Kmsconfig
data class KmsconfigArgs(val cryptoKeyName: Output<String>? = null, val description: Output<String>? = null, val labels: Output<Map<String, String>>? = null, val location: Output<String>? = null, val name: Output<String>? = null, val project: Output<String>? = null) : ConvertibleToJava<KmsconfigArgs>
NetApp Volumes always encrypts your data at rest using volume-specific keys. A CMEK policy (customer-managed encryption key) warps such volume-specific keys in a key stored in Cloud Key Management Service (KMS). To get more information about kmsconfig, see:
How-to Guides
Example Usage
Kms Config Create
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const keyring = new gcp.kms.KeyRing("keyring", {
name: "key-ring",
location: "us-central1",
});
const cryptoKey = new gcp.kms.CryptoKey("crypto_key", {
name: "crypto-name",
keyRing: keyring.id,
});
const kmsConfig = new gcp.netapp.Kmsconfig("kmsConfig", {
name: "kms-test",
description: "this is a test description",
cryptoKeyName: cryptoKey.id,
location: "us-central1",
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
keyring = gcp.kms.KeyRing("keyring",
name="key-ring",
location="us-central1")
crypto_key = gcp.kms.CryptoKey("crypto_key",
name="crypto-name",
key_ring=keyring.id)
kms_config = gcp.netapp.Kmsconfig("kmsConfig",
name="kms-test",
description="this is a test description",
crypto_key_name=crypto_key.id,
location="us-central1")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var keyring = new Gcp.Kms.KeyRing("keyring", new()
{
Name = "key-ring",
Location = "us-central1",
});
var cryptoKey = new Gcp.Kms.CryptoKey("crypto_key", new()
{
Name = "crypto-name",
KeyRing = keyring.Id,
});
var kmsConfig = new Gcp.Netapp.Kmsconfig("kmsConfig", new()
{
Name = "kms-test",
Description = "this is a test description",
CryptoKeyName = cryptoKey.Id,
Location = "us-central1",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/netapp"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{
Name: pulumi.String("key-ring"),
Location: pulumi.String("us-central1"),
})
if err != nil {
return err
}
cryptoKey, err := kms.NewCryptoKey(ctx, "crypto_key", &kms.CryptoKeyArgs{
Name: pulumi.String("crypto-name"),
KeyRing: keyring.ID(),
})
if err != nil {
return err
}
_, err = netapp.NewKmsconfig(ctx, "kmsConfig", &netapp.KmsconfigArgs{
Name: pulumi.String("kms-test"),
Description: pulumi.String("this is a test description"),
CryptoKeyName: cryptoKey.ID(),
Location: pulumi.String("us-central1"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.kms.KeyRing;
import com.pulumi.gcp.kms.KeyRingArgs;
import com.pulumi.gcp.kms.CryptoKey;
import com.pulumi.gcp.kms.CryptoKeyArgs;
import com.pulumi.gcp.netapp.Kmsconfig;
import com.pulumi.gcp.netapp.KmsconfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var keyring = new KeyRing("keyring", KeyRingArgs.builder()
.name("key-ring")
.location("us-central1")
.build());
var cryptoKey = new CryptoKey("cryptoKey", CryptoKeyArgs.builder()
.name("crypto-name")
.keyRing(keyring.id())
.build());
var kmsConfig = new Kmsconfig("kmsConfig", KmsconfigArgs.builder()
.name("kms-test")
.description("this is a test description")
.cryptoKeyName(cryptoKey.id())
.location("us-central1")
.build());
}
}Content copied to clipboard
resources:
keyring:
type: gcp:kms:KeyRing
properties:
name: key-ring
location: us-central1
cryptoKey:
type: gcp:kms:CryptoKey
name: crypto_key
properties:
name: crypto-name
keyRing: ${keyring.id}
kmsConfig:
type: gcp:netapp:Kmsconfig
properties:
name: kms-test
description: this is a test description
cryptoKeyName: ${cryptoKey.id}
location: us-central1Content copied to clipboard
Import
kmsconfig can be imported using any of these accepted formats:
projects/{{project}}/locations/{{location}}/kmsConfigs/{{name}}{{project}}/{{location}}/{{name}}{{location}}/{{name}}When using thepulumi importcommand, kmsconfig can be imported using one of the formats above. For example:
$ pulumi import gcp:netapp/kmsconfig:Kmsconfig default projects/{{project}}/locations/{{location}}/kmsConfigs/{{name}}Content copied to clipboard
$ pulumi import gcp:netapp/kmsconfig:Kmsconfig default {{project}}/{{location}}/{{name}}Content copied to clipboard
$ pulumi import gcp:netapp/kmsconfig:Kmsconfig default {{location}}/{{name}}Content copied to clipboard
Constructors
Properties
Link copied to clipboard
Resource name of the KMS key to use. Only regional keys are supported. Format: projects/{{project}}/locations/{{location}}/keyRings/{{key_ring}}/cryptoKeys/{{key}}.
Link copied to clipboard
Description for the CMEK policy.
Link copied to clipboard
Labels as key value pairs. Example: { "owner": "Bob", "department": "finance", "purpose": "testing" }. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.