pulumi-gcp-kotlin/com.pulumi.gcp.kms.kotlin/CryptoKeyArgs

CryptoKeyArgs

data class CryptoKeyArgs(val destroyScheduledDuration: Output<String>? = null, val importOnly: Output<Boolean>? = null, val keyRing: Output<String>? = null, val labels: Output<Map<String, String>>? = null, val name: Output<String>? = null, val purpose: Output<String>? = null, val rotationPeriod: Output<String>? = null, val skipInitialVersionCreation: Output<Boolean>? = null, val versionTemplate: Output<CryptoKeyVersionTemplateArgs>? = null) : ConvertibleToJava<CryptoKeyArgs>

A CryptoKey represents a logical key that can be used for cryptographic operations.

Note: CryptoKeys cannot be deleted from Google Cloud Platform. Destroying a provider-managed CryptoKey will remove it from state and delete all CryptoKeyVersions, rendering the key unusable, but will not delete the resource from the project. When the provider destroys these keys, any data previously encrypted with these keys will be irrecoverable. For this reason, it is strongly recommended that you add lifecycle hooks to the resource to prevent accidental destruction. To get more information about CryptoKey, see:

Example Usage

Kms Crypto Key Basic

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.kms.KeyRing;
import com.pulumi.gcp.kms.KeyRingArgs;
import com.pulumi.gcp.kms.CryptoKey;
import com.pulumi.gcp.kms.CryptoKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var keyring = new KeyRing("keyring", KeyRingArgs.builder()
            .location("global")
            .build());
        var example_key = new CryptoKey("example-key", CryptoKeyArgs.builder()
            .keyRing(keyring.id())
            .rotationPeriod("100000s")
            .build());
    }
}
Content copied to clipboard

Kms Crypto Key Asymmetric Sign

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.kms.KeyRing;
import com.pulumi.gcp.kms.KeyRingArgs;
import com.pulumi.gcp.kms.CryptoKey;
import com.pulumi.gcp.kms.CryptoKeyArgs;
import com.pulumi.gcp.kms.inputs.CryptoKeyVersionTemplateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var keyring = new KeyRing("keyring", KeyRingArgs.builder()
            .location("global")
            .build());
        var example_asymmetric_sign_key = new CryptoKey("example-asymmetric-sign-key", CryptoKeyArgs.builder()
            .keyRing(keyring.id())
            .purpose("ASYMMETRIC_SIGN")
            .versionTemplate(CryptoKeyVersionTemplateArgs.builder()
                .algorithm("EC_SIGN_P384_SHA384")
                .build())
            .build());
    }
}
Content copied to clipboard

Import

CryptoKey can be imported using any of these accepted formats

$ pulumi import gcp:kms/cryptoKey:CryptoKey default {{key_ring}}/cryptoKeys/{{name}}
Content copied to clipboard
$ pulumi import gcp:kms/cryptoKey:CryptoKey default {{key_ring}}/{{name}}
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(destroyScheduledDuration: Output<String>? = null, importOnly: Output<Boolean>? = null, keyRing: Output<String>? = null, labels: Output<Map<String, String>>? = null, name: Output<String>? = null, purpose: Output<String>? = null, rotationPeriod: Output<String>? = null, skipInitialVersionCreation: Output<Boolean>? = null, versionTemplate: Output<CryptoKeyVersionTemplateArgs>? = null)

Properties

Link copied to clipboard
val destroyScheduledDuration: Output<String>? = null

The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.

Link copied to clipboard
val importOnly: Output<Boolean>? = null

Whether this key may contain imported versions only.

Link copied to clipboard
val keyRing: Output<String>? = null

The KeyRing that this key belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.

Link copied to clipboard
val labels: Output<Map<String, String>>? = null

Labels with user-defined metadata to apply to this resource.

Link copied to clipboard
val name: Output<String>? = null

The resource name for the CryptoKey.

Link copied to clipboard
val purpose: Output<String>? = null

The immutable purpose of this CryptoKey. See the purpose reference for possible inputs. Default value is "ENCRYPT_DECRYPT".

Link copied to clipboard
val rotationPeriod: Output<String>? = null

Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds). It must be greater than a day (ie, 86400).

Link copied to clipboard
val skipInitialVersionCreation: Output<Boolean>? = null

If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must use the gcp.kms.KeyRingImportJob resource to import the CryptoKeyVersion.

Link copied to clipboard
val versionTemplate: Output<CryptoKeyVersionTemplateArgs>? = null

A template describing settings for new crypto key versions. Structure is documented below.

Functions

Link copied to clipboard
open override fun toJava(): CryptoKeyArgs