Alibaba Cloud v3.34.0, Mar 17 23

alicloud.kms.Key

A kms key can help user to protect data security in the transmission process. For information about Alikms Key and how to use it, see What is Resource Alikms Key.

NOTE: Available in v1.85.0+.

Example Usage

Basic Usage

using System.Collections.Generic;
using Pulumi;
using AliCloud = Pulumi.AliCloud;

return await Deployment.RunAsync(() => 
{
    var key = new AliCloud.Kms.Key("key", new()
    {
        Description = "Hello KMS",
        PendingWindowInDays = 7,
        Status = "Enabled",
    });

});

package main

import (
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/kms"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKey(ctx, "key", &kms.KeyArgs{
			Description:         pulumi.String("Hello KMS"),
			PendingWindowInDays: pulumi.Int(7),
			Status:              pulumi.String("Enabled"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.kms.Key;
import com.pulumi.alicloud.kms.KeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var key = new Key("key", KeyArgs.builder()        
            .description("Hello KMS")
            .pendingWindowInDays("7")
            .status("Enabled")
            .build());

    }
}

import pulumi
import pulumi_alicloud as alicloud

key = alicloud.kms.Key("key",
    description="Hello KMS",
    pending_window_in_days=7,
    status="Enabled")

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

const key = new alicloud.kms.Key("key", {
    description: "Hello KMS",
    pendingWindowInDays: 7,
    status: "Enabled",
});

resources:
  key:
    type: alicloud:kms:Key
    properties:
      description: Hello KMS
      pendingWindowInDays: '7'
      status: Enabled

Create Key Resource

new Key(name: string, args?: KeyArgs, opts?: CustomResourceOptions);

@overload
def Key(resource_name: str,
        opts: Optional[ResourceOptions] = None,
        automatic_rotation: Optional[str] = None,
        deletion_window_in_days: Optional[int] = None,
        description: Optional[str] = None,
        dkms_instance_id: Optional[str] = None,
        is_enabled: Optional[bool] = None,
        key_spec: Optional[str] = None,
        key_state: Optional[str] = None,
        key_usage: Optional[str] = None,
        origin: Optional[str] = None,
        pending_window_in_days: Optional[int] = None,
        protection_level: Optional[str] = None,
        rotation_interval: Optional[str] = None,
        status: Optional[str] = None)
@overload
def Key(resource_name: str,
        args: Optional[KeyArgs] = None,
        opts: Optional[ResourceOptions] = None)

func NewKey(ctx *Context, name string, args *KeyArgs, opts ...ResourceOption) (*Key, error)

public Key(string name, KeyArgs? args = null, CustomResourceOptions? opts = null)

public Key(String name, KeyArgs args)
public Key(String name, KeyArgs args, CustomResourceOptions options)

type: alicloud:kms:Key
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args KeyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args KeyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args KeyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args KeyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args KeyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Key Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Key resource accepts the following input properties:

AutomaticRotation string

Specifies whether to enable automatic key rotation. Valid values:

Enabled
Disabled (default value) NOTE: If you set the origin parameter to EXTERNAL or the key_spec parameter to an asymmetric CMK type, automatic key rotation is unavailable.

DeletionWindowInDays int

Field deletion_window_in_days has been deprecated from provider version 1.85.0. New field pending_window_in_days instead.

Deprecated:

Field 'deletion_window_in_days' has been deprecated from provider version 1.85.0. New field 'pending_window_in_days' instead.

Description string

The description of the CMK. The description can be 0 to 8,192 characters in length.

DkmsInstanceId string

The instance ID of the exclusive KMS instance.

IsEnabled bool

Field is_enabled has been deprecated from provider version 1.85.0. New field key_state instead.

Deprecated:

Field 'is_enabled' has been deprecated from provider version 1.85.0. New field 'key_state' instead.

KeySpec string

The type of the CMK. Valid values: "Aliyun_AES_256", "Aliyun_AES_128", "Aliyun_AES_192", "Aliyun_SM4", "RSA_2048", "RSA_3072", "EC_P256", "EC_P256K", "EC_SM2". Note: The default type of the CMK is Aliyun_AES_256. Only Dedicated KMS supports Aliyun_AES_128 and Aliyun_AES_192.

KeyStatus string

Field key_state has been deprecated from provider version 1.123.1. New field status instead.

Deprecated:

Field 'key_state' has been deprecated from provider version 1.123.1. New field 'status' instead.

KeyUsage string

The usage of the CMK. Valid values:

ENCRYPT/DECRYPT(default value): encrypts or decrypts data.
SIGN/VERIFY: generates or verifies a digital signature.

Origin string

The source of key material. Valid values:

Aliyun_KMS (default value)
EXTERNAL NOTE: The value of this parameter is case-sensitive. If you set the key_spec to an asymmetric CMK type, you are not allowed to set the origin to EXTERNAL. If you set the origin to EXTERNAL, you must import key material. For more information, see import key material.

PendingWindowInDays int

The number of days before the CMK is deleted. During this period, the CMK is in the PendingDeletion state. After this period ends, you cannot cancel the deletion. Valid values: 7 to 366. Unit: days. NOTE: From version 1.184.0, pending_window_in_days can be set to 366.

ProtectionLevel string

The protection level of the CMK. Valid values:

SOFTWARE (default value)
HSM NOTE: The value of this parameter is case-sensitive. Assume that you set this parameter to HSM. If you set the origin parameter to Aliyun_KMS, the CMK is created in a managed hardware security module (HSM). If you set the origin parameter to EXTERNA, you can import an external key to the managed HSM.

RotationInterval string

The interval for automatic key rotation. Specify the value in the integer[unit] format. The following units are supported: d (day), h (hour), m (minute), and s (second). For example, you can use either 7d or 604800s to specify a seven-day interval. The interval can range from 7 days to 730 days. NOTE: It is Required when automatic_rotation = "Enabled"

Status string

The status of CMK. Valid Values:

Disabled
Enabled (default value)
PendingDeletion

AutomaticRotation string

Specifies whether to enable automatic key rotation. Valid values:

Enabled
Disabled (default value) NOTE: If you set the origin parameter to EXTERNAL or the key_spec parameter to an asymmetric CMK type, automatic key rotation is unavailable.

DeletionWindowInDays int

Field deletion_window_in_days has been deprecated from provider version 1.85.0. New field pending_window_in_days instead.

Deprecated:

Field 'deletion_window_in_days' has been deprecated from provider version 1.85.0. New field 'pending_window_in_days' instead.

Description string

The description of the CMK. The description can be 0 to 8,192 characters in length.

DkmsInstanceId string

The instance ID of the exclusive KMS instance.

IsEnabled bool

Field is_enabled has been deprecated from provider version 1.85.0. New field key_state instead.

Deprecated:

Field 'is_enabled' has been deprecated from provider version 1.85.0. New field 'key_state' instead.

KeySpec string

KeyState string

Field key_state has been deprecated from provider version 1.123.1. New field status instead.

Deprecated:

Field 'key_state' has been deprecated from provider version 1.123.1. New field 'status' instead.

KeyUsage string

The usage of the CMK. Valid values:

ENCRYPT/DECRYPT(default value): encrypts or decrypts data.
SIGN/VERIFY: generates or verifies a digital signature.

Origin string

The source of key material. Valid values:

Aliyun_KMS (default value)
EXTERNAL NOTE: The value of this parameter is case-sensitive. If you set the key_spec to an asymmetric CMK type, you are not allowed to set the origin to EXTERNAL. If you set the origin to EXTERNAL, you must import key material. For more information, see import key material.

PendingWindowInDays int

ProtectionLevel string

The protection level of the CMK. Valid values:

SOFTWARE (default value)
HSM NOTE: The value of this parameter is case-sensitive. Assume that you set this parameter to HSM. If you set the origin parameter to Aliyun_KMS, the CMK is created in a managed hardware security module (HSM). If you set the origin parameter to EXTERNA, you can import an external key to the managed HSM.

RotationInterval string

Status string

The status of CMK. Valid Values:

Disabled
Enabled (default value)
PendingDeletion

automaticRotation String

Specifies whether to enable automatic key rotation. Valid values:

Enabled
Disabled (default value) NOTE: If you set the origin parameter to EXTERNAL or the key_spec parameter to an asymmetric CMK type, automatic key rotation is unavailable.

deletionWindowInDays Integer

Field deletion_window_in_days has been deprecated from provider version 1.85.0. New field pending_window_in_days instead.

Deprecated:

Field 'deletion_window_in_days' has been deprecated from provider version 1.85.0. New field 'pending_window_in_days' instead.

description String

The description of the CMK. The description can be 0 to 8,192 characters in length.

dkmsInstanceId String

The instance ID of the exclusive KMS instance.

isEnabled Boolean

Field is_enabled has been deprecated from provider version 1.85.0. New field key_state instead.

Deprecated:

Field 'is_enabled' has been deprecated from provider version 1.85.0. New field 'key_state' instead.

keySpec String

keyState String

Field key_state has been deprecated from provider version 1.123.1. New field status instead.

Deprecated:

Field 'key_state' has been deprecated from provider version 1.123.1. New field 'status' instead.

keyUsage String

The usage of the CMK. Valid values:

ENCRYPT/DECRYPT(default value): encrypts or decrypts data.
SIGN/VERIFY: generates or verifies a digital signature.

origin String

The source of key material. Valid values:

Aliyun_KMS (default value)
EXTERNAL NOTE: The value of this parameter is case-sensitive. If you set the key_spec to an asymmetric CMK type, you are not allowed to set the origin to EXTERNAL. If you set the origin to EXTERNAL, you must import key material. For more information, see import key material.

pendingWindowInDays Integer

protectionLevel String

The protection level of the CMK. Valid values:

SOFTWARE (default value)
HSM NOTE: The value of this parameter is case-sensitive. Assume that you set this parameter to HSM. If you set the origin parameter to Aliyun_KMS, the CMK is created in a managed hardware security module (HSM). If you set the origin parameter to EXTERNA, you can import an external key to the managed HSM.

rotationInterval String

status String

The status of CMK. Valid Values:

Disabled
Enabled (default value)
PendingDeletion

automaticRotation string

Specifies whether to enable automatic key rotation. Valid values:

Enabled
Disabled (default value) NOTE: If you set the origin parameter to EXTERNAL or the key_spec parameter to an asymmetric CMK type, automatic key rotation is unavailable.

deletionWindowInDays number

Field deletion_window_in_days has been deprecated from provider version 1.85.0. New field pending_window_in_days instead.

Deprecated:

Field 'deletion_window_in_days' has been deprecated from provider version 1.85.0. New field 'pending_window_in_days' instead.

description string

The description of the CMK. The description can be 0 to 8,192 characters in length.

dkmsInstanceId string

The instance ID of the exclusive KMS instance.

isEnabled boolean

Field is_enabled has been deprecated from provider version 1.85.0. New field key_state instead.

Deprecated:

Field 'is_enabled' has been deprecated from provider version 1.85.0. New field 'key_state' instead.

keySpec string

keyState string

Field key_state has been deprecated from provider version 1.123.1. New field status instead.

Deprecated:

Field 'key_state' has been deprecated from provider version 1.123.1. New field 'status' instead.

keyUsage string

The usage of the CMK. Valid values:

ENCRYPT/DECRYPT(default value): encrypts or decrypts data.
SIGN/VERIFY: generates or verifies a digital signature.

origin string

The source of key material. Valid values:

Aliyun_KMS (default value)
EXTERNAL NOTE: The value of this parameter is case-sensitive. If you set the key_spec to an asymmetric CMK type, you are not allowed to set the origin to EXTERNAL. If you set the origin to EXTERNAL, you must import key material. For more information, see import key material.

pendingWindowInDays number

protectionLevel string

The protection level of the CMK. Valid values:

SOFTWARE (default value)
HSM NOTE: The value of this parameter is case-sensitive. Assume that you set this parameter to HSM. If you set the origin parameter to Aliyun_KMS, the CMK is created in a managed hardware security module (HSM). If you set the origin parameter to EXTERNA, you can import an external key to the managed HSM.

rotationInterval string

status string

The status of CMK. Valid Values:

Disabled
Enabled (default value)
PendingDeletion

automatic_rotation str

Specifies whether to enable automatic key rotation. Valid values:

Enabled
Disabled (default value) NOTE: If you set the origin parameter to EXTERNAL or the key_spec parameter to an asymmetric CMK type, automatic key rotation is unavailable.

deletion_window_in_days int

Field deletion_window_in_days has been deprecated from provider version 1.85.0. New field pending_window_in_days instead.

Deprecated:

Field 'deletion_window_in_days' has been deprecated from provider version 1.85.0. New field 'pending_window_in_days' instead.

description str

The description of the CMK. The description can be 0 to 8,192 characters in length.

dkms_instance_id str

The instance ID of the exclusive KMS instance.

is_enabled bool

Field is_enabled has been deprecated from provider version 1.85.0. New field key_state instead.

Deprecated:

Field 'is_enabled' has been deprecated from provider version 1.85.0. New field 'key_state' instead.

key_spec str

key_state str

Field key_state has been deprecated from provider version 1.123.1. New field status instead.

Deprecated:

Field 'key_state' has been deprecated from provider version 1.123.1. New field 'status' instead.

key_usage str

The usage of the CMK. Valid values:

ENCRYPT/DECRYPT(default value): encrypts or decrypts data.
SIGN/VERIFY: generates or verifies a digital signature.

origin str

The source of key material. Valid values:

Aliyun_KMS (default value)
EXTERNAL NOTE: The value of this parameter is case-sensitive. If you set the key_spec to an asymmetric CMK type, you are not allowed to set the origin to EXTERNAL. If you set the origin to EXTERNAL, you must import key material. For more information, see import key material.

pending_window_in_days int

protection_level str

The protection level of the CMK. Valid values:

SOFTWARE (default value)
HSM NOTE: The value of this parameter is case-sensitive. Assume that you set this parameter to HSM. If you set the origin parameter to Aliyun_KMS, the CMK is created in a managed hardware security module (HSM). If you set the origin parameter to EXTERNA, you can import an external key to the managed HSM.

rotation_interval str

status str

The status of CMK. Valid Values:

Disabled
Enabled (default value)
PendingDeletion

automaticRotation String

Specifies whether to enable automatic key rotation. Valid values:

Enabled
Disabled (default value) NOTE: If you set the origin parameter to EXTERNAL or the key_spec parameter to an asymmetric CMK type, automatic key rotation is unavailable.

deletionWindowInDays Number

Field deletion_window_in_days has been deprecated from provider version 1.85.0. New field pending_window_in_days instead.

Deprecated:

Field 'deletion_window_in_days' has been deprecated from provider version 1.85.0. New field 'pending_window_in_days' instead.

description String

The description of the CMK. The description can be 0 to 8,192 characters in length.

dkmsInstanceId String

The instance ID of the exclusive KMS instance.

isEnabled Boolean

Field is_enabled has been deprecated from provider version 1.85.0. New field key_state instead.

Deprecated:

Field 'is_enabled' has been deprecated from provider version 1.85.0. New field 'key_state' instead.

keySpec String

keyState String

Field key_state has been deprecated from provider version 1.123.1. New field status instead.

Deprecated:

Field 'key_state' has been deprecated from provider version 1.123.1. New field 'status' instead.

keyUsage String

The usage of the CMK. Valid values:

ENCRYPT/DECRYPT(default value): encrypts or decrypts data.
SIGN/VERIFY: generates or verifies a digital signature.

origin String

The source of key material. Valid values:

Aliyun_KMS (default value)
EXTERNAL NOTE: The value of this parameter is case-sensitive. If you set the key_spec to an asymmetric CMK type, you are not allowed to set the origin to EXTERNAL. If you set the origin to EXTERNAL, you must import key material. For more information, see import key material.

pendingWindowInDays Number

protectionLevel String

The protection level of the CMK. Valid values:

SOFTWARE (default value)
HSM NOTE: The value of this parameter is case-sensitive. Assume that you set this parameter to HSM. If you set the origin parameter to Aliyun_KMS, the CMK is created in a managed hardware security module (HSM). If you set the origin parameter to EXTERNA, you can import an external key to the managed HSM.

rotationInterval String

status String

The status of CMK. Valid Values:

Disabled
Enabled (default value)
PendingDeletion

Outputs

All input properties are implicitly available as output properties. Additionally, the Key resource produces the following output properties:

Arn string: The Alicloud Resource Name (ARN) of the key.
CreationDate string: The date and time when the CMK was created. The time is displayed in UTC.
Creator string: The creator of the CMK.
DeleteDate string: The scheduled date to delete CMK. The time is displayed in UTC. This value is returned only when the KeyState value is PendingDeletion.
Id string: The provider-assigned unique ID for this managed resource.
LastRotationDate string: The date and time the last rotation was performed. The time is displayed in UTC.
MaterialExpireTime string: The time and date the key material for the CMK expires. The time is displayed in UTC. If the value is empty, the key material for the CMK does not expire.
NextRotationDate string: The time the next rotation is scheduled for execution.
PrimaryKeyVersion string: The ID of the current primary key version of the symmetric CMK.

Arn string: The Alicloud Resource Name (ARN) of the key.
CreationDate string: The date and time when the CMK was created. The time is displayed in UTC.
Creator string: The creator of the CMK.
DeleteDate string: The scheduled date to delete CMK. The time is displayed in UTC. This value is returned only when the KeyState value is PendingDeletion.
Id string: The provider-assigned unique ID for this managed resource.
LastRotationDate string: The date and time the last rotation was performed. The time is displayed in UTC.
MaterialExpireTime string: The time and date the key material for the CMK expires. The time is displayed in UTC. If the value is empty, the key material for the CMK does not expire.
NextRotationDate string: The time the next rotation is scheduled for execution.
PrimaryKeyVersion string: The ID of the current primary key version of the symmetric CMK.

arn String: The Alicloud Resource Name (ARN) of the key.
creationDate String: The date and time when the CMK was created. The time is displayed in UTC.
creator String: The creator of the CMK.
deleteDate String: The scheduled date to delete CMK. The time is displayed in UTC. This value is returned only when the KeyState value is PendingDeletion.
id String: The provider-assigned unique ID for this managed resource.
lastRotationDate String: The date and time the last rotation was performed. The time is displayed in UTC.
materialExpireTime String: The time and date the key material for the CMK expires. The time is displayed in UTC. If the value is empty, the key material for the CMK does not expire.
nextRotationDate String: The time the next rotation is scheduled for execution.
primaryKeyVersion String: The ID of the current primary key version of the symmetric CMK.

arn string: The Alicloud Resource Name (ARN) of the key.
creationDate string: The date and time when the CMK was created. The time is displayed in UTC.
creator string: The creator of the CMK.
deleteDate string: The scheduled date to delete CMK. The time is displayed in UTC. This value is returned only when the KeyState value is PendingDeletion.
id string: The provider-assigned unique ID for this managed resource.
lastRotationDate string: The date and time the last rotation was performed. The time is displayed in UTC.
materialExpireTime string: The time and date the key material for the CMK expires. The time is displayed in UTC. If the value is empty, the key material for the CMK does not expire.
nextRotationDate string: The time the next rotation is scheduled for execution.
primaryKeyVersion string: The ID of the current primary key version of the symmetric CMK.

arn str: The Alicloud Resource Name (ARN) of the key.
creation_date str: The date and time when the CMK was created. The time is displayed in UTC.
creator str: The creator of the CMK.
delete_date str: The scheduled date to delete CMK. The time is displayed in UTC. This value is returned only when the KeyState value is PendingDeletion.
id str: The provider-assigned unique ID for this managed resource.
last_rotation_date str: The date and time the last rotation was performed. The time is displayed in UTC.
material_expire_time str: The time and date the key material for the CMK expires. The time is displayed in UTC. If the value is empty, the key material for the CMK does not expire.
next_rotation_date str: The time the next rotation is scheduled for execution.
primary_key_version str: The ID of the current primary key version of the symmetric CMK.

arn String: The Alicloud Resource Name (ARN) of the key.
creationDate String: The date and time when the CMK was created. The time is displayed in UTC.
creator String: The creator of the CMK.
deleteDate String: The scheduled date to delete CMK. The time is displayed in UTC. This value is returned only when the KeyState value is PendingDeletion.
id String: The provider-assigned unique ID for this managed resource.
lastRotationDate String: The date and time the last rotation was performed. The time is displayed in UTC.
materialExpireTime String: The time and date the key material for the CMK expires. The time is displayed in UTC. If the value is empty, the key material for the CMK does not expire.
nextRotationDate String: The time the next rotation is scheduled for execution.
primaryKeyVersion String: The ID of the current primary key version of the symmetric CMK.

Look up Existing Key Resource

Get an existing Key resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: KeyState, opts?: CustomResourceOptions): Key

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        automatic_rotation: Optional[str] = None,
        creation_date: Optional[str] = None,
        creator: Optional[str] = None,
        delete_date: Optional[str] = None,
        deletion_window_in_days: Optional[int] = None,
        description: Optional[str] = None,
        dkms_instance_id: Optional[str] = None,
        is_enabled: Optional[bool] = None,
        key_spec: Optional[str] = None,
        key_state: Optional[str] = None,
        key_usage: Optional[str] = None,
        last_rotation_date: Optional[str] = None,
        material_expire_time: Optional[str] = None,
        next_rotation_date: Optional[str] = None,
        origin: Optional[str] = None,
        pending_window_in_days: Optional[int] = None,
        primary_key_version: Optional[str] = None,
        protection_level: Optional[str] = None,
        rotation_interval: Optional[str] = None,
        status: Optional[str] = None) -> Key

func GetKey(ctx *Context, name string, id IDInput, state *KeyState, opts ...ResourceOption) (*Key, error)

public static Key Get(string name, Input<string> id, KeyState? state, CustomResourceOptions? opts = null)

public static Key get(String name, Output<String> id, KeyState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Arn string

The Alicloud Resource Name (ARN) of the key.

AutomaticRotation string

Specifies whether to enable automatic key rotation. Valid values:

Enabled
Disabled (default value) NOTE: If you set the origin parameter to EXTERNAL or the key_spec parameter to an asymmetric CMK type, automatic key rotation is unavailable.

CreationDate string

The date and time when the CMK was created. The time is displayed in UTC.

Creator string

The creator of the CMK.

DeleteDate string

The scheduled date to delete CMK. The time is displayed in UTC. This value is returned only when the KeyState value is PendingDeletion.

DeletionWindowInDays int

Field deletion_window_in_days has been deprecated from provider version 1.85.0. New field pending_window_in_days instead.

Deprecated:

Field 'deletion_window_in_days' has been deprecated from provider version 1.85.0. New field 'pending_window_in_days' instead.

Description string

The description of the CMK. The description can be 0 to 8,192 characters in length.

DkmsInstanceId string

The instance ID of the exclusive KMS instance.

IsEnabled bool

Field is_enabled has been deprecated from provider version 1.85.0. New field key_state instead.

Deprecated:

Field 'is_enabled' has been deprecated from provider version 1.85.0. New field 'key_state' instead.

KeySpec string

KeyStatus string

Field key_state has been deprecated from provider version 1.123.1. New field status instead.

Deprecated:

Field 'key_state' has been deprecated from provider version 1.123.1. New field 'status' instead.

KeyUsage string

The usage of the CMK. Valid values:

ENCRYPT/DECRYPT(default value): encrypts or decrypts data.
SIGN/VERIFY: generates or verifies a digital signature.

LastRotationDate string

The date and time the last rotation was performed. The time is displayed in UTC.

MaterialExpireTime string

The time and date the key material for the CMK expires. The time is displayed in UTC. If the value is empty, the key material for the CMK does not expire.

NextRotationDate string

The time the next rotation is scheduled for execution.

Origin string

The source of key material. Valid values:

Aliyun_KMS (default value)
EXTERNAL NOTE: The value of this parameter is case-sensitive. If you set the key_spec to an asymmetric CMK type, you are not allowed to set the origin to EXTERNAL. If you set the origin to EXTERNAL, you must import key material. For more information, see import key material.

PendingWindowInDays int

PrimaryKeyVersion string

The ID of the current primary key version of the symmetric CMK.

ProtectionLevel string

The protection level of the CMK. Valid values:

SOFTWARE (default value)
HSM NOTE: The value of this parameter is case-sensitive. Assume that you set this parameter to HSM. If you set the origin parameter to Aliyun_KMS, the CMK is created in a managed hardware security module (HSM). If you set the origin parameter to EXTERNA, you can import an external key to the managed HSM.

RotationInterval string

Status string

The status of CMK. Valid Values:

Disabled
Enabled (default value)
PendingDeletion

Arn string

The Alicloud Resource Name (ARN) of the key.

AutomaticRotation string

Specifies whether to enable automatic key rotation. Valid values:

Enabled
Disabled (default value) NOTE: If you set the origin parameter to EXTERNAL or the key_spec parameter to an asymmetric CMK type, automatic key rotation is unavailable.

CreationDate string

The date and time when the CMK was created. The time is displayed in UTC.

Creator string

The creator of the CMK.

DeleteDate string

The scheduled date to delete CMK. The time is displayed in UTC. This value is returned only when the KeyState value is PendingDeletion.

DeletionWindowInDays int

Field deletion_window_in_days has been deprecated from provider version 1.85.0. New field pending_window_in_days instead.

Deprecated:

Field 'deletion_window_in_days' has been deprecated from provider version 1.85.0. New field 'pending_window_in_days' instead.

Description string

The description of the CMK. The description can be 0 to 8,192 characters in length.

DkmsInstanceId string

The instance ID of the exclusive KMS instance.

IsEnabled bool

Field is_enabled has been deprecated from provider version 1.85.0. New field key_state instead.

Deprecated:

Field 'is_enabled' has been deprecated from provider version 1.85.0. New field 'key_state' instead.

KeySpec string

KeyState string

Field key_state has been deprecated from provider version 1.123.1. New field status instead.

Deprecated:

Field 'key_state' has been deprecated from provider version 1.123.1. New field 'status' instead.

KeyUsage string

The usage of the CMK. Valid values:

ENCRYPT/DECRYPT(default value): encrypts or decrypts data.
SIGN/VERIFY: generates or verifies a digital signature.

LastRotationDate string

The date and time the last rotation was performed. The time is displayed in UTC.

MaterialExpireTime string

The time and date the key material for the CMK expires. The time is displayed in UTC. If the value is empty, the key material for the CMK does not expire.

NextRotationDate string

The time the next rotation is scheduled for execution.

Origin string

The source of key material. Valid values:

Aliyun_KMS (default value)
EXTERNAL NOTE: The value of this parameter is case-sensitive. If you set the key_spec to an asymmetric CMK type, you are not allowed to set the origin to EXTERNAL. If you set the origin to EXTERNAL, you must import key material. For more information, see import key material.

PendingWindowInDays int

PrimaryKeyVersion string

The ID of the current primary key version of the symmetric CMK.

ProtectionLevel string

The protection level of the CMK. Valid values:

SOFTWARE (default value)
HSM NOTE: The value of this parameter is case-sensitive. Assume that you set this parameter to HSM. If you set the origin parameter to Aliyun_KMS, the CMK is created in a managed hardware security module (HSM). If you set the origin parameter to EXTERNA, you can import an external key to the managed HSM.

RotationInterval string

Status string

The status of CMK. Valid Values:

Disabled
Enabled (default value)
PendingDeletion

arn String

The Alicloud Resource Name (ARN) of the key.

automaticRotation String

Specifies whether to enable automatic key rotation. Valid values:

Enabled
Disabled (default value) NOTE: If you set the origin parameter to EXTERNAL or the key_spec parameter to an asymmetric CMK type, automatic key rotation is unavailable.

creationDate String

The date and time when the CMK was created. The time is displayed in UTC.

creator String

The creator of the CMK.

deleteDate String

The scheduled date to delete CMK. The time is displayed in UTC. This value is returned only when the KeyState value is PendingDeletion.

deletionWindowInDays Integer

Field deletion_window_in_days has been deprecated from provider version 1.85.0. New field pending_window_in_days instead.

Deprecated:

Field 'deletion_window_in_days' has been deprecated from provider version 1.85.0. New field 'pending_window_in_days' instead.

description String

The description of the CMK. The description can be 0 to 8,192 characters in length.

dkmsInstanceId String

The instance ID of the exclusive KMS instance.

isEnabled Boolean

Field is_enabled has been deprecated from provider version 1.85.0. New field key_state instead.

Deprecated:

Field 'is_enabled' has been deprecated from provider version 1.85.0. New field 'key_state' instead.

keySpec String

keyState String

Field key_state has been deprecated from provider version 1.123.1. New field status instead.

Deprecated:

Field 'key_state' has been deprecated from provider version 1.123.1. New field 'status' instead.

keyUsage String

The usage of the CMK. Valid values:

ENCRYPT/DECRYPT(default value): encrypts or decrypts data.
SIGN/VERIFY: generates or verifies a digital signature.

lastRotationDate String

The date and time the last rotation was performed. The time is displayed in UTC.

materialExpireTime String

The time and date the key material for the CMK expires. The time is displayed in UTC. If the value is empty, the key material for the CMK does not expire.

nextRotationDate String

The time the next rotation is scheduled for execution.

origin String

The source of key material. Valid values:

Aliyun_KMS (default value)
EXTERNAL NOTE: The value of this parameter is case-sensitive. If you set the key_spec to an asymmetric CMK type, you are not allowed to set the origin to EXTERNAL. If you set the origin to EXTERNAL, you must import key material. For more information, see import key material.

pendingWindowInDays Integer

primaryKeyVersion String

The ID of the current primary key version of the symmetric CMK.

protectionLevel String

The protection level of the CMK. Valid values:

SOFTWARE (default value)
HSM NOTE: The value of this parameter is case-sensitive. Assume that you set this parameter to HSM. If you set the origin parameter to Aliyun_KMS, the CMK is created in a managed hardware security module (HSM). If you set the origin parameter to EXTERNA, you can import an external key to the managed HSM.

rotationInterval String

status String

The status of CMK. Valid Values:

Disabled
Enabled (default value)
PendingDeletion

arn string

The Alicloud Resource Name (ARN) of the key.

automaticRotation string

Specifies whether to enable automatic key rotation. Valid values:

Enabled
Disabled (default value) NOTE: If you set the origin parameter to EXTERNAL or the key_spec parameter to an asymmetric CMK type, automatic key rotation is unavailable.

creationDate string

The date and time when the CMK was created. The time is displayed in UTC.

creator string

The creator of the CMK.

deleteDate string

The scheduled date to delete CMK. The time is displayed in UTC. This value is returned only when the KeyState value is PendingDeletion.

deletionWindowInDays number

Field deletion_window_in_days has been deprecated from provider version 1.85.0. New field pending_window_in_days instead.

Deprecated:

Field 'deletion_window_in_days' has been deprecated from provider version 1.85.0. New field 'pending_window_in_days' instead.

description string

The description of the CMK. The description can be 0 to 8,192 characters in length.

dkmsInstanceId string

The instance ID of the exclusive KMS instance.

isEnabled boolean

Field is_enabled has been deprecated from provider version 1.85.0. New field key_state instead.

Deprecated:

Field 'is_enabled' has been deprecated from provider version 1.85.0. New field 'key_state' instead.

keySpec string

keyState string

Field key_state has been deprecated from provider version 1.123.1. New field status instead.

Deprecated:

Field 'key_state' has been deprecated from provider version 1.123.1. New field 'status' instead.

keyUsage string

The usage of the CMK. Valid values:

ENCRYPT/DECRYPT(default value): encrypts or decrypts data.
SIGN/VERIFY: generates or verifies a digital signature.

lastRotationDate string

The date and time the last rotation was performed. The time is displayed in UTC.

materialExpireTime string

The time and date the key material for the CMK expires. The time is displayed in UTC. If the value is empty, the key material for the CMK does not expire.

nextRotationDate string

The time the next rotation is scheduled for execution.

origin string

The source of key material. Valid values:

Aliyun_KMS (default value)
EXTERNAL NOTE: The value of this parameter is case-sensitive. If you set the key_spec to an asymmetric CMK type, you are not allowed to set the origin to EXTERNAL. If you set the origin to EXTERNAL, you must import key material. For more information, see import key material.

pendingWindowInDays number

primaryKeyVersion string

The ID of the current primary key version of the symmetric CMK.

protectionLevel string

The protection level of the CMK. Valid values:

SOFTWARE (default value)
HSM NOTE: The value of this parameter is case-sensitive. Assume that you set this parameter to HSM. If you set the origin parameter to Aliyun_KMS, the CMK is created in a managed hardware security module (HSM). If you set the origin parameter to EXTERNA, you can import an external key to the managed HSM.

rotationInterval string

status string

The status of CMK. Valid Values:

Disabled
Enabled (default value)
PendingDeletion

arn str

The Alicloud Resource Name (ARN) of the key.

automatic_rotation str

Specifies whether to enable automatic key rotation. Valid values:

Enabled
Disabled (default value) NOTE: If you set the origin parameter to EXTERNAL or the key_spec parameter to an asymmetric CMK type, automatic key rotation is unavailable.

creation_date str

The date and time when the CMK was created. The time is displayed in UTC.

creator str

The creator of the CMK.

delete_date str

The scheduled date to delete CMK. The time is displayed in UTC. This value is returned only when the KeyState value is PendingDeletion.

deletion_window_in_days int

Field deletion_window_in_days has been deprecated from provider version 1.85.0. New field pending_window_in_days instead.

Deprecated:

Field 'deletion_window_in_days' has been deprecated from provider version 1.85.0. New field 'pending_window_in_days' instead.

description str

The description of the CMK. The description can be 0 to 8,192 characters in length.

dkms_instance_id str

The instance ID of the exclusive KMS instance.

is_enabled bool

Field is_enabled has been deprecated from provider version 1.85.0. New field key_state instead.

Deprecated:

Field 'is_enabled' has been deprecated from provider version 1.85.0. New field 'key_state' instead.

key_spec str

key_state str

Field key_state has been deprecated from provider version 1.123.1. New field status instead.

Deprecated:

Field 'key_state' has been deprecated from provider version 1.123.1. New field 'status' instead.

key_usage str

The usage of the CMK. Valid values:

ENCRYPT/DECRYPT(default value): encrypts or decrypts data.
SIGN/VERIFY: generates or verifies a digital signature.

last_rotation_date str

The date and time the last rotation was performed. The time is displayed in UTC.

material_expire_time str

The time and date the key material for the CMK expires. The time is displayed in UTC. If the value is empty, the key material for the CMK does not expire.

next_rotation_date str

The time the next rotation is scheduled for execution.

origin str

The source of key material. Valid values:

Aliyun_KMS (default value)
EXTERNAL NOTE: The value of this parameter is case-sensitive. If you set the key_spec to an asymmetric CMK type, you are not allowed to set the origin to EXTERNAL. If you set the origin to EXTERNAL, you must import key material. For more information, see import key material.

pending_window_in_days int

primary_key_version str

The ID of the current primary key version of the symmetric CMK.

protection_level str

The protection level of the CMK. Valid values:

SOFTWARE (default value)
HSM NOTE: The value of this parameter is case-sensitive. Assume that you set this parameter to HSM. If you set the origin parameter to Aliyun_KMS, the CMK is created in a managed hardware security module (HSM). If you set the origin parameter to EXTERNA, you can import an external key to the managed HSM.

rotation_interval str

status str

The status of CMK. Valid Values:

Disabled
Enabled (default value)
PendingDeletion

arn String

The Alicloud Resource Name (ARN) of the key.

automaticRotation String

Specifies whether to enable automatic key rotation. Valid values:

Enabled
Disabled (default value) NOTE: If you set the origin parameter to EXTERNAL or the key_spec parameter to an asymmetric CMK type, automatic key rotation is unavailable.

creationDate String

The date and time when the CMK was created. The time is displayed in UTC.

creator String

The creator of the CMK.

deleteDate String

The scheduled date to delete CMK. The time is displayed in UTC. This value is returned only when the KeyState value is PendingDeletion.

deletionWindowInDays Number

Field deletion_window_in_days has been deprecated from provider version 1.85.0. New field pending_window_in_days instead.

Deprecated:

Field 'deletion_window_in_days' has been deprecated from provider version 1.85.0. New field 'pending_window_in_days' instead.

description String

The description of the CMK. The description can be 0 to 8,192 characters in length.

dkmsInstanceId String

The instance ID of the exclusive KMS instance.

isEnabled Boolean

Field is_enabled has been deprecated from provider version 1.85.0. New field key_state instead.

Deprecated:

Field 'is_enabled' has been deprecated from provider version 1.85.0. New field 'key_state' instead.

keySpec String

keyState String

Field key_state has been deprecated from provider version 1.123.1. New field status instead.

Deprecated:

Field 'key_state' has been deprecated from provider version 1.123.1. New field 'status' instead.

keyUsage String

The usage of the CMK. Valid values:

ENCRYPT/DECRYPT(default value): encrypts or decrypts data.
SIGN/VERIFY: generates or verifies a digital signature.

lastRotationDate String

The date and time the last rotation was performed. The time is displayed in UTC.

materialExpireTime String

The time and date the key material for the CMK expires. The time is displayed in UTC. If the value is empty, the key material for the CMK does not expire.

nextRotationDate String

The time the next rotation is scheduled for execution.

origin String

The source of key material. Valid values:

Aliyun_KMS (default value)
EXTERNAL NOTE: The value of this parameter is case-sensitive. If you set the key_spec to an asymmetric CMK type, you are not allowed to set the origin to EXTERNAL. If you set the origin to EXTERNAL, you must import key material. For more information, see import key material.

pendingWindowInDays Number

primaryKeyVersion String

The ID of the current primary key version of the symmetric CMK.

protectionLevel String

The protection level of the CMK. Valid values:

SOFTWARE (default value)
HSM NOTE: The value of this parameter is case-sensitive. Assume that you set this parameter to HSM. If you set the origin parameter to Aliyun_KMS, the CMK is created in a managed hardware security module (HSM). If you set the origin parameter to EXTERNA, you can import an external key to the managed HSM.

rotationInterval String

status String

The status of CMK. Valid Values:

Disabled
Enabled (default value)
PendingDeletion

Import

Alikms key can be imported using the id, e.g.

 $ pulumi import alicloud:kms/key:Key example abc123456

Package Details

Repository: Alibaba Cloud pulumi/pulumi-alicloud
License: Apache-2.0
Notes: This Pulumi package is based on the alicloud Terraform Provider.

alicloud.kms.Key

Example Usage

Create Key Resource

Key Resource Properties

Inputs

Outputs

Look up Existing Key Resource

Import

Package Details

Contents