1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. kms
  5. getKMSCryptoKey
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

gcp.kms.getKMSCryptoKey

Explore with Pulumi AI

gcp logo
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

    Provides access to a Google Cloud Platform KMS CryptoKey. For more information see the official documentation and API.

    A CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a Google Cloud KMS KeyRing.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const myKeyRing = gcp.kms.getKMSKeyRing({
        name: "my-key-ring",
        location: "us-central1",
    });
    const myCryptoKey = myKeyRing.then(myKeyRing => gcp.kms.getKMSCryptoKey({
        name: "my-crypto-key",
        keyRing: myKeyRing.id,
    }));
    
    import pulumi
    import pulumi_gcp as gcp
    
    my_key_ring = gcp.kms.get_kms_key_ring(name="my-key-ring",
        location="us-central1")
    my_crypto_key = gcp.kms.get_kms_crypto_key(name="my-crypto-key",
        key_ring=my_key_ring.id)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		myKeyRing, err := kms.GetKMSKeyRing(ctx, &kms.GetKMSKeyRingArgs{
    			Name:     "my-key-ring",
    			Location: "us-central1",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = kms.GetKMSCryptoKey(ctx, &kms.GetKMSCryptoKeyArgs{
    			Name:    "my-crypto-key",
    			KeyRing: myKeyRing.Id,
    		}, nil)
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var myKeyRing = Gcp.Kms.GetKMSKeyRing.Invoke(new()
        {
            Name = "my-key-ring",
            Location = "us-central1",
        });
    
        var myCryptoKey = Gcp.Kms.GetKMSCryptoKey.Invoke(new()
        {
            Name = "my-crypto-key",
            KeyRing = myKeyRing.Apply(getKMSKeyRingResult => getKMSKeyRingResult.Id),
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.kms.KmsFunctions;
    import com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;
    import com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var myKeyRing = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()
                .name("my-key-ring")
                .location("us-central1")
                .build());
    
            final var myCryptoKey = KmsFunctions.getKMSCryptoKey(GetKMSCryptoKeyArgs.builder()
                .name("my-crypto-key")
                .keyRing(myKeyRing.applyValue(getKMSKeyRingResult -> getKMSKeyRingResult.id()))
                .build());
    
        }
    }
    
    variables:
      myKeyRing:
        fn::invoke:
          Function: gcp:kms:getKMSKeyRing
          Arguments:
            name: my-key-ring
            location: us-central1
      myCryptoKey:
        fn::invoke:
          Function: gcp:kms:getKMSCryptoKey
          Arguments:
            name: my-crypto-key
            keyRing: ${myKeyRing.id}
    

    Using getKMSCryptoKey

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getKMSCryptoKey(args: GetKMSCryptoKeyArgs, opts?: InvokeOptions): Promise<GetKMSCryptoKeyResult>
    function getKMSCryptoKeyOutput(args: GetKMSCryptoKeyOutputArgs, opts?: InvokeOptions): Output<GetKMSCryptoKeyResult>
    def get_kms_crypto_key(key_ring: Optional[str] = None,
                           name: Optional[str] = None,
                           opts: Optional[InvokeOptions] = None) -> GetKMSCryptoKeyResult
    def get_kms_crypto_key_output(key_ring: Optional[pulumi.Input[str]] = None,
                           name: Optional[pulumi.Input[str]] = None,
                           opts: Optional[InvokeOptions] = None) -> Output[GetKMSCryptoKeyResult]
    func GetKMSCryptoKey(ctx *Context, args *GetKMSCryptoKeyArgs, opts ...InvokeOption) (*GetKMSCryptoKeyResult, error)
    func GetKMSCryptoKeyOutput(ctx *Context, args *GetKMSCryptoKeyOutputArgs, opts ...InvokeOption) GetKMSCryptoKeyResultOutput

    > Note: This function is named GetKMSCryptoKey in the Go SDK.

    public static class GetKMSCryptoKey 
    {
        public static Task<GetKMSCryptoKeyResult> InvokeAsync(GetKMSCryptoKeyArgs args, InvokeOptions? opts = null)
        public static Output<GetKMSCryptoKeyResult> Invoke(GetKMSCryptoKeyInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetKMSCryptoKeyResult> getKMSCryptoKey(GetKMSCryptoKeyArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: gcp:kms/getKMSCryptoKey:getKMSCryptoKey
      arguments:
        # arguments dictionary

    The following arguments are supported:

    KeyRing string
    The id of the Google Cloud Platform KeyRing to which the key belongs.
    Name string
    The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}
    KeyRing string
    The id of the Google Cloud Platform KeyRing to which the key belongs.
    Name string
    The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}
    keyRing String
    The id of the Google Cloud Platform KeyRing to which the key belongs.
    name String
    The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}
    keyRing string
    The id of the Google Cloud Platform KeyRing to which the key belongs.
    name string
    The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}
    key_ring str
    The id of the Google Cloud Platform KeyRing to which the key belongs.
    name str
    The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}
    keyRing String
    The id of the Google Cloud Platform KeyRing to which the key belongs.
    name String
    The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

    getKMSCryptoKey Result

    The following output properties are available:

    CryptoKeyBackend string
    DestroyScheduledDuration string
    EffectiveLabels Dictionary<string, string>
    Id string
    The provider-assigned unique ID for this managed resource.
    ImportOnly bool
    KeyAccessJustificationsPolicies List<GetKMSCryptoKeyKeyAccessJustificationsPolicy>
    KeyRing string
    Labels Dictionary<string, string>
    Name string
    Primaries List<GetKMSCryptoKeyPrimary>
    PulumiLabels Dictionary<string, string>
    Purpose string
    Defines the cryptographic capabilities of the key.
    RotationPeriod string
    Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).
    SkipInitialVersionCreation bool
    VersionTemplates List<GetKMSCryptoKeyVersionTemplate>
    CryptoKeyBackend string
    DestroyScheduledDuration string
    EffectiveLabels map[string]string
    Id string
    The provider-assigned unique ID for this managed resource.
    ImportOnly bool
    KeyAccessJustificationsPolicies []GetKMSCryptoKeyKeyAccessJustificationsPolicy
    KeyRing string
    Labels map[string]string
    Name string
    Primaries []GetKMSCryptoKeyPrimary
    PulumiLabels map[string]string
    Purpose string
    Defines the cryptographic capabilities of the key.
    RotationPeriod string
    Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).
    SkipInitialVersionCreation bool
    VersionTemplates []GetKMSCryptoKeyVersionTemplate
    cryptoKeyBackend String
    destroyScheduledDuration String
    effectiveLabels Map<String,String>
    id String
    The provider-assigned unique ID for this managed resource.
    importOnly Boolean
    keyAccessJustificationsPolicies List<GetKMSCryptoKeyKeyAccessJustificationsPolicy>
    keyRing String
    labels Map<String,String>
    name String
    primaries List<GetKMSCryptoKeyPrimary>
    pulumiLabels Map<String,String>
    purpose String
    Defines the cryptographic capabilities of the key.
    rotationPeriod String
    Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).
    skipInitialVersionCreation Boolean
    versionTemplates List<GetKMSCryptoKeyVersionTemplate>
    cryptoKeyBackend string
    destroyScheduledDuration string
    effectiveLabels {[key: string]: string}
    id string
    The provider-assigned unique ID for this managed resource.
    importOnly boolean
    keyAccessJustificationsPolicies GetKMSCryptoKeyKeyAccessJustificationsPolicy[]
    keyRing string
    labels {[key: string]: string}
    name string
    primaries GetKMSCryptoKeyPrimary[]
    pulumiLabels {[key: string]: string}
    purpose string
    Defines the cryptographic capabilities of the key.
    rotationPeriod string
    Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).
    skipInitialVersionCreation boolean
    versionTemplates GetKMSCryptoKeyVersionTemplate[]
    crypto_key_backend str
    destroy_scheduled_duration str
    effective_labels Mapping[str, str]
    id str
    The provider-assigned unique ID for this managed resource.
    import_only bool
    key_access_justifications_policies Sequence[GetKMSCryptoKeyKeyAccessJustificationsPolicy]
    key_ring str
    labels Mapping[str, str]
    name str
    primaries Sequence[GetKMSCryptoKeyPrimary]
    pulumi_labels Mapping[str, str]
    purpose str
    Defines the cryptographic capabilities of the key.
    rotation_period str
    Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).
    skip_initial_version_creation bool
    version_templates Sequence[GetKMSCryptoKeyVersionTemplate]
    cryptoKeyBackend String
    destroyScheduledDuration String
    effectiveLabels Map<String>
    id String
    The provider-assigned unique ID for this managed resource.
    importOnly Boolean
    keyAccessJustificationsPolicies List<Property Map>
    keyRing String
    labels Map<String>
    name String
    primaries List<Property Map>
    pulumiLabels Map<String>
    purpose String
    Defines the cryptographic capabilities of the key.
    rotationPeriod String
    Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).
    skipInitialVersionCreation Boolean
    versionTemplates List<Property Map>

    Supporting Types

    GetKMSCryptoKeyKeyAccessJustificationsPolicy

    AllowedAccessReasons List<string>
    The list of allowed reasons for access to this CryptoKey. Zero allowed access reasons means all encrypt, decrypt, and sign operations for this CryptoKey will fail.
    AllowedAccessReasons []string
    The list of allowed reasons for access to this CryptoKey. Zero allowed access reasons means all encrypt, decrypt, and sign operations for this CryptoKey will fail.
    allowedAccessReasons List<String>
    The list of allowed reasons for access to this CryptoKey. Zero allowed access reasons means all encrypt, decrypt, and sign operations for this CryptoKey will fail.
    allowedAccessReasons string[]
    The list of allowed reasons for access to this CryptoKey. Zero allowed access reasons means all encrypt, decrypt, and sign operations for this CryptoKey will fail.
    allowed_access_reasons Sequence[str]
    The list of allowed reasons for access to this CryptoKey. Zero allowed access reasons means all encrypt, decrypt, and sign operations for this CryptoKey will fail.
    allowedAccessReasons List<String>
    The list of allowed reasons for access to this CryptoKey. Zero allowed access reasons means all encrypt, decrypt, and sign operations for this CryptoKey will fail.

    GetKMSCryptoKeyPrimary

    Name string
    The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}
    State string
    The current state of the CryptoKeyVersion.
    Name string
    The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}
    State string
    The current state of the CryptoKeyVersion.
    name String
    The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}
    state String
    The current state of the CryptoKeyVersion.
    name string
    The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}
    state string
    The current state of the CryptoKeyVersion.
    name str
    The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}
    state str
    The current state of the CryptoKeyVersion.
    name String
    The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}
    state String
    The current state of the CryptoKeyVersion.

    GetKMSCryptoKeyVersionTemplate

    Algorithm string
    The algorithm to use when creating a version based on this template. See the algorithm reference for possible inputs.
    ProtectionLevel string
    The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".
    Algorithm string
    The algorithm to use when creating a version based on this template. See the algorithm reference for possible inputs.
    ProtectionLevel string
    The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".
    algorithm String
    The algorithm to use when creating a version based on this template. See the algorithm reference for possible inputs.
    protectionLevel String
    The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".
    algorithm string
    The algorithm to use when creating a version based on this template. See the algorithm reference for possible inputs.
    protectionLevel string
    The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".
    algorithm str
    The algorithm to use when creating a version based on this template. See the algorithm reference for possible inputs.
    protection_level str
    The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".
    algorithm String
    The algorithm to use when creating a version based on this template. See the algorithm reference for possible inputs.
    protectionLevel String
    The protection level to use when creating a version based on this template. Possible values include "SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC". Defaults to "SOFTWARE".

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi