SecretBackendKey

Creates an Encryption Keyring on a Transit Secret Backend for Vault.

Example Usage

using Pulumi;
using Vault = Pulumi.Vault;

class MyStack : Stack
{
    public MyStack()
    {
        var transit = new Vault.Mount("transit", new Vault.MountArgs
        {
            Path = "transit",
            Type = "transit",
            Description = "Example description",
            DefaultLeaseTtlSeconds = 3600,
            MaxLeaseTtlSeconds = 86400,
        });
        var key = new Vault.Transit.SecretBackendKey("key", new Vault.Transit.SecretBackendKeyArgs
        {
            Backend = transit.Path,
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-vault/sdk/v4/go/vault"
	"github.com/pulumi/pulumi-vault/sdk/v4/go/vault/transit"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		transit, err := vault.NewMount(ctx, "transit", &vault.MountArgs{
			Path:                   pulumi.String("transit"),
			Type:                   pulumi.String("transit"),
			Description:            pulumi.String("Example description"),
			DefaultLeaseTtlSeconds: pulumi.Int(3600),
			MaxLeaseTtlSeconds:     pulumi.Int(86400),
		})
		if err != nil {
			return err
		}
		_, err = transit.NewSecretBackendKey(ctx, "key", &transit.SecretBackendKeyArgs{
			Backend: transit.Path,
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_vault as vault

transit = vault.Mount("transit",
    path="transit",
    type="transit",
    description="Example description",
    default_lease_ttl_seconds=3600,
    max_lease_ttl_seconds=86400)
key = vault.transit.SecretBackendKey("key", backend=transit.path)
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const transit = new vault.Mount("transit", {
    path: "transit",
    type: "transit",
    description: "Example description",
    defaultLeaseTtlSeconds: 3600,
    maxLeaseTtlSeconds: 86400,
});
const key = new vault.transit.SecretBackendKey("key", {backend: transit.path});

Create a SecretBackendKey Resource

new SecretBackendKey(name: string, args: SecretBackendKeyArgs, opts?: CustomResourceOptions);
@overload
def SecretBackendKey(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     allow_plaintext_backup: Optional[bool] = None,
                     backend: Optional[str] = None,
                     convergent_encryption: Optional[bool] = None,
                     deletion_allowed: Optional[bool] = None,
                     derived: Optional[bool] = None,
                     exportable: Optional[bool] = None,
                     min_decryption_version: Optional[int] = None,
                     min_encryption_version: Optional[int] = None,
                     name: Optional[str] = None,
                     type: Optional[str] = None)
@overload
def SecretBackendKey(resource_name: str,
                     args: SecretBackendKeyArgs,
                     opts: Optional[ResourceOptions] = None)
func NewSecretBackendKey(ctx *Context, name string, args SecretBackendKeyArgs, opts ...ResourceOption) (*SecretBackendKey, error)
public SecretBackendKey(string name, SecretBackendKeyArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args SecretBackendKeyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args SecretBackendKeyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args SecretBackendKeyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args SecretBackendKeyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

SecretBackendKey Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The SecretBackendKey resource accepts the following input properties:

Backend string
The path the transit secret backend is mounted at, with no leading or trailing /s.
AllowPlaintextBackup bool

Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.

  • Refer to Vault API documentation on key backups for more information: Backup Key
ConvergentEncryption bool
Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires derived to be set to true.
DeletionAllowed bool
Specifies if the key is allowed to be deleted.
Derived bool
Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
Exportable bool
Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
MinDecryptionVersion int
Minimum key version to use for decryption.
MinEncryptionVersion int
Minimum key version to use for encryption
Name string
The name to identify this key within the backend. Must be unique within the backend.
Type string

Specifies the type of key to create. The currently-supported types are: aes128-gcm96, aes256-gcm96 (default), chacha20-poly1305, ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, rsa-2048, rsa-3072 and rsa-4096.

  • Refer to the Vault documentation on transit key types for more information: Key Types
Backend string
The path the transit secret backend is mounted at, with no leading or trailing /s.
AllowPlaintextBackup bool

Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.

  • Refer to Vault API documentation on key backups for more information: Backup Key
ConvergentEncryption bool
Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires derived to be set to true.
DeletionAllowed bool
Specifies if the key is allowed to be deleted.
Derived bool
Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
Exportable bool
Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
MinDecryptionVersion int
Minimum key version to use for decryption.
MinEncryptionVersion int
Minimum key version to use for encryption
Name string
The name to identify this key within the backend. Must be unique within the backend.
Type string

Specifies the type of key to create. The currently-supported types are: aes128-gcm96, aes256-gcm96 (default), chacha20-poly1305, ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, rsa-2048, rsa-3072 and rsa-4096.

  • Refer to the Vault documentation on transit key types for more information: Key Types
backend string
The path the transit secret backend is mounted at, with no leading or trailing /s.
allowPlaintextBackup boolean

Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.

  • Refer to Vault API documentation on key backups for more information: Backup Key
convergentEncryption boolean
Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires derived to be set to true.
deletionAllowed boolean
Specifies if the key is allowed to be deleted.
derived boolean
Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
exportable boolean
Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
minDecryptionVersion number
Minimum key version to use for decryption.
minEncryptionVersion number
Minimum key version to use for encryption
name string
The name to identify this key within the backend. Must be unique within the backend.
type string

Specifies the type of key to create. The currently-supported types are: aes128-gcm96, aes256-gcm96 (default), chacha20-poly1305, ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, rsa-2048, rsa-3072 and rsa-4096.

  • Refer to the Vault documentation on transit key types for more information: Key Types
backend str
The path the transit secret backend is mounted at, with no leading or trailing /s.
allow_plaintext_backup bool

Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.

  • Refer to Vault API documentation on key backups for more information: Backup Key
convergent_encryption bool
Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires derived to be set to true.
deletion_allowed bool
Specifies if the key is allowed to be deleted.
derived bool
Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
exportable bool
Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
min_decryption_version int
Minimum key version to use for decryption.
min_encryption_version int
Minimum key version to use for encryption
name str
The name to identify this key within the backend. Must be unique within the backend.
type str

Specifies the type of key to create. The currently-supported types are: aes128-gcm96, aes256-gcm96 (default), chacha20-poly1305, ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, rsa-2048, rsa-3072 and rsa-4096.

  • Refer to the Vault documentation on transit key types for more information: Key Types

Outputs

All input properties are implicitly available as output properties. Additionally, the SecretBackendKey resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Keys List<ImmutableDictionary<string, object>>

List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the type of the encryption key.

  • for key types aes128-gcm96, aes256-gcm96 and chacha20-poly1305, each key version will be a map of a single value id which is just a hash of the key’s metadata.
  • for key types ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, rsa-2048, rsa-3072 and rsa-4096, each key version will be a map of the following:
LatestVersion int
Latest key version available. This value is 1-indexed, so if latest_version is 1, then the key’s information can be referenced from keys by selecting element 0
MinAvailableVersion int
Minimum key version available for use. If keys have been archived by increasing min_decryption_version, this attribute will reflect that change.
SupportsDecryption bool
Whether or not the key supports decryption, based on key type.
SupportsDerivation bool
Whether or not the key supports derivation, based on key type.
SupportsEncryption bool
Whether or not the key supports encryption, based on key type.
SupportsSigning bool
Whether or not the key supports signing, based on key type.
Id string
The provider-assigned unique ID for this managed resource.
Keys []map[string]interface{}

List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the type of the encryption key.

  • for key types aes128-gcm96, aes256-gcm96 and chacha20-poly1305, each key version will be a map of a single value id which is just a hash of the key’s metadata.
  • for key types ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, rsa-2048, rsa-3072 and rsa-4096, each key version will be a map of the following:
LatestVersion int
Latest key version available. This value is 1-indexed, so if latest_version is 1, then the key’s information can be referenced from keys by selecting element 0
MinAvailableVersion int
Minimum key version available for use. If keys have been archived by increasing min_decryption_version, this attribute will reflect that change.
SupportsDecryption bool
Whether or not the key supports decryption, based on key type.
SupportsDerivation bool
Whether or not the key supports derivation, based on key type.
SupportsEncryption bool
Whether or not the key supports encryption, based on key type.
SupportsSigning bool
Whether or not the key supports signing, based on key type.
id string
The provider-assigned unique ID for this managed resource.
keys {[key: string]: any}[]

List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the type of the encryption key.

  • for key types aes128-gcm96, aes256-gcm96 and chacha20-poly1305, each key version will be a map of a single value id which is just a hash of the key’s metadata.
  • for key types ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, rsa-2048, rsa-3072 and rsa-4096, each key version will be a map of the following:
latestVersion number
Latest key version available. This value is 1-indexed, so if latest_version is 1, then the key’s information can be referenced from keys by selecting element 0
minAvailableVersion number
Minimum key version available for use. If keys have been archived by increasing min_decryption_version, this attribute will reflect that change.
supportsDecryption boolean
Whether or not the key supports decryption, based on key type.
supportsDerivation boolean
Whether or not the key supports derivation, based on key type.
supportsEncryption boolean
Whether or not the key supports encryption, based on key type.
supportsSigning boolean
Whether or not the key supports signing, based on key type.
id str
The provider-assigned unique ID for this managed resource.
keys Sequence[Mapping[str, Any]]

List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the type of the encryption key.

  • for key types aes128-gcm96, aes256-gcm96 and chacha20-poly1305, each key version will be a map of a single value id which is just a hash of the key’s metadata.
  • for key types ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, rsa-2048, rsa-3072 and rsa-4096, each key version will be a map of the following:
latest_version int
Latest key version available. This value is 1-indexed, so if latest_version is 1, then the key’s information can be referenced from keys by selecting element 0
min_available_version int
Minimum key version available for use. If keys have been archived by increasing min_decryption_version, this attribute will reflect that change.
supports_decryption bool
Whether or not the key supports decryption, based on key type.
supports_derivation bool
Whether or not the key supports derivation, based on key type.
supports_encryption bool
Whether or not the key supports encryption, based on key type.
supports_signing bool
Whether or not the key supports signing, based on key type.

Look up an Existing SecretBackendKey Resource

Get an existing SecretBackendKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecretBackendKeyState, opts?: CustomResourceOptions): SecretBackendKey
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        allow_plaintext_backup: Optional[bool] = None,
        backend: Optional[str] = None,
        convergent_encryption: Optional[bool] = None,
        deletion_allowed: Optional[bool] = None,
        derived: Optional[bool] = None,
        exportable: Optional[bool] = None,
        keys: Optional[Sequence[Mapping[str, Any]]] = None,
        latest_version: Optional[int] = None,
        min_available_version: Optional[int] = None,
        min_decryption_version: Optional[int] = None,
        min_encryption_version: Optional[int] = None,
        name: Optional[str] = None,
        supports_decryption: Optional[bool] = None,
        supports_derivation: Optional[bool] = None,
        supports_encryption: Optional[bool] = None,
        supports_signing: Optional[bool] = None,
        type: Optional[str] = None) -> SecretBackendKey
func GetSecretBackendKey(ctx *Context, name string, id IDInput, state *SecretBackendKeyState, opts ...ResourceOption) (*SecretBackendKey, error)
public static SecretBackendKey Get(string name, Input<string> id, SecretBackendKeyState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

AllowPlaintextBackup bool

Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.

  • Refer to Vault API documentation on key backups for more information: Backup Key
Backend string
The path the transit secret backend is mounted at, with no leading or trailing /s.
ConvergentEncryption bool
Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires derived to be set to true.
DeletionAllowed bool
Specifies if the key is allowed to be deleted.
Derived bool
Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
Exportable bool
Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
Keys List<ImmutableDictionary<string, object>>

List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the type of the encryption key.

  • for key types aes128-gcm96, aes256-gcm96 and chacha20-poly1305, each key version will be a map of a single value id which is just a hash of the key’s metadata.
  • for key types ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, rsa-2048, rsa-3072 and rsa-4096, each key version will be a map of the following:
LatestVersion int
Latest key version available. This value is 1-indexed, so if latest_version is 1, then the key’s information can be referenced from keys by selecting element 0
MinAvailableVersion int
Minimum key version available for use. If keys have been archived by increasing min_decryption_version, this attribute will reflect that change.
MinDecryptionVersion int
Minimum key version to use for decryption.
MinEncryptionVersion int
Minimum key version to use for encryption
Name string
The name to identify this key within the backend. Must be unique within the backend.
SupportsDecryption bool
Whether or not the key supports decryption, based on key type.
SupportsDerivation bool
Whether or not the key supports derivation, based on key type.
SupportsEncryption bool
Whether or not the key supports encryption, based on key type.
SupportsSigning bool
Whether or not the key supports signing, based on key type.
Type string

Specifies the type of key to create. The currently-supported types are: aes128-gcm96, aes256-gcm96 (default), chacha20-poly1305, ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, rsa-2048, rsa-3072 and rsa-4096.

  • Refer to the Vault documentation on transit key types for more information: Key Types
AllowPlaintextBackup bool

Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.

  • Refer to Vault API documentation on key backups for more information: Backup Key
Backend string
The path the transit secret backend is mounted at, with no leading or trailing /s.
ConvergentEncryption bool
Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires derived to be set to true.
DeletionAllowed bool
Specifies if the key is allowed to be deleted.
Derived bool
Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
Exportable bool
Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
Keys []map[string]interface{}

List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the type of the encryption key.

  • for key types aes128-gcm96, aes256-gcm96 and chacha20-poly1305, each key version will be a map of a single value id which is just a hash of the key’s metadata.
  • for key types ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, rsa-2048, rsa-3072 and rsa-4096, each key version will be a map of the following:
LatestVersion int
Latest key version available. This value is 1-indexed, so if latest_version is 1, then the key’s information can be referenced from keys by selecting element 0
MinAvailableVersion int
Minimum key version available for use. If keys have been archived by increasing min_decryption_version, this attribute will reflect that change.
MinDecryptionVersion int
Minimum key version to use for decryption.
MinEncryptionVersion int
Minimum key version to use for encryption
Name string
The name to identify this key within the backend. Must be unique within the backend.
SupportsDecryption bool
Whether or not the key supports decryption, based on key type.
SupportsDerivation bool
Whether or not the key supports derivation, based on key type.
SupportsEncryption bool
Whether or not the key supports encryption, based on key type.
SupportsSigning bool
Whether or not the key supports signing, based on key type.
Type string

Specifies the type of key to create. The currently-supported types are: aes128-gcm96, aes256-gcm96 (default), chacha20-poly1305, ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, rsa-2048, rsa-3072 and rsa-4096.

  • Refer to the Vault documentation on transit key types for more information: Key Types
allowPlaintextBackup boolean

Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.

  • Refer to Vault API documentation on key backups for more information: Backup Key
backend string
The path the transit secret backend is mounted at, with no leading or trailing /s.
convergentEncryption boolean
Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires derived to be set to true.
deletionAllowed boolean
Specifies if the key is allowed to be deleted.
derived boolean
Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
exportable boolean
Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
keys {[key: string]: any}[]

List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the type of the encryption key.

  • for key types aes128-gcm96, aes256-gcm96 and chacha20-poly1305, each key version will be a map of a single value id which is just a hash of the key’s metadata.
  • for key types ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, rsa-2048, rsa-3072 and rsa-4096, each key version will be a map of the following:
latestVersion number
Latest key version available. This value is 1-indexed, so if latest_version is 1, then the key’s information can be referenced from keys by selecting element 0
minAvailableVersion number
Minimum key version available for use. If keys have been archived by increasing min_decryption_version, this attribute will reflect that change.
minDecryptionVersion number
Minimum key version to use for decryption.
minEncryptionVersion number
Minimum key version to use for encryption
name string
The name to identify this key within the backend. Must be unique within the backend.
supportsDecryption boolean
Whether or not the key supports decryption, based on key type.
supportsDerivation boolean
Whether or not the key supports derivation, based on key type.
supportsEncryption boolean
Whether or not the key supports encryption, based on key type.
supportsSigning boolean
Whether or not the key supports signing, based on key type.
type string

Specifies the type of key to create. The currently-supported types are: aes128-gcm96, aes256-gcm96 (default), chacha20-poly1305, ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, rsa-2048, rsa-3072 and rsa-4096.

  • Refer to the Vault documentation on transit key types for more information: Key Types
allow_plaintext_backup bool

Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.

  • Refer to Vault API documentation on key backups for more information: Backup Key
backend str
The path the transit secret backend is mounted at, with no leading or trailing /s.
convergent_encryption bool
Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires derived to be set to true.
deletion_allowed bool
Specifies if the key is allowed to be deleted.
derived bool
Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
exportable bool
Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
keys Sequence[Mapping[str, Any]]

List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the type of the encryption key.

  • for key types aes128-gcm96, aes256-gcm96 and chacha20-poly1305, each key version will be a map of a single value id which is just a hash of the key’s metadata.
  • for key types ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, rsa-2048, rsa-3072 and rsa-4096, each key version will be a map of the following:
latest_version int
Latest key version available. This value is 1-indexed, so if latest_version is 1, then the key’s information can be referenced from keys by selecting element 0
min_available_version int
Minimum key version available for use. If keys have been archived by increasing min_decryption_version, this attribute will reflect that change.
min_decryption_version int
Minimum key version to use for decryption.
min_encryption_version int
Minimum key version to use for encryption
name str
The name to identify this key within the backend. Must be unique within the backend.
supports_decryption bool
Whether or not the key supports decryption, based on key type.
supports_derivation bool
Whether or not the key supports derivation, based on key type.
supports_encryption bool
Whether or not the key supports encryption, based on key type.
supports_signing bool
Whether or not the key supports signing, based on key type.
type str

Specifies the type of key to create. The currently-supported types are: aes128-gcm96, aes256-gcm96 (default), chacha20-poly1305, ed25519, ecdsa-p256, ecdsa-p384, ecdsa-p521, rsa-2048, rsa-3072 and rsa-4096.

  • Refer to the Vault documentation on transit key types for more information: Key Types

Import

Transit secret backend keys can be imported using the path, e.g.

 $ pulumi import vault:transit/secretBackendKey:SecretBackendKey key transit/keys/my_key

Package Details

Repository
https://github.com/pulumi/pulumi-vault
License
Apache-2.0
Notes
This Pulumi package is based on the vault Terraform Provider.