alicloud.kms.Key
Explore with Pulumi AI
Provides a KMS Key resource.
For information about KMS Key and how to use it, see What is Key.
NOTE: Available since v1.85.0.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
const _default = new alicloud.kms.Key("default", {
description: "Hello KMS",
status: "Enabled",
pendingWindowInDays: 7,
});
import pulumi
import pulumi_alicloud as alicloud
default = alicloud.kms.Key("default",
description="Hello KMS",
status="Enabled",
pending_window_in_days=7)
package main
import (
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := kms.NewKey(ctx, "default", &kms.KeyArgs{
Description: pulumi.String("Hello KMS"),
Status: pulumi.String("Enabled"),
PendingWindowInDays: pulumi.Int(7),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
return await Deployment.RunAsync(() =>
{
var @default = new AliCloud.Kms.Key("default", new()
{
Description = "Hello KMS",
Status = "Enabled",
PendingWindowInDays = 7,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.kms.Key;
import com.pulumi.alicloud.kms.KeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new Key("default", KeyArgs.builder()
.description("Hello KMS")
.status("Enabled")
.pendingWindowInDays("7")
.build());
}
}
resources:
default:
type: alicloud:kms:Key
properties:
description: Hello KMS
status: Enabled
pendingWindowInDays: '7'
Create Key Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Key(name: string, args?: KeyArgs, opts?: CustomResourceOptions);
@overload
def Key(resource_name: str,
args: Optional[KeyArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Key(resource_name: str,
opts: Optional[ResourceOptions] = None,
automatic_rotation: Optional[str] = None,
deletion_window_in_days: Optional[int] = None,
description: Optional[str] = None,
dkms_instance_id: Optional[str] = None,
is_enabled: Optional[bool] = None,
key_spec: Optional[str] = None,
key_state: Optional[str] = None,
key_usage: Optional[str] = None,
origin: Optional[str] = None,
pending_window_in_days: Optional[int] = None,
policy: Optional[str] = None,
protection_level: Optional[str] = None,
rotation_interval: Optional[str] = None,
status: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)
func NewKey(ctx *Context, name string, args *KeyArgs, opts ...ResourceOption) (*Key, error)
public Key(string name, KeyArgs? args = null, CustomResourceOptions? opts = null)
type: alicloud:kms:Key
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var keyResource = new AliCloud.Kms.Key("keyResource", new()
{
AutomaticRotation = "string",
Description = "string",
DkmsInstanceId = "string",
KeySpec = "string",
KeyUsage = "string",
Origin = "string",
PendingWindowInDays = 0,
Policy = "string",
ProtectionLevel = "string",
RotationInterval = "string",
Status = "string",
Tags =
{
{ "string", "string" },
},
});
example, err := kms.NewKey(ctx, "keyResource", &kms.KeyArgs{
AutomaticRotation: pulumi.String("string"),
Description: pulumi.String("string"),
DkmsInstanceId: pulumi.String("string"),
KeySpec: pulumi.String("string"),
KeyUsage: pulumi.String("string"),
Origin: pulumi.String("string"),
PendingWindowInDays: pulumi.Int(0),
Policy: pulumi.String("string"),
ProtectionLevel: pulumi.String("string"),
RotationInterval: pulumi.String("string"),
Status: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var keyResource = new Key("keyResource", KeyArgs.builder()
.automaticRotation("string")
.description("string")
.dkmsInstanceId("string")
.keySpec("string")
.keyUsage("string")
.origin("string")
.pendingWindowInDays(0)
.policy("string")
.protectionLevel("string")
.rotationInterval("string")
.status("string")
.tags(Map.of("string", "string"))
.build());
key_resource = alicloud.kms.Key("keyResource",
automatic_rotation="string",
description="string",
dkms_instance_id="string",
key_spec="string",
key_usage="string",
origin="string",
pending_window_in_days=0,
policy="string",
protection_level="string",
rotation_interval="string",
status="string",
tags={
"string": "string",
})
const keyResource = new alicloud.kms.Key("keyResource", {
automaticRotation: "string",
description: "string",
dkmsInstanceId: "string",
keySpec: "string",
keyUsage: "string",
origin: "string",
pendingWindowInDays: 0,
policy: "string",
protectionLevel: "string",
rotationInterval: "string",
status: "string",
tags: {
string: "string",
},
});
type: alicloud:kms:Key
properties:
automaticRotation: string
description: string
dkmsInstanceId: string
keySpec: string
keyUsage: string
origin: string
pendingWindowInDays: 0
policy: string
protectionLevel: string
rotationInterval: string
status: string
tags:
string: string
Key Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Key resource accepts the following input properties:
- Automatic
Rotation string - Specifies whether to enable automatic key rotation. Default value:
Disabled
. Valid values:Enabled
,Disabled
. - Deletion
Window intIn Days - Field
deletion_window_in_days
has been deprecated from provider version 1.85.0. New fieldpending_window_in_days
instead. - Description string
- The description of the key.
- Dkms
Instance stringId - The ID of the KMS instance.
- Is
Enabled bool Field
is_enabled
has been deprecated from provider version 1.85.0. New fieldstatus
instead.NOTE: If you set the origin parameter to EXTERNAL or the key_spec parameter to an asymmetric CMK type, automatic key rotation is unavailable.
NOTE: The default type of the CMK is
Aliyun_AES_256
. Only Dedicated KMS supportsAliyun_AES_128
andAliyun_AES_192
.NOTE: When the pre-deletion days elapses, the key is permanently deleted and cannot be recovered.
- Key
Spec string - The specification of the key. Default value:
Aliyun_AES_256
. Valid values:Aliyun_AES_256
,Aliyun_AES_128
,Aliyun_AES_192
,Aliyun_SM4
,RSA_2048
,RSA_3072
,EC_P256
,EC_P256K
,EC_SM2
. - Key
Status string - Field
key_state
has been deprecated from provider version 1.123.1. New fieldstatus
instead. - Key
Usage string - The usage of the key. Default value:
ENCRYPT/DECRYPT
. Valid values:ENCRYPT/DECRYPT
: Encrypts or decrypts data.SIGN/VERIFY
: Generates or verifies a digital signature.
- Origin string
- The key material origin. Default value:
Aliyun_KMS
. Valid values:Aliyun_KMS
,EXTERNAL
. - Pending
Window intIn Days - The number of days before the CMK is deleted. During this period, the CMK is in the PendingDeletion state. After this period ends, you cannot cancel the deletion. Unit: days. Valid values:
7
to366
. NOTE: From version 1.184.0,pending_window_in_days
can be set to366
. - Policy string
- The content of the key policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
- Protection
Level string - The protection level of the key. Default value:
SOFTWARE
. Valid values:SOFTWARE
,HSM
. - Rotation
Interval string - The period of automatic key rotation. The following units are supported: d (day), h (hour), m (minute), and s (second). For example, you can use either 7d or 604800s to specify a seven-day interval.
NOTE: If
automatic_rotation
is set toEnabled
,rotation_interval
is required. - Status string
- The status of key. Default value:
Enabled
. Valid values:Enabled
,Disabled
,PendingDeletion
. - Dictionary<string, string>
- A mapping of tags to assign to the resource.
- Automatic
Rotation string - Specifies whether to enable automatic key rotation. Default value:
Disabled
. Valid values:Enabled
,Disabled
. - Deletion
Window intIn Days - Field
deletion_window_in_days
has been deprecated from provider version 1.85.0. New fieldpending_window_in_days
instead. - Description string
- The description of the key.
- Dkms
Instance stringId - The ID of the KMS instance.
- Is
Enabled bool Field
is_enabled
has been deprecated from provider version 1.85.0. New fieldstatus
instead.NOTE: If you set the origin parameter to EXTERNAL or the key_spec parameter to an asymmetric CMK type, automatic key rotation is unavailable.
NOTE: The default type of the CMK is
Aliyun_AES_256
. Only Dedicated KMS supportsAliyun_AES_128
andAliyun_AES_192
.NOTE: When the pre-deletion days elapses, the key is permanently deleted and cannot be recovered.
- Key
Spec string - The specification of the key. Default value:
Aliyun_AES_256
. Valid values:Aliyun_AES_256
,Aliyun_AES_128
,Aliyun_AES_192
,Aliyun_SM4
,RSA_2048
,RSA_3072
,EC_P256
,EC_P256K
,EC_SM2
. - Key
State string - Field
key_state
has been deprecated from provider version 1.123.1. New fieldstatus
instead. - Key
Usage string - The usage of the key. Default value:
ENCRYPT/DECRYPT
. Valid values:ENCRYPT/DECRYPT
: Encrypts or decrypts data.SIGN/VERIFY
: Generates or verifies a digital signature.
- Origin string
- The key material origin. Default value:
Aliyun_KMS
. Valid values:Aliyun_KMS
,EXTERNAL
. - Pending
Window intIn Days - The number of days before the CMK is deleted. During this period, the CMK is in the PendingDeletion state. After this period ends, you cannot cancel the deletion. Unit: days. Valid values:
7
to366
. NOTE: From version 1.184.0,pending_window_in_days
can be set to366
. - Policy string
- The content of the key policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
- Protection
Level string - The protection level of the key. Default value:
SOFTWARE
. Valid values:SOFTWARE
,HSM
. - Rotation
Interval string - The period of automatic key rotation. The following units are supported: d (day), h (hour), m (minute), and s (second). For example, you can use either 7d or 604800s to specify a seven-day interval.
NOTE: If
automatic_rotation
is set toEnabled
,rotation_interval
is required. - Status string
- The status of key. Default value:
Enabled
. Valid values:Enabled
,Disabled
,PendingDeletion
. - map[string]string
- A mapping of tags to assign to the resource.
- automatic
Rotation String - Specifies whether to enable automatic key rotation. Default value:
Disabled
. Valid values:Enabled
,Disabled
. - deletion
Window IntegerIn Days - Field
deletion_window_in_days
has been deprecated from provider version 1.85.0. New fieldpending_window_in_days
instead. - description String
- The description of the key.
- dkms
Instance StringId - The ID of the KMS instance.
- is
Enabled Boolean Field
is_enabled
has been deprecated from provider version 1.85.0. New fieldstatus
instead.NOTE: If you set the origin parameter to EXTERNAL or the key_spec parameter to an asymmetric CMK type, automatic key rotation is unavailable.
NOTE: The default type of the CMK is
Aliyun_AES_256
. Only Dedicated KMS supportsAliyun_AES_128
andAliyun_AES_192
.NOTE: When the pre-deletion days elapses, the key is permanently deleted and cannot be recovered.
- key
Spec String - The specification of the key. Default value:
Aliyun_AES_256
. Valid values:Aliyun_AES_256
,Aliyun_AES_128
,Aliyun_AES_192
,Aliyun_SM4
,RSA_2048
,RSA_3072
,EC_P256
,EC_P256K
,EC_SM2
. - key
State String - Field
key_state
has been deprecated from provider version 1.123.1. New fieldstatus
instead. - key
Usage String - The usage of the key. Default value:
ENCRYPT/DECRYPT
. Valid values:ENCRYPT/DECRYPT
: Encrypts or decrypts data.SIGN/VERIFY
: Generates or verifies a digital signature.
- origin String
- The key material origin. Default value:
Aliyun_KMS
. Valid values:Aliyun_KMS
,EXTERNAL
. - pending
Window IntegerIn Days - The number of days before the CMK is deleted. During this period, the CMK is in the PendingDeletion state. After this period ends, you cannot cancel the deletion. Unit: days. Valid values:
7
to366
. NOTE: From version 1.184.0,pending_window_in_days
can be set to366
. - policy String
- The content of the key policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
- protection
Level String - The protection level of the key. Default value:
SOFTWARE
. Valid values:SOFTWARE
,HSM
. - rotation
Interval String - The period of automatic key rotation. The following units are supported: d (day), h (hour), m (minute), and s (second). For example, you can use either 7d or 604800s to specify a seven-day interval.
NOTE: If
automatic_rotation
is set toEnabled
,rotation_interval
is required. - status String
- The status of key. Default value:
Enabled
. Valid values:Enabled
,Disabled
,PendingDeletion
. - Map<String,String>
- A mapping of tags to assign to the resource.
- automatic
Rotation string - Specifies whether to enable automatic key rotation. Default value:
Disabled
. Valid values:Enabled
,Disabled
. - deletion
Window numberIn Days - Field
deletion_window_in_days
has been deprecated from provider version 1.85.0. New fieldpending_window_in_days
instead. - description string
- The description of the key.
- dkms
Instance stringId - The ID of the KMS instance.
- is
Enabled boolean Field
is_enabled
has been deprecated from provider version 1.85.0. New fieldstatus
instead.NOTE: If you set the origin parameter to EXTERNAL or the key_spec parameter to an asymmetric CMK type, automatic key rotation is unavailable.
NOTE: The default type of the CMK is
Aliyun_AES_256
. Only Dedicated KMS supportsAliyun_AES_128
andAliyun_AES_192
.NOTE: When the pre-deletion days elapses, the key is permanently deleted and cannot be recovered.
- key
Spec string - The specification of the key. Default value:
Aliyun_AES_256
. Valid values:Aliyun_AES_256
,Aliyun_AES_128
,Aliyun_AES_192
,Aliyun_SM4
,RSA_2048
,RSA_3072
,EC_P256
,EC_P256K
,EC_SM2
. - key
State string - Field
key_state
has been deprecated from provider version 1.123.1. New fieldstatus
instead. - key
Usage string - The usage of the key. Default value:
ENCRYPT/DECRYPT
. Valid values:ENCRYPT/DECRYPT
: Encrypts or decrypts data.SIGN/VERIFY
: Generates or verifies a digital signature.
- origin string
- The key material origin. Default value:
Aliyun_KMS
. Valid values:Aliyun_KMS
,EXTERNAL
. - pending
Window numberIn Days - The number of days before the CMK is deleted. During this period, the CMK is in the PendingDeletion state. After this period ends, you cannot cancel the deletion. Unit: days. Valid values:
7
to366
. NOTE: From version 1.184.0,pending_window_in_days
can be set to366
. - policy string
- The content of the key policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
- protection
Level string - The protection level of the key. Default value:
SOFTWARE
. Valid values:SOFTWARE
,HSM
. - rotation
Interval string - The period of automatic key rotation. The following units are supported: d (day), h (hour), m (minute), and s (second). For example, you can use either 7d or 604800s to specify a seven-day interval.
NOTE: If
automatic_rotation
is set toEnabled
,rotation_interval
is required. - status string
- The status of key. Default value:
Enabled
. Valid values:Enabled
,Disabled
,PendingDeletion
. - {[key: string]: string}
- A mapping of tags to assign to the resource.
- automatic_
rotation str - Specifies whether to enable automatic key rotation. Default value:
Disabled
. Valid values:Enabled
,Disabled
. - deletion_
window_ intin_ days - Field
deletion_window_in_days
has been deprecated from provider version 1.85.0. New fieldpending_window_in_days
instead. - description str
- The description of the key.
- dkms_
instance_ strid - The ID of the KMS instance.
- is_
enabled bool Field
is_enabled
has been deprecated from provider version 1.85.0. New fieldstatus
instead.NOTE: If you set the origin parameter to EXTERNAL or the key_spec parameter to an asymmetric CMK type, automatic key rotation is unavailable.
NOTE: The default type of the CMK is
Aliyun_AES_256
. Only Dedicated KMS supportsAliyun_AES_128
andAliyun_AES_192
.NOTE: When the pre-deletion days elapses, the key is permanently deleted and cannot be recovered.
- key_
spec str - The specification of the key. Default value:
Aliyun_AES_256
. Valid values:Aliyun_AES_256
,Aliyun_AES_128
,Aliyun_AES_192
,Aliyun_SM4
,RSA_2048
,RSA_3072
,EC_P256
,EC_P256K
,EC_SM2
. - key_
state str - Field
key_state
has been deprecated from provider version 1.123.1. New fieldstatus
instead. - key_
usage str - The usage of the key. Default value:
ENCRYPT/DECRYPT
. Valid values:ENCRYPT/DECRYPT
: Encrypts or decrypts data.SIGN/VERIFY
: Generates or verifies a digital signature.
- origin str
- The key material origin. Default value:
Aliyun_KMS
. Valid values:Aliyun_KMS
,EXTERNAL
. - pending_
window_ intin_ days - The number of days before the CMK is deleted. During this period, the CMK is in the PendingDeletion state. After this period ends, you cannot cancel the deletion. Unit: days. Valid values:
7
to366
. NOTE: From version 1.184.0,pending_window_in_days
can be set to366
. - policy str
- The content of the key policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
- protection_
level str - The protection level of the key. Default value:
SOFTWARE
. Valid values:SOFTWARE
,HSM
. - rotation_
interval str - The period of automatic key rotation. The following units are supported: d (day), h (hour), m (minute), and s (second). For example, you can use either 7d or 604800s to specify a seven-day interval.
NOTE: If
automatic_rotation
is set toEnabled
,rotation_interval
is required. - status str
- The status of key. Default value:
Enabled
. Valid values:Enabled
,Disabled
,PendingDeletion
. - Mapping[str, str]
- A mapping of tags to assign to the resource.
- automatic
Rotation String - Specifies whether to enable automatic key rotation. Default value:
Disabled
. Valid values:Enabled
,Disabled
. - deletion
Window NumberIn Days - Field
deletion_window_in_days
has been deprecated from provider version 1.85.0. New fieldpending_window_in_days
instead. - description String
- The description of the key.
- dkms
Instance StringId - The ID of the KMS instance.
- is
Enabled Boolean Field
is_enabled
has been deprecated from provider version 1.85.0. New fieldstatus
instead.NOTE: If you set the origin parameter to EXTERNAL or the key_spec parameter to an asymmetric CMK type, automatic key rotation is unavailable.
NOTE: The default type of the CMK is
Aliyun_AES_256
. Only Dedicated KMS supportsAliyun_AES_128
andAliyun_AES_192
.NOTE: When the pre-deletion days elapses, the key is permanently deleted and cannot be recovered.
- key
Spec String - The specification of the key. Default value:
Aliyun_AES_256
. Valid values:Aliyun_AES_256
,Aliyun_AES_128
,Aliyun_AES_192
,Aliyun_SM4
,RSA_2048
,RSA_3072
,EC_P256
,EC_P256K
,EC_SM2
. - key
State String - Field
key_state
has been deprecated from provider version 1.123.1. New fieldstatus
instead. - key
Usage String - The usage of the key. Default value:
ENCRYPT/DECRYPT
. Valid values:ENCRYPT/DECRYPT
: Encrypts or decrypts data.SIGN/VERIFY
: Generates or verifies a digital signature.
- origin String
- The key material origin. Default value:
Aliyun_KMS
. Valid values:Aliyun_KMS
,EXTERNAL
. - pending
Window NumberIn Days - The number of days before the CMK is deleted. During this period, the CMK is in the PendingDeletion state. After this period ends, you cannot cancel the deletion. Unit: days. Valid values:
7
to366
. NOTE: From version 1.184.0,pending_window_in_days
can be set to366
. - policy String
- The content of the key policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
- protection
Level String - The protection level of the key. Default value:
SOFTWARE
. Valid values:SOFTWARE
,HSM
. - rotation
Interval String - The period of automatic key rotation. The following units are supported: d (day), h (hour), m (minute), and s (second). For example, you can use either 7d or 604800s to specify a seven-day interval.
NOTE: If
automatic_rotation
is set toEnabled
,rotation_interval
is required. - status String
- The status of key. Default value:
Enabled
. Valid values:Enabled
,Disabled
,PendingDeletion
. - Map<String>
- A mapping of tags to assign to the resource.
Outputs
All input properties are implicitly available as output properties. Additionally, the Key resource produces the following output properties:
- Arn string
- The ARN of the key.
- Creation
Date string - The time when the CMK was created.
- Creator string
- The creator of the CMK.
- Delete
Date string - The time at which the CMK is scheduled for deletion.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Rotation stringDate - The time when the last rotation was performed.
- Material
Expire stringTime - The time when the key material expires.
- Next
Rotation stringDate - The time when the next rotation will be performed.
- Primary
Key stringVersion - The ID of the current primary key version of the symmetric CMK.
- Arn string
- The ARN of the key.
- Creation
Date string - The time when the CMK was created.
- Creator string
- The creator of the CMK.
- Delete
Date string - The time at which the CMK is scheduled for deletion.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Rotation stringDate - The time when the last rotation was performed.
- Material
Expire stringTime - The time when the key material expires.
- Next
Rotation stringDate - The time when the next rotation will be performed.
- Primary
Key stringVersion - The ID of the current primary key version of the symmetric CMK.
- arn String
- The ARN of the key.
- creation
Date String - The time when the CMK was created.
- creator String
- The creator of the CMK.
- delete
Date String - The time at which the CMK is scheduled for deletion.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Rotation StringDate - The time when the last rotation was performed.
- material
Expire StringTime - The time when the key material expires.
- next
Rotation StringDate - The time when the next rotation will be performed.
- primary
Key StringVersion - The ID of the current primary key version of the symmetric CMK.
- arn string
- The ARN of the key.
- creation
Date string - The time when the CMK was created.
- creator string
- The creator of the CMK.
- delete
Date string - The time at which the CMK is scheduled for deletion.
- id string
- The provider-assigned unique ID for this managed resource.
- last
Rotation stringDate - The time when the last rotation was performed.
- material
Expire stringTime - The time when the key material expires.
- next
Rotation stringDate - The time when the next rotation will be performed.
- primary
Key stringVersion - The ID of the current primary key version of the symmetric CMK.
- arn str
- The ARN of the key.
- creation_
date str - The time when the CMK was created.
- creator str
- The creator of the CMK.
- delete_
date str - The time at which the CMK is scheduled for deletion.
- id str
- The provider-assigned unique ID for this managed resource.
- last_
rotation_ strdate - The time when the last rotation was performed.
- material_
expire_ strtime - The time when the key material expires.
- next_
rotation_ strdate - The time when the next rotation will be performed.
- primary_
key_ strversion - The ID of the current primary key version of the symmetric CMK.
- arn String
- The ARN of the key.
- creation
Date String - The time when the CMK was created.
- creator String
- The creator of the CMK.
- delete
Date String - The time at which the CMK is scheduled for deletion.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Rotation StringDate - The time when the last rotation was performed.
- material
Expire StringTime - The time when the key material expires.
- next
Rotation StringDate - The time when the next rotation will be performed.
- primary
Key StringVersion - The ID of the current primary key version of the symmetric CMK.
Look up Existing Key Resource
Get an existing Key resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: KeyState, opts?: CustomResourceOptions): Key
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
automatic_rotation: Optional[str] = None,
creation_date: Optional[str] = None,
creator: Optional[str] = None,
delete_date: Optional[str] = None,
deletion_window_in_days: Optional[int] = None,
description: Optional[str] = None,
dkms_instance_id: Optional[str] = None,
is_enabled: Optional[bool] = None,
key_spec: Optional[str] = None,
key_state: Optional[str] = None,
key_usage: Optional[str] = None,
last_rotation_date: Optional[str] = None,
material_expire_time: Optional[str] = None,
next_rotation_date: Optional[str] = None,
origin: Optional[str] = None,
pending_window_in_days: Optional[int] = None,
policy: Optional[str] = None,
primary_key_version: Optional[str] = None,
protection_level: Optional[str] = None,
rotation_interval: Optional[str] = None,
status: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None) -> Key
func GetKey(ctx *Context, name string, id IDInput, state *KeyState, opts ...ResourceOption) (*Key, error)
public static Key Get(string name, Input<string> id, KeyState? state, CustomResourceOptions? opts = null)
public static Key get(String name, Output<String> id, KeyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
- The ARN of the key.
- Automatic
Rotation string - Specifies whether to enable automatic key rotation. Default value:
Disabled
. Valid values:Enabled
,Disabled
. - Creation
Date string - The time when the CMK was created.
- Creator string
- The creator of the CMK.
- Delete
Date string - The time at which the CMK is scheduled for deletion.
- Deletion
Window intIn Days - Field
deletion_window_in_days
has been deprecated from provider version 1.85.0. New fieldpending_window_in_days
instead. - Description string
- The description of the key.
- Dkms
Instance stringId - The ID of the KMS instance.
- Is
Enabled bool Field
is_enabled
has been deprecated from provider version 1.85.0. New fieldstatus
instead.NOTE: If you set the origin parameter to EXTERNAL or the key_spec parameter to an asymmetric CMK type, automatic key rotation is unavailable.
NOTE: The default type of the CMK is
Aliyun_AES_256
. Only Dedicated KMS supportsAliyun_AES_128
andAliyun_AES_192
.NOTE: When the pre-deletion days elapses, the key is permanently deleted and cannot be recovered.
- Key
Spec string - The specification of the key. Default value:
Aliyun_AES_256
. Valid values:Aliyun_AES_256
,Aliyun_AES_128
,Aliyun_AES_192
,Aliyun_SM4
,RSA_2048
,RSA_3072
,EC_P256
,EC_P256K
,EC_SM2
. - Key
Status string - Field
key_state
has been deprecated from provider version 1.123.1. New fieldstatus
instead. - Key
Usage string - The usage of the key. Default value:
ENCRYPT/DECRYPT
. Valid values:ENCRYPT/DECRYPT
: Encrypts or decrypts data.SIGN/VERIFY
: Generates or verifies a digital signature.
- Last
Rotation stringDate - The time when the last rotation was performed.
- Material
Expire stringTime - The time when the key material expires.
- Next
Rotation stringDate - The time when the next rotation will be performed.
- Origin string
- The key material origin. Default value:
Aliyun_KMS
. Valid values:Aliyun_KMS
,EXTERNAL
. - Pending
Window intIn Days - The number of days before the CMK is deleted. During this period, the CMK is in the PendingDeletion state. After this period ends, you cannot cancel the deletion. Unit: days. Valid values:
7
to366
. NOTE: From version 1.184.0,pending_window_in_days
can be set to366
. - Policy string
- The content of the key policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
- Primary
Key stringVersion - The ID of the current primary key version of the symmetric CMK.
- Protection
Level string - The protection level of the key. Default value:
SOFTWARE
. Valid values:SOFTWARE
,HSM
. - Rotation
Interval string - The period of automatic key rotation. The following units are supported: d (day), h (hour), m (minute), and s (second). For example, you can use either 7d or 604800s to specify a seven-day interval.
NOTE: If
automatic_rotation
is set toEnabled
,rotation_interval
is required. - Status string
- The status of key. Default value:
Enabled
. Valid values:Enabled
,Disabled
,PendingDeletion
. - Dictionary<string, string>
- A mapping of tags to assign to the resource.
- Arn string
- The ARN of the key.
- Automatic
Rotation string - Specifies whether to enable automatic key rotation. Default value:
Disabled
. Valid values:Enabled
,Disabled
. - Creation
Date string - The time when the CMK was created.
- Creator string
- The creator of the CMK.
- Delete
Date string - The time at which the CMK is scheduled for deletion.
- Deletion
Window intIn Days - Field
deletion_window_in_days
has been deprecated from provider version 1.85.0. New fieldpending_window_in_days
instead. - Description string
- The description of the key.
- Dkms
Instance stringId - The ID of the KMS instance.
- Is
Enabled bool Field
is_enabled
has been deprecated from provider version 1.85.0. New fieldstatus
instead.NOTE: If you set the origin parameter to EXTERNAL or the key_spec parameter to an asymmetric CMK type, automatic key rotation is unavailable.
NOTE: The default type of the CMK is
Aliyun_AES_256
. Only Dedicated KMS supportsAliyun_AES_128
andAliyun_AES_192
.NOTE: When the pre-deletion days elapses, the key is permanently deleted and cannot be recovered.
- Key
Spec string - The specification of the key. Default value:
Aliyun_AES_256
. Valid values:Aliyun_AES_256
,Aliyun_AES_128
,Aliyun_AES_192
,Aliyun_SM4
,RSA_2048
,RSA_3072
,EC_P256
,EC_P256K
,EC_SM2
. - Key
State string - Field
key_state
has been deprecated from provider version 1.123.1. New fieldstatus
instead. - Key
Usage string - The usage of the key. Default value:
ENCRYPT/DECRYPT
. Valid values:ENCRYPT/DECRYPT
: Encrypts or decrypts data.SIGN/VERIFY
: Generates or verifies a digital signature.
- Last
Rotation stringDate - The time when the last rotation was performed.
- Material
Expire stringTime - The time when the key material expires.
- Next
Rotation stringDate - The time when the next rotation will be performed.
- Origin string
- The key material origin. Default value:
Aliyun_KMS
. Valid values:Aliyun_KMS
,EXTERNAL
. - Pending
Window intIn Days - The number of days before the CMK is deleted. During this period, the CMK is in the PendingDeletion state. After this period ends, you cannot cancel the deletion. Unit: days. Valid values:
7
to366
. NOTE: From version 1.184.0,pending_window_in_days
can be set to366
. - Policy string
- The content of the key policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
- Primary
Key stringVersion - The ID of the current primary key version of the symmetric CMK.
- Protection
Level string - The protection level of the key. Default value:
SOFTWARE
. Valid values:SOFTWARE
,HSM
. - Rotation
Interval string - The period of automatic key rotation. The following units are supported: d (day), h (hour), m (minute), and s (second). For example, you can use either 7d or 604800s to specify a seven-day interval.
NOTE: If
automatic_rotation
is set toEnabled
,rotation_interval
is required. - Status string
- The status of key. Default value:
Enabled
. Valid values:Enabled
,Disabled
,PendingDeletion
. - map[string]string
- A mapping of tags to assign to the resource.
- arn String
- The ARN of the key.
- automatic
Rotation String - Specifies whether to enable automatic key rotation. Default value:
Disabled
. Valid values:Enabled
,Disabled
. - creation
Date String - The time when the CMK was created.
- creator String
- The creator of the CMK.
- delete
Date String - The time at which the CMK is scheduled for deletion.
- deletion
Window IntegerIn Days - Field
deletion_window_in_days
has been deprecated from provider version 1.85.0. New fieldpending_window_in_days
instead. - description String
- The description of the key.
- dkms
Instance StringId - The ID of the KMS instance.
- is
Enabled Boolean Field
is_enabled
has been deprecated from provider version 1.85.0. New fieldstatus
instead.NOTE: If you set the origin parameter to EXTERNAL or the key_spec parameter to an asymmetric CMK type, automatic key rotation is unavailable.
NOTE: The default type of the CMK is
Aliyun_AES_256
. Only Dedicated KMS supportsAliyun_AES_128
andAliyun_AES_192
.NOTE: When the pre-deletion days elapses, the key is permanently deleted and cannot be recovered.
- key
Spec String - The specification of the key. Default value:
Aliyun_AES_256
. Valid values:Aliyun_AES_256
,Aliyun_AES_128
,Aliyun_AES_192
,Aliyun_SM4
,RSA_2048
,RSA_3072
,EC_P256
,EC_P256K
,EC_SM2
. - key
State String - Field
key_state
has been deprecated from provider version 1.123.1. New fieldstatus
instead. - key
Usage String - The usage of the key. Default value:
ENCRYPT/DECRYPT
. Valid values:ENCRYPT/DECRYPT
: Encrypts or decrypts data.SIGN/VERIFY
: Generates or verifies a digital signature.
- last
Rotation StringDate - The time when the last rotation was performed.
- material
Expire StringTime - The time when the key material expires.
- next
Rotation StringDate - The time when the next rotation will be performed.
- origin String
- The key material origin. Default value:
Aliyun_KMS
. Valid values:Aliyun_KMS
,EXTERNAL
. - pending
Window IntegerIn Days - The number of days before the CMK is deleted. During this period, the CMK is in the PendingDeletion state. After this period ends, you cannot cancel the deletion. Unit: days. Valid values:
7
to366
. NOTE: From version 1.184.0,pending_window_in_days
can be set to366
. - policy String
- The content of the key policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
- primary
Key StringVersion - The ID of the current primary key version of the symmetric CMK.
- protection
Level String - The protection level of the key. Default value:
SOFTWARE
. Valid values:SOFTWARE
,HSM
. - rotation
Interval String - The period of automatic key rotation. The following units are supported: d (day), h (hour), m (minute), and s (second). For example, you can use either 7d or 604800s to specify a seven-day interval.
NOTE: If
automatic_rotation
is set toEnabled
,rotation_interval
is required. - status String
- The status of key. Default value:
Enabled
. Valid values:Enabled
,Disabled
,PendingDeletion
. - Map<String,String>
- A mapping of tags to assign to the resource.
- arn string
- The ARN of the key.
- automatic
Rotation string - Specifies whether to enable automatic key rotation. Default value:
Disabled
. Valid values:Enabled
,Disabled
. - creation
Date string - The time when the CMK was created.
- creator string
- The creator of the CMK.
- delete
Date string - The time at which the CMK is scheduled for deletion.
- deletion
Window numberIn Days - Field
deletion_window_in_days
has been deprecated from provider version 1.85.0. New fieldpending_window_in_days
instead. - description string
- The description of the key.
- dkms
Instance stringId - The ID of the KMS instance.
- is
Enabled boolean Field
is_enabled
has been deprecated from provider version 1.85.0. New fieldstatus
instead.NOTE: If you set the origin parameter to EXTERNAL or the key_spec parameter to an asymmetric CMK type, automatic key rotation is unavailable.
NOTE: The default type of the CMK is
Aliyun_AES_256
. Only Dedicated KMS supportsAliyun_AES_128
andAliyun_AES_192
.NOTE: When the pre-deletion days elapses, the key is permanently deleted and cannot be recovered.
- key
Spec string - The specification of the key. Default value:
Aliyun_AES_256
. Valid values:Aliyun_AES_256
,Aliyun_AES_128
,Aliyun_AES_192
,Aliyun_SM4
,RSA_2048
,RSA_3072
,EC_P256
,EC_P256K
,EC_SM2
. - key
State string - Field
key_state
has been deprecated from provider version 1.123.1. New fieldstatus
instead. - key
Usage string - The usage of the key. Default value:
ENCRYPT/DECRYPT
. Valid values:ENCRYPT/DECRYPT
: Encrypts or decrypts data.SIGN/VERIFY
: Generates or verifies a digital signature.
- last
Rotation stringDate - The time when the last rotation was performed.
- material
Expire stringTime - The time when the key material expires.
- next
Rotation stringDate - The time when the next rotation will be performed.
- origin string
- The key material origin. Default value:
Aliyun_KMS
. Valid values:Aliyun_KMS
,EXTERNAL
. - pending
Window numberIn Days - The number of days before the CMK is deleted. During this period, the CMK is in the PendingDeletion state. After this period ends, you cannot cancel the deletion. Unit: days. Valid values:
7
to366
. NOTE: From version 1.184.0,pending_window_in_days
can be set to366
. - policy string
- The content of the key policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
- primary
Key stringVersion - The ID of the current primary key version of the symmetric CMK.
- protection
Level string - The protection level of the key. Default value:
SOFTWARE
. Valid values:SOFTWARE
,HSM
. - rotation
Interval string - The period of automatic key rotation. The following units are supported: d (day), h (hour), m (minute), and s (second). For example, you can use either 7d or 604800s to specify a seven-day interval.
NOTE: If
automatic_rotation
is set toEnabled
,rotation_interval
is required. - status string
- The status of key. Default value:
Enabled
. Valid values:Enabled
,Disabled
,PendingDeletion
. - {[key: string]: string}
- A mapping of tags to assign to the resource.
- arn str
- The ARN of the key.
- automatic_
rotation str - Specifies whether to enable automatic key rotation. Default value:
Disabled
. Valid values:Enabled
,Disabled
. - creation_
date str - The time when the CMK was created.
- creator str
- The creator of the CMK.
- delete_
date str - The time at which the CMK is scheduled for deletion.
- deletion_
window_ intin_ days - Field
deletion_window_in_days
has been deprecated from provider version 1.85.0. New fieldpending_window_in_days
instead. - description str
- The description of the key.
- dkms_
instance_ strid - The ID of the KMS instance.
- is_
enabled bool Field
is_enabled
has been deprecated from provider version 1.85.0. New fieldstatus
instead.NOTE: If you set the origin parameter to EXTERNAL or the key_spec parameter to an asymmetric CMK type, automatic key rotation is unavailable.
NOTE: The default type of the CMK is
Aliyun_AES_256
. Only Dedicated KMS supportsAliyun_AES_128
andAliyun_AES_192
.NOTE: When the pre-deletion days elapses, the key is permanently deleted and cannot be recovered.
- key_
spec str - The specification of the key. Default value:
Aliyun_AES_256
. Valid values:Aliyun_AES_256
,Aliyun_AES_128
,Aliyun_AES_192
,Aliyun_SM4
,RSA_2048
,RSA_3072
,EC_P256
,EC_P256K
,EC_SM2
. - key_
state str - Field
key_state
has been deprecated from provider version 1.123.1. New fieldstatus
instead. - key_
usage str - The usage of the key. Default value:
ENCRYPT/DECRYPT
. Valid values:ENCRYPT/DECRYPT
: Encrypts or decrypts data.SIGN/VERIFY
: Generates or verifies a digital signature.
- last_
rotation_ strdate - The time when the last rotation was performed.
- material_
expire_ strtime - The time when the key material expires.
- next_
rotation_ strdate - The time when the next rotation will be performed.
- origin str
- The key material origin. Default value:
Aliyun_KMS
. Valid values:Aliyun_KMS
,EXTERNAL
. - pending_
window_ intin_ days - The number of days before the CMK is deleted. During this period, the CMK is in the PendingDeletion state. After this period ends, you cannot cancel the deletion. Unit: days. Valid values:
7
to366
. NOTE: From version 1.184.0,pending_window_in_days
can be set to366
. - policy str
- The content of the key policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
- primary_
key_ strversion - The ID of the current primary key version of the symmetric CMK.
- protection_
level str - The protection level of the key. Default value:
SOFTWARE
. Valid values:SOFTWARE
,HSM
. - rotation_
interval str - The period of automatic key rotation. The following units are supported: d (day), h (hour), m (minute), and s (second). For example, you can use either 7d or 604800s to specify a seven-day interval.
NOTE: If
automatic_rotation
is set toEnabled
,rotation_interval
is required. - status str
- The status of key. Default value:
Enabled
. Valid values:Enabled
,Disabled
,PendingDeletion
. - Mapping[str, str]
- A mapping of tags to assign to the resource.
- arn String
- The ARN of the key.
- automatic
Rotation String - Specifies whether to enable automatic key rotation. Default value:
Disabled
. Valid values:Enabled
,Disabled
. - creation
Date String - The time when the CMK was created.
- creator String
- The creator of the CMK.
- delete
Date String - The time at which the CMK is scheduled for deletion.
- deletion
Window NumberIn Days - Field
deletion_window_in_days
has been deprecated from provider version 1.85.0. New fieldpending_window_in_days
instead. - description String
- The description of the key.
- dkms
Instance StringId - The ID of the KMS instance.
- is
Enabled Boolean Field
is_enabled
has been deprecated from provider version 1.85.0. New fieldstatus
instead.NOTE: If you set the origin parameter to EXTERNAL or the key_spec parameter to an asymmetric CMK type, automatic key rotation is unavailable.
NOTE: The default type of the CMK is
Aliyun_AES_256
. Only Dedicated KMS supportsAliyun_AES_128
andAliyun_AES_192
.NOTE: When the pre-deletion days elapses, the key is permanently deleted and cannot be recovered.
- key
Spec String - The specification of the key. Default value:
Aliyun_AES_256
. Valid values:Aliyun_AES_256
,Aliyun_AES_128
,Aliyun_AES_192
,Aliyun_SM4
,RSA_2048
,RSA_3072
,EC_P256
,EC_P256K
,EC_SM2
. - key
State String - Field
key_state
has been deprecated from provider version 1.123.1. New fieldstatus
instead. - key
Usage String - The usage of the key. Default value:
ENCRYPT/DECRYPT
. Valid values:ENCRYPT/DECRYPT
: Encrypts or decrypts data.SIGN/VERIFY
: Generates or verifies a digital signature.
- last
Rotation StringDate - The time when the last rotation was performed.
- material
Expire StringTime - The time when the key material expires.
- next
Rotation StringDate - The time when the next rotation will be performed.
- origin String
- The key material origin. Default value:
Aliyun_KMS
. Valid values:Aliyun_KMS
,EXTERNAL
. - pending
Window NumberIn Days - The number of days before the CMK is deleted. During this period, the CMK is in the PendingDeletion state. After this period ends, you cannot cancel the deletion. Unit: days. Valid values:
7
to366
. NOTE: From version 1.184.0,pending_window_in_days
can be set to366
. - policy String
- The content of the key policy. The value is in the JSON format. The value can be up to 32,768 bytes in length. For more information, see How to use it.
- primary
Key StringVersion - The ID of the current primary key version of the symmetric CMK.
- protection
Level String - The protection level of the key. Default value:
SOFTWARE
. Valid values:SOFTWARE
,HSM
. - rotation
Interval String - The period of automatic key rotation. The following units are supported: d (day), h (hour), m (minute), and s (second). For example, you can use either 7d or 604800s to specify a seven-day interval.
NOTE: If
automatic_rotation
is set toEnabled
,rotation_interval
is required. - status String
- The status of key. Default value:
Enabled
. Valid values:Enabled
,Disabled
,PendingDeletion
. - Map<String>
- A mapping of tags to assign to the resource.
Import
KMS Key can be imported using the id, e.g.
$ pulumi import alicloud:kms/key:Key example <id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Alibaba Cloud pulumi/pulumi-alicloud
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
alicloud
Terraform Provider.