1. Packages
  2. Confluent Provider
  3. API Docs
  4. SchemaRegistryKek
Confluent v2.10.0 published on Wednesday, Nov 20, 2024 by Pulumi

confluentcloud.SchemaRegistryKek

Explore with Pulumi AI

confluentcloud logo
Confluent v2.10.0 published on Wednesday, Nov 20, 2024 by Pulumi

    General Availability

    confluentcloud.SchemaRegistryKek provides a Schema Registry Key Encryption Key (KEK) resource that enables creating, editing, and deleting Schema Registry Key Encryption Keys on Confluent Cloud.

    Example Usage

    Option #1: Manage multiple Schema Registry clusters in the same Pulumi Stack

    import * as pulumi from "@pulumi/pulumi";
    import * as confluentcloud from "@pulumi/confluentcloud";
    
    const awsKey = new confluentcloud.SchemaRegistryKek("aws_key", {
        schemaRegistryCluster: {
            id: essentials.id,
        },
        restEndpoint: essentials.restEndpoint,
        credentials: {
            key: "<Schema Registry API Key for data.confluent_schema_registry_cluster.essentials>",
            secret: "<Schema Registry API Secret for data.confluent_schema_registry_cluster.essentials>",
        },
        name: "my_key",
        kmsType: "aws-kms",
        kmsKeyId: "key_id",
        doc: "test key",
        shared: false,
        hardDelete: true,
    });
    
    import pulumi
    import pulumi_confluentcloud as confluentcloud
    
    aws_key = confluentcloud.SchemaRegistryKek("aws_key",
        schema_registry_cluster={
            "id": essentials["id"],
        },
        rest_endpoint=essentials["restEndpoint"],
        credentials={
            "key": "<Schema Registry API Key for data.confluent_schema_registry_cluster.essentials>",
            "secret": "<Schema Registry API Secret for data.confluent_schema_registry_cluster.essentials>",
        },
        name="my_key",
        kms_type="aws-kms",
        kms_key_id="key_id",
        doc="test key",
        shared=False,
        hard_delete=True)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-confluentcloud/sdk/v2/go/confluentcloud"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := confluentcloud.NewSchemaRegistryKek(ctx, "aws_key", &confluentcloud.SchemaRegistryKekArgs{
    			SchemaRegistryCluster: &confluentcloud.SchemaRegistryKekSchemaRegistryClusterArgs{
    				Id: pulumi.Any(essentials.Id),
    			},
    			RestEndpoint: pulumi.Any(essentials.RestEndpoint),
    			Credentials: &confluentcloud.SchemaRegistryKekCredentialsArgs{
    				Key:    pulumi.String("<Schema Registry API Key for data.confluent_schema_registry_cluster.essentials>"),
    				Secret: pulumi.String("<Schema Registry API Secret for data.confluent_schema_registry_cluster.essentials>"),
    			},
    			Name:       pulumi.String("my_key"),
    			KmsType:    pulumi.String("aws-kms"),
    			KmsKeyId:   pulumi.String("key_id"),
    			Doc:        pulumi.String("test key"),
    			Shared:     pulumi.Bool(false),
    			HardDelete: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using ConfluentCloud = Pulumi.ConfluentCloud;
    
    return await Deployment.RunAsync(() => 
    {
        var awsKey = new ConfluentCloud.SchemaRegistryKek("aws_key", new()
        {
            SchemaRegistryCluster = new ConfluentCloud.Inputs.SchemaRegistryKekSchemaRegistryClusterArgs
            {
                Id = essentials.Id,
            },
            RestEndpoint = essentials.RestEndpoint,
            Credentials = new ConfluentCloud.Inputs.SchemaRegistryKekCredentialsArgs
            {
                Key = "<Schema Registry API Key for data.confluent_schema_registry_cluster.essentials>",
                Secret = "<Schema Registry API Secret for data.confluent_schema_registry_cluster.essentials>",
            },
            Name = "my_key",
            KmsType = "aws-kms",
            KmsKeyId = "key_id",
            Doc = "test key",
            Shared = false,
            HardDelete = true,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.confluentcloud.SchemaRegistryKek;
    import com.pulumi.confluentcloud.SchemaRegistryKekArgs;
    import com.pulumi.confluentcloud.inputs.SchemaRegistryKekSchemaRegistryClusterArgs;
    import com.pulumi.confluentcloud.inputs.SchemaRegistryKekCredentialsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var awsKey = new SchemaRegistryKek("awsKey", SchemaRegistryKekArgs.builder()
                .schemaRegistryCluster(SchemaRegistryKekSchemaRegistryClusterArgs.builder()
                    .id(essentials.id())
                    .build())
                .restEndpoint(essentials.restEndpoint())
                .credentials(SchemaRegistryKekCredentialsArgs.builder()
                    .key("<Schema Registry API Key for data.confluent_schema_registry_cluster.essentials>")
                    .secret("<Schema Registry API Secret for data.confluent_schema_registry_cluster.essentials>")
                    .build())
                .name("my_key")
                .kmsType("aws-kms")
                .kmsKeyId("key_id")
                .doc("test key")
                .shared(false)
                .hardDelete(true)
                .build());
    
        }
    }
    
    resources:
      awsKey:
        type: confluentcloud:SchemaRegistryKek
        name: aws_key
        properties:
          schemaRegistryCluster:
            id: ${essentials.id}
          restEndpoint: ${essentials.restEndpoint}
          credentials:
            key: <Schema Registry API Key for data.confluent_schema_registry_cluster.essentials>
            secret: <Schema Registry API Secret for data.confluent_schema_registry_cluster.essentials>
          name: my_key
          kmsType: aws-kms
          kmsKeyId: key_id
          doc: test key
          shared: false
          hardDelete: true
    

    Option #2: Manage a single Schema Registry cluster in the same Pulumi Stack

    import * as pulumi from "@pulumi/pulumi";
    import * as confluentcloud from "@pulumi/confluentcloud";
    
    const pii = new confluentcloud.SchemaRegistryKek("pii", {
        name: "my_key",
        kmsType: "aws-kms",
        kmsKeyId: "key_id",
        doc: "test key",
        shared: false,
        hardDelete: true,
    });
    
    import pulumi
    import pulumi_confluentcloud as confluentcloud
    
    pii = confluentcloud.SchemaRegistryKek("pii",
        name="my_key",
        kms_type="aws-kms",
        kms_key_id="key_id",
        doc="test key",
        shared=False,
        hard_delete=True)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-confluentcloud/sdk/v2/go/confluentcloud"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := confluentcloud.NewSchemaRegistryKek(ctx, "pii", &confluentcloud.SchemaRegistryKekArgs{
    			Name:       pulumi.String("my_key"),
    			KmsType:    pulumi.String("aws-kms"),
    			KmsKeyId:   pulumi.String("key_id"),
    			Doc:        pulumi.String("test key"),
    			Shared:     pulumi.Bool(false),
    			HardDelete: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using ConfluentCloud = Pulumi.ConfluentCloud;
    
    return await Deployment.RunAsync(() => 
    {
        var pii = new ConfluentCloud.SchemaRegistryKek("pii", new()
        {
            Name = "my_key",
            KmsType = "aws-kms",
            KmsKeyId = "key_id",
            Doc = "test key",
            Shared = false,
            HardDelete = true,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.confluentcloud.SchemaRegistryKek;
    import com.pulumi.confluentcloud.SchemaRegistryKekArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var pii = new SchemaRegistryKek("pii", SchemaRegistryKekArgs.builder()
                .name("my_key")
                .kmsType("aws-kms")
                .kmsKeyId("key_id")
                .doc("test key")
                .shared(false)
                .hardDelete(true)
                .build());
    
        }
    }
    
    resources:
      pii:
        type: confluentcloud:SchemaRegistryKek
        properties:
          name: my_key
          kmsType: aws-kms
          kmsKeyId: key_id
          doc: test key
          shared: false
          hardDelete: true
    

    Getting Started

    The following end-to-end example might help to get started with field-level encryption:

    • field-level-encryption-schema

    Create SchemaRegistryKek Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new SchemaRegistryKek(name: string, args: SchemaRegistryKekArgs, opts?: CustomResourceOptions);
    @overload
    def SchemaRegistryKek(resource_name: str,
                          args: SchemaRegistryKekArgs,
                          opts: Optional[ResourceOptions] = None)
    
    @overload
    def SchemaRegistryKek(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          kms_key_id: Optional[str] = None,
                          kms_type: Optional[str] = None,
                          credentials: Optional[SchemaRegistryKekCredentialsArgs] = None,
                          doc: Optional[str] = None,
                          hard_delete: Optional[bool] = None,
                          name: Optional[str] = None,
                          properties: Optional[Mapping[str, str]] = None,
                          rest_endpoint: Optional[str] = None,
                          schema_registry_cluster: Optional[SchemaRegistryKekSchemaRegistryClusterArgs] = None,
                          shared: Optional[bool] = None)
    func NewSchemaRegistryKek(ctx *Context, name string, args SchemaRegistryKekArgs, opts ...ResourceOption) (*SchemaRegistryKek, error)
    public SchemaRegistryKek(string name, SchemaRegistryKekArgs args, CustomResourceOptions? opts = null)
    public SchemaRegistryKek(String name, SchemaRegistryKekArgs args)
    public SchemaRegistryKek(String name, SchemaRegistryKekArgs args, CustomResourceOptions options)
    
    type: confluentcloud:SchemaRegistryKek
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args SchemaRegistryKekArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args SchemaRegistryKekArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args SchemaRegistryKekArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args SchemaRegistryKekArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args SchemaRegistryKekArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var schemaRegistryKekResource = new ConfluentCloud.SchemaRegistryKek("schemaRegistryKekResource", new()
    {
        KmsKeyId = "string",
        KmsType = "string",
        Credentials = new ConfluentCloud.Inputs.SchemaRegistryKekCredentialsArgs
        {
            Key = "string",
            Secret = "string",
        },
        Doc = "string",
        HardDelete = false,
        Name = "string",
        Properties = 
        {
            { "string", "string" },
        },
        RestEndpoint = "string",
        SchemaRegistryCluster = new ConfluentCloud.Inputs.SchemaRegistryKekSchemaRegistryClusterArgs
        {
            Id = "string",
        },
        Shared = false,
    });
    
    example, err := confluentcloud.NewSchemaRegistryKek(ctx, "schemaRegistryKekResource", &confluentcloud.SchemaRegistryKekArgs{
    	KmsKeyId: pulumi.String("string"),
    	KmsType:  pulumi.String("string"),
    	Credentials: &confluentcloud.SchemaRegistryKekCredentialsArgs{
    		Key:    pulumi.String("string"),
    		Secret: pulumi.String("string"),
    	},
    	Doc:        pulumi.String("string"),
    	HardDelete: pulumi.Bool(false),
    	Name:       pulumi.String("string"),
    	Properties: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	RestEndpoint: pulumi.String("string"),
    	SchemaRegistryCluster: &confluentcloud.SchemaRegistryKekSchemaRegistryClusterArgs{
    		Id: pulumi.String("string"),
    	},
    	Shared: pulumi.Bool(false),
    })
    
    var schemaRegistryKekResource = new SchemaRegistryKek("schemaRegistryKekResource", SchemaRegistryKekArgs.builder()
        .kmsKeyId("string")
        .kmsType("string")
        .credentials(SchemaRegistryKekCredentialsArgs.builder()
            .key("string")
            .secret("string")
            .build())
        .doc("string")
        .hardDelete(false)
        .name("string")
        .properties(Map.of("string", "string"))
        .restEndpoint("string")
        .schemaRegistryCluster(SchemaRegistryKekSchemaRegistryClusterArgs.builder()
            .id("string")
            .build())
        .shared(false)
        .build());
    
    schema_registry_kek_resource = confluentcloud.SchemaRegistryKek("schemaRegistryKekResource",
        kms_key_id="string",
        kms_type="string",
        credentials={
            "key": "string",
            "secret": "string",
        },
        doc="string",
        hard_delete=False,
        name="string",
        properties={
            "string": "string",
        },
        rest_endpoint="string",
        schema_registry_cluster={
            "id": "string",
        },
        shared=False)
    
    const schemaRegistryKekResource = new confluentcloud.SchemaRegistryKek("schemaRegistryKekResource", {
        kmsKeyId: "string",
        kmsType: "string",
        credentials: {
            key: "string",
            secret: "string",
        },
        doc: "string",
        hardDelete: false,
        name: "string",
        properties: {
            string: "string",
        },
        restEndpoint: "string",
        schemaRegistryCluster: {
            id: "string",
        },
        shared: false,
    });
    
    type: confluentcloud:SchemaRegistryKek
    properties:
        credentials:
            key: string
            secret: string
        doc: string
        hardDelete: false
        kmsKeyId: string
        kmsType: string
        name: string
        properties:
            string: string
        restEndpoint: string
        schemaRegistryCluster:
            id: string
        shared: false
    

    SchemaRegistryKek Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The SchemaRegistryKek resource accepts the following input properties:

    KmsKeyId string
    The ID of the key from KMS.

    • When using the AWS KMS, this is an ARN, for example, arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc.
    • When using the Azure Key Vault, this is a Key Identifier (URI), for example, https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef.
    • When using the GCP KMS, this is a resource name, for example, projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1.
    KmsType string
    The type of Key Management Service (KMS). The supported values include aws-kms, azure-kms, and gcp-kms. Additionally, custom KMS types are supported as well.
    Credentials Pulumi.ConfluentCloud.Inputs.SchemaRegistryKekCredentials
    The Cluster API Credentials.
    Doc string
    The optional description for the KEK.
    HardDelete bool
    Controls whether a kek should be soft or hard deleted. Set it to true if you want to hard delete a schema registry kek on destroy. Defaults to false (soft delete).
    Name string
    The name for the KEK.
    Properties Dictionary<string, string>
    The custom properties to set (for example, KeyUsage=ENCRYPT_DECRYPT, KeyState=Enabled):
    RestEndpoint string
    The REST endpoint of the Schema Registry cluster, for example, https://psrc-00000.us-central1.gcp.confluent.cloud:443).
    SchemaRegistryCluster Pulumi.ConfluentCloud.Inputs.SchemaRegistryKekSchemaRegistryCluster
    Shared bool
    The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to false.
    KmsKeyId string
    The ID of the key from KMS.

    • When using the AWS KMS, this is an ARN, for example, arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc.
    • When using the Azure Key Vault, this is a Key Identifier (URI), for example, https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef.
    • When using the GCP KMS, this is a resource name, for example, projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1.
    KmsType string
    The type of Key Management Service (KMS). The supported values include aws-kms, azure-kms, and gcp-kms. Additionally, custom KMS types are supported as well.
    Credentials SchemaRegistryKekCredentialsArgs
    The Cluster API Credentials.
    Doc string
    The optional description for the KEK.
    HardDelete bool
    Controls whether a kek should be soft or hard deleted. Set it to true if you want to hard delete a schema registry kek on destroy. Defaults to false (soft delete).
    Name string
    The name for the KEK.
    Properties map[string]string
    The custom properties to set (for example, KeyUsage=ENCRYPT_DECRYPT, KeyState=Enabled):
    RestEndpoint string
    The REST endpoint of the Schema Registry cluster, for example, https://psrc-00000.us-central1.gcp.confluent.cloud:443).
    SchemaRegistryCluster SchemaRegistryKekSchemaRegistryClusterArgs
    Shared bool
    The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to false.
    kmsKeyId String
    The ID of the key from KMS.

    • When using the AWS KMS, this is an ARN, for example, arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc.
    • When using the Azure Key Vault, this is a Key Identifier (URI), for example, https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef.
    • When using the GCP KMS, this is a resource name, for example, projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1.
    kmsType String
    The type of Key Management Service (KMS). The supported values include aws-kms, azure-kms, and gcp-kms. Additionally, custom KMS types are supported as well.
    credentials SchemaRegistryKekCredentials
    The Cluster API Credentials.
    doc String
    The optional description for the KEK.
    hardDelete Boolean
    Controls whether a kek should be soft or hard deleted. Set it to true if you want to hard delete a schema registry kek on destroy. Defaults to false (soft delete).
    name String
    The name for the KEK.
    properties Map<String,String>
    The custom properties to set (for example, KeyUsage=ENCRYPT_DECRYPT, KeyState=Enabled):
    restEndpoint String
    The REST endpoint of the Schema Registry cluster, for example, https://psrc-00000.us-central1.gcp.confluent.cloud:443).
    schemaRegistryCluster SchemaRegistryKekSchemaRegistryCluster
    shared Boolean
    The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to false.
    kmsKeyId string
    The ID of the key from KMS.

    • When using the AWS KMS, this is an ARN, for example, arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc.
    • When using the Azure Key Vault, this is a Key Identifier (URI), for example, https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef.
    • When using the GCP KMS, this is a resource name, for example, projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1.
    kmsType string
    The type of Key Management Service (KMS). The supported values include aws-kms, azure-kms, and gcp-kms. Additionally, custom KMS types are supported as well.
    credentials SchemaRegistryKekCredentials
    The Cluster API Credentials.
    doc string
    The optional description for the KEK.
    hardDelete boolean
    Controls whether a kek should be soft or hard deleted. Set it to true if you want to hard delete a schema registry kek on destroy. Defaults to false (soft delete).
    name string
    The name for the KEK.
    properties {[key: string]: string}
    The custom properties to set (for example, KeyUsage=ENCRYPT_DECRYPT, KeyState=Enabled):
    restEndpoint string
    The REST endpoint of the Schema Registry cluster, for example, https://psrc-00000.us-central1.gcp.confluent.cloud:443).
    schemaRegistryCluster SchemaRegistryKekSchemaRegistryCluster
    shared boolean
    The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to false.
    kms_key_id str
    The ID of the key from KMS.

    • When using the AWS KMS, this is an ARN, for example, arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc.
    • When using the Azure Key Vault, this is a Key Identifier (URI), for example, https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef.
    • When using the GCP KMS, this is a resource name, for example, projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1.
    kms_type str
    The type of Key Management Service (KMS). The supported values include aws-kms, azure-kms, and gcp-kms. Additionally, custom KMS types are supported as well.
    credentials SchemaRegistryKekCredentialsArgs
    The Cluster API Credentials.
    doc str
    The optional description for the KEK.
    hard_delete bool
    Controls whether a kek should be soft or hard deleted. Set it to true if you want to hard delete a schema registry kek on destroy. Defaults to false (soft delete).
    name str
    The name for the KEK.
    properties Mapping[str, str]
    The custom properties to set (for example, KeyUsage=ENCRYPT_DECRYPT, KeyState=Enabled):
    rest_endpoint str
    The REST endpoint of the Schema Registry cluster, for example, https://psrc-00000.us-central1.gcp.confluent.cloud:443).
    schema_registry_cluster SchemaRegistryKekSchemaRegistryClusterArgs
    shared bool
    The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to false.
    kmsKeyId String
    The ID of the key from KMS.

    • When using the AWS KMS, this is an ARN, for example, arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc.
    • When using the Azure Key Vault, this is a Key Identifier (URI), for example, https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef.
    • When using the GCP KMS, this is a resource name, for example, projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1.
    kmsType String
    The type of Key Management Service (KMS). The supported values include aws-kms, azure-kms, and gcp-kms. Additionally, custom KMS types are supported as well.
    credentials Property Map
    The Cluster API Credentials.
    doc String
    The optional description for the KEK.
    hardDelete Boolean
    Controls whether a kek should be soft or hard deleted. Set it to true if you want to hard delete a schema registry kek on destroy. Defaults to false (soft delete).
    name String
    The name for the KEK.
    properties Map<String>
    The custom properties to set (for example, KeyUsage=ENCRYPT_DECRYPT, KeyState=Enabled):
    restEndpoint String
    The REST endpoint of the Schema Registry cluster, for example, https://psrc-00000.us-central1.gcp.confluent.cloud:443).
    schemaRegistryCluster Property Map
    shared Boolean
    The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to false.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the SchemaRegistryKek resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing SchemaRegistryKek Resource

    Get an existing SchemaRegistryKek resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: SchemaRegistryKekState, opts?: CustomResourceOptions): SchemaRegistryKek
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            credentials: Optional[SchemaRegistryKekCredentialsArgs] = None,
            doc: Optional[str] = None,
            hard_delete: Optional[bool] = None,
            kms_key_id: Optional[str] = None,
            kms_type: Optional[str] = None,
            name: Optional[str] = None,
            properties: Optional[Mapping[str, str]] = None,
            rest_endpoint: Optional[str] = None,
            schema_registry_cluster: Optional[SchemaRegistryKekSchemaRegistryClusterArgs] = None,
            shared: Optional[bool] = None) -> SchemaRegistryKek
    func GetSchemaRegistryKek(ctx *Context, name string, id IDInput, state *SchemaRegistryKekState, opts ...ResourceOption) (*SchemaRegistryKek, error)
    public static SchemaRegistryKek Get(string name, Input<string> id, SchemaRegistryKekState? state, CustomResourceOptions? opts = null)
    public static SchemaRegistryKek get(String name, Output<String> id, SchemaRegistryKekState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Credentials Pulumi.ConfluentCloud.Inputs.SchemaRegistryKekCredentials
    The Cluster API Credentials.
    Doc string
    The optional description for the KEK.
    HardDelete bool
    Controls whether a kek should be soft or hard deleted. Set it to true if you want to hard delete a schema registry kek on destroy. Defaults to false (soft delete).
    KmsKeyId string
    The ID of the key from KMS.

    • When using the AWS KMS, this is an ARN, for example, arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc.
    • When using the Azure Key Vault, this is a Key Identifier (URI), for example, https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef.
    • When using the GCP KMS, this is a resource name, for example, projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1.
    KmsType string
    The type of Key Management Service (KMS). The supported values include aws-kms, azure-kms, and gcp-kms. Additionally, custom KMS types are supported as well.
    Name string
    The name for the KEK.
    Properties Dictionary<string, string>
    The custom properties to set (for example, KeyUsage=ENCRYPT_DECRYPT, KeyState=Enabled):
    RestEndpoint string
    The REST endpoint of the Schema Registry cluster, for example, https://psrc-00000.us-central1.gcp.confluent.cloud:443).
    SchemaRegistryCluster Pulumi.ConfluentCloud.Inputs.SchemaRegistryKekSchemaRegistryCluster
    Shared bool
    The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to false.
    Credentials SchemaRegistryKekCredentialsArgs
    The Cluster API Credentials.
    Doc string
    The optional description for the KEK.
    HardDelete bool
    Controls whether a kek should be soft or hard deleted. Set it to true if you want to hard delete a schema registry kek on destroy. Defaults to false (soft delete).
    KmsKeyId string
    The ID of the key from KMS.

    • When using the AWS KMS, this is an ARN, for example, arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc.
    • When using the Azure Key Vault, this is a Key Identifier (URI), for example, https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef.
    • When using the GCP KMS, this is a resource name, for example, projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1.
    KmsType string
    The type of Key Management Service (KMS). The supported values include aws-kms, azure-kms, and gcp-kms. Additionally, custom KMS types are supported as well.
    Name string
    The name for the KEK.
    Properties map[string]string
    The custom properties to set (for example, KeyUsage=ENCRYPT_DECRYPT, KeyState=Enabled):
    RestEndpoint string
    The REST endpoint of the Schema Registry cluster, for example, https://psrc-00000.us-central1.gcp.confluent.cloud:443).
    SchemaRegistryCluster SchemaRegistryKekSchemaRegistryClusterArgs
    Shared bool
    The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to false.
    credentials SchemaRegistryKekCredentials
    The Cluster API Credentials.
    doc String
    The optional description for the KEK.
    hardDelete Boolean
    Controls whether a kek should be soft or hard deleted. Set it to true if you want to hard delete a schema registry kek on destroy. Defaults to false (soft delete).
    kmsKeyId String
    The ID of the key from KMS.

    • When using the AWS KMS, this is an ARN, for example, arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc.
    • When using the Azure Key Vault, this is a Key Identifier (URI), for example, https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef.
    • When using the GCP KMS, this is a resource name, for example, projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1.
    kmsType String
    The type of Key Management Service (KMS). The supported values include aws-kms, azure-kms, and gcp-kms. Additionally, custom KMS types are supported as well.
    name String
    The name for the KEK.
    properties Map<String,String>
    The custom properties to set (for example, KeyUsage=ENCRYPT_DECRYPT, KeyState=Enabled):
    restEndpoint String
    The REST endpoint of the Schema Registry cluster, for example, https://psrc-00000.us-central1.gcp.confluent.cloud:443).
    schemaRegistryCluster SchemaRegistryKekSchemaRegistryCluster
    shared Boolean
    The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to false.
    credentials SchemaRegistryKekCredentials
    The Cluster API Credentials.
    doc string
    The optional description for the KEK.
    hardDelete boolean
    Controls whether a kek should be soft or hard deleted. Set it to true if you want to hard delete a schema registry kek on destroy. Defaults to false (soft delete).
    kmsKeyId string
    The ID of the key from KMS.

    • When using the AWS KMS, this is an ARN, for example, arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc.
    • When using the Azure Key Vault, this is a Key Identifier (URI), for example, https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef.
    • When using the GCP KMS, this is a resource name, for example, projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1.
    kmsType string
    The type of Key Management Service (KMS). The supported values include aws-kms, azure-kms, and gcp-kms. Additionally, custom KMS types are supported as well.
    name string
    The name for the KEK.
    properties {[key: string]: string}
    The custom properties to set (for example, KeyUsage=ENCRYPT_DECRYPT, KeyState=Enabled):
    restEndpoint string
    The REST endpoint of the Schema Registry cluster, for example, https://psrc-00000.us-central1.gcp.confluent.cloud:443).
    schemaRegistryCluster SchemaRegistryKekSchemaRegistryCluster
    shared boolean
    The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to false.
    credentials SchemaRegistryKekCredentialsArgs
    The Cluster API Credentials.
    doc str
    The optional description for the KEK.
    hard_delete bool
    Controls whether a kek should be soft or hard deleted. Set it to true if you want to hard delete a schema registry kek on destroy. Defaults to false (soft delete).
    kms_key_id str
    The ID of the key from KMS.

    • When using the AWS KMS, this is an ARN, for example, arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc.
    • When using the Azure Key Vault, this is a Key Identifier (URI), for example, https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef.
    • When using the GCP KMS, this is a resource name, for example, projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1.
    kms_type str
    The type of Key Management Service (KMS). The supported values include aws-kms, azure-kms, and gcp-kms. Additionally, custom KMS types are supported as well.
    name str
    The name for the KEK.
    properties Mapping[str, str]
    The custom properties to set (for example, KeyUsage=ENCRYPT_DECRYPT, KeyState=Enabled):
    rest_endpoint str
    The REST endpoint of the Schema Registry cluster, for example, https://psrc-00000.us-central1.gcp.confluent.cloud:443).
    schema_registry_cluster SchemaRegistryKekSchemaRegistryClusterArgs
    shared bool
    The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to false.
    credentials Property Map
    The Cluster API Credentials.
    doc String
    The optional description for the KEK.
    hardDelete Boolean
    Controls whether a kek should be soft or hard deleted. Set it to true if you want to hard delete a schema registry kek on destroy. Defaults to false (soft delete).
    kmsKeyId String
    The ID of the key from KMS.

    • When using the AWS KMS, this is an ARN, for example, arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789abc.
    • When using the Azure Key Vault, this is a Key Identifier (URI), for example, https://test-keyvault1.vault.azure.net/keys/test-key1/1234567890abcdef1234567890abcdef.
    • When using the GCP KMS, this is a resource name, for example, projects/test-project1/locations/us-central1/keyRings/test-keyRing1/cryptoKeys/test-key1.
    kmsType String
    The type of Key Management Service (KMS). The supported values include aws-kms, azure-kms, and gcp-kms. Additionally, custom KMS types are supported as well.
    name String
    The name for the KEK.
    properties Map<String>
    The custom properties to set (for example, KeyUsage=ENCRYPT_DECRYPT, KeyState=Enabled):
    restEndpoint String
    The REST endpoint of the Schema Registry cluster, for example, https://psrc-00000.us-central1.gcp.confluent.cloud:443).
    schemaRegistryCluster Property Map
    shared Boolean
    The optional flag to control whether the DEK Registry has shared access to the KMS. Defaults to false.

    Supporting Types

    SchemaRegistryKekCredentials, SchemaRegistryKekCredentialsArgs

    Key string
    The Schema Registry API Key.
    Secret string
    The Schema Registry API Secret.
    Key string
    The Schema Registry API Key.
    Secret string
    The Schema Registry API Secret.
    key String
    The Schema Registry API Key.
    secret String
    The Schema Registry API Secret.
    key string
    The Schema Registry API Key.
    secret string
    The Schema Registry API Secret.
    key str
    The Schema Registry API Key.
    secret str
    The Schema Registry API Secret.
    key String
    The Schema Registry API Key.
    secret String
    The Schema Registry API Secret.

    SchemaRegistryKekSchemaRegistryCluster, SchemaRegistryKekSchemaRegistryClusterArgs

    Id string
    The ID of the Schema Registry cluster, for example, lsrc-abc123.
    Id string
    The ID of the Schema Registry cluster, for example, lsrc-abc123.
    id String
    The ID of the Schema Registry cluster, for example, lsrc-abc123.
    id string
    The ID of the Schema Registry cluster, for example, lsrc-abc123.
    id str
    The ID of the Schema Registry cluster, for example, lsrc-abc123.
    id String
    The ID of the Schema Registry cluster, for example, lsrc-abc123.

    Import

    You can import a Schema Registry Key by using the Schema Registry cluster ID, Kek name in the format <Schema Registry cluster ID>/<Kek name>, for example:

    $ export IMPORT_SCHEMA_REGISTRY_API_KEY="<schema_registry_api_key>"

    $ export IMPORT_SCHEMA_REGISTRY_API_SECRET="<schema_registry_api_secret>"

    $ export IMPORT_SCHEMA_REGISTRY_REST_ENDPOINT="<schema_registry_rest_endpoint>"

    $ pulumi import confluentcloud:index/schemaRegistryKek:SchemaRegistryKek aws_key lsrc-8wrx70/aws_key
    

    !> Warning: Do not forget to delete terminal command history afterwards for security purposes.

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Confluent Cloud pulumi/pulumi-confluentcloud
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the confluent Terraform Provider.
    confluentcloud logo
    Confluent v2.10.0 published on Wednesday, Nov 20, 2024 by Pulumi