Docs
Packagesgcp.dns.getKeys
Explore with Pulumi AI
Get the DNSKEY and DS records of DNSSEC-signed managed zones. For more information see the official documentation and API.
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var foo = new Gcp.Dns.ManagedZone("foo", new()
{
DnsName = "foo.bar.",
DnssecConfig = new Gcp.Dns.Inputs.ManagedZoneDnssecConfigArgs
{
State = "on",
NonExistence = "nsec3",
},
});
var fooDnsKeys = Gcp.Dns.GetKeys.Invoke(new()
{
ManagedZone = foo.Id,
});
return new Dictionary<string, object?>
{
["fooDnsDsRecord"] = fooDnsKeys.Apply(getKeysResult => getKeysResult.KeySigningKeys[0]?.DsRecord),
};
});
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/dns"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
foo, err := dns.NewManagedZone(ctx, "foo", &dns.ManagedZoneArgs{
DnsName: pulumi.String("foo.bar."),
DnssecConfig: &dns.ManagedZoneDnssecConfigArgs{
State: pulumi.String("on"),
NonExistence: pulumi.String("nsec3"),
},
})
if err != nil {
return err
}
fooDnsKeys := dns.GetKeysOutput(ctx, dns.GetKeysOutputArgs{
ManagedZone: foo.ID(),
}, nil)
ctx.Export("fooDnsDsRecord", fooDnsKeys.ApplyT(func(fooDnsKeys dns.GetKeysResult) (*string, error) {
return &fooDnsKeys.KeySigningKeys[0].DsRecord, nil
}).(pulumi.StringPtrOutput))
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.dns.ManagedZone;
import com.pulumi.gcp.dns.ManagedZoneArgs;
import com.pulumi.gcp.dns.inputs.ManagedZoneDnssecConfigArgs;
import com.pulumi.gcp.dns.DnsFunctions;
import com.pulumi.gcp.dns.inputs.GetKeysArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var foo = new ManagedZone("foo", ManagedZoneArgs.builder()
.dnsName("foo.bar.")
.dnssecConfig(ManagedZoneDnssecConfigArgs.builder()
.state("on")
.nonExistence("nsec3")
.build())
.build());
final var fooDnsKeys = DnsFunctions.getKeys(GetKeysArgs.builder()
.managedZone(foo.id())
.build());
ctx.export("fooDnsDsRecord", fooDnsKeys.applyValue(getKeysResult -> getKeysResult).applyValue(fooDnsKeys -> fooDnsKeys.applyValue(getKeysResult -> getKeysResult.keySigningKeys()[0].dsRecord())));
}
}
import pulumi
import pulumi_gcp as gcp
foo = gcp.dns.ManagedZone("foo",
dns_name="foo.bar.",
dnssec_config=gcp.dns.ManagedZoneDnssecConfigArgs(
state="on",
non_existence="nsec3",
))
foo_dns_keys = gcp.dns.get_keys_output(managed_zone=foo.id)
pulumi.export("fooDnsDsRecord", foo_dns_keys.key_signing_keys[0].ds_record)
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const foo = new gcp.dns.ManagedZone("foo", {
dnsName: "foo.bar.",
dnssecConfig: {
state: "on",
nonExistence: "nsec3",
},
});
const fooDnsKeys = gcp.dns.getKeysOutput({
managedZone: foo.id,
});
export const fooDnsDsRecord = fooDnsKeys.apply(fooDnsKeys => fooDnsKeys.keySigningKeys?.[0]?.dsRecord);
resources:
foo:
type: gcp:dns:ManagedZone
properties:
dnsName: foo.bar.
dnssecConfig:
state: on
nonExistence: nsec3
variables:
fooDnsKeys:
fn::invoke:
Function: gcp:dns:getKeys
Arguments:
managedZone: ${foo.id}
outputs:
fooDnsDsRecord: ${fooDnsKeys.keySigningKeys[0].dsRecord}
Using getKeys
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getKeys(args: GetKeysArgs, opts?: InvokeOptions): Promise<GetKeysResult>
function getKeysOutput(args: GetKeysOutputArgs, opts?: InvokeOptions): Output<GetKeysResult>def get_keys(managed_zone: Optional[str] = None,
project: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetKeysResult
def get_keys_output(managed_zone: Optional[pulumi.Input[str]] = None,
project: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetKeysResult]func GetKeys(ctx *Context, args *GetKeysArgs, opts ...InvokeOption) (*GetKeysResult, error)
func GetKeysOutput(ctx *Context, args *GetKeysOutputArgs, opts ...InvokeOption) GetKeysResultOutput> Note: This function is named GetKeys in the Go SDK.
public static class GetKeys
{
public static Task<GetKeysResult> InvokeAsync(GetKeysArgs args, InvokeOptions? opts = null)
public static Output<GetKeysResult> Invoke(GetKeysInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetKeysResult> getKeys(GetKeysArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: gcp:dns/getKeys:getKeys
arguments:
# arguments dictionaryThe following arguments are supported:
- Managed
Zone string The name or id of the Cloud DNS managed zone.
- Project string
The ID of the project in which the resource belongs. If
projectis not provided, the provider project is used.
- Managed
Zone string The name or id of the Cloud DNS managed zone.
- Project string
The ID of the project in which the resource belongs. If
projectis not provided, the provider project is used.
- managed
Zone String The name or id of the Cloud DNS managed zone.
- project String
The ID of the project in which the resource belongs. If
projectis not provided, the provider project is used.
- managed
Zone string The name or id of the Cloud DNS managed zone.
- project string
The ID of the project in which the resource belongs. If
projectis not provided, the provider project is used.
- managed_
zone str The name or id of the Cloud DNS managed zone.
- project str
The ID of the project in which the resource belongs. If
projectis not provided, the provider project is used.
- managed
Zone String The name or id of the Cloud DNS managed zone.
- project String
The ID of the project in which the resource belongs. If
projectis not provided, the provider project is used.
getKeys Result
The following output properties are available:
- Id string
Unique identifier for the resource; defined by the server.
- Key
Signing List<GetKeys Keys Key Signing Key> A list of Key-signing key (KSK) records. Structure is documented below. Additionally, the DS record is provided:
- Managed
Zone string - Project string
- Zone
Signing List<GetKeys Keys Zone Signing Key> A list of Zone-signing key (ZSK) records. Structure is documented below.
- Id string
Unique identifier for the resource; defined by the server.
- Key
Signing []GetKeys Keys Key Signing Key A list of Key-signing key (KSK) records. Structure is documented below. Additionally, the DS record is provided:
- Managed
Zone string - Project string
- Zone
Signing []GetKeys Keys Zone Signing Key A list of Zone-signing key (ZSK) records. Structure is documented below.
- id String
Unique identifier for the resource; defined by the server.
- key
Signing List<GetKeys Keys Key Signing Key> A list of Key-signing key (KSK) records. Structure is documented below. Additionally, the DS record is provided:
- managed
Zone String - project String
- zone
Signing List<GetKeys Keys Zone Signing Key> A list of Zone-signing key (ZSK) records. Structure is documented below.
- id string
Unique identifier for the resource; defined by the server.
- key
Signing GetKeys Keys Key Signing Key[] A list of Key-signing key (KSK) records. Structure is documented below. Additionally, the DS record is provided:
- managed
Zone string - project string
- zone
Signing GetKeys Keys Zone Signing Key[] A list of Zone-signing key (ZSK) records. Structure is documented below.
- id str
Unique identifier for the resource; defined by the server.
- key_
signing_ Sequence[Getkeys Keys Key Signing Key] A list of Key-signing key (KSK) records. Structure is documented below. Additionally, the DS record is provided:
- managed_
zone str - project str
- zone_
signing_ Sequence[Getkeys Keys Zone Signing Key] A list of Zone-signing key (ZSK) records. Structure is documented below.
- id String
Unique identifier for the resource; defined by the server.
- key
Signing List<Property Map>Keys A list of Key-signing key (KSK) records. Structure is documented below. Additionally, the DS record is provided:
- managed
Zone String - project String
- zone
Signing List<Property Map>Keys A list of Zone-signing key (ZSK) records. Structure is documented below.
Supporting Types
GetKeysKeySigningKey
- Algorithm string
String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. Possible values are
ecdsap256sha256,ecdsap384sha384,rsasha1,rsasha256, andrsasha512.- Creation
Time string The time that this resource was created in the control plane. This is in RFC3339 text format.
- Description string
A mutable string of at most 1024 characters associated with this resource for the user's convenience.
- Digests
List<Get
Keys Key Signing Key Digest> A list of cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Each contains:
- Ds
Record string The DS record based on the KSK record. This is used when delegating DNSSEC-signed subdomains.
- Id string
Unique identifier for the resource; defined by the server.
- Is
Active bool Active keys will be used to sign subsequent changes to the ManagedZone. Inactive keys will still be present as DNSKEY Resource Records for the use of resolvers validating existing signatures.
- Key
Length int Length of the key in bits. Specified at creation time then immutable.
- Key
Tag int The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B.
- Public
Key string Base64 encoded public half of this key.
- Algorithm string
String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. Possible values are
ecdsap256sha256,ecdsap384sha384,rsasha1,rsasha256, andrsasha512.- Creation
Time string The time that this resource was created in the control plane. This is in RFC3339 text format.
- Description string
A mutable string of at most 1024 characters associated with this resource for the user's convenience.
- Digests
[]Get
Keys Key Signing Key Digest A list of cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Each contains:
- Ds
Record string The DS record based on the KSK record. This is used when delegating DNSSEC-signed subdomains.
- Id string
Unique identifier for the resource; defined by the server.
- Is
Active bool Active keys will be used to sign subsequent changes to the ManagedZone. Inactive keys will still be present as DNSKEY Resource Records for the use of resolvers validating existing signatures.
- Key
Length int Length of the key in bits. Specified at creation time then immutable.
- Key
Tag int The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B.
- Public
Key string Base64 encoded public half of this key.
- algorithm String
String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. Possible values are
ecdsap256sha256,ecdsap384sha384,rsasha1,rsasha256, andrsasha512.- creation
Time String The time that this resource was created in the control plane. This is in RFC3339 text format.
- description String
A mutable string of at most 1024 characters associated with this resource for the user's convenience.
- digests
List<Get
Keys Key Signing Key Digest> A list of cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Each contains:
- ds
Record String The DS record based on the KSK record. This is used when delegating DNSSEC-signed subdomains.
- id String
Unique identifier for the resource; defined by the server.
- is
Active Boolean Active keys will be used to sign subsequent changes to the ManagedZone. Inactive keys will still be present as DNSKEY Resource Records for the use of resolvers validating existing signatures.
- key
Length Integer Length of the key in bits. Specified at creation time then immutable.
- key
Tag Integer The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B.
- public
Key String Base64 encoded public half of this key.
- algorithm string
String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. Possible values are
ecdsap256sha256,ecdsap384sha384,rsasha1,rsasha256, andrsasha512.- creation
Time string The time that this resource was created in the control plane. This is in RFC3339 text format.
- description string
A mutable string of at most 1024 characters associated with this resource for the user's convenience.
- digests
Get
Keys Key Signing Key Digest[] A list of cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Each contains:
- ds
Record string The DS record based on the KSK record. This is used when delegating DNSSEC-signed subdomains.
- id string
Unique identifier for the resource; defined by the server.
- is
Active boolean Active keys will be used to sign subsequent changes to the ManagedZone. Inactive keys will still be present as DNSKEY Resource Records for the use of resolvers validating existing signatures.
- key
Length number Length of the key in bits. Specified at creation time then immutable.
- key
Tag number The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B.
- public
Key string Base64 encoded public half of this key.
- algorithm str
String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. Possible values are
ecdsap256sha256,ecdsap384sha384,rsasha1,rsasha256, andrsasha512.- creation_
time str The time that this resource was created in the control plane. This is in RFC3339 text format.
- description str
A mutable string of at most 1024 characters associated with this resource for the user's convenience.
- digests
Sequence[Get
Keys Key Signing Key Digest] A list of cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Each contains:
- ds_
record str The DS record based on the KSK record. This is used when delegating DNSSEC-signed subdomains.
- id str
Unique identifier for the resource; defined by the server.
- is_
active bool Active keys will be used to sign subsequent changes to the ManagedZone. Inactive keys will still be present as DNSKEY Resource Records for the use of resolvers validating existing signatures.
- key_
length int Length of the key in bits. Specified at creation time then immutable.
- key_
tag int The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B.
- public_
key str Base64 encoded public half of this key.
- algorithm String
String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. Possible values are
ecdsap256sha256,ecdsap384sha384,rsasha1,rsasha256, andrsasha512.- creation
Time String The time that this resource was created in the control plane. This is in RFC3339 text format.
- description String
A mutable string of at most 1024 characters associated with this resource for the user's convenience.
- digests List<Property Map>
A list of cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Each contains:
- ds
Record String The DS record based on the KSK record. This is used when delegating DNSSEC-signed subdomains.
- id String
Unique identifier for the resource; defined by the server.
- is
Active Boolean Active keys will be used to sign subsequent changes to the ManagedZone. Inactive keys will still be present as DNSKEY Resource Records for the use of resolvers validating existing signatures.
- key
Length Number Length of the key in bits. Specified at creation time then immutable.
- key
Tag Number The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B.
- public
Key String Base64 encoded public half of this key.
GetKeysKeySigningKeyDigest
GetKeysZoneSigningKey
- Algorithm string
String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. Possible values are
ecdsap256sha256,ecdsap384sha384,rsasha1,rsasha256, andrsasha512.- Creation
Time string The time that this resource was created in the control plane. This is in RFC3339 text format.
- Description string
A mutable string of at most 1024 characters associated with this resource for the user's convenience.
- Digests
List<Get
Keys Zone Signing Key Digest> A list of cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Each contains:
- Id string
Unique identifier for the resource; defined by the server.
- Is
Active bool Active keys will be used to sign subsequent changes to the ManagedZone. Inactive keys will still be present as DNSKEY Resource Records for the use of resolvers validating existing signatures.
- Key
Length int Length of the key in bits. Specified at creation time then immutable.
- Key
Tag int The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B.
- Public
Key string Base64 encoded public half of this key.
- Algorithm string
String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. Possible values are
ecdsap256sha256,ecdsap384sha384,rsasha1,rsasha256, andrsasha512.- Creation
Time string The time that this resource was created in the control plane. This is in RFC3339 text format.
- Description string
A mutable string of at most 1024 characters associated with this resource for the user's convenience.
- Digests
[]Get
Keys Zone Signing Key Digest A list of cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Each contains:
- Id string
Unique identifier for the resource; defined by the server.
- Is
Active bool Active keys will be used to sign subsequent changes to the ManagedZone. Inactive keys will still be present as DNSKEY Resource Records for the use of resolvers validating existing signatures.
- Key
Length int Length of the key in bits. Specified at creation time then immutable.
- Key
Tag int The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B.
- Public
Key string Base64 encoded public half of this key.
- algorithm String
String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. Possible values are
ecdsap256sha256,ecdsap384sha384,rsasha1,rsasha256, andrsasha512.- creation
Time String The time that this resource was created in the control plane. This is in RFC3339 text format.
- description String
A mutable string of at most 1024 characters associated with this resource for the user's convenience.
- digests
List<Get
Keys Zone Signing Key Digest> A list of cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Each contains:
- id String
Unique identifier for the resource; defined by the server.
- is
Active Boolean Active keys will be used to sign subsequent changes to the ManagedZone. Inactive keys will still be present as DNSKEY Resource Records for the use of resolvers validating existing signatures.
- key
Length Integer Length of the key in bits. Specified at creation time then immutable.
- key
Tag Integer The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B.
- public
Key String Base64 encoded public half of this key.
- algorithm string
String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. Possible values are
ecdsap256sha256,ecdsap384sha384,rsasha1,rsasha256, andrsasha512.- creation
Time string The time that this resource was created in the control plane. This is in RFC3339 text format.
- description string
A mutable string of at most 1024 characters associated with this resource for the user's convenience.
- digests
Get
Keys Zone Signing Key Digest[] A list of cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Each contains:
- id string
Unique identifier for the resource; defined by the server.
- is
Active boolean Active keys will be used to sign subsequent changes to the ManagedZone. Inactive keys will still be present as DNSKEY Resource Records for the use of resolvers validating existing signatures.
- key
Length number Length of the key in bits. Specified at creation time then immutable.
- key
Tag number The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B.
- public
Key string Base64 encoded public half of this key.
- algorithm str
String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. Possible values are
ecdsap256sha256,ecdsap384sha384,rsasha1,rsasha256, andrsasha512.- creation_
time str The time that this resource was created in the control plane. This is in RFC3339 text format.
- description str
A mutable string of at most 1024 characters associated with this resource for the user's convenience.
- digests
Sequence[Get
Keys Zone Signing Key Digest] A list of cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Each contains:
- id str
Unique identifier for the resource; defined by the server.
- is_
active bool Active keys will be used to sign subsequent changes to the ManagedZone. Inactive keys will still be present as DNSKEY Resource Records for the use of resolvers validating existing signatures.
- key_
length int Length of the key in bits. Specified at creation time then immutable.
- key_
tag int The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B.
- public_
key str Base64 encoded public half of this key.
- algorithm String
String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. Possible values are
ecdsap256sha256,ecdsap384sha384,rsasha1,rsasha256, andrsasha512.- creation
Time String The time that this resource was created in the control plane. This is in RFC3339 text format.
- description String
A mutable string of at most 1024 characters associated with this resource for the user's convenience.
- digests List<Property Map>
A list of cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Each contains:
- id String
Unique identifier for the resource; defined by the server.
- is
Active Boolean Active keys will be used to sign subsequent changes to the ManagedZone. Inactive keys will still be present as DNSKEY Resource Records for the use of resolvers validating existing signatures.
- key
Length Number Length of the key in bits. Specified at creation time then immutable.
- key
Tag Number The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B.
- public
Key String Base64 encoded public half of this key.
GetKeysZoneSigningKeyDigest
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
google-betaTerraform Provider.