confluentcloud.SchemaRegistryKek
Explore with Pulumi AI
confluentcloud.SchemaRegistryKek
provides a Schema Registry Key Encryption Key (KEK) resource that enables creating, editing, and deleting Schema Registry Key Encryption Keys on Confluent Cloud.
Example Usage
Option #1: Manage multiple Schema Registry clusters in the same Pulumi Stack
import * as pulumi from "@pulumi/pulumi";
import * as confluentcloud from "@pulumi/confluentcloud";
const awsKey = new confluentcloud.SchemaRegistryKek("aws_key", {
schemaRegistryCluster: {
id: essentials.id,
},
restEndpoint: essentials.restEndpoint,
credentials: {
key: "<Schema Registry API Key for data.confluent_schema_registry_cluster.essentials>",
secret: "<Schema Registry API Secret for data.confluent_schema_registry_cluster.essentials>",
},
name: "my_key",
kmsType: "aws-kms",
kmsKeyId: "key_id",
doc: "test key",
shared: false,
hardDelete: true,
});
import pulumi
import pulumi_confluentcloud as confluentcloud
aws_key = confluentcloud.SchemaRegistryKek("aws_key",
schema_registry_cluster={
"id": essentials["id"],
},
rest_endpoint=essentials["restEndpoint"],
credentials={
"key": "<Schema Registry API Key for data.confluent_schema_registry_cluster.essentials>",
"secret": "<Schema Registry API Secret for data.confluent_schema_registry_cluster.essentials>",
},
name="my_key",
kms_type="aws-kms",
kms_key_id="key_id",
doc="test key",
shared=False,
hard_delete=True)
package main
import (
"github.com/pulumi/pulumi-confluentcloud/sdk/v2/go/confluentcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := confluentcloud.NewSchemaRegistryKek(ctx, "aws_key", &confluentcloud.SchemaRegistryKekArgs{
SchemaRegistryCluster: &confluentcloud.SchemaRegistryKekSchemaRegistryClusterArgs{
Id: pulumi.Any(essentials.Id),
},
RestEndpoint: pulumi.Any(essentials.RestEndpoint),
Credentials: &confluentcloud.SchemaRegistryKekCredentialsArgs{
Key: pulumi.String("<Schema Registry API Key for data.confluent_schema_registry_cluster.essentials>"),
Secret: pulumi.String("<Schema Registry API Secret for data.confluent_schema_registry_cluster.essentials>"),
},
Name: pulumi.String("my_key"),
KmsType: pulumi.String("aws-kms"),
KmsKeyId: pulumi.String("key_id"),
Doc: pulumi.String("test key"),
Shared: pulumi.Bool(false),
HardDelete: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using ConfluentCloud = Pulumi.ConfluentCloud;
return await Deployment.RunAsync(() =>
{
var awsKey = new ConfluentCloud.SchemaRegistryKek("aws_key", new()
{
SchemaRegistryCluster = new ConfluentCloud.Inputs.SchemaRegistryKekSchemaRegistryClusterArgs
{
Id = essentials.Id,
},
RestEndpoint = essentials.RestEndpoint,
Credentials = new ConfluentCloud.Inputs.SchemaRegistryKekCredentialsArgs
{
Key = "<Schema Registry API Key for data.confluent_schema_registry_cluster.essentials>",
Secret = "<Schema Registry API Secret for data.confluent_schema_registry_cluster.essentials>",
},
Name = "my_key",
KmsType = "aws-kms",
KmsKeyId = "key_id",
Doc = "test key",
Shared = false,
HardDelete = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.confluentcloud.SchemaRegistryKek;
import com.pulumi.confluentcloud.SchemaRegistryKekArgs;
import com.pulumi.confluentcloud.inputs.SchemaRegistryKekSchemaRegistryClusterArgs;
import com.pulumi.confluentcloud.inputs.SchemaRegistryKekCredentialsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var awsKey = new SchemaRegistryKek("awsKey", SchemaRegistryKekArgs.builder()
.schemaRegistryCluster(SchemaRegistryKekSchemaRegistryClusterArgs.builder()
.id(essentials.id())
.build())
.restEndpoint(essentials.restEndpoint())
.credentials(SchemaRegistryKekCredentialsArgs.builder()
.key("<Schema Registry API Key for data.confluent_schema_registry_cluster.essentials>")
.secret("<Schema Registry API Secret for data.confluent_schema_registry_cluster.essentials>")
.build())
.name("my_key")
.kmsType("aws-kms")
.kmsKeyId("key_id")
.doc("test key")
.shared(false)
.hardDelete(true)
.build());
}
}
resources:
awsKey:
type: confluentcloud:SchemaRegistryKek
name: aws_key
properties:
schemaRegistryCluster:
id: ${essentials.id}
restEndpoint: ${essentials.restEndpoint}
credentials:
key: <Schema Registry API Key for data.confluent_schema_registry_cluster.essentials>
secret: <Schema Registry API Secret for data.confluent_schema_registry_cluster.essentials>
name: my_key
kmsType: aws-kms
kmsKeyId: key_id
doc: test key
shared: false
hardDelete: true
Option #2: Manage a single Schema Registry cluster in the same Pulumi Stack
import * as pulumi from "@pulumi/pulumi";
import * as confluentcloud from "@pulumi/confluentcloud";
const pii = new confluentcloud.SchemaRegistryKek("pii", {
name: "my_key",
kmsType: "aws-kms",
kmsKeyId: "key_id",
doc: "test key",
shared: false,
hardDelete: true,
});
import pulumi
import pulumi_confluentcloud as confluentcloud
pii = confluentcloud.SchemaRegistryKek("pii",
name="my_key",
kms_type="aws-kms",
kms_key_id="key_id",
doc="test key",
shared=False,
hard_delete=True)
package main
import (
"github.com/pulumi/pulumi-confluentcloud/sdk/v2/go/confluentcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := confluentcloud.NewSchemaRegistryKek(ctx, "pii", &confluentcloud.SchemaRegistryKekArgs{
Name: pulumi.String("my_key"),
KmsType: pulumi.String("aws-kms"),
KmsKeyId: pulumi.String("key_id"),
Doc: pulumi.String("test key"),
Shared: pulumi.Bool(false),
HardDelete: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using ConfluentCloud = Pulumi.ConfluentCloud;
return await Deployment.RunAsync(() =>
{
var pii = new ConfluentCloud.SchemaRegistryKek("pii", new()
{
Name = "my_key",
KmsType = "aws-kms",
KmsKeyId = "key_id",
Doc = "test key",
Shared = false,
HardDelete = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.confluentcloud.SchemaRegistryKek;
import com.pulumi.confluentcloud.SchemaRegistryKekArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var pii = new SchemaRegistryKek("pii", SchemaRegistryKekArgs.builder()
.name("my_key")
.kmsType("aws-kms")
.kmsKeyId("key_id")
.doc("test key")
.shared(false)
.hardDelete(true)
.build());
}
}
resources:
pii:
type: confluentcloud:SchemaRegistryKek
properties:
name: my_key
kmsType: aws-kms
kmsKeyId: key_id
doc: test key
shared: false
hardDelete: true
Getting Started
The following end-to-end example might help to get started with field-level encryption:
- field-level-encryption-schema
Create SchemaRegistryKek Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SchemaRegistryKek(name: string, args: SchemaRegistryKekArgs, opts?: CustomResourceOptions);
@overload
def SchemaRegistryKek(resource_name: str,
args: SchemaRegistryKekArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SchemaRegistryKek(resource_name: str,
opts: Optional[ResourceOptions] = None,
kms_key_id: Optional[str] = None,
kms_type: Optional[str] = None,
credentials: Optional[SchemaRegistryKekCredentialsArgs] = None,
doc: Optional[str] = None,
hard_delete: Optional[bool] = None,
name: Optional[str] = None,
properties: Optional[Mapping[str, str]] = None,
rest_endpoint: Optional[str] = None,
schema_registry_cluster: Optional[SchemaRegistryKekSchemaRegistryClusterArgs] = None,
shared: Optional[bool] = None)
func NewSchemaRegistryKek(ctx *Context, name string, args SchemaRegistryKekArgs, opts ...ResourceOption) (*SchemaRegistryKek, error)
public SchemaRegistryKek(string name, SchemaRegistryKekArgs args, CustomResourceOptions? opts = null)
public SchemaRegistryKek(String name, SchemaRegistryKekArgs args)
public SchemaRegistryKek(String name, SchemaRegistryKekArgs args, CustomResourceOptions options)
type: confluentcloud:SchemaRegistryKek
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SchemaRegistryKekArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SchemaRegistryKekArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SchemaRegistryKekArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SchemaRegistryKekArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SchemaRegistryKekArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var schemaRegistryKekResource = new ConfluentCloud.SchemaRegistryKek("schemaRegistryKekResource", new()
{
KmsKeyId = "string",
KmsType = "string",
Credentials = new ConfluentCloud.Inputs.SchemaRegistryKekCredentialsArgs
{
Key = "string",
Secret = "string",
},
Doc = "string",
HardDelete = false,
Name = "string",
Properties =
{
{ "string", "string" },
},
RestEndpoint = "string",
SchemaRegistryCluster = new ConfluentCloud.Inputs.SchemaRegistryKekSchemaRegistryClusterArgs
{
Id = "string",
},
Shared = false,
});
example, err := confluentcloud.NewSchemaRegistryKek(ctx, "schemaRegistryKekResource", &confluentcloud.SchemaRegistryKekArgs{
KmsKeyId: pulumi.String("string"),
KmsType: pulumi.String("string"),
Credentials: &confluentcloud.SchemaRegistryKekCredentialsArgs{
Key: pulumi.String("string"),
Secret: pulumi.String("string"),
},
Doc: pulumi.String("string"),
HardDelete: pulumi.Bool(false),
Name: pulumi.String("string"),
Properties: pulumi.StringMap{
"string": pulumi.String("string"),
},
RestEndpoint: pulumi.String("string"),
SchemaRegistryCluster: &confluentcloud.SchemaRegistryKekSchemaRegistryClusterArgs{
Id: pulumi.String("string"),
},
Shared: pulumi.Bool(false),
})
var schemaRegistryKekResource = new SchemaRegistryKek("schemaRegistryKekResource", SchemaRegistryKekArgs.builder()
.kmsKeyId("string")
.kmsType("string")
.credentials(SchemaRegistryKekCredentialsArgs.builder()
.key("string")
.secret("string")
.build())
.doc("string")
.hardDelete(false)
.name("string")
.properties(Map.of("string", "string"))
.restEndpoint("string")
.schemaRegistryCluster(SchemaRegistryKekSchemaRegistryClusterArgs.builder()
.id("string")
.build())
.shared(false)
.build());
schema_registry_kek_resource = confluentcloud.SchemaRegistryKek("schemaRegistryKekResource",
kms_key_id="string",
kms_type="string",
credentials={
"key": "string",
"secret": "string",
},
doc="string",
hard_delete=False,
name="string",
properties={
"string": "string",
},
rest_endpoint="string",
schema_registry_cluster={
"id": "string",
},
shared=False)
const schemaRegistryKekResource = new confluentcloud.SchemaRegistryKek("schemaRegistryKekResource", {
kmsKeyId: "string",
kmsType: "string",
credentials: {
key: "string",
secret: "string",
},
doc: "string",
hardDelete: false,
name: "string",
properties: {
string: "string",
},
restEndpoint: "string",
schemaRegistryCluster: {
id: "string",
},
shared: false,
});
type: confluentcloud:SchemaRegistryKek
properties:
credentials:
key: string
secret: string
doc: string
hardDelete: false
kmsKeyId: string
kmsType: string
name: string
properties:
string: string
restEndpoint: string
schemaRegistryCluster:
id: string
shared: false
SchemaRegistryKek Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SchemaRegistryKek resource accepts the following input properties:
- Kms
Key stringId - The ID of the key from KMS.
- When using the AWS KMS, this is an ARN, for example,
arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc
. - When using the Azure Key Vault, this is a Key Identifier (URI), for example,
https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef
. - When using the GCP KMS, this is a resource name, for example,
projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1
.
- When using the AWS KMS, this is an ARN, for example,
- Kms
Type string - The type of Key Management Service (KMS). The supported values include
aws-kms
,azure-kms
, andgcp-kms
. Additionally, custom KMS types are supported as well. - Credentials
Pulumi.
Confluent Cloud. Inputs. Schema Registry Kek Credentials - The Cluster API Credentials.
- Doc string
- The optional description for the KEK.
- Hard
Delete bool - Controls whether a kek should be soft or hard deleted. Set it to
true
if you want to hard delete a schema registry kek on destroy. Defaults tofalse
(soft delete). - Name string
- The name for the KEK.
- Properties Dictionary<string, string>
- The custom properties to set (for example,
KeyUsage=ENCRYPT_DECRYPT
,KeyState=Enabled
): - Rest
Endpoint string - The REST endpoint of the Schema Registry cluster, for example,
https://psrc-00000.us-central1.gcp.confluent.cloud:443
). - Schema
Registry Pulumi.Cluster Confluent Cloud. Inputs. Schema Registry Kek Schema Registry Cluster - bool
- The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to
false
.
- Kms
Key stringId - The ID of the key from KMS.
- When using the AWS KMS, this is an ARN, for example,
arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc
. - When using the Azure Key Vault, this is a Key Identifier (URI), for example,
https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef
. - When using the GCP KMS, this is a resource name, for example,
projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1
.
- When using the AWS KMS, this is an ARN, for example,
- Kms
Type string - The type of Key Management Service (KMS). The supported values include
aws-kms
,azure-kms
, andgcp-kms
. Additionally, custom KMS types are supported as well. - Credentials
Schema
Registry Kek Credentials Args - The Cluster API Credentials.
- Doc string
- The optional description for the KEK.
- Hard
Delete bool - Controls whether a kek should be soft or hard deleted. Set it to
true
if you want to hard delete a schema registry kek on destroy. Defaults tofalse
(soft delete). - Name string
- The name for the KEK.
- Properties map[string]string
- The custom properties to set (for example,
KeyUsage=ENCRYPT_DECRYPT
,KeyState=Enabled
): - Rest
Endpoint string - The REST endpoint of the Schema Registry cluster, for example,
https://psrc-00000.us-central1.gcp.confluent.cloud:443
). - Schema
Registry SchemaCluster Registry Kek Schema Registry Cluster Args - bool
- The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to
false
.
- kms
Key StringId - The ID of the key from KMS.
- When using the AWS KMS, this is an ARN, for example,
arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc
. - When using the Azure Key Vault, this is a Key Identifier (URI), for example,
https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef
. - When using the GCP KMS, this is a resource name, for example,
projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1
.
- When using the AWS KMS, this is an ARN, for example,
- kms
Type String - The type of Key Management Service (KMS). The supported values include
aws-kms
,azure-kms
, andgcp-kms
. Additionally, custom KMS types are supported as well. - credentials
Schema
Registry Kek Credentials - The Cluster API Credentials.
- doc String
- The optional description for the KEK.
- hard
Delete Boolean - Controls whether a kek should be soft or hard deleted. Set it to
true
if you want to hard delete a schema registry kek on destroy. Defaults tofalse
(soft delete). - name String
- The name for the KEK.
- properties Map<String,String>
- The custom properties to set (for example,
KeyUsage=ENCRYPT_DECRYPT
,KeyState=Enabled
): - rest
Endpoint String - The REST endpoint of the Schema Registry cluster, for example,
https://psrc-00000.us-central1.gcp.confluent.cloud:443
). - schema
Registry SchemaCluster Registry Kek Schema Registry Cluster - Boolean
- The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to
false
.
- kms
Key stringId - The ID of the key from KMS.
- When using the AWS KMS, this is an ARN, for example,
arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc
. - When using the Azure Key Vault, this is a Key Identifier (URI), for example,
https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef
. - When using the GCP KMS, this is a resource name, for example,
projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1
.
- When using the AWS KMS, this is an ARN, for example,
- kms
Type string - The type of Key Management Service (KMS). The supported values include
aws-kms
,azure-kms
, andgcp-kms
. Additionally, custom KMS types are supported as well. - credentials
Schema
Registry Kek Credentials - The Cluster API Credentials.
- doc string
- The optional description for the KEK.
- hard
Delete boolean - Controls whether a kek should be soft or hard deleted. Set it to
true
if you want to hard delete a schema registry kek on destroy. Defaults tofalse
(soft delete). - name string
- The name for the KEK.
- properties {[key: string]: string}
- The custom properties to set (for example,
KeyUsage=ENCRYPT_DECRYPT
,KeyState=Enabled
): - rest
Endpoint string - The REST endpoint of the Schema Registry cluster, for example,
https://psrc-00000.us-central1.gcp.confluent.cloud:443
). - schema
Registry SchemaCluster Registry Kek Schema Registry Cluster - boolean
- The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to
false
.
- kms_
key_ strid - The ID of the key from KMS.
- When using the AWS KMS, this is an ARN, for example,
arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc
. - When using the Azure Key Vault, this is a Key Identifier (URI), for example,
https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef
. - When using the GCP KMS, this is a resource name, for example,
projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1
.
- When using the AWS KMS, this is an ARN, for example,
- kms_
type str - The type of Key Management Service (KMS). The supported values include
aws-kms
,azure-kms
, andgcp-kms
. Additionally, custom KMS types are supported as well. - credentials
Schema
Registry Kek Credentials Args - The Cluster API Credentials.
- doc str
- The optional description for the KEK.
- hard_
delete bool - Controls whether a kek should be soft or hard deleted. Set it to
true
if you want to hard delete a schema registry kek on destroy. Defaults tofalse
(soft delete). - name str
- The name for the KEK.
- properties Mapping[str, str]
- The custom properties to set (for example,
KeyUsage=ENCRYPT_DECRYPT
,KeyState=Enabled
): - rest_
endpoint str - The REST endpoint of the Schema Registry cluster, for example,
https://psrc-00000.us-central1.gcp.confluent.cloud:443
). - schema_
registry_ Schemacluster Registry Kek Schema Registry Cluster Args - bool
- The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to
false
.
- kms
Key StringId - The ID of the key from KMS.
- When using the AWS KMS, this is an ARN, for example,
arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc
. - When using the Azure Key Vault, this is a Key Identifier (URI), for example,
https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef
. - When using the GCP KMS, this is a resource name, for example,
projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1
.
- When using the AWS KMS, this is an ARN, for example,
- kms
Type String - The type of Key Management Service (KMS). The supported values include
aws-kms
,azure-kms
, andgcp-kms
. Additionally, custom KMS types are supported as well. - credentials Property Map
- The Cluster API Credentials.
- doc String
- The optional description for the KEK.
- hard
Delete Boolean - Controls whether a kek should be soft or hard deleted. Set it to
true
if you want to hard delete a schema registry kek on destroy. Defaults tofalse
(soft delete). - name String
- The name for the KEK.
- properties Map<String>
- The custom properties to set (for example,
KeyUsage=ENCRYPT_DECRYPT
,KeyState=Enabled
): - rest
Endpoint String - The REST endpoint of the Schema Registry cluster, for example,
https://psrc-00000.us-central1.gcp.confluent.cloud:443
). - schema
Registry Property MapCluster - Boolean
- The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to
false
.
Outputs
All input properties are implicitly available as output properties. Additionally, the SchemaRegistryKek resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing SchemaRegistryKek Resource
Get an existing SchemaRegistryKek resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SchemaRegistryKekState, opts?: CustomResourceOptions): SchemaRegistryKek
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
credentials: Optional[SchemaRegistryKekCredentialsArgs] = None,
doc: Optional[str] = None,
hard_delete: Optional[bool] = None,
kms_key_id: Optional[str] = None,
kms_type: Optional[str] = None,
name: Optional[str] = None,
properties: Optional[Mapping[str, str]] = None,
rest_endpoint: Optional[str] = None,
schema_registry_cluster: Optional[SchemaRegistryKekSchemaRegistryClusterArgs] = None,
shared: Optional[bool] = None) -> SchemaRegistryKek
func GetSchemaRegistryKek(ctx *Context, name string, id IDInput, state *SchemaRegistryKekState, opts ...ResourceOption) (*SchemaRegistryKek, error)
public static SchemaRegistryKek Get(string name, Input<string> id, SchemaRegistryKekState? state, CustomResourceOptions? opts = null)
public static SchemaRegistryKek get(String name, Output<String> id, SchemaRegistryKekState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Credentials
Pulumi.
Confluent Cloud. Inputs. Schema Registry Kek Credentials - The Cluster API Credentials.
- Doc string
- The optional description for the KEK.
- Hard
Delete bool - Controls whether a kek should be soft or hard deleted. Set it to
true
if you want to hard delete a schema registry kek on destroy. Defaults tofalse
(soft delete). - Kms
Key stringId - The ID of the key from KMS.
- When using the AWS KMS, this is an ARN, for example,
arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc
. - When using the Azure Key Vault, this is a Key Identifier (URI), for example,
https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef
. - When using the GCP KMS, this is a resource name, for example,
projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1
.
- When using the AWS KMS, this is an ARN, for example,
- Kms
Type string - The type of Key Management Service (KMS). The supported values include
aws-kms
,azure-kms
, andgcp-kms
. Additionally, custom KMS types are supported as well. - Name string
- The name for the KEK.
- Properties Dictionary<string, string>
- The custom properties to set (for example,
KeyUsage=ENCRYPT_DECRYPT
,KeyState=Enabled
): - Rest
Endpoint string - The REST endpoint of the Schema Registry cluster, for example,
https://psrc-00000.us-central1.gcp.confluent.cloud:443
). - Schema
Registry Pulumi.Cluster Confluent Cloud. Inputs. Schema Registry Kek Schema Registry Cluster - bool
- The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to
false
.
- Credentials
Schema
Registry Kek Credentials Args - The Cluster API Credentials.
- Doc string
- The optional description for the KEK.
- Hard
Delete bool - Controls whether a kek should be soft or hard deleted. Set it to
true
if you want to hard delete a schema registry kek on destroy. Defaults tofalse
(soft delete). - Kms
Key stringId - The ID of the key from KMS.
- When using the AWS KMS, this is an ARN, for example,
arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc
. - When using the Azure Key Vault, this is a Key Identifier (URI), for example,
https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef
. - When using the GCP KMS, this is a resource name, for example,
projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1
.
- When using the AWS KMS, this is an ARN, for example,
- Kms
Type string - The type of Key Management Service (KMS). The supported values include
aws-kms
,azure-kms
, andgcp-kms
. Additionally, custom KMS types are supported as well. - Name string
- The name for the KEK.
- Properties map[string]string
- The custom properties to set (for example,
KeyUsage=ENCRYPT_DECRYPT
,KeyState=Enabled
): - Rest
Endpoint string - The REST endpoint of the Schema Registry cluster, for example,
https://psrc-00000.us-central1.gcp.confluent.cloud:443
). - Schema
Registry SchemaCluster Registry Kek Schema Registry Cluster Args - bool
- The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to
false
.
- credentials
Schema
Registry Kek Credentials - The Cluster API Credentials.
- doc String
- The optional description for the KEK.
- hard
Delete Boolean - Controls whether a kek should be soft or hard deleted. Set it to
true
if you want to hard delete a schema registry kek on destroy. Defaults tofalse
(soft delete). - kms
Key StringId - The ID of the key from KMS.
- When using the AWS KMS, this is an ARN, for example,
arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc
. - When using the Azure Key Vault, this is a Key Identifier (URI), for example,
https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef
. - When using the GCP KMS, this is a resource name, for example,
projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1
.
- When using the AWS KMS, this is an ARN, for example,
- kms
Type String - The type of Key Management Service (KMS). The supported values include
aws-kms
,azure-kms
, andgcp-kms
. Additionally, custom KMS types are supported as well. - name String
- The name for the KEK.
- properties Map<String,String>
- The custom properties to set (for example,
KeyUsage=ENCRYPT_DECRYPT
,KeyState=Enabled
): - rest
Endpoint String - The REST endpoint of the Schema Registry cluster, for example,
https://psrc-00000.us-central1.gcp.confluent.cloud:443
). - schema
Registry SchemaCluster Registry Kek Schema Registry Cluster - Boolean
- The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to
false
.
- credentials
Schema
Registry Kek Credentials - The Cluster API Credentials.
- doc string
- The optional description for the KEK.
- hard
Delete boolean - Controls whether a kek should be soft or hard deleted. Set it to
true
if you want to hard delete a schema registry kek on destroy. Defaults tofalse
(soft delete). - kms
Key stringId - The ID of the key from KMS.
- When using the AWS KMS, this is an ARN, for example,
arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc
. - When using the Azure Key Vault, this is a Key Identifier (URI), for example,
https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef
. - When using the GCP KMS, this is a resource name, for example,
projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1
.
- When using the AWS KMS, this is an ARN, for example,
- kms
Type string - The type of Key Management Service (KMS). The supported values include
aws-kms
,azure-kms
, andgcp-kms
. Additionally, custom KMS types are supported as well. - name string
- The name for the KEK.
- properties {[key: string]: string}
- The custom properties to set (for example,
KeyUsage=ENCRYPT_DECRYPT
,KeyState=Enabled
): - rest
Endpoint string - The REST endpoint of the Schema Registry cluster, for example,
https://psrc-00000.us-central1.gcp.confluent.cloud:443
). - schema
Registry SchemaCluster Registry Kek Schema Registry Cluster - boolean
- The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to
false
.
- credentials
Schema
Registry Kek Credentials Args - The Cluster API Credentials.
- doc str
- The optional description for the KEK.
- hard_
delete bool - Controls whether a kek should be soft or hard deleted. Set it to
true
if you want to hard delete a schema registry kek on destroy. Defaults tofalse
(soft delete). - kms_
key_ strid - The ID of the key from KMS.
- When using the AWS KMS, this is an ARN, for example,
arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc
. - When using the Azure Key Vault, this is a Key Identifier (URI), for example,
https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef
. - When using the GCP KMS, this is a resource name, for example,
projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1
.
- When using the AWS KMS, this is an ARN, for example,
- kms_
type str - The type of Key Management Service (KMS). The supported values include
aws-kms
,azure-kms
, andgcp-kms
. Additionally, custom KMS types are supported as well. - name str
- The name for the KEK.
- properties Mapping[str, str]
- The custom properties to set (for example,
KeyUsage=ENCRYPT_DECRYPT
,KeyState=Enabled
): - rest_
endpoint str - The REST endpoint of the Schema Registry cluster, for example,
https://psrc-00000.us-central1.gcp.confluent.cloud:443
). - schema_
registry_ Schemacluster Registry Kek Schema Registry Cluster Args - bool
- The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to
false
.
- credentials Property Map
- The Cluster API Credentials.
- doc String
- The optional description for the KEK.
- hard
Delete Boolean - Controls whether a kek should be soft or hard deleted. Set it to
true
if you want to hard delete a schema registry kek on destroy. Defaults tofalse
(soft delete). - kms
Key StringId - The ID of the key from KMS.
- When using the AWS KMS, this is an ARN, for example,
arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc
. - When using the Azure Key Vault, this is a Key Identifier (URI), for example,
https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef
. - When using the GCP KMS, this is a resource name, for example,
projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1
.
- When using the AWS KMS, this is an ARN, for example,
- kms
Type String - The type of Key Management Service (KMS). The supported values include
aws-kms
,azure-kms
, andgcp-kms
. Additionally, custom KMS types are supported as well. - name String
- The name for the KEK.
- properties Map<String>
- The custom properties to set (for example,
KeyUsage=ENCRYPT_DECRYPT
,KeyState=Enabled
): - rest
Endpoint String - The REST endpoint of the Schema Registry cluster, for example,
https://psrc-00000.us-central1.gcp.confluent.cloud:443
). - schema
Registry Property MapCluster - Boolean
- The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to
false
.
Supporting Types
SchemaRegistryKekCredentials, SchemaRegistryKekCredentialsArgs
SchemaRegistryKekSchemaRegistryCluster, SchemaRegistryKekSchemaRegistryClusterArgs
- Id string
- The ID of the Schema Registry cluster, for example,
lsrc-abc123
.
- Id string
- The ID of the Schema Registry cluster, for example,
lsrc-abc123
.
- id String
- The ID of the Schema Registry cluster, for example,
lsrc-abc123
.
- id string
- The ID of the Schema Registry cluster, for example,
lsrc-abc123
.
- id str
- The ID of the Schema Registry cluster, for example,
lsrc-abc123
.
- id String
- The ID of the Schema Registry cluster, for example,
lsrc-abc123
.
Import
You can import a Schema Registry Key by using the Schema Registry cluster ID, Kek name in the format <Schema Registry cluster ID>/<Kek name>
, for example:
$ export IMPORT_SCHEMA_REGISTRY_API_KEY="<schema_registry_api_key>"
$ export IMPORT_SCHEMA_REGISTRY_API_SECRET="<schema_registry_api_secret>"
$ export IMPORT_SCHEMA_REGISTRY_REST_ENDPOINT="<schema_registry_rest_endpoint>"
$ pulumi import confluentcloud:index/schemaRegistryKek:SchemaRegistryKek aws_key lsrc-8wrx70/aws_key
!> Warning: Do not forget to delete terminal command history afterwards for security purposes.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Confluent Cloud pulumi/pulumi-confluentcloud
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
confluent
Terraform Provider.