Key
Provides a KMS Key resource. For information about KMS Key and how to use it, see What is Key.
NOTE: Available since v1.85.0.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
const _default = new alicloud.kms.Key("default", {
description: "Hello KMS",
status: "Enabled",
pendingWindowInDays: 7,
});import pulumi
import pulumi_alicloud as alicloud
default = alicloud.kms.Key("default",
description="Hello KMS",
status="Enabled",
pending_window_in_days=7)using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
return await Deployment.RunAsync(() =>
{
var @default = new AliCloud.Kms.Key("default", new()
{
Description = "Hello KMS",
Status = "Enabled",
PendingWindowInDays = 7,
});
});package main
import (
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := kms.NewKey(ctx, "default", &kms.KeyArgs{
Description: pulumi.String("Hello KMS"),
Status: pulumi.String("Enabled"),
PendingWindowInDays: pulumi.Int(7),
})
if err != nil {
return err
}
return nil
})
}package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.kms.Key;
import com.pulumi.alicloud.kms.KeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Key("default", KeyArgs.builder()
.description("Hello KMS")
.status("Enabled")
.pendingWindowInDays(7)
.build());
}
}resources:
default:
type: alicloud:kms:Key
properties:
description: Hello KMS
status: Enabled
pendingWindowInDays: '7'Import
KMS Key can be imported using the id, e.g.
$ pulumi import alicloud:kms/key:Key example <id>Properties
Specifies whether to enable automatic key rotation. Default value: Disabled. Valid values: Enabled, Disabled.
The time when the CMK was created.
The time at which the CMK is scheduled for deletion.
Specifies whether to enable deletion protection. Default value: Disabled. Valid values: Enabled, Disabled.
The description of deletion protection. NOTE: deletion_protection_description takes effect only if deletion_protection is set to Enabled.
Field deletion_window_in_days has been deprecated from provider version 1.85.0. New field pending_window_in_days instead.
The description of the key.
The ID of the KMS instance.
The time when the last rotation was performed.
The time when the key material expires.
The time when the next rotation will be performed.
The number of days before the CMK is deleted. During this period, the CMK is in the PendingDeletion state. After this period ends, you cannot cancel the deletion. Unit: days. Valid values: 7 to 366. NOTE: From version 1.184.0, pending_window_in_days can be set to 366.
The content of the key policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
The ID of the current primary key version of the symmetric CMK.
The protection level of the key. Default value: SOFTWARE. Valid values: SOFTWARE, HSM.
The period of automatic key rotation. The following units are supported: d (day), h (hour), m (minute), and s (second). For example, you can use either 7d or 604800s to specify a seven-day interval. NOTE: If automatic_rotation is set to Enabled, rotation_interval is required.