Docs Home
AWS v7.4.0 published on Wednesday, Aug 13, 2025 by Pulumi
aws.paymentcryptography.Key
Explore with Pulumi AI
Resource for managing an AWS Payment Cryptography Control Plane Key.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const test = new aws.paymentcryptography.Key("test", {
exportable: true,
keyAttributes: [{
keyAlgorithm: "TDES_3KEY",
keyClass: "SYMMETRIC_KEY",
keyUsage: "TR31_P0_PIN_ENCRYPTION_KEY",
keyModesOfUses: [{
decrypt: true,
encrypt: true,
wrap: true,
unwrap: true,
}],
}],
});
import pulumi
import pulumi_aws as aws
test = aws.paymentcryptography.Key("test",
exportable=True,
key_attributes=[{
"key_algorithm": "TDES_3KEY",
"key_class": "SYMMETRIC_KEY",
"key_usage": "TR31_P0_PIN_ENCRYPTION_KEY",
"key_modes_of_uses": [{
"decrypt": True,
"encrypt": True,
"wrap": True,
"unwrap": True,
}],
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/paymentcryptography"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := paymentcryptography.NewKey(ctx, "test", &paymentcryptography.KeyArgs{
Exportable: pulumi.Bool(true),
KeyAttributes: paymentcryptography.KeyKeyAttributeArray{
&paymentcryptography.KeyKeyAttributeArgs{
KeyAlgorithm: pulumi.String("TDES_3KEY"),
KeyClass: pulumi.String("SYMMETRIC_KEY"),
KeyUsage: pulumi.String("TR31_P0_PIN_ENCRYPTION_KEY"),
KeyModesOfUses: paymentcryptography.KeyKeyAttributeKeyModesOfUseArray{
&paymentcryptography.KeyKeyAttributeKeyModesOfUseArgs{
Decrypt: pulumi.Bool(true),
Encrypt: pulumi.Bool(true),
Wrap: pulumi.Bool(true),
Unwrap: pulumi.Bool(true),
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var test = new Aws.PaymentCryptography.Key("test", new()
{
Exportable = true,
KeyAttributes = new[]
{
new Aws.PaymentCryptography.Inputs.KeyKeyAttributeArgs
{
KeyAlgorithm = "TDES_3KEY",
KeyClass = "SYMMETRIC_KEY",
KeyUsage = "TR31_P0_PIN_ENCRYPTION_KEY",
KeyModesOfUses = new[]
{
new Aws.PaymentCryptography.Inputs.KeyKeyAttributeKeyModesOfUseArgs
{
Decrypt = true,
Encrypt = true,
Wrap = true,
Unwrap = true,
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.paymentcryptography.Key;
import com.pulumi.aws.paymentcryptography.KeyArgs;
import com.pulumi.aws.paymentcryptography.inputs.KeyKeyAttributeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new Key("test", KeyArgs.builder()
.exportable(true)
.keyAttributes(KeyKeyAttributeArgs.builder()
.keyAlgorithm("TDES_3KEY")
.keyClass("SYMMETRIC_KEY")
.keyUsage("TR31_P0_PIN_ENCRYPTION_KEY")
.keyModesOfUses(KeyKeyAttributeKeyModesOfUseArgs.builder()
.decrypt(true)
.encrypt(true)
.wrap(true)
.unwrap(true)
.build())
.build())
.build());
}
}
resources:
test:
type: aws:paymentcryptography:Key
properties:
exportable: true
keyAttributes:
- keyAlgorithm: TDES_3KEY
keyClass: SYMMETRIC_KEY
keyUsage: TR31_P0_PIN_ENCRYPTION_KEY
keyModesOfUses:
- decrypt: true
encrypt: true
wrap: true
unwrap: true
Create Key Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Key(name: string, args: KeyArgs, opts?: CustomResourceOptions);@overload
def Key(resource_name: str,
args: KeyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Key(resource_name: str,
opts: Optional[ResourceOptions] = None,
exportable: Optional[bool] = None,
deletion_window_in_days: Optional[int] = None,
enabled: Optional[bool] = None,
key_attributes: Optional[Sequence[KeyKeyAttributeArgs]] = None,
key_check_value_algorithm: Optional[str] = None,
region: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
timeouts: Optional[KeyTimeoutsArgs] = None)func NewKey(ctx *Context, name string, args KeyArgs, opts ...ResourceOption) (*Key, error)public Key(string name, KeyArgs args, CustomResourceOptions? opts = null)type: aws:paymentcryptography:Key
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var awsKeyResource = new Aws.PaymentCryptography.Key("awsKeyResource", new()
{
Exportable = false,
DeletionWindowInDays = 0,
Enabled = false,
KeyAttributes = new[]
{
new Aws.PaymentCryptography.Inputs.KeyKeyAttributeArgs
{
KeyAlgorithm = "string",
KeyClass = "string",
KeyUsage = "string",
KeyModesOfUses = new[]
{
new Aws.PaymentCryptography.Inputs.KeyKeyAttributeKeyModesOfUseArgs
{
Decrypt = false,
DeriveKey = false,
Encrypt = false,
Generate = false,
NoRestrictions = false,
Sign = false,
Unwrap = false,
Verify = false,
Wrap = false,
},
},
},
},
KeyCheckValueAlgorithm = "string",
Region = "string",
Tags =
{
{ "string", "string" },
},
Timeouts = new Aws.PaymentCryptography.Inputs.KeyTimeoutsArgs
{
Create = "string",
Delete = "string",
Update = "string",
},
});
example, err := paymentcryptography.NewKey(ctx, "awsKeyResource", &paymentcryptography.KeyArgs{
Exportable: pulumi.Bool(false),
DeletionWindowInDays: pulumi.Int(0),
Enabled: pulumi.Bool(false),
KeyAttributes: paymentcryptography.KeyKeyAttributeArray{
&paymentcryptography.KeyKeyAttributeArgs{
KeyAlgorithm: pulumi.String("string"),
KeyClass: pulumi.String("string"),
KeyUsage: pulumi.String("string"),
KeyModesOfUses: paymentcryptography.KeyKeyAttributeKeyModesOfUseArray{
&paymentcryptography.KeyKeyAttributeKeyModesOfUseArgs{
Decrypt: pulumi.Bool(false),
DeriveKey: pulumi.Bool(false),
Encrypt: pulumi.Bool(false),
Generate: pulumi.Bool(false),
NoRestrictions: pulumi.Bool(false),
Sign: pulumi.Bool(false),
Unwrap: pulumi.Bool(false),
Verify: pulumi.Bool(false),
Wrap: pulumi.Bool(false),
},
},
},
},
KeyCheckValueAlgorithm: pulumi.String("string"),
Region: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
Timeouts: &paymentcryptography.KeyTimeoutsArgs{
Create: pulumi.String("string"),
Delete: pulumi.String("string"),
Update: pulumi.String("string"),
},
})
var awsKeyResource = new com.pulumi.aws.paymentcryptography.Key("awsKeyResource", com.pulumi.aws.paymentcryptography.KeyArgs.builder()
.exportable(false)
.deletionWindowInDays(0)
.enabled(false)
.keyAttributes(KeyKeyAttributeArgs.builder()
.keyAlgorithm("string")
.keyClass("string")
.keyUsage("string")
.keyModesOfUses(KeyKeyAttributeKeyModesOfUseArgs.builder()
.decrypt(false)
.deriveKey(false)
.encrypt(false)
.generate(false)
.noRestrictions(false)
.sign(false)
.unwrap(false)
.verify(false)
.wrap(false)
.build())
.build())
.keyCheckValueAlgorithm("string")
.region("string")
.tags(Map.of("string", "string"))
.timeouts(KeyTimeoutsArgs.builder()
.create("string")
.delete("string")
.update("string")
.build())
.build());
aws_key_resource = aws.paymentcryptography.Key("awsKeyResource",
exportable=False,
deletion_window_in_days=0,
enabled=False,
key_attributes=[{
"key_algorithm": "string",
"key_class": "string",
"key_usage": "string",
"key_modes_of_uses": [{
"decrypt": False,
"derive_key": False,
"encrypt": False,
"generate": False,
"no_restrictions": False,
"sign": False,
"unwrap": False,
"verify": False,
"wrap": False,
}],
}],
key_check_value_algorithm="string",
region="string",
tags={
"string": "string",
},
timeouts={
"create": "string",
"delete": "string",
"update": "string",
})
const awsKeyResource = new aws.paymentcryptography.Key("awsKeyResource", {
exportable: false,
deletionWindowInDays: 0,
enabled: false,
keyAttributes: [{
keyAlgorithm: "string",
keyClass: "string",
keyUsage: "string",
keyModesOfUses: [{
decrypt: false,
deriveKey: false,
encrypt: false,
generate: false,
noRestrictions: false,
sign: false,
unwrap: false,
verify: false,
wrap: false,
}],
}],
keyCheckValueAlgorithm: "string",
region: "string",
tags: {
string: "string",
},
timeouts: {
create: "string",
"delete": "string",
update: "string",
},
});
type: aws:paymentcryptography:Key
properties:
deletionWindowInDays: 0
enabled: false
exportable: false
keyAttributes:
- keyAlgorithm: string
keyClass: string
keyModesOfUses:
- decrypt: false
deriveKey: false
encrypt: false
generate: false
noRestrictions: false
sign: false
unwrap: false
verify: false
wrap: false
keyUsage: string
keyCheckValueAlgorithm: string
region: string
tags:
string: string
timeouts:
create: string
delete: string
update: string
Key Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Key resource accepts the following input properties:
- Exportable bool
- Whether the key is exportable from the service.
- Deletion
Window intIn Days - Enabled bool
- Whether to enable the key.
- Key
Attributes List<KeyKey Attribute> Role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.
The following arguments are optional:
- Key
Check stringValue Algorithm - Algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Dictionary<string, string>
- Map of tags assigned to the WorkSpaces Connection Alias. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Timeouts
Key
Timeouts
- Exportable bool
- Whether the key is exportable from the service.
- Deletion
Window intIn Days - Enabled bool
- Whether to enable the key.
- Key
Attributes []KeyKey Attribute Args Role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.
The following arguments are optional:
- Key
Check stringValue Algorithm - Algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- map[string]string
- Map of tags assigned to the WorkSpaces Connection Alias. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Timeouts
Key
Timeouts Args
- exportable Boolean
- Whether the key is exportable from the service.
- deletion
Window IntegerIn Days - enabled Boolean
- Whether to enable the key.
- key
Attributes List<KeyKey Attribute> Role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.
The following arguments are optional:
- key
Check StringValue Algorithm - Algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String,String>
- Map of tags assigned to the WorkSpaces Connection Alias. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - timeouts
Key
Timeouts
- exportable boolean
- Whether the key is exportable from the service.
- deletion
Window numberIn Days - enabled boolean
- Whether to enable the key.
- key
Attributes KeyKey Attribute[] Role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.
The following arguments are optional:
- key
Check stringValue Algorithm - Algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- {[key: string]: string}
- Map of tags assigned to the WorkSpaces Connection Alias. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - timeouts
Key
Timeouts
- exportable bool
- Whether the key is exportable from the service.
- deletion_
window_ intin_ days - enabled bool
- Whether to enable the key.
- key_
attributes Sequence[KeyKey Attribute Args] Role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.
The following arguments are optional:
- key_
check_ strvalue_ algorithm - Algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Mapping[str, str]
- Map of tags assigned to the WorkSpaces Connection Alias. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - timeouts
Key
Timeouts Args
- exportable Boolean
- Whether the key is exportable from the service.
- deletion
Window NumberIn Days - enabled Boolean
- Whether to enable the key.
- key
Attributes List<Property Map> Role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.
The following arguments are optional:
- key
Check StringValue Algorithm - Algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String>
- Map of tags assigned to the WorkSpaces Connection Alias. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - timeouts Property Map
Outputs
All input properties are implicitly available as output properties. Additionally, the Key resource produces the following output properties:
- Arn string
- ARN of the key.
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Check stringValue - Key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
- Key
Origin string - Source of the key material.
- State string
- State of key that is being created or deleted.
- Dictionary<string, string>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- Arn string
- ARN of the key.
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Check stringValue - Key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
- Key
Origin string - Source of the key material.
- Key
State string - State of key that is being created or deleted.
- map[string]string
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn String
- ARN of the key.
- id String
- The provider-assigned unique ID for this managed resource.
- key
Check StringValue - Key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
- key
Origin String - Source of the key material.
- key
State String - State of key that is being created or deleted.
- Map<String,String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn string
- ARN of the key.
- id string
- The provider-assigned unique ID for this managed resource.
- key
Check stringValue - Key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
- key
Origin string - Source of the key material.
- key
State string - State of key that is being created or deleted.
- {[key: string]: string}
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn str
- ARN of the key.
- id str
- The provider-assigned unique ID for this managed resource.
- key_
check_ strvalue - Key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
- key_
origin str - Source of the key material.
- key_
state str - State of key that is being created or deleted.
- Mapping[str, str]
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn String
- ARN of the key.
- id String
- The provider-assigned unique ID for this managed resource.
- key
Check StringValue - Key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
- key
Origin String - Source of the key material.
- key
State String - State of key that is being created or deleted.
- Map<String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
Look up Existing Key Resource
Get an existing Key resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: KeyState, opts?: CustomResourceOptions): Key@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
deletion_window_in_days: Optional[int] = None,
enabled: Optional[bool] = None,
exportable: Optional[bool] = None,
key_attributes: Optional[Sequence[KeyKeyAttributeArgs]] = None,
key_check_value: Optional[str] = None,
key_check_value_algorithm: Optional[str] = None,
key_origin: Optional[str] = None,
key_state: Optional[str] = None,
region: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
timeouts: Optional[KeyTimeoutsArgs] = None) -> Keyfunc GetKey(ctx *Context, name string, id IDInput, state *KeyState, opts ...ResourceOption) (*Key, error)public static Key Get(string name, Input<string> id, KeyState? state, CustomResourceOptions? opts = null)public static Key get(String name, Output<String> id, KeyState state, CustomResourceOptions options)resources: _: type: aws:paymentcryptography:Key get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
- ARN of the key.
- Deletion
Window intIn Days - Enabled bool
- Whether to enable the key.
- Exportable bool
- Whether the key is exportable from the service.
- Key
Attributes List<KeyKey Attribute> Role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.
The following arguments are optional:
- Key
Check stringValue - Key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
- Key
Check stringValue Algorithm - Algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).
- Key
Origin string - Source of the key material.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- State string
- State of key that is being created or deleted.
- Dictionary<string, string>
- Map of tags assigned to the WorkSpaces Connection Alias. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Timeouts
Key
Timeouts
- Arn string
- ARN of the key.
- Deletion
Window intIn Days - Enabled bool
- Whether to enable the key.
- Exportable bool
- Whether the key is exportable from the service.
- Key
Attributes []KeyKey Attribute Args Role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.
The following arguments are optional:
- Key
Check stringValue - Key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
- Key
Check stringValue Algorithm - Algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).
- Key
Origin string - Source of the key material.
- Key
State string - State of key that is being created or deleted.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- map[string]string
- Map of tags assigned to the WorkSpaces Connection Alias. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Timeouts
Key
Timeouts Args
- arn String
- ARN of the key.
- deletion
Window IntegerIn Days - enabled Boolean
- Whether to enable the key.
- exportable Boolean
- Whether the key is exportable from the service.
- key
Attributes List<KeyKey Attribute> Role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.
The following arguments are optional:
- key
Check StringValue - Key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
- key
Check StringValue Algorithm - Algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).
- key
Origin String - Source of the key material.
- key
State String - State of key that is being created or deleted.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String,String>
- Map of tags assigned to the WorkSpaces Connection Alias. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - timeouts
Key
Timeouts
- arn string
- ARN of the key.
- deletion
Window numberIn Days - enabled boolean
- Whether to enable the key.
- exportable boolean
- Whether the key is exportable from the service.
- key
Attributes KeyKey Attribute[] Role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.
The following arguments are optional:
- key
Check stringValue - Key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
- key
Check stringValue Algorithm - Algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).
- key
Origin string - Source of the key material.
- key
State string - State of key that is being created or deleted.
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- {[key: string]: string}
- Map of tags assigned to the WorkSpaces Connection Alias. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - timeouts
Key
Timeouts
- arn str
- ARN of the key.
- deletion_
window_ intin_ days - enabled bool
- Whether to enable the key.
- exportable bool
- Whether the key is exportable from the service.
- key_
attributes Sequence[KeyKey Attribute Args] Role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.
The following arguments are optional:
- key_
check_ strvalue - Key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
- key_
check_ strvalue_ algorithm - Algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).
- key_
origin str - Source of the key material.
- key_
state str - State of key that is being created or deleted.
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Mapping[str, str]
- Map of tags assigned to the WorkSpaces Connection Alias. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - timeouts
Key
Timeouts Args
- arn String
- ARN of the key.
- deletion
Window NumberIn Days - enabled Boolean
- Whether to enable the key.
- exportable Boolean
- Whether the key is exportable from the service.
- key
Attributes List<Property Map> Role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.
The following arguments are optional:
- key
Check StringValue - Key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
- key
Check StringValue Algorithm - Algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).
- key
Origin String - Source of the key material.
- key
State String - State of key that is being created or deleted.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String>
- Map of tags assigned to the WorkSpaces Connection Alias. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - timeouts Property Map
Supporting Types
KeyKeyAttribute, KeyKeyAttributeArgs
- Key
Algorithm string - Key algorithm to be use during creation of an AWS Payment Cryptography key.
- Key
Class string - Type of AWS Payment Cryptography key to create.
- Key
Usage string - Cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
- Key
Modes List<KeyOf Uses Key Attribute Key Modes Of Use> - List of cryptographic operations that you can perform using the key.
- Key
Algorithm string - Key algorithm to be use during creation of an AWS Payment Cryptography key.
- Key
Class string - Type of AWS Payment Cryptography key to create.
- Key
Usage string - Cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
- Key
Modes []KeyOf Uses Key Attribute Key Modes Of Use - List of cryptographic operations that you can perform using the key.
- key
Algorithm String - Key algorithm to be use during creation of an AWS Payment Cryptography key.
- key
Class String - Type of AWS Payment Cryptography key to create.
- key
Usage String - Cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
- key
Modes List<KeyOf Uses Key Attribute Key Modes Of Use> - List of cryptographic operations that you can perform using the key.
- key
Algorithm string - Key algorithm to be use during creation of an AWS Payment Cryptography key.
- key
Class string - Type of AWS Payment Cryptography key to create.
- key
Usage string - Cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
- key
Modes KeyOf Uses Key Attribute Key Modes Of Use[] - List of cryptographic operations that you can perform using the key.
- key_
algorithm str - Key algorithm to be use during creation of an AWS Payment Cryptography key.
- key_
class str - Type of AWS Payment Cryptography key to create.
- key_
usage str - Cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
- key_
modes_ Sequence[Keyof_ uses Key Attribute Key Modes Of Use] - List of cryptographic operations that you can perform using the key.
- key
Algorithm String - Key algorithm to be use during creation of an AWS Payment Cryptography key.
- key
Class String - Type of AWS Payment Cryptography key to create.
- key
Usage String - Cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
- key
Modes List<Property Map>Of Uses - List of cryptographic operations that you can perform using the key.
KeyKeyAttributeKeyModesOfUse, KeyKeyAttributeKeyModesOfUseArgs
- Decrypt bool
- Whether an AWS Payment Cryptography key can be used to decrypt data.
- Derive
Key bool - Whether an AWS Payment Cryptography key can be used to derive new keys.
- Encrypt bool
- Whether an AWS Payment Cryptography key can be used to encrypt data.
- Generate bool
- Whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
- No
Restrictions bool - Whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by KeyUsage.
- Sign bool
- Whether an AWS Payment Cryptography key can be used for signing.
- Unwrap bool
- Whether an AWS Payment Cryptography key can be used to unwrap other keys.
- Verify bool
- Whether an AWS Payment Cryptography key can be used to verify signatures.
- Wrap bool
- Whether an AWS Payment Cryptography key can be used to wrap other keys.
- Decrypt bool
- Whether an AWS Payment Cryptography key can be used to decrypt data.
- Derive
Key bool - Whether an AWS Payment Cryptography key can be used to derive new keys.
- Encrypt bool
- Whether an AWS Payment Cryptography key can be used to encrypt data.
- Generate bool
- Whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
- No
Restrictions bool - Whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by KeyUsage.
- Sign bool
- Whether an AWS Payment Cryptography key can be used for signing.
- Unwrap bool
- Whether an AWS Payment Cryptography key can be used to unwrap other keys.
- Verify bool
- Whether an AWS Payment Cryptography key can be used to verify signatures.
- Wrap bool
- Whether an AWS Payment Cryptography key can be used to wrap other keys.
- decrypt Boolean
- Whether an AWS Payment Cryptography key can be used to decrypt data.
- derive
Key Boolean - Whether an AWS Payment Cryptography key can be used to derive new keys.
- encrypt Boolean
- Whether an AWS Payment Cryptography key can be used to encrypt data.
- generate Boolean
- Whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
- no
Restrictions Boolean - Whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by KeyUsage.
- sign Boolean
- Whether an AWS Payment Cryptography key can be used for signing.
- unwrap Boolean
- Whether an AWS Payment Cryptography key can be used to unwrap other keys.
- verify Boolean
- Whether an AWS Payment Cryptography key can be used to verify signatures.
- wrap Boolean
- Whether an AWS Payment Cryptography key can be used to wrap other keys.
- decrypt boolean
- Whether an AWS Payment Cryptography key can be used to decrypt data.
- derive
Key boolean - Whether an AWS Payment Cryptography key can be used to derive new keys.
- encrypt boolean
- Whether an AWS Payment Cryptography key can be used to encrypt data.
- generate boolean
- Whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
- no
Restrictions boolean - Whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by KeyUsage.
- sign boolean
- Whether an AWS Payment Cryptography key can be used for signing.
- unwrap boolean
- Whether an AWS Payment Cryptography key can be used to unwrap other keys.
- verify boolean
- Whether an AWS Payment Cryptography key can be used to verify signatures.
- wrap boolean
- Whether an AWS Payment Cryptography key can be used to wrap other keys.
- decrypt bool
- Whether an AWS Payment Cryptography key can be used to decrypt data.
- derive_
key bool - Whether an AWS Payment Cryptography key can be used to derive new keys.
- encrypt bool
- Whether an AWS Payment Cryptography key can be used to encrypt data.
- generate bool
- Whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
- no_
restrictions bool - Whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by KeyUsage.
- sign bool
- Whether an AWS Payment Cryptography key can be used for signing.
- unwrap bool
- Whether an AWS Payment Cryptography key can be used to unwrap other keys.
- verify bool
- Whether an AWS Payment Cryptography key can be used to verify signatures.
- wrap bool
- Whether an AWS Payment Cryptography key can be used to wrap other keys.
- decrypt Boolean
- Whether an AWS Payment Cryptography key can be used to decrypt data.
- derive
Key Boolean - Whether an AWS Payment Cryptography key can be used to derive new keys.
- encrypt Boolean
- Whether an AWS Payment Cryptography key can be used to encrypt data.
- generate Boolean
- Whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
- no
Restrictions Boolean - Whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by KeyUsage.
- sign Boolean
- Whether an AWS Payment Cryptography key can be used for signing.
- unwrap Boolean
- Whether an AWS Payment Cryptography key can be used to unwrap other keys.
- verify Boolean
- Whether an AWS Payment Cryptography key can be used to verify signatures.
- wrap Boolean
- Whether an AWS Payment Cryptography key can be used to wrap other keys.
KeyTimeouts, KeyTimeoutsArgs
- Create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- Update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- Update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
Import
Using pulumi import, import Payment Cryptography Control Plane Key using the arn:aws:payment-cryptography:us-east-1:123456789012:key/qtbojf64yshyvyzf. For example:
$ pulumi import aws:paymentcryptography/key:Key example arn:aws:payment-cryptography:us-east-1:123456789012:key/qtbojf64yshyvyzf
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.