Confluent v2.10.0, Nov 20 24

Confluent v2.10.0 published on Wednesday, Nov 20, 2024 by Pulumi

confluentcloud.SchemaRegistryDek

Explore with Pulumi AI

Confluent v2.10.0 published on Wednesday, Nov 20, 2024 by Pulumi

pulumi/pulumi-confluentcloud

Example Usage

Option #1: Manage multiple Schema Registry clusters in the same Pulumi Stack

import * as pulumi from "@pulumi/pulumi";
import * as confluentcloud from "@pulumi/confluentcloud";

const myDek = new confluentcloud.SchemaRegistryDek("my_dek", {
    schemaRegistryCluster: {
        id: essentials.id,
    },
    restEndpoint: essentials.restEndpoint,
    credentials: {
        key: "<Schema Registry API Key for data.confluent_schema_registry_cluster.essentials>",
        secret: "<Schema Registry API Secret for data.confluent_schema_registry_cluster.essentials>",
    },
    kekName: "my_kek",
    subjectName: "my_subject",
    hardDelete: true,
});

import pulumi
import pulumi_confluentcloud as confluentcloud

my_dek = confluentcloud.SchemaRegistryDek("my_dek",
    schema_registry_cluster={
        "id": essentials["id"],
    },
    rest_endpoint=essentials["restEndpoint"],
    credentials={
        "key": "<Schema Registry API Key for data.confluent_schema_registry_cluster.essentials>",
        "secret": "<Schema Registry API Secret for data.confluent_schema_registry_cluster.essentials>",
    },
    kek_name="my_kek",
    subject_name="my_subject",
    hard_delete=True)

package main

import (
	"github.com/pulumi/pulumi-confluentcloud/sdk/v2/go/confluentcloud"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := confluentcloud.NewSchemaRegistryDek(ctx, "my_dek", &confluentcloud.SchemaRegistryDekArgs{
			SchemaRegistryCluster: &confluentcloud.SchemaRegistryDekSchemaRegistryClusterArgs{
				Id: pulumi.Any(essentials.Id),
			},
			RestEndpoint: pulumi.Any(essentials.RestEndpoint),
			Credentials: &confluentcloud.SchemaRegistryDekCredentialsArgs{
				Key:    pulumi.String("<Schema Registry API Key for data.confluent_schema_registry_cluster.essentials>"),
				Secret: pulumi.String("<Schema Registry API Secret for data.confluent_schema_registry_cluster.essentials>"),
			},
			KekName:     pulumi.String("my_kek"),
			SubjectName: pulumi.String("my_subject"),
			HardDelete:  pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using ConfluentCloud = Pulumi.ConfluentCloud;

return await Deployment.RunAsync(() => 
{
    var myDek = new ConfluentCloud.SchemaRegistryDek("my_dek", new()
    {
        SchemaRegistryCluster = new ConfluentCloud.Inputs.SchemaRegistryDekSchemaRegistryClusterArgs
        {
            Id = essentials.Id,
        },
        RestEndpoint = essentials.RestEndpoint,
        Credentials = new ConfluentCloud.Inputs.SchemaRegistryDekCredentialsArgs
        {
            Key = "<Schema Registry API Key for data.confluent_schema_registry_cluster.essentials>",
            Secret = "<Schema Registry API Secret for data.confluent_schema_registry_cluster.essentials>",
        },
        KekName = "my_kek",
        SubjectName = "my_subject",
        HardDelete = true,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.confluentcloud.SchemaRegistryDek;
import com.pulumi.confluentcloud.SchemaRegistryDekArgs;
import com.pulumi.confluentcloud.inputs.SchemaRegistryDekSchemaRegistryClusterArgs;
import com.pulumi.confluentcloud.inputs.SchemaRegistryDekCredentialsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var myDek = new SchemaRegistryDek("myDek", SchemaRegistryDekArgs.builder()
            .schemaRegistryCluster(SchemaRegistryDekSchemaRegistryClusterArgs.builder()
                .id(essentials.id())
                .build())
            .restEndpoint(essentials.restEndpoint())
            .credentials(SchemaRegistryDekCredentialsArgs.builder()
                .key("<Schema Registry API Key for data.confluent_schema_registry_cluster.essentials>")
                .secret("<Schema Registry API Secret for data.confluent_schema_registry_cluster.essentials>")
                .build())
            .kekName("my_kek")
            .subjectName("my_subject")
            .hardDelete(true)
            .build());

    }
}

resources:
  myDek:
    type: confluentcloud:SchemaRegistryDek
    name: my_dek
    properties:
      schemaRegistryCluster:
        id: ${essentials.id}
      restEndpoint: ${essentials.restEndpoint}
      credentials:
        key: <Schema Registry API Key for data.confluent_schema_registry_cluster.essentials>
        secret: <Schema Registry API Secret for data.confluent_schema_registry_cluster.essentials>
      kekName: my_kek
      subjectName: my_subject
      hardDelete: true

Option #2: Manage a single Schema Registry cluster in the same Pulumi Stack

import * as pulumi from "@pulumi/pulumi";
import * as confluentcloud from "@pulumi/confluentcloud";

const myDek = new confluentcloud.SchemaRegistryDek("my_dek", {
    kekName: "my_kek",
    subjectName: "my_subject",
    hardDelete: true,
});

import pulumi
import pulumi_confluentcloud as confluentcloud

my_dek = confluentcloud.SchemaRegistryDek("my_dek",
    kek_name="my_kek",
    subject_name="my_subject",
    hard_delete=True)

package main

import (
	"github.com/pulumi/pulumi-confluentcloud/sdk/v2/go/confluentcloud"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := confluentcloud.NewSchemaRegistryDek(ctx, "my_dek", &confluentcloud.SchemaRegistryDekArgs{
			KekName:     pulumi.String("my_kek"),
			SubjectName: pulumi.String("my_subject"),
			HardDelete:  pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using ConfluentCloud = Pulumi.ConfluentCloud;

return await Deployment.RunAsync(() => 
{
    var myDek = new ConfluentCloud.SchemaRegistryDek("my_dek", new()
    {
        KekName = "my_kek",
        SubjectName = "my_subject",
        HardDelete = true,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.confluentcloud.SchemaRegistryDek;
import com.pulumi.confluentcloud.SchemaRegistryDekArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var myDek = new SchemaRegistryDek("myDek", SchemaRegistryDekArgs.builder()
            .kekName("my_kek")
            .subjectName("my_subject")
            .hardDelete(true)
            .build());

    }
}

resources:
  myDek:
    type: confluentcloud:SchemaRegistryDek
    name: my_dek
    properties:
      kekName: my_kek
      subjectName: my_subject
      hardDelete: true

Getting Started

The following end-to-end example might help to get started with field-level encryption:

field-level-encryption-schema

Create SchemaRegistryDek Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SchemaRegistryDek(name: string, args: SchemaRegistryDekArgs, opts?: CustomResourceOptions);

@overload
def SchemaRegistryDek(resource_name: str,
                      args: SchemaRegistryDekArgs,
                      opts: Optional[ResourceOptions] = None)

@overload
def SchemaRegistryDek(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      kek_name: Optional[str] = None,
                      subject_name: Optional[str] = None,
                      algorithm: Optional[str] = None,
                      credentials: Optional[SchemaRegistryDekCredentialsArgs] = None,
                      encrypted_key_material: Optional[str] = None,
                      hard_delete: Optional[bool] = None,
                      rest_endpoint: Optional[str] = None,
                      schema_registry_cluster: Optional[SchemaRegistryDekSchemaRegistryClusterArgs] = None,
                      version: Optional[int] = None)

func NewSchemaRegistryDek(ctx *Context, name string, args SchemaRegistryDekArgs, opts ...ResourceOption) (*SchemaRegistryDek, error)

public SchemaRegistryDek(string name, SchemaRegistryDekArgs args, CustomResourceOptions? opts = null)

public SchemaRegistryDek(String name, SchemaRegistryDekArgs args)
public SchemaRegistryDek(String name, SchemaRegistryDekArgs args, CustomResourceOptions options)

type: confluentcloud:SchemaRegistryDek
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SchemaRegistryDekArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SchemaRegistryDekArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SchemaRegistryDekArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SchemaRegistryDekArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SchemaRegistryDekArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var schemaRegistryDekResource = new ConfluentCloud.SchemaRegistryDek("schemaRegistryDekResource", new()
{
    KekName = "string",
    SubjectName = "string",
    Algorithm = "string",
    Credentials = new ConfluentCloud.Inputs.SchemaRegistryDekCredentialsArgs
    {
        Key = "string",
        Secret = "string",
    },
    EncryptedKeyMaterial = "string",
    HardDelete = false,
    RestEndpoint = "string",
    SchemaRegistryCluster = new ConfluentCloud.Inputs.SchemaRegistryDekSchemaRegistryClusterArgs
    {
        Id = "string",
    },
    Version = 0,
});

example, err := confluentcloud.NewSchemaRegistryDek(ctx, "schemaRegistryDekResource", &confluentcloud.SchemaRegistryDekArgs{
	KekName:     pulumi.String("string"),
	SubjectName: pulumi.String("string"),
	Algorithm:   pulumi.String("string"),
	Credentials: &confluentcloud.SchemaRegistryDekCredentialsArgs{
		Key:    pulumi.String("string"),
		Secret: pulumi.String("string"),
	},
	EncryptedKeyMaterial: pulumi.String("string"),
	HardDelete:           pulumi.Bool(false),
	RestEndpoint:         pulumi.String("string"),
	SchemaRegistryCluster: &confluentcloud.SchemaRegistryDekSchemaRegistryClusterArgs{
		Id: pulumi.String("string"),
	},
	Version: pulumi.Int(0),
})

var schemaRegistryDekResource = new SchemaRegistryDek("schemaRegistryDekResource", SchemaRegistryDekArgs.builder()
    .kekName("string")
    .subjectName("string")
    .algorithm("string")
    .credentials(SchemaRegistryDekCredentialsArgs.builder()
        .key("string")
        .secret("string")
        .build())
    .encryptedKeyMaterial("string")
    .hardDelete(false)
    .restEndpoint("string")
    .schemaRegistryCluster(SchemaRegistryDekSchemaRegistryClusterArgs.builder()
        .id("string")
        .build())
    .version(0)
    .build());

schema_registry_dek_resource = confluentcloud.SchemaRegistryDek("schemaRegistryDekResource",
    kek_name="string",
    subject_name="string",
    algorithm="string",
    credentials={
        "key": "string",
        "secret": "string",
    },
    encrypted_key_material="string",
    hard_delete=False,
    rest_endpoint="string",
    schema_registry_cluster={
        "id": "string",
    },
    version=0)

const schemaRegistryDekResource = new confluentcloud.SchemaRegistryDek("schemaRegistryDekResource", {
    kekName: "string",
    subjectName: "string",
    algorithm: "string",
    credentials: {
        key: "string",
        secret: "string",
    },
    encryptedKeyMaterial: "string",
    hardDelete: false,
    restEndpoint: "string",
    schemaRegistryCluster: {
        id: "string",
    },
    version: 0,
});

type: confluentcloud:SchemaRegistryDek
properties:
    algorithm: string
    credentials:
        key: string
        secret: string
    encryptedKeyMaterial: string
    hardDelete: false
    kekName: string
    restEndpoint: string
    schemaRegistryCluster:
        id: string
    subjectName: string
    version: 0

SchemaRegistryDek Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SchemaRegistryDek resource accepts the following input properties:

KekName string: The name of the KEK used to encrypt this DEK.
SubjectName string: The subject for this DEK.
Algorithm string: Accepted values are: AES128_GCM, AES256_GCM, and AES256_SIV. Defaults to AES256_GCM.
Credentials Pulumi.ConfluentCloud.Inputs.SchemaRegistryDekCredentials: The Cluster API Credentials.
EncryptedKeyMaterial string: The encrypted key material for the DEK.
HardDelete bool: Controls whether a dek should be soft or hard deleted. Set it to true if you want to hard delete a schema registry dek on destroy. Defaults to false (soft delete).
RestEndpoint string: The REST endpoint of the Schema Registry cluster, for example, https://psrc-00000.us-central1.gcp.confluent.cloud:443).
SchemaRegistryCluster Pulumi.ConfluentCloud.Inputs.SchemaRegistryDekSchemaRegistryCluster
Version int: The version of this DEK. Defaults to 1.

KekName string: The name of the KEK used to encrypt this DEK.
SubjectName string: The subject for this DEK.
Algorithm string: Accepted values are: AES128_GCM, AES256_GCM, and AES256_SIV. Defaults to AES256_GCM.
Credentials SchemaRegistryDekCredentialsArgs: The Cluster API Credentials.
EncryptedKeyMaterial string: The encrypted key material for the DEK.
HardDelete bool: Controls whether a dek should be soft or hard deleted. Set it to true if you want to hard delete a schema registry dek on destroy. Defaults to false (soft delete).
RestEndpoint string: The REST endpoint of the Schema Registry cluster, for example, https://psrc-00000.us-central1.gcp.confluent.cloud:443).
SchemaRegistryCluster SchemaRegistryDekSchemaRegistryClusterArgs
Version int: The version of this DEK. Defaults to 1.

kekName String: The name of the KEK used to encrypt this DEK.
subjectName String: The subject for this DEK.
algorithm String: Accepted values are: AES128_GCM, AES256_GCM, and AES256_SIV. Defaults to AES256_GCM.
credentials SchemaRegistryDekCredentials: The Cluster API Credentials.
encryptedKeyMaterial String: The encrypted key material for the DEK.
hardDelete Boolean: Controls whether a dek should be soft or hard deleted. Set it to true if you want to hard delete a schema registry dek on destroy. Defaults to false (soft delete).
restEndpoint String: The REST endpoint of the Schema Registry cluster, for example, https://psrc-00000.us-central1.gcp.confluent.cloud:443).
schemaRegistryCluster SchemaRegistryDekSchemaRegistryCluster
version Integer: The version of this DEK. Defaults to 1.

kekName string: The name of the KEK used to encrypt this DEK.
subjectName string: The subject for this DEK.
algorithm string: Accepted values are: AES128_GCM, AES256_GCM, and AES256_SIV. Defaults to AES256_GCM.
credentials SchemaRegistryDekCredentials: The Cluster API Credentials.
encryptedKeyMaterial string: The encrypted key material for the DEK.
hardDelete boolean: Controls whether a dek should be soft or hard deleted. Set it to true if you want to hard delete a schema registry dek on destroy. Defaults to false (soft delete).
restEndpoint string: The REST endpoint of the Schema Registry cluster, for example, https://psrc-00000.us-central1.gcp.confluent.cloud:443).
schemaRegistryCluster SchemaRegistryDekSchemaRegistryCluster
version number: The version of this DEK. Defaults to 1.

kek_name str: The name of the KEK used to encrypt this DEK.
subject_name str: The subject for this DEK.
algorithm str: Accepted values are: AES128_GCM, AES256_GCM, and AES256_SIV. Defaults to AES256_GCM.
credentials SchemaRegistryDekCredentialsArgs: The Cluster API Credentials.
encrypted_key_material str: The encrypted key material for the DEK.
hard_delete bool: Controls whether a dek should be soft or hard deleted. Set it to true if you want to hard delete a schema registry dek on destroy. Defaults to false (soft delete).
rest_endpoint str: The REST endpoint of the Schema Registry cluster, for example, https://psrc-00000.us-central1.gcp.confluent.cloud:443).
schema_registry_cluster SchemaRegistryDekSchemaRegistryClusterArgs
version int: The version of this DEK. Defaults to 1.

kekName String: The name of the KEK used to encrypt this DEK.
subjectName String: The subject for this DEK.
algorithm String: Accepted values are: AES128_GCM, AES256_GCM, and AES256_SIV. Defaults to AES256_GCM.
credentials Property Map: The Cluster API Credentials.
encryptedKeyMaterial String: The encrypted key material for the DEK.
hardDelete Boolean: Controls whether a dek should be soft or hard deleted. Set it to true if you want to hard delete a schema registry dek on destroy. Defaults to false (soft delete).
restEndpoint String: The REST endpoint of the Schema Registry cluster, for example, https://psrc-00000.us-central1.gcp.confluent.cloud:443).
schemaRegistryCluster Property Map
version Number: The version of this DEK. Defaults to 1.

Outputs

All input properties are implicitly available as output properties. Additionally, the SchemaRegistryDek resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
KeyMaterial string: (Optional String) The decrypted version of encrypted key material.

Id string: The provider-assigned unique ID for this managed resource.
KeyMaterial string: (Optional String) The decrypted version of encrypted key material.

id String: The provider-assigned unique ID for this managed resource.
keyMaterial String: (Optional String) The decrypted version of encrypted key material.

id string: The provider-assigned unique ID for this managed resource.
keyMaterial string: (Optional String) The decrypted version of encrypted key material.

id str: The provider-assigned unique ID for this managed resource.
key_material str: (Optional String) The decrypted version of encrypted key material.

id String: The provider-assigned unique ID for this managed resource.
keyMaterial String: (Optional String) The decrypted version of encrypted key material.

Look up Existing SchemaRegistryDek Resource

Get an existing SchemaRegistryDek resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SchemaRegistryDekState, opts?: CustomResourceOptions): SchemaRegistryDek

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        algorithm: Optional[str] = None,
        credentials: Optional[SchemaRegistryDekCredentialsArgs] = None,
        encrypted_key_material: Optional[str] = None,
        hard_delete: Optional[bool] = None,
        kek_name: Optional[str] = None,
        key_material: Optional[str] = None,
        rest_endpoint: Optional[str] = None,
        schema_registry_cluster: Optional[SchemaRegistryDekSchemaRegistryClusterArgs] = None,
        subject_name: Optional[str] = None,
        version: Optional[int] = None) -> SchemaRegistryDek

func GetSchemaRegistryDek(ctx *Context, name string, id IDInput, state *SchemaRegistryDekState, opts ...ResourceOption) (*SchemaRegistryDek, error)

public static SchemaRegistryDek Get(string name, Input<string> id, SchemaRegistryDekState? state, CustomResourceOptions? opts = null)

public static SchemaRegistryDek get(String name, Output<String> id, SchemaRegistryDekState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Algorithm string: Accepted values are: AES128_GCM, AES256_GCM, and AES256_SIV. Defaults to AES256_GCM.
Credentials Pulumi.ConfluentCloud.Inputs.SchemaRegistryDekCredentials: The Cluster API Credentials.
EncryptedKeyMaterial string: The encrypted key material for the DEK.
HardDelete bool: Controls whether a dek should be soft or hard deleted. Set it to true if you want to hard delete a schema registry dek on destroy. Defaults to false (soft delete).
KekName string: The name of the KEK used to encrypt this DEK.
KeyMaterial string: (Optional String) The decrypted version of encrypted key material.
RestEndpoint string: The REST endpoint of the Schema Registry cluster, for example, https://psrc-00000.us-central1.gcp.confluent.cloud:443).
SchemaRegistryCluster Pulumi.ConfluentCloud.Inputs.SchemaRegistryDekSchemaRegistryCluster
SubjectName string: The subject for this DEK.
Version int: The version of this DEK. Defaults to 1.

Algorithm string: Accepted values are: AES128_GCM, AES256_GCM, and AES256_SIV. Defaults to AES256_GCM.
Credentials SchemaRegistryDekCredentialsArgs: The Cluster API Credentials.
EncryptedKeyMaterial string: The encrypted key material for the DEK.
HardDelete bool: Controls whether a dek should be soft or hard deleted. Set it to true if you want to hard delete a schema registry dek on destroy. Defaults to false (soft delete).
KekName string: The name of the KEK used to encrypt this DEK.
KeyMaterial string: (Optional String) The decrypted version of encrypted key material.
RestEndpoint string: The REST endpoint of the Schema Registry cluster, for example, https://psrc-00000.us-central1.gcp.confluent.cloud:443).
SchemaRegistryCluster SchemaRegistryDekSchemaRegistryClusterArgs
SubjectName string: The subject for this DEK.
Version int: The version of this DEK. Defaults to 1.

algorithm String: Accepted values are: AES128_GCM, AES256_GCM, and AES256_SIV. Defaults to AES256_GCM.
credentials SchemaRegistryDekCredentials: The Cluster API Credentials.
encryptedKeyMaterial String: The encrypted key material for the DEK.
hardDelete Boolean: Controls whether a dek should be soft or hard deleted. Set it to true if you want to hard delete a schema registry dek on destroy. Defaults to false (soft delete).
kekName String: The name of the KEK used to encrypt this DEK.
keyMaterial String: (Optional String) The decrypted version of encrypted key material.
restEndpoint String: The REST endpoint of the Schema Registry cluster, for example, https://psrc-00000.us-central1.gcp.confluent.cloud:443).
schemaRegistryCluster SchemaRegistryDekSchemaRegistryCluster
subjectName String: The subject for this DEK.
version Integer: The version of this DEK. Defaults to 1.

algorithm string: Accepted values are: AES128_GCM, AES256_GCM, and AES256_SIV. Defaults to AES256_GCM.
credentials SchemaRegistryDekCredentials: The Cluster API Credentials.
encryptedKeyMaterial string: The encrypted key material for the DEK.
hardDelete boolean: Controls whether a dek should be soft or hard deleted. Set it to true if you want to hard delete a schema registry dek on destroy. Defaults to false (soft delete).
kekName string: The name of the KEK used to encrypt this DEK.
keyMaterial string: (Optional String) The decrypted version of encrypted key material.
restEndpoint string: The REST endpoint of the Schema Registry cluster, for example, https://psrc-00000.us-central1.gcp.confluent.cloud:443).
schemaRegistryCluster SchemaRegistryDekSchemaRegistryCluster
subjectName string: The subject for this DEK.
version number: The version of this DEK. Defaults to 1.

algorithm str: Accepted values are: AES128_GCM, AES256_GCM, and AES256_SIV. Defaults to AES256_GCM.
credentials SchemaRegistryDekCredentialsArgs: The Cluster API Credentials.
encrypted_key_material str: The encrypted key material for the DEK.
hard_delete bool: Controls whether a dek should be soft or hard deleted. Set it to true if you want to hard delete a schema registry dek on destroy. Defaults to false (soft delete).
kek_name str: The name of the KEK used to encrypt this DEK.
key_material str: (Optional String) The decrypted version of encrypted key material.
rest_endpoint str: The REST endpoint of the Schema Registry cluster, for example, https://psrc-00000.us-central1.gcp.confluent.cloud:443).
schema_registry_cluster SchemaRegistryDekSchemaRegistryClusterArgs
subject_name str: The subject for this DEK.
version int: The version of this DEK. Defaults to 1.

algorithm String: Accepted values are: AES128_GCM, AES256_GCM, and AES256_SIV. Defaults to AES256_GCM.
credentials Property Map: The Cluster API Credentials.
encryptedKeyMaterial String: The encrypted key material for the DEK.
hardDelete Boolean: Controls whether a dek should be soft or hard deleted. Set it to true if you want to hard delete a schema registry dek on destroy. Defaults to false (soft delete).
kekName String: The name of the KEK used to encrypt this DEK.
keyMaterial String: (Optional String) The decrypted version of encrypted key material.
restEndpoint String: The REST endpoint of the Schema Registry cluster, for example, https://psrc-00000.us-central1.gcp.confluent.cloud:443).
schemaRegistryCluster Property Map
subjectName String: The subject for this DEK.
version Number: The version of this DEK. Defaults to 1.

Supporting Types

SchemaRegistryDekCredentials, SchemaRegistryDekCredentialsArgs

Key string: The Schema Registry API Key.
Secret string: The Schema Registry API Secret.

Key string: The Schema Registry API Key.
Secret string: The Schema Registry API Secret.

key String: The Schema Registry API Key.
secret String: The Schema Registry API Secret.

key string: The Schema Registry API Key.
secret string: The Schema Registry API Secret.

key str: The Schema Registry API Key.
secret str: The Schema Registry API Secret.

key String: The Schema Registry API Key.
secret String: The Schema Registry API Secret.

SchemaRegistryDekSchemaRegistryCluster, SchemaRegistryDekSchemaRegistryClusterArgs

Id string: The ID of the Schema Registry cluster, for example, lsrc-abc123.

Id string: The ID of the Schema Registry cluster, for example, lsrc-abc123.

id String: The ID of the Schema Registry cluster, for example, lsrc-abc123.

id string: The ID of the Schema Registry cluster, for example, lsrc-abc123.

id str: The ID of the Schema Registry cluster, for example, lsrc-abc123.

id String: The ID of the Schema Registry cluster, for example, lsrc-abc123.

Import

You can import a Schema Registry Key by using the Schema Registry cluster ID, KEK name, Subject, Version and Algorithm in the format <Schema Registry Cluster Id>/<Schema Registry KEK Name>/<Subject>/<Version>/<Algorithm>, for example:

$ export IMPORT_SCHEMA_REGISTRY_API_KEY="<schema_registry_api_key>"

$ export IMPORT_SCHEMA_REGISTRY_API_SECRET="<schema_registry_api_secret>"

$ export IMPORT_SCHEMA_REGISTRY_REST_ENDPOINT="<schema_registry_rest_endpoint>"

$ pulumi import confluentcloud:index/schemaRegistryDek:SchemaRegistryDek my_dek lsrc-8wrx70/testkek/ts/1/AES256_GCM

!> Warning: Do not forget to delete terminal command history afterwards for security purposes.

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Confluent Cloud pulumi/pulumi-confluentcloud
License: Apache-2.0
Notes: This Pulumi package is based on the confluent Terraform Provider.

Confluent v2.10.0 published on Wednesday, Nov 20, 2024 by Pulumi

pulumi/pulumi-confluentcloud

confluentcloud.SchemaRegistryDek

On this page

On this page

Example Usage

Option #1: Manage multiple Schema Registry clusters in the same Pulumi Stack

Option #2: Manage a single Schema Registry cluster in the same Pulumi Stack

Getting Started

Create SchemaRegistryDek Resource

Constructor syntax

Parameters

Constructor example

SchemaRegistryDek Resource Properties

Inputs

Outputs

Look up Existing SchemaRegistryDek Resource

Supporting Types

SchemaRegistryDekCredentials, SchemaRegistryDekCredentialsArgs

SchemaRegistryDekSchemaRegistryCluster, SchemaRegistryDekSchemaRegistryClusterArgs

Import

Package Details

On this page

On this page