Docs Home
Google Cloud v8.36.0 published on Friday, Jun 27, 2025 by Pulumi
gcp.diagflow.EncryptionSpec
Explore with Pulumi AI
Initializes a location-level encryption key specification.
To get more information about EncryptionSpec, see:
Example Usage
Dialogflow Encryption Spec Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as std from "@pulumi/std";
import * as time from "@pulumiverse/time";
const project = new gcp.organizations.Project("project", {
projectId: "my-proj",
name: "my-proj",
orgId: "123456789",
billingAccount: "000000-0000000-0000000-000000",
deletionPolicy: "DELETE",
});
const cloudkms = new gcp.projects.Service("cloudkms", {
project: project.projectId,
service: "cloudkms.googleapis.com",
});
const dialogflow = new gcp.projects.Service("dialogflow", {
project: project.projectId,
service: "dialogflow.googleapis.com",
});
const waitEnableServiceApi = new time.index.Sleep("wait_enable_service_api", {createDuration: "30s"}, {
dependsOn: [
cloudkms,
dialogflow,
],
});
const gcpSa = new gcp.projects.ServiceIdentity("gcp_sa", {
service: "dialogflow.googleapis.com",
project: project.projectId,
}, {
dependsOn: [waitEnableServiceApi],
});
const waitCreateSa = new time.index.Sleep("wait_create_sa", {createDuration: "30s"}, {
dependsOn: [gcpSa],
});
const keyring = new gcp.kms.KeyRing("keyring", {
name: "my-keyring",
location: "us-central1",
project: project.projectId,
}, {
dependsOn: [waitEnableServiceApi],
});
const key = new gcp.kms.CryptoKey("key", {
name: "my-key",
keyRing: keyring.id,
purpose: "ENCRYPT_DECRYPT",
});
const cryptoKey = new gcp.kms.CryptoKeyIAMMember("crypto_key", {
cryptoKeyId: key.id,
member: std.replaceOutput({
text: gcpSa.member,
search: "@gcp-sa-dialogflow.iam",
replace: "@gcp-sa-ccai-cmek.iam",
}).apply(invoke => invoke.result),
role: "roles/cloudkms.cryptoKeyEncrypterDecrypter",
}, {
dependsOn: [waitCreateSa],
});
const my_encryption_spec = new gcp.diagflow.EncryptionSpec("my-encryption-spec", {
project: project.projectId,
location: "us-central1",
encryptionSpec: {
kmsKey: key.id,
},
}, {
dependsOn: [cryptoKey],
});
import pulumi
import pulumi_gcp as gcp
import pulumi_std as std
import pulumi_time as time
project = gcp.organizations.Project("project",
project_id="my-proj",
name="my-proj",
org_id="123456789",
billing_account="000000-0000000-0000000-000000",
deletion_policy="DELETE")
cloudkms = gcp.projects.Service("cloudkms",
project=project.project_id,
service="cloudkms.googleapis.com")
dialogflow = gcp.projects.Service("dialogflow",
project=project.project_id,
service="dialogflow.googleapis.com")
wait_enable_service_api = time.index.Sleep("wait_enable_service_api", create_duration=30s,
opts = pulumi.ResourceOptions(depends_on=[
cloudkms,
dialogflow,
]))
gcp_sa = gcp.projects.ServiceIdentity("gcp_sa",
service="dialogflow.googleapis.com",
project=project.project_id,
opts = pulumi.ResourceOptions(depends_on=[wait_enable_service_api]))
wait_create_sa = time.index.Sleep("wait_create_sa", create_duration=30s,
opts = pulumi.ResourceOptions(depends_on=[gcp_sa]))
keyring = gcp.kms.KeyRing("keyring",
name="my-keyring",
location="us-central1",
project=project.project_id,
opts = pulumi.ResourceOptions(depends_on=[wait_enable_service_api]))
key = gcp.kms.CryptoKey("key",
name="my-key",
key_ring=keyring.id,
purpose="ENCRYPT_DECRYPT")
crypto_key = gcp.kms.CryptoKeyIAMMember("crypto_key",
crypto_key_id=key.id,
member=std.replace_output(text=gcp_sa.member,
search="@gcp-sa-dialogflow.iam",
replace="@gcp-sa-ccai-cmek.iam").apply(lambda invoke: invoke.result),
role="roles/cloudkms.cryptoKeyEncrypterDecrypter",
opts = pulumi.ResourceOptions(depends_on=[wait_create_sa]))
my_encryption_spec = gcp.diagflow.EncryptionSpec("my-encryption-spec",
project=project.project_id,
location="us-central1",
encryption_spec={
"kms_key": key.id,
},
opts = pulumi.ResourceOptions(depends_on=[crypto_key]))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/diagflow"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/projects"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi-time/sdk/go/time"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
project, err := organizations.NewProject(ctx, "project", &organizations.ProjectArgs{
ProjectId: pulumi.String("my-proj"),
Name: pulumi.String("my-proj"),
OrgId: pulumi.String("123456789"),
BillingAccount: pulumi.String("000000-0000000-0000000-000000"),
DeletionPolicy: pulumi.String("DELETE"),
})
if err != nil {
return err
}
cloudkms, err := projects.NewService(ctx, "cloudkms", &projects.ServiceArgs{
Project: project.ProjectId,
Service: pulumi.String("cloudkms.googleapis.com"),
})
if err != nil {
return err
}
dialogflow, err := projects.NewService(ctx, "dialogflow", &projects.ServiceArgs{
Project: project.ProjectId,
Service: pulumi.String("dialogflow.googleapis.com"),
})
if err != nil {
return err
}
waitEnableServiceApi, err := time.NewSleep(ctx, "wait_enable_service_api", &time.SleepArgs{
CreateDuration: "30s",
}, pulumi.DependsOn([]pulumi.Resource{
cloudkms,
dialogflow,
}))
if err != nil {
return err
}
gcpSa, err := projects.NewServiceIdentity(ctx, "gcp_sa", &projects.ServiceIdentityArgs{
Service: pulumi.String("dialogflow.googleapis.com"),
Project: project.ProjectId,
}, pulumi.DependsOn([]pulumi.Resource{
waitEnableServiceApi,
}))
if err != nil {
return err
}
waitCreateSa, err := time.NewSleep(ctx, "wait_create_sa", &time.SleepArgs{
CreateDuration: "30s",
}, pulumi.DependsOn([]pulumi.Resource{
gcpSa,
}))
if err != nil {
return err
}
keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{
Name: pulumi.String("my-keyring"),
Location: pulumi.String("us-central1"),
Project: project.ProjectId,
}, pulumi.DependsOn([]pulumi.Resource{
waitEnableServiceApi,
}))
if err != nil {
return err
}
key, err := kms.NewCryptoKey(ctx, "key", &kms.CryptoKeyArgs{
Name: pulumi.String("my-key"),
KeyRing: keyring.ID(),
Purpose: pulumi.String("ENCRYPT_DECRYPT"),
})
if err != nil {
return err
}
cryptoKey, err := kms.NewCryptoKeyIAMMember(ctx, "crypto_key", &kms.CryptoKeyIAMMemberArgs{
CryptoKeyId: key.ID(),
Member: pulumi.String(std.ReplaceOutput(ctx, std.ReplaceOutputArgs{
Text: gcpSa.Member,
Search: pulumi.String("@gcp-sa-dialogflow.iam"),
Replace: pulumi.String("@gcp-sa-ccai-cmek.iam"),
}, nil).ApplyT(func(invoke std.ReplaceResult) (*string, error) {
return invoke.Result, nil
}).(pulumi.StringPtrOutput)),
Role: pulumi.String("roles/cloudkms.cryptoKeyEncrypterDecrypter"),
}, pulumi.DependsOn([]pulumi.Resource{
waitCreateSa,
}))
if err != nil {
return err
}
_, err = diagflow.NewEncryptionSpec(ctx, "my-encryption-spec", &diagflow.EncryptionSpecArgs{
Project: project.ProjectId,
Location: pulumi.String("us-central1"),
EncryptionSpec: &diagflow.EncryptionSpecEncryptionSpecArgs{
KmsKey: key.ID(),
},
}, pulumi.DependsOn([]pulumi.Resource{
cryptoKey,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Std = Pulumi.Std;
using Time = Pulumi.Time;
return await Deployment.RunAsync(() =>
{
var project = new Gcp.Organizations.Project("project", new()
{
ProjectId = "my-proj",
Name = "my-proj",
OrgId = "123456789",
BillingAccount = "000000-0000000-0000000-000000",
DeletionPolicy = "DELETE",
});
var cloudkms = new Gcp.Projects.Service("cloudkms", new()
{
Project = project.ProjectId,
ServiceName = "cloudkms.googleapis.com",
});
var dialogflow = new Gcp.Projects.Service("dialogflow", new()
{
Project = project.ProjectId,
ServiceName = "dialogflow.googleapis.com",
});
var waitEnableServiceApi = new Time.Index.Sleep("wait_enable_service_api", new()
{
CreateDuration = "30s",
}, new CustomResourceOptions
{
DependsOn =
{
cloudkms,
dialogflow,
},
});
var gcpSa = new Gcp.Projects.ServiceIdentity("gcp_sa", new()
{
Service = "dialogflow.googleapis.com",
Project = project.ProjectId,
}, new CustomResourceOptions
{
DependsOn =
{
waitEnableServiceApi,
},
});
var waitCreateSa = new Time.Index.Sleep("wait_create_sa", new()
{
CreateDuration = "30s",
}, new CustomResourceOptions
{
DependsOn =
{
gcpSa,
},
});
var keyring = new Gcp.Kms.KeyRing("keyring", new()
{
Name = "my-keyring",
Location = "us-central1",
Project = project.ProjectId,
}, new CustomResourceOptions
{
DependsOn =
{
waitEnableServiceApi,
},
});
var key = new Gcp.Kms.CryptoKey("key", new()
{
Name = "my-key",
KeyRing = keyring.Id,
Purpose = "ENCRYPT_DECRYPT",
});
var cryptoKey = new Gcp.Kms.CryptoKeyIAMMember("crypto_key", new()
{
CryptoKeyId = key.Id,
Member = Std.Replace.Invoke(new()
{
Text = gcpSa.Member,
Search = "@gcp-sa-dialogflow.iam",
Replace = "@gcp-sa-ccai-cmek.iam",
}).Apply(invoke => invoke.Result),
Role = "roles/cloudkms.cryptoKeyEncrypterDecrypter",
}, new CustomResourceOptions
{
DependsOn =
{
waitCreateSa,
},
});
var my_encryption_spec = new Gcp.Diagflow.EncryptionSpec("my-encryption-spec", new()
{
Project = project.ProjectId,
Location = "us-central1",
EncryptionSpecName = new Gcp.Diagflow.Inputs.EncryptionSpecEncryptionSpecArgs
{
KmsKey = key.Id,
},
}, new CustomResourceOptions
{
DependsOn =
{
cryptoKey,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.Project;
import com.pulumi.gcp.organizations.ProjectArgs;
import com.pulumi.gcp.projects.Service;
import com.pulumi.gcp.projects.ServiceArgs;
import com.pulumi.time.sleep;
import com.pulumi.time.sleepArgs;
import com.pulumi.gcp.projects.ServiceIdentity;
import com.pulumi.gcp.projects.ServiceIdentityArgs;
import com.pulumi.gcp.kms.KeyRing;
import com.pulumi.gcp.kms.KeyRingArgs;
import com.pulumi.gcp.kms.CryptoKey;
import com.pulumi.gcp.kms.CryptoKeyArgs;
import com.pulumi.gcp.kms.CryptoKeyIAMMember;
import com.pulumi.gcp.kms.CryptoKeyIAMMemberArgs;
import com.pulumi.std.StdFunctions;
import com.pulumi.std.inputs.ReplaceArgs;
import com.pulumi.gcp.diagflow.EncryptionSpec;
import com.pulumi.gcp.diagflow.EncryptionSpecArgs;
import com.pulumi.gcp.diagflow.inputs.EncryptionSpecEncryptionSpecArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var project = new Project("project", ProjectArgs.builder()
.projectId("my-proj")
.name("my-proj")
.orgId("123456789")
.billingAccount("000000-0000000-0000000-000000")
.deletionPolicy("DELETE")
.build());
var cloudkms = new Service("cloudkms", ServiceArgs.builder()
.project(project.projectId())
.service("cloudkms.googleapis.com")
.build());
var dialogflow = new Service("dialogflow", ServiceArgs.builder()
.project(project.projectId())
.service("dialogflow.googleapis.com")
.build());
var waitEnableServiceApi = new Sleep("waitEnableServiceApi", SleepArgs.builder()
.createDuration("30s")
.build(), CustomResourceOptions.builder()
.dependsOn(List.of(
cloudkms,
dialogflow))
.build());
var gcpSa = new ServiceIdentity("gcpSa", ServiceIdentityArgs.builder()
.service("dialogflow.googleapis.com")
.project(project.projectId())
.build(), CustomResourceOptions.builder()
.dependsOn(waitEnableServiceApi)
.build());
var waitCreateSa = new Sleep("waitCreateSa", SleepArgs.builder()
.createDuration("30s")
.build(), CustomResourceOptions.builder()
.dependsOn(List.of(gcpSa))
.build());
var keyring = new KeyRing("keyring", KeyRingArgs.builder()
.name("my-keyring")
.location("us-central1")
.project(project.projectId())
.build(), CustomResourceOptions.builder()
.dependsOn(waitEnableServiceApi)
.build());
var key = new CryptoKey("key", CryptoKeyArgs.builder()
.name("my-key")
.keyRing(keyring.id())
.purpose("ENCRYPT_DECRYPT")
.build());
var cryptoKey = new CryptoKeyIAMMember("cryptoKey", CryptoKeyIAMMemberArgs.builder()
.cryptoKeyId(key.id())
.member(StdFunctions.replace(ReplaceArgs.builder()
.text(gcpSa.member())
.search("@gcp-sa-dialogflow.iam")
.replace("@gcp-sa-ccai-cmek.iam")
.build()).applyValue(_invoke -> _invoke.result()))
.role("roles/cloudkms.cryptoKeyEncrypterDecrypter")
.build(), CustomResourceOptions.builder()
.dependsOn(waitCreateSa)
.build());
var my_encryption_spec = new EncryptionSpec("my-encryption-spec", EncryptionSpecArgs.builder()
.project(project.projectId())
.location("us-central1")
.encryptionSpec(EncryptionSpecEncryptionSpecArgs.builder()
.kmsKey(key.id())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(cryptoKey)
.build());
}
}
resources:
project:
type: gcp:organizations:Project
properties:
projectId: my-proj
name: my-proj
orgId: '123456789'
billingAccount: 000000-0000000-0000000-000000
deletionPolicy: DELETE
cloudkms:
type: gcp:projects:Service
properties:
project: ${project.projectId}
service: cloudkms.googleapis.com
dialogflow:
type: gcp:projects:Service
properties:
project: ${project.projectId}
service: dialogflow.googleapis.com
waitEnableServiceApi:
type: time:sleep
name: wait_enable_service_api
properties:
createDuration: 30s
options:
dependsOn:
- ${cloudkms}
- ${dialogflow}
gcpSa:
type: gcp:projects:ServiceIdentity
name: gcp_sa
properties:
service: dialogflow.googleapis.com
project: ${project.projectId}
options:
dependsOn:
- ${waitEnableServiceApi}
waitCreateSa:
type: time:sleep
name: wait_create_sa
properties:
createDuration: 30s
options:
dependsOn:
- ${gcpSa}
keyring:
type: gcp:kms:KeyRing
properties:
name: my-keyring
location: us-central1
project: ${project.projectId}
options:
dependsOn:
- ${waitEnableServiceApi}
key:
type: gcp:kms:CryptoKey
properties:
name: my-key
keyRing: ${keyring.id}
purpose: ENCRYPT_DECRYPT
cryptoKey:
type: gcp:kms:CryptoKeyIAMMember
name: crypto_key
properties:
cryptoKeyId: ${key.id}
member:
fn::invoke:
function: std:replace
arguments:
text: ${gcpSa.member}
search: '@gcp-sa-dialogflow.iam'
replace: '@gcp-sa-ccai-cmek.iam'
return: result
role: roles/cloudkms.cryptoKeyEncrypterDecrypter
options:
dependsOn:
- ${waitCreateSa}
my-encryption-spec:
type: gcp:diagflow:EncryptionSpec
properties:
project: ${project.projectId}
location: us-central1
encryptionSpec:
kmsKey: ${key.id}
options:
dependsOn:
- ${cryptoKey}
Create EncryptionSpec Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new EncryptionSpec(name: string, args: EncryptionSpecArgs, opts?: CustomResourceOptions);@overload
def EncryptionSpec(resource_name: str,
args: EncryptionSpecArgs,
opts: Optional[ResourceOptions] = None)
@overload
def EncryptionSpec(resource_name: str,
opts: Optional[ResourceOptions] = None,
encryption_spec: Optional[EncryptionSpecEncryptionSpecArgs] = None,
location: Optional[str] = None,
project: Optional[str] = None)func NewEncryptionSpec(ctx *Context, name string, args EncryptionSpecArgs, opts ...ResourceOption) (*EncryptionSpec, error)public EncryptionSpec(string name, EncryptionSpecArgs args, CustomResourceOptions? opts = null)
public EncryptionSpec(String name, EncryptionSpecArgs args)
public EncryptionSpec(String name, EncryptionSpecArgs args, CustomResourceOptions options)
type: gcp:diagflow:EncryptionSpec
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args EncryptionSpecArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args EncryptionSpecArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args EncryptionSpecArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args EncryptionSpecArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args EncryptionSpecArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var encryptionSpecResource = new Gcp.Diagflow.EncryptionSpec("encryptionSpecResource", new()
{
EncryptionSpecName = new Gcp.Diagflow.Inputs.EncryptionSpecEncryptionSpecArgs
{
KmsKey = "string",
},
Location = "string",
Project = "string",
});
example, err := diagflow.NewEncryptionSpec(ctx, "encryptionSpecResource", &diagflow.EncryptionSpecArgs{
EncryptionSpec: &diagflow.EncryptionSpecEncryptionSpecArgs{
KmsKey: pulumi.String("string"),
},
Location: pulumi.String("string"),
Project: pulumi.String("string"),
})
var encryptionSpecResource = new EncryptionSpec("encryptionSpecResource", EncryptionSpecArgs.builder()
.encryptionSpec(EncryptionSpecEncryptionSpecArgs.builder()
.kmsKey("string")
.build())
.location("string")
.project("string")
.build());
encryption_spec_resource = gcp.diagflow.EncryptionSpec("encryptionSpecResource",
encryption_spec={
"kms_key": "string",
},
location="string",
project="string")
const encryptionSpecResource = new gcp.diagflow.EncryptionSpec("encryptionSpecResource", {
encryptionSpec: {
kmsKey: "string",
},
location: "string",
project: "string",
});
type: gcp:diagflow:EncryptionSpec
properties:
encryptionSpec:
kmsKey: string
location: string
project: string
EncryptionSpec Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The EncryptionSpec resource accepts the following input properties:
- Encryption
Spec EncryptionName Spec Encryption Spec - A nested object resource. Structure is documented below.
- Location string
- The location in which the encryptionSpec is to be initialized.
- Project string
- Encryption
Spec EncryptionSpec Encryption Spec Args - A nested object resource. Structure is documented below.
- Location string
- The location in which the encryptionSpec is to be initialized.
- Project string
- encryption
Spec EncryptionSpec Encryption Spec - A nested object resource. Structure is documented below.
- location String
- The location in which the encryptionSpec is to be initialized.
- project String
- encryption
Spec EncryptionSpec Encryption Spec - A nested object resource. Structure is documented below.
- location string
- The location in which the encryptionSpec is to be initialized.
- project string
- encryption_
spec EncryptionSpec Encryption Spec Args - A nested object resource. Structure is documented below.
- location str
- The location in which the encryptionSpec is to be initialized.
- project str
- encryption
Spec Property Map - A nested object resource. Structure is documented below.
- location String
- The location in which the encryptionSpec is to be initialized.
- project String
Outputs
All input properties are implicitly available as output properties. Additionally, the EncryptionSpec resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing EncryptionSpec Resource
Get an existing EncryptionSpec resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: EncryptionSpecState, opts?: CustomResourceOptions): EncryptionSpec@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
encryption_spec: Optional[EncryptionSpecEncryptionSpecArgs] = None,
location: Optional[str] = None,
project: Optional[str] = None) -> EncryptionSpecfunc GetEncryptionSpec(ctx *Context, name string, id IDInput, state *EncryptionSpecState, opts ...ResourceOption) (*EncryptionSpec, error)public static EncryptionSpec Get(string name, Input<string> id, EncryptionSpecState? state, CustomResourceOptions? opts = null)public static EncryptionSpec get(String name, Output<String> id, EncryptionSpecState state, CustomResourceOptions options)resources: _: type: gcp:diagflow:EncryptionSpec get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Encryption
Spec EncryptionName Spec Encryption Spec - A nested object resource. Structure is documented below.
- Location string
- The location in which the encryptionSpec is to be initialized.
- Project string
- Encryption
Spec EncryptionSpec Encryption Spec Args - A nested object resource. Structure is documented below.
- Location string
- The location in which the encryptionSpec is to be initialized.
- Project string
- encryption
Spec EncryptionSpec Encryption Spec - A nested object resource. Structure is documented below.
- location String
- The location in which the encryptionSpec is to be initialized.
- project String
- encryption
Spec EncryptionSpec Encryption Spec - A nested object resource. Structure is documented below.
- location string
- The location in which the encryptionSpec is to be initialized.
- project string
- encryption_
spec EncryptionSpec Encryption Spec Args - A nested object resource. Structure is documented below.
- location str
- The location in which the encryptionSpec is to be initialized.
- project str
- encryption
Spec Property Map - A nested object resource. Structure is documented below.
- location String
- The location in which the encryptionSpec is to be initialized.
- project String
Supporting Types
EncryptionSpecEncryptionSpec, EncryptionSpecEncryptionSpecArgs
- Kms
Key string - The name of customer-managed encryption key that is used to secure a resource and its sub-resources.
If empty, the resource is secured by the default Google encryption key.
Only the key in the same location as this resource is allowed to be used for encryption.
Format: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{key}
- Kms
Key string - The name of customer-managed encryption key that is used to secure a resource and its sub-resources.
If empty, the resource is secured by the default Google encryption key.
Only the key in the same location as this resource is allowed to be used for encryption.
Format: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{key}
- kms
Key String - The name of customer-managed encryption key that is used to secure a resource and its sub-resources.
If empty, the resource is secured by the default Google encryption key.
Only the key in the same location as this resource is allowed to be used for encryption.
Format: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{key}
- kms
Key string - The name of customer-managed encryption key that is used to secure a resource and its sub-resources.
If empty, the resource is secured by the default Google encryption key.
Only the key in the same location as this resource is allowed to be used for encryption.
Format: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{key}
- kms_
key str - The name of customer-managed encryption key that is used to secure a resource and its sub-resources.
If empty, the resource is secured by the default Google encryption key.
Only the key in the same location as this resource is allowed to be used for encryption.
Format: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{key}
- kms
Key String - The name of customer-managed encryption key that is used to secure a resource and its sub-resources.
If empty, the resource is secured by the default Google encryption key.
Only the key in the same location as this resource is allowed to be used for encryption.
Format: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{key}
Import
This resource does not support import.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.