1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. kms
  5. getCryptoKeys
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

gcp.kms.getCryptoKeys

Explore with Pulumi AI

gcp logo
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

    Provides access to all Google Cloud Platform KMS CryptoKeys in a given KeyRing. For more information see the official documentation and API.

    A CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a Google Cloud KMS KeyRing.

    Using getCryptoKeys

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getCryptoKeys(args: GetCryptoKeysArgs, opts?: InvokeOptions): Promise<GetCryptoKeysResult>
    function getCryptoKeysOutput(args: GetCryptoKeysOutputArgs, opts?: InvokeOptions): Output<GetCryptoKeysResult>
    def get_crypto_keys(filter: Optional[str] = None,
                        key_ring: Optional[str] = None,
                        opts: Optional[InvokeOptions] = None) -> GetCryptoKeysResult
    def get_crypto_keys_output(filter: Optional[pulumi.Input[str]] = None,
                        key_ring: Optional[pulumi.Input[str]] = None,
                        opts: Optional[InvokeOptions] = None) -> Output[GetCryptoKeysResult]
    func GetCryptoKeys(ctx *Context, args *GetCryptoKeysArgs, opts ...InvokeOption) (*GetCryptoKeysResult, error)
    func GetCryptoKeysOutput(ctx *Context, args *GetCryptoKeysOutputArgs, opts ...InvokeOption) GetCryptoKeysResultOutput

    > Note: This function is named GetCryptoKeys in the Go SDK.

    public static class GetCryptoKeys 
    {
        public static Task<GetCryptoKeysResult> InvokeAsync(GetCryptoKeysArgs args, InvokeOptions? opts = null)
        public static Output<GetCryptoKeysResult> Invoke(GetCryptoKeysInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetCryptoKeysResult> getCryptoKeys(GetCryptoKeysArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: gcp:kms/getCryptoKeys:getCryptoKeys
      arguments:
        # arguments dictionary

    The following arguments are supported:

    KeyRing string
    The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.,
    Filter string

    The filter argument is used to add a filter query parameter that limits which keys are retrieved by the data source: ?filter={{filter}}. When no value is provided there is no filtering.

    Example filter values if filtering on name. Note: names take the form projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}.

    • "name:my-key-" will retrieve keys that contain "my-key-" anywhere in their name.
    • "name=projects/my-project/locations/global/keyRings/my-key-ring/cryptoKeys/my-key-1" will only retrieve a key with that exact name.

    See the documentation about using filters

    KeyRing string
    The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.,
    Filter string

    The filter argument is used to add a filter query parameter that limits which keys are retrieved by the data source: ?filter={{filter}}. When no value is provided there is no filtering.

    Example filter values if filtering on name. Note: names take the form projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}.

    • "name:my-key-" will retrieve keys that contain "my-key-" anywhere in their name.
    • "name=projects/my-project/locations/global/keyRings/my-key-ring/cryptoKeys/my-key-1" will only retrieve a key with that exact name.

    See the documentation about using filters

    keyRing String
    The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.,
    filter String

    The filter argument is used to add a filter query parameter that limits which keys are retrieved by the data source: ?filter={{filter}}. When no value is provided there is no filtering.

    Example filter values if filtering on name. Note: names take the form projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}.

    • "name:my-key-" will retrieve keys that contain "my-key-" anywhere in their name.
    • "name=projects/my-project/locations/global/keyRings/my-key-ring/cryptoKeys/my-key-1" will only retrieve a key with that exact name.

    See the documentation about using filters

    keyRing string
    The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.,
    filter string

    The filter argument is used to add a filter query parameter that limits which keys are retrieved by the data source: ?filter={{filter}}. When no value is provided there is no filtering.

    Example filter values if filtering on name. Note: names take the form projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}.

    • "name:my-key-" will retrieve keys that contain "my-key-" anywhere in their name.
    • "name=projects/my-project/locations/global/keyRings/my-key-ring/cryptoKeys/my-key-1" will only retrieve a key with that exact name.

    See the documentation about using filters

    key_ring str
    The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.,
    filter str

    The filter argument is used to add a filter query parameter that limits which keys are retrieved by the data source: ?filter={{filter}}. When no value is provided there is no filtering.

    Example filter values if filtering on name. Note: names take the form projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}.

    • "name:my-key-" will retrieve keys that contain "my-key-" anywhere in their name.
    • "name=projects/my-project/locations/global/keyRings/my-key-ring/cryptoKeys/my-key-1" will only retrieve a key with that exact name.

    See the documentation about using filters

    keyRing String
    The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.,
    filter String

    The filter argument is used to add a filter query parameter that limits which keys are retrieved by the data source: ?filter={{filter}}. When no value is provided there is no filtering.

    Example filter values if filtering on name. Note: names take the form projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}.

    • "name:my-key-" will retrieve keys that contain "my-key-" anywhere in their name.
    • "name=projects/my-project/locations/global/keyRings/my-key-ring/cryptoKeys/my-key-1" will only retrieve a key with that exact name.

    See the documentation about using filters

    getCryptoKeys Result

    The following output properties are available:

    Id string
    The provider-assigned unique ID for this managed resource.
    KeyRing string
    Keys List<GetCryptoKeysKey>
    A list of all the retrieved keys from the provided key ring. This list is influenced by the provided filter argument.
    Filter string
    Id string
    The provider-assigned unique ID for this managed resource.
    KeyRing string
    Keys []GetCryptoKeysKey
    A list of all the retrieved keys from the provided key ring. This list is influenced by the provided filter argument.
    Filter string
    id String
    The provider-assigned unique ID for this managed resource.
    keyRing String
    keys List<GetCryptoKeysKey>
    A list of all the retrieved keys from the provided key ring. This list is influenced by the provided filter argument.
    filter String
    id string
    The provider-assigned unique ID for this managed resource.
    keyRing string
    keys GetCryptoKeysKey[]
    A list of all the retrieved keys from the provided key ring. This list is influenced by the provided filter argument.
    filter string
    id str
    The provider-assigned unique ID for this managed resource.
    key_ring str
    keys Sequence[GetCryptoKeysKey]
    A list of all the retrieved keys from the provided key ring. This list is influenced by the provided filter argument.
    filter str
    id String
    The provider-assigned unique ID for this managed resource.
    keyRing String
    keys List<Property Map>
    A list of all the retrieved keys from the provided key ring. This list is influenced by the provided filter argument.
    filter String

    Supporting Types

    GetCryptoKeysKey

    CryptoKeyBackend string
    The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey. The resource name is in the format "projects//locations//ekmConnections/*" and only applies to "EXTERNAL_VPC" keys.
    DestroyScheduledDuration string
    The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 30 days.
    EffectiveLabels Dictionary<string, string>
    Id string
    ImportOnly bool
    Whether this key may contain imported versions only.
    KeyAccessJustificationsPolicies List<GetCryptoKeysKeyKeyAccessJustificationsPolicy>
    The policy used for Key Access Justifications Policy Enforcement. If this field is present and this key is enrolled in Key Access Justifications Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if rejected by the policy. The policy is defined by specifying zero or more allowed justification codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes By default, this field is absent, and all justification codes are allowed. This field is currently in beta and is subject to change.
    Labels Dictionary<string, string>

    Labels with user-defined metadata to apply to this resource.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

    Primaries List<GetCryptoKeysKeyPrimary>
    A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.
    PulumiLabels Dictionary<string, string>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    Purpose string
    The immutable purpose of this CryptoKey. See the purpose reference for possible inputs. Default value is "ENCRYPT_DECRYPT".
    RotationPeriod string
    Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter 's' (seconds). It must be greater than a day (ie, 86400).
    SkipInitialVersionCreation bool
    If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must use the 'google_kms_crypto_key_version' resource to create a new CryptoKeyVersion or 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.
    VersionTemplates List<GetCryptoKeysKeyVersionTemplate>
    A template describing settings for new crypto key versions.
    KeyRing string
    The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.,
    Name string
    The resource name for the CryptoKey.
    CryptoKeyBackend string
    The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey. The resource name is in the format "projects//locations//ekmConnections/*" and only applies to "EXTERNAL_VPC" keys.
    DestroyScheduledDuration string
    The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 30 days.
    EffectiveLabels map[string]string
    Id string
    ImportOnly bool
    Whether this key may contain imported versions only.
    KeyAccessJustificationsPolicies []GetCryptoKeysKeyKeyAccessJustificationsPolicy
    The policy used for Key Access Justifications Policy Enforcement. If this field is present and this key is enrolled in Key Access Justifications Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if rejected by the policy. The policy is defined by specifying zero or more allowed justification codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes By default, this field is absent, and all justification codes are allowed. This field is currently in beta and is subject to change.
    Labels map[string]string

    Labels with user-defined metadata to apply to this resource.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

    Primaries []GetCryptoKeysKeyPrimary
    A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.
    PulumiLabels map[string]string
    The combination of labels configured directly on the resource and default labels configured on the provider.
    Purpose string
    The immutable purpose of this CryptoKey. See the purpose reference for possible inputs. Default value is "ENCRYPT_DECRYPT".
    RotationPeriod string
    Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter 's' (seconds). It must be greater than a day (ie, 86400).
    SkipInitialVersionCreation bool
    If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must use the 'google_kms_crypto_key_version' resource to create a new CryptoKeyVersion or 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.
    VersionTemplates []GetCryptoKeysKeyVersionTemplate
    A template describing settings for new crypto key versions.
    KeyRing string
    The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.,
    Name string
    The resource name for the CryptoKey.
    cryptoKeyBackend String
    The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey. The resource name is in the format "projects//locations//ekmConnections/*" and only applies to "EXTERNAL_VPC" keys.
    destroyScheduledDuration String
    The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 30 days.
    effectiveLabels Map<String,String>
    id String
    importOnly Boolean
    Whether this key may contain imported versions only.
    keyAccessJustificationsPolicies List<GetCryptoKeysKeyKeyAccessJustificationsPolicy>
    The policy used for Key Access Justifications Policy Enforcement. If this field is present and this key is enrolled in Key Access Justifications Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if rejected by the policy. The policy is defined by specifying zero or more allowed justification codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes By default, this field is absent, and all justification codes are allowed. This field is currently in beta and is subject to change.
    labels Map<String,String>

    Labels with user-defined metadata to apply to this resource.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

    primaries List<GetCryptoKeysKeyPrimary>
    A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.
    pulumiLabels Map<String,String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    purpose String
    The immutable purpose of this CryptoKey. See the purpose reference for possible inputs. Default value is "ENCRYPT_DECRYPT".
    rotationPeriod String
    Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter 's' (seconds). It must be greater than a day (ie, 86400).
    skipInitialVersionCreation Boolean
    If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must use the 'google_kms_crypto_key_version' resource to create a new CryptoKeyVersion or 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.
    versionTemplates List<GetCryptoKeysKeyVersionTemplate>
    A template describing settings for new crypto key versions.
    keyRing String
    The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.,
    name String
    The resource name for the CryptoKey.
    cryptoKeyBackend string
    The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey. The resource name is in the format "projects//locations//ekmConnections/*" and only applies to "EXTERNAL_VPC" keys.
    destroyScheduledDuration string
    The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 30 days.
    effectiveLabels {[key: string]: string}
    id string
    importOnly boolean
    Whether this key may contain imported versions only.
    keyAccessJustificationsPolicies GetCryptoKeysKeyKeyAccessJustificationsPolicy[]
    The policy used for Key Access Justifications Policy Enforcement. If this field is present and this key is enrolled in Key Access Justifications Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if rejected by the policy. The policy is defined by specifying zero or more allowed justification codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes By default, this field is absent, and all justification codes are allowed. This field is currently in beta and is subject to change.
    labels {[key: string]: string}

    Labels with user-defined metadata to apply to this resource.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

    primaries GetCryptoKeysKeyPrimary[]
    A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.
    pulumiLabels {[key: string]: string}
    The combination of labels configured directly on the resource and default labels configured on the provider.
    purpose string
    The immutable purpose of this CryptoKey. See the purpose reference for possible inputs. Default value is "ENCRYPT_DECRYPT".
    rotationPeriod string
    Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter 's' (seconds). It must be greater than a day (ie, 86400).
    skipInitialVersionCreation boolean
    If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must use the 'google_kms_crypto_key_version' resource to create a new CryptoKeyVersion or 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.
    versionTemplates GetCryptoKeysKeyVersionTemplate[]
    A template describing settings for new crypto key versions.
    keyRing string
    The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.,
    name string
    The resource name for the CryptoKey.
    crypto_key_backend str
    The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey. The resource name is in the format "projects//locations//ekmConnections/*" and only applies to "EXTERNAL_VPC" keys.
    destroy_scheduled_duration str
    The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 30 days.
    effective_labels Mapping[str, str]
    id str
    import_only bool
    Whether this key may contain imported versions only.
    key_access_justifications_policies Sequence[GetCryptoKeysKeyKeyAccessJustificationsPolicy]
    The policy used for Key Access Justifications Policy Enforcement. If this field is present and this key is enrolled in Key Access Justifications Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if rejected by the policy. The policy is defined by specifying zero or more allowed justification codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes By default, this field is absent, and all justification codes are allowed. This field is currently in beta and is subject to change.
    labels Mapping[str, str]

    Labels with user-defined metadata to apply to this resource.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

    primaries Sequence[GetCryptoKeysKeyPrimary]
    A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.
    pulumi_labels Mapping[str, str]
    The combination of labels configured directly on the resource and default labels configured on the provider.
    purpose str
    The immutable purpose of this CryptoKey. See the purpose reference for possible inputs. Default value is "ENCRYPT_DECRYPT".
    rotation_period str
    Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter 's' (seconds). It must be greater than a day (ie, 86400).
    skip_initial_version_creation bool
    If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must use the 'google_kms_crypto_key_version' resource to create a new CryptoKeyVersion or 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.
    version_templates Sequence[GetCryptoKeysKeyVersionTemplate]
    A template describing settings for new crypto key versions.
    key_ring str
    The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.,
    name str
    The resource name for the CryptoKey.
    cryptoKeyBackend String
    The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey. The resource name is in the format "projects//locations//ekmConnections/*" and only applies to "EXTERNAL_VPC" keys.
    destroyScheduledDuration String
    The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 30 days.
    effectiveLabels Map<String>
    id String
    importOnly Boolean
    Whether this key may contain imported versions only.
    keyAccessJustificationsPolicies List<Property Map>
    The policy used for Key Access Justifications Policy Enforcement. If this field is present and this key is enrolled in Key Access Justifications Policy Enforcement, the policy will be evaluated in encrypt, decrypt, and sign operations, and the operation will fail if rejected by the policy. The policy is defined by specifying zero or more allowed justification codes. https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes By default, this field is absent, and all justification codes are allowed. This field is currently in beta and is subject to change.
    labels Map<String>

    Labels with user-defined metadata to apply to this resource.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective_labels' for all of the labels present on the resource.

    primaries List<Property Map>
    A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.
    pulumiLabels Map<String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    purpose String
    The immutable purpose of this CryptoKey. See the purpose reference for possible inputs. Default value is "ENCRYPT_DECRYPT".
    rotationPeriod String
    Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter 's' (seconds). It must be greater than a day (ie, 86400).
    skipInitialVersionCreation Boolean
    If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must use the 'google_kms_crypto_key_version' resource to create a new CryptoKeyVersion or 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.
    versionTemplates List<Property Map>
    A template describing settings for new crypto key versions.
    keyRing String
    The key ring that the keys belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.,
    name String
    The resource name for the CryptoKey.

    GetCryptoKeysKeyKeyAccessJustificationsPolicy

    AllowedAccessReasons List<string>
    The list of allowed reasons for access to this CryptoKey. Zero allowed access reasons means all encrypt, decrypt, and sign operations for this CryptoKey will fail.
    AllowedAccessReasons []string
    The list of allowed reasons for access to this CryptoKey. Zero allowed access reasons means all encrypt, decrypt, and sign operations for this CryptoKey will fail.
    allowedAccessReasons List<String>
    The list of allowed reasons for access to this CryptoKey. Zero allowed access reasons means all encrypt, decrypt, and sign operations for this CryptoKey will fail.
    allowedAccessReasons string[]
    The list of allowed reasons for access to this CryptoKey. Zero allowed access reasons means all encrypt, decrypt, and sign operations for this CryptoKey will fail.
    allowed_access_reasons Sequence[str]
    The list of allowed reasons for access to this CryptoKey. Zero allowed access reasons means all encrypt, decrypt, and sign operations for this CryptoKey will fail.
    allowedAccessReasons List<String>
    The list of allowed reasons for access to this CryptoKey. Zero allowed access reasons means all encrypt, decrypt, and sign operations for this CryptoKey will fail.

    GetCryptoKeysKeyPrimary

    Name string
    The resource name for this CryptoKeyVersion.
    State string
    The current state of the CryptoKeyVersion.
    Name string
    The resource name for this CryptoKeyVersion.
    State string
    The current state of the CryptoKeyVersion.
    name String
    The resource name for this CryptoKeyVersion.
    state String
    The current state of the CryptoKeyVersion.
    name string
    The resource name for this CryptoKeyVersion.
    state string
    The current state of the CryptoKeyVersion.
    name str
    The resource name for this CryptoKeyVersion.
    state str
    The current state of the CryptoKeyVersion.
    name String
    The resource name for this CryptoKeyVersion.
    state String
    The current state of the CryptoKeyVersion.

    GetCryptoKeysKeyVersionTemplate

    Algorithm string
    The algorithm to use when creating a version based on this template. See the algorithm reference for possible inputs.
    ProtectionLevel string
    The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".
    Algorithm string
    The algorithm to use when creating a version based on this template. See the algorithm reference for possible inputs.
    ProtectionLevel string
    The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".
    algorithm String
    The algorithm to use when creating a version based on this template. See the algorithm reference for possible inputs.
    protectionLevel String
    The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".
    algorithm string
    The algorithm to use when creating a version based on this template. See the algorithm reference for possible inputs.
    protectionLevel string
    The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".
    algorithm str
    The algorithm to use when creating a version based on this template. See the algorithm reference for possible inputs.
    protection_level str
    The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".
    algorithm String
    The algorithm to use when creating a version based on this template. See the algorithm reference for possible inputs.
    protectionLevel String
    The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi