Docs Home
Google Cloud v8.14.0 published on Wednesday, Jan 15, 2025 by Pulumi
gcp.kms.CryptoKeyVersion
Explore with Pulumi AI
A CryptoKeyVersion represents an individual cryptographic key, and the associated key material.
Destroying a cryptoKeyVersion will not delete the resource from the project.
To get more information about CryptoKeyVersion, see:
- API documentation
- How-to Guides
Example Usage
Kms Crypto Key Version Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const keyring = new gcp.kms.KeyRing("keyring", {
name: "keyring-example",
location: "global",
});
const cryptokey = new gcp.kms.CryptoKey("cryptokey", {
name: "crypto-key-example",
keyRing: keyring.id,
rotationPeriod: "7776000s",
});
const example_key = new gcp.kms.CryptoKeyVersion("example-key", {cryptoKey: cryptokey.id});
import pulumi
import pulumi_gcp as gcp
keyring = gcp.kms.KeyRing("keyring",
name="keyring-example",
location="global")
cryptokey = gcp.kms.CryptoKey("cryptokey",
name="crypto-key-example",
key_ring=keyring.id,
rotation_period="7776000s")
example_key = gcp.kms.CryptoKeyVersion("example-key", crypto_key=cryptokey.id)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{
Name: pulumi.String("keyring-example"),
Location: pulumi.String("global"),
})
if err != nil {
return err
}
cryptokey, err := kms.NewCryptoKey(ctx, "cryptokey", &kms.CryptoKeyArgs{
Name: pulumi.String("crypto-key-example"),
KeyRing: keyring.ID(),
RotationPeriod: pulumi.String("7776000s"),
})
if err != nil {
return err
}
_, err = kms.NewCryptoKeyVersion(ctx, "example-key", &kms.CryptoKeyVersionArgs{
CryptoKey: cryptokey.ID(),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var keyring = new Gcp.Kms.KeyRing("keyring", new()
{
Name = "keyring-example",
Location = "global",
});
var cryptokey = new Gcp.Kms.CryptoKey("cryptokey", new()
{
Name = "crypto-key-example",
KeyRing = keyring.Id,
RotationPeriod = "7776000s",
});
var example_key = new Gcp.Kms.CryptoKeyVersion("example-key", new()
{
CryptoKey = cryptokey.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.kms.KeyRing;
import com.pulumi.gcp.kms.KeyRingArgs;
import com.pulumi.gcp.kms.CryptoKey;
import com.pulumi.gcp.kms.CryptoKeyArgs;
import com.pulumi.gcp.kms.CryptoKeyVersion;
import com.pulumi.gcp.kms.CryptoKeyVersionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var keyring = new KeyRing("keyring", KeyRingArgs.builder()
.name("keyring-example")
.location("global")
.build());
var cryptokey = new CryptoKey("cryptokey", CryptoKeyArgs.builder()
.name("crypto-key-example")
.keyRing(keyring.id())
.rotationPeriod("7776000s")
.build());
var example_key = new CryptoKeyVersion("example-key", CryptoKeyVersionArgs.builder()
.cryptoKey(cryptokey.id())
.build());
}
}
resources:
keyring:
type: gcp:kms:KeyRing
properties:
name: keyring-example
location: global
cryptokey:
type: gcp:kms:CryptoKey
properties:
name: crypto-key-example
keyRing: ${keyring.id}
rotationPeriod: 7776000s
example-key:
type: gcp:kms:CryptoKeyVersion
properties:
cryptoKey: ${cryptokey.id}
Create CryptoKeyVersion Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new CryptoKeyVersion(name: string, args: CryptoKeyVersionArgs, opts?: CustomResourceOptions);@overload
def CryptoKeyVersion(resource_name: str,
args: CryptoKeyVersionArgs,
opts: Optional[ResourceOptions] = None)
@overload
def CryptoKeyVersion(resource_name: str,
opts: Optional[ResourceOptions] = None,
crypto_key: Optional[str] = None,
external_protection_level_options: Optional[CryptoKeyVersionExternalProtectionLevelOptionsArgs] = None,
state: Optional[str] = None)func NewCryptoKeyVersion(ctx *Context, name string, args CryptoKeyVersionArgs, opts ...ResourceOption) (*CryptoKeyVersion, error)public CryptoKeyVersion(string name, CryptoKeyVersionArgs args, CustomResourceOptions? opts = null)public CryptoKeyVersion(String name, CryptoKeyVersionArgs args)
public CryptoKeyVersion(String name, CryptoKeyVersionArgs args, CustomResourceOptions options)
type: gcp:kms:CryptoKeyVersion
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. CryptoKeyVersionArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. CryptoKeyVersionArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. CryptoKeyVersionArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. CryptoKeyVersionArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. CryptoKeyVersionArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var cryptoKeyVersionResource = new Gcp.Kms.CryptoKeyVersion("cryptoKeyVersionResource", new()
{
CryptoKey = "string",
ExternalProtectionLevelOptions = new Gcp.Kms.Inputs.CryptoKeyVersionExternalProtectionLevelOptionsArgs
{
EkmConnectionKeyPath = "string",
ExternalKeyUri = "string",
},
State = "string",
});
example, err := kms.NewCryptoKeyVersion(ctx, "cryptoKeyVersionResource", &kms.CryptoKeyVersionArgs{
CryptoKey: pulumi.String("string"),
ExternalProtectionLevelOptions: &kms.CryptoKeyVersionExternalProtectionLevelOptionsArgs{
EkmConnectionKeyPath: pulumi.String("string"),
ExternalKeyUri: pulumi.String("string"),
},
State: pulumi.String("string"),
})
var cryptoKeyVersionResource = new CryptoKeyVersion("cryptoKeyVersionResource", CryptoKeyVersionArgs.builder()
.cryptoKey("string")
.externalProtectionLevelOptions(CryptoKeyVersionExternalProtectionLevelOptionsArgs.builder()
.ekmConnectionKeyPath("string")
.externalKeyUri("string")
.build())
.state("string")
.build());
crypto_key_version_resource = gcp.kms.CryptoKeyVersion("cryptoKeyVersionResource",
crypto_key="string",
external_protection_level_options={
"ekm_connection_key_path": "string",
"external_key_uri": "string",
},
state="string")
const cryptoKeyVersionResource = new gcp.kms.CryptoKeyVersion("cryptoKeyVersionResource", {
cryptoKey: "string",
externalProtectionLevelOptions: {
ekmConnectionKeyPath: "string",
externalKeyUri: "string",
},
state: "string",
});
type: gcp:kms:CryptoKeyVersion
properties:
cryptoKey: string
externalProtectionLevelOptions:
ekmConnectionKeyPath: string
externalKeyUri: string
state: string
CryptoKeyVersion Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The CryptoKeyVersion resource accepts the following input properties:
- Crypto
Key stringThis property is required. 
Changes to this property will trigger replacement. - The name of the cryptoKey associated with the CryptoKeyVersions.
Format:
'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}' - External
Protection CryptoLevel Options Key Version External Protection Level Options - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
- State string
- The current state of the CryptoKeyVersion.
Possible values are:
PENDING_GENERATION,ENABLED,DISABLED,DESTROYED,DESTROY_SCHEDULED,PENDING_IMPORT,IMPORT_FAILED.
- Crypto
Key stringThis property is required. Changes to this property will trigger replacement. - The name of the cryptoKey associated with the CryptoKeyVersions.
Format:
'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}' - External
Protection CryptoLevel Options Key Version External Protection Level Options Args - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
- State string
- The current state of the CryptoKeyVersion.
Possible values are:
PENDING_GENERATION,ENABLED,DISABLED,DESTROYED,DESTROY_SCHEDULED,PENDING_IMPORT,IMPORT_FAILED.
- crypto
Key StringThis property is required. Changes to this property will trigger replacement. - The name of the cryptoKey associated with the CryptoKeyVersions.
Format:
'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}' - external
Protection CryptoLevel Options Key Version External Protection Level Options - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
- state String
- The current state of the CryptoKeyVersion.
Possible values are:
PENDING_GENERATION,ENABLED,DISABLED,DESTROYED,DESTROY_SCHEDULED,PENDING_IMPORT,IMPORT_FAILED.
- crypto
Key stringThis property is required. Changes to this property will trigger replacement. - The name of the cryptoKey associated with the CryptoKeyVersions.
Format:
'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}' - external
Protection CryptoLevel Options Key Version External Protection Level Options - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
- state string
- The current state of the CryptoKeyVersion.
Possible values are:
PENDING_GENERATION,ENABLED,DISABLED,DESTROYED,DESTROY_SCHEDULED,PENDING_IMPORT,IMPORT_FAILED.
- crypto_
key strThis property is required. Changes to this property will trigger replacement. - The name of the cryptoKey associated with the CryptoKeyVersions.
Format:
'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}' - external_
protection_ Cryptolevel_ options Key Version External Protection Level Options Args - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
- state str
- The current state of the CryptoKeyVersion.
Possible values are:
PENDING_GENERATION,ENABLED,DISABLED,DESTROYED,DESTROY_SCHEDULED,PENDING_IMPORT,IMPORT_FAILED.
- crypto
Key StringThis property is required. Changes to this property will trigger replacement. - The name of the cryptoKey associated with the CryptoKeyVersions.
Format:
'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}' - external
Protection Property MapLevel Options - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
- state String
- The current state of the CryptoKeyVersion.
Possible values are:
PENDING_GENERATION,ENABLED,DISABLED,DESTROYED,DESTROY_SCHEDULED,PENDING_IMPORT,IMPORT_FAILED.
Outputs
All input properties are implicitly available as output properties. Additionally, the CryptoKeyVersion resource produces the following output properties:
- Algorithm string
- The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- Attestations
List<Crypto
Key Version Attestation> - Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.
- Generate
Time string - The time this CryptoKeyVersion key material was generated
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- The resource name for this CryptoKeyVersion.
- Protection
Level string - The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- Algorithm string
- The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- Attestations
[]Crypto
Key Version Attestation - Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.
- Generate
Time string - The time this CryptoKeyVersion key material was generated
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- The resource name for this CryptoKeyVersion.
- Protection
Level string - The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- algorithm String
- The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- attestations
List<Crypto
Key Version Attestation> - Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.
- generate
Time String - The time this CryptoKeyVersion key material was generated
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- The resource name for this CryptoKeyVersion.
- protection
Level String - The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- algorithm string
- The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- attestations
Crypto
Key Version Attestation[] - Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.
- generate
Time string - The time this CryptoKeyVersion key material was generated
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- The resource name for this CryptoKeyVersion.
- protection
Level string - The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- algorithm str
- The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- attestations
Sequence[Crypto
Key Version Attestation] - Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.
- generate_
time str - The time this CryptoKeyVersion key material was generated
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- The resource name for this CryptoKeyVersion.
- protection_
level str - The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- algorithm String
- The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- attestations List<Property Map>
- Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.
- generate
Time String - The time this CryptoKeyVersion key material was generated
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- The resource name for this CryptoKeyVersion.
- protection
Level String - The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
Look up Existing CryptoKeyVersion Resource
Get an existing CryptoKeyVersion resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CryptoKeyVersionState, opts?: CustomResourceOptions): CryptoKeyVersion@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
algorithm: Optional[str] = None,
attestations: Optional[Sequence[CryptoKeyVersionAttestationArgs]] = None,
crypto_key: Optional[str] = None,
external_protection_level_options: Optional[CryptoKeyVersionExternalProtectionLevelOptionsArgs] = None,
generate_time: Optional[str] = None,
name: Optional[str] = None,
protection_level: Optional[str] = None,
state: Optional[str] = None) -> CryptoKeyVersionfunc GetCryptoKeyVersion(ctx *Context, name string, id IDInput, state *CryptoKeyVersionState, opts ...ResourceOption) (*CryptoKeyVersion, error)public static CryptoKeyVersion Get(string name, Input<string> id, CryptoKeyVersionState? state, CustomResourceOptions? opts = null)public static CryptoKeyVersion get(String name, Output<String> id, CryptoKeyVersionState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Algorithm string
- The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- Attestations
List<Crypto
Key Version Attestation> - Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.
- Crypto
Key - The name of the cryptoKey associated with the CryptoKeyVersions.
Format:
'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}' - External
Protection CryptoLevel Options Key Version External Protection Level Options - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
- Generate
Time string - The time this CryptoKeyVersion key material was generated
- Name string
- The resource name for this CryptoKeyVersion.
- Protection
Level string - The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- State string
- The current state of the CryptoKeyVersion.
Possible values are:
PENDING_GENERATION,ENABLED,DISABLED,DESTROYED,DESTROY_SCHEDULED,PENDING_IMPORT,IMPORT_FAILED.
- Algorithm string
- The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- Attestations
[]Crypto
Key Version Attestation Args - Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.
- Crypto
Key - The name of the cryptoKey associated with the CryptoKeyVersions.
Format:
'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}' - External
Protection CryptoLevel Options Key Version External Protection Level Options Args - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
- Generate
Time string - The time this CryptoKeyVersion key material was generated
- Name string
- The resource name for this CryptoKeyVersion.
- Protection
Level string - The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- State string
- The current state of the CryptoKeyVersion.
Possible values are:
PENDING_GENERATION,ENABLED,DISABLED,DESTROYED,DESTROY_SCHEDULED,PENDING_IMPORT,IMPORT_FAILED.
- algorithm String
- The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- attestations
List<Crypto
Key Version Attestation> - Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.
- crypto
Key - The name of the cryptoKey associated with the CryptoKeyVersions.
Format:
'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}' - external
Protection CryptoLevel Options Key Version External Protection Level Options - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
- generate
Time String - The time this CryptoKeyVersion key material was generated
- name String
- The resource name for this CryptoKeyVersion.
- protection
Level String - The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- state String
- The current state of the CryptoKeyVersion.
Possible values are:
PENDING_GENERATION,ENABLED,DISABLED,DESTROYED,DESTROY_SCHEDULED,PENDING_IMPORT,IMPORT_FAILED.
- algorithm string
- The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- attestations
Crypto
Key Version Attestation[] - Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.
- crypto
Key - The name of the cryptoKey associated with the CryptoKeyVersions.
Format:
'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}' - external
Protection CryptoLevel Options Key Version External Protection Level Options - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
- generate
Time string - The time this CryptoKeyVersion key material was generated
- name string
- The resource name for this CryptoKeyVersion.
- protection
Level string - The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- state string
- The current state of the CryptoKeyVersion.
Possible values are:
PENDING_GENERATION,ENABLED,DISABLED,DESTROYED,DESTROY_SCHEDULED,PENDING_IMPORT,IMPORT_FAILED.
- algorithm str
- The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- attestations
Sequence[Crypto
Key Version Attestation Args] - Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.
- crypto_
key - The name of the cryptoKey associated with the CryptoKeyVersions.
Format:
'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}' - external_
protection_ Cryptolevel_ options Key Version External Protection Level Options Args - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
- generate_
time str - The time this CryptoKeyVersion key material was generated
- name str
- The resource name for this CryptoKeyVersion.
- protection_
level str - The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- state str
- The current state of the CryptoKeyVersion.
Possible values are:
PENDING_GENERATION,ENABLED,DISABLED,DESTROYED,DESTROY_SCHEDULED,PENDING_IMPORT,IMPORT_FAILED.
- algorithm String
- The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- attestations List<Property Map>
- Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.
- crypto
Key - The name of the cryptoKey associated with the CryptoKeyVersions.
Format:
'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}' - external
Protection Property MapLevel Options - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
- generate
Time String - The time this CryptoKeyVersion key material was generated
- name String
- The resource name for this CryptoKeyVersion.
- protection
Level String - The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- state String
- The current state of the CryptoKeyVersion.
Possible values are:
PENDING_GENERATION,ENABLED,DISABLED,DESTROYED,DESTROY_SCHEDULED,PENDING_IMPORT,IMPORT_FAILED.
Supporting Types
CryptoKeyVersionAttestation, CryptoKeyVersionAttestationArgs
, CryptoKeyVersionAttestationArgs
- Cert
Chains CryptoKey Version Attestation Cert Chains - The certificate chains needed to validate the attestation Structure is documented below.
- Content string
- (Output) The attestation data provided by the HSM when the key operation was performed.
- External
Protection CryptoLevel Options Key Version Attestation External Protection Level Options - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
- Format string
- (Output) The format of the attestation data.
- Cert
Chains CryptoKey Version Attestation Cert Chains - The certificate chains needed to validate the attestation Structure is documented below.
- Content string
- (Output) The attestation data provided by the HSM when the key operation was performed.
- External
Protection CryptoLevel Options Key Version Attestation External Protection Level Options - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
- Format string
- (Output) The format of the attestation data.
- cert
Chains CryptoKey Version Attestation Cert Chains - The certificate chains needed to validate the attestation Structure is documented below.
- content String
- (Output) The attestation data provided by the HSM when the key operation was performed.
- external
Protection CryptoLevel Options Key Version Attestation External Protection Level Options - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
- format String
- (Output) The format of the attestation data.
- cert
Chains CryptoKey Version Attestation Cert Chains - The certificate chains needed to validate the attestation Structure is documented below.
- content string
- (Output) The attestation data provided by the HSM when the key operation was performed.
- external
Protection CryptoLevel Options Key Version Attestation External Protection Level Options - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
- format string
- (Output) The format of the attestation data.
- cert_
chains CryptoKey Version Attestation Cert Chains - The certificate chains needed to validate the attestation Structure is documented below.
- content str
- (Output) The attestation data provided by the HSM when the key operation was performed.
- external_
protection_ Cryptolevel_ options Key Version Attestation External Protection Level Options - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
- format str
- (Output) The format of the attestation data.
- cert
Chains Property Map - The certificate chains needed to validate the attestation Structure is documented below.
- content String
- (Output) The attestation data provided by the HSM when the key operation was performed.
- external
Protection Property MapLevel Options - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
- format String
- (Output) The format of the attestation data.
CryptoKeyVersionAttestationCertChains, CryptoKeyVersionAttestationCertChainsArgs
, CryptoKeyVersionAttestationCertChainsArgs
- Cavium
Certs List<string> - Cavium certificate chain corresponding to the attestation.
- Google
Card List<string>Certs - Google card certificate chain corresponding to the attestation.
- Google
Partition List<string>Certs - Google partition certificate chain corresponding to the attestation.
- Cavium
Certs []string - Cavium certificate chain corresponding to the attestation.
- Google
Card []stringCerts - Google card certificate chain corresponding to the attestation.
- Google
Partition []stringCerts - Google partition certificate chain corresponding to the attestation.
- cavium
Certs List<String> - Cavium certificate chain corresponding to the attestation.
- google
Card List<String>Certs - Google card certificate chain corresponding to the attestation.
- google
Partition List<String>Certs - Google partition certificate chain corresponding to the attestation.
- cavium
Certs string[] - Cavium certificate chain corresponding to the attestation.
- google
Card string[]Certs - Google card certificate chain corresponding to the attestation.
- google
Partition string[]Certs - Google partition certificate chain corresponding to the attestation.
- cavium_
certs Sequence[str] - Cavium certificate chain corresponding to the attestation.
- google_
card_ Sequence[str]certs - Google card certificate chain corresponding to the attestation.
- google_
partition_ Sequence[str]certs - Google partition certificate chain corresponding to the attestation.
- cavium
Certs List<String> - Cavium certificate chain corresponding to the attestation.
- google
Card List<String>Certs - Google card certificate chain corresponding to the attestation.
- google
Partition List<String>Certs - Google partition certificate chain corresponding to the attestation.
CryptoKeyVersionAttestationExternalProtectionLevelOptions, CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs
, CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs
- Ekm
Connection stringKey Path - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
- External
Key stringUri - The URI for an external resource that this CryptoKeyVersion represents.
- Ekm
Connection stringKey Path - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
- External
Key stringUri - The URI for an external resource that this CryptoKeyVersion represents.
- ekm
Connection StringKey Path - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
- external
Key StringUri - The URI for an external resource that this CryptoKeyVersion represents.
- ekm
Connection stringKey Path - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
- external
Key stringUri - The URI for an external resource that this CryptoKeyVersion represents.
- ekm_
connection_ strkey_ path - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
- external_
key_ struri - The URI for an external resource that this CryptoKeyVersion represents.
- ekm
Connection StringKey Path - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
- external
Key StringUri - The URI for an external resource that this CryptoKeyVersion represents.
CryptoKeyVersionExternalProtectionLevelOptions, CryptoKeyVersionExternalProtectionLevelOptionsArgs
, CryptoKeyVersionExternalProtectionLevelOptionsArgs
- Ekm
Connection stringKey Path - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
- External
Key stringUri - The URI for an external resource that this CryptoKeyVersion represents.
- Ekm
Connection stringKey Path - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
- External
Key stringUri - The URI for an external resource that this CryptoKeyVersion represents.
- ekm
Connection StringKey Path - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
- external
Key StringUri - The URI for an external resource that this CryptoKeyVersion represents.
- ekm
Connection stringKey Path - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
- external
Key stringUri - The URI for an external resource that this CryptoKeyVersion represents.
- ekm_
connection_ strkey_ path - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
- external_
key_ struri - The URI for an external resource that this CryptoKeyVersion represents.
- ekm
Connection StringKey Path - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
- external
Key StringUri - The URI for an external resource that this CryptoKeyVersion represents.
Import
CryptoKeyVersion can be imported using any of these accepted formats:
{{name}}
When using the pulumi import command, CryptoKeyVersion can be imported using one of the formats above. For example:
$ pulumi import gcp:kms/cryptoKeyVersion:CryptoKeyVersion default {{name}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.