1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. kms
  5. CryptoKeyVersion
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

gcp.kms.CryptoKeyVersion

Explore with Pulumi AI

gcp logo
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

    A CryptoKeyVersion represents an individual cryptographic key, and the associated key material.

    Destroying a cryptoKeyVersion will not delete the resource from the project.

    To get more information about CryptoKeyVersion, see:

    Example Usage

    Kms Crypto Key Version Basic

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const keyring = new gcp.kms.KeyRing("keyring", {
        name: "keyring-example",
        location: "global",
    });
    const cryptokey = new gcp.kms.CryptoKey("cryptokey", {
        name: "crypto-key-example",
        keyRing: keyring.id,
        rotationPeriod: "7776000s",
    });
    const example_key = new gcp.kms.CryptoKeyVersion("example-key", {cryptoKey: cryptokey.id});
    
    import pulumi
    import pulumi_gcp as gcp
    
    keyring = gcp.kms.KeyRing("keyring",
        name="keyring-example",
        location="global")
    cryptokey = gcp.kms.CryptoKey("cryptokey",
        name="crypto-key-example",
        key_ring=keyring.id,
        rotation_period="7776000s")
    example_key = gcp.kms.CryptoKeyVersion("example-key", crypto_key=cryptokey.id)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{
    			Name:     pulumi.String("keyring-example"),
    			Location: pulumi.String("global"),
    		})
    		if err != nil {
    			return err
    		}
    		cryptokey, err := kms.NewCryptoKey(ctx, "cryptokey", &kms.CryptoKeyArgs{
    			Name:           pulumi.String("crypto-key-example"),
    			KeyRing:        keyring.ID(),
    			RotationPeriod: pulumi.String("7776000s"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = kms.NewCryptoKeyVersion(ctx, "example-key", &kms.CryptoKeyVersionArgs{
    			CryptoKey: cryptokey.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var keyring = new Gcp.Kms.KeyRing("keyring", new()
        {
            Name = "keyring-example",
            Location = "global",
        });
    
        var cryptokey = new Gcp.Kms.CryptoKey("cryptokey", new()
        {
            Name = "crypto-key-example",
            KeyRing = keyring.Id,
            RotationPeriod = "7776000s",
        });
    
        var example_key = new Gcp.Kms.CryptoKeyVersion("example-key", new()
        {
            CryptoKey = cryptokey.Id,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.kms.KeyRing;
    import com.pulumi.gcp.kms.KeyRingArgs;
    import com.pulumi.gcp.kms.CryptoKey;
    import com.pulumi.gcp.kms.CryptoKeyArgs;
    import com.pulumi.gcp.kms.CryptoKeyVersion;
    import com.pulumi.gcp.kms.CryptoKeyVersionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var keyring = new KeyRing("keyring", KeyRingArgs.builder()
                .name("keyring-example")
                .location("global")
                .build());
    
            var cryptokey = new CryptoKey("cryptokey", CryptoKeyArgs.builder()
                .name("crypto-key-example")
                .keyRing(keyring.id())
                .rotationPeriod("7776000s")
                .build());
    
            var example_key = new CryptoKeyVersion("example-key", CryptoKeyVersionArgs.builder()
                .cryptoKey(cryptokey.id())
                .build());
    
        }
    }
    
    resources:
      keyring:
        type: gcp:kms:KeyRing
        properties:
          name: keyring-example
          location: global
      cryptokey:
        type: gcp:kms:CryptoKey
        properties:
          name: crypto-key-example
          keyRing: ${keyring.id}
          rotationPeriod: 7776000s
      example-key:
        type: gcp:kms:CryptoKeyVersion
        properties:
          cryptoKey: ${cryptokey.id}
    

    Create CryptoKeyVersion Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new CryptoKeyVersion(name: string, args: CryptoKeyVersionArgs, opts?: CustomResourceOptions);
    @overload
    def CryptoKeyVersion(resource_name: str,
                         args: CryptoKeyVersionArgs,
                         opts: Optional[ResourceOptions] = None)
    
    @overload
    def CryptoKeyVersion(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         crypto_key: Optional[str] = None,
                         external_protection_level_options: Optional[CryptoKeyVersionExternalProtectionLevelOptionsArgs] = None,
                         state: Optional[str] = None)
    func NewCryptoKeyVersion(ctx *Context, name string, args CryptoKeyVersionArgs, opts ...ResourceOption) (*CryptoKeyVersion, error)
    public CryptoKeyVersion(string name, CryptoKeyVersionArgs args, CustomResourceOptions? opts = null)
    public CryptoKeyVersion(String name, CryptoKeyVersionArgs args)
    public CryptoKeyVersion(String name, CryptoKeyVersionArgs args, CustomResourceOptions options)
    
    type: gcp:kms:CryptoKeyVersion
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args CryptoKeyVersionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args CryptoKeyVersionArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args CryptoKeyVersionArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args CryptoKeyVersionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args CryptoKeyVersionArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var cryptoKeyVersionResource = new Gcp.Kms.CryptoKeyVersion("cryptoKeyVersionResource", new()
    {
        CryptoKey = "string",
        ExternalProtectionLevelOptions = new Gcp.Kms.Inputs.CryptoKeyVersionExternalProtectionLevelOptionsArgs
        {
            EkmConnectionKeyPath = "string",
            ExternalKeyUri = "string",
        },
        State = "string",
    });
    
    example, err := kms.NewCryptoKeyVersion(ctx, "cryptoKeyVersionResource", &kms.CryptoKeyVersionArgs{
    	CryptoKey: pulumi.String("string"),
    	ExternalProtectionLevelOptions: &kms.CryptoKeyVersionExternalProtectionLevelOptionsArgs{
    		EkmConnectionKeyPath: pulumi.String("string"),
    		ExternalKeyUri:       pulumi.String("string"),
    	},
    	State: pulumi.String("string"),
    })
    
    var cryptoKeyVersionResource = new CryptoKeyVersion("cryptoKeyVersionResource", CryptoKeyVersionArgs.builder()
        .cryptoKey("string")
        .externalProtectionLevelOptions(CryptoKeyVersionExternalProtectionLevelOptionsArgs.builder()
            .ekmConnectionKeyPath("string")
            .externalKeyUri("string")
            .build())
        .state("string")
        .build());
    
    crypto_key_version_resource = gcp.kms.CryptoKeyVersion("cryptoKeyVersionResource",
        crypto_key="string",
        external_protection_level_options={
            "ekm_connection_key_path": "string",
            "external_key_uri": "string",
        },
        state="string")
    
    const cryptoKeyVersionResource = new gcp.kms.CryptoKeyVersion("cryptoKeyVersionResource", {
        cryptoKey: "string",
        externalProtectionLevelOptions: {
            ekmConnectionKeyPath: "string",
            externalKeyUri: "string",
        },
        state: "string",
    });
    
    type: gcp:kms:CryptoKeyVersion
    properties:
        cryptoKey: string
        externalProtectionLevelOptions:
            ekmConnectionKeyPath: string
            externalKeyUri: string
        state: string
    

    CryptoKeyVersion Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The CryptoKeyVersion resource accepts the following input properties:

    CryptoKey string
    The name of the cryptoKey associated with the CryptoKeyVersions. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}'


    ExternalProtectionLevelOptions CryptoKeyVersionExternalProtectionLevelOptions
    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
    State string
    The current state of the CryptoKeyVersion. Possible values are: PENDING_GENERATION, ENABLED, DISABLED, DESTROYED, DESTROY_SCHEDULED, PENDING_IMPORT, IMPORT_FAILED.
    CryptoKey string
    The name of the cryptoKey associated with the CryptoKeyVersions. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}'


    ExternalProtectionLevelOptions CryptoKeyVersionExternalProtectionLevelOptionsArgs
    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
    State string
    The current state of the CryptoKeyVersion. Possible values are: PENDING_GENERATION, ENABLED, DISABLED, DESTROYED, DESTROY_SCHEDULED, PENDING_IMPORT, IMPORT_FAILED.
    cryptoKey String
    The name of the cryptoKey associated with the CryptoKeyVersions. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}'


    externalProtectionLevelOptions CryptoKeyVersionExternalProtectionLevelOptions
    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
    state String
    The current state of the CryptoKeyVersion. Possible values are: PENDING_GENERATION, ENABLED, DISABLED, DESTROYED, DESTROY_SCHEDULED, PENDING_IMPORT, IMPORT_FAILED.
    cryptoKey string
    The name of the cryptoKey associated with the CryptoKeyVersions. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}'


    externalProtectionLevelOptions CryptoKeyVersionExternalProtectionLevelOptions
    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
    state string
    The current state of the CryptoKeyVersion. Possible values are: PENDING_GENERATION, ENABLED, DISABLED, DESTROYED, DESTROY_SCHEDULED, PENDING_IMPORT, IMPORT_FAILED.
    crypto_key str
    The name of the cryptoKey associated with the CryptoKeyVersions. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}'


    external_protection_level_options CryptoKeyVersionExternalProtectionLevelOptionsArgs
    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
    state str
    The current state of the CryptoKeyVersion. Possible values are: PENDING_GENERATION, ENABLED, DISABLED, DESTROYED, DESTROY_SCHEDULED, PENDING_IMPORT, IMPORT_FAILED.
    cryptoKey String
    The name of the cryptoKey associated with the CryptoKeyVersions. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}'


    externalProtectionLevelOptions Property Map
    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
    state String
    The current state of the CryptoKeyVersion. Possible values are: PENDING_GENERATION, ENABLED, DISABLED, DESTROYED, DESTROY_SCHEDULED, PENDING_IMPORT, IMPORT_FAILED.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the CryptoKeyVersion resource produces the following output properties:

    Algorithm string
    The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
    Attestations List<CryptoKeyVersionAttestation>
    Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.
    GenerateTime string
    The time this CryptoKeyVersion key material was generated
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    The resource name for this CryptoKeyVersion.
    ProtectionLevel string
    The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
    Algorithm string
    The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
    Attestations []CryptoKeyVersionAttestation
    Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.
    GenerateTime string
    The time this CryptoKeyVersion key material was generated
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    The resource name for this CryptoKeyVersion.
    ProtectionLevel string
    The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
    algorithm String
    The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
    attestations List<CryptoKeyVersionAttestation>
    Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.
    generateTime String
    The time this CryptoKeyVersion key material was generated
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    The resource name for this CryptoKeyVersion.
    protectionLevel String
    The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
    algorithm string
    The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
    attestations CryptoKeyVersionAttestation[]
    Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.
    generateTime string
    The time this CryptoKeyVersion key material was generated
    id string
    The provider-assigned unique ID for this managed resource.
    name string
    The resource name for this CryptoKeyVersion.
    protectionLevel string
    The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
    algorithm str
    The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
    attestations Sequence[CryptoKeyVersionAttestation]
    Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.
    generate_time str
    The time this CryptoKeyVersion key material was generated
    id str
    The provider-assigned unique ID for this managed resource.
    name str
    The resource name for this CryptoKeyVersion.
    protection_level str
    The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
    algorithm String
    The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
    attestations List<Property Map>
    Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.
    generateTime String
    The time this CryptoKeyVersion key material was generated
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    The resource name for this CryptoKeyVersion.
    protectionLevel String
    The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.

    Look up Existing CryptoKeyVersion Resource

    Get an existing CryptoKeyVersion resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: CryptoKeyVersionState, opts?: CustomResourceOptions): CryptoKeyVersion
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            algorithm: Optional[str] = None,
            attestations: Optional[Sequence[CryptoKeyVersionAttestationArgs]] = None,
            crypto_key: Optional[str] = None,
            external_protection_level_options: Optional[CryptoKeyVersionExternalProtectionLevelOptionsArgs] = None,
            generate_time: Optional[str] = None,
            name: Optional[str] = None,
            protection_level: Optional[str] = None,
            state: Optional[str] = None) -> CryptoKeyVersion
    func GetCryptoKeyVersion(ctx *Context, name string, id IDInput, state *CryptoKeyVersionState, opts ...ResourceOption) (*CryptoKeyVersion, error)
    public static CryptoKeyVersion Get(string name, Input<string> id, CryptoKeyVersionState? state, CustomResourceOptions? opts = null)
    public static CryptoKeyVersion get(String name, Output<String> id, CryptoKeyVersionState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Algorithm string
    The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
    Attestations List<CryptoKeyVersionAttestation>
    Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.
    CryptoKey string
    The name of the cryptoKey associated with the CryptoKeyVersions. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}'


    ExternalProtectionLevelOptions CryptoKeyVersionExternalProtectionLevelOptions
    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
    GenerateTime string
    The time this CryptoKeyVersion key material was generated
    Name string
    The resource name for this CryptoKeyVersion.
    ProtectionLevel string
    The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
    State string
    The current state of the CryptoKeyVersion. Possible values are: PENDING_GENERATION, ENABLED, DISABLED, DESTROYED, DESTROY_SCHEDULED, PENDING_IMPORT, IMPORT_FAILED.
    Algorithm string
    The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
    Attestations []CryptoKeyVersionAttestationArgs
    Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.
    CryptoKey string
    The name of the cryptoKey associated with the CryptoKeyVersions. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}'


    ExternalProtectionLevelOptions CryptoKeyVersionExternalProtectionLevelOptionsArgs
    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
    GenerateTime string
    The time this CryptoKeyVersion key material was generated
    Name string
    The resource name for this CryptoKeyVersion.
    ProtectionLevel string
    The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
    State string
    The current state of the CryptoKeyVersion. Possible values are: PENDING_GENERATION, ENABLED, DISABLED, DESTROYED, DESTROY_SCHEDULED, PENDING_IMPORT, IMPORT_FAILED.
    algorithm String
    The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
    attestations List<CryptoKeyVersionAttestation>
    Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.
    cryptoKey String
    The name of the cryptoKey associated with the CryptoKeyVersions. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}'


    externalProtectionLevelOptions CryptoKeyVersionExternalProtectionLevelOptions
    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
    generateTime String
    The time this CryptoKeyVersion key material was generated
    name String
    The resource name for this CryptoKeyVersion.
    protectionLevel String
    The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
    state String
    The current state of the CryptoKeyVersion. Possible values are: PENDING_GENERATION, ENABLED, DISABLED, DESTROYED, DESTROY_SCHEDULED, PENDING_IMPORT, IMPORT_FAILED.
    algorithm string
    The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
    attestations CryptoKeyVersionAttestation[]
    Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.
    cryptoKey string
    The name of the cryptoKey associated with the CryptoKeyVersions. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}'


    externalProtectionLevelOptions CryptoKeyVersionExternalProtectionLevelOptions
    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
    generateTime string
    The time this CryptoKeyVersion key material was generated
    name string
    The resource name for this CryptoKeyVersion.
    protectionLevel string
    The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
    state string
    The current state of the CryptoKeyVersion. Possible values are: PENDING_GENERATION, ENABLED, DISABLED, DESTROYED, DESTROY_SCHEDULED, PENDING_IMPORT, IMPORT_FAILED.
    algorithm str
    The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
    attestations Sequence[CryptoKeyVersionAttestationArgs]
    Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.
    crypto_key str
    The name of the cryptoKey associated with the CryptoKeyVersions. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}'


    external_protection_level_options CryptoKeyVersionExternalProtectionLevelOptionsArgs
    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
    generate_time str
    The time this CryptoKeyVersion key material was generated
    name str
    The resource name for this CryptoKeyVersion.
    protection_level str
    The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
    state str
    The current state of the CryptoKeyVersion. Possible values are: PENDING_GENERATION, ENABLED, DISABLED, DESTROYED, DESTROY_SCHEDULED, PENDING_IMPORT, IMPORT_FAILED.
    algorithm String
    The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
    attestations List<Property Map>
    Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protectionLevel HSM. Structure is documented below.
    cryptoKey String
    The name of the cryptoKey associated with the CryptoKeyVersions. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}'


    externalProtectionLevelOptions Property Map
    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.
    generateTime String
    The time this CryptoKeyVersion key material was generated
    name String
    The resource name for this CryptoKeyVersion.
    protectionLevel String
    The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
    state String
    The current state of the CryptoKeyVersion. Possible values are: PENDING_GENERATION, ENABLED, DISABLED, DESTROYED, DESTROY_SCHEDULED, PENDING_IMPORT, IMPORT_FAILED.

    Supporting Types

    CryptoKeyVersionAttestation, CryptoKeyVersionAttestationArgs

    CertChains CryptoKeyVersionAttestationCertChains
    The certificate chains needed to validate the attestation Structure is documented below.
    Content string
    (Output) The attestation data provided by the HSM when the key operation was performed.
    ExternalProtectionLevelOptions CryptoKeyVersionAttestationExternalProtectionLevelOptions
    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.

    Deprecated: externalProtectionLevelOptions is being un-nested from the attestation field. Please use the top level externalProtectionLevelOptions field instead.

    Format string
    (Output) The format of the attestation data.
    CertChains CryptoKeyVersionAttestationCertChains
    The certificate chains needed to validate the attestation Structure is documented below.
    Content string
    (Output) The attestation data provided by the HSM when the key operation was performed.
    ExternalProtectionLevelOptions CryptoKeyVersionAttestationExternalProtectionLevelOptions
    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.

    Deprecated: externalProtectionLevelOptions is being un-nested from the attestation field. Please use the top level externalProtectionLevelOptions field instead.

    Format string
    (Output) The format of the attestation data.
    certChains CryptoKeyVersionAttestationCertChains
    The certificate chains needed to validate the attestation Structure is documented below.
    content String
    (Output) The attestation data provided by the HSM when the key operation was performed.
    externalProtectionLevelOptions CryptoKeyVersionAttestationExternalProtectionLevelOptions
    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.

    Deprecated: externalProtectionLevelOptions is being un-nested from the attestation field. Please use the top level externalProtectionLevelOptions field instead.

    format String
    (Output) The format of the attestation data.
    certChains CryptoKeyVersionAttestationCertChains
    The certificate chains needed to validate the attestation Structure is documented below.
    content string
    (Output) The attestation data provided by the HSM when the key operation was performed.
    externalProtectionLevelOptions CryptoKeyVersionAttestationExternalProtectionLevelOptions
    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.

    Deprecated: externalProtectionLevelOptions is being un-nested from the attestation field. Please use the top level externalProtectionLevelOptions field instead.

    format string
    (Output) The format of the attestation data.
    cert_chains CryptoKeyVersionAttestationCertChains
    The certificate chains needed to validate the attestation Structure is documented below.
    content str
    (Output) The attestation data provided by the HSM when the key operation was performed.
    external_protection_level_options CryptoKeyVersionAttestationExternalProtectionLevelOptions
    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.

    Deprecated: externalProtectionLevelOptions is being un-nested from the attestation field. Please use the top level externalProtectionLevelOptions field instead.

    format str
    (Output) The format of the attestation data.
    certChains Property Map
    The certificate chains needed to validate the attestation Structure is documented below.
    content String
    (Output) The attestation data provided by the HSM when the key operation was performed.
    externalProtectionLevelOptions Property Map
    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below.

    Deprecated: externalProtectionLevelOptions is being un-nested from the attestation field. Please use the top level externalProtectionLevelOptions field instead.

    format String
    (Output) The format of the attestation data.

    CryptoKeyVersionAttestationCertChains, CryptoKeyVersionAttestationCertChainsArgs

    CaviumCerts List<string>
    Cavium certificate chain corresponding to the attestation.
    GoogleCardCerts List<string>
    Google card certificate chain corresponding to the attestation.
    GooglePartitionCerts List<string>
    Google partition certificate chain corresponding to the attestation.
    CaviumCerts []string
    Cavium certificate chain corresponding to the attestation.
    GoogleCardCerts []string
    Google card certificate chain corresponding to the attestation.
    GooglePartitionCerts []string
    Google partition certificate chain corresponding to the attestation.
    caviumCerts List<String>
    Cavium certificate chain corresponding to the attestation.
    googleCardCerts List<String>
    Google card certificate chain corresponding to the attestation.
    googlePartitionCerts List<String>
    Google partition certificate chain corresponding to the attestation.
    caviumCerts string[]
    Cavium certificate chain corresponding to the attestation.
    googleCardCerts string[]
    Google card certificate chain corresponding to the attestation.
    googlePartitionCerts string[]
    Google partition certificate chain corresponding to the attestation.
    cavium_certs Sequence[str]
    Cavium certificate chain corresponding to the attestation.
    google_card_certs Sequence[str]
    Google card certificate chain corresponding to the attestation.
    google_partition_certs Sequence[str]
    Google partition certificate chain corresponding to the attestation.
    caviumCerts List<String>
    Cavium certificate chain corresponding to the attestation.
    googleCardCerts List<String>
    Google card certificate chain corresponding to the attestation.
    googlePartitionCerts List<String>
    Google partition certificate chain corresponding to the attestation.

    CryptoKeyVersionAttestationExternalProtectionLevelOptions, CryptoKeyVersionAttestationExternalProtectionLevelOptionsArgs

    EkmConnectionKeyPath string
    The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
    ExternalKeyUri string
    The URI for an external resource that this CryptoKeyVersion represents.
    EkmConnectionKeyPath string
    The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
    ExternalKeyUri string
    The URI for an external resource that this CryptoKeyVersion represents.
    ekmConnectionKeyPath String
    The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
    externalKeyUri String
    The URI for an external resource that this CryptoKeyVersion represents.
    ekmConnectionKeyPath string
    The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
    externalKeyUri string
    The URI for an external resource that this CryptoKeyVersion represents.
    ekm_connection_key_path str
    The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
    external_key_uri str
    The URI for an external resource that this CryptoKeyVersion represents.
    ekmConnectionKeyPath String
    The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
    externalKeyUri String
    The URI for an external resource that this CryptoKeyVersion represents.

    CryptoKeyVersionExternalProtectionLevelOptions, CryptoKeyVersionExternalProtectionLevelOptionsArgs

    EkmConnectionKeyPath string
    The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
    ExternalKeyUri string
    The URI for an external resource that this CryptoKeyVersion represents.
    EkmConnectionKeyPath string
    The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
    ExternalKeyUri string
    The URI for an external resource that this CryptoKeyVersion represents.
    ekmConnectionKeyPath String
    The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
    externalKeyUri String
    The URI for an external resource that this CryptoKeyVersion represents.
    ekmConnectionKeyPath string
    The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
    externalKeyUri string
    The URI for an external resource that this CryptoKeyVersion represents.
    ekm_connection_key_path str
    The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
    external_key_uri str
    The URI for an external resource that this CryptoKeyVersion represents.
    ekmConnectionKeyPath String
    The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection.
    externalKeyUri String
    The URI for an external resource that this CryptoKeyVersion represents.

    Import

    CryptoKeyVersion can be imported using any of these accepted formats:

    • {{name}}

    When using the pulumi import command, CryptoKeyVersion can be imported using one of the formats above. For example:

    $ pulumi import gcp:kms/cryptoKeyVersion:CryptoKeyVersion default {{name}}
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi