Kmsconfig
NetApp Volumes always encrypts your data at rest using volume-specific keys. A CMEK policy (customer-managed encryption key) warps such volume-specific keys in a key stored in Cloud Key Management Service (KMS). To get more information about kmsconfig, see:
How-to Guides
Example Usage
Kms Config Create
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const kmsConfig = new gcp.netapp.Kmsconfig("kmsConfig", {
name: "kms-test",
description: "this is a test description",
cryptoKeyName: "crypto-name",
location: "us-central1",
});import pulumi
import pulumi_gcp as gcp
kms_config = gcp.netapp.Kmsconfig("kmsConfig",
name="kms-test",
description="this is a test description",
crypto_key_name="crypto-name",
location="us-central1")using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var kmsConfig = new Gcp.Netapp.Kmsconfig("kmsConfig", new()
{
Name = "kms-test",
Description = "this is a test description",
CryptoKeyName = "crypto-name",
Location = "us-central1",
});
});package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/netapp"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := netapp.NewKmsconfig(ctx, "kmsConfig", &netapp.KmsconfigArgs{
Name: pulumi.String("kms-test"),
Description: pulumi.String("this is a test description"),
CryptoKeyName: pulumi.String("crypto-name"),
Location: pulumi.String("us-central1"),
})
if err != nil {
return err
}
return nil
})
}package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.netapp.Kmsconfig;
import com.pulumi.gcp.netapp.KmsconfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var kmsConfig = new Kmsconfig("kmsConfig", KmsconfigArgs.builder()
.name("kms-test")
.description("this is a test description")
.cryptoKeyName("crypto-name")
.location("us-central1")
.build());
}
}resources:
kmsConfig:
type: gcp:netapp:Kmsconfig
properties:
name: kms-test
description: this is a test description
cryptoKeyName: crypto-name
location: us-central1Import
kmsconfig can be imported using any of these accepted formats:
projects/{{project}}/locations/{{location}}/kmsConfigs/{{name}}{{project}}/{{location}}/{{name}}{{location}}/{{name}}When using thepulumi importcommand, kmsconfig can be imported using one of the formats above. For example:
$ pulumi import gcp:netapp/kmsconfig:Kmsconfig default projects/{{project}}/locations/{{location}}/kmsConfigs/{{name}}$ pulumi import gcp:netapp/kmsconfig:Kmsconfig default {{project}}/{{location}}/{{name}}$ pulumi import gcp:netapp/kmsconfig:Kmsconfig default {{location}}/{{name}}Properties
Resource name of the KMS key to use. Only regional keys are supported. Format: projects/{{project}}/locations/{{location}}/keyRings/{{key_ring}}/cryptoKeys/{{key}}.
Description for the CMEK policy.
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
Access to the key needs to be granted. The instructions contain gcloud commands to run to grant access. To make the policy work, a CMEK policy check is required, which verifies key access.
Labels as key value pairs. Example: { "owner": "Bob", "department": "finance", "purpose": "testing" }. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.
The combination of labels configured directly on the resource and default labels configured on the provider.
The Service account which needs to have access to the provided KMS key.