oci.Kms.Key
Explore with Pulumi AI
This resource provides the Key resource in Oracle Cloud Infrastructure Kms service.
Creates a new master encryption key.
As a management operation, this call is subject to a Key Management limit that applies to the total number of requests across all management write operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of management write operations exceeds 10 requests per second for a given tenancy.
Create Key Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Key(name: string, args: KeyArgs, opts?: CustomResourceOptions);
@overload
def Key(resource_name: str,
args: KeyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Key(resource_name: str,
opts: Optional[ResourceOptions] = None,
display_name: Optional[str] = None,
compartment_id: Optional[str] = None,
management_endpoint: Optional[str] = None,
key_shape: Optional[_kms.KeyKeyShapeArgs] = None,
desired_state: Optional[str] = None,
external_key_reference: Optional[_kms.KeyExternalKeyReferenceArgs] = None,
freeform_tags: Optional[Mapping[str, str]] = None,
is_auto_rotation_enabled: Optional[bool] = None,
auto_key_rotation_details: Optional[_kms.KeyAutoKeyRotationDetailsArgs] = None,
defined_tags: Optional[Mapping[str, str]] = None,
protection_mode: Optional[str] = None,
restore_from_file: Optional[_kms.KeyRestoreFromFileArgs] = None,
restore_from_object_store: Optional[_kms.KeyRestoreFromObjectStoreArgs] = None,
restore_trigger: Optional[bool] = None,
time_of_deletion: Optional[str] = None)
func NewKey(ctx *Context, name string, args KeyArgs, opts ...ResourceOption) (*Key, error)
public Key(string name, KeyArgs args, CustomResourceOptions? opts = null)
type: oci:Kms:Key
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var keyResource = new Oci.Kms.Key("keyResource", new()
{
DisplayName = "string",
CompartmentId = "string",
ManagementEndpoint = "string",
KeyShape = new Oci.Kms.Inputs.KeyKeyShapeArgs
{
Algorithm = "string",
Length = 0,
CurveId = "string",
},
DesiredState = "string",
ExternalKeyReference = new Oci.Kms.Inputs.KeyExternalKeyReferenceArgs
{
ExternalKeyId = "string",
},
FreeformTags =
{
{ "string", "string" },
},
IsAutoRotationEnabled = false,
AutoKeyRotationDetails = new Oci.Kms.Inputs.KeyAutoKeyRotationDetailsArgs
{
LastRotationMessage = "string",
LastRotationStatus = "string",
RotationIntervalInDays = 0,
TimeOfLastRotation = "string",
TimeOfNextRotation = "string",
TimeOfScheduleStart = "string",
},
DefinedTags =
{
{ "string", "string" },
},
ProtectionMode = "string",
RestoreFromFile = new Oci.Kms.Inputs.KeyRestoreFromFileArgs
{
ContentLength = "string",
RestoreKeyFromFileDetails = "string",
ContentMd5 = "string",
},
RestoreFromObjectStore = new Oci.Kms.Inputs.KeyRestoreFromObjectStoreArgs
{
Destination = "string",
Bucket = "string",
Namespace = "string",
Object = "string",
Uri = "string",
},
RestoreTrigger = false,
TimeOfDeletion = "string",
});
example, err := Kms.NewKey(ctx, "keyResource", &Kms.KeyArgs{
DisplayName: pulumi.String("string"),
CompartmentId: pulumi.String("string"),
ManagementEndpoint: pulumi.String("string"),
KeyShape: &kms.KeyKeyShapeArgs{
Algorithm: pulumi.String("string"),
Length: pulumi.Int(0),
CurveId: pulumi.String("string"),
},
DesiredState: pulumi.String("string"),
ExternalKeyReference: &kms.KeyExternalKeyReferenceArgs{
ExternalKeyId: pulumi.String("string"),
},
FreeformTags: pulumi.StringMap{
"string": pulumi.String("string"),
},
IsAutoRotationEnabled: pulumi.Bool(false),
AutoKeyRotationDetails: &kms.KeyAutoKeyRotationDetailsArgs{
LastRotationMessage: pulumi.String("string"),
LastRotationStatus: pulumi.String("string"),
RotationIntervalInDays: pulumi.Int(0),
TimeOfLastRotation: pulumi.String("string"),
TimeOfNextRotation: pulumi.String("string"),
TimeOfScheduleStart: pulumi.String("string"),
},
DefinedTags: pulumi.StringMap{
"string": pulumi.String("string"),
},
ProtectionMode: pulumi.String("string"),
RestoreFromFile: &kms.KeyRestoreFromFileArgs{
ContentLength: pulumi.String("string"),
RestoreKeyFromFileDetails: pulumi.String("string"),
ContentMd5: pulumi.String("string"),
},
RestoreFromObjectStore: &kms.KeyRestoreFromObjectStoreArgs{
Destination: pulumi.String("string"),
Bucket: pulumi.String("string"),
Namespace: pulumi.String("string"),
Object: pulumi.String("string"),
Uri: pulumi.String("string"),
},
RestoreTrigger: pulumi.Bool(false),
TimeOfDeletion: pulumi.String("string"),
})
var keyResource = new Key("keyResource", KeyArgs.builder()
.displayName("string")
.compartmentId("string")
.managementEndpoint("string")
.keyShape(KeyKeyShapeArgs.builder()
.algorithm("string")
.length(0)
.curveId("string")
.build())
.desiredState("string")
.externalKeyReference(KeyExternalKeyReferenceArgs.builder()
.externalKeyId("string")
.build())
.freeformTags(Map.of("string", "string"))
.isAutoRotationEnabled(false)
.autoKeyRotationDetails(KeyAutoKeyRotationDetailsArgs.builder()
.lastRotationMessage("string")
.lastRotationStatus("string")
.rotationIntervalInDays(0)
.timeOfLastRotation("string")
.timeOfNextRotation("string")
.timeOfScheduleStart("string")
.build())
.definedTags(Map.of("string", "string"))
.protectionMode("string")
.restoreFromFile(KeyRestoreFromFileArgs.builder()
.contentLength("string")
.restoreKeyFromFileDetails("string")
.contentMd5("string")
.build())
.restoreFromObjectStore(KeyRestoreFromObjectStoreArgs.builder()
.destination("string")
.bucket("string")
.namespace("string")
.object("string")
.uri("string")
.build())
.restoreTrigger(false)
.timeOfDeletion("string")
.build());
key_resource = oci.kms.Key("keyResource",
display_name="string",
compartment_id="string",
management_endpoint="string",
key_shape={
"algorithm": "string",
"length": 0,
"curve_id": "string",
},
desired_state="string",
external_key_reference={
"external_key_id": "string",
},
freeform_tags={
"string": "string",
},
is_auto_rotation_enabled=False,
auto_key_rotation_details={
"last_rotation_message": "string",
"last_rotation_status": "string",
"rotation_interval_in_days": 0,
"time_of_last_rotation": "string",
"time_of_next_rotation": "string",
"time_of_schedule_start": "string",
},
defined_tags={
"string": "string",
},
protection_mode="string",
restore_from_file={
"content_length": "string",
"restore_key_from_file_details": "string",
"content_md5": "string",
},
restore_from_object_store={
"destination": "string",
"bucket": "string",
"namespace": "string",
"object": "string",
"uri": "string",
},
restore_trigger=False,
time_of_deletion="string")
const keyResource = new oci.kms.Key("keyResource", {
displayName: "string",
compartmentId: "string",
managementEndpoint: "string",
keyShape: {
algorithm: "string",
length: 0,
curveId: "string",
},
desiredState: "string",
externalKeyReference: {
externalKeyId: "string",
},
freeformTags: {
string: "string",
},
isAutoRotationEnabled: false,
autoKeyRotationDetails: {
lastRotationMessage: "string",
lastRotationStatus: "string",
rotationIntervalInDays: 0,
timeOfLastRotation: "string",
timeOfNextRotation: "string",
timeOfScheduleStart: "string",
},
definedTags: {
string: "string",
},
protectionMode: "string",
restoreFromFile: {
contentLength: "string",
restoreKeyFromFileDetails: "string",
contentMd5: "string",
},
restoreFromObjectStore: {
destination: "string",
bucket: "string",
namespace: "string",
object: "string",
uri: "string",
},
restoreTrigger: false,
timeOfDeletion: "string",
});
type: oci:Kms:Key
properties:
autoKeyRotationDetails:
lastRotationMessage: string
lastRotationStatus: string
rotationIntervalInDays: 0
timeOfLastRotation: string
timeOfNextRotation: string
timeOfScheduleStart: string
compartmentId: string
definedTags:
string: string
desiredState: string
displayName: string
externalKeyReference:
externalKeyId: string
freeformTags:
string: string
isAutoRotationEnabled: false
keyShape:
algorithm: string
curveId: string
length: 0
managementEndpoint: string
protectionMode: string
restoreFromFile:
contentLength: string
contentMd5: string
restoreKeyFromFileDetails: string
restoreFromObjectStore:
bucket: string
destination: string
namespace: string
object: string
uri: string
restoreTrigger: false
timeOfDeletion: string
Key Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Key resource accepts the following input properties:
- Compartment
Id string - (Updatable) The OCID of the compartment where you want to create the master encryption key.
- Display
Name string - (Updatable) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
- Key
Shape KeyKey Shape - The cryptographic properties of a key.
- Management
Endpoint string - The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
- Auto
Key KeyRotation Details Auto Key Rotation Details - (Updatable) The details of auto rotation schedule for the Key being create updated or imported.
- Dictionary<string, string>
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- Desired
State string - (Updatable) Desired state of the key. Possible values :
ENABLED
orDISABLED
- External
Key KeyReference External Key Reference - A reference to the key on external key manager.
- Dictionary<string, string>
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- Is
Auto boolRotation Enabled - (Updatable) A parameter specifying whether the auto key rotation is enabled or not.
- Protection
Mode string - The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of
HSM
means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode ofSOFTWARE
means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode ofSOFTWARE
are performed on the server. By default, a key's protection mode is set toHSM
. You can't change a key's protection mode after the key is created or imported. A protection mode ofEXTERNAL
mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode ofEXTERNAL
are performed by external key manager. - Restore
From KeyFile Restore From File - (Updatable) Details where key was backed up.
- Restore
From KeyObject Store Restore From Object Store - (Updatable) Details where key was backed up
- Restore
Trigger bool - (Updatable) An optional property when flipped triggers restore from restore option provided in config file.
- Time
Of stringDeletion (Updatable) An optional property for the deletion time of the key, expressed in RFC 3339 timestamp format. Example:
2019-04-03T21:10:29.600Z
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Compartment
Id string - (Updatable) The OCID of the compartment where you want to create the master encryption key.
- Display
Name string - (Updatable) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
- Key
Shape KeyKey Shape Args - The cryptographic properties of a key.
- Management
Endpoint string - The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
- Auto
Key KeyRotation Details Auto Key Rotation Details Args - (Updatable) The details of auto rotation schedule for the Key being create updated or imported.
- map[string]string
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- Desired
State string - (Updatable) Desired state of the key. Possible values :
ENABLED
orDISABLED
- External
Key KeyReference External Key Reference Args - A reference to the key on external key manager.
- map[string]string
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- Is
Auto boolRotation Enabled - (Updatable) A parameter specifying whether the auto key rotation is enabled or not.
- Protection
Mode string - The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of
HSM
means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode ofSOFTWARE
means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode ofSOFTWARE
are performed on the server. By default, a key's protection mode is set toHSM
. You can't change a key's protection mode after the key is created or imported. A protection mode ofEXTERNAL
mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode ofEXTERNAL
are performed by external key manager. - Restore
From KeyFile Restore From File Args - (Updatable) Details where key was backed up.
- Restore
From KeyObject Store Restore From Object Store Args - (Updatable) Details where key was backed up
- Restore
Trigger bool - (Updatable) An optional property when flipped triggers restore from restore option provided in config file.
- Time
Of stringDeletion (Updatable) An optional property for the deletion time of the key, expressed in RFC 3339 timestamp format. Example:
2019-04-03T21:10:29.600Z
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- compartment
Id String - (Updatable) The OCID of the compartment where you want to create the master encryption key.
- display
Name String - (Updatable) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
- key
Shape KeyKey Shape - The cryptographic properties of a key.
- management
Endpoint String - The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
- auto
Key KeyRotation Details Auto Key Rotation Details - (Updatable) The details of auto rotation schedule for the Key being create updated or imported.
- Map<String,String>
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- desired
State String - (Updatable) Desired state of the key. Possible values :
ENABLED
orDISABLED
- external
Key KeyReference External Key Reference - A reference to the key on external key manager.
- Map<String,String>
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- is
Auto BooleanRotation Enabled - (Updatable) A parameter specifying whether the auto key rotation is enabled or not.
- protection
Mode String - The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of
HSM
means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode ofSOFTWARE
means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode ofSOFTWARE
are performed on the server. By default, a key's protection mode is set toHSM
. You can't change a key's protection mode after the key is created or imported. A protection mode ofEXTERNAL
mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode ofEXTERNAL
are performed by external key manager. - restore
From KeyFile Restore From File - (Updatable) Details where key was backed up.
- restore
From KeyObject Store Restore From Object Store - (Updatable) Details where key was backed up
- restore
Trigger Boolean - (Updatable) An optional property when flipped triggers restore from restore option provided in config file.
- time
Of StringDeletion (Updatable) An optional property for the deletion time of the key, expressed in RFC 3339 timestamp format. Example:
2019-04-03T21:10:29.600Z
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- compartment
Id string - (Updatable) The OCID of the compartment where you want to create the master encryption key.
- display
Name string - (Updatable) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
- key
Shape KeyKey Shape - The cryptographic properties of a key.
- management
Endpoint string - The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
- auto
Key KeyRotation Details Auto Key Rotation Details - (Updatable) The details of auto rotation schedule for the Key being create updated or imported.
- {[key: string]: string}
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- desired
State string - (Updatable) Desired state of the key. Possible values :
ENABLED
orDISABLED
- external
Key KeyReference External Key Reference - A reference to the key on external key manager.
- {[key: string]: string}
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- is
Auto booleanRotation Enabled - (Updatable) A parameter specifying whether the auto key rotation is enabled or not.
- protection
Mode string - The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of
HSM
means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode ofSOFTWARE
means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode ofSOFTWARE
are performed on the server. By default, a key's protection mode is set toHSM
. You can't change a key's protection mode after the key is created or imported. A protection mode ofEXTERNAL
mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode ofEXTERNAL
are performed by external key manager. - restore
From KeyFile Restore From File - (Updatable) Details where key was backed up.
- restore
From KeyObject Store Restore From Object Store - (Updatable) Details where key was backed up
- restore
Trigger boolean - (Updatable) An optional property when flipped triggers restore from restore option provided in config file.
- time
Of stringDeletion (Updatable) An optional property for the deletion time of the key, expressed in RFC 3339 timestamp format. Example:
2019-04-03T21:10:29.600Z
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- compartment_
id str - (Updatable) The OCID of the compartment where you want to create the master encryption key.
- display_
name str - (Updatable) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
- key_
shape kms.Key Key Shape Args - The cryptographic properties of a key.
- management_
endpoint str - The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
- auto_
key_ kms.rotation_ details Key Auto Key Rotation Details Args - (Updatable) The details of auto rotation schedule for the Key being create updated or imported.
- Mapping[str, str]
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- desired_
state str - (Updatable) Desired state of the key. Possible values :
ENABLED
orDISABLED
- external_
key_ kms.reference Key External Key Reference Args - A reference to the key on external key manager.
- Mapping[str, str]
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- is_
auto_ boolrotation_ enabled - (Updatable) A parameter specifying whether the auto key rotation is enabled or not.
- protection_
mode str - The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of
HSM
means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode ofSOFTWARE
means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode ofSOFTWARE
are performed on the server. By default, a key's protection mode is set toHSM
. You can't change a key's protection mode after the key is created or imported. A protection mode ofEXTERNAL
mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode ofEXTERNAL
are performed by external key manager. - restore_
from_ kms.file Key Restore From File Args - (Updatable) Details where key was backed up.
- restore_
from_ kms.object_ store Key Restore From Object Store Args - (Updatable) Details where key was backed up
- restore_
trigger bool - (Updatable) An optional property when flipped triggers restore from restore option provided in config file.
- time_
of_ strdeletion (Updatable) An optional property for the deletion time of the key, expressed in RFC 3339 timestamp format. Example:
2019-04-03T21:10:29.600Z
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- compartment
Id String - (Updatable) The OCID of the compartment where you want to create the master encryption key.
- display
Name String - (Updatable) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
- key
Shape Property Map - The cryptographic properties of a key.
- management
Endpoint String - The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
- auto
Key Property MapRotation Details - (Updatable) The details of auto rotation schedule for the Key being create updated or imported.
- Map<String>
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- desired
State String - (Updatable) Desired state of the key. Possible values :
ENABLED
orDISABLED
- external
Key Property MapReference - A reference to the key on external key manager.
- Map<String>
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- is
Auto BooleanRotation Enabled - (Updatable) A parameter specifying whether the auto key rotation is enabled or not.
- protection
Mode String - The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of
HSM
means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode ofSOFTWARE
means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode ofSOFTWARE
are performed on the server. By default, a key's protection mode is set toHSM
. You can't change a key's protection mode after the key is created or imported. A protection mode ofEXTERNAL
mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode ofEXTERNAL
are performed by external key manager. - restore
From Property MapFile - (Updatable) Details where key was backed up.
- restore
From Property MapObject Store - (Updatable) Details where key was backed up
- restore
Trigger Boolean - (Updatable) An optional property when flipped triggers restore from restore option provided in config file.
- time
Of StringDeletion (Updatable) An optional property for the deletion time of the key, expressed in RFC 3339 timestamp format. Example:
2019-04-03T21:10:29.600Z
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
Outputs
All input properties are implicitly available as output properties. Additionally, the Key resource produces the following output properties:
- Current
Key stringVersion - The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The
currentKeyVersion
property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations. - External
Key List<KeyReference Details External Key Reference Detail> - Key reference data to be returned to the customer as a response.
- Id string
- The provider-assigned unique ID for this managed resource.
- Is
Primary bool - A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
- Replica
Details List<KeyReplica Detail> - Key replica details
- Restored
From stringKey Id - The OCID of the key from which this key was restored.
- State string
- The key's current lifecycle state. Example:
ENABLED
- Time
Created string - The date and time the key was created, expressed in RFC 3339 timestamp format. Example:
2018-04-03T21:10:29.600Z
- Vault
Id string - The OCID of the vault that contains this key.
- Current
Key stringVersion - The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The
currentKeyVersion
property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations. - External
Key []KeyReference Details External Key Reference Detail - Key reference data to be returned to the customer as a response.
- Id string
- The provider-assigned unique ID for this managed resource.
- Is
Primary bool - A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
- Replica
Details []KeyReplica Detail - Key replica details
- Restored
From stringKey Id - The OCID of the key from which this key was restored.
- State string
- The key's current lifecycle state. Example:
ENABLED
- Time
Created string - The date and time the key was created, expressed in RFC 3339 timestamp format. Example:
2018-04-03T21:10:29.600Z
- Vault
Id string - The OCID of the vault that contains this key.
- current
Key StringVersion - The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The
currentKeyVersion
property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations. - external
Key List<KeyReference Details External Key Reference Detail> - Key reference data to be returned to the customer as a response.
- id String
- The provider-assigned unique ID for this managed resource.
- is
Primary Boolean - A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
- replica
Details List<KeyReplica Detail> - Key replica details
- restored
From StringKey Id - The OCID of the key from which this key was restored.
- state String
- The key's current lifecycle state. Example:
ENABLED
- time
Created String - The date and time the key was created, expressed in RFC 3339 timestamp format. Example:
2018-04-03T21:10:29.600Z
- vault
Id String - The OCID of the vault that contains this key.
- current
Key stringVersion - The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The
currentKeyVersion
property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations. - external
Key KeyReference Details External Key Reference Detail[] - Key reference data to be returned to the customer as a response.
- id string
- The provider-assigned unique ID for this managed resource.
- is
Primary boolean - A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
- replica
Details KeyReplica Detail[] - Key replica details
- restored
From stringKey Id - The OCID of the key from which this key was restored.
- state string
- The key's current lifecycle state. Example:
ENABLED
- time
Created string - The date and time the key was created, expressed in RFC 3339 timestamp format. Example:
2018-04-03T21:10:29.600Z
- vault
Id string - The OCID of the vault that contains this key.
- current_
key_ strversion - The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The
currentKeyVersion
property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations. - external_
key_ Sequence[kms.reference_ details Key External Key Reference Detail] - Key reference data to be returned to the customer as a response.
- id str
- The provider-assigned unique ID for this managed resource.
- is_
primary bool - A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
- replica_
details Sequence[kms.Key Replica Detail] - Key replica details
- restored_
from_ strkey_ id - The OCID of the key from which this key was restored.
- state str
- The key's current lifecycle state. Example:
ENABLED
- time_
created str - The date and time the key was created, expressed in RFC 3339 timestamp format. Example:
2018-04-03T21:10:29.600Z
- vault_
id str - The OCID of the vault that contains this key.
- current
Key StringVersion - The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The
currentKeyVersion
property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations. - external
Key List<Property Map>Reference Details - Key reference data to be returned to the customer as a response.
- id String
- The provider-assigned unique ID for this managed resource.
- is
Primary Boolean - A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
- replica
Details List<Property Map> - Key replica details
- restored
From StringKey Id - The OCID of the key from which this key was restored.
- state String
- The key's current lifecycle state. Example:
ENABLED
- time
Created String - The date and time the key was created, expressed in RFC 3339 timestamp format. Example:
2018-04-03T21:10:29.600Z
- vault
Id String - The OCID of the vault that contains this key.
Look up Existing Key Resource
Get an existing Key resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: KeyState, opts?: CustomResourceOptions): Key
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
auto_key_rotation_details: Optional[_kms.KeyAutoKeyRotationDetailsArgs] = None,
compartment_id: Optional[str] = None,
current_key_version: Optional[str] = None,
defined_tags: Optional[Mapping[str, str]] = None,
desired_state: Optional[str] = None,
display_name: Optional[str] = None,
external_key_reference: Optional[_kms.KeyExternalKeyReferenceArgs] = None,
external_key_reference_details: Optional[Sequence[_kms.KeyExternalKeyReferenceDetailArgs]] = None,
freeform_tags: Optional[Mapping[str, str]] = None,
is_auto_rotation_enabled: Optional[bool] = None,
is_primary: Optional[bool] = None,
key_shape: Optional[_kms.KeyKeyShapeArgs] = None,
management_endpoint: Optional[str] = None,
protection_mode: Optional[str] = None,
replica_details: Optional[Sequence[_kms.KeyReplicaDetailArgs]] = None,
restore_from_file: Optional[_kms.KeyRestoreFromFileArgs] = None,
restore_from_object_store: Optional[_kms.KeyRestoreFromObjectStoreArgs] = None,
restore_trigger: Optional[bool] = None,
restored_from_key_id: Optional[str] = None,
state: Optional[str] = None,
time_created: Optional[str] = None,
time_of_deletion: Optional[str] = None,
vault_id: Optional[str] = None) -> Key
func GetKey(ctx *Context, name string, id IDInput, state *KeyState, opts ...ResourceOption) (*Key, error)
public static Key Get(string name, Input<string> id, KeyState? state, CustomResourceOptions? opts = null)
public static Key get(String name, Output<String> id, KeyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Auto
Key KeyRotation Details Auto Key Rotation Details - (Updatable) The details of auto rotation schedule for the Key being create updated or imported.
- Compartment
Id string - (Updatable) The OCID of the compartment where you want to create the master encryption key.
- Current
Key stringVersion - The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The
currentKeyVersion
property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations. - Dictionary<string, string>
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- Desired
State string - (Updatable) Desired state of the key. Possible values :
ENABLED
orDISABLED
- Display
Name string - (Updatable) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
- External
Key KeyReference External Key Reference - A reference to the key on external key manager.
- External
Key List<KeyReference Details External Key Reference Detail> - Key reference data to be returned to the customer as a response.
- Dictionary<string, string>
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- Is
Auto boolRotation Enabled - (Updatable) A parameter specifying whether the auto key rotation is enabled or not.
- Is
Primary bool - A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
- Key
Shape KeyKey Shape - The cryptographic properties of a key.
- Management
Endpoint string - The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
- Protection
Mode string - The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of
HSM
means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode ofSOFTWARE
means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode ofSOFTWARE
are performed on the server. By default, a key's protection mode is set toHSM
. You can't change a key's protection mode after the key is created or imported. A protection mode ofEXTERNAL
mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode ofEXTERNAL
are performed by external key manager. - Replica
Details List<KeyReplica Detail> - Key replica details
- Restore
From KeyFile Restore From File - (Updatable) Details where key was backed up.
- Restore
From KeyObject Store Restore From Object Store - (Updatable) Details where key was backed up
- Restore
Trigger bool - (Updatable) An optional property when flipped triggers restore from restore option provided in config file.
- Restored
From stringKey Id - The OCID of the key from which this key was restored.
- State string
- The key's current lifecycle state. Example:
ENABLED
- Time
Created string - The date and time the key was created, expressed in RFC 3339 timestamp format. Example:
2018-04-03T21:10:29.600Z
- Time
Of stringDeletion (Updatable) An optional property for the deletion time of the key, expressed in RFC 3339 timestamp format. Example:
2019-04-03T21:10:29.600Z
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Vault
Id string - The OCID of the vault that contains this key.
- Auto
Key KeyRotation Details Auto Key Rotation Details Args - (Updatable) The details of auto rotation schedule for the Key being create updated or imported.
- Compartment
Id string - (Updatable) The OCID of the compartment where you want to create the master encryption key.
- Current
Key stringVersion - The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The
currentKeyVersion
property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations. - map[string]string
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- Desired
State string - (Updatable) Desired state of the key. Possible values :
ENABLED
orDISABLED
- Display
Name string - (Updatable) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
- External
Key KeyReference External Key Reference Args - A reference to the key on external key manager.
- External
Key []KeyReference Details External Key Reference Detail Args - Key reference data to be returned to the customer as a response.
- map[string]string
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- Is
Auto boolRotation Enabled - (Updatable) A parameter specifying whether the auto key rotation is enabled or not.
- Is
Primary bool - A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
- Key
Shape KeyKey Shape Args - The cryptographic properties of a key.
- Management
Endpoint string - The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
- Protection
Mode string - The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of
HSM
means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode ofSOFTWARE
means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode ofSOFTWARE
are performed on the server. By default, a key's protection mode is set toHSM
. You can't change a key's protection mode after the key is created or imported. A protection mode ofEXTERNAL
mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode ofEXTERNAL
are performed by external key manager. - Replica
Details []KeyReplica Detail Args - Key replica details
- Restore
From KeyFile Restore From File Args - (Updatable) Details where key was backed up.
- Restore
From KeyObject Store Restore From Object Store Args - (Updatable) Details where key was backed up
- Restore
Trigger bool - (Updatable) An optional property when flipped triggers restore from restore option provided in config file.
- Restored
From stringKey Id - The OCID of the key from which this key was restored.
- State string
- The key's current lifecycle state. Example:
ENABLED
- Time
Created string - The date and time the key was created, expressed in RFC 3339 timestamp format. Example:
2018-04-03T21:10:29.600Z
- Time
Of stringDeletion (Updatable) An optional property for the deletion time of the key, expressed in RFC 3339 timestamp format. Example:
2019-04-03T21:10:29.600Z
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Vault
Id string - The OCID of the vault that contains this key.
- auto
Key KeyRotation Details Auto Key Rotation Details - (Updatable) The details of auto rotation schedule for the Key being create updated or imported.
- compartment
Id String - (Updatable) The OCID of the compartment where you want to create the master encryption key.
- current
Key StringVersion - The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The
currentKeyVersion
property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations. - Map<String,String>
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- desired
State String - (Updatable) Desired state of the key. Possible values :
ENABLED
orDISABLED
- display
Name String - (Updatable) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
- external
Key KeyReference External Key Reference - A reference to the key on external key manager.
- external
Key List<KeyReference Details External Key Reference Detail> - Key reference data to be returned to the customer as a response.
- Map<String,String>
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- is
Auto BooleanRotation Enabled - (Updatable) A parameter specifying whether the auto key rotation is enabled or not.
- is
Primary Boolean - A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
- key
Shape KeyKey Shape - The cryptographic properties of a key.
- management
Endpoint String - The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
- protection
Mode String - The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of
HSM
means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode ofSOFTWARE
means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode ofSOFTWARE
are performed on the server. By default, a key's protection mode is set toHSM
. You can't change a key's protection mode after the key is created or imported. A protection mode ofEXTERNAL
mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode ofEXTERNAL
are performed by external key manager. - replica
Details List<KeyReplica Detail> - Key replica details
- restore
From KeyFile Restore From File - (Updatable) Details where key was backed up.
- restore
From KeyObject Store Restore From Object Store - (Updatable) Details where key was backed up
- restore
Trigger Boolean - (Updatable) An optional property when flipped triggers restore from restore option provided in config file.
- restored
From StringKey Id - The OCID of the key from which this key was restored.
- state String
- The key's current lifecycle state. Example:
ENABLED
- time
Created String - The date and time the key was created, expressed in RFC 3339 timestamp format. Example:
2018-04-03T21:10:29.600Z
- time
Of StringDeletion (Updatable) An optional property for the deletion time of the key, expressed in RFC 3339 timestamp format. Example:
2019-04-03T21:10:29.600Z
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- vault
Id String - The OCID of the vault that contains this key.
- auto
Key KeyRotation Details Auto Key Rotation Details - (Updatable) The details of auto rotation schedule for the Key being create updated or imported.
- compartment
Id string - (Updatable) The OCID of the compartment where you want to create the master encryption key.
- current
Key stringVersion - The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The
currentKeyVersion
property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations. - {[key: string]: string}
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- desired
State string - (Updatable) Desired state of the key. Possible values :
ENABLED
orDISABLED
- display
Name string - (Updatable) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
- external
Key KeyReference External Key Reference - A reference to the key on external key manager.
- external
Key KeyReference Details External Key Reference Detail[] - Key reference data to be returned to the customer as a response.
- {[key: string]: string}
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- is
Auto booleanRotation Enabled - (Updatable) A parameter specifying whether the auto key rotation is enabled or not.
- is
Primary boolean - A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
- key
Shape KeyKey Shape - The cryptographic properties of a key.
- management
Endpoint string - The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
- protection
Mode string - The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of
HSM
means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode ofSOFTWARE
means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode ofSOFTWARE
are performed on the server. By default, a key's protection mode is set toHSM
. You can't change a key's protection mode after the key is created or imported. A protection mode ofEXTERNAL
mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode ofEXTERNAL
are performed by external key manager. - replica
Details KeyReplica Detail[] - Key replica details
- restore
From KeyFile Restore From File - (Updatable) Details where key was backed up.
- restore
From KeyObject Store Restore From Object Store - (Updatable) Details where key was backed up
- restore
Trigger boolean - (Updatable) An optional property when flipped triggers restore from restore option provided in config file.
- restored
From stringKey Id - The OCID of the key from which this key was restored.
- state string
- The key's current lifecycle state. Example:
ENABLED
- time
Created string - The date and time the key was created, expressed in RFC 3339 timestamp format. Example:
2018-04-03T21:10:29.600Z
- time
Of stringDeletion (Updatable) An optional property for the deletion time of the key, expressed in RFC 3339 timestamp format. Example:
2019-04-03T21:10:29.600Z
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- vault
Id string - The OCID of the vault that contains this key.
- auto_
key_ kms.rotation_ details Key Auto Key Rotation Details Args - (Updatable) The details of auto rotation schedule for the Key being create updated or imported.
- compartment_
id str - (Updatable) The OCID of the compartment where you want to create the master encryption key.
- current_
key_ strversion - The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The
currentKeyVersion
property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations. - Mapping[str, str]
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- desired_
state str - (Updatable) Desired state of the key. Possible values :
ENABLED
orDISABLED
- display_
name str - (Updatable) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
- external_
key_ kms.reference Key External Key Reference Args - A reference to the key on external key manager.
- external_
key_ Sequence[kms.reference_ details Key External Key Reference Detail Args] - Key reference data to be returned to the customer as a response.
- Mapping[str, str]
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- is_
auto_ boolrotation_ enabled - (Updatable) A parameter specifying whether the auto key rotation is enabled or not.
- is_
primary bool - A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
- key_
shape kms.Key Key Shape Args - The cryptographic properties of a key.
- management_
endpoint str - The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
- protection_
mode str - The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of
HSM
means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode ofSOFTWARE
means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode ofSOFTWARE
are performed on the server. By default, a key's protection mode is set toHSM
. You can't change a key's protection mode after the key is created or imported. A protection mode ofEXTERNAL
mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode ofEXTERNAL
are performed by external key manager. - replica_
details Sequence[kms.Key Replica Detail Args] - Key replica details
- restore_
from_ kms.file Key Restore From File Args - (Updatable) Details where key was backed up.
- restore_
from_ kms.object_ store Key Restore From Object Store Args - (Updatable) Details where key was backed up
- restore_
trigger bool - (Updatable) An optional property when flipped triggers restore from restore option provided in config file.
- restored_
from_ strkey_ id - The OCID of the key from which this key was restored.
- state str
- The key's current lifecycle state. Example:
ENABLED
- time_
created str - The date and time the key was created, expressed in RFC 3339 timestamp format. Example:
2018-04-03T21:10:29.600Z
- time_
of_ strdeletion (Updatable) An optional property for the deletion time of the key, expressed in RFC 3339 timestamp format. Example:
2019-04-03T21:10:29.600Z
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- vault_
id str - The OCID of the vault that contains this key.
- auto
Key Property MapRotation Details - (Updatable) The details of auto rotation schedule for the Key being create updated or imported.
- compartment
Id String - (Updatable) The OCID of the compartment where you want to create the master encryption key.
- current
Key StringVersion - The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The
currentKeyVersion
property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations. - Map<String>
- (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:
{"Operations.CostCenter": "42"}
- desired
State String - (Updatable) Desired state of the key. Possible values :
ENABLED
orDISABLED
- display
Name String - (Updatable) A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
- external
Key Property MapReference - A reference to the key on external key manager.
- external
Key List<Property Map>Reference Details - Key reference data to be returned to the customer as a response.
- Map<String>
- (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:
{"Department": "Finance"}
- is
Auto BooleanRotation Enabled - (Updatable) A parameter specifying whether the auto key rotation is enabled or not.
- is
Primary Boolean - A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
- key
Shape Property Map - The cryptographic properties of a key.
- management
Endpoint String - The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
- protection
Mode String - The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of
HSM
means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode ofSOFTWARE
means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode ofSOFTWARE
are performed on the server. By default, a key's protection mode is set toHSM
. You can't change a key's protection mode after the key is created or imported. A protection mode ofEXTERNAL
mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode ofEXTERNAL
are performed by external key manager. - replica
Details List<Property Map> - Key replica details
- restore
From Property MapFile - (Updatable) Details where key was backed up.
- restore
From Property MapObject Store - (Updatable) Details where key was backed up
- restore
Trigger Boolean - (Updatable) An optional property when flipped triggers restore from restore option provided in config file.
- restored
From StringKey Id - The OCID of the key from which this key was restored.
- state String
- The key's current lifecycle state. Example:
ENABLED
- time
Created String - The date and time the key was created, expressed in RFC 3339 timestamp format. Example:
2018-04-03T21:10:29.600Z
- time
Of StringDeletion (Updatable) An optional property for the deletion time of the key, expressed in RFC 3339 timestamp format. Example:
2019-04-03T21:10:29.600Z
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- vault
Id String - The OCID of the vault that contains this key.
Supporting Types
KeyAutoKeyRotationDetails, KeyAutoKeyRotationDetailsArgs
- Last
Rotation stringMessage - (Updatable) The last execution status message of auto key rotation.
- Last
Rotation stringStatus - (Updatable) The status of last execution of auto key rotation.
- Rotation
Interval intIn Days - (Updatable) The interval of auto key rotation. For auto key rotation the interval should between 60 day and 365 days (1 year). Note: User must specify this parameter when creating a new schedule.
- Time
Of stringLast Rotation - (Updatable) A property indicating Last rotation Date. Example:
2023-04-04T00:00:00Z
. - Time
Of stringNext Rotation - (Updatable) A property indicating Next estimated scheduled Time, as per the interval, expressed as date YYYY-MM-DD String. Example:
2023-04-04T00:00:00Z
. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z. - Time
Of stringSchedule Start - (Updatable) A property indicating scheduled start date expressed as date YYYY-MM-DD String. Example: `2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z . Note : Today’s date will be used if not specified by customer.
- Last
Rotation stringMessage - (Updatable) The last execution status message of auto key rotation.
- Last
Rotation stringStatus - (Updatable) The status of last execution of auto key rotation.
- Rotation
Interval intIn Days - (Updatable) The interval of auto key rotation. For auto key rotation the interval should between 60 day and 365 days (1 year). Note: User must specify this parameter when creating a new schedule.
- Time
Of stringLast Rotation - (Updatable) A property indicating Last rotation Date. Example:
2023-04-04T00:00:00Z
. - Time
Of stringNext Rotation - (Updatable) A property indicating Next estimated scheduled Time, as per the interval, expressed as date YYYY-MM-DD String. Example:
2023-04-04T00:00:00Z
. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z. - Time
Of stringSchedule Start - (Updatable) A property indicating scheduled start date expressed as date YYYY-MM-DD String. Example: `2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z . Note : Today’s date will be used if not specified by customer.
- last
Rotation StringMessage - (Updatable) The last execution status message of auto key rotation.
- last
Rotation StringStatus - (Updatable) The status of last execution of auto key rotation.
- rotation
Interval IntegerIn Days - (Updatable) The interval of auto key rotation. For auto key rotation the interval should between 60 day and 365 days (1 year). Note: User must specify this parameter when creating a new schedule.
- time
Of StringLast Rotation - (Updatable) A property indicating Last rotation Date. Example:
2023-04-04T00:00:00Z
. - time
Of StringNext Rotation - (Updatable) A property indicating Next estimated scheduled Time, as per the interval, expressed as date YYYY-MM-DD String. Example:
2023-04-04T00:00:00Z
. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z. - time
Of StringSchedule Start - (Updatable) A property indicating scheduled start date expressed as date YYYY-MM-DD String. Example: `2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z . Note : Today’s date will be used if not specified by customer.
- last
Rotation stringMessage - (Updatable) The last execution status message of auto key rotation.
- last
Rotation stringStatus - (Updatable) The status of last execution of auto key rotation.
- rotation
Interval numberIn Days - (Updatable) The interval of auto key rotation. For auto key rotation the interval should between 60 day and 365 days (1 year). Note: User must specify this parameter when creating a new schedule.
- time
Of stringLast Rotation - (Updatable) A property indicating Last rotation Date. Example:
2023-04-04T00:00:00Z
. - time
Of stringNext Rotation - (Updatable) A property indicating Next estimated scheduled Time, as per the interval, expressed as date YYYY-MM-DD String. Example:
2023-04-04T00:00:00Z
. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z. - time
Of stringSchedule Start - (Updatable) A property indicating scheduled start date expressed as date YYYY-MM-DD String. Example: `2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z . Note : Today’s date will be used if not specified by customer.
- last_
rotation_ strmessage - (Updatable) The last execution status message of auto key rotation.
- last_
rotation_ strstatus - (Updatable) The status of last execution of auto key rotation.
- rotation_
interval_ intin_ days - (Updatable) The interval of auto key rotation. For auto key rotation the interval should between 60 day and 365 days (1 year). Note: User must specify this parameter when creating a new schedule.
- time_
of_ strlast_ rotation - (Updatable) A property indicating Last rotation Date. Example:
2023-04-04T00:00:00Z
. - time_
of_ strnext_ rotation - (Updatable) A property indicating Next estimated scheduled Time, as per the interval, expressed as date YYYY-MM-DD String. Example:
2023-04-04T00:00:00Z
. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z. - time_
of_ strschedule_ start - (Updatable) A property indicating scheduled start date expressed as date YYYY-MM-DD String. Example: `2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z . Note : Today’s date will be used if not specified by customer.
- last
Rotation StringMessage - (Updatable) The last execution status message of auto key rotation.
- last
Rotation StringStatus - (Updatable) The status of last execution of auto key rotation.
- rotation
Interval NumberIn Days - (Updatable) The interval of auto key rotation. For auto key rotation the interval should between 60 day and 365 days (1 year). Note: User must specify this parameter when creating a new schedule.
- time
Of StringLast Rotation - (Updatable) A property indicating Last rotation Date. Example:
2023-04-04T00:00:00Z
. - time
Of StringNext Rotation - (Updatable) A property indicating Next estimated scheduled Time, as per the interval, expressed as date YYYY-MM-DD String. Example:
2023-04-04T00:00:00Z
. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z. - time
Of StringSchedule Start - (Updatable) A property indicating scheduled start date expressed as date YYYY-MM-DD String. Example: `2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z . Note : Today’s date will be used if not specified by customer.
KeyExternalKeyReference, KeyExternalKeyReferenceArgs
- External
Key stringId - ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM
- External
Key stringId - ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM
- external
Key StringId - ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM
- external
Key stringId - ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM
- external_
key_ strid - ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM
- external
Key StringId - ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM
KeyExternalKeyReferenceDetail, KeyExternalKeyReferenceDetailArgs
- External
Key stringId - ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM.
- External
Key stringVersion Id - Key version ID associated with the external key.
- External
Key stringId - ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM.
- External
Key stringVersion Id - Key version ID associated with the external key.
- external
Key StringId - ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM.
- external
Key StringVersion Id - Key version ID associated with the external key.
- external
Key stringId - ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM.
- external
Key stringVersion Id - Key version ID associated with the external key.
- external_
key_ strid - ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM.
- external_
key_ strversion_ id - Key version ID associated with the external key.
- external
Key StringId - ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM.
- external
Key StringVersion Id - Key version ID associated with the external key.
KeyKeyShape, KeyKeyShapeArgs
- Algorithm string
- The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for
External
keys. - Length int
- The length of the key in bytes, expressed as an integer. Supported values include the following:
- AES: 16, 24, or 32
- RSA: 256, 384, or 512
- ECDSA: 32, 48, or 66
- Curve
Id string - Supported curve IDs for ECDSA keys.
- Algorithm string
- The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for
External
keys. - Length int
- The length of the key in bytes, expressed as an integer. Supported values include the following:
- AES: 16, 24, or 32
- RSA: 256, 384, or 512
- ECDSA: 32, 48, or 66
- Curve
Id string - Supported curve IDs for ECDSA keys.
- algorithm String
- The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for
External
keys. - length Integer
- The length of the key in bytes, expressed as an integer. Supported values include the following:
- AES: 16, 24, or 32
- RSA: 256, 384, or 512
- ECDSA: 32, 48, or 66
- curve
Id String - Supported curve IDs for ECDSA keys.
- algorithm string
- The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for
External
keys. - length number
- The length of the key in bytes, expressed as an integer. Supported values include the following:
- AES: 16, 24, or 32
- RSA: 256, 384, or 512
- ECDSA: 32, 48, or 66
- curve
Id string - Supported curve IDs for ECDSA keys.
- algorithm str
- The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for
External
keys. - length int
- The length of the key in bytes, expressed as an integer. Supported values include the following:
- AES: 16, 24, or 32
- RSA: 256, 384, or 512
- ECDSA: 32, 48, or 66
- curve_
id str - Supported curve IDs for ECDSA keys.
- algorithm String
- The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for
External
keys. - length Number
- The length of the key in bytes, expressed as an integer. Supported values include the following:
- AES: 16, 24, or 32
- RSA: 256, 384, or 512
- ECDSA: 32, 48, or 66
- curve
Id String - Supported curve IDs for ECDSA keys.
KeyReplicaDetail, KeyReplicaDetailArgs
- Replication
Id string - ReplicationId associated with a key operation
- Replication
Id string - ReplicationId associated with a key operation
- replication
Id String - ReplicationId associated with a key operation
- replication
Id string - ReplicationId associated with a key operation
- replication_
id str - ReplicationId associated with a key operation
- replication
Id String - ReplicationId associated with a key operation
KeyRestoreFromFile, KeyRestoreFromFileArgs
- Content
Length string - (Updatable) content length of key's backup binary file
- Restore
Key stringFrom File Details - Key backup file content.
- Content
Md5 string - (Updatable) content md5 hashed value of key's backup file
- Content
Length string - (Updatable) content length of key's backup binary file
- Restore
Key stringFrom File Details - Key backup file content.
- Content
Md5 string - (Updatable) content md5 hashed value of key's backup file
- content
Length String - (Updatable) content length of key's backup binary file
- restore
Key StringFrom File Details - Key backup file content.
- content
Md5 String - (Updatable) content md5 hashed value of key's backup file
- content
Length string - (Updatable) content length of key's backup binary file
- restore
Key stringFrom File Details - Key backup file content.
- content
Md5 string - (Updatable) content md5 hashed value of key's backup file
- content_
length str - (Updatable) content length of key's backup binary file
- restore_
key_ strfrom_ file_ details - Key backup file content.
- content_
md5 str - (Updatable) content md5 hashed value of key's backup file
- content
Length String - (Updatable) content length of key's backup binary file
- restore
Key StringFrom File Details - Key backup file content.
- content
Md5 String - (Updatable) content md5 hashed value of key's backup file
KeyRestoreFromObjectStore, KeyRestoreFromObjectStoreArgs
- Destination string
- (Updatable) Type of backup to restore from. Values of "BUCKET", "PRE_AUTHENTICATED_REQUEST_URI" are supported
- Bucket string
- (Updatable) Name of the bucket where key was backed up
- Namespace string
- (Updatable) Namespace of the bucket where key was backed up
- Object string
- (Updatable) Object containing the backup
- Uri string
- (Updatable) Pre-authenticated-request-uri of the backup
- Destination string
- (Updatable) Type of backup to restore from. Values of "BUCKET", "PRE_AUTHENTICATED_REQUEST_URI" are supported
- Bucket string
- (Updatable) Name of the bucket where key was backed up
- Namespace string
- (Updatable) Namespace of the bucket where key was backed up
- Object string
- (Updatable) Object containing the backup
- Uri string
- (Updatable) Pre-authenticated-request-uri of the backup
- destination String
- (Updatable) Type of backup to restore from. Values of "BUCKET", "PRE_AUTHENTICATED_REQUEST_URI" are supported
- bucket String
- (Updatable) Name of the bucket where key was backed up
- namespace String
- (Updatable) Namespace of the bucket where key was backed up
- object String
- (Updatable) Object containing the backup
- uri String
- (Updatable) Pre-authenticated-request-uri of the backup
- destination string
- (Updatable) Type of backup to restore from. Values of "BUCKET", "PRE_AUTHENTICATED_REQUEST_URI" are supported
- bucket string
- (Updatable) Name of the bucket where key was backed up
- namespace string
- (Updatable) Namespace of the bucket where key was backed up
- object string
- (Updatable) Object containing the backup
- uri string
- (Updatable) Pre-authenticated-request-uri of the backup
- destination str
- (Updatable) Type of backup to restore from. Values of "BUCKET", "PRE_AUTHENTICATED_REQUEST_URI" are supported
- bucket str
- (Updatable) Name of the bucket where key was backed up
- namespace str
- (Updatable) Namespace of the bucket where key was backed up
- object str
- (Updatable) Object containing the backup
- uri str
- (Updatable) Pre-authenticated-request-uri of the backup
- destination String
- (Updatable) Type of backup to restore from. Values of "BUCKET", "PRE_AUTHENTICATED_REQUEST_URI" are supported
- bucket String
- (Updatable) Name of the bucket where key was backed up
- namespace String
- (Updatable) Namespace of the bucket where key was backed up
- object String
- (Updatable) Object containing the backup
- uri String
- (Updatable) Pre-authenticated-request-uri of the backup
Import
Keys can be imported using the id
, e.g.
$ pulumi import oci:Kms/key:Key test_key "managementEndpoint/{managementEndpoint}/keys/{keyId}"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- oci pulumi/pulumi-oci
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
oci
Terraform Provider.