stackitcloud · Benjosh95 · Aug 27, 2025 · Aug 25, 2025 · Aug 26, 2025 · Aug 27, 2025
@@ -1,4 +1,10 @@
 ## Release (2025-xx-xx)
+- `kms`: [v0.3.0](services/kms/CHANGELOG.md#v030)
+    - **Breaking Change:** Updated `create_key()` and `create_wrapping_key()` method signatures to require new `access_scope` parameter
+    - **Breaking Change:** Added new required `access_scope` field to `Key` and `WrappingKey` models
+    - **Feature:** Add new `AccessScope` enum with values `PUBLIC` and `SNA` for managing key access permissions
+    - **Feature:** Add new `Protection` enum with value `SOFTWARE` as a replacement for the deprecated `backend` field
+    - **Deprecation:** The `backend` field is now deprecated in all relevant models. Use the new `protection` field instead
 - `iaas`: [v0.8.1](services/iaas/CHANGELOG.md#v081)
     - **Internal:** Add workaround to fix upstream OpenAPI generator issue where regex patterns include leading/trailing slashes that need to be removed for validation in `AllowedAddressesInner`, `AreaId`, and `CreateProtocol` models
 - `observability`: [v0.9.0](services/observability/CHANGELOG.md#v090)

@@ -1,3 +1,12 @@
+## v0.3.0
+- **Breaking Change:** Updated `create_key()` and `create_wrapping_key()` method signatures to require new `access_scope` parameter
+- **Breaking Change:** Added new required `access_scope` field to `Key` and `WrappingKey` models
+- **Feature:** Add new `AccessScope` enum with values `PUBLIC` and `SNA` for managing key access permissions
+- **Feature:** Add new `Protection` enum with value `SOFTWARE` as a replacement for the deprecated `backend` field
+- **Feature:** Add new `access_scope` field to `CreateKeyPayload` and `CreateWrappingKeyPayload` models
+- **Feature:** Add new `protection` field to `CreateKeyPayload`, `CreateWrappingKeyPayload`, `Key`, and `WrappingKey` models
+- **Deprecation:** The `backend` field is now deprecated in all relevant models. Use the new `protection` field instead
+
 ## v0.2.0
 - **Breaking Change:** Change return type from `Key` to `Version` for `import_key()` and `rotate_key()` methods
 - **Internal:** Add HTTP 409 (Conflict) error handling to API methods

@@ -3,7 +3,7 @@ name = "stackit-kms"
 
 [tool.poetry]
 name = "stackit-kms"
-version = "v0.2.0"
+version = "v0.3.0"
 authors = [
     "STACKIT Developer Tools <[email protected]>",
 ]

@@ -28,6 +28,7 @@
     "ApiKeyError",
     "ApiAttributeError",
     "ApiException",
+    "AccessScope",
     "Algorithm",
     "Backend",
     "CreateKeyPayload",
@@ -43,6 +44,7 @@
     "KeyList",
     "KeyRing",
     "KeyRingList",
+    "Protection",
     "Purpose",
     "SignPayload",
     "SignedData",
@@ -71,6 +73,7 @@
 from stackit.kms.exceptions import OpenApiException as OpenApiException
 
 # import models into sdk package
+from stackit.kms.models.access_scope import AccessScope as AccessScope
 from stackit.kms.models.algorithm import Algorithm as Algorithm
 from stackit.kms.models.backend import Backend as Backend
 from stackit.kms.models.create_key_payload import CreateKeyPayload as CreateKeyPayload
@@ -90,6 +93,7 @@
 from stackit.kms.models.key_list import KeyList as KeyList
 from stackit.kms.models.key_ring import KeyRing as KeyRing
 from stackit.kms.models.key_ring_list import KeyRingList as KeyRingList
+from stackit.kms.models.protection import Protection as Protection
 from stackit.kms.models.purpose import Purpose as Purpose
 from stackit.kms.models.sign_payload import SignPayload as SignPayload
 from stackit.kms.models.signed_data import SignedData as SignedData

@@ -14,6 +14,7 @@
 
 
 # import models into model package
+from stackit.kms.models.access_scope import AccessScope
 from stackit.kms.models.algorithm import Algorithm
 from stackit.kms.models.backend import Backend
 from stackit.kms.models.create_key_payload import CreateKeyPayload
@@ -29,6 +30,7 @@
 from stackit.kms.models.key_list import KeyList
 from stackit.kms.models.key_ring import KeyRing
 from stackit.kms.models.key_ring_list import KeyRingList
+from stackit.kms.models.protection import Protection
 from stackit.kms.models.purpose import Purpose
 from stackit.kms.models.sign_payload import SignPayload
 from stackit.kms.models.signed_data import SignedData

@@ -0,0 +1,36 @@
+# coding: utf-8
+
+"""
+    STACKIT Key Management Service API
+
+    This API provides endpoints for managing keys and key rings. 
+
+    The version of the OpenAPI document: 1beta.0.0
+    Generated by OpenAPI Generator (https://openapi-generator.tech)
+
+    Do not edit the class manually.
+"""  # noqa: E501
+
+from __future__ import annotations
+
+import json
+from enum import Enum
+
+from typing_extensions import Self
+
+
+class AccessScope(str, Enum):
+    """
+    The access scope of the key.
+    """
+
+    """
+    allowed enum values
+    """
+    PUBLIC = "PUBLIC"
+    SNA = "SNA"
+
+    @classmethod
+    def from_json(cls, json_str: str) -> Self:
+        """Create an instance of AccessScope from a JSON string"""
+        return cls(json.loads(json_str))
@@ -21,7 +21,7 @@
 
 class Backend(str, Enum):
     """
-    The backend that is responsible for maintaining this key.
+    The backend that is responsible for maintaining this key. Deprecated - use `protection`.
     """
 
     """

@@ -20,8 +20,10 @@
 from pydantic import BaseModel, ConfigDict, Field, StrictBool, StrictStr
 from typing_extensions import Annotated, Self
 
+from stackit.kms.models.access_scope import AccessScope
 from stackit.kms.models.algorithm import Algorithm
 from stackit.kms.models.backend import Backend
+from stackit.kms.models.protection import Protection
 from stackit.kms.models.purpose import Purpose
 
 
@@ -30,6 +32,7 @@ class CreateKeyPayload(BaseModel):
     CreateKeyPayload
     """  # noqa: E501
 
+    access_scope: Optional[AccessScope] = AccessScope.PUBLIC
     algorithm: Algorithm
     backend: Backend
     description: Optional[StrictStr] = Field(
@@ -41,8 +44,18 @@ class CreateKeyPayload(BaseModel):
     import_only: Optional[StrictBool] = Field(
         default=False, description="States whether versions can be created or only imported.", alias="importOnly"
     )
+    protection: Optional[Protection] = None
     purpose: Purpose
-    __properties: ClassVar[List[str]] = ["algorithm", "backend", "description", "displayName", "importOnly", "purpose"]
+    __properties: ClassVar[List[str]] = [
+        "access_scope",
+        "algorithm",
+        "backend",
+        "description",
+        "displayName",
+        "importOnly",
+        "protection",
+        "purpose",
+    ]
 
     model_config = ConfigDict(
         populate_by_name=True,
@@ -94,11 +107,13 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]:
 
         _obj = cls.model_validate(
             {
+                "access_scope": obj.get("access_scope") if obj.get("access_scope") is not None else AccessScope.PUBLIC,
                 "algorithm": obj.get("algorithm"),
                 "backend": obj.get("backend"),
                 "description": obj.get("description"),
                 "displayName": obj.get("displayName"),
                 "importOnly": obj.get("importOnly") if obj.get("importOnly") is not None else False,
+                "protection": obj.get("protection"),
                 "purpose": obj.get("purpose"),
             }
         )

@@ -20,7 +20,9 @@
 from pydantic import BaseModel, ConfigDict, Field, StrictStr
 from typing_extensions import Annotated, Self
 
+from stackit.kms.models.access_scope import AccessScope
 from stackit.kms.models.backend import Backend
+from stackit.kms.models.protection import Protection
 from stackit.kms.models.wrapping_algorithm import WrappingAlgorithm
 from stackit.kms.models.wrapping_purpose import WrappingPurpose
 
@@ -30,6 +32,7 @@ class CreateWrappingKeyPayload(BaseModel):
     CreateWrappingKeyPayload
     """  # noqa: E501
 
+    access_scope: Optional[AccessScope] = AccessScope.PUBLIC
     algorithm: WrappingAlgorithm
     backend: Backend
     description: Optional[StrictStr] = Field(
@@ -38,8 +41,17 @@ class CreateWrappingKeyPayload(BaseModel):
     display_name: Annotated[str, Field(strict=True, max_length=64)] = Field(
         description="The display name to distinguish multiple wrapping keys.", alias="displayName"
     )
+    protection: Optional[Protection] = None
     purpose: WrappingPurpose
-    __properties: ClassVar[List[str]] = ["algorithm", "backend", "description", "displayName", "purpose"]
+    __properties: ClassVar[List[str]] = [
+        "access_scope",
+        "algorithm",
+        "backend",
+        "description",
+        "displayName",
+        "protection",
+        "purpose",
+    ]
 
     model_config = ConfigDict(
         populate_by_name=True,
@@ -91,10 +103,12 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]:
 
         _obj = cls.model_validate(
             {
+                "access_scope": obj.get("access_scope") if obj.get("access_scope") is not None else AccessScope.PUBLIC,
                 "algorithm": obj.get("algorithm"),
                 "backend": obj.get("backend"),
                 "description": obj.get("description"),
                 "displayName": obj.get("displayName"),
+                "protection": obj.get("protection"),
                 "purpose": obj.get("purpose"),
             }
         )

@@ -28,8 +28,10 @@
 )
 from typing_extensions import Annotated, Self
 
+from stackit.kms.models.access_scope import AccessScope
 from stackit.kms.models.algorithm import Algorithm
 from stackit.kms.models.backend import Backend
+from stackit.kms.models.protection import Protection
 from stackit.kms.models.purpose import Purpose
 
 
@@ -38,6 +40,7 @@ class Key(BaseModel):
     Key
     """  # noqa: E501
 
+    access_scope: AccessScope
     algorithm: Algorithm
     backend: Backend
     created_at: datetime = Field(
@@ -61,9 +64,11 @@ class Key(BaseModel):
     key_ring_id: StrictStr = Field(
         description="The unique id of the key ring this key is assigned to.", alias="keyRingId"
     )
+    protection: Optional[Protection] = None
     purpose: Purpose
     state: StrictStr = Field(description="The current state of the key.")
     __properties: ClassVar[List[str]] = [
+        "access_scope",
         "algorithm",
         "backend",
         "createdAt",
@@ -73,6 +78,7 @@ class Key(BaseModel):
         "id",
         "importOnly",
         "keyRingId",
+        "protection",
         "purpose",
         "state",
     ]
@@ -136,6 +142,7 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]:
 
         _obj = cls.model_validate(
             {
+                "access_scope": obj.get("access_scope") if obj.get("access_scope") is not None else AccessScope.PUBLIC,
                 "algorithm": obj.get("algorithm"),
                 "backend": obj.get("backend"),
                 "createdAt": obj.get("createdAt"),
@@ -145,6 +152,7 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]:
                 "id": obj.get("id"),
                 "importOnly": obj.get("importOnly") if obj.get("importOnly") is not None else False,
                 "keyRingId": obj.get("keyRingId"),
+                "protection": obj.get("protection"),
                 "purpose": obj.get("purpose"),
                 "state": obj.get("state"),
             }

@@ -0,0 +1,35 @@
+# coding: utf-8
+
+"""
+    STACKIT Key Management Service API
+
+    This API provides endpoints for managing keys and key rings. 
+
+    The version of the OpenAPI document: 1beta.0.0
+    Generated by OpenAPI Generator (https://openapi-generator.tech)
+
+    Do not edit the class manually.
+"""  # noqa: E501
+
+from __future__ import annotations
+
+import json
+from enum import Enum
+
+from typing_extensions import Self
+
+
+class Protection(str, Enum):
+    """
+    The underlying system that is responsible for protecting the key material. Overrides the deprecated 'backend' field.
+    """
+
+    """
+    allowed enum values
+    """
+    SOFTWARE = "software"
+
+    @classmethod
+    def from_json(cls, json_str: str) -> Self:
+        """Create an instance of Protection from a JSON string"""
+        return cls(json.loads(json_str))
@@ -21,7 +21,9 @@
 from pydantic import BaseModel, ConfigDict, Field, StrictStr, field_validator
 from typing_extensions import Annotated, Self
 
+from stackit.kms.models.access_scope import AccessScope
 from stackit.kms.models.backend import Backend
+from stackit.kms.models.protection import Protection
 from stackit.kms.models.wrapping_algorithm import WrappingAlgorithm
 from stackit.kms.models.wrapping_purpose import WrappingPurpose
 
@@ -31,6 +33,7 @@ class WrappingKey(BaseModel):
     WrappingKey
     """  # noqa: E501
 
+    access_scope: AccessScope
     algorithm: WrappingAlgorithm
     backend: Backend
     created_at: datetime = Field(
@@ -47,12 +50,14 @@ class WrappingKey(BaseModel):
     key_ring_id: StrictStr = Field(
         description="The unique id of the key ring this wrapping key is assigned to.", alias="keyRingId"
     )
+    protection: Optional[Protection] = None
     public_key: Optional[StrictStr] = Field(
         default=None, description="The public key of the wrapping key.", alias="publicKey"
     )
     purpose: WrappingPurpose
     state: StrictStr = Field(description="The current state of the wrapping key.")
     __properties: ClassVar[List[str]] = [
+        "access_scope",
         "algorithm",
         "backend",
         "createdAt",
@@ -61,6 +66,7 @@ class WrappingKey(BaseModel):
         "expiresAt",
         "id",
         "keyRingId",
+        "protection",
         "publicKey",
         "purpose",
         "state",
@@ -125,6 +131,7 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]:
 
         _obj = cls.model_validate(
             {
+                "access_scope": obj.get("access_scope") if obj.get("access_scope") is not None else AccessScope.PUBLIC,
                 "algorithm": obj.get("algorithm"),
                 "backend": obj.get("backend"),
                 "createdAt": obj.get("createdAt"),
@@ -133,6 +140,7 @@ def from_dict(cls, obj: Optional[Dict[str, Any]]) -> Optional[Self]:
                 "expiresAt": obj.get("expiresAt"),
                 "id": obj.get("id"),
                 "keyRingId": obj.get("keyRingId"),
+                "protection": obj.get("protection"),
                 "publicKey": obj.get("publicKey"),
                 "purpose": obj.get("purpose"),
                 "state": obj.get("state"),
-Original file line number
+Diff line change
@@ Expand Up / @@ -21,7 +21,7 @@ @@
     class Backend(str, Enum):
         """
-        The backend that is responsible for maintaining this key.
+        The backend that is responsible for maintaining this key. Deprecated - use `protection`.
         """
         """
@@ Expand Down @@