1. Packages
  2. Oracle Cloud Infrastructure
  3. API Docs
  4. Kms
  5. Key
Oracle Cloud Infrastructure v2.17.0 published on Friday, Nov 15, 2024 by Pulumi

oci.Kms.Key

Explore with Pulumi AI

oci logo
Oracle Cloud Infrastructure v2.17.0 published on Friday, Nov 15, 2024 by Pulumi

    This resource provides the Key resource in Oracle Cloud Infrastructure Kms service.

    Creates a new master encryption key.

    As a management operation, this call is subject to a Key Management limit that applies to the total number of requests across all management write operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of management write operations exceeds 10 requests per second for a given tenancy.

    Create Key Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Key(name: string, args: KeyArgs, opts?: CustomResourceOptions);
    @overload
    def Key(resource_name: str,
            args: KeyArgs,
            opts: Optional[ResourceOptions] = None)
    
    @overload
    def Key(resource_name: str,
            opts: Optional[ResourceOptions] = None,
            display_name: Optional[str] = None,
            compartment_id: Optional[str] = None,
            management_endpoint: Optional[str] = None,
            key_shape: Optional[_kms.KeyKeyShapeArgs] = None,
            desired_state: Optional[str] = None,
            external_key_reference: Optional[_kms.KeyExternalKeyReferenceArgs] = None,
            freeform_tags: Optional[Mapping[str, str]] = None,
            is_auto_rotation_enabled: Optional[bool] = None,
            auto_key_rotation_details: Optional[_kms.KeyAutoKeyRotationDetailsArgs] = None,
            defined_tags: Optional[Mapping[str, str]] = None,
            protection_mode: Optional[str] = None,
            restore_from_file: Optional[_kms.KeyRestoreFromFileArgs] = None,
            restore_from_object_store: Optional[_kms.KeyRestoreFromObjectStoreArgs] = None,
            restore_trigger: Optional[bool] = None,
            time_of_deletion: Optional[str] = None)
    func NewKey(ctx *Context, name string, args KeyArgs, opts ...ResourceOption) (*Key, error)
    public Key(string name, KeyArgs args, CustomResourceOptions? opts = null)
    public Key(String name, KeyArgs args)
    public Key(String name, KeyArgs args, CustomResourceOptions options)
    
    type: oci:Kms:Key
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args KeyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args KeyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args KeyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args KeyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args KeyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var keyResource = new Oci.Kms.Key("keyResource", new()
    {
        DisplayName = "string",
        CompartmentId = "string",
        ManagementEndpoint = "string",
        KeyShape = new Oci.Kms.Inputs.KeyKeyShapeArgs
        {
            Algorithm = "string",
            Length = 0,
            CurveId = "string",
        },
        DesiredState = "string",
        ExternalKeyReference = new Oci.Kms.Inputs.KeyExternalKeyReferenceArgs
        {
            ExternalKeyId = "string",
        },
        FreeformTags = 
        {
            { "string", "string" },
        },
        IsAutoRotationEnabled = false,
        AutoKeyRotationDetails = new Oci.Kms.Inputs.KeyAutoKeyRotationDetailsArgs
        {
            LastRotationMessage = "string",
            LastRotationStatus = "string",
            RotationIntervalInDays = 0,
            TimeOfLastRotation = "string",
            TimeOfNextRotation = "string",
            TimeOfScheduleStart = "string",
        },
        DefinedTags = 
        {
            { "string", "string" },
        },
        ProtectionMode = "string",
        RestoreFromFile = new Oci.Kms.Inputs.KeyRestoreFromFileArgs
        {
            ContentLength = "string",
            RestoreKeyFromFileDetails = "string",
            ContentMd5 = "string",
        },
        RestoreFromObjectStore = new Oci.Kms.Inputs.KeyRestoreFromObjectStoreArgs
        {
            Destination = "string",
            Bucket = "string",
            Namespace = "string",
            Object = "string",
            Uri = "string",
        },
        RestoreTrigger = false,
        TimeOfDeletion = "string",
    });
    
    example, err := Kms.NewKey(ctx, "keyResource", &Kms.KeyArgs{
    	DisplayName:        pulumi.String("string"),
    	CompartmentId:      pulumi.String("string"),
    	ManagementEndpoint: pulumi.String("string"),
    	KeyShape: &kms.KeyKeyShapeArgs{
    		Algorithm: pulumi.String("string"),
    		Length:    pulumi.Int(0),
    		CurveId:   pulumi.String("string"),
    	},
    	DesiredState: pulumi.String("string"),
    	ExternalKeyReference: &kms.KeyExternalKeyReferenceArgs{
    		ExternalKeyId: pulumi.String("string"),
    	},
    	FreeformTags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	IsAutoRotationEnabled: pulumi.Bool(false),
    	AutoKeyRotationDetails: &kms.KeyAutoKeyRotationDetailsArgs{
    		LastRotationMessage:    pulumi.String("string"),
    		LastRotationStatus:     pulumi.String("string"),
    		RotationIntervalInDays: pulumi.Int(0),
    		TimeOfLastRotation:     pulumi.String("string"),
    		TimeOfNextRotation:     pulumi.String("string"),
    		TimeOfScheduleStart:    pulumi.String("string"),
    	},
    	DefinedTags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	ProtectionMode: pulumi.String("string"),
    	RestoreFromFile: &kms.KeyRestoreFromFileArgs{
    		ContentLength:             pulumi.String("string"),
    		RestoreKeyFromFileDetails: pulumi.String("string"),
    		ContentMd5:                pulumi.String("string"),
    	},
    	RestoreFromObjectStore: &kms.KeyRestoreFromObjectStoreArgs{
    		Destination: pulumi.String("string"),
    		Bucket:      pulumi.String("string"),
    		Namespace:   pulumi.String("string"),
    		Object:      pulumi.String("string"),
    		Uri:         pulumi.String("string"),
    	},
    	RestoreTrigger: pulumi.Bool(false),
    	TimeOfDeletion: pulumi.String("string"),
    })
    
    var keyResource = new Key("keyResource", KeyArgs.builder()
        .displayName("string")
        .compartmentId("string")
        .managementEndpoint("string")
        .keyShape(KeyKeyShapeArgs.builder()
            .algorithm("string")
            .length(0)
            .curveId("string")
            .build())
        .desiredState("string")
        .externalKeyReference(KeyExternalKeyReferenceArgs.builder()
            .externalKeyId("string")
            .build())
        .freeformTags(Map.of("string", "string"))
        .isAutoRotationEnabled(false)
        .autoKeyRotationDetails(KeyAutoKeyRotationDetailsArgs.builder()
            .lastRotationMessage("string")
            .lastRotationStatus("string")
            .rotationIntervalInDays(0)
            .timeOfLastRotation("string")
            .timeOfNextRotation("string")
            .timeOfScheduleStart("string")
            .build())
        .definedTags(Map.of("string", "string"))
        .protectionMode("string")
        .restoreFromFile(KeyRestoreFromFileArgs.builder()
            .contentLength("string")
            .restoreKeyFromFileDetails("string")
            .contentMd5("string")
            .build())
        .restoreFromObjectStore(KeyRestoreFromObjectStoreArgs.builder()
            .destination("string")
            .bucket("string")
            .namespace("string")
            .object("string")
            .uri("string")
            .build())
        .restoreTrigger(false)
        .timeOfDeletion("string")
        .build());
    
    key_resource = oci.kms.Key("keyResource",
        display_name="string",
        compartment_id="string",
        management_endpoint="string",
        key_shape={
            "algorithm": "string",
            "length": 0,
            "curve_id": "string",
        },
        desired_state="string",
        external_key_reference={
            "external_key_id": "string",
        },
        freeform_tags={
            "string": "string",
        },
        is_auto_rotation_enabled=False,
        auto_key_rotation_details={
            "last_rotation_message": "string",
            "last_rotation_status": "string",
            "rotation_interval_in_days": 0,
            "time_of_last_rotation": "string",
            "time_of_next_rotation": "string",
            "time_of_schedule_start": "string",
        },
        defined_tags={
            "string": "string",
        },
        protection_mode="string",
        restore_from_file={
            "content_length": "string",
            "restore_key_from_file_details": "string",
            "content_md5": "string",
        },
        restore_from_object_store={
            "destination": "string",
            "bucket": "string",
            "namespace": "string",
            "object": "string",
            "uri": "string",
        },
        restore_trigger=False,
        time_of_deletion="string")
    
    const keyResource = new oci.kms.Key("keyResource", {
        displayName: "string",
        compartmentId: "string",
        managementEndpoint: "string",
        keyShape: {
            algorithm: "string",
            length: 0,
            curveId: "string",
        },
        desiredState: "string",
        externalKeyReference: {
            externalKeyId: "string",
        },
        freeformTags: {
            string: "string",
        },
        isAutoRotationEnabled: false,
        autoKeyRotationDetails: {
            lastRotationMessage: "string",
            lastRotationStatus: "string",
            rotationIntervalInDays: 0,
            timeOfLastRotation: "string",
            timeOfNextRotation: "string",
            timeOfScheduleStart: "string",
        },
        definedTags: {
            string: "string",
        },
        protectionMode: "string",
        restoreFromFile: {
            contentLength: "string",
            restoreKeyFromFileDetails: "string",
            contentMd5: "string",
        },
        restoreFromObjectStore: {
            destination: "string",
            bucket: "string",
            namespace: "string",
            object: "string",
            uri: "string",
        },
        restoreTrigger: false,
        timeOfDeletion: "string",
    });
    
    type: oci:Kms:Key
    properties:
        autoKeyRotationDetails:
            lastRotationMessage: string
            lastRotationStatus: string
            rotationIntervalInDays: 0
            timeOfLastRotation: string
            timeOfNextRotation: string
            timeOfScheduleStart: string
        compartmentId: string
        definedTags:
            string: string
        desiredState: string
        displayName: string
        externalKeyReference:
            externalKeyId: string
        freeformTags:
            string: string
        isAutoRotationEnabled: false
        keyShape:
            algorithm: string
            curveId: string
            length: 0
        managementEndpoint: string
        protectionMode: string
        restoreFromFile:
            contentLength: string
            contentMd5: string
            restoreKeyFromFileDetails: string
        restoreFromObjectStore:
            bucket: string
            destination: string
            namespace: string
            object: string
            uri: string
        restoreTrigger: false
        timeOfDeletion: string
    

    Key Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Key resource accepts the following input properties:

    CompartmentId string
    (Updatable) The OCID of the compartment where you want to create the master encryption key.
    DisplayName string
    (Updatable) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
    KeyShape KeyKeyShape
    The cryptographic properties of a key.
    ManagementEndpoint string
    The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
    AutoKeyRotationDetails KeyAutoKeyRotationDetails
    (Updatable) The details of auto rotation schedule for the Key being create updated or imported.
    DefinedTags Dictionary<string, string>
    (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    DesiredState string
    (Updatable) Desired state of the key. Possible values : ENABLED or DISABLED
    ExternalKeyReference KeyExternalKeyReference
    A reference to the key on external key manager.
    FreeformTags Dictionary<string, string>
    (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    IsAutoRotationEnabled bool
    (Updatable) A parameter specifying whether the auto key rotation is enabled or not.
    ProtectionMode string
    The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. By default, a key's protection mode is set to HSM. You can't change a key's protection mode after the key is created or imported. A protection mode of EXTERNAL mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of EXTERNAL are performed by external key manager.
    RestoreFromFile KeyRestoreFromFile
    (Updatable) Details where key was backed up.
    RestoreFromObjectStore KeyRestoreFromObjectStore
    (Updatable) Details where key was backed up
    RestoreTrigger bool
    (Updatable) An optional property when flipped triggers restore from restore option provided in config file.
    TimeOfDeletion string

    (Updatable) An optional property for the deletion time of the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    CompartmentId string
    (Updatable) The OCID of the compartment where you want to create the master encryption key.
    DisplayName string
    (Updatable) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
    KeyShape KeyKeyShapeArgs
    The cryptographic properties of a key.
    ManagementEndpoint string
    The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
    AutoKeyRotationDetails KeyAutoKeyRotationDetailsArgs
    (Updatable) The details of auto rotation schedule for the Key being create updated or imported.
    DefinedTags map[string]string
    (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    DesiredState string
    (Updatable) Desired state of the key. Possible values : ENABLED or DISABLED
    ExternalKeyReference KeyExternalKeyReferenceArgs
    A reference to the key on external key manager.
    FreeformTags map[string]string
    (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    IsAutoRotationEnabled bool
    (Updatable) A parameter specifying whether the auto key rotation is enabled or not.
    ProtectionMode string
    The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. By default, a key's protection mode is set to HSM. You can't change a key's protection mode after the key is created or imported. A protection mode of EXTERNAL mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of EXTERNAL are performed by external key manager.
    RestoreFromFile KeyRestoreFromFileArgs
    (Updatable) Details where key was backed up.
    RestoreFromObjectStore KeyRestoreFromObjectStoreArgs
    (Updatable) Details where key was backed up
    RestoreTrigger bool
    (Updatable) An optional property when flipped triggers restore from restore option provided in config file.
    TimeOfDeletion string

    (Updatable) An optional property for the deletion time of the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    compartmentId String
    (Updatable) The OCID of the compartment where you want to create the master encryption key.
    displayName String
    (Updatable) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
    keyShape KeyKeyShape
    The cryptographic properties of a key.
    managementEndpoint String
    The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
    autoKeyRotationDetails KeyAutoKeyRotationDetails
    (Updatable) The details of auto rotation schedule for the Key being create updated or imported.
    definedTags Map<String,String>
    (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    desiredState String
    (Updatable) Desired state of the key. Possible values : ENABLED or DISABLED
    externalKeyReference KeyExternalKeyReference
    A reference to the key on external key manager.
    freeformTags Map<String,String>
    (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    isAutoRotationEnabled Boolean
    (Updatable) A parameter specifying whether the auto key rotation is enabled or not.
    protectionMode String
    The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. By default, a key's protection mode is set to HSM. You can't change a key's protection mode after the key is created or imported. A protection mode of EXTERNAL mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of EXTERNAL are performed by external key manager.
    restoreFromFile KeyRestoreFromFile
    (Updatable) Details where key was backed up.
    restoreFromObjectStore KeyRestoreFromObjectStore
    (Updatable) Details where key was backed up
    restoreTrigger Boolean
    (Updatable) An optional property when flipped triggers restore from restore option provided in config file.
    timeOfDeletion String

    (Updatable) An optional property for the deletion time of the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    compartmentId string
    (Updatable) The OCID of the compartment where you want to create the master encryption key.
    displayName string
    (Updatable) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
    keyShape KeyKeyShape
    The cryptographic properties of a key.
    managementEndpoint string
    The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
    autoKeyRotationDetails KeyAutoKeyRotationDetails
    (Updatable) The details of auto rotation schedule for the Key being create updated or imported.
    definedTags {[key: string]: string}
    (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    desiredState string
    (Updatable) Desired state of the key. Possible values : ENABLED or DISABLED
    externalKeyReference KeyExternalKeyReference
    A reference to the key on external key manager.
    freeformTags {[key: string]: string}
    (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    isAutoRotationEnabled boolean
    (Updatable) A parameter specifying whether the auto key rotation is enabled or not.
    protectionMode string
    The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. By default, a key's protection mode is set to HSM. You can't change a key's protection mode after the key is created or imported. A protection mode of EXTERNAL mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of EXTERNAL are performed by external key manager.
    restoreFromFile KeyRestoreFromFile
    (Updatable) Details where key was backed up.
    restoreFromObjectStore KeyRestoreFromObjectStore
    (Updatable) Details where key was backed up
    restoreTrigger boolean
    (Updatable) An optional property when flipped triggers restore from restore option provided in config file.
    timeOfDeletion string

    (Updatable) An optional property for the deletion time of the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    compartment_id str
    (Updatable) The OCID of the compartment where you want to create the master encryption key.
    display_name str
    (Updatable) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
    key_shape kms.KeyKeyShapeArgs
    The cryptographic properties of a key.
    management_endpoint str
    The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
    auto_key_rotation_details kms.KeyAutoKeyRotationDetailsArgs
    (Updatable) The details of auto rotation schedule for the Key being create updated or imported.
    defined_tags Mapping[str, str]
    (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    desired_state str
    (Updatable) Desired state of the key. Possible values : ENABLED or DISABLED
    external_key_reference kms.KeyExternalKeyReferenceArgs
    A reference to the key on external key manager.
    freeform_tags Mapping[str, str]
    (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    is_auto_rotation_enabled bool
    (Updatable) A parameter specifying whether the auto key rotation is enabled or not.
    protection_mode str
    The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. By default, a key's protection mode is set to HSM. You can't change a key's protection mode after the key is created or imported. A protection mode of EXTERNAL mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of EXTERNAL are performed by external key manager.
    restore_from_file kms.KeyRestoreFromFileArgs
    (Updatable) Details where key was backed up.
    restore_from_object_store kms.KeyRestoreFromObjectStoreArgs
    (Updatable) Details where key was backed up
    restore_trigger bool
    (Updatable) An optional property when flipped triggers restore from restore option provided in config file.
    time_of_deletion str

    (Updatable) An optional property for the deletion time of the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    compartmentId String
    (Updatable) The OCID of the compartment where you want to create the master encryption key.
    displayName String
    (Updatable) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
    keyShape Property Map
    The cryptographic properties of a key.
    managementEndpoint String
    The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
    autoKeyRotationDetails Property Map
    (Updatable) The details of auto rotation schedule for the Key being create updated or imported.
    definedTags Map<String>
    (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    desiredState String
    (Updatable) Desired state of the key. Possible values : ENABLED or DISABLED
    externalKeyReference Property Map
    A reference to the key on external key manager.
    freeformTags Map<String>
    (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    isAutoRotationEnabled Boolean
    (Updatable) A parameter specifying whether the auto key rotation is enabled or not.
    protectionMode String
    The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. By default, a key's protection mode is set to HSM. You can't change a key's protection mode after the key is created or imported. A protection mode of EXTERNAL mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of EXTERNAL are performed by external key manager.
    restoreFromFile Property Map
    (Updatable) Details where key was backed up.
    restoreFromObjectStore Property Map
    (Updatable) Details where key was backed up
    restoreTrigger Boolean
    (Updatable) An optional property when flipped triggers restore from restore option provided in config file.
    timeOfDeletion String

    (Updatable) An optional property for the deletion time of the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Key resource produces the following output properties:

    CurrentKeyVersion string
    The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.
    ExternalKeyReferenceDetails List<KeyExternalKeyReferenceDetail>
    Key reference data to be returned to the customer as a response.
    Id string
    The provider-assigned unique ID for this managed resource.
    IsPrimary bool
    A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
    ReplicaDetails List<KeyReplicaDetail>
    Key replica details
    RestoredFromKeyId string
    The OCID of the key from which this key was restored.
    State string
    The key's current lifecycle state. Example: ENABLED
    TimeCreated string
    The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z
    VaultId string
    The OCID of the vault that contains this key.
    CurrentKeyVersion string
    The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.
    ExternalKeyReferenceDetails []KeyExternalKeyReferenceDetail
    Key reference data to be returned to the customer as a response.
    Id string
    The provider-assigned unique ID for this managed resource.
    IsPrimary bool
    A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
    ReplicaDetails []KeyReplicaDetail
    Key replica details
    RestoredFromKeyId string
    The OCID of the key from which this key was restored.
    State string
    The key's current lifecycle state. Example: ENABLED
    TimeCreated string
    The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z
    VaultId string
    The OCID of the vault that contains this key.
    currentKeyVersion String
    The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.
    externalKeyReferenceDetails List<KeyExternalKeyReferenceDetail>
    Key reference data to be returned to the customer as a response.
    id String
    The provider-assigned unique ID for this managed resource.
    isPrimary Boolean
    A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
    replicaDetails List<KeyReplicaDetail>
    Key replica details
    restoredFromKeyId String
    The OCID of the key from which this key was restored.
    state String
    The key's current lifecycle state. Example: ENABLED
    timeCreated String
    The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z
    vaultId String
    The OCID of the vault that contains this key.
    currentKeyVersion string
    The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.
    externalKeyReferenceDetails KeyExternalKeyReferenceDetail[]
    Key reference data to be returned to the customer as a response.
    id string
    The provider-assigned unique ID for this managed resource.
    isPrimary boolean
    A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
    replicaDetails KeyReplicaDetail[]
    Key replica details
    restoredFromKeyId string
    The OCID of the key from which this key was restored.
    state string
    The key's current lifecycle state. Example: ENABLED
    timeCreated string
    The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z
    vaultId string
    The OCID of the vault that contains this key.
    current_key_version str
    The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.
    external_key_reference_details Sequence[kms.KeyExternalKeyReferenceDetail]
    Key reference data to be returned to the customer as a response.
    id str
    The provider-assigned unique ID for this managed resource.
    is_primary bool
    A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
    replica_details Sequence[kms.KeyReplicaDetail]
    Key replica details
    restored_from_key_id str
    The OCID of the key from which this key was restored.
    state str
    The key's current lifecycle state. Example: ENABLED
    time_created str
    The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z
    vault_id str
    The OCID of the vault that contains this key.
    currentKeyVersion String
    The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.
    externalKeyReferenceDetails List<Property Map>
    Key reference data to be returned to the customer as a response.
    id String
    The provider-assigned unique ID for this managed resource.
    isPrimary Boolean
    A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
    replicaDetails List<Property Map>
    Key replica details
    restoredFromKeyId String
    The OCID of the key from which this key was restored.
    state String
    The key's current lifecycle state. Example: ENABLED
    timeCreated String
    The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z
    vaultId String
    The OCID of the vault that contains this key.

    Look up Existing Key Resource

    Get an existing Key resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: KeyState, opts?: CustomResourceOptions): Key
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            auto_key_rotation_details: Optional[_kms.KeyAutoKeyRotationDetailsArgs] = None,
            compartment_id: Optional[str] = None,
            current_key_version: Optional[str] = None,
            defined_tags: Optional[Mapping[str, str]] = None,
            desired_state: Optional[str] = None,
            display_name: Optional[str] = None,
            external_key_reference: Optional[_kms.KeyExternalKeyReferenceArgs] = None,
            external_key_reference_details: Optional[Sequence[_kms.KeyExternalKeyReferenceDetailArgs]] = None,
            freeform_tags: Optional[Mapping[str, str]] = None,
            is_auto_rotation_enabled: Optional[bool] = None,
            is_primary: Optional[bool] = None,
            key_shape: Optional[_kms.KeyKeyShapeArgs] = None,
            management_endpoint: Optional[str] = None,
            protection_mode: Optional[str] = None,
            replica_details: Optional[Sequence[_kms.KeyReplicaDetailArgs]] = None,
            restore_from_file: Optional[_kms.KeyRestoreFromFileArgs] = None,
            restore_from_object_store: Optional[_kms.KeyRestoreFromObjectStoreArgs] = None,
            restore_trigger: Optional[bool] = None,
            restored_from_key_id: Optional[str] = None,
            state: Optional[str] = None,
            time_created: Optional[str] = None,
            time_of_deletion: Optional[str] = None,
            vault_id: Optional[str] = None) -> Key
    func GetKey(ctx *Context, name string, id IDInput, state *KeyState, opts ...ResourceOption) (*Key, error)
    public static Key Get(string name, Input<string> id, KeyState? state, CustomResourceOptions? opts = null)
    public static Key get(String name, Output<String> id, KeyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AutoKeyRotationDetails KeyAutoKeyRotationDetails
    (Updatable) The details of auto rotation schedule for the Key being create updated or imported.
    CompartmentId string
    (Updatable) The OCID of the compartment where you want to create the master encryption key.
    CurrentKeyVersion string
    The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.
    DefinedTags Dictionary<string, string>
    (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    DesiredState string
    (Updatable) Desired state of the key. Possible values : ENABLED or DISABLED
    DisplayName string
    (Updatable) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
    ExternalKeyReference KeyExternalKeyReference
    A reference to the key on external key manager.
    ExternalKeyReferenceDetails List<KeyExternalKeyReferenceDetail>
    Key reference data to be returned to the customer as a response.
    FreeformTags Dictionary<string, string>
    (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    IsAutoRotationEnabled bool
    (Updatable) A parameter specifying whether the auto key rotation is enabled or not.
    IsPrimary bool
    A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
    KeyShape KeyKeyShape
    The cryptographic properties of a key.
    ManagementEndpoint string
    The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
    ProtectionMode string
    The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. By default, a key's protection mode is set to HSM. You can't change a key's protection mode after the key is created or imported. A protection mode of EXTERNAL mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of EXTERNAL are performed by external key manager.
    ReplicaDetails List<KeyReplicaDetail>
    Key replica details
    RestoreFromFile KeyRestoreFromFile
    (Updatable) Details where key was backed up.
    RestoreFromObjectStore KeyRestoreFromObjectStore
    (Updatable) Details where key was backed up
    RestoreTrigger bool
    (Updatable) An optional property when flipped triggers restore from restore option provided in config file.
    RestoredFromKeyId string
    The OCID of the key from which this key was restored.
    State string
    The key's current lifecycle state. Example: ENABLED
    TimeCreated string
    The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z
    TimeOfDeletion string

    (Updatable) An optional property for the deletion time of the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    VaultId string
    The OCID of the vault that contains this key.
    AutoKeyRotationDetails KeyAutoKeyRotationDetailsArgs
    (Updatable) The details of auto rotation schedule for the Key being create updated or imported.
    CompartmentId string
    (Updatable) The OCID of the compartment where you want to create the master encryption key.
    CurrentKeyVersion string
    The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.
    DefinedTags map[string]string
    (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    DesiredState string
    (Updatable) Desired state of the key. Possible values : ENABLED or DISABLED
    DisplayName string
    (Updatable) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
    ExternalKeyReference KeyExternalKeyReferenceArgs
    A reference to the key on external key manager.
    ExternalKeyReferenceDetails []KeyExternalKeyReferenceDetailArgs
    Key reference data to be returned to the customer as a response.
    FreeformTags map[string]string
    (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    IsAutoRotationEnabled bool
    (Updatable) A parameter specifying whether the auto key rotation is enabled or not.
    IsPrimary bool
    A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
    KeyShape KeyKeyShapeArgs
    The cryptographic properties of a key.
    ManagementEndpoint string
    The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
    ProtectionMode string
    The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. By default, a key's protection mode is set to HSM. You can't change a key's protection mode after the key is created or imported. A protection mode of EXTERNAL mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of EXTERNAL are performed by external key manager.
    ReplicaDetails []KeyReplicaDetailArgs
    Key replica details
    RestoreFromFile KeyRestoreFromFileArgs
    (Updatable) Details where key was backed up.
    RestoreFromObjectStore KeyRestoreFromObjectStoreArgs
    (Updatable) Details where key was backed up
    RestoreTrigger bool
    (Updatable) An optional property when flipped triggers restore from restore option provided in config file.
    RestoredFromKeyId string
    The OCID of the key from which this key was restored.
    State string
    The key's current lifecycle state. Example: ENABLED
    TimeCreated string
    The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z
    TimeOfDeletion string

    (Updatable) An optional property for the deletion time of the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    VaultId string
    The OCID of the vault that contains this key.
    autoKeyRotationDetails KeyAutoKeyRotationDetails
    (Updatable) The details of auto rotation schedule for the Key being create updated or imported.
    compartmentId String
    (Updatable) The OCID of the compartment where you want to create the master encryption key.
    currentKeyVersion String
    The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.
    definedTags Map<String,String>
    (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    desiredState String
    (Updatable) Desired state of the key. Possible values : ENABLED or DISABLED
    displayName String
    (Updatable) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
    externalKeyReference KeyExternalKeyReference
    A reference to the key on external key manager.
    externalKeyReferenceDetails List<KeyExternalKeyReferenceDetail>
    Key reference data to be returned to the customer as a response.
    freeformTags Map<String,String>
    (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    isAutoRotationEnabled Boolean
    (Updatable) A parameter specifying whether the auto key rotation is enabled or not.
    isPrimary Boolean
    A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
    keyShape KeyKeyShape
    The cryptographic properties of a key.
    managementEndpoint String
    The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
    protectionMode String
    The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. By default, a key's protection mode is set to HSM. You can't change a key's protection mode after the key is created or imported. A protection mode of EXTERNAL mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of EXTERNAL are performed by external key manager.
    replicaDetails List<KeyReplicaDetail>
    Key replica details
    restoreFromFile KeyRestoreFromFile
    (Updatable) Details where key was backed up.
    restoreFromObjectStore KeyRestoreFromObjectStore
    (Updatable) Details where key was backed up
    restoreTrigger Boolean
    (Updatable) An optional property when flipped triggers restore from restore option provided in config file.
    restoredFromKeyId String
    The OCID of the key from which this key was restored.
    state String
    The key's current lifecycle state. Example: ENABLED
    timeCreated String
    The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z
    timeOfDeletion String

    (Updatable) An optional property for the deletion time of the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    vaultId String
    The OCID of the vault that contains this key.
    autoKeyRotationDetails KeyAutoKeyRotationDetails
    (Updatable) The details of auto rotation schedule for the Key being create updated or imported.
    compartmentId string
    (Updatable) The OCID of the compartment where you want to create the master encryption key.
    currentKeyVersion string
    The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.
    definedTags {[key: string]: string}
    (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    desiredState string
    (Updatable) Desired state of the key. Possible values : ENABLED or DISABLED
    displayName string
    (Updatable) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
    externalKeyReference KeyExternalKeyReference
    A reference to the key on external key manager.
    externalKeyReferenceDetails KeyExternalKeyReferenceDetail[]
    Key reference data to be returned to the customer as a response.
    freeformTags {[key: string]: string}
    (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    isAutoRotationEnabled boolean
    (Updatable) A parameter specifying whether the auto key rotation is enabled or not.
    isPrimary boolean
    A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
    keyShape KeyKeyShape
    The cryptographic properties of a key.
    managementEndpoint string
    The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
    protectionMode string
    The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. By default, a key's protection mode is set to HSM. You can't change a key's protection mode after the key is created or imported. A protection mode of EXTERNAL mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of EXTERNAL are performed by external key manager.
    replicaDetails KeyReplicaDetail[]
    Key replica details
    restoreFromFile KeyRestoreFromFile
    (Updatable) Details where key was backed up.
    restoreFromObjectStore KeyRestoreFromObjectStore
    (Updatable) Details where key was backed up
    restoreTrigger boolean
    (Updatable) An optional property when flipped triggers restore from restore option provided in config file.
    restoredFromKeyId string
    The OCID of the key from which this key was restored.
    state string
    The key's current lifecycle state. Example: ENABLED
    timeCreated string
    The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z
    timeOfDeletion string

    (Updatable) An optional property for the deletion time of the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    vaultId string
    The OCID of the vault that contains this key.
    auto_key_rotation_details kms.KeyAutoKeyRotationDetailsArgs
    (Updatable) The details of auto rotation schedule for the Key being create updated or imported.
    compartment_id str
    (Updatable) The OCID of the compartment where you want to create the master encryption key.
    current_key_version str
    The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.
    defined_tags Mapping[str, str]
    (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    desired_state str
    (Updatable) Desired state of the key. Possible values : ENABLED or DISABLED
    display_name str
    (Updatable) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
    external_key_reference kms.KeyExternalKeyReferenceArgs
    A reference to the key on external key manager.
    external_key_reference_details Sequence[kms.KeyExternalKeyReferenceDetailArgs]
    Key reference data to be returned to the customer as a response.
    freeform_tags Mapping[str, str]
    (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    is_auto_rotation_enabled bool
    (Updatable) A parameter specifying whether the auto key rotation is enabled or not.
    is_primary bool
    A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
    key_shape kms.KeyKeyShapeArgs
    The cryptographic properties of a key.
    management_endpoint str
    The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
    protection_mode str
    The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. By default, a key's protection mode is set to HSM. You can't change a key's protection mode after the key is created or imported. A protection mode of EXTERNAL mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of EXTERNAL are performed by external key manager.
    replica_details Sequence[kms.KeyReplicaDetailArgs]
    Key replica details
    restore_from_file kms.KeyRestoreFromFileArgs
    (Updatable) Details where key was backed up.
    restore_from_object_store kms.KeyRestoreFromObjectStoreArgs
    (Updatable) Details where key was backed up
    restore_trigger bool
    (Updatable) An optional property when flipped triggers restore from restore option provided in config file.
    restored_from_key_id str
    The OCID of the key from which this key was restored.
    state str
    The key's current lifecycle state. Example: ENABLED
    time_created str
    The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z
    time_of_deletion str

    (Updatable) An optional property for the deletion time of the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    vault_id str
    The OCID of the vault that contains this key.
    autoKeyRotationDetails Property Map
    (Updatable) The details of auto rotation schedule for the Key being create updated or imported.
    compartmentId String
    (Updatable) The OCID of the compartment where you want to create the master encryption key.
    currentKeyVersion String
    The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.
    definedTags Map<String>
    (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
    desiredState String
    (Updatable) Desired state of the key. Possible values : ENABLED or DISABLED
    displayName String
    (Updatable) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
    externalKeyReference Property Map
    A reference to the key on external key manager.
    externalKeyReferenceDetails List<Property Map>
    Key reference data to be returned to the customer as a response.
    freeformTags Map<String>
    (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
    isAutoRotationEnabled Boolean
    (Updatable) A parameter specifying whether the auto key rotation is enabled or not.
    isPrimary Boolean
    A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
    keyShape Property Map
    The cryptographic properties of a key.
    managementEndpoint String
    The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
    protectionMode String
    The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. By default, a key's protection mode is set to HSM. You can't change a key's protection mode after the key is created or imported. A protection mode of EXTERNAL mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of EXTERNAL are performed by external key manager.
    replicaDetails List<Property Map>
    Key replica details
    restoreFromFile Property Map
    (Updatable) Details where key was backed up.
    restoreFromObjectStore Property Map
    (Updatable) Details where key was backed up
    restoreTrigger Boolean
    (Updatable) An optional property when flipped triggers restore from restore option provided in config file.
    restoredFromKeyId String
    The OCID of the key from which this key was restored.
    state String
    The key's current lifecycle state. Example: ENABLED
    timeCreated String
    The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z
    timeOfDeletion String

    (Updatable) An optional property for the deletion time of the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

    ** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

    vaultId String
    The OCID of the vault that contains this key.

    Supporting Types

    KeyAutoKeyRotationDetails, KeyAutoKeyRotationDetailsArgs

    LastRotationMessage string
    (Updatable) The last execution status message of auto key rotation.
    LastRotationStatus string
    (Updatable) The status of last execution of auto key rotation.
    RotationIntervalInDays int
    (Updatable) The interval of auto key rotation. For auto key rotation the interval should between 60 day and 365 days (1 year). Note: User must specify this parameter when creating a new schedule.
    TimeOfLastRotation string
    (Updatable) A property indicating Last rotation Date. Example: 2023-04-04T00:00:00Z.
    TimeOfNextRotation string
    (Updatable) A property indicating Next estimated scheduled Time, as per the interval, expressed as date YYYY-MM-DD String. Example: 2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z.
    TimeOfScheduleStart string
    (Updatable) A property indicating scheduled start date expressed as date YYYY-MM-DD String. Example: `2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z . Note : Today’s date will be used if not specified by customer.
    LastRotationMessage string
    (Updatable) The last execution status message of auto key rotation.
    LastRotationStatus string
    (Updatable) The status of last execution of auto key rotation.
    RotationIntervalInDays int
    (Updatable) The interval of auto key rotation. For auto key rotation the interval should between 60 day and 365 days (1 year). Note: User must specify this parameter when creating a new schedule.
    TimeOfLastRotation string
    (Updatable) A property indicating Last rotation Date. Example: 2023-04-04T00:00:00Z.
    TimeOfNextRotation string
    (Updatable) A property indicating Next estimated scheduled Time, as per the interval, expressed as date YYYY-MM-DD String. Example: 2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z.
    TimeOfScheduleStart string
    (Updatable) A property indicating scheduled start date expressed as date YYYY-MM-DD String. Example: `2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z . Note : Today’s date will be used if not specified by customer.
    lastRotationMessage String
    (Updatable) The last execution status message of auto key rotation.
    lastRotationStatus String
    (Updatable) The status of last execution of auto key rotation.
    rotationIntervalInDays Integer
    (Updatable) The interval of auto key rotation. For auto key rotation the interval should between 60 day and 365 days (1 year). Note: User must specify this parameter when creating a new schedule.
    timeOfLastRotation String
    (Updatable) A property indicating Last rotation Date. Example: 2023-04-04T00:00:00Z.
    timeOfNextRotation String
    (Updatable) A property indicating Next estimated scheduled Time, as per the interval, expressed as date YYYY-MM-DD String. Example: 2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z.
    timeOfScheduleStart String
    (Updatable) A property indicating scheduled start date expressed as date YYYY-MM-DD String. Example: `2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z . Note : Today’s date will be used if not specified by customer.
    lastRotationMessage string
    (Updatable) The last execution status message of auto key rotation.
    lastRotationStatus string
    (Updatable) The status of last execution of auto key rotation.
    rotationIntervalInDays number
    (Updatable) The interval of auto key rotation. For auto key rotation the interval should between 60 day and 365 days (1 year). Note: User must specify this parameter when creating a new schedule.
    timeOfLastRotation string
    (Updatable) A property indicating Last rotation Date. Example: 2023-04-04T00:00:00Z.
    timeOfNextRotation string
    (Updatable) A property indicating Next estimated scheduled Time, as per the interval, expressed as date YYYY-MM-DD String. Example: 2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z.
    timeOfScheduleStart string
    (Updatable) A property indicating scheduled start date expressed as date YYYY-MM-DD String. Example: `2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z . Note : Today’s date will be used if not specified by customer.
    last_rotation_message str
    (Updatable) The last execution status message of auto key rotation.
    last_rotation_status str
    (Updatable) The status of last execution of auto key rotation.
    rotation_interval_in_days int
    (Updatable) The interval of auto key rotation. For auto key rotation the interval should between 60 day and 365 days (1 year). Note: User must specify this parameter when creating a new schedule.
    time_of_last_rotation str
    (Updatable) A property indicating Last rotation Date. Example: 2023-04-04T00:00:00Z.
    time_of_next_rotation str
    (Updatable) A property indicating Next estimated scheduled Time, as per the interval, expressed as date YYYY-MM-DD String. Example: 2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z.
    time_of_schedule_start str
    (Updatable) A property indicating scheduled start date expressed as date YYYY-MM-DD String. Example: `2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z . Note : Today’s date will be used if not specified by customer.
    lastRotationMessage String
    (Updatable) The last execution status message of auto key rotation.
    lastRotationStatus String
    (Updatable) The status of last execution of auto key rotation.
    rotationIntervalInDays Number
    (Updatable) The interval of auto key rotation. For auto key rotation the interval should between 60 day and 365 days (1 year). Note: User must specify this parameter when creating a new schedule.
    timeOfLastRotation String
    (Updatable) A property indicating Last rotation Date. Example: 2023-04-04T00:00:00Z.
    timeOfNextRotation String
    (Updatable) A property indicating Next estimated scheduled Time, as per the interval, expressed as date YYYY-MM-DD String. Example: 2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z.
    timeOfScheduleStart String
    (Updatable) A property indicating scheduled start date expressed as date YYYY-MM-DD String. Example: `2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z . Note : Today’s date will be used if not specified by customer.

    KeyExternalKeyReference, KeyExternalKeyReferenceArgs

    ExternalKeyId string
    ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM
    ExternalKeyId string
    ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM
    externalKeyId String
    ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM
    externalKeyId string
    ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM
    external_key_id str
    ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM
    externalKeyId String
    ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM

    KeyExternalKeyReferenceDetail, KeyExternalKeyReferenceDetailArgs

    ExternalKeyId string
    ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM.
    ExternalKeyVersionId string
    Key version ID associated with the external key.
    ExternalKeyId string
    ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM.
    ExternalKeyVersionId string
    Key version ID associated with the external key.
    externalKeyId String
    ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM.
    externalKeyVersionId String
    Key version ID associated with the external key.
    externalKeyId string
    ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM.
    externalKeyVersionId string
    Key version ID associated with the external key.
    external_key_id str
    ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM.
    external_key_version_id str
    Key version ID associated with the external key.
    externalKeyId String
    ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM.
    externalKeyVersionId String
    Key version ID associated with the external key.

    KeyKeyShape, KeyKeyShapeArgs

    Algorithm string
    The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for External keys.
    Length int
    The length of the key in bytes, expressed as an integer. Supported values include the following:

    • AES: 16, 24, or 32
    • RSA: 256, 384, or 512
    • ECDSA: 32, 48, or 66
    CurveId string
    Supported curve IDs for ECDSA keys.
    Algorithm string
    The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for External keys.
    Length int
    The length of the key in bytes, expressed as an integer. Supported values include the following:

    • AES: 16, 24, or 32
    • RSA: 256, 384, or 512
    • ECDSA: 32, 48, or 66
    CurveId string
    Supported curve IDs for ECDSA keys.
    algorithm String
    The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for External keys.
    length Integer
    The length of the key in bytes, expressed as an integer. Supported values include the following:

    • AES: 16, 24, or 32
    • RSA: 256, 384, or 512
    • ECDSA: 32, 48, or 66
    curveId String
    Supported curve IDs for ECDSA keys.
    algorithm string
    The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for External keys.
    length number
    The length of the key in bytes, expressed as an integer. Supported values include the following:

    • AES: 16, 24, or 32
    • RSA: 256, 384, or 512
    • ECDSA: 32, 48, or 66
    curveId string
    Supported curve IDs for ECDSA keys.
    algorithm str
    The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for External keys.
    length int
    The length of the key in bytes, expressed as an integer. Supported values include the following:

    • AES: 16, 24, or 32
    • RSA: 256, 384, or 512
    • ECDSA: 32, 48, or 66
    curve_id str
    Supported curve IDs for ECDSA keys.
    algorithm String
    The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for External keys.
    length Number
    The length of the key in bytes, expressed as an integer. Supported values include the following:

    • AES: 16, 24, or 32
    • RSA: 256, 384, or 512
    • ECDSA: 32, 48, or 66
    curveId String
    Supported curve IDs for ECDSA keys.

    KeyReplicaDetail, KeyReplicaDetailArgs

    ReplicationId string
    ReplicationId associated with a key operation
    ReplicationId string
    ReplicationId associated with a key operation
    replicationId String
    ReplicationId associated with a key operation
    replicationId string
    ReplicationId associated with a key operation
    replication_id str
    ReplicationId associated with a key operation
    replicationId String
    ReplicationId associated with a key operation

    KeyRestoreFromFile, KeyRestoreFromFileArgs

    ContentLength string
    (Updatable) content length of key's backup binary file
    RestoreKeyFromFileDetails string
    Key backup file content.
    ContentMd5 string
    (Updatable) content md5 hashed value of key's backup file
    ContentLength string
    (Updatable) content length of key's backup binary file
    RestoreKeyFromFileDetails string
    Key backup file content.
    ContentMd5 string
    (Updatable) content md5 hashed value of key's backup file
    contentLength String
    (Updatable) content length of key's backup binary file
    restoreKeyFromFileDetails String
    Key backup file content.
    contentMd5 String
    (Updatable) content md5 hashed value of key's backup file
    contentLength string
    (Updatable) content length of key's backup binary file
    restoreKeyFromFileDetails string
    Key backup file content.
    contentMd5 string
    (Updatable) content md5 hashed value of key's backup file
    content_length str
    (Updatable) content length of key's backup binary file
    restore_key_from_file_details str
    Key backup file content.
    content_md5 str
    (Updatable) content md5 hashed value of key's backup file
    contentLength String
    (Updatable) content length of key's backup binary file
    restoreKeyFromFileDetails String
    Key backup file content.
    contentMd5 String
    (Updatable) content md5 hashed value of key's backup file

    KeyRestoreFromObjectStore, KeyRestoreFromObjectStoreArgs

    Destination string
    (Updatable) Type of backup to restore from. Values of "BUCKET", "PRE_AUTHENTICATED_REQUEST_URI" are supported
    Bucket string
    (Updatable) Name of the bucket where key was backed up
    Namespace string
    (Updatable) Namespace of the bucket where key was backed up
    Object string
    (Updatable) Object containing the backup
    Uri string
    (Updatable) Pre-authenticated-request-uri of the backup
    Destination string
    (Updatable) Type of backup to restore from. Values of "BUCKET", "PRE_AUTHENTICATED_REQUEST_URI" are supported
    Bucket string
    (Updatable) Name of the bucket where key was backed up
    Namespace string
    (Updatable) Namespace of the bucket where key was backed up
    Object string
    (Updatable) Object containing the backup
    Uri string
    (Updatable) Pre-authenticated-request-uri of the backup
    destination String
    (Updatable) Type of backup to restore from. Values of "BUCKET", "PRE_AUTHENTICATED_REQUEST_URI" are supported
    bucket String
    (Updatable) Name of the bucket where key was backed up
    namespace String
    (Updatable) Namespace of the bucket where key was backed up
    object String
    (Updatable) Object containing the backup
    uri String
    (Updatable) Pre-authenticated-request-uri of the backup
    destination string
    (Updatable) Type of backup to restore from. Values of "BUCKET", "PRE_AUTHENTICATED_REQUEST_URI" are supported
    bucket string
    (Updatable) Name of the bucket where key was backed up
    namespace string
    (Updatable) Namespace of the bucket where key was backed up
    object string
    (Updatable) Object containing the backup
    uri string
    (Updatable) Pre-authenticated-request-uri of the backup
    destination str
    (Updatable) Type of backup to restore from. Values of "BUCKET", "PRE_AUTHENTICATED_REQUEST_URI" are supported
    bucket str
    (Updatable) Name of the bucket where key was backed up
    namespace str
    (Updatable) Namespace of the bucket where key was backed up
    object str
    (Updatable) Object containing the backup
    uri str
    (Updatable) Pre-authenticated-request-uri of the backup
    destination String
    (Updatable) Type of backup to restore from. Values of "BUCKET", "PRE_AUTHENTICATED_REQUEST_URI" are supported
    bucket String
    (Updatable) Name of the bucket where key was backed up
    namespace String
    (Updatable) Namespace of the bucket where key was backed up
    object String
    (Updatable) Object containing the backup
    uri String
    (Updatable) Pre-authenticated-request-uri of the backup

    Import

    Keys can be imported using the id, e.g.

    $ pulumi import oci:Kms/key:Key test_key "managementEndpoint/{managementEndpoint}/keys/{keyId}"
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    oci pulumi/pulumi-oci
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the oci Terraform Provider.
    oci logo
    Oracle Cloud Infrastructure v2.17.0 published on Friday, Nov 15, 2024 by Pulumi