * </pre>
    *
    * <code>
@@ -209,8 +218,9 @@ public java.lang.String getParent() {
    *
    *
    * <pre>
-   * Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to
-   * be imported into.
+   * Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to be imported into.
+   * The create permission is only required on this key when creating a new
+   * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
    * </pre>
    *
    * <code>
@@ -232,6 +242,85 @@ public com.google.protobuf.ByteString getParentBytes() {
     }
   }
 
+  public static final int CRYPTO_KEY_VERSION_FIELD_NUMBER = 6;
+  private volatile java.lang.Object cryptoKeyVersion_;
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The optional [name][google.cloud.kms.v1.CryptoKeyVersion.name] of an existing
+   * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to target for an import operation.
+   * If this field is not present, a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] containing the
+   * supplied key material is created.
+   * If this field is present, the supplied key material is imported into
+   * the existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. To import into an existing
+   * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] must be a child of
+   * [ImportCryptoKeyVersionRequest.parent][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent], have been previously created via
+   * [ImportCryptoKeyVersion][], and be in
+   * [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED] or
+   * [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED]
+   * state. The key material and algorithm must match the previous
+   * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] exactly if the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] has ever contained
+   * key material.
+   * </pre>
+   *
+   * <code>
+   * string crypto_key_version = 6 [(.google.api.field_behavior) = OPTIONAL, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The cryptoKeyVersion.
+   */
+  @java.lang.Override
+  public java.lang.String getCryptoKeyVersion() {
+    java.lang.Object ref = cryptoKeyVersion_;
+    if (ref instanceof java.lang.String) {
+      return (java.lang.String) ref;
+    } else {
+      com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+      java.lang.String s = bs.toStringUtf8();
+      cryptoKeyVersion_ = s;
+      return s;
+    }
+  }
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The optional [name][google.cloud.kms.v1.CryptoKeyVersion.name] of an existing
+   * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to target for an import operation.
+   * If this field is not present, a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] containing the
+   * supplied key material is created.
+   * If this field is present, the supplied key material is imported into
+   * the existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. To import into an existing
+   * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] must be a child of
+   * [ImportCryptoKeyVersionRequest.parent][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent], have been previously created via
+   * [ImportCryptoKeyVersion][], and be in
+   * [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED] or
+   * [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED]
+   * state. The key material and algorithm must match the previous
+   * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] exactly if the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] has ever contained
+   * key material.
+   * </pre>
+   *
+   * <code>
+   * string crypto_key_version = 6 [(.google.api.field_behavior) = OPTIONAL, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for cryptoKeyVersion.
+   */
+  @java.lang.Override
+  public com.google.protobuf.ByteString getCryptoKeyVersionBytes() {
+    java.lang.Object ref = cryptoKeyVersion_;
+    if (ref instanceof java.lang.String) {
+      com.google.protobuf.ByteString b =
+          com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+      cryptoKeyVersion_ = b;
+      return b;
+    } else {
+      return (com.google.protobuf.ByteString) ref;
+    }
+  }
+
   public static final int ALGORITHM_FIELD_NUMBER = 2;
   private int algorithm_;
   /**
@@ -433,6 +522,9 @@ public void writeTo(com.google.protobuf.CodedOutputStream output) throws java.io
     if (wrappedKeyMaterialCase_ == 5) {
       output.writeBytes(5, (com.google.protobuf.ByteString) wrappedKeyMaterial_);
     }
+    if (!getCryptoKeyVersionBytes().isEmpty()) {
+      com.google.protobuf.GeneratedMessageV3.writeString(output, 6, cryptoKeyVersion_);
+    }
     unknownFields.writeTo(output);
   }
 
@@ -459,6 +551,9 @@ public int getSerializedSize() {
           com.google.protobuf.CodedOutputStream.computeBytesSize(
               5, (com.google.protobuf.ByteString) wrappedKeyMaterial_);
     }
+    if (!getCryptoKeyVersionBytes().isEmpty()) {
+      size += com.google.protobuf.GeneratedMessageV3.computeStringSize(6, cryptoKeyVersion_);
+    }
     size += unknownFields.getSerializedSize();
     memoizedSize = size;
     return size;
@@ -476,6 +571,7 @@ public boolean equals(final java.lang.Object obj) {
         (com.google.cloud.kms.v1.ImportCryptoKeyVersionRequest) obj;
 
     if (!getParent().equals(other.getParent())) return false;
+    if (!getCryptoKeyVersion().equals(other.getCryptoKeyVersion())) return false;
     if (algorithm_ != other.algorithm_) return false;
     if (!getImportJob().equals(other.getImportJob())) return false;
     if (!getWrappedKeyMaterialCase().equals(other.getWrappedKeyMaterialCase())) return false;
@@ -499,6 +595,8 @@ public int hashCode() {
     hash = (19 * hash) + getDescriptor().hashCode();
     hash = (37 * hash) + PARENT_FIELD_NUMBER;
     hash = (53 * hash) + getParent().hashCode();
+    hash = (37 * hash) + CRYPTO_KEY_VERSION_FIELD_NUMBER;
+    hash = (53 * hash) + getCryptoKeyVersion().hashCode();
     hash = (37 * hash) + ALGORITHM_FIELD_NUMBER;
     hash = (53 * hash) + algorithm_;
     hash = (37 * hash) + IMPORT_JOB_FIELD_NUMBER;
@@ -659,6 +757,8 @@ public Builder clear() {
       super.clear();
       parent_ = "";
 
+      cryptoKeyVersion_ = "";
+
       algorithm_ = 0;
 
       importJob_ = "";
@@ -693,6 +793,7 @@ public com.google.cloud.kms.v1.ImportCryptoKeyVersionRequest buildPartial() {
       com.google.cloud.kms.v1.ImportCryptoKeyVersionRequest result =
           new com.google.cloud.kms.v1.ImportCryptoKeyVersionRequest(this);
       result.parent_ = parent_;
+      result.cryptoKeyVersion_ = cryptoKeyVersion_;
       result.algorithm_ = algorithm_;
       result.importJob_ = importJob_;
       if (wrappedKeyMaterialCase_ == 5) {
@@ -753,6 +854,10 @@ public Builder mergeFrom(com.google.cloud.kms.v1.ImportCryptoKeyVersionRequest o
         parent_ = other.parent_;
         onChanged();
       }
+      if (!other.getCryptoKeyVersion().isEmpty()) {
+        cryptoKeyVersion_ = other.cryptoKeyVersion_;
+        onChanged();
+      }
       if (other.algorithm_ != 0) {
         setAlgorithmValue(other.getAlgorithmValue());
       }
@@ -820,8 +925,9 @@ public Builder clearWrappedKeyMaterial() {
      *
      *
      * <pre>
-     * Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to
-     * be imported into.
+     * Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to be imported into.
+     * The create permission is only required on this key when creating a new
+     * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
      * </pre>
      *
      * <code>
@@ -845,8 +951,9 @@ public java.lang.String getParent() {
      *
      *
      * <pre>
-     * Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to
-     * be imported into.
+     * Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to be imported into.
+     * The create permission is only required on this key when creating a new
+     * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
      * </pre>
      *
      * <code>
@@ -870,8 +977,9 @@ public com.google.protobuf.ByteString getParentBytes() {
      *
      *
      * <pre>
-     * Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to
-     * be imported into.
+     * Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to be imported into.
+     * The create permission is only required on this key when creating a new
+     * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
      * </pre>
      *
      * <code>
@@ -894,8 +1002,9 @@ public Builder setParent(java.lang.String value) {
      *
      *
      * <pre>
-     * Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to
-     * be imported into.
+     * Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to be imported into.
+     * The create permission is only required on this key when creating a new
+     * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
      * </pre>
      *
      * <code>
@@ -914,8 +1023,9 @@ public Builder clearParent() {
      *
      *
      * <pre>
-     * Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to
-     * be imported into.
+     * Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to be imported into.
+     * The create permission is only required on this key when creating a new
+     * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
      * </pre>
      *
      * <code>
@@ -936,6 +1046,187 @@ public Builder setParentBytes(com.google.protobuf.ByteString value) {
       return this;
     }
 
+    private java.lang.Object cryptoKeyVersion_ = "";
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The optional [name][google.cloud.kms.v1.CryptoKeyVersion.name] of an existing
+     * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to target for an import operation.
+     * If this field is not present, a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] containing the
+     * supplied key material is created.
+     * If this field is present, the supplied key material is imported into
+     * the existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. To import into an existing
+     * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] must be a child of
+     * [ImportCryptoKeyVersionRequest.parent][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent], have been previously created via
+     * [ImportCryptoKeyVersion][], and be in
+     * [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED] or
+     * [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED]
+     * state. The key material and algorithm must match the previous
+     * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] exactly if the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] has ever contained
+     * key material.
+     * </pre>
+     *
+     * <code>
+     * string crypto_key_version = 6 [(.google.api.field_behavior) = OPTIONAL, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The cryptoKeyVersion.
+     */
+    public java.lang.String getCryptoKeyVersion() {
+      java.lang.Object ref = cryptoKeyVersion_;
+      if (!(ref instanceof java.lang.String)) {
+        com.google.protobuf.ByteString bs = (com.google.protobuf.ByteString) ref;
+        java.lang.String s = bs.toStringUtf8();
+        cryptoKeyVersion_ = s;
+        return s;
+      } else {
+        return (java.lang.String) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The optional [name][google.cloud.kms.v1.CryptoKeyVersion.name] of an existing
+     * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to target for an import operation.
+     * If this field is not present, a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] containing the
+     * supplied key material is created.
+     * If this field is present, the supplied key material is imported into
+     * the existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. To import into an existing
+     * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] must be a child of
+     * [ImportCryptoKeyVersionRequest.parent][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent], have been previously created via
+     * [ImportCryptoKeyVersion][], and be in
+     * [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED] or
+     * [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED]
+     * state. The key material and algorithm must match the previous
+     * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] exactly if the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] has ever contained
+     * key material.
+     * </pre>
+     *
+     * <code>
+     * string crypto_key_version = 6 [(.google.api.field_behavior) = OPTIONAL, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return The bytes for cryptoKeyVersion.
+     */
+    public com.google.protobuf.ByteString getCryptoKeyVersionBytes() {
+      java.lang.Object ref = cryptoKeyVersion_;
+      if (ref instanceof String) {
+        com.google.protobuf.ByteString b =
+            com.google.protobuf.ByteString.copyFromUtf8((java.lang.String) ref);
+        cryptoKeyVersion_ = b;
+        return b;
+      } else {
+        return (com.google.protobuf.ByteString) ref;
+      }
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The optional [name][google.cloud.kms.v1.CryptoKeyVersion.name] of an existing
+     * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to target for an import operation.
+     * If this field is not present, a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] containing the
+     * supplied key material is created.
+     * If this field is present, the supplied key material is imported into
+     * the existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. To import into an existing
+     * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] must be a child of
+     * [ImportCryptoKeyVersionRequest.parent][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent], have been previously created via
+     * [ImportCryptoKeyVersion][], and be in
+     * [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED] or
+     * [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED]
+     * state. The key material and algorithm must match the previous
+     * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] exactly if the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] has ever contained
+     * key material.
+     * </pre>
+     *
+     * <code>
+     * string crypto_key_version = 6 [(.google.api.field_behavior) = OPTIONAL, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The cryptoKeyVersion to set.
+     * @return This builder for chaining.
+     */
+    public Builder setCryptoKeyVersion(java.lang.String value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+
+      cryptoKeyVersion_ = value;
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The optional [name][google.cloud.kms.v1.CryptoKeyVersion.name] of an existing
+     * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to target for an import operation.
+     * If this field is not present, a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] containing the
+     * supplied key material is created.
+     * If this field is present, the supplied key material is imported into
+     * the existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. To import into an existing
+     * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] must be a child of
+     * [ImportCryptoKeyVersionRequest.parent][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent], have been previously created via
+     * [ImportCryptoKeyVersion][], and be in
+     * [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED] or
+     * [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED]
+     * state. The key material and algorithm must match the previous
+     * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] exactly if the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] has ever contained
+     * key material.
+     * </pre>
+     *
+     * <code>
+     * string crypto_key_version = 6 [(.google.api.field_behavior) = OPTIONAL, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @return This builder for chaining.
+     */
+    public Builder clearCryptoKeyVersion() {
+
+      cryptoKeyVersion_ = getDefaultInstance().getCryptoKeyVersion();
+      onChanged();
+      return this;
+    }
+    /**
+     *
+     *
+     * <pre>
+     * Optional. The optional [name][google.cloud.kms.v1.CryptoKeyVersion.name] of an existing
+     * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to target for an import operation.
+     * If this field is not present, a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] containing the
+     * supplied key material is created.
+     * If this field is present, the supplied key material is imported into
+     * the existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. To import into an existing
+     * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] must be a child of
+     * [ImportCryptoKeyVersionRequest.parent][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent], have been previously created via
+     * [ImportCryptoKeyVersion][], and be in
+     * [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED] or
+     * [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED]
+     * state. The key material and algorithm must match the previous
+     * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] exactly if the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] has ever contained
+     * key material.
+     * </pre>
+     *
+     * <code>
+     * string crypto_key_version = 6 [(.google.api.field_behavior) = OPTIONAL, (.google.api.resource_reference) = { ... }
+     * </code>
+     *
+     * @param value The bytes for cryptoKeyVersion to set.
+     * @return This builder for chaining.
+     */
+    public Builder setCryptoKeyVersionBytes(com.google.protobuf.ByteString value) {
+      if (value == null) {
+        throw new NullPointerException();
+      }
+      checkByteStringIsUtf8(value);
+
+      cryptoKeyVersion_ = value;
+      onChanged();
+      return this;
+    }
+
     private int algorithm_ = 0;
     /**
      *
diff --git a/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ImportCryptoKeyVersionRequestOrBuilder.java b/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ImportCryptoKeyVersionRequestOrBuilder.java
index e95e3a52..8023d6fc 100644
--- a/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ImportCryptoKeyVersionRequestOrBuilder.java
+++ b/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/ImportCryptoKeyVersionRequestOrBuilder.java
@@ -27,8 +27,9 @@ public interface ImportCryptoKeyVersionRequestOrBuilder
    *
    *
    * <pre>
-   * Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to
-   * be imported into.
+   * Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to be imported into.
+   * The create permission is only required on this key when creating a new
+   * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
    * </pre>
    *
    * <code>
@@ -42,8 +43,9 @@ public interface ImportCryptoKeyVersionRequestOrBuilder
    *
    *
    * <pre>
-   * Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to
-   * be imported into.
+   * Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to be imported into.
+   * The create permission is only required on this key when creating a new
+   * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
    * </pre>
    *
    * <code>
@@ -54,6 +56,61 @@ public interface ImportCryptoKeyVersionRequestOrBuilder
    */
   com.google.protobuf.ByteString getParentBytes();
 
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The optional [name][google.cloud.kms.v1.CryptoKeyVersion.name] of an existing
+   * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to target for an import operation.
+   * If this field is not present, a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] containing the
+   * supplied key material is created.
+   * If this field is present, the supplied key material is imported into
+   * the existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. To import into an existing
+   * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] must be a child of
+   * [ImportCryptoKeyVersionRequest.parent][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent], have been previously created via
+   * [ImportCryptoKeyVersion][], and be in
+   * [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED] or
+   * [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED]
+   * state. The key material and algorithm must match the previous
+   * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] exactly if the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] has ever contained
+   * key material.
+   * </pre>
+   *
+   * <code>
+   * string crypto_key_version = 6 [(.google.api.field_behavior) = OPTIONAL, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The cryptoKeyVersion.
+   */
+  java.lang.String getCryptoKeyVersion();
+  /**
+   *
+   *
+   * <pre>
+   * Optional. The optional [name][google.cloud.kms.v1.CryptoKeyVersion.name] of an existing
+   * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to target for an import operation.
+   * If this field is not present, a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] containing the
+   * supplied key material is created.
+   * If this field is present, the supplied key material is imported into
+   * the existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. To import into an existing
+   * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] must be a child of
+   * [ImportCryptoKeyVersionRequest.parent][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent], have been previously created via
+   * [ImportCryptoKeyVersion][], and be in
+   * [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED] or
+   * [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED]
+   * state. The key material and algorithm must match the previous
+   * [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] exactly if the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] has ever contained
+   * key material.
+   * </pre>
+   *
+   * <code>
+   * string crypto_key_version = 6 [(.google.api.field_behavior) = OPTIONAL, (.google.api.resource_reference) = { ... }
+   * </code>
+   *
+   * @return The bytes for cryptoKeyVersion.
+   */
+  com.google.protobuf.ByteString getCryptoKeyVersionBytes();
+
   /**
    *
    *
diff --git a/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/KmsProto.java b/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/KmsProto.java
index 3d204064..f2f63b2d 100644
--- a/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/KmsProto.java
+++ b/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/KmsProto.java
@@ -257,248 +257,250 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
           + "\n\006parent\030\001 \001(\tB)\340A\002\372A#\n!cloudkms.googlea"
           + "pis.com/CryptoKey\022F\n\022crypto_key_version\030"
           + "\002 \001(\0132%.google.cloud.kms.v1.CryptoKeyVer"
-          + "sionB\003\340A\002\"\203\002\n\035ImportCryptoKeyVersionRequ"
+          + "sionB\003\340A\002\"\321\002\n\035ImportCryptoKeyVersionRequ"
           + "est\0229\n\006parent\030\001 \001(\tB)\340A\002\372A#\n!cloudkms.go"
-          + "ogleapis.com/CryptoKey\022W\n\talgorithm\030\002 \001("
-          + "\0162?.google.cloud.kms.v1.CryptoKeyVersion"
-          + ".CryptoKeyVersionAlgorithmB\003\340A\002\022\027\n\nimpor"
-          + "t_job\030\004 \001(\tB\003\340A\002\022\035\n\023rsa_aes_wrapped_key\030"
-          + "\005 \001(\014H\000B\026\n\024wrapped_key_material\"\246\001\n\026Crea"
-          + "teImportJobRequest\0227\n\006parent\030\001 \001(\tB\'\340A\002\372"
-          + "A!\n\037cloudkms.googleapis.com/KeyRing\022\032\n\ri"
-          + "mport_job_id\030\002 \001(\tB\003\340A\002\0227\n\nimport_job\030\003 "
-          + "\001(\0132\036.google.cloud.kms.v1.ImportJobB\003\340A\002"
-          + "\"\207\001\n\026UpdateCryptoKeyRequest\0227\n\ncrypto_ke"
-          + "y\030\001 \001(\0132\036.google.cloud.kms.v1.CryptoKeyB"
-          + "\003\340A\002\0224\n\013update_mask\030\002 \001(\0132\032.google.proto"
-          + "buf.FieldMaskB\003\340A\002\"\235\001\n\035UpdateCryptoKeyVe"
-          + "rsionRequest\022F\n\022crypto_key_version\030\001 \001(\013"
-          + "2%.google.cloud.kms.v1.CryptoKeyVersionB"
-          + "\003\340A\002\0224\n\013update_mask\030\002 \001(\0132\032.google.proto"
-          + "buf.FieldMaskB\003\340A\002\"\203\001\n$UpdateCryptoKeyPr"
-          + "imaryVersionRequest\0227\n\004name\030\001 \001(\tB)\340A\002\372A"
-          + "#\n!cloudkms.googleapis.com/CryptoKey\022\"\n\025"
-          + "crypto_key_version_id\030\002 \001(\tB\003\340A\002\"`\n\036Dest"
-          + "royCryptoKeyVersionRequest\022>\n\004name\030\001 \001(\t"
-          + "B0\340A\002\372A*\n(cloudkms.googleapis.com/Crypto"
-          + "KeyVersion\"`\n\036RestoreCryptoKeyVersionReq"
-          + "uest\022>\n\004name\030\001 \001(\tB0\340A\002\372A*\n(cloudkms.goo"
-          + "gleapis.com/CryptoKeyVersion\"\371\001\n\016Encrypt"
-          + "Request\022\027\n\004name\030\001 \001(\tB\t\340A\002\372A\003\n\001*\022\026\n\tplai"
-          + "ntext\030\002 \001(\014B\003\340A\002\022*\n\035additional_authentic"
-          + "ated_data\030\003 \001(\014B\003\340A\001\022:\n\020plaintext_crc32c"
-          + "\030\007 \001(\0132\033.google.protobuf.Int64ValueB\003\340A\001"
-          + "\022N\n$additional_authenticated_data_crc32c"
-          + "\030\010 \001(\0132\033.google.protobuf.Int64ValueB\003\340A\001"
-          + "\"\233\002\n\016DecryptRequest\0227\n\004name\030\001 \001(\tB)\340A\002\372A"
-          + "#\n!cloudkms.googleapis.com/CryptoKey\022\027\n\n"
-          + "ciphertext\030\002 \001(\014B\003\340A\002\022*\n\035additional_auth"
-          + "enticated_data\030\003 \001(\014B\003\340A\001\022;\n\021ciphertext_"
-          + "crc32c\030\005 \001(\0132\033.google.protobuf.Int64Valu"
-          + "eB\003\340A\001\022N\n$additional_authenticated_data_"
-          + "crc32c\030\006 \001(\0132\033.google.protobuf.Int64Valu"
-          + "eB\003\340A\001\"\302\001\n\025AsymmetricSignRequest\022>\n\004name"
-          + "\030\001 \001(\tB0\340A\002\372A*\n(cloudkms.googleapis.com/"
-          + "CryptoKeyVersion\0220\n\006digest\030\003 \001(\0132\033.googl"
-          + "e.cloud.kms.v1.DigestB\003\340A\002\0227\n\rdigest_crc"
-          + "32c\030\004 \001(\0132\033.google.protobuf.Int64ValueB\003"
-          + "\340A\001\"\260\001\n\030AsymmetricDecryptRequest\022>\n\004name"
-          + "\030\001 \001(\tB0\340A\002\372A*\n(cloudkms.googleapis.com/"
-          + "CryptoKeyVersion\022\027\n\nciphertext\030\003 \001(\014B\003\340A"
-          + "\002\022;\n\021ciphertext_crc32c\030\004 \001(\0132\033.google.pr"
-          + "otobuf.Int64ValueB\003\340A\001\"\232\001\n\016MacSignReques"
-          + "t\022>\n\004name\030\001 \001(\tB0\340A\002\372A*\n(cloudkms.google"
-          + "apis.com/CryptoKeyVersion\022\021\n\004data\030\002 \001(\014B"
-          + "\003\340A\002\0225\n\013data_crc32c\030\003 \001(\0132\033.google.proto"
-          + "buf.Int64ValueB\003\340A\001\"\344\001\n\020MacVerifyRequest"
-          + "\022>\n\004name\030\001 \001(\tB0\340A\002\372A*\n(cloudkms.googlea"
-          + "pis.com/CryptoKeyVersion\022\021\n\004data\030\002 \001(\014B\003"
-          + "\340A\002\0225\n\013data_crc32c\030\003 \001(\0132\033.google.protob"
-          + "uf.Int64ValueB\003\340A\001\022\020\n\003mac\030\004 \001(\014B\003\340A\002\0224\n\n"
-          + "mac_crc32c\030\005 \001(\0132\033.google.protobuf.Int64"
-          + "ValueB\003\340A\001\"\204\001\n\032GenerateRandomBytesReques"
-          + "t\022\020\n\010location\030\001 \001(\t\022\024\n\014length_bytes\030\002 \001("
-          + "\005\022>\n\020protection_level\030\003 \001(\0162$.google.clo"
-          + "ud.kms.v1.ProtectionLevel\"\205\002\n\017EncryptRes"
-          + "ponse\022\014\n\004name\030\001 \001(\t\022\022\n\nciphertext\030\002 \001(\014\022"
-          + "6\n\021ciphertext_crc32c\030\004 \001(\0132\033.google.prot"
-          + "obuf.Int64Value\022!\n\031verified_plaintext_cr"
-          + "c32c\030\005 \001(\010\0225\n-verified_additional_authen"
-          + "ticated_data_crc32c\030\006 \001(\010\022>\n\020protection_"
-          + "level\030\007 \001(\0162$.google.cloud.kms.v1.Protec"
-          + "tionLevel\"\261\001\n\017DecryptResponse\022\021\n\tplainte"
-          + "xt\030\001 \001(\014\0225\n\020plaintext_crc32c\030\002 \001(\0132\033.goo"
-          + "gle.protobuf.Int64Value\022\024\n\014used_primary\030"
-          + "\003 \001(\010\022>\n\020protection_level\030\004 \001(\0162$.google"
-          + ".cloud.kms.v1.ProtectionLevel\"\320\001\n\026Asymme"
-          + "tricSignResponse\022\021\n\tsignature\030\001 \001(\014\0225\n\020s"
-          + "ignature_crc32c\030\002 \001(\0132\033.google.protobuf."
-          + "Int64Value\022\036\n\026verified_digest_crc32c\030\003 \001"
-          + "(\010\022\014\n\004name\030\004 \001(\t\022>\n\020protection_level\030\006 \001"
-          + "(\0162$.google.cloud.kms.v1.ProtectionLevel"
-          + "\"\311\001\n\031AsymmetricDecryptResponse\022\021\n\tplaint"
-          + "ext\030\001 \001(\014\0225\n\020plaintext_crc32c\030\002 \001(\0132\033.go"
-          + "ogle.protobuf.Int64Value\022\"\n\032verified_cip"
-          + "hertext_crc32c\030\003 \001(\010\022>\n\020protection_level"
-          + "\030\004 \001(\0162$.google.cloud.kms.v1.ProtectionL"
-          + "evel\"\273\001\n\017MacSignResponse\022\014\n\004name\030\001 \001(\t\022\013"
-          + "\n\003mac\030\002 \001(\014\022/\n\nmac_crc32c\030\003 \001(\0132\033.google"
-          + ".protobuf.Int64Value\022\034\n\024verified_data_cr"
-          + "c32c\030\004 \001(\010\022>\n\020protection_level\030\005 \001(\0162$.g"
-          + "oogle.cloud.kms.v1.ProtectionLevel\"\321\001\n\021M"
-          + "acVerifyResponse\022\014\n\004name\030\001 \001(\t\022\017\n\007succes"
-          + "s\030\002 \001(\010\022\034\n\024verified_data_crc32c\030\003 \001(\010\022\033\n"
-          + "\023verified_mac_crc32c\030\004 \001(\010\022\"\n\032verified_s"
-          + "uccess_integrity\030\005 \001(\010\022>\n\020protection_lev"
-          + "el\030\006 \001(\0162$.google.cloud.kms.v1.Protectio"
-          + "nLevel\"]\n\033GenerateRandomBytesResponse\022\014\n"
-          + "\004data\030\001 \001(\014\0220\n\013data_crc32c\030\003 \001(\0132\033.googl"
-          + "e.protobuf.Int64Value\"H\n\006Digest\022\020\n\006sha25"
-          + "6\030\001 \001(\014H\000\022\020\n\006sha384\030\002 \001(\014H\000\022\020\n\006sha512\030\003 "
-          + "\001(\014H\000B\010\n\006digest\"@\n\020LocationMetadata\022\025\n\rh"
-          + "sm_available\030\001 \001(\010\022\025\n\rekm_available\030\002 \001("
-          + "\0102\206+\n\024KeyManagementService\022\242\001\n\014ListKeyRi"
-          + "ngs\022(.google.cloud.kms.v1.ListKeyRingsRe"
-          + "quest\032).google.cloud.kms.v1.ListKeyRings"
-          + "Response\"=\202\323\344\223\002.\022,/v1/{parent=projects/*"
-          + "/locations/*}/keyRings\332A\006parent\022\265\001\n\016List"
-          + "CryptoKeys\022*.google.cloud.kms.v1.ListCry"
-          + "ptoKeysRequest\032+.google.cloud.kms.v1.Lis"
-          + "tCryptoKeysResponse\"J\202\323\344\223\002;\0229/v1/{parent"
-          + "=projects/*/locations/*/keyRings/*}/cryp"
-          + "toKeys\332A\006parent\022\336\001\n\025ListCryptoKeyVersion"
-          + "s\0221.google.cloud.kms.v1.ListCryptoKeyVer"
-          + "sionsRequest\0322.google.cloud.kms.v1.ListC"
-          + "ryptoKeyVersionsResponse\"^\202\323\344\223\002O\022M/v1/{p"
-          + "arent=projects/*/locations/*/keyRings/*/"
-          + "cryptoKeys/*}/cryptoKeyVersions\332A\006parent"
-          + "\022\265\001\n\016ListImportJobs\022*.google.cloud.kms.v"
-          + "1.ListImportJobsRequest\032+.google.cloud.k"
-          + "ms.v1.ListImportJobsResponse\"J\202\323\344\223\002;\0229/v"
-          + "1/{parent=projects/*/locations/*/keyRing"
-          + "s/*}/importJobs\332A\006parent\022\217\001\n\nGetKeyRing\022"
-          + "&.google.cloud.kms.v1.GetKeyRingRequest\032"
-          + "\034.google.cloud.kms.v1.KeyRing\";\202\323\344\223\002.\022,/"
-          + "v1/{name=projects/*/locations/*/keyRings"
-          + "/*}\332A\004name\022\242\001\n\014GetCryptoKey\022(.google.clo"
-          + "ud.kms.v1.GetCryptoKeyRequest\032\036.google.c"
-          + "loud.kms.v1.CryptoKey\"H\202\323\344\223\002;\0229/v1/{name"
-          + "=projects/*/locations/*/keyRings/*/crypt"
-          + "oKeys/*}\332A\004name\022\313\001\n\023GetCryptoKeyVersion\022"
-          + "/.google.cloud.kms.v1.GetCryptoKeyVersio"
-          + "nRequest\032%.google.cloud.kms.v1.CryptoKey"
-          + "Version\"\\\202\323\344\223\002O\022M/v1/{name=projects/*/lo"
-          + "cations/*/keyRings/*/cryptoKeys/*/crypto"
-          + "KeyVersions/*}\332A\004name\022\300\001\n\014GetPublicKey\022("
-          + ".google.cloud.kms.v1.GetPublicKeyRequest"
-          + "\032\036.google.cloud.kms.v1.PublicKey\"f\202\323\344\223\002Y"
-          + "\022W/v1/{name=projects/*/locations/*/keyRi"
-          + "ngs/*/cryptoKeys/*/cryptoKeyVersions/*}/"
-          + "publicKey\332A\004name\022\242\001\n\014GetImportJob\022(.goog"
-          + "le.cloud.kms.v1.GetImportJobRequest\032\036.go"
-          + "ogle.cloud.kms.v1.ImportJob\"H\202\323\344\223\002;\0229/v1"
+          + "ogleapis.com/CryptoKey\022L\n\022crypto_key_ver"
+          + "sion\030\006 \001(\tB0\340A\001\372A*\n(cloudkms.googleapis."
+          + "com/CryptoKeyVersion\022W\n\talgorithm\030\002 \001(\0162"
+          + "?.google.cloud.kms.v1.CryptoKeyVersion.C"
+          + "ryptoKeyVersionAlgorithmB\003\340A\002\022\027\n\nimport_"
+          + "job\030\004 \001(\tB\003\340A\002\022\035\n\023rsa_aes_wrapped_key\030\005 "
+          + "\001(\014H\000B\026\n\024wrapped_key_material\"\246\001\n\026Create"
+          + "ImportJobRequest\0227\n\006parent\030\001 \001(\tB\'\340A\002\372A!"
+          + "\n\037cloudkms.googleapis.com/KeyRing\022\032\n\rimp"
+          + "ort_job_id\030\002 \001(\tB\003\340A\002\0227\n\nimport_job\030\003 \001("
+          + "\0132\036.google.cloud.kms.v1.ImportJobB\003\340A\002\"\207"
+          + "\001\n\026UpdateCryptoKeyRequest\0227\n\ncrypto_key\030"
+          + "\001 \001(\0132\036.google.cloud.kms.v1.CryptoKeyB\003\340"
+          + "A\002\0224\n\013update_mask\030\002 \001(\0132\032.google.protobu"
+          + "f.FieldMaskB\003\340A\002\"\235\001\n\035UpdateCryptoKeyVers"
+          + "ionRequest\022F\n\022crypto_key_version\030\001 \001(\0132%"
+          + ".google.cloud.kms.v1.CryptoKeyVersionB\003\340"
+          + "A\002\0224\n\013update_mask\030\002 \001(\0132\032.google.protobu"
+          + "f.FieldMaskB\003\340A\002\"\203\001\n$UpdateCryptoKeyPrim"
+          + "aryVersionRequest\0227\n\004name\030\001 \001(\tB)\340A\002\372A#\n"
+          + "!cloudkms.googleapis.com/CryptoKey\022\"\n\025cr"
+          + "ypto_key_version_id\030\002 \001(\tB\003\340A\002\"`\n\036Destro"
+          + "yCryptoKeyVersionRequest\022>\n\004name\030\001 \001(\tB0"
+          + "\340A\002\372A*\n(cloudkms.googleapis.com/CryptoKe"
+          + "yVersion\"`\n\036RestoreCryptoKeyVersionReque"
+          + "st\022>\n\004name\030\001 \001(\tB0\340A\002\372A*\n(cloudkms.googl"
+          + "eapis.com/CryptoKeyVersion\"\371\001\n\016EncryptRe"
+          + "quest\022\027\n\004name\030\001 \001(\tB\t\340A\002\372A\003\n\001*\022\026\n\tplaint"
+          + "ext\030\002 \001(\014B\003\340A\002\022*\n\035additional_authenticat"
+          + "ed_data\030\003 \001(\014B\003\340A\001\022:\n\020plaintext_crc32c\030\007"
+          + " \001(\0132\033.google.protobuf.Int64ValueB\003\340A\001\022N"
+          + "\n$additional_authenticated_data_crc32c\030\010"
+          + " \001(\0132\033.google.protobuf.Int64ValueB\003\340A\001\"\233"
+          + "\002\n\016DecryptRequest\0227\n\004name\030\001 \001(\tB)\340A\002\372A#\n"
+          + "!cloudkms.googleapis.com/CryptoKey\022\027\n\nci"
+          + "phertext\030\002 \001(\014B\003\340A\002\022*\n\035additional_authen"
+          + "ticated_data\030\003 \001(\014B\003\340A\001\022;\n\021ciphertext_cr"
+          + "c32c\030\005 \001(\0132\033.google.protobuf.Int64ValueB"
+          + "\003\340A\001\022N\n$additional_authenticated_data_cr"
+          + "c32c\030\006 \001(\0132\033.google.protobuf.Int64ValueB"
+          + "\003\340A\001\"\302\001\n\025AsymmetricSignRequest\022>\n\004name\030\001"
+          + " \001(\tB0\340A\002\372A*\n(cloudkms.googleapis.com/Cr"
+          + "yptoKeyVersion\0220\n\006digest\030\003 \001(\0132\033.google."
+          + "cloud.kms.v1.DigestB\003\340A\002\0227\n\rdigest_crc32"
+          + "c\030\004 \001(\0132\033.google.protobuf.Int64ValueB\003\340A"
+          + "\001\"\260\001\n\030AsymmetricDecryptRequest\022>\n\004name\030\001"
+          + " \001(\tB0\340A\002\372A*\n(cloudkms.googleapis.com/Cr"
+          + "yptoKeyVersion\022\027\n\nciphertext\030\003 \001(\014B\003\340A\002\022"
+          + ";\n\021ciphertext_crc32c\030\004 \001(\0132\033.google.prot"
+          + "obuf.Int64ValueB\003\340A\001\"\232\001\n\016MacSignRequest\022"
+          + ">\n\004name\030\001 \001(\tB0\340A\002\372A*\n(cloudkms.googleap"
+          + "is.com/CryptoKeyVersion\022\021\n\004data\030\002 \001(\014B\003\340"
+          + "A\002\0225\n\013data_crc32c\030\003 \001(\0132\033.google.protobu"
+          + "f.Int64ValueB\003\340A\001\"\344\001\n\020MacVerifyRequest\022>"
+          + "\n\004name\030\001 \001(\tB0\340A\002\372A*\n(cloudkms.googleapi"
+          + "s.com/CryptoKeyVersion\022\021\n\004data\030\002 \001(\014B\003\340A"
+          + "\002\0225\n\013data_crc32c\030\003 \001(\0132\033.google.protobuf"
+          + ".Int64ValueB\003\340A\001\022\020\n\003mac\030\004 \001(\014B\003\340A\002\0224\n\nma"
+          + "c_crc32c\030\005 \001(\0132\033.google.protobuf.Int64Va"
+          + "lueB\003\340A\001\"\204\001\n\032GenerateRandomBytesRequest\022"
+          + "\020\n\010location\030\001 \001(\t\022\024\n\014length_bytes\030\002 \001(\005\022"
+          + ">\n\020protection_level\030\003 \001(\0162$.google.cloud"
+          + ".kms.v1.ProtectionLevel\"\205\002\n\017EncryptRespo"
+          + "nse\022\014\n\004name\030\001 \001(\t\022\022\n\nciphertext\030\002 \001(\014\0226\n"
+          + "\021ciphertext_crc32c\030\004 \001(\0132\033.google.protob"
+          + "uf.Int64Value\022!\n\031verified_plaintext_crc3"
+          + "2c\030\005 \001(\010\0225\n-verified_additional_authenti"
+          + "cated_data_crc32c\030\006 \001(\010\022>\n\020protection_le"
+          + "vel\030\007 \001(\0162$.google.cloud.kms.v1.Protecti"
+          + "onLevel\"\261\001\n\017DecryptResponse\022\021\n\tplaintext"
+          + "\030\001 \001(\014\0225\n\020plaintext_crc32c\030\002 \001(\0132\033.googl"
+          + "e.protobuf.Int64Value\022\024\n\014used_primary\030\003 "
+          + "\001(\010\022>\n\020protection_level\030\004 \001(\0162$.google.c"
+          + "loud.kms.v1.ProtectionLevel\"\320\001\n\026Asymmetr"
+          + "icSignResponse\022\021\n\tsignature\030\001 \001(\014\0225\n\020sig"
+          + "nature_crc32c\030\002 \001(\0132\033.google.protobuf.In"
+          + "t64Value\022\036\n\026verified_digest_crc32c\030\003 \001(\010"
+          + "\022\014\n\004name\030\004 \001(\t\022>\n\020protection_level\030\006 \001(\016"
+          + "2$.google.cloud.kms.v1.ProtectionLevel\"\311"
+          + "\001\n\031AsymmetricDecryptResponse\022\021\n\tplaintex"
+          + "t\030\001 \001(\014\0225\n\020plaintext_crc32c\030\002 \001(\0132\033.goog"
+          + "le.protobuf.Int64Value\022\"\n\032verified_ciphe"
+          + "rtext_crc32c\030\003 \001(\010\022>\n\020protection_level\030\004"
+          + " \001(\0162$.google.cloud.kms.v1.ProtectionLev"
+          + "el\"\273\001\n\017MacSignResponse\022\014\n\004name\030\001 \001(\t\022\013\n\003"
+          + "mac\030\002 \001(\014\022/\n\nmac_crc32c\030\003 \001(\0132\033.google.p"
+          + "rotobuf.Int64Value\022\034\n\024verified_data_crc3"
+          + "2c\030\004 \001(\010\022>\n\020protection_level\030\005 \001(\0162$.goo"
+          + "gle.cloud.kms.v1.ProtectionLevel\"\321\001\n\021Mac"
+          + "VerifyResponse\022\014\n\004name\030\001 \001(\t\022\017\n\007success\030"
+          + "\002 \001(\010\022\034\n\024verified_data_crc32c\030\003 \001(\010\022\033\n\023v"
+          + "erified_mac_crc32c\030\004 \001(\010\022\"\n\032verified_suc"
+          + "cess_integrity\030\005 \001(\010\022>\n\020protection_level"
+          + "\030\006 \001(\0162$.google.cloud.kms.v1.ProtectionL"
+          + "evel\"]\n\033GenerateRandomBytesResponse\022\014\n\004d"
+          + "ata\030\001 \001(\014\0220\n\013data_crc32c\030\003 \001(\0132\033.google."
+          + "protobuf.Int64Value\"H\n\006Digest\022\020\n\006sha256\030"
+          + "\001 \001(\014H\000\022\020\n\006sha384\030\002 \001(\014H\000\022\020\n\006sha512\030\003 \001("
+          + "\014H\000B\010\n\006digest\"@\n\020LocationMetadata\022\025\n\rhsm"
+          + "_available\030\001 \001(\010\022\025\n\rekm_available\030\002 \001(\0102"
+          + "\206+\n\024KeyManagementService\022\242\001\n\014ListKeyRing"
+          + "s\022(.google.cloud.kms.v1.ListKeyRingsRequ"
+          + "est\032).google.cloud.kms.v1.ListKeyRingsRe"
+          + "sponse\"=\202\323\344\223\002.\022,/v1/{parent=projects/*/l"
+          + "ocations/*}/keyRings\332A\006parent\022\265\001\n\016ListCr"
+          + "yptoKeys\022*.google.cloud.kms.v1.ListCrypt"
+          + "oKeysRequest\032+.google.cloud.kms.v1.ListC"
+          + "ryptoKeysResponse\"J\202\323\344\223\002;\0229/v1/{parent=p"
+          + "rojects/*/locations/*/keyRings/*}/crypto"
+          + "Keys\332A\006parent\022\336\001\n\025ListCryptoKeyVersions\022"
+          + "1.google.cloud.kms.v1.ListCryptoKeyVersi"
+          + "onsRequest\0322.google.cloud.kms.v1.ListCry"
+          + "ptoKeyVersionsResponse\"^\202\323\344\223\002O\022M/v1/{par"
+          + "ent=projects/*/locations/*/keyRings/*/cr"
+          + "yptoKeys/*}/cryptoKeyVersions\332A\006parent\022\265"
+          + "\001\n\016ListImportJobs\022*.google.cloud.kms.v1."
+          + "ListImportJobsRequest\032+.google.cloud.kms"
+          + ".v1.ListImportJobsResponse\"J\202\323\344\223\002;\0229/v1/"
+          + "{parent=projects/*/locations/*/keyRings/"
+          + "*}/importJobs\332A\006parent\022\217\001\n\nGetKeyRing\022&."
+          + "google.cloud.kms.v1.GetKeyRingRequest\032\034."
+          + "google.cloud.kms.v1.KeyRing\";\202\323\344\223\002.\022,/v1"
           + "/{name=projects/*/locations/*/keyRings/*"
-          + "/importJobs/*}\332A\004name\022\266\001\n\rCreateKeyRing\022"
-          + ").google.cloud.kms.v1.CreateKeyRingReque"
-          + "st\032\034.google.cloud.kms.v1.KeyRing\"\\\202\323\344\223\0028"
-          + "\",/v1/{parent=projects/*/locations/*}/ke"
-          + "yRings:\010key_ring\332A\033parent,key_ring_id,ke"
-          + "y_ring\022\317\001\n\017CreateCryptoKey\022+.google.clou"
-          + "d.kms.v1.CreateCryptoKeyRequest\032\036.google"
-          + ".cloud.kms.v1.CryptoKey\"o\202\323\344\223\002G\"9/v1/{pa"
-          + "rent=projects/*/locations/*/keyRings/*}/"
-          + "cryptoKeys:\ncrypto_key\332A\037parent,crypto_k"
-          + "ey_id,crypto_key\022\373\001\n\026CreateCryptoKeyVers"
-          + "ion\0222.google.cloud.kms.v1.CreateCryptoKe"
-          + "yVersionRequest\032%.google.cloud.kms.v1.Cr"
-          + "yptoKeyVersion\"\205\001\202\323\344\223\002c\"M/v1/{parent=pro"
-          + "jects/*/locations/*/keyRings/*/cryptoKey"
-          + "s/*}/cryptoKeyVersions:\022crypto_key_versi"
-          + "on\332A\031parent,crypto_key_version\022\324\001\n\026Impor"
-          + "tCryptoKeyVersion\0222.google.cloud.kms.v1."
-          + "ImportCryptoKeyVersionRequest\032%.google.c"
-          + "loud.kms.v1.CryptoKeyVersion\"_\202\323\344\223\002Y\"T/v"
-          + "1/{parent=projects/*/locations/*/keyRing"
-          + "s/*/cryptoKeys/*}/cryptoKeyVersions:impo"
-          + "rt:\001*\022\317\001\n\017CreateImportJob\022+.google.cloud"
-          + ".kms.v1.CreateImportJobRequest\032\036.google."
-          + "cloud.kms.v1.ImportJob\"o\202\323\344\223\002G\"9/v1/{par"
-          + "ent=projects/*/locations/*/keyRings/*}/i"
-          + "mportJobs:\nimport_job\332A\037parent,import_jo"
-          + "b_id,import_job\022\321\001\n\017UpdateCryptoKey\022+.go"
-          + "ogle.cloud.kms.v1.UpdateCryptoKeyRequest"
-          + "\032\036.google.cloud.kms.v1.CryptoKey\"q\202\323\344\223\002R"
-          + "2D/v1/{crypto_key.name=projects/*/locati"
-          + "ons/*/keyRings/*/cryptoKeys/*}:\ncrypto_k"
-          + "ey\332A\026crypto_key,update_mask\022\223\002\n\026UpdateCr"
-          + "yptoKeyVersion\0222.google.cloud.kms.v1.Upd"
-          + "ateCryptoKeyVersionRequest\032%.google.clou"
-          + "d.kms.v1.CryptoKeyVersion\"\235\001\202\323\344\223\002v2`/v1/"
-          + "{crypto_key_version.name=projects/*/loca"
+          + "}\332A\004name\022\242\001\n\014GetCryptoKey\022(.google.cloud"
+          + ".kms.v1.GetCryptoKeyRequest\032\036.google.clo"
+          + "ud.kms.v1.CryptoKey\"H\202\323\344\223\002;\0229/v1/{name=p"
+          + "rojects/*/locations/*/keyRings/*/cryptoK"
+          + "eys/*}\332A\004name\022\313\001\n\023GetCryptoKeyVersion\022/."
+          + "google.cloud.kms.v1.GetCryptoKeyVersionR"
+          + "equest\032%.google.cloud.kms.v1.CryptoKeyVe"
+          + "rsion\"\\\202\323\344\223\002O\022M/v1/{name=projects/*/loca"
           + "tions/*/keyRings/*/cryptoKeys/*/cryptoKe"
-          + "yVersions/*}:\022crypto_key_version\332A\036crypt"
-          + "o_key_version,update_mask\022\362\001\n\035UpdateCryp"
-          + "toKeyPrimaryVersion\0229.google.cloud.kms.v"
-          + "1.UpdateCryptoKeyPrimaryVersionRequest\032\036"
-          + ".google.cloud.kms.v1.CryptoKey\"v\202\323\344\223\002S\"N"
-          + "/v1/{name=projects/*/locations/*/keyRing"
-          + "s/*/cryptoKeys/*}:updatePrimaryVersion:\001"
-          + "*\332A\032name,crypto_key_version_id\022\336\001\n\027Destr"
-          + "oyCryptoKeyVersion\0223.google.cloud.kms.v1"
-          + ".DestroyCryptoKeyVersionRequest\032%.google"
-          + ".cloud.kms.v1.CryptoKeyVersion\"g\202\323\344\223\002Z\"U"
+          + "yVersions/*}\332A\004name\022\300\001\n\014GetPublicKey\022(.g"
+          + "oogle.cloud.kms.v1.GetPublicKeyRequest\032\036"
+          + ".google.cloud.kms.v1.PublicKey\"f\202\323\344\223\002Y\022W"
           + "/v1/{name=projects/*/locations/*/keyRing"
-          + "s/*/cryptoKeys/*/cryptoKeyVersions/*}:de"
-          + "stroy:\001*\332A\004name\022\336\001\n\027RestoreCryptoKeyVers"
-          + "ion\0223.google.cloud.kms.v1.RestoreCryptoK"
-          + "eyVersionRequest\032%.google.cloud.kms.v1.C"
-          + "ryptoKeyVersion\"g\202\323\344\223\002Z\"U/v1/{name=proje"
+          + "s/*/cryptoKeys/*/cryptoKeyVersions/*}/pu"
+          + "blicKey\332A\004name\022\242\001\n\014GetImportJob\022(.google"
+          + ".cloud.kms.v1.GetImportJobRequest\032\036.goog"
+          + "le.cloud.kms.v1.ImportJob\"H\202\323\344\223\002;\0229/v1/{"
+          + "name=projects/*/locations/*/keyRings/*/i"
+          + "mportJobs/*}\332A\004name\022\266\001\n\rCreateKeyRing\022)."
+          + "google.cloud.kms.v1.CreateKeyRingRequest"
+          + "\032\034.google.cloud.kms.v1.KeyRing\"\\\202\323\344\223\0028\","
+          + "/v1/{parent=projects/*/locations/*}/keyR"
+          + "ings:\010key_ring\332A\033parent,key_ring_id,key_"
+          + "ring\022\317\001\n\017CreateCryptoKey\022+.google.cloud."
+          + "kms.v1.CreateCryptoKeyRequest\032\036.google.c"
+          + "loud.kms.v1.CryptoKey\"o\202\323\344\223\002G\"9/v1/{pare"
+          + "nt=projects/*/locations/*/keyRings/*}/cr"
+          + "yptoKeys:\ncrypto_key\332A\037parent,crypto_key"
+          + "_id,crypto_key\022\373\001\n\026CreateCryptoKeyVersio"
+          + "n\0222.google.cloud.kms.v1.CreateCryptoKeyV"
+          + "ersionRequest\032%.google.cloud.kms.v1.Cryp"
+          + "toKeyVersion\"\205\001\202\323\344\223\002c\"M/v1/{parent=proje"
           + "cts/*/locations/*/keyRings/*/cryptoKeys/"
-          + "*/cryptoKeyVersions/*}:restore:\001*\332A\004name"
-          + "\022\264\001\n\007Encrypt\022#.google.cloud.kms.v1.Encry"
-          + "ptRequest\032$.google.cloud.kms.v1.EncryptR"
-          + "esponse\"^\202\323\344\223\002G\"B/v1/{name=projects/*/lo"
-          + "cations/*/keyRings/*/cryptoKeys/**}:encr"
-          + "ypt:\001*\332A\016name,plaintext\022\264\001\n\007Decrypt\022#.go"
-          + "ogle.cloud.kms.v1.DecryptRequest\032$.googl"
-          + "e.cloud.kms.v1.DecryptResponse\"^\202\323\344\223\002F\"A"
-          + "/v1/{name=projects/*/locations/*/keyRing"
-          + "s/*/cryptoKeys/*}:decrypt:\001*\332A\017name,ciph"
-          + "ertext\022\340\001\n\016AsymmetricSign\022*.google.cloud"
-          + ".kms.v1.AsymmetricSignRequest\032+.google.c"
-          + "loud.kms.v1.AsymmetricSignResponse\"u\202\323\344\223"
-          + "\002a\"\\/v1/{name=projects/*/locations/*/key"
-          + "Rings/*/cryptoKeys/*/cryptoKeyVersions/*"
-          + "}:asymmetricSign:\001*\332A\013name,digest\022\360\001\n\021As"
-          + "ymmetricDecrypt\022-.google.cloud.kms.v1.As"
-          + "ymmetricDecryptRequest\032..google.cloud.km"
-          + "s.v1.AsymmetricDecryptResponse\"|\202\323\344\223\002d\"_"
-          + "/v1/{name=projects/*/locations/*/keyRing"
-          + "s/*/cryptoKeys/*/cryptoKeyVersions/*}:as"
-          + "ymmetricDecrypt:\001*\332A\017name,ciphertext\022\302\001\n"
-          + "\007MacSign\022#.google.cloud.kms.v1.MacSignRe"
-          + "quest\032$.google.cloud.kms.v1.MacSignRespo"
-          + "nse\"l\202\323\344\223\002Z\"U/v1/{name=projects/*/locati"
+          + "*}/cryptoKeyVersions:\022crypto_key_version"
+          + "\332A\031parent,crypto_key_version\022\324\001\n\026ImportC"
+          + "ryptoKeyVersion\0222.google.cloud.kms.v1.Im"
+          + "portCryptoKeyVersionRequest\032%.google.clo"
+          + "ud.kms.v1.CryptoKeyVersion\"_\202\323\344\223\002Y\"T/v1/"
+          + "{parent=projects/*/locations/*/keyRings/"
+          + "*/cryptoKeys/*}/cryptoKeyVersions:import"
+          + ":\001*\022\317\001\n\017CreateImportJob\022+.google.cloud.k"
+          + "ms.v1.CreateImportJobRequest\032\036.google.cl"
+          + "oud.kms.v1.ImportJob\"o\202\323\344\223\002G\"9/v1/{paren"
+          + "t=projects/*/locations/*/keyRings/*}/imp"
+          + "ortJobs:\nimport_job\332A\037parent,import_job_"
+          + "id,import_job\022\321\001\n\017UpdateCryptoKey\022+.goog"
+          + "le.cloud.kms.v1.UpdateCryptoKeyRequest\032\036"
+          + ".google.cloud.kms.v1.CryptoKey\"q\202\323\344\223\002R2D"
+          + "/v1/{crypto_key.name=projects/*/location"
+          + "s/*/keyRings/*/cryptoKeys/*}:\ncrypto_key"
+          + "\332A\026crypto_key,update_mask\022\223\002\n\026UpdateCryp"
+          + "toKeyVersion\0222.google.cloud.kms.v1.Updat"
+          + "eCryptoKeyVersionRequest\032%.google.cloud."
+          + "kms.v1.CryptoKeyVersion\"\235\001\202\323\344\223\002v2`/v1/{c"
+          + "rypto_key_version.name=projects/*/locati"
           + "ons/*/keyRings/*/cryptoKeys/*/cryptoKeyV"
-          + "ersions/*}:macSign:\001*\332A\tname,data\022\316\001\n\tMa"
-          + "cVerify\022%.google.cloud.kms.v1.MacVerifyR"
-          + "equest\032&.google.cloud.kms.v1.MacVerifyRe"
-          + "sponse\"r\202\323\344\223\002\\\"W/v1/{name=projects/*/loc"
-          + "ations/*/keyRings/*/cryptoKeys/*/cryptoK"
-          + "eyVersions/*}:macVerify:\001*\332A\rname,data,m"
-          + "ac\022\347\001\n\023GenerateRandomBytes\022/.google.clou"
-          + "d.kms.v1.GenerateRandomBytesRequest\0320.go"
-          + "ogle.cloud.kms.v1.GenerateRandomBytesRes"
-          + "ponse\"m\202\323\344\223\002>\"9/v1/{location=projects/*/"
-          + "locations/*}:generateRandomBytes:\001*\332A&lo"
-          + "cation,length_bytes,protection_level\032t\312A"
-          + "\027cloudkms.googleapis.com\322AWhttps://www.g"
-          + "oogleapis.com/auth/cloud-platform,https:"
-          + "//www.googleapis.com/auth/cloudkmsB\214\001\n\027c"
-          + "om.google.cloud.kms.v1B\010KmsProtoP\001Z6goog"
-          + "le.golang.org/genproto/googleapis/cloud/"
-          + "kms/v1;kms\370\001\001\252\002\023Google.Cloud.Kms.V1\312\002\023Go"
-          + "ogle\\Cloud\\Kms\\V1b\006proto3"
+          + "ersions/*}:\022crypto_key_version\332A\036crypto_"
+          + "key_version,update_mask\022\362\001\n\035UpdateCrypto"
+          + "KeyPrimaryVersion\0229.google.cloud.kms.v1."
+          + "UpdateCryptoKeyPrimaryVersionRequest\032\036.g"
+          + "oogle.cloud.kms.v1.CryptoKey\"v\202\323\344\223\002S\"N/v"
+          + "1/{name=projects/*/locations/*/keyRings/"
+          + "*/cryptoKeys/*}:updatePrimaryVersion:\001*\332"
+          + "A\032name,crypto_key_version_id\022\336\001\n\027Destroy"
+          + "CryptoKeyVersion\0223.google.cloud.kms.v1.D"
+          + "estroyCryptoKeyVersionRequest\032%.google.c"
+          + "loud.kms.v1.CryptoKeyVersion\"g\202\323\344\223\002Z\"U/v"
+          + "1/{name=projects/*/locations/*/keyRings/"
+          + "*/cryptoKeys/*/cryptoKeyVersions/*}:dest"
+          + "roy:\001*\332A\004name\022\336\001\n\027RestoreCryptoKeyVersio"
+          + "n\0223.google.cloud.kms.v1.RestoreCryptoKey"
+          + "VersionRequest\032%.google.cloud.kms.v1.Cry"
+          + "ptoKeyVersion\"g\202\323\344\223\002Z\"U/v1/{name=project"
+          + "s/*/locations/*/keyRings/*/cryptoKeys/*/"
+          + "cryptoKeyVersions/*}:restore:\001*\332A\004name\022\264"
+          + "\001\n\007Encrypt\022#.google.cloud.kms.v1.Encrypt"
+          + "Request\032$.google.cloud.kms.v1.EncryptRes"
+          + "ponse\"^\202\323\344\223\002G\"B/v1/{name=projects/*/loca"
+          + "tions/*/keyRings/*/cryptoKeys/**}:encryp"
+          + "t:\001*\332A\016name,plaintext\022\264\001\n\007Decrypt\022#.goog"
+          + "le.cloud.kms.v1.DecryptRequest\032$.google."
+          + "cloud.kms.v1.DecryptResponse\"^\202\323\344\223\002F\"A/v"
+          + "1/{name=projects/*/locations/*/keyRings/"
+          + "*/cryptoKeys/*}:decrypt:\001*\332A\017name,cipher"
+          + "text\022\340\001\n\016AsymmetricSign\022*.google.cloud.k"
+          + "ms.v1.AsymmetricSignRequest\032+.google.clo"
+          + "ud.kms.v1.AsymmetricSignResponse\"u\202\323\344\223\002a"
+          + "\"\\/v1/{name=projects/*/locations/*/keyRi"
+          + "ngs/*/cryptoKeys/*/cryptoKeyVersions/*}:"
+          + "asymmetricSign:\001*\332A\013name,digest\022\360\001\n\021Asym"
+          + "metricDecrypt\022-.google.cloud.kms.v1.Asym"
+          + "metricDecryptRequest\032..google.cloud.kms."
+          + "v1.AsymmetricDecryptResponse\"|\202\323\344\223\002d\"_/v"
+          + "1/{name=projects/*/locations/*/keyRings/"
+          + "*/cryptoKeys/*/cryptoKeyVersions/*}:asym"
+          + "metricDecrypt:\001*\332A\017name,ciphertext\022\302\001\n\007M"
+          + "acSign\022#.google.cloud.kms.v1.MacSignRequ"
+          + "est\032$.google.cloud.kms.v1.MacSignRespons"
+          + "e\"l\202\323\344\223\002Z\"U/v1/{name=projects/*/location"
+          + "s/*/keyRings/*/cryptoKeys/*/cryptoKeyVer"
+          + "sions/*}:macSign:\001*\332A\tname,data\022\316\001\n\tMacV"
+          + "erify\022%.google.cloud.kms.v1.MacVerifyReq"
+          + "uest\032&.google.cloud.kms.v1.MacVerifyResp"
+          + "onse\"r\202\323\344\223\002\\\"W/v1/{name=projects/*/locat"
+          + "ions/*/keyRings/*/cryptoKeys/*/cryptoKey"
+          + "Versions/*}:macVerify:\001*\332A\rname,data,mac"
+          + "\022\347\001\n\023GenerateRandomBytes\022/.google.cloud."
+          + "kms.v1.GenerateRandomBytesRequest\0320.goog"
+          + "le.cloud.kms.v1.GenerateRandomBytesRespo"
+          + "nse\"m\202\323\344\223\002>\"9/v1/{location=projects/*/lo"
+          + "cations/*}:generateRandomBytes:\001*\332A&loca"
+          + "tion,length_bytes,protection_level\032t\312A\027c"
+          + "loudkms.googleapis.com\322AWhttps://www.goo"
+          + "gleapis.com/auth/cloud-platform,https://"
+          + "www.googleapis.com/auth/cloudkmsB\214\001\n\027com"
+          + ".google.cloud.kms.v1B\010KmsProtoP\001Z6google"
+          + ".golang.org/genproto/googleapis/cloud/km"
+          + "s/v1;kms\370\001\001\252\002\023Google.Cloud.Kms.V1\312\002\023Goog"
+          + "le\\Cloud\\Kms\\V1b\006proto3"
     };
     descriptor =
         com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom(
@@ -646,7 +648,12 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
         new com.google.protobuf.GeneratedMessageV3.FieldAccessorTable(
             internal_static_google_cloud_kms_v1_ImportCryptoKeyVersionRequest_descriptor,
             new java.lang.String[] {
-              "Parent", "Algorithm", "ImportJob", "RsaAesWrappedKey", "WrappedKeyMaterial",
+              "Parent",
+              "CryptoKeyVersion",
+              "Algorithm",
+              "ImportJob",
+              "RsaAesWrappedKey",
+              "WrappedKeyMaterial",
             });
     internal_static_google_cloud_kms_v1_CreateImportJobRequest_descriptor =
         getDescriptor().getMessageTypes().get(17);
diff --git a/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/KmsResourcesProto.java b/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/KmsResourcesProto.java
index 7b0e98e8..e150daf9 100644
--- a/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/KmsResourcesProto.java
+++ b/proto-google-cloud-kms-v1/src/main/java/com/google/cloud/kms/v1/KmsResourcesProto.java
@@ -119,7 +119,7 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
           + "B\003\340A\003\022\024\n\007content\030\005 \001(\014B\003\340A\003\"k\n\021Attestati"
           + "onFormat\022\"\n\036ATTESTATION_FORMAT_UNSPECIFI"
           + "ED\020\000\022\030\n\024CAVIUM_V1_COMPRESSED\020\003\022\030\n\024CAVIUM"
-          + "_V2_COMPRESSED\020\004\"\271\016\n\020CryptoKeyVersion\022\021\n"
+          + "_V2_COMPRESSED\020\004\"\331\016\n\020CryptoKeyVersion\022\021\n"
           + "\004name\030\001 \001(\tB\003\340A\003\022J\n\005state\030\003 \001(\0162;.google"
           + ".cloud.kms.v1.CryptoKeyVersion.CryptoKey"
           + "VersionState\022C\n\020protection_level\030\007 \001(\0162$"
@@ -138,77 +138,78 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
           + "gle.protobuf.TimestampB\003\340A\003\022\"\n\025import_fa"
           + "ilure_reason\030\020 \001(\tB\003\340A\003\022^\n!external_prot"
           + "ection_level_options\030\021 \001(\01323.google.clou"
-          + "d.kms.v1.ExternalProtectionLevelOptions\""
-          + "\356\004\n\031CryptoKeyVersionAlgorithm\022,\n(CRYPTO_"
-          + "KEY_VERSION_ALGORITHM_UNSPECIFIED\020\000\022\037\n\033G"
-          + "OOGLE_SYMMETRIC_ENCRYPTION\020\001\022\034\n\030RSA_SIGN"
-          + "_PSS_2048_SHA256\020\002\022\034\n\030RSA_SIGN_PSS_3072_"
-          + "SHA256\020\003\022\034\n\030RSA_SIGN_PSS_4096_SHA256\020\004\022\034"
-          + "\n\030RSA_SIGN_PSS_4096_SHA512\020\017\022\036\n\032RSA_SIGN"
-          + "_PKCS1_2048_SHA256\020\005\022\036\n\032RSA_SIGN_PKCS1_3"
-          + "072_SHA256\020\006\022\036\n\032RSA_SIGN_PKCS1_4096_SHA2"
-          + "56\020\007\022\036\n\032RSA_SIGN_PKCS1_4096_SHA512\020\020\022 \n\034"
-          + "RSA_DECRYPT_OAEP_2048_SHA256\020\010\022 \n\034RSA_DE"
-          + "CRYPT_OAEP_3072_SHA256\020\t\022 \n\034RSA_DECRYPT_"
-          + "OAEP_4096_SHA256\020\n\022 \n\034RSA_DECRYPT_OAEP_4"
-          + "096_SHA512\020\021\022\027\n\023EC_SIGN_P256_SHA256\020\014\022\027\n"
-          + "\023EC_SIGN_P384_SHA384\020\r\022\034\n\030EC_SIGN_SECP25"
-          + "6K1_SHA256\020\037\022\017\n\013HMAC_SHA256\020 \022!\n\035EXTERNA"
-          + "L_SYMMETRIC_ENCRYPTION\020\022\"\301\001\n\025CryptoKeyVe"
-          + "rsionState\022(\n$CRYPTO_KEY_VERSION_STATE_U"
-          + "NSPECIFIED\020\000\022\026\n\022PENDING_GENERATION\020\005\022\013\n\007"
-          + "ENABLED\020\001\022\014\n\010DISABLED\020\002\022\r\n\tDESTROYED\020\003\022\025"
-          + "\n\021DESTROY_SCHEDULED\020\004\022\022\n\016PENDING_IMPORT\020"
-          + "\006\022\021\n\rIMPORT_FAILED\020\007\"I\n\024CryptoKeyVersion"
-          + "View\022\'\n#CRYPTO_KEY_VERSION_VIEW_UNSPECIF"
-          + "IED\020\000\022\010\n\004FULL\020\001:\252\001\352A\246\001\n(cloudkms.googlea"
-          + "pis.com/CryptoKeyVersion\022zprojects/{proj"
-          + "ect}/locations/{location}/keyRings/{key_"
-          + "ring}/cryptoKeys/{crypto_key}/cryptoKeyV"
-          + "ersions/{crypto_key_version}\"\234\003\n\tPublicK"
-          + "ey\022\013\n\003pem\030\001 \001(\t\022R\n\talgorithm\030\002 \001(\0162?.goo"
-          + "gle.cloud.kms.v1.CryptoKeyVersion.Crypto"
-          + "KeyVersionAlgorithm\022/\n\npem_crc32c\030\003 \001(\0132"
-          + "\033.google.protobuf.Int64Value\022\014\n\004name\030\004 \001"
-          + "(\t\022>\n\020protection_level\030\005 \001(\0162$.google.cl"
-          + "oud.kms.v1.ProtectionLevel:\256\001\352A\252\001\n!cloud"
-          + "kms.googleapis.com/PublicKey\022\204\001projects/"
-          + "{project}/locations/{location}/keyRings/"
-          + "{key_ring}/cryptoKeys/{crypto_key}/crypt"
-          + "oKeyVersions/{crypto_key_version}/public"
-          + "Key\"\333\007\n\tImportJob\022\021\n\004name\030\001 \001(\tB\003\340A\003\022J\n\r"
-          + "import_method\030\002 \001(\0162+.google.cloud.kms.v"
-          + "1.ImportJob.ImportMethodB\006\340A\002\340A\005\022F\n\020prot"
-          + "ection_level\030\t \001(\0162$.google.cloud.kms.v1"
-          + ".ProtectionLevelB\006\340A\002\340A\005\0224\n\013create_time\030"
-          + "\003 \001(\0132\032.google.protobuf.TimestampB\003\340A\003\0226"
-          + "\n\rgenerate_time\030\004 \001(\0132\032.google.protobuf."
-          + "TimestampB\003\340A\003\0224\n\013expire_time\030\005 \001(\0132\032.go"
-          + "ogle.protobuf.TimestampB\003\340A\003\022:\n\021expire_e"
-          + "vent_time\030\n \001(\0132\032.google.protobuf.Timest"
-          + "ampB\003\340A\003\022A\n\005state\030\006 \001(\0162-.google.cloud.k"
-          + "ms.v1.ImportJob.ImportJobStateB\003\340A\003\022I\n\np"
-          + "ublic_key\030\007 \001(\01320.google.cloud.kms.v1.Im"
-          + "portJob.WrappingPublicKeyB\003\340A\003\022F\n\013attest"
-          + "ation\030\010 \001(\0132,.google.cloud.kms.v1.KeyOpe"
-          + "rationAttestationB\003\340A\003\032 \n\021WrappingPublic"
-          + "Key\022\013\n\003pem\030\001 \001(\t\"m\n\014ImportMethod\022\035\n\031IMPO"
-          + "RT_METHOD_UNSPECIFIED\020\000\022\036\n\032RSA_OAEP_3072"
-          + "_SHA1_AES_256\020\001\022\036\n\032RSA_OAEP_4096_SHA1_AE"
-          + "S_256\020\002\"c\n\016ImportJobState\022 \n\034IMPORT_JOB_"
-          + "STATE_UNSPECIFIED\020\000\022\026\n\022PENDING_GENERATIO"
-          + "N\020\001\022\n\n\006ACTIVE\020\002\022\013\n\007EXPIRED\020\003:{\352Ax\n!cloud"
-          + "kms.googleapis.com/ImportJob\022Sprojects/{"
-          + "project}/locations/{location}/keyRings/{"
-          + "key_ring}/importJobs/{import_job}\":\n\036Ext"
-          + "ernalProtectionLevelOptions\022\030\n\020external_"
-          + "key_uri\030\001 \001(\t*X\n\017ProtectionLevel\022 \n\034PROT"
-          + "ECTION_LEVEL_UNSPECIFIED\020\000\022\014\n\010SOFTWARE\020\001"
-          + "\022\007\n\003HSM\020\002\022\014\n\010EXTERNAL\020\003B\225\001\n\027com.google.c"
-          + "loud.kms.v1B\021KmsResourcesProtoP\001Z6google"
-          + ".golang.org/genproto/googleapis/cloud/km"
-          + "s/v1;kms\370\001\001\252\002\023Google.Cloud.Kms.V1\312\002\023Goog"
-          + "le\\Cloud\\Kms\\V1b\006proto3"
+          + "d.kms.v1.ExternalProtectionLevelOptions\022"
+          + "\036\n\021reimport_eligible\030\022 \001(\010B\003\340A\003\"\356\004\n\031Cryp"
+          + "toKeyVersionAlgorithm\022,\n(CRYPTO_KEY_VERS"
+          + "ION_ALGORITHM_UNSPECIFIED\020\000\022\037\n\033GOOGLE_SY"
+          + "MMETRIC_ENCRYPTION\020\001\022\034\n\030RSA_SIGN_PSS_204"
+          + "8_SHA256\020\002\022\034\n\030RSA_SIGN_PSS_3072_SHA256\020\003"
+          + "\022\034\n\030RSA_SIGN_PSS_4096_SHA256\020\004\022\034\n\030RSA_SI"
+          + "GN_PSS_4096_SHA512\020\017\022\036\n\032RSA_SIGN_PKCS1_2"
+          + "048_SHA256\020\005\022\036\n\032RSA_SIGN_PKCS1_3072_SHA2"
+          + "56\020\006\022\036\n\032RSA_SIGN_PKCS1_4096_SHA256\020\007\022\036\n\032"
+          + "RSA_SIGN_PKCS1_4096_SHA512\020\020\022 \n\034RSA_DECR"
+          + "YPT_OAEP_2048_SHA256\020\010\022 \n\034RSA_DECRYPT_OA"
+          + "EP_3072_SHA256\020\t\022 \n\034RSA_DECRYPT_OAEP_409"
+          + "6_SHA256\020\n\022 \n\034RSA_DECRYPT_OAEP_4096_SHA5"
+          + "12\020\021\022\027\n\023EC_SIGN_P256_SHA256\020\014\022\027\n\023EC_SIGN"
+          + "_P384_SHA384\020\r\022\034\n\030EC_SIGN_SECP256K1_SHA2"
+          + "56\020\037\022\017\n\013HMAC_SHA256\020 \022!\n\035EXTERNAL_SYMMET"
+          + "RIC_ENCRYPTION\020\022\"\301\001\n\025CryptoKeyVersionSta"
+          + "te\022(\n$CRYPTO_KEY_VERSION_STATE_UNSPECIFI"
+          + "ED\020\000\022\026\n\022PENDING_GENERATION\020\005\022\013\n\007ENABLED\020"
+          + "\001\022\014\n\010DISABLED\020\002\022\r\n\tDESTROYED\020\003\022\025\n\021DESTRO"
+          + "Y_SCHEDULED\020\004\022\022\n\016PENDING_IMPORT\020\006\022\021\n\rIMP"
+          + "ORT_FAILED\020\007\"I\n\024CryptoKeyVersionView\022\'\n#"
+          + "CRYPTO_KEY_VERSION_VIEW_UNSPECIFIED\020\000\022\010\n"
+          + "\004FULL\020\001:\252\001\352A\246\001\n(cloudkms.googleapis.com/"
+          + "CryptoKeyVersion\022zprojects/{project}/loc"
+          + "ations/{location}/keyRings/{key_ring}/cr"
+          + "yptoKeys/{crypto_key}/cryptoKeyVersions/"
+          + "{crypto_key_version}\"\234\003\n\tPublicKey\022\013\n\003pe"
+          + "m\030\001 \001(\t\022R\n\talgorithm\030\002 \001(\0162?.google.clou"
+          + "d.kms.v1.CryptoKeyVersion.CryptoKeyVersi"
+          + "onAlgorithm\022/\n\npem_crc32c\030\003 \001(\0132\033.google"
+          + ".protobuf.Int64Value\022\014\n\004name\030\004 \001(\t\022>\n\020pr"
+          + "otection_level\030\005 \001(\0162$.google.cloud.kms."
+          + "v1.ProtectionLevel:\256\001\352A\252\001\n!cloudkms.goog"
+          + "leapis.com/PublicKey\022\204\001projects/{project"
+          + "}/locations/{location}/keyRings/{key_rin"
+          + "g}/cryptoKeys/{crypto_key}/cryptoKeyVers"
+          + "ions/{crypto_key_version}/publicKey\"\333\007\n\t"
+          + "ImportJob\022\021\n\004name\030\001 \001(\tB\003\340A\003\022J\n\rimport_m"
+          + "ethod\030\002 \001(\0162+.google.cloud.kms.v1.Import"
+          + "Job.ImportMethodB\006\340A\002\340A\005\022F\n\020protection_l"
+          + "evel\030\t \001(\0162$.google.cloud.kms.v1.Protect"
+          + "ionLevelB\006\340A\002\340A\005\0224\n\013create_time\030\003 \001(\0132\032."
+          + "google.protobuf.TimestampB\003\340A\003\0226\n\rgenera"
+          + "te_time\030\004 \001(\0132\032.google.protobuf.Timestam"
+          + "pB\003\340A\003\0224\n\013expire_time\030\005 \001(\0132\032.google.pro"
+          + "tobuf.TimestampB\003\340A\003\022:\n\021expire_event_tim"
+          + "e\030\n \001(\0132\032.google.protobuf.TimestampB\003\340A\003"
+          + "\022A\n\005state\030\006 \001(\0162-.google.cloud.kms.v1.Im"
+          + "portJob.ImportJobStateB\003\340A\003\022I\n\npublic_ke"
+          + "y\030\007 \001(\01320.google.cloud.kms.v1.ImportJob."
+          + "WrappingPublicKeyB\003\340A\003\022F\n\013attestation\030\010 "
+          + "\001(\0132,.google.cloud.kms.v1.KeyOperationAt"
+          + "testationB\003\340A\003\032 \n\021WrappingPublicKey\022\013\n\003p"
+          + "em\030\001 \001(\t\"m\n\014ImportMethod\022\035\n\031IMPORT_METHO"
+          + "D_UNSPECIFIED\020\000\022\036\n\032RSA_OAEP_3072_SHA1_AE"
+          + "S_256\020\001\022\036\n\032RSA_OAEP_4096_SHA1_AES_256\020\002\""
+          + "c\n\016ImportJobState\022 \n\034IMPORT_JOB_STATE_UN"
+          + "SPECIFIED\020\000\022\026\n\022PENDING_GENERATION\020\001\022\n\n\006A"
+          + "CTIVE\020\002\022\013\n\007EXPIRED\020\003:{\352Ax\n!cloudkms.goog"
+          + "leapis.com/ImportJob\022Sprojects/{project}"
+          + "/locations/{location}/keyRings/{key_ring"
+          + "}/importJobs/{import_job}\":\n\036ExternalPro"
+          + "tectionLevelOptions\022\030\n\020external_key_uri\030"
+          + "\001 \001(\t*X\n\017ProtectionLevel\022 \n\034PROTECTION_L"
+          + "EVEL_UNSPECIFIED\020\000\022\014\n\010SOFTWARE\020\001\022\007\n\003HSM\020"
+          + "\002\022\014\n\010EXTERNAL\020\003B\225\001\n\027com.google.cloud.kms"
+          + ".v1B\021KmsResourcesProtoP\001Z6google.golang."
+          + "org/genproto/googleapis/cloud/kms/v1;kms"
+          + "\370\001\001\252\002\023Google.Cloud.Kms.V1\312\002\023Google\\Cloud"
+          + "\\Kms\\V1b\006proto3"
     };
     descriptor =
         com.google.protobuf.Descriptors.FileDescriptor.internalBuildGeneratedFileFrom(
@@ -290,6 +291,7 @@ public static com.google.protobuf.Descriptors.FileDescriptor getDescriptor() {
               "ImportTime",
               "ImportFailureReason",
               "ExternalProtectionLevelOptions",
+              "ReimportEligible",
             });
     internal_static_google_cloud_kms_v1_PublicKey_descriptor =
         getDescriptor().getMessageTypes().get(5);
diff --git a/proto-google-cloud-kms-v1/src/main/proto/google/cloud/kms/v1/resources.proto b/proto-google-cloud-kms-v1/src/main/proto/google/cloud/kms/v1/resources.proto
index b03e22b9..47a5c63a 100644
--- a/proto-google-cloud-kms-v1/src/main/proto/google/cloud/kms/v1/resources.proto
+++ b/proto-google-cloud-kms-v1/src/main/proto/google/cloud/kms/v1/resources.proto
@@ -335,6 +335,10 @@ message CryptoKeyVersion {
     DISABLED = 2;
 
     // This version is destroyed, and the key material is no longer stored.
+    // This version may only become [ENABLED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.ENABLED] again if this version is
+    // [reimport_eligible][google.cloud.kms.v1.CryptoKeyVersion.reimport_eligible] and the original
+    // key material is reimported with a call to
+    // [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion].
     DESTROYED = 3;
 
     // This version is scheduled for destruction, and will be destroyed soon.
@@ -407,16 +411,16 @@ message CryptoKeyVersion {
   // [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED].
   google.protobuf.Timestamp destroy_event_time = 6 [(google.api.field_behavior) = OUTPUT_ONLY];
 
-  // Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used to import this
+  // Output only. The name of the [ImportJob][google.cloud.kms.v1.ImportJob] used in the most recent import of this
   // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Only present if the underlying key material was
   // imported.
   string import_job = 14 [(google.api.field_behavior) = OUTPUT_ONLY];
 
   // Output only. The time at which this [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]'s key material
-  // was imported.
+  // was most recently imported.
   google.protobuf.Timestamp import_time = 15 [(google.api.field_behavior) = OUTPUT_ONLY];
 
-  // Output only. The root cause of an import failure. Only present if
+  // Output only. The root cause of the most recent import failure. Only present if
   // [state][google.cloud.kms.v1.CryptoKeyVersion.state] is
   // [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED].
   string import_failure_reason = 16 [(google.api.field_behavior) = OUTPUT_ONLY];
@@ -425,6 +429,11 @@ message CryptoKeyVersion {
   // configuring a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] that are specific to the
   // [EXTERNAL][google.cloud.kms.v1.ProtectionLevel.EXTERNAL] protection level.
   ExternalProtectionLevelOptions external_protection_level_options = 17;
+
+  // Output only. Whether or not this key version is eligible for reimport, by being
+  // specified as a target in
+  // [ImportCryptoKeyVersionRequest.crypto_key_version][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.crypto_key_version].
+  bool reimport_eligible = 18 [(google.api.field_behavior) = OUTPUT_ONLY];
 }
 
 // The public key for a given [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. Obtained via
diff --git a/proto-google-cloud-kms-v1/src/main/proto/google/cloud/kms/v1/service.proto b/proto-google-cloud-kms-v1/src/main/proto/google/cloud/kms/v1/service.proto
index ba3baf28..3f29c05a 100644
--- a/proto-google-cloud-kms-v1/src/main/proto/google/cloud/kms/v1/service.proto
+++ b/proto-google-cloud-kms-v1/src/main/proto/google/cloud/kms/v1/service.proto
@@ -161,11 +161,12 @@ service KeyManagementService {
     option (google.api.method_signature) = "parent,crypto_key_version";
   }
 
-  // Imports a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] into an existing [CryptoKey][google.cloud.kms.v1.CryptoKey] using the
-  // wrapped key material provided in the request.
+  // Import wrapped key material into a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
   //
-  // The version ID will be assigned the next sequential id within the
-  // [CryptoKey][google.cloud.kms.v1.CryptoKey].
+  // All requests must specify a [CryptoKey][google.cloud.kms.v1.CryptoKey]. If a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] is
+  // additionally specified in the request, key material will be reimported into
+  // that version. Otherwise, a new version will be created, and will be
+  // assigned the next sequential id within the [CryptoKey][google.cloud.kms.v1.CryptoKey].
   rpc ImportCryptoKeyVersion(ImportCryptoKeyVersionRequest) returns (CryptoKeyVersion) {
     option (google.api.http) = {
       post: "/v1/{parent=projects/*/locations/*/keyRings/*/cryptoKeys/*}/cryptoKeyVersions:import"
@@ -223,10 +224,11 @@ service KeyManagementService {
   // Schedule a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] for destruction.
   //
   // Upon calling this method, [CryptoKeyVersion.state][google.cloud.kms.v1.CryptoKeyVersion.state] will be set to
-  // [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED]
-  // and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to a time 24
-  // hours in the future, at which point the [state][google.cloud.kms.v1.CryptoKeyVersion.state]
-  // will be changed to
+  // [DESTROY_SCHEDULED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROY_SCHEDULED],
+  // and [destroy_time][google.cloud.kms.v1.CryptoKeyVersion.destroy_time] will be set to the time
+  // [destroy_scheduled_duration][google.cloud.kms.v1.CryptoKey.destroy_scheduled_duration] in the
+  // future. At that time, the [state][google.cloud.kms.v1.CryptoKeyVersion.state] will
+  // automatically change to
   // [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED], and the key
   // material will be irrevocably destroyed.
   //
@@ -646,8 +648,10 @@ message CreateCryptoKeyVersionRequest {
 
 // Request message for [KeyManagementService.ImportCryptoKeyVersion][google.cloud.kms.v1.KeyManagementService.ImportCryptoKeyVersion].
 message ImportCryptoKeyVersionRequest {
-  // Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to
-  // be imported into.
+  // Required. The [name][google.cloud.kms.v1.CryptoKey.name] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] to be imported into.
+  //
+  // The create permission is only required on this key when creating a new
+  // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion].
   string parent = 1 [
     (google.api.field_behavior) = REQUIRED,
     (google.api.resource_reference) = {
@@ -655,6 +659,28 @@ message ImportCryptoKeyVersionRequest {
     }
   ];
 
+  // Optional. The optional [name][google.cloud.kms.v1.CryptoKeyVersion.name] of an existing
+  // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] to target for an import operation.
+  // If this field is not present, a new [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] containing the
+  // supplied key material is created.
+  //
+  // If this field is present, the supplied key material is imported into
+  // the existing [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion]. To import into an existing
+  // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion], the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] must be a child of
+  // [ImportCryptoKeyVersionRequest.parent][google.cloud.kms.v1.ImportCryptoKeyVersionRequest.parent], have been previously created via
+  // [ImportCryptoKeyVersion][], and be in
+  // [DESTROYED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.DESTROYED] or
+  // [IMPORT_FAILED][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionState.IMPORT_FAILED]
+  // state. The key material and algorithm must match the previous
+  // [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] exactly if the [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] has ever contained
+  // key material.
+  string crypto_key_version = 6 [
+    (google.api.field_behavior) = OPTIONAL,
+    (google.api.resource_reference) = {
+      type: "cloudkms.googleapis.com/CryptoKeyVersion"
+    }
+  ];
+
   // Required. The [algorithm][google.cloud.kms.v1.CryptoKeyVersion.CryptoKeyVersionAlgorithm] of
   // the key being imported. This does not need to match the
   // [version_template][google.cloud.kms.v1.CryptoKey.version_template] of the [CryptoKey][google.cloud.kms.v1.CryptoKey] this
diff --git a/synth.metadata b/synth.metadata
index 1d399e21..725106a5 100644
--- a/synth.metadata
+++ b/synth.metadata
@@ -4,15 +4,15 @@
       "git": {
         "name": ".",
         "remote": "https://github.com/googleapis/java-kms.git",
-        "sha": "c34c4c53a7f932f46f184b2ae668ec64301342d4"
+        "sha": "918e9e7188ab712823aef4dd6b64be84c44bcd18"
       }
     },
     {
       "git": {
         "name": "googleapis",
         "remote": "https://github.com/googleapis/googleapis.git",
-        "sha": "e1738ee972b49fd0c4d4718b035444495142b781",
-        "internalRef": "391407209"
+        "sha": "e3d9b11abaec81e1c3c9c7cab1f3bb6fa3990651",
+        "internalRef": "393749648"
       }
     },
     {