pulumi-gcp-kotlin/com.pulumi.gcp.compute.kotlin.inputs/DiskSourceImageEncryptionKeyArgs

DiskSourceImageEncryptionKeyArgs

data class DiskSourceImageEncryptionKeyArgs(val kmsKeySelfLink: Output<String>? = null, val kmsKeyServiceAccount: Output<String>? = null, val rawKey: Output<String>? = null, val sha256: Output<String>? = null) : ConvertibleToJava<DiskSourceImageEncryptionKeyArgs>

Constructors

constructor(kmsKeySelfLink: Output<String>? = null, kmsKeyServiceAccount: Output<String>? = null, rawKey: Output<String>? = null, sha256: Output<String>? = null)

Properties

kmsKeySelfLink

val kmsKeySelfLink: Output<String>? = null

The self link of the encryption key used to encrypt the disk. Also called KmsKeyName in the cloud console. Your project's Compute Engine System service account (service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com) must have roles/cloudkms.cryptoKeyEncrypterDecrypter to use this feature. See https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys

kmsKeyServiceAccount

val kmsKeyServiceAccount: Output<String>? = null

The service account used for the encryption request for the given KMS key. If absent, the Compute Engine Service Agent service account is used.

rawKey

val rawKey: Output<String>? = null

Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource.

sha256

val sha256: Output<String>? = null

(Output) The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.

Functions

toJava

open override fun toJava(): DiskSourceImageEncryptionKeyArgs