oci.Kms.Sign
Explore with Pulumi AI
This resource provides the Sign resource in Oracle Cloud Infrastructure Kms service.
Creates a digital signature for a message or message digest by using the private key of a public-private key pair,
also known as an asymmetric key. To verify the generated signature, you can use the Verify
operation. Or, if you want to validate the signature outside of the service, you can do so by using the public key of the same asymmetric key.
This operation is not supported for keys having protection mode EXTERNAL
.
Example Usage
Coming soon!
Coming soon!
Coming soon!
Coming soon!
Coming soon!
resources:
testSign:
type: oci:Kms:Sign
name: test_sign
properties:
cryptoEndpoint: ${signMessageCryptoEndpoint}
keyId: ${testKey.id}
message: ${signMessage}
signingAlgorithm: ${signSigningAlgorithm}
keyVersionId: ${testKeyVersion.id}
loggingContext: ${signLoggingContext}
messageType: ${signMessageType}
Create Sign Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Sign(name: string, args: SignArgs, opts?: CustomResourceOptions);
@overload
def Sign(resource_name: str,
args: SignArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Sign(resource_name: str,
opts: Optional[ResourceOptions] = None,
crypto_endpoint: Optional[str] = None,
key_id: Optional[str] = None,
message: Optional[str] = None,
signing_algorithm: Optional[str] = None,
key_version_id: Optional[str] = None,
message_type: Optional[str] = None)
func NewSign(ctx *Context, name string, args SignArgs, opts ...ResourceOption) (*Sign, error)
public Sign(string name, SignArgs args, CustomResourceOptions? opts = null)
type: oci:Kms:Sign
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SignArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SignArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SignArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SignArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SignArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var signResource = new Oci.Kms.Sign("signResource", new()
{
CryptoEndpoint = "string",
KeyId = "string",
Message = "string",
SigningAlgorithm = "string",
KeyVersionId = "string",
MessageType = "string",
});
example, err := Kms.NewSign(ctx, "signResource", &Kms.SignArgs{
CryptoEndpoint: pulumi.String("string"),
KeyId: pulumi.String("string"),
Message: pulumi.String("string"),
SigningAlgorithm: pulumi.String("string"),
KeyVersionId: pulumi.String("string"),
MessageType: pulumi.String("string"),
})
var signResource = new Sign("signResource", SignArgs.builder()
.cryptoEndpoint("string")
.keyId("string")
.message("string")
.signingAlgorithm("string")
.keyVersionId("string")
.messageType("string")
.build());
sign_resource = oci.kms.Sign("signResource",
crypto_endpoint="string",
key_id="string",
message="string",
signing_algorithm="string",
key_version_id="string",
message_type="string")
const signResource = new oci.kms.Sign("signResource", {
cryptoEndpoint: "string",
keyId: "string",
message: "string",
signingAlgorithm: "string",
keyVersionId: "string",
messageType: "string",
});
type: oci:Kms:Sign
properties:
cryptoEndpoint: string
keyId: string
keyVersionId: string
message: string
messageType: string
signingAlgorithm: string
Sign Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Sign resource accepts the following input properties:
- Crypto
Endpoint string - The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,', 'GenerateDataEncryptionKey', 'Sign' and 'Verify' operations. see Vault Crypto endpoint.
- Key
Id string - The OCID of the key used to sign the message.
- Message string
- The base64-encoded binary data object denoting the message or message digest to sign. You can have a message up to 4096 bytes in size. To sign a larger message, provide the message digest.
- Signing
Algorithm string The algorithm to use to sign the message or message digest. For RSA keys, supported signature schemes include PKCS #1 and RSASSA-PSS, along with different hashing algorithms. For ECDSA keys, ECDSA is the supported signature scheme with different hashing algorithms. When you pass a message digest for signing, ensure that you specify the same hashing algorithm as used when creating the message digest.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Key
Version stringId - The OCID of the key version used to sign the message.
- Message
Type string - Denotes whether the value of the message parameter is a raw message or a message digest. The default value,
RAW
, indicates a message. To indicate a message digest, useDIGEST
.
- Crypto
Endpoint string - The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,', 'GenerateDataEncryptionKey', 'Sign' and 'Verify' operations. see Vault Crypto endpoint.
- Key
Id string - The OCID of the key used to sign the message.
- Message string
- The base64-encoded binary data object denoting the message or message digest to sign. You can have a message up to 4096 bytes in size. To sign a larger message, provide the message digest.
- Signing
Algorithm string The algorithm to use to sign the message or message digest. For RSA keys, supported signature schemes include PKCS #1 and RSASSA-PSS, along with different hashing algorithms. For ECDSA keys, ECDSA is the supported signature scheme with different hashing algorithms. When you pass a message digest for signing, ensure that you specify the same hashing algorithm as used when creating the message digest.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Key
Version stringId - The OCID of the key version used to sign the message.
- Message
Type string - Denotes whether the value of the message parameter is a raw message or a message digest. The default value,
RAW
, indicates a message. To indicate a message digest, useDIGEST
.
- crypto
Endpoint String - The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,', 'GenerateDataEncryptionKey', 'Sign' and 'Verify' operations. see Vault Crypto endpoint.
- key
Id String - The OCID of the key used to sign the message.
- message String
- The base64-encoded binary data object denoting the message or message digest to sign. You can have a message up to 4096 bytes in size. To sign a larger message, provide the message digest.
- signing
Algorithm String The algorithm to use to sign the message or message digest. For RSA keys, supported signature schemes include PKCS #1 and RSASSA-PSS, along with different hashing algorithms. For ECDSA keys, ECDSA is the supported signature scheme with different hashing algorithms. When you pass a message digest for signing, ensure that you specify the same hashing algorithm as used when creating the message digest.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- key
Version StringId - The OCID of the key version used to sign the message.
- message
Type String - Denotes whether the value of the message parameter is a raw message or a message digest. The default value,
RAW
, indicates a message. To indicate a message digest, useDIGEST
.
- crypto
Endpoint string - The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,', 'GenerateDataEncryptionKey', 'Sign' and 'Verify' operations. see Vault Crypto endpoint.
- key
Id string - The OCID of the key used to sign the message.
- message string
- The base64-encoded binary data object denoting the message or message digest to sign. You can have a message up to 4096 bytes in size. To sign a larger message, provide the message digest.
- signing
Algorithm string The algorithm to use to sign the message or message digest. For RSA keys, supported signature schemes include PKCS #1 and RSASSA-PSS, along with different hashing algorithms. For ECDSA keys, ECDSA is the supported signature scheme with different hashing algorithms. When you pass a message digest for signing, ensure that you specify the same hashing algorithm as used when creating the message digest.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- key
Version stringId - The OCID of the key version used to sign the message.
- message
Type string - Denotes whether the value of the message parameter is a raw message or a message digest. The default value,
RAW
, indicates a message. To indicate a message digest, useDIGEST
.
- crypto_
endpoint str - The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,', 'GenerateDataEncryptionKey', 'Sign' and 'Verify' operations. see Vault Crypto endpoint.
- key_
id str - The OCID of the key used to sign the message.
- message str
- The base64-encoded binary data object denoting the message or message digest to sign. You can have a message up to 4096 bytes in size. To sign a larger message, provide the message digest.
- signing_
algorithm str The algorithm to use to sign the message or message digest. For RSA keys, supported signature schemes include PKCS #1 and RSASSA-PSS, along with different hashing algorithms. For ECDSA keys, ECDSA is the supported signature scheme with different hashing algorithms. When you pass a message digest for signing, ensure that you specify the same hashing algorithm as used when creating the message digest.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- key_
version_ strid - The OCID of the key version used to sign the message.
- message_
type str - Denotes whether the value of the message parameter is a raw message or a message digest. The default value,
RAW
, indicates a message. To indicate a message digest, useDIGEST
.
- crypto
Endpoint String - The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,', 'GenerateDataEncryptionKey', 'Sign' and 'Verify' operations. see Vault Crypto endpoint.
- key
Id String - The OCID of the key used to sign the message.
- message String
- The base64-encoded binary data object denoting the message or message digest to sign. You can have a message up to 4096 bytes in size. To sign a larger message, provide the message digest.
- signing
Algorithm String The algorithm to use to sign the message or message digest. For RSA keys, supported signature schemes include PKCS #1 and RSASSA-PSS, along with different hashing algorithms. For ECDSA keys, ECDSA is the supported signature scheme with different hashing algorithms. When you pass a message digest for signing, ensure that you specify the same hashing algorithm as used when creating the message digest.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- key
Version StringId - The OCID of the key version used to sign the message.
- message
Type String - Denotes whether the value of the message parameter is a raw message or a message digest. The default value,
RAW
, indicates a message. To indicate a message digest, useDIGEST
.
Outputs
All input properties are implicitly available as output properties. Additionally, the Sign resource produces the following output properties:
Look up Existing Sign Resource
Get an existing Sign resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SignState, opts?: CustomResourceOptions): Sign
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
crypto_endpoint: Optional[str] = None,
key_id: Optional[str] = None,
key_version_id: Optional[str] = None,
message: Optional[str] = None,
message_type: Optional[str] = None,
signature: Optional[str] = None,
signing_algorithm: Optional[str] = None) -> Sign
func GetSign(ctx *Context, name string, id IDInput, state *SignState, opts ...ResourceOption) (*Sign, error)
public static Sign Get(string name, Input<string> id, SignState? state, CustomResourceOptions? opts = null)
public static Sign get(String name, Output<String> id, SignState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Crypto
Endpoint string - The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,', 'GenerateDataEncryptionKey', 'Sign' and 'Verify' operations. see Vault Crypto endpoint.
- Key
Id string - The OCID of the key used to sign the message.
- Key
Version stringId - The OCID of the key version used to sign the message.
- Message string
- The base64-encoded binary data object denoting the message or message digest to sign. You can have a message up to 4096 bytes in size. To sign a larger message, provide the message digest.
- Message
Type string - Denotes whether the value of the message parameter is a raw message or a message digest. The default value,
RAW
, indicates a message. To indicate a message digest, useDIGEST
. - Signature string
- The base64-encoded binary data object denoting the cryptographic signature generated for the message or message digest.
- Signing
Algorithm string The algorithm to use to sign the message or message digest. For RSA keys, supported signature schemes include PKCS #1 and RSASSA-PSS, along with different hashing algorithms. For ECDSA keys, ECDSA is the supported signature scheme with different hashing algorithms. When you pass a message digest for signing, ensure that you specify the same hashing algorithm as used when creating the message digest.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- Crypto
Endpoint string - The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,', 'GenerateDataEncryptionKey', 'Sign' and 'Verify' operations. see Vault Crypto endpoint.
- Key
Id string - The OCID of the key used to sign the message.
- Key
Version stringId - The OCID of the key version used to sign the message.
- Message string
- The base64-encoded binary data object denoting the message or message digest to sign. You can have a message up to 4096 bytes in size. To sign a larger message, provide the message digest.
- Message
Type string - Denotes whether the value of the message parameter is a raw message or a message digest. The default value,
RAW
, indicates a message. To indicate a message digest, useDIGEST
. - Signature string
- The base64-encoded binary data object denoting the cryptographic signature generated for the message or message digest.
- Signing
Algorithm string The algorithm to use to sign the message or message digest. For RSA keys, supported signature schemes include PKCS #1 and RSASSA-PSS, along with different hashing algorithms. For ECDSA keys, ECDSA is the supported signature scheme with different hashing algorithms. When you pass a message digest for signing, ensure that you specify the same hashing algorithm as used when creating the message digest.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- crypto
Endpoint String - The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,', 'GenerateDataEncryptionKey', 'Sign' and 'Verify' operations. see Vault Crypto endpoint.
- key
Id String - The OCID of the key used to sign the message.
- key
Version StringId - The OCID of the key version used to sign the message.
- message String
- The base64-encoded binary data object denoting the message or message digest to sign. You can have a message up to 4096 bytes in size. To sign a larger message, provide the message digest.
- message
Type String - Denotes whether the value of the message parameter is a raw message or a message digest. The default value,
RAW
, indicates a message. To indicate a message digest, useDIGEST
. - signature String
- The base64-encoded binary data object denoting the cryptographic signature generated for the message or message digest.
- signing
Algorithm String The algorithm to use to sign the message or message digest. For RSA keys, supported signature schemes include PKCS #1 and RSASSA-PSS, along with different hashing algorithms. For ECDSA keys, ECDSA is the supported signature scheme with different hashing algorithms. When you pass a message digest for signing, ensure that you specify the same hashing algorithm as used when creating the message digest.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- crypto
Endpoint string - The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,', 'GenerateDataEncryptionKey', 'Sign' and 'Verify' operations. see Vault Crypto endpoint.
- key
Id string - The OCID of the key used to sign the message.
- key
Version stringId - The OCID of the key version used to sign the message.
- message string
- The base64-encoded binary data object denoting the message or message digest to sign. You can have a message up to 4096 bytes in size. To sign a larger message, provide the message digest.
- message
Type string - Denotes whether the value of the message parameter is a raw message or a message digest. The default value,
RAW
, indicates a message. To indicate a message digest, useDIGEST
. - signature string
- The base64-encoded binary data object denoting the cryptographic signature generated for the message or message digest.
- signing
Algorithm string The algorithm to use to sign the message or message digest. For RSA keys, supported signature schemes include PKCS #1 and RSASSA-PSS, along with different hashing algorithms. For ECDSA keys, ECDSA is the supported signature scheme with different hashing algorithms. When you pass a message digest for signing, ensure that you specify the same hashing algorithm as used when creating the message digest.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- crypto_
endpoint str - The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,', 'GenerateDataEncryptionKey', 'Sign' and 'Verify' operations. see Vault Crypto endpoint.
- key_
id str - The OCID of the key used to sign the message.
- key_
version_ strid - The OCID of the key version used to sign the message.
- message str
- The base64-encoded binary data object denoting the message or message digest to sign. You can have a message up to 4096 bytes in size. To sign a larger message, provide the message digest.
- message_
type str - Denotes whether the value of the message parameter is a raw message or a message digest. The default value,
RAW
, indicates a message. To indicate a message digest, useDIGEST
. - signature str
- The base64-encoded binary data object denoting the cryptographic signature generated for the message or message digest.
- signing_
algorithm str The algorithm to use to sign the message or message digest. For RSA keys, supported signature schemes include PKCS #1 and RSASSA-PSS, along with different hashing algorithms. For ECDSA keys, ECDSA is the supported signature scheme with different hashing algorithms. When you pass a message digest for signing, ensure that you specify the same hashing algorithm as used when creating the message digest.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
- crypto
Endpoint String - The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,', 'GenerateDataEncryptionKey', 'Sign' and 'Verify' operations. see Vault Crypto endpoint.
- key
Id String - The OCID of the key used to sign the message.
- key
Version StringId - The OCID of the key version used to sign the message.
- message String
- The base64-encoded binary data object denoting the message or message digest to sign. You can have a message up to 4096 bytes in size. To sign a larger message, provide the message digest.
- message
Type String - Denotes whether the value of the message parameter is a raw message or a message digest. The default value,
RAW
, indicates a message. To indicate a message digest, useDIGEST
. - signature String
- The base64-encoded binary data object denoting the cryptographic signature generated for the message or message digest.
- signing
Algorithm String The algorithm to use to sign the message or message digest. For RSA keys, supported signature schemes include PKCS #1 and RSASSA-PSS, along with different hashing algorithms. For ECDSA keys, ECDSA is the supported signature scheme with different hashing algorithms. When you pass a message digest for signing, ensure that you specify the same hashing algorithm as used when creating the message digest.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
Import
Sign can be imported using the id
, e.g.
$ pulumi import oci:Kms/sign:Sign test_sign "id"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- oci pulumi/pulumi-oci
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
oci
Terraform Provider.