Google Cloud Native is in preview. Google Cloud Classic is fully supported.
google-native.cloudkms/v1.CryptoKeyVersion
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Create a new CryptoKeyVersion in a CryptoKey. The server will assign the next sequential id. If unset, state will be set to ENABLED. Note - this resource’s API doesn’t support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.
Create CryptoKeyVersion Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new CryptoKeyVersion(name: string, args: CryptoKeyVersionArgs, opts?: CustomResourceOptions);
@overload
def CryptoKeyVersion(resource_name: str,
args: CryptoKeyVersionArgs,
opts: Optional[ResourceOptions] = None)
@overload
def CryptoKeyVersion(resource_name: str,
opts: Optional[ResourceOptions] = None,
key_ring_id: Optional[str] = None,
crypto_key_id: Optional[str] = None,
external_protection_level_options: Optional[ExternalProtectionLevelOptionsArgs] = None,
location: Optional[str] = None,
project: Optional[str] = None,
state: Optional[CryptoKeyVersionState] = None)
func NewCryptoKeyVersion(ctx *Context, name string, args CryptoKeyVersionArgs, opts ...ResourceOption) (*CryptoKeyVersion, error)
public CryptoKeyVersion(string name, CryptoKeyVersionArgs args, CustomResourceOptions? opts = null)
public CryptoKeyVersion(String name, CryptoKeyVersionArgs args)
public CryptoKeyVersion(String name, CryptoKeyVersionArgs args, CustomResourceOptions options)
type: google-native:cloudkms/v1:CryptoKeyVersion
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CryptoKeyVersionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CryptoKeyVersionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CryptoKeyVersionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CryptoKeyVersionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CryptoKeyVersionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var cryptoKeyVersionResource = new GoogleNative.Cloudkms.V1.CryptoKeyVersion("cryptoKeyVersionResource", new()
{
KeyRingId = "string",
CryptoKeyId = "string",
ExternalProtectionLevelOptions = new GoogleNative.Cloudkms.V1.Inputs.ExternalProtectionLevelOptionsArgs
{
EkmConnectionKeyPath = "string",
ExternalKeyUri = "string",
},
Location = "string",
Project = "string",
State = GoogleNative.Cloudkms.V1.CryptoKeyVersionState.CryptoKeyVersionStateUnspecified,
});
example, err := cloudkms.NewCryptoKeyVersion(ctx, "cryptoKeyVersionResource", &cloudkms.CryptoKeyVersionArgs{
KeyRingId: pulumi.String("string"),
CryptoKeyId: pulumi.String("string"),
ExternalProtectionLevelOptions: &cloudkms.ExternalProtectionLevelOptionsArgs{
EkmConnectionKeyPath: pulumi.String("string"),
ExternalKeyUri: pulumi.String("string"),
},
Location: pulumi.String("string"),
Project: pulumi.String("string"),
State: cloudkms.CryptoKeyVersionStateCryptoKeyVersionStateUnspecified,
})
var cryptoKeyVersionResource = new CryptoKeyVersion("cryptoKeyVersionResource", CryptoKeyVersionArgs.builder()
.keyRingId("string")
.cryptoKeyId("string")
.externalProtectionLevelOptions(ExternalProtectionLevelOptionsArgs.builder()
.ekmConnectionKeyPath("string")
.externalKeyUri("string")
.build())
.location("string")
.project("string")
.state("CRYPTO_KEY_VERSION_STATE_UNSPECIFIED")
.build());
crypto_key_version_resource = google_native.cloudkms.v1.CryptoKeyVersion("cryptoKeyVersionResource",
key_ring_id="string",
crypto_key_id="string",
external_protection_level_options={
"ekm_connection_key_path": "string",
"external_key_uri": "string",
},
location="string",
project="string",
state=google_native.cloudkms.v1.CryptoKeyVersionState.CRYPTO_KEY_VERSION_STATE_UNSPECIFIED)
const cryptoKeyVersionResource = new google_native.cloudkms.v1.CryptoKeyVersion("cryptoKeyVersionResource", {
keyRingId: "string",
cryptoKeyId: "string",
externalProtectionLevelOptions: {
ekmConnectionKeyPath: "string",
externalKeyUri: "string",
},
location: "string",
project: "string",
state: google_native.cloudkms.v1.CryptoKeyVersionState.CryptoKeyVersionStateUnspecified,
});
type: google-native:cloudkms/v1:CryptoKeyVersion
properties:
cryptoKeyId: string
externalProtectionLevelOptions:
ekmConnectionKeyPath: string
externalKeyUri: string
keyRingId: string
location: string
project: string
state: CRYPTO_KEY_VERSION_STATE_UNSPECIFIED
CryptoKeyVersion Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The CryptoKeyVersion resource accepts the following input properties:
- Key
Ring stringId - Crypto
Key stringId - External
Protection Pulumi.Level Options Google Native. Cloudkms. V1. Inputs. External Protection Level Options - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
- Location string
- Project string
- State
Pulumi.
Google Native. Cloudkms. V1. Crypto Key Version State - The current state of the CryptoKeyVersion.
- Key
Ring stringId - Crypto
Key stringId - External
Protection ExternalLevel Options Protection Level Options Args - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
- Location string
- Project string
- State
Crypto
Key Version State Enum - The current state of the CryptoKeyVersion.
- key
Ring StringId - crypto
Key StringId - external
Protection ExternalLevel Options Protection Level Options - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
- location String
- project String
- state
Crypto
Key Version State - The current state of the CryptoKeyVersion.
- key
Ring stringId - crypto
Key stringId - external
Protection ExternalLevel Options Protection Level Options - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
- location string
- project string
- state
Crypto
Key Version State - The current state of the CryptoKeyVersion.
- key_
ring_ strid - crypto_
key_ strid - external_
protection_ Externallevel_ options Protection Level Options Args - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
- location str
- project str
- state
Crypto
Key Version State - The current state of the CryptoKeyVersion.
- key
Ring StringId - crypto
Key StringId - external
Protection Property MapLevel Options - ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
- location String
- project String
- state "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED" | "PENDING_GENERATION" | "ENABLED" | "DISABLED" | "DESTROYED" | "DESTROY_SCHEDULED" | "PENDING_IMPORT" | "IMPORT_FAILED" | "GENERATION_FAILED" | "PENDING_EXTERNAL_DESTRUCTION" | "EXTERNAL_DESTRUCTION_FAILED"
- The current state of the CryptoKeyVersion.
Outputs
All input properties are implicitly available as output properties. Additionally, the CryptoKeyVersion resource produces the following output properties:
- Algorithm string
- The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- Attestation
Pulumi.
Google Native. Cloudkms. V1. Outputs. Key Operation Attestation Response - Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
- Create
Time string - The time at which this CryptoKeyVersion was created.
- Destroy
Event stringTime - The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
- Destroy
Time string - The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
- External
Destruction stringFailure Reason - The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
- Generate
Time string - The time this CryptoKeyVersion's key material was generated.
- Generation
Failure stringReason - The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
- Id string
- The provider-assigned unique ID for this managed resource.
- Import
Failure stringReason - The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
- Import
Job string - The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
- Import
Time string - The time at which this CryptoKeyVersion's key material was most recently imported.
- Name string
- The resource name for this CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*
. - Protection
Level string - The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- Reimport
Eligible bool - Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
- Algorithm string
- The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- Attestation
Key
Operation Attestation Response - Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
- Create
Time string - The time at which this CryptoKeyVersion was created.
- Destroy
Event stringTime - The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
- Destroy
Time string - The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
- External
Destruction stringFailure Reason - The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
- Generate
Time string - The time this CryptoKeyVersion's key material was generated.
- Generation
Failure stringReason - The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
- Id string
- The provider-assigned unique ID for this managed resource.
- Import
Failure stringReason - The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
- Import
Job string - The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
- Import
Time string - The time at which this CryptoKeyVersion's key material was most recently imported.
- Name string
- The resource name for this CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*
. - Protection
Level string - The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- Reimport
Eligible bool - Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
- algorithm String
- The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- attestation
Key
Operation Attestation Response - Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
- create
Time String - The time at which this CryptoKeyVersion was created.
- destroy
Event StringTime - The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
- destroy
Time String - The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
- external
Destruction StringFailure Reason - The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
- generate
Time String - The time this CryptoKeyVersion's key material was generated.
- generation
Failure StringReason - The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
- id String
- The provider-assigned unique ID for this managed resource.
- import
Failure StringReason - The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
- import
Job String - The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
- import
Time String - The time at which this CryptoKeyVersion's key material was most recently imported.
- name String
- The resource name for this CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*
. - protection
Level String - The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- reimport
Eligible Boolean - Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
- algorithm string
- The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- attestation
Key
Operation Attestation Response - Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
- create
Time string - The time at which this CryptoKeyVersion was created.
- destroy
Event stringTime - The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
- destroy
Time string - The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
- external
Destruction stringFailure Reason - The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
- generate
Time string - The time this CryptoKeyVersion's key material was generated.
- generation
Failure stringReason - The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
- id string
- The provider-assigned unique ID for this managed resource.
- import
Failure stringReason - The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
- import
Job string - The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
- import
Time string - The time at which this CryptoKeyVersion's key material was most recently imported.
- name string
- The resource name for this CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*
. - protection
Level string - The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- reimport
Eligible boolean - Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
- algorithm str
- The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- attestation
Key
Operation Attestation Response - Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
- create_
time str - The time at which this CryptoKeyVersion was created.
- destroy_
event_ strtime - The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
- destroy_
time str - The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
- external_
destruction_ strfailure_ reason - The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
- generate_
time str - The time this CryptoKeyVersion's key material was generated.
- generation_
failure_ strreason - The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
- id str
- The provider-assigned unique ID for this managed resource.
- import_
failure_ strreason - The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
- import_
job str - The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
- import_
time str - The time at which this CryptoKeyVersion's key material was most recently imported.
- name str
- The resource name for this CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*
. - protection_
level str - The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- reimport_
eligible bool - Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
- algorithm String
- The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- attestation Property Map
- Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
- create
Time String - The time at which this CryptoKeyVersion was created.
- destroy
Event StringTime - The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
- destroy
Time String - The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
- external
Destruction StringFailure Reason - The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
- generate
Time String - The time this CryptoKeyVersion's key material was generated.
- generation
Failure StringReason - The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
- id String
- The provider-assigned unique ID for this managed resource.
- import
Failure StringReason - The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
- import
Job String - The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
- import
Time String - The time at which this CryptoKeyVersion's key material was most recently imported.
- name String
- The resource name for this CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*
. - protection
Level String - The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- reimport
Eligible Boolean - Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
Supporting Types
CertificateChainsResponse, CertificateChainsResponseArgs
- Cavium
Certs List<string> - Cavium certificate chain corresponding to the attestation.
- Google
Card List<string>Certs - Google card certificate chain corresponding to the attestation.
- Google
Partition List<string>Certs - Google partition certificate chain corresponding to the attestation.
- Cavium
Certs []string - Cavium certificate chain corresponding to the attestation.
- Google
Card []stringCerts - Google card certificate chain corresponding to the attestation.
- Google
Partition []stringCerts - Google partition certificate chain corresponding to the attestation.
- cavium
Certs List<String> - Cavium certificate chain corresponding to the attestation.
- google
Card List<String>Certs - Google card certificate chain corresponding to the attestation.
- google
Partition List<String>Certs - Google partition certificate chain corresponding to the attestation.
- cavium
Certs string[] - Cavium certificate chain corresponding to the attestation.
- google
Card string[]Certs - Google card certificate chain corresponding to the attestation.
- google
Partition string[]Certs - Google partition certificate chain corresponding to the attestation.
- cavium_
certs Sequence[str] - Cavium certificate chain corresponding to the attestation.
- google_
card_ Sequence[str]certs - Google card certificate chain corresponding to the attestation.
- google_
partition_ Sequence[str]certs - Google partition certificate chain corresponding to the attestation.
- cavium
Certs List<String> - Cavium certificate chain corresponding to the attestation.
- google
Card List<String>Certs - Google card certificate chain corresponding to the attestation.
- google
Partition List<String>Certs - Google partition certificate chain corresponding to the attestation.
CryptoKeyVersionState, CryptoKeyVersionStateArgs
- Crypto
Key Version State Unspecified - CRYPTO_KEY_VERSION_STATE_UNSPECIFIEDNot specified.
- Pending
Generation - PENDING_GENERATIONThis version is still being generated. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
- Enabled
- ENABLEDThis version may be used for cryptographic operations.
- Disabled
- DISABLEDThis version may not be used, but the key material is still available, and the version can be placed back into the ENABLED state.
- Destroyed
- DESTROYEDThis version is destroyed, and the key material is no longer stored. This version may only become ENABLED again if this version is reimport_eligible and the original key material is reimported with a call to KeyManagementService.ImportCryptoKeyVersion.
- Destroy
Scheduled - DESTROY_SCHEDULEDThis version is scheduled for destruction, and will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the DISABLED state.
- Pending
Import - PENDING_IMPORTThis version is still being imported. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
- Import
Failed - IMPORT_FAILEDThis version was not imported successfully. It may not be used, enabled, disabled, or destroyed. The submitted key material has been discarded. Additional details can be found in CryptoKeyVersion.import_failure_reason.
- Generation
Failed - GENERATION_FAILEDThis version was not generated successfully. It may not be used, enabled, disabled, or destroyed. Additional details can be found in CryptoKeyVersion.generation_failure_reason.
- Pending
External Destruction - PENDING_EXTERNAL_DESTRUCTIONThis version was destroyed, and it may not be used or enabled again. Cloud KMS is waiting for the corresponding key material residing in an external key manager to be destroyed.
- External
Destruction Failed - EXTERNAL_DESTRUCTION_FAILEDThis version was destroyed, and it may not be used or enabled again. However, Cloud KMS could not confirm that the corresponding key material residing in an external key manager was destroyed. Additional details can be found in CryptoKeyVersion.external_destruction_failure_reason.
- Crypto
Key Version State Crypto Key Version State Unspecified - CRYPTO_KEY_VERSION_STATE_UNSPECIFIEDNot specified.
- Crypto
Key Version State Pending Generation - PENDING_GENERATIONThis version is still being generated. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
- Crypto
Key Version State Enabled - ENABLEDThis version may be used for cryptographic operations.
- Crypto
Key Version State Disabled - DISABLEDThis version may not be used, but the key material is still available, and the version can be placed back into the ENABLED state.
- Crypto
Key Version State Destroyed - DESTROYEDThis version is destroyed, and the key material is no longer stored. This version may only become ENABLED again if this version is reimport_eligible and the original key material is reimported with a call to KeyManagementService.ImportCryptoKeyVersion.
- Crypto
Key Version State Destroy Scheduled - DESTROY_SCHEDULEDThis version is scheduled for destruction, and will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the DISABLED state.
- Crypto
Key Version State Pending Import - PENDING_IMPORTThis version is still being imported. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
- Crypto
Key Version State Import Failed - IMPORT_FAILEDThis version was not imported successfully. It may not be used, enabled, disabled, or destroyed. The submitted key material has been discarded. Additional details can be found in CryptoKeyVersion.import_failure_reason.
- Crypto
Key Version State Generation Failed - GENERATION_FAILEDThis version was not generated successfully. It may not be used, enabled, disabled, or destroyed. Additional details can be found in CryptoKeyVersion.generation_failure_reason.
- Crypto
Key Version State Pending External Destruction - PENDING_EXTERNAL_DESTRUCTIONThis version was destroyed, and it may not be used or enabled again. Cloud KMS is waiting for the corresponding key material residing in an external key manager to be destroyed.
- Crypto
Key Version State External Destruction Failed - EXTERNAL_DESTRUCTION_FAILEDThis version was destroyed, and it may not be used or enabled again. However, Cloud KMS could not confirm that the corresponding key material residing in an external key manager was destroyed. Additional details can be found in CryptoKeyVersion.external_destruction_failure_reason.
- Crypto
Key Version State Unspecified - CRYPTO_KEY_VERSION_STATE_UNSPECIFIEDNot specified.
- Pending
Generation - PENDING_GENERATIONThis version is still being generated. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
- Enabled
- ENABLEDThis version may be used for cryptographic operations.
- Disabled
- DISABLEDThis version may not be used, but the key material is still available, and the version can be placed back into the ENABLED state.
- Destroyed
- DESTROYEDThis version is destroyed, and the key material is no longer stored. This version may only become ENABLED again if this version is reimport_eligible and the original key material is reimported with a call to KeyManagementService.ImportCryptoKeyVersion.
- Destroy
Scheduled - DESTROY_SCHEDULEDThis version is scheduled for destruction, and will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the DISABLED state.
- Pending
Import - PENDING_IMPORTThis version is still being imported. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
- Import
Failed - IMPORT_FAILEDThis version was not imported successfully. It may not be used, enabled, disabled, or destroyed. The submitted key material has been discarded. Additional details can be found in CryptoKeyVersion.import_failure_reason.
- Generation
Failed - GENERATION_FAILEDThis version was not generated successfully. It may not be used, enabled, disabled, or destroyed. Additional details can be found in CryptoKeyVersion.generation_failure_reason.
- Pending
External Destruction - PENDING_EXTERNAL_DESTRUCTIONThis version was destroyed, and it may not be used or enabled again. Cloud KMS is waiting for the corresponding key material residing in an external key manager to be destroyed.
- External
Destruction Failed - EXTERNAL_DESTRUCTION_FAILEDThis version was destroyed, and it may not be used or enabled again. However, Cloud KMS could not confirm that the corresponding key material residing in an external key manager was destroyed. Additional details can be found in CryptoKeyVersion.external_destruction_failure_reason.
- Crypto
Key Version State Unspecified - CRYPTO_KEY_VERSION_STATE_UNSPECIFIEDNot specified.
- Pending
Generation - PENDING_GENERATIONThis version is still being generated. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
- Enabled
- ENABLEDThis version may be used for cryptographic operations.
- Disabled
- DISABLEDThis version may not be used, but the key material is still available, and the version can be placed back into the ENABLED state.
- Destroyed
- DESTROYEDThis version is destroyed, and the key material is no longer stored. This version may only become ENABLED again if this version is reimport_eligible and the original key material is reimported with a call to KeyManagementService.ImportCryptoKeyVersion.
- Destroy
Scheduled - DESTROY_SCHEDULEDThis version is scheduled for destruction, and will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the DISABLED state.
- Pending
Import - PENDING_IMPORTThis version is still being imported. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
- Import
Failed - IMPORT_FAILEDThis version was not imported successfully. It may not be used, enabled, disabled, or destroyed. The submitted key material has been discarded. Additional details can be found in CryptoKeyVersion.import_failure_reason.
- Generation
Failed - GENERATION_FAILEDThis version was not generated successfully. It may not be used, enabled, disabled, or destroyed. Additional details can be found in CryptoKeyVersion.generation_failure_reason.
- Pending
External Destruction - PENDING_EXTERNAL_DESTRUCTIONThis version was destroyed, and it may not be used or enabled again. Cloud KMS is waiting for the corresponding key material residing in an external key manager to be destroyed.
- External
Destruction Failed - EXTERNAL_DESTRUCTION_FAILEDThis version was destroyed, and it may not be used or enabled again. However, Cloud KMS could not confirm that the corresponding key material residing in an external key manager was destroyed. Additional details can be found in CryptoKeyVersion.external_destruction_failure_reason.
- CRYPTO_KEY_VERSION_STATE_UNSPECIFIED
- CRYPTO_KEY_VERSION_STATE_UNSPECIFIEDNot specified.
- PENDING_GENERATION
- PENDING_GENERATIONThis version is still being generated. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
- ENABLED
- ENABLEDThis version may be used for cryptographic operations.
- DISABLED
- DISABLEDThis version may not be used, but the key material is still available, and the version can be placed back into the ENABLED state.
- DESTROYED
- DESTROYEDThis version is destroyed, and the key material is no longer stored. This version may only become ENABLED again if this version is reimport_eligible and the original key material is reimported with a call to KeyManagementService.ImportCryptoKeyVersion.
- DESTROY_SCHEDULED
- DESTROY_SCHEDULEDThis version is scheduled for destruction, and will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the DISABLED state.
- PENDING_IMPORT
- PENDING_IMPORTThis version is still being imported. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
- IMPORT_FAILED
- IMPORT_FAILEDThis version was not imported successfully. It may not be used, enabled, disabled, or destroyed. The submitted key material has been discarded. Additional details can be found in CryptoKeyVersion.import_failure_reason.
- GENERATION_FAILED
- GENERATION_FAILEDThis version was not generated successfully. It may not be used, enabled, disabled, or destroyed. Additional details can be found in CryptoKeyVersion.generation_failure_reason.
- PENDING_EXTERNAL_DESTRUCTION
- PENDING_EXTERNAL_DESTRUCTIONThis version was destroyed, and it may not be used or enabled again. Cloud KMS is waiting for the corresponding key material residing in an external key manager to be destroyed.
- EXTERNAL_DESTRUCTION_FAILED
- EXTERNAL_DESTRUCTION_FAILEDThis version was destroyed, and it may not be used or enabled again. However, Cloud KMS could not confirm that the corresponding key material residing in an external key manager was destroyed. Additional details can be found in CryptoKeyVersion.external_destruction_failure_reason.
- "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED"
- CRYPTO_KEY_VERSION_STATE_UNSPECIFIEDNot specified.
- "PENDING_GENERATION"
- PENDING_GENERATIONThis version is still being generated. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
- "ENABLED"
- ENABLEDThis version may be used for cryptographic operations.
- "DISABLED"
- DISABLEDThis version may not be used, but the key material is still available, and the version can be placed back into the ENABLED state.
- "DESTROYED"
- DESTROYEDThis version is destroyed, and the key material is no longer stored. This version may only become ENABLED again if this version is reimport_eligible and the original key material is reimported with a call to KeyManagementService.ImportCryptoKeyVersion.
- "DESTROY_SCHEDULED"
- DESTROY_SCHEDULEDThis version is scheduled for destruction, and will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the DISABLED state.
- "PENDING_IMPORT"
- PENDING_IMPORTThis version is still being imported. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
- "IMPORT_FAILED"
- IMPORT_FAILEDThis version was not imported successfully. It may not be used, enabled, disabled, or destroyed. The submitted key material has been discarded. Additional details can be found in CryptoKeyVersion.import_failure_reason.
- "GENERATION_FAILED"
- GENERATION_FAILEDThis version was not generated successfully. It may not be used, enabled, disabled, or destroyed. Additional details can be found in CryptoKeyVersion.generation_failure_reason.
- "PENDING_EXTERNAL_DESTRUCTION"
- PENDING_EXTERNAL_DESTRUCTIONThis version was destroyed, and it may not be used or enabled again. Cloud KMS is waiting for the corresponding key material residing in an external key manager to be destroyed.
- "EXTERNAL_DESTRUCTION_FAILED"
- EXTERNAL_DESTRUCTION_FAILEDThis version was destroyed, and it may not be used or enabled again. However, Cloud KMS could not confirm that the corresponding key material residing in an external key manager was destroyed. Additional details can be found in CryptoKeyVersion.external_destruction_failure_reason.
ExternalProtectionLevelOptions, ExternalProtectionLevelOptionsArgs
- Ekm
Connection stringKey Path - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- External
Key stringUri - The URI for an external resource that this CryptoKeyVersion represents.
- Ekm
Connection stringKey Path - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- External
Key stringUri - The URI for an external resource that this CryptoKeyVersion represents.
- ekm
Connection StringKey Path - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- external
Key StringUri - The URI for an external resource that this CryptoKeyVersion represents.
- ekm
Connection stringKey Path - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- external
Key stringUri - The URI for an external resource that this CryptoKeyVersion represents.
- ekm_
connection_ strkey_ path - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- external_
key_ struri - The URI for an external resource that this CryptoKeyVersion represents.
- ekm
Connection StringKey Path - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- external
Key StringUri - The URI for an external resource that this CryptoKeyVersion represents.
ExternalProtectionLevelOptionsResponse, ExternalProtectionLevelOptionsResponseArgs
- Ekm
Connection stringKey Path - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- External
Key stringUri - The URI for an external resource that this CryptoKeyVersion represents.
- Ekm
Connection stringKey Path - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- External
Key stringUri - The URI for an external resource that this CryptoKeyVersion represents.
- ekm
Connection StringKey Path - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- external
Key StringUri - The URI for an external resource that this CryptoKeyVersion represents.
- ekm
Connection stringKey Path - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- external
Key stringUri - The URI for an external resource that this CryptoKeyVersion represents.
- ekm_
connection_ strkey_ path - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- external_
key_ struri - The URI for an external resource that this CryptoKeyVersion represents.
- ekm
Connection StringKey Path - The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- external
Key StringUri - The URI for an external resource that this CryptoKeyVersion represents.
KeyOperationAttestationResponse, KeyOperationAttestationResponseArgs
- Cert
Chains Pulumi.Google Native. Cloudkms. V1. Inputs. Certificate Chains Response - The certificate chains needed to validate the attestation
- Content string
- The attestation data provided by the HSM when the key operation was performed.
- Format string
- The format of the attestation data.
- Cert
Chains CertificateChains Response - The certificate chains needed to validate the attestation
- Content string
- The attestation data provided by the HSM when the key operation was performed.
- Format string
- The format of the attestation data.
- cert
Chains CertificateChains Response - The certificate chains needed to validate the attestation
- content String
- The attestation data provided by the HSM when the key operation was performed.
- format String
- The format of the attestation data.
- cert
Chains CertificateChains Response - The certificate chains needed to validate the attestation
- content string
- The attestation data provided by the HSM when the key operation was performed.
- format string
- The format of the attestation data.
- cert_
chains CertificateChains Response - The certificate chains needed to validate the attestation
- content str
- The attestation data provided by the HSM when the key operation was performed.
- format str
- The format of the attestation data.
- cert
Chains Property Map - The certificate chains needed to validate the attestation
- content String
- The attestation data provided by the HSM when the key operation was performed.
- format String
- The format of the attestation data.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.