Docs Home
Confluent v2.10.0 published on Wednesday, Nov 20, 2024 by Pulumi
confluentcloud.getSchemaRegistryKek
Explore with Pulumi AI
confluentcloud.SchemaRegistryKek describes a Schema Registry Key Encryption Key (KEK) data source.
Example Usage
Option #1: Manage multiple Schema Registry clusters in the same Pulumi Stack
import * as pulumi from "@pulumi/pulumi";
import * as confluentcloud from "@pulumi/confluentcloud";
const myKey = confluentcloud.getSchemaRegistryKek({
schemaRegistryCluster: {
id: essentials.id,
},
restEndpoint: essentials.restEndpoint,
credentials: {
key: "<Schema Registry API Key for data.confluent_schema_registry_cluster.essentials>",
secret: "<Schema Registry API Secret for data.confluent_schema_registry_cluster.essentials>",
},
name: "my_key",
});
import pulumi
import pulumi_confluentcloud as confluentcloud
my_key = confluentcloud.get_schema_registry_kek(schema_registry_cluster={
"id": essentials["id"],
},
rest_endpoint=essentials["restEndpoint"],
credentials={
"key": "<Schema Registry API Key for data.confluent_schema_registry_cluster.essentials>",
"secret": "<Schema Registry API Secret for data.confluent_schema_registry_cluster.essentials>",
},
name="my_key")
package main
import (
"github.com/pulumi/pulumi-confluentcloud/sdk/v2/go/confluentcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := confluentcloud.LookupSchemaRegistryKek(ctx, &confluentcloud.LookupSchemaRegistryKekArgs{
SchemaRegistryCluster: confluentcloud.GetSchemaRegistryKekSchemaRegistryCluster{
Id: essentials.Id,
},
RestEndpoint: pulumi.StringRef(essentials.RestEndpoint),
Credentials: confluentcloud.GetSchemaRegistryKekCredentials{
Key: "<Schema Registry API Key for data.confluent_schema_registry_cluster.essentials>",
Secret: "<Schema Registry API Secret for data.confluent_schema_registry_cluster.essentials>",
},
Name: "my_key",
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using ConfluentCloud = Pulumi.ConfluentCloud;
return await Deployment.RunAsync(() =>
{
var myKey = ConfluentCloud.GetSchemaRegistryKek.Invoke(new()
{
SchemaRegistryCluster = new ConfluentCloud.Inputs.GetSchemaRegistryKekSchemaRegistryClusterInputArgs
{
Id = essentials.Id,
},
RestEndpoint = essentials.RestEndpoint,
Credentials = new ConfluentCloud.Inputs.GetSchemaRegistryKekCredentialsInputArgs
{
Key = "<Schema Registry API Key for data.confluent_schema_registry_cluster.essentials>",
Secret = "<Schema Registry API Secret for data.confluent_schema_registry_cluster.essentials>",
},
Name = "my_key",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.confluentcloud.ConfluentcloudFunctions;
import com.pulumi.confluentcloud.inputs.GetSchemaRegistryKekArgs;
import com.pulumi.confluentcloud.inputs.GetSchemaRegistryKekSchemaRegistryClusterArgs;
import com.pulumi.confluentcloud.inputs.GetSchemaRegistryKekCredentialsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var myKey = ConfluentcloudFunctions.getSchemaRegistryKek(GetSchemaRegistryKekArgs.builder()
.schemaRegistryCluster(GetSchemaRegistryKekSchemaRegistryClusterArgs.builder()
.id(essentials.id())
.build())
.restEndpoint(essentials.restEndpoint())
.credentials(GetSchemaRegistryKekCredentialsArgs.builder()
.key("<Schema Registry API Key for data.confluent_schema_registry_cluster.essentials>")
.secret("<Schema Registry API Secret for data.confluent_schema_registry_cluster.essentials>")
.build())
.name("my_key")
.build());
}
}
variables:
myKey:
fn::invoke:
Function: confluentcloud:getSchemaRegistryKek
Arguments:
schemaRegistryCluster:
id: ${essentials.id}
restEndpoint: ${essentials.restEndpoint}
credentials:
key: <Schema Registry API Key for data.confluent_schema_registry_cluster.essentials>
secret: <Schema Registry API Secret for data.confluent_schema_registry_cluster.essentials>
name: my_key
Option #2: Manage a single Schema Registry cluster in the same Pulumi Stack
import * as pulumi from "@pulumi/pulumi";
import * as confluentcloud from "@pulumi/confluentcloud";
const myKey = confluentcloud.getSchemaRegistryKek({
name: "my_key",
});
import pulumi
import pulumi_confluentcloud as confluentcloud
my_key = confluentcloud.get_schema_registry_kek(name="my_key")
package main
import (
"github.com/pulumi/pulumi-confluentcloud/sdk/v2/go/confluentcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := confluentcloud.LookupSchemaRegistryKek(ctx, &confluentcloud.LookupSchemaRegistryKekArgs{
Name: "my_key",
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using ConfluentCloud = Pulumi.ConfluentCloud;
return await Deployment.RunAsync(() =>
{
var myKey = ConfluentCloud.GetSchemaRegistryKek.Invoke(new()
{
Name = "my_key",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.confluentcloud.ConfluentcloudFunctions;
import com.pulumi.confluentcloud.inputs.GetSchemaRegistryKekArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var myKey = ConfluentcloudFunctions.getSchemaRegistryKek(GetSchemaRegistryKekArgs.builder()
.name("my_key")
.build());
}
}
variables:
myKey:
fn::invoke:
Function: confluentcloud:getSchemaRegistryKek
Arguments:
name: my_key
Using getSchemaRegistryKek
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getSchemaRegistryKek(args: GetSchemaRegistryKekArgs, opts?: InvokeOptions): Promise<GetSchemaRegistryKekResult>
function getSchemaRegistryKekOutput(args: GetSchemaRegistryKekOutputArgs, opts?: InvokeOptions): Output<GetSchemaRegistryKekResult>def get_schema_registry_kek(credentials: Optional[GetSchemaRegistryKekCredentials] = None,
name: Optional[str] = None,
rest_endpoint: Optional[str] = None,
schema_registry_cluster: Optional[GetSchemaRegistryKekSchemaRegistryCluster] = None,
opts: Optional[InvokeOptions] = None) -> GetSchemaRegistryKekResult
def get_schema_registry_kek_output(credentials: Optional[pulumi.Input[GetSchemaRegistryKekCredentialsArgs]] = None,
name: Optional[pulumi.Input[str]] = None,
rest_endpoint: Optional[pulumi.Input[str]] = None,
schema_registry_cluster: Optional[pulumi.Input[GetSchemaRegistryKekSchemaRegistryClusterArgs]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetSchemaRegistryKekResult]func LookupSchemaRegistryKek(ctx *Context, args *LookupSchemaRegistryKekArgs, opts ...InvokeOption) (*LookupSchemaRegistryKekResult, error)
func LookupSchemaRegistryKekOutput(ctx *Context, args *LookupSchemaRegistryKekOutputArgs, opts ...InvokeOption) LookupSchemaRegistryKekResultOutput> Note: This function is named LookupSchemaRegistryKek in the Go SDK.
public static class GetSchemaRegistryKek
{
public static Task<GetSchemaRegistryKekResult> InvokeAsync(GetSchemaRegistryKekArgs args, InvokeOptions? opts = null)
public static Output<GetSchemaRegistryKekResult> Invoke(GetSchemaRegistryKekInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetSchemaRegistryKekResult> getSchemaRegistryKek(GetSchemaRegistryKekArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: confluentcloud:index/getSchemaRegistryKek:getSchemaRegistryKek
arguments:
# arguments dictionaryThe following arguments are supported:
- Name string
The name for the KEK.
Note: A Schema Registry API key consists of a key and a secret. Schema Registry API keys are required to interact with Schema Registry clusters in Confluent Cloud. Each Schema Registry API key is valid for one specific Schema Registry cluster.
- Credentials
Pulumi.
Confluent Cloud. Inputs. Get Schema Registry Kek Credentials - Rest
Endpoint string - The REST endpoint of the Schema Registry cluster, for example,
https://psrc-00000.us-central1.gcp.confluent.cloud:443). - Schema
Registry Pulumi.Cluster Confluent Cloud. Inputs. Get Schema Registry Kek Schema Registry Cluster
- Name string
The name for the KEK.
Note: A Schema Registry API key consists of a key and a secret. Schema Registry API keys are required to interact with Schema Registry clusters in Confluent Cloud. Each Schema Registry API key is valid for one specific Schema Registry cluster.
- Credentials
Get
Schema Registry Kek Credentials - Rest
Endpoint string - The REST endpoint of the Schema Registry cluster, for example,
https://psrc-00000.us-central1.gcp.confluent.cloud:443). - Schema
Registry GetCluster Schema Registry Kek Schema Registry Cluster
- name String
The name for the KEK.
Note: A Schema Registry API key consists of a key and a secret. Schema Registry API keys are required to interact with Schema Registry clusters in Confluent Cloud. Each Schema Registry API key is valid for one specific Schema Registry cluster.
- credentials
Get
Schema Registry Kek Credentials - rest
Endpoint String - The REST endpoint of the Schema Registry cluster, for example,
https://psrc-00000.us-central1.gcp.confluent.cloud:443). - schema
Registry GetCluster Schema Registry Kek Schema Registry Cluster
- name string
The name for the KEK.
Note: A Schema Registry API key consists of a key and a secret. Schema Registry API keys are required to interact with Schema Registry clusters in Confluent Cloud. Each Schema Registry API key is valid for one specific Schema Registry cluster.
- credentials
Get
Schema Registry Kek Credentials - rest
Endpoint string - The REST endpoint of the Schema Registry cluster, for example,
https://psrc-00000.us-central1.gcp.confluent.cloud:443). - schema
Registry GetCluster Schema Registry Kek Schema Registry Cluster
- name str
The name for the KEK.
Note: A Schema Registry API key consists of a key and a secret. Schema Registry API keys are required to interact with Schema Registry clusters in Confluent Cloud. Each Schema Registry API key is valid for one specific Schema Registry cluster.
- credentials
Get
Schema Registry Kek Credentials - rest_
endpoint str - The REST endpoint of the Schema Registry cluster, for example,
https://psrc-00000.us-central1.gcp.confluent.cloud:443). - schema_
registry_ Getcluster Schema Registry Kek Schema Registry Cluster
- name String
The name for the KEK.
Note: A Schema Registry API key consists of a key and a secret. Schema Registry API keys are required to interact with Schema Registry clusters in Confluent Cloud. Each Schema Registry API key is valid for one specific Schema Registry cluster.
- credentials Property Map
- rest
Endpoint String - The REST endpoint of the Schema Registry cluster, for example,
https://psrc-00000.us-central1.gcp.confluent.cloud:443). - schema
Registry Property MapCluster
getSchemaRegistryKek Result
The following output properties are available:
- Doc string
- (Optional String) The optional description for the KEK.
- Hard
Delete bool - (Optional Boolean) The optional flag to control whether a kek should be soft or hard deleted. Defaults to
false. - Id string
- The provider-assigned unique ID for this managed resource.
- Kms
Key stringId - (Required String) The ID of the key from KMS.
- When using the AWS KMS, this is an ARN, for example,
arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc. - When using the Azure Key Vault, this is a Key Identifier (URI), for example,
https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef. - When using the GCP KMS, this is a resource name, for example,
projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1.
- When using the AWS KMS, this is an ARN, for example,
- Kms
Type string - (Required String) The type of Key Management Service (KMS). The supported values include
aws-kms,azure-kms, andgcp-kms. Additionally, custom KMS types are supported as well. - Name string
- (Required String) The custom property name (for example,
KeyUsage). - Properties Dictionary<string, string>
- (Optional Map) The custom properties to set (for example,
KeyUsage=ENCRYPT_DECRYPT,KeyState=Enabled): - bool
- (Optional Boolean) The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to
false. - Credentials
Pulumi.
Confluent Cloud. Outputs. Get Schema Registry Kek Credentials - Rest
Endpoint string - Schema
Registry Pulumi.Cluster Confluent Cloud. Outputs. Get Schema Registry Kek Schema Registry Cluster
- Doc string
- (Optional String) The optional description for the KEK.
- Hard
Delete bool - (Optional Boolean) The optional flag to control whether a kek should be soft or hard deleted. Defaults to
false. - Id string
- The provider-assigned unique ID for this managed resource.
- Kms
Key stringId - (Required String) The ID of the key from KMS.
- When using the AWS KMS, this is an ARN, for example,
arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc. - When using the Azure Key Vault, this is a Key Identifier (URI), for example,
https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef. - When using the GCP KMS, this is a resource name, for example,
projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1.
- When using the AWS KMS, this is an ARN, for example,
- Kms
Type string - (Required String) The type of Key Management Service (KMS). The supported values include
aws-kms,azure-kms, andgcp-kms. Additionally, custom KMS types are supported as well. - Name string
- (Required String) The custom property name (for example,
KeyUsage). - Properties map[string]string
- (Optional Map) The custom properties to set (for example,
KeyUsage=ENCRYPT_DECRYPT,KeyState=Enabled): - bool
- (Optional Boolean) The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to
false. - Credentials
Get
Schema Registry Kek Credentials - Rest
Endpoint string - Schema
Registry GetCluster Schema Registry Kek Schema Registry Cluster
- doc String
- (Optional String) The optional description for the KEK.
- hard
Delete Boolean - (Optional Boolean) The optional flag to control whether a kek should be soft or hard deleted. Defaults to
false. - id String
- The provider-assigned unique ID for this managed resource.
- kms
Key StringId - (Required String) The ID of the key from KMS.
- When using the AWS KMS, this is an ARN, for example,
arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc. - When using the Azure Key Vault, this is a Key Identifier (URI), for example,
https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef. - When using the GCP KMS, this is a resource name, for example,
projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1.
- When using the AWS KMS, this is an ARN, for example,
- kms
Type String - (Required String) The type of Key Management Service (KMS). The supported values include
aws-kms,azure-kms, andgcp-kms. Additionally, custom KMS types are supported as well. - name String
- (Required String) The custom property name (for example,
KeyUsage). - properties Map<String,String>
- (Optional Map) The custom properties to set (for example,
KeyUsage=ENCRYPT_DECRYPT,KeyState=Enabled): - Boolean
- (Optional Boolean) The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to
false. - credentials
Get
Schema Registry Kek Credentials - rest
Endpoint String - schema
Registry GetCluster Schema Registry Kek Schema Registry Cluster
- doc string
- (Optional String) The optional description for the KEK.
- hard
Delete boolean - (Optional Boolean) The optional flag to control whether a kek should be soft or hard deleted. Defaults to
false. - id string
- The provider-assigned unique ID for this managed resource.
- kms
Key stringId - (Required String) The ID of the key from KMS.
- When using the AWS KMS, this is an ARN, for example,
arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc. - When using the Azure Key Vault, this is a Key Identifier (URI), for example,
https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef. - When using the GCP KMS, this is a resource name, for example,
projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1.
- When using the AWS KMS, this is an ARN, for example,
- kms
Type string - (Required String) The type of Key Management Service (KMS). The supported values include
aws-kms,azure-kms, andgcp-kms. Additionally, custom KMS types are supported as well. - name string
- (Required String) The custom property name (for example,
KeyUsage). - properties {[key: string]: string}
- (Optional Map) The custom properties to set (for example,
KeyUsage=ENCRYPT_DECRYPT,KeyState=Enabled): - boolean
- (Optional Boolean) The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to
false. - credentials
Get
Schema Registry Kek Credentials - rest
Endpoint string - schema
Registry GetCluster Schema Registry Kek Schema Registry Cluster
- doc str
- (Optional String) The optional description for the KEK.
- hard_
delete bool - (Optional Boolean) The optional flag to control whether a kek should be soft or hard deleted. Defaults to
false. - id str
- The provider-assigned unique ID for this managed resource.
- kms_
key_ strid - (Required String) The ID of the key from KMS.
- When using the AWS KMS, this is an ARN, for example,
arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc. - When using the Azure Key Vault, this is a Key Identifier (URI), for example,
https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef. - When using the GCP KMS, this is a resource name, for example,
projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1.
- When using the AWS KMS, this is an ARN, for example,
- kms_
type str - (Required String) The type of Key Management Service (KMS). The supported values include
aws-kms,azure-kms, andgcp-kms. Additionally, custom KMS types are supported as well. - name str
- (Required String) The custom property name (for example,
KeyUsage). - properties Mapping[str, str]
- (Optional Map) The custom properties to set (for example,
KeyUsage=ENCRYPT_DECRYPT,KeyState=Enabled): - bool
- (Optional Boolean) The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to
false. - credentials
Get
Schema Registry Kek Credentials - rest_
endpoint str - schema_
registry_ Getcluster Schema Registry Kek Schema Registry Cluster
- doc String
- (Optional String) The optional description for the KEK.
- hard
Delete Boolean - (Optional Boolean) The optional flag to control whether a kek should be soft or hard deleted. Defaults to
false. - id String
- The provider-assigned unique ID for this managed resource.
- kms
Key StringId - (Required String) The ID of the key from KMS.
- When using the AWS KMS, this is an ARN, for example,
arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc. - When using the Azure Key Vault, this is a Key Identifier (URI), for example,
https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef. - When using the GCP KMS, this is a resource name, for example,
projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1.
- When using the AWS KMS, this is an ARN, for example,
- kms
Type String - (Required String) The type of Key Management Service (KMS). The supported values include
aws-kms,azure-kms, andgcp-kms. Additionally, custom KMS types are supported as well. - name String
- (Required String) The custom property name (for example,
KeyUsage). - properties Map<String>
- (Optional Map) The custom properties to set (for example,
KeyUsage=ENCRYPT_DECRYPT,KeyState=Enabled): - Boolean
- (Optional Boolean) The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to
false. - credentials Property Map
- rest
Endpoint String - schema
Registry Property MapCluster
Supporting Types
GetSchemaRegistryKekCredentials
GetSchemaRegistryKekSchemaRegistryCluster
- Id string
- The ID of the Schema Registry cluster, for example,
lsrc-abc123.
- Id string
- The ID of the Schema Registry cluster, for example,
lsrc-abc123.
- id String
- The ID of the Schema Registry cluster, for example,
lsrc-abc123.
- id string
- The ID of the Schema Registry cluster, for example,
lsrc-abc123.
- id str
- The ID of the Schema Registry cluster, for example,
lsrc-abc123.
- id String
- The ID of the Schema Registry cluster, for example,
lsrc-abc123.
Package Details
- Repository
- Confluent Cloud pulumi/pulumi-confluentcloud
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
confluentTerraform Provider.