pulumi-gcp-kotlin/com.pulumi.gcp.compute.kotlin.inputs/ImageSourceSnapshotEncryptionKeyArgs

ImageSourceSnapshotEncryptionKeyArgs

data class ImageSourceSnapshotEncryptionKeyArgs(val kmsKeySelfLink: Output<String>? = null, val kmsKeyServiceAccount: Output<String>? = null, val rawKey: Output<String>? = null, val rsaEncryptedKey: Output<String>? = null) : ConvertibleToJava<ImageSourceSnapshotEncryptionKeyArgs>

Constructors

constructor(kmsKeySelfLink: Output<String>? = null, kmsKeyServiceAccount: Output<String>? = null, rawKey: Output<String>? = null, rsaEncryptedKey: Output<String>? = null)

Properties

kmsKeySelfLink

val kmsKeySelfLink: Output<String>? = null

The self link of the encryption key used to decrypt this resource. Also called KmsKeyName in the cloud console. Your project's Compute Engine System service account (service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com) must have roles/cloudkms.cryptoKeyEncrypterDecrypter to use this feature. See https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys

kmsKeyServiceAccount

val kmsKeyServiceAccount: Output<String>? = null

The service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used.

rawKey

val rawKey: Output<String>? = null

Specifies a 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to either encrypt or decrypt this resource. Note: This property is sensitive and will not be displayed in the plan.

rsaEncryptedKey

val rsaEncryptedKey: Output<String>? = null

Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit customer-supplied encryption key to either encrypt or decrypt this resource. You can provide either the rawKey or the rsaEncryptedKey. Note: This property is sensitive and will not be displayed in the plan.

Functions

toJava

open override fun toJava(): ImageSourceSnapshotEncryptionKeyArgs