Key
data class KeyHandleArgs(val location: Output<String>? = null, val name: Output<String>? = null, val project: Output<String>? = null, val resourceTypeSelector: Output<String>? = null) : ConvertibleToJava<KeyHandleArgs>
Example Usage
Kms Key Handle Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as time from "@pulumi/time";
// Create Folder in GCP Organization
const autokmsFolder = new gcp.organizations.Folder("autokms_folder", {
displayName: "my-folder",
parent: "organizations/123456789",
deletionProtection: false,
});
// Create the key project
const keyProject = new gcp.organizations.Project("key_project", {
projectId: "key-proj",
name: "key-proj",
folderId: autokmsFolder.folderId,
billingAccount: "000000-0000000-0000000-000000",
deletionPolicy: "DELETE",
}, {
dependsOn: [autokmsFolder],
});
// Create the resource project
const resourceProject = new gcp.organizations.Project("resource_project", {
projectId: "res-proj",
name: "res-proj",
folderId: autokmsFolder.folderId,
billingAccount: "000000-0000000-0000000-000000",
deletionPolicy: "DELETE",
}, {
dependsOn: [autokmsFolder],
});
// Enable the Cloud KMS API
const kmsApiService = new gcp.projects.Service("kms_api_service", {
service: "cloudkms.googleapis.com",
project: keyProject.projectId,
disableOnDestroy: false,
disableDependentServices: true,
}, {
dependsOn: [keyProject],
});
// Wait delay after enabling APIs
const waitEnableServiceApi = new time.index.Sleep("wait_enable_service_api", {createDuration: "30s"}, {
dependsOn: [kmsApiService],
});
//Create KMS Service Agent
const kmsServiceAgent = new gcp.projects.ServiceIdentity("kms_service_agent", {
service: "cloudkms.googleapis.com",
project: keyProject.number,
}, {
dependsOn: [waitEnableServiceApi],
});
// Wait delay after creating service agent.
const waitServiceAgent = new time.index.Sleep("wait_service_agent", {createDuration: "10s"}, {
dependsOn: [kmsServiceAgent],
});
//Grant the KMS Service Agent the Cloud KMS Admin role
const autokeyProjectAdmin = new gcp.projects.IAMMember("autokey_project_admin", {
project: keyProject.projectId,
role: "roles/cloudkms.admin",
member: pulumi.interpolate`serviceAccount:service-${keyProject.number}@gcp-sa-cloudkms.iam.gserviceaccount.com`,
}, {
dependsOn: [waitServiceAgent],
});
// Wait delay after granting IAM permissions
const waitSrvAccPermissions = new time.index.Sleep("wait_srv_acc_permissions", {createDuration: "10s"}, {
dependsOn: [autokeyProjectAdmin],
});
const autokeyConfig = new gcp.kms.AutokeyConfig("autokey_config", {
folder: autokmsFolder.folderId,
keyProject: pulumi.interpolate`projects/${keyProject.projectId}`,
}, {
dependsOn: [waitSrvAccPermissions],
});
// Wait delay for autokey config to take effect
const waitAutokeyConfig = new time.index.Sleep("wait_autokey_config", {createDuration: "10s"}, {
dependsOn: [autokeyConfig],
});
const example_keyhandle = new gcp.kms.KeyHandle("example-keyhandle", {
project: resourceProject.projectId,
name: "tf-test-key-handle",
location: "global",
resourceTypeSelector: "storage.googleapis.com/Bucket",
}, {
dependsOn: [waitAutokeyConfig],
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
import pulumi_time as time
# Create Folder in GCP Organization
autokms_folder = gcp.organizations.Folder("autokms_folder",
display_name="my-folder",
parent="organizations/123456789",
deletion_protection=False)
# Create the key project
key_project = gcp.organizations.Project("key_project",
project_id="key-proj",
name="key-proj",
folder_id=autokms_folder.folder_id,
billing_account="000000-0000000-0000000-000000",
deletion_policy="DELETE",
opts = pulumi.ResourceOptions(depends_on=[autokms_folder]))
# Create the resource project
resource_project = gcp.organizations.Project("resource_project",
project_id="res-proj",
name="res-proj",
folder_id=autokms_folder.folder_id,
billing_account="000000-0000000-0000000-000000",
deletion_policy="DELETE",
opts = pulumi.ResourceOptions(depends_on=[autokms_folder]))
# Enable the Cloud KMS API
kms_api_service = gcp.projects.Service("kms_api_service",
service="cloudkms.googleapis.com",
project=key_project.project_id,
disable_on_destroy=False,
disable_dependent_services=True,
opts = pulumi.ResourceOptions(depends_on=[key_project]))
# Wait delay after enabling APIs
wait_enable_service_api = time.index.Sleep("wait_enable_service_api", create_duration=30s,
opts = pulumi.ResourceOptions(depends_on=[kms_api_service]))
#Create KMS Service Agent
kms_service_agent = gcp.projects.ServiceIdentity("kms_service_agent",
service="cloudkms.googleapis.com",
project=key_project.number,
opts = pulumi.ResourceOptions(depends_on=[wait_enable_service_api]))
# Wait delay after creating service agent.
wait_service_agent = time.index.Sleep("wait_service_agent", create_duration=10s,
opts = pulumi.ResourceOptions(depends_on=[kms_service_agent]))
#Grant the KMS Service Agent the Cloud KMS Admin role
autokey_project_admin = gcp.projects.IAMMember("autokey_project_admin",
project=key_project.project_id,
role="roles/cloudkms.admin",
member=key_project.number.apply(lambda number: f"serviceAccount:service-{number}@gcp-sa-cloudkms.iam.gserviceaccount.com"),
opts = pulumi.ResourceOptions(depends_on=[wait_service_agent]))
# Wait delay after granting IAM permissions
wait_srv_acc_permissions = time.index.Sleep("wait_srv_acc_permissions", create_duration=10s,
opts = pulumi.ResourceOptions(depends_on=[autokey_project_admin]))
autokey_config = gcp.kms.AutokeyConfig("autokey_config",
folder=autokms_folder.folder_id,
key_project=key_project.project_id.apply(lambda project_id: f"projects/{project_id}"),
opts = pulumi.ResourceOptions(depends_on=[wait_srv_acc_permissions]))
# Wait delay for autokey config to take effect
wait_autokey_config = time.index.Sleep("wait_autokey_config", create_duration=10s,
opts = pulumi.ResourceOptions(depends_on=[autokey_config]))
example_keyhandle = gcp.kms.KeyHandle("example-keyhandle",
project=resource_project.project_id,
name="tf-test-key-handle",
location="global",
resource_type_selector="storage.googleapis.com/Bucket",
opts = pulumi.ResourceOptions(depends_on=[wait_autokey_config]))Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Time = Pulumi.Time;
return await Deployment.RunAsync(() =>
{
// Create Folder in GCP Organization
var autokmsFolder = new Gcp.Organizations.Folder("autokms_folder", new()
{
DisplayName = "my-folder",
Parent = "organizations/123456789",
DeletionProtection = false,
});
// Create the key project
var keyProject = new Gcp.Organizations.Project("key_project", new()
{
ProjectId = "key-proj",
Name = "key-proj",
FolderId = autokmsFolder.FolderId,
BillingAccount = "000000-0000000-0000000-000000",
DeletionPolicy = "DELETE",
}, new CustomResourceOptions
{
DependsOn =
{
autokmsFolder,
},
});
// Create the resource project
var resourceProject = new Gcp.Organizations.Project("resource_project", new()
{
ProjectId = "res-proj",
Name = "res-proj",
FolderId = autokmsFolder.FolderId,
BillingAccount = "000000-0000000-0000000-000000",
DeletionPolicy = "DELETE",
}, new CustomResourceOptions
{
DependsOn =
{
autokmsFolder,
},
});
// Enable the Cloud KMS API
var kmsApiService = new Gcp.Projects.Service("kms_api_service", new()
{
ServiceName = "cloudkms.googleapis.com",
Project = keyProject.ProjectId,
DisableOnDestroy = false,
DisableDependentServices = true,
}, new CustomResourceOptions
{
DependsOn =
{
keyProject,
},
});
// Wait delay after enabling APIs
var waitEnableServiceApi = new Time.Index.Sleep("wait_enable_service_api", new()
{
CreateDuration = "30s",
}, new CustomResourceOptions
{
DependsOn =
{
kmsApiService,
},
});
//Create KMS Service Agent
var kmsServiceAgent = new Gcp.Projects.ServiceIdentity("kms_service_agent", new()
{
Service = "cloudkms.googleapis.com",
Project = keyProject.Number,
}, new CustomResourceOptions
{
DependsOn =
{
waitEnableServiceApi,
},
});
// Wait delay after creating service agent.
var waitServiceAgent = new Time.Index.Sleep("wait_service_agent", new()
{
CreateDuration = "10s",
}, new CustomResourceOptions
{
DependsOn =
{
kmsServiceAgent,
},
});
//Grant the KMS Service Agent the Cloud KMS Admin role
var autokeyProjectAdmin = new Gcp.Projects.IAMMember("autokey_project_admin", new()
{
Project = keyProject.ProjectId,
Role = "roles/cloudkms.admin",
Member = keyProject.Number.Apply(number => $"serviceAccount:service-{number}@gcp-sa-cloudkms.iam.gserviceaccount.com"),
}, new CustomResourceOptions
{
DependsOn =
{
waitServiceAgent,
},
});
// Wait delay after granting IAM permissions
var waitSrvAccPermissions = new Time.Index.Sleep("wait_srv_acc_permissions", new()
{
CreateDuration = "10s",
}, new CustomResourceOptions
{
DependsOn =
{
autokeyProjectAdmin,
},
});
var autokeyConfig = new Gcp.Kms.AutokeyConfig("autokey_config", new()
{
Folder = autokmsFolder.FolderId,
KeyProject = keyProject.ProjectId.Apply(projectId => $"projects/{projectId}"),
}, new CustomResourceOptions
{
DependsOn =
{
waitSrvAccPermissions,
},
});
// Wait delay for autokey config to take effect
var waitAutokeyConfig = new Time.Index.Sleep("wait_autokey_config", new()
{
CreateDuration = "10s",
}, new CustomResourceOptions
{
DependsOn =
{
autokeyConfig,
},
});
var example_keyhandle = new Gcp.Kms.KeyHandle("example-keyhandle", new()
{
Project = resourceProject.ProjectId,
Name = "tf-test-key-handle",
Location = "global",
ResourceTypeSelector = "storage.googleapis.com/Bucket",
}, new CustomResourceOptions
{
DependsOn =
{
waitAutokeyConfig,
},
});
});Content copied to clipboard
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects"
"github.com/pulumi/pulumi-time/sdk/go/time"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Create Folder in GCP Organization
autokmsFolder, err := organizations.NewFolder(ctx, "autokms_folder", &organizations.FolderArgs{
DisplayName: pulumi.String("my-folder"),
Parent: pulumi.String("organizations/123456789"),
DeletionProtection: pulumi.Bool(false),
})
if err != nil {
return err
}
// Create the key project
keyProject, err := organizations.NewProject(ctx, "key_project", &organizations.ProjectArgs{
ProjectId: pulumi.String("key-proj"),
Name: pulumi.String("key-proj"),
FolderId: autokmsFolder.FolderId,
BillingAccount: pulumi.String("000000-0000000-0000000-000000"),
DeletionPolicy: pulumi.String("DELETE"),
}, pulumi.DependsOn([]pulumi.Resource{
autokmsFolder,
}))
if err != nil {
return err
}
// Create the resource project
resourceProject, err := organizations.NewProject(ctx, "resource_project", &organizations.ProjectArgs{
ProjectId: pulumi.String("res-proj"),
Name: pulumi.String("res-proj"),
FolderId: autokmsFolder.FolderId,
BillingAccount: pulumi.String("000000-0000000-0000000-000000"),
DeletionPolicy: pulumi.String("DELETE"),
}, pulumi.DependsOn([]pulumi.Resource{
autokmsFolder,
}))
if err != nil {
return err
}
// Enable the Cloud KMS API
kmsApiService, err := projects.NewService(ctx, "kms_api_service", &projects.ServiceArgs{
Service: pulumi.String("cloudkms.googleapis.com"),
Project: keyProject.ProjectId,
DisableOnDestroy: pulumi.Bool(false),
DisableDependentServices: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
keyProject,
}))
if err != nil {
return err
}
// Wait delay after enabling APIs
waitEnableServiceApi, err := time.NewSleep(ctx, "wait_enable_service_api", &time.SleepArgs{
CreateDuration: "30s",
}, pulumi.DependsOn([]pulumi.Resource{
kmsApiService,
}))
if err != nil {
return err
}
// Create KMS Service Agent
kmsServiceAgent, err := projects.NewServiceIdentity(ctx, "kms_service_agent", &projects.ServiceIdentityArgs{
Service: pulumi.String("cloudkms.googleapis.com"),
Project: keyProject.Number,
}, pulumi.DependsOn([]pulumi.Resource{
waitEnableServiceApi,
}))
if err != nil {
return err
}
// Wait delay after creating service agent.
waitServiceAgent, err := time.NewSleep(ctx, "wait_service_agent", &time.SleepArgs{
CreateDuration: "10s",
}, pulumi.DependsOn([]pulumi.Resource{
kmsServiceAgent,
}))
if err != nil {
return err
}
// Grant the KMS Service Agent the Cloud KMS Admin role
autokeyProjectAdmin, err := projects.NewIAMMember(ctx, "autokey_project_admin", &projects.IAMMemberArgs{
Project: keyProject.ProjectId,
Role: pulumi.String("roles/cloudkms.admin"),
Member: keyProject.Number.ApplyT(func(number string) (string, error) {
return fmt.Sprintf("serviceAccount:service-%v@gcp-sa-cloudkms.iam.gserviceaccount.com", number), nil
}).(pulumi.StringOutput),
}, pulumi.DependsOn([]pulumi.Resource{
waitServiceAgent,
}))
if err != nil {
return err
}
// Wait delay after granting IAM permissions
waitSrvAccPermissions, err := time.NewSleep(ctx, "wait_srv_acc_permissions", &time.SleepArgs{
CreateDuration: "10s",
}, pulumi.DependsOn([]pulumi.Resource{
autokeyProjectAdmin,
}))
if err != nil {
return err
}
autokeyConfig, err := kms.NewAutokeyConfig(ctx, "autokey_config", &kms.AutokeyConfigArgs{
Folder: autokmsFolder.FolderId,
KeyProject: keyProject.ProjectId.ApplyT(func(projectId string) (string, error) {
return fmt.Sprintf("projects/%v", projectId), nil
}).(pulumi.StringOutput),
}, pulumi.DependsOn([]pulumi.Resource{
waitSrvAccPermissions,
}))
if err != nil {
return err
}
// Wait delay for autokey config to take effect
waitAutokeyConfig, err := time.NewSleep(ctx, "wait_autokey_config", &time.SleepArgs{
CreateDuration: "10s",
}, pulumi.DependsOn([]pulumi.Resource{
autokeyConfig,
}))
if err != nil {
return err
}
_, err = kms.NewKeyHandle(ctx, "example-keyhandle", &kms.KeyHandleArgs{
Project: resourceProject.ProjectId,
Name: pulumi.String("tf-test-key-handle"),
Location: pulumi.String("global"),
ResourceTypeSelector: pulumi.String("storage.googleapis.com/Bucket"),
}, pulumi.DependsOn([]pulumi.Resource{
waitAutokeyConfig,
}))
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.Folder;
import com.pulumi.gcp.organizations.FolderArgs;
import com.pulumi.gcp.organizations.Project;
import com.pulumi.gcp.organizations.ProjectArgs;
import com.pulumi.gcp.projects.Service;
import com.pulumi.gcp.projects.ServiceArgs;
import com.pulumi.time.sleep;
import com.pulumi.time.sleepArgs;
import com.pulumi.gcp.projects.ServiceIdentity;
import com.pulumi.gcp.projects.ServiceIdentityArgs;
import com.pulumi.gcp.projects.IAMMember;
import com.pulumi.gcp.projects.IAMMemberArgs;
import com.pulumi.gcp.kms.AutokeyConfig;
import com.pulumi.gcp.kms.AutokeyConfigArgs;
import com.pulumi.gcp.kms.KeyHandle;
import com.pulumi.gcp.kms.KeyHandleArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Create Folder in GCP Organization
var autokmsFolder = new Folder("autokmsFolder", FolderArgs.builder()
.displayName("my-folder")
.parent("organizations/123456789")
.deletionProtection(false)
.build());
// Create the key project
var keyProject = new Project("keyProject", ProjectArgs.builder()
.projectId("key-proj")
.name("key-proj")
.folderId(autokmsFolder.folderId())
.billingAccount("000000-0000000-0000000-000000")
.deletionPolicy("DELETE")
.build(), CustomResourceOptions.builder()
.dependsOn(autokmsFolder)
.build());
// Create the resource project
var resourceProject = new Project("resourceProject", ProjectArgs.builder()
.projectId("res-proj")
.name("res-proj")
.folderId(autokmsFolder.folderId())
.billingAccount("000000-0000000-0000000-000000")
.deletionPolicy("DELETE")
.build(), CustomResourceOptions.builder()
.dependsOn(autokmsFolder)
.build());
// Enable the Cloud KMS API
var kmsApiService = new Service("kmsApiService", ServiceArgs.builder()
.service("cloudkms.googleapis.com")
.project(keyProject.projectId())
.disableOnDestroy(false)
.disableDependentServices(true)
.build(), CustomResourceOptions.builder()
.dependsOn(keyProject)
.build());
// Wait delay after enabling APIs
var waitEnableServiceApi = new Sleep("waitEnableServiceApi", SleepArgs.builder()
.createDuration("30s")
.build(), CustomResourceOptions.builder()
.dependsOn(List.of(kmsApiService))
.build());
//Create KMS Service Agent
var kmsServiceAgent = new ServiceIdentity("kmsServiceAgent", ServiceIdentityArgs.builder()
.service("cloudkms.googleapis.com")
.project(keyProject.number())
.build(), CustomResourceOptions.builder()
.dependsOn(waitEnableServiceApi)
.build());
// Wait delay after creating service agent.
var waitServiceAgent = new Sleep("waitServiceAgent", SleepArgs.builder()
.createDuration("10s")
.build(), CustomResourceOptions.builder()
.dependsOn(List.of(kmsServiceAgent))
.build());
//Grant the KMS Service Agent the Cloud KMS Admin role
var autokeyProjectAdmin = new IAMMember("autokeyProjectAdmin", IAMMemberArgs.builder()
.project(keyProject.projectId())
.role("roles/cloudkms.admin")
.member(keyProject.number().applyValue(_number -> String.format("serviceAccount:service-%s@gcp-sa-cloudkms.iam.gserviceaccount.com", _number)))
.build(), CustomResourceOptions.builder()
.dependsOn(waitServiceAgent)
.build());
// Wait delay after granting IAM permissions
var waitSrvAccPermissions = new Sleep("waitSrvAccPermissions", SleepArgs.builder()
.createDuration("10s")
.build(), CustomResourceOptions.builder()
.dependsOn(List.of(autokeyProjectAdmin))
.build());
var autokeyConfig = new AutokeyConfig("autokeyConfig", AutokeyConfigArgs.builder()
.folder(autokmsFolder.folderId())
.keyProject(keyProject.projectId().applyValue(_projectId -> String.format("projects/%s", _projectId)))
.build(), CustomResourceOptions.builder()
.dependsOn(waitSrvAccPermissions)
.build());
// Wait delay for autokey config to take effect
var waitAutokeyConfig = new Sleep("waitAutokeyConfig", SleepArgs.builder()
.createDuration("10s")
.build(), CustomResourceOptions.builder()
.dependsOn(List.of(autokeyConfig))
.build());
var example_keyhandle = new KeyHandle("example-keyhandle", KeyHandleArgs.builder()
.project(resourceProject.projectId())
.name("tf-test-key-handle")
.location("global")
.resourceTypeSelector("storage.googleapis.com/Bucket")
.build(), CustomResourceOptions.builder()
.dependsOn(waitAutokeyConfig)
.build());
}
}Content copied to clipboard
resources:
# Create Folder in GCP Organization
autokmsFolder:
type: gcp:organizations:Folder
name: autokms_folder
properties:
displayName: my-folder
parent: organizations/123456789
deletionProtection: false
# Create the key project
keyProject:
type: gcp:organizations:Project
name: key_project
properties:
projectId: key-proj
name: key-proj
folderId: ${autokmsFolder.folderId}
billingAccount: 000000-0000000-0000000-000000
deletionPolicy: DELETE
options:
dependsOn:
- ${autokmsFolder}
# Create the resource project
resourceProject:
type: gcp:organizations:Project
name: resource_project
properties:
projectId: res-proj
name: res-proj
folderId: ${autokmsFolder.folderId}
billingAccount: 000000-0000000-0000000-000000
deletionPolicy: DELETE
options:
dependsOn:
- ${autokmsFolder}
# Enable the Cloud KMS API
kmsApiService:
type: gcp:projects:Service
name: kms_api_service
properties:
service: cloudkms.googleapis.com
project: ${keyProject.projectId}
disableOnDestroy: false
disableDependentServices: true
options:
dependsOn:
- ${keyProject}
# Wait delay after enabling APIs
waitEnableServiceApi:
type: time:sleep
name: wait_enable_service_api
properties:
createDuration: 30s
options:
dependsOn:
- ${kmsApiService}
#Create KMS Service Agent
kmsServiceAgent:
type: gcp:projects:ServiceIdentity
name: kms_service_agent
properties:
service: cloudkms.googleapis.com
project: ${keyProject.number}
options:
dependsOn:
- ${waitEnableServiceApi}
# Wait delay after creating service agent.
waitServiceAgent:
type: time:sleep
name: wait_service_agent
properties:
createDuration: 10s
options:
dependsOn:
- ${kmsServiceAgent}
#Grant the KMS Service Agent the Cloud KMS Admin role
autokeyProjectAdmin:
type: gcp:projects:IAMMember
name: autokey_project_admin
properties:
project: ${keyProject.projectId}
role: roles/cloudkms.admin
member: serviceAccount:service-${keyProject.number}@gcp-sa-cloudkms.iam.gserviceaccount.com
options:
dependsOn:
- ${waitServiceAgent}
# Wait delay after granting IAM permissions
waitSrvAccPermissions:
type: time:sleep
name: wait_srv_acc_permissions
properties:
createDuration: 10s
options:
dependsOn:
- ${autokeyProjectAdmin}
autokeyConfig:
type: gcp:kms:AutokeyConfig
name: autokey_config
properties:
folder: ${autokmsFolder.folderId}
keyProject: projects/${keyProject.projectId}
options:
dependsOn:
- ${waitSrvAccPermissions}
# Wait delay for autokey config to take effect
waitAutokeyConfig:
type: time:sleep
name: wait_autokey_config
properties:
createDuration: 10s
options:
dependsOn:
- ${autokeyConfig}
example-keyhandle:
type: gcp:kms:KeyHandle
properties:
project: ${resourceProject.projectId}
name: tf-test-key-handle
location: global
resourceTypeSelector: storage.googleapis.com/Bucket
options:
dependsOn:
- ${waitAutokeyConfig}Content copied to clipboard
Import
KeyHandle can be imported using any of these accepted formats:
projects/{{project}}/locations/{{location}}/keyHandles/{{name}}{{project}}/{{location}}/{{name}}{{location}}/{{name}}When using thepulumi importcommand, KeyHandle can be imported using one of the formats above. For example:
$ pulumi import gcp:kms/keyHandle:KeyHandle default projects/{{project}}/locations/{{location}}/keyHandles/{{name}}Content copied to clipboard
$ pulumi import gcp:kms/keyHandle:KeyHandle default {{project}}/{{location}}/{{name}}Content copied to clipboard
$ pulumi import gcp:kms/keyHandle:KeyHandle default {{location}}/{{name}}Content copied to clipboard