1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. dns
  5. getKeys
Google Cloud Classic v7.18.0 published on Wednesday, Apr 10, 2024 by Pulumi

gcp.dns.getKeys

Explore with Pulumi AI

gcp logo
Google Cloud Classic v7.18.0 published on Wednesday, Apr 10, 2024 by Pulumi

    Get the DNSKEY and DS records of DNSSEC-signed managed zones.

    For more information see the official documentation and API.

    A gcp.dns.ManagedZone resource must have DNSSEC enabled in order to contain any DNSKEYs. Queries to managed zones without this setting enabled will result in a 404 error as the collection of DNSKEYs does not exist in the DNS API.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const foo = new gcp.dns.ManagedZone("foo", {
        name: "foobar",
        dnsName: "foo.bar.",
        dnssecConfig: {
            state: "on",
            nonExistence: "nsec3",
        },
    });
    const fooDnsKeys = gcp.dns.getKeysOutput({
        managedZone: foo.id,
    });
    export const fooDnsDsRecord = fooDnsKeys.apply(fooDnsKeys => fooDnsKeys.keySigningKeys?.[0]?.dsRecord);
    
    import pulumi
    import pulumi_gcp as gcp
    
    foo = gcp.dns.ManagedZone("foo",
        name="foobar",
        dns_name="foo.bar.",
        dnssec_config=gcp.dns.ManagedZoneDnssecConfigArgs(
            state="on",
            non_existence="nsec3",
        ))
    foo_dns_keys = gcp.dns.get_keys_output(managed_zone=foo.id)
    pulumi.export("fooDnsDsRecord", foo_dns_keys.key_signing_keys[0].ds_record)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		foo, err := dns.NewManagedZone(ctx, "foo", &dns.ManagedZoneArgs{
    			Name:    pulumi.String("foobar"),
    			DnsName: pulumi.String("foo.bar."),
    			DnssecConfig: &dns.ManagedZoneDnssecConfigArgs{
    				State:        pulumi.String("on"),
    				NonExistence: pulumi.String("nsec3"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		fooDnsKeys := dns.GetKeysOutput(ctx, dns.GetKeysOutputArgs{
    			ManagedZone: foo.ID(),
    		}, nil)
    		ctx.Export("fooDnsDsRecord", fooDnsKeys.ApplyT(func(fooDnsKeys dns.GetKeysResult) (*string, error) {
    			return &fooDnsKeys.KeySigningKeys[0].DsRecord, nil
    		}).(pulumi.StringPtrOutput))
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var foo = new Gcp.Dns.ManagedZone("foo", new()
        {
            Name = "foobar",
            DnsName = "foo.bar.",
            DnssecConfig = new Gcp.Dns.Inputs.ManagedZoneDnssecConfigArgs
            {
                State = "on",
                NonExistence = "nsec3",
            },
        });
    
        var fooDnsKeys = Gcp.Dns.GetKeys.Invoke(new()
        {
            ManagedZone = foo.Id,
        });
    
        return new Dictionary<string, object?>
        {
            ["fooDnsDsRecord"] = fooDnsKeys.Apply(getKeysResult => getKeysResult.KeySigningKeys[0]?.DsRecord),
        };
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.dns.ManagedZone;
    import com.pulumi.gcp.dns.ManagedZoneArgs;
    import com.pulumi.gcp.dns.inputs.ManagedZoneDnssecConfigArgs;
    import com.pulumi.gcp.dns.DnsFunctions;
    import com.pulumi.gcp.dns.inputs.GetKeysArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var foo = new ManagedZone("foo", ManagedZoneArgs.builder()        
                .name("foobar")
                .dnsName("foo.bar.")
                .dnssecConfig(ManagedZoneDnssecConfigArgs.builder()
                    .state("on")
                    .nonExistence("nsec3")
                    .build())
                .build());
    
            final var fooDnsKeys = DnsFunctions.getKeys(GetKeysArgs.builder()
                .managedZone(foo.id())
                .build());
    
            ctx.export("fooDnsDsRecord", fooDnsKeys.applyValue(getKeysResult -> getKeysResult).applyValue(fooDnsKeys -> fooDnsKeys.applyValue(getKeysResult -> getKeysResult.keySigningKeys()[0].dsRecord())));
        }
    }
    
    resources:
      foo:
        type: gcp:dns:ManagedZone
        properties:
          name: foobar
          dnsName: foo.bar.
          dnssecConfig:
            state: on
            nonExistence: nsec3
    variables:
      fooDnsKeys:
        fn::invoke:
          Function: gcp:dns:getKeys
          Arguments:
            managedZone: ${foo.id}
    outputs:
      fooDnsDsRecord: ${fooDnsKeys.keySigningKeys[0].dsRecord}
    

    Using getKeys

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getKeys(args: GetKeysArgs, opts?: InvokeOptions): Promise<GetKeysResult>
    function getKeysOutput(args: GetKeysOutputArgs, opts?: InvokeOptions): Output<GetKeysResult>
    def get_keys(managed_zone: Optional[str] = None,
                 project: Optional[str] = None,
                 opts: Optional[InvokeOptions] = None) -> GetKeysResult
    def get_keys_output(managed_zone: Optional[pulumi.Input[str]] = None,
                 project: Optional[pulumi.Input[str]] = None,
                 opts: Optional[InvokeOptions] = None) -> Output[GetKeysResult]
    func GetKeys(ctx *Context, args *GetKeysArgs, opts ...InvokeOption) (*GetKeysResult, error)
    func GetKeysOutput(ctx *Context, args *GetKeysOutputArgs, opts ...InvokeOption) GetKeysResultOutput

    > Note: This function is named GetKeys in the Go SDK.

    public static class GetKeys 
    {
        public static Task<GetKeysResult> InvokeAsync(GetKeysArgs args, InvokeOptions? opts = null)
        public static Output<GetKeysResult> Invoke(GetKeysInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetKeysResult> getKeys(GetKeysArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: gcp:dns/getKeys:getKeys
      arguments:
        # arguments dictionary

    The following arguments are supported:

    ManagedZone string
    The name or id of the Cloud DNS managed zone.
    Project string
    The ID of the project in which the resource belongs. If project is not provided, the provider project is used.
    ManagedZone string
    The name or id of the Cloud DNS managed zone.
    Project string
    The ID of the project in which the resource belongs. If project is not provided, the provider project is used.
    managedZone String
    The name or id of the Cloud DNS managed zone.
    project String
    The ID of the project in which the resource belongs. If project is not provided, the provider project is used.
    managedZone string
    The name or id of the Cloud DNS managed zone.
    project string
    The ID of the project in which the resource belongs. If project is not provided, the provider project is used.
    managed_zone str
    The name or id of the Cloud DNS managed zone.
    project str
    The ID of the project in which the resource belongs. If project is not provided, the provider project is used.
    managedZone String
    The name or id of the Cloud DNS managed zone.
    project String
    The ID of the project in which the resource belongs. If project is not provided, the provider project is used.

    getKeys Result

    The following output properties are available:

    Id string
    Unique identifier for the resource; defined by the server.
    KeySigningKeys List<GetKeysKeySigningKey>
    A list of Key-signing key (KSK) records. Structure is documented below. Additionally, the DS record is provided:
    ManagedZone string
    Project string
    ZoneSigningKeys List<GetKeysZoneSigningKey>
    A list of Zone-signing key (ZSK) records. Structure is documented below.
    Id string
    Unique identifier for the resource; defined by the server.
    KeySigningKeys []GetKeysKeySigningKey
    A list of Key-signing key (KSK) records. Structure is documented below. Additionally, the DS record is provided:
    ManagedZone string
    Project string
    ZoneSigningKeys []GetKeysZoneSigningKey
    A list of Zone-signing key (ZSK) records. Structure is documented below.
    id String
    Unique identifier for the resource; defined by the server.
    keySigningKeys List<GetKeysKeySigningKey>
    A list of Key-signing key (KSK) records. Structure is documented below. Additionally, the DS record is provided:
    managedZone String
    project String
    zoneSigningKeys List<GetKeysZoneSigningKey>
    A list of Zone-signing key (ZSK) records. Structure is documented below.
    id string
    Unique identifier for the resource; defined by the server.
    keySigningKeys GetKeysKeySigningKey[]
    A list of Key-signing key (KSK) records. Structure is documented below. Additionally, the DS record is provided:
    managedZone string
    project string
    zoneSigningKeys GetKeysZoneSigningKey[]
    A list of Zone-signing key (ZSK) records. Structure is documented below.
    id str
    Unique identifier for the resource; defined by the server.
    key_signing_keys Sequence[GetKeysKeySigningKey]
    A list of Key-signing key (KSK) records. Structure is documented below. Additionally, the DS record is provided:
    managed_zone str
    project str
    zone_signing_keys Sequence[GetKeysZoneSigningKey]
    A list of Zone-signing key (ZSK) records. Structure is documented below.
    id String
    Unique identifier for the resource; defined by the server.
    keySigningKeys List<Property Map>
    A list of Key-signing key (KSK) records. Structure is documented below. Additionally, the DS record is provided:
    managedZone String
    project String
    zoneSigningKeys List<Property Map>
    A list of Zone-signing key (ZSK) records. Structure is documented below.

    Supporting Types

    GetKeysKeySigningKey

    Algorithm string
    String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. Possible values are ecdsap256sha256, ecdsap384sha384, rsasha1, rsasha256, and rsasha512.
    CreationTime string
    The time that this resource was created in the control plane. This is in RFC3339 text format.
    Description string
    A mutable string of at most 1024 characters associated with this resource for the user's convenience.
    Digests List<GetKeysKeySigningKeyDigest>
    A list of cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Each contains:
    DsRecord string
    The DS record based on the KSK record. This is used when delegating DNSSEC-signed subdomains.
    Id string
    Unique identifier for the resource; defined by the server.
    IsActive bool
    Active keys will be used to sign subsequent changes to the ManagedZone. Inactive keys will still be present as DNSKEY Resource Records for the use of resolvers validating existing signatures.
    KeyLength int
    Length of the key in bits. Specified at creation time then immutable.
    KeyTag int
    The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B.
    PublicKey string
    Base64 encoded public half of this key.
    Algorithm string
    String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. Possible values are ecdsap256sha256, ecdsap384sha384, rsasha1, rsasha256, and rsasha512.
    CreationTime string
    The time that this resource was created in the control plane. This is in RFC3339 text format.
    Description string
    A mutable string of at most 1024 characters associated with this resource for the user's convenience.
    Digests []GetKeysKeySigningKeyDigest
    A list of cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Each contains:
    DsRecord string
    The DS record based on the KSK record. This is used when delegating DNSSEC-signed subdomains.
    Id string
    Unique identifier for the resource; defined by the server.
    IsActive bool
    Active keys will be used to sign subsequent changes to the ManagedZone. Inactive keys will still be present as DNSKEY Resource Records for the use of resolvers validating existing signatures.
    KeyLength int
    Length of the key in bits. Specified at creation time then immutable.
    KeyTag int
    The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B.
    PublicKey string
    Base64 encoded public half of this key.
    algorithm String
    String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. Possible values are ecdsap256sha256, ecdsap384sha384, rsasha1, rsasha256, and rsasha512.
    creationTime String
    The time that this resource was created in the control plane. This is in RFC3339 text format.
    description String
    A mutable string of at most 1024 characters associated with this resource for the user's convenience.
    digests List<GetKeysKeySigningKeyDigest>
    A list of cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Each contains:
    dsRecord String
    The DS record based on the KSK record. This is used when delegating DNSSEC-signed subdomains.
    id String
    Unique identifier for the resource; defined by the server.
    isActive Boolean
    Active keys will be used to sign subsequent changes to the ManagedZone. Inactive keys will still be present as DNSKEY Resource Records for the use of resolvers validating existing signatures.
    keyLength Integer
    Length of the key in bits. Specified at creation time then immutable.
    keyTag Integer
    The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B.
    publicKey String
    Base64 encoded public half of this key.
    algorithm string
    String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. Possible values are ecdsap256sha256, ecdsap384sha384, rsasha1, rsasha256, and rsasha512.
    creationTime string
    The time that this resource was created in the control plane. This is in RFC3339 text format.
    description string
    A mutable string of at most 1024 characters associated with this resource for the user's convenience.
    digests GetKeysKeySigningKeyDigest[]
    A list of cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Each contains:
    dsRecord string
    The DS record based on the KSK record. This is used when delegating DNSSEC-signed subdomains.
    id string
    Unique identifier for the resource; defined by the server.
    isActive boolean
    Active keys will be used to sign subsequent changes to the ManagedZone. Inactive keys will still be present as DNSKEY Resource Records for the use of resolvers validating existing signatures.
    keyLength number
    Length of the key in bits. Specified at creation time then immutable.
    keyTag number
    The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B.
    publicKey string
    Base64 encoded public half of this key.
    algorithm str
    String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. Possible values are ecdsap256sha256, ecdsap384sha384, rsasha1, rsasha256, and rsasha512.
    creation_time str
    The time that this resource was created in the control plane. This is in RFC3339 text format.
    description str
    A mutable string of at most 1024 characters associated with this resource for the user's convenience.
    digests Sequence[GetKeysKeySigningKeyDigest]
    A list of cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Each contains:
    ds_record str
    The DS record based on the KSK record. This is used when delegating DNSSEC-signed subdomains.
    id str
    Unique identifier for the resource; defined by the server.
    is_active bool
    Active keys will be used to sign subsequent changes to the ManagedZone. Inactive keys will still be present as DNSKEY Resource Records for the use of resolvers validating existing signatures.
    key_length int
    Length of the key in bits. Specified at creation time then immutable.
    key_tag int
    The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B.
    public_key str
    Base64 encoded public half of this key.
    algorithm String
    String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. Possible values are ecdsap256sha256, ecdsap384sha384, rsasha1, rsasha256, and rsasha512.
    creationTime String
    The time that this resource was created in the control plane. This is in RFC3339 text format.
    description String
    A mutable string of at most 1024 characters associated with this resource for the user's convenience.
    digests List<Property Map>
    A list of cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Each contains:
    dsRecord String
    The DS record based on the KSK record. This is used when delegating DNSSEC-signed subdomains.
    id String
    Unique identifier for the resource; defined by the server.
    isActive Boolean
    Active keys will be used to sign subsequent changes to the ManagedZone. Inactive keys will still be present as DNSKEY Resource Records for the use of resolvers validating existing signatures.
    keyLength Number
    Length of the key in bits. Specified at creation time then immutable.
    keyTag Number
    The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B.
    publicKey String
    Base64 encoded public half of this key.

    GetKeysKeySigningKeyDigest

    Digest string
    The base-16 encoded bytes of this digest. Suitable for use in a DS resource record.
    Type string
    Specifies the algorithm used to calculate this digest. Possible values are sha1, sha256 and sha384
    Digest string
    The base-16 encoded bytes of this digest. Suitable for use in a DS resource record.
    Type string
    Specifies the algorithm used to calculate this digest. Possible values are sha1, sha256 and sha384
    digest String
    The base-16 encoded bytes of this digest. Suitable for use in a DS resource record.
    type String
    Specifies the algorithm used to calculate this digest. Possible values are sha1, sha256 and sha384
    digest string
    The base-16 encoded bytes of this digest. Suitable for use in a DS resource record.
    type string
    Specifies the algorithm used to calculate this digest. Possible values are sha1, sha256 and sha384
    digest str
    The base-16 encoded bytes of this digest. Suitable for use in a DS resource record.
    type str
    Specifies the algorithm used to calculate this digest. Possible values are sha1, sha256 and sha384
    digest String
    The base-16 encoded bytes of this digest. Suitable for use in a DS resource record.
    type String
    Specifies the algorithm used to calculate this digest. Possible values are sha1, sha256 and sha384

    GetKeysZoneSigningKey

    Algorithm string
    String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. Possible values are ecdsap256sha256, ecdsap384sha384, rsasha1, rsasha256, and rsasha512.
    CreationTime string
    The time that this resource was created in the control plane. This is in RFC3339 text format.
    Description string
    A mutable string of at most 1024 characters associated with this resource for the user's convenience.
    Digests List<GetKeysZoneSigningKeyDigest>
    A list of cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Each contains:
    Id string
    Unique identifier for the resource; defined by the server.
    IsActive bool
    Active keys will be used to sign subsequent changes to the ManagedZone. Inactive keys will still be present as DNSKEY Resource Records for the use of resolvers validating existing signatures.
    KeyLength int
    Length of the key in bits. Specified at creation time then immutable.
    KeyTag int
    The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B.
    PublicKey string
    Base64 encoded public half of this key.
    Algorithm string
    String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. Possible values are ecdsap256sha256, ecdsap384sha384, rsasha1, rsasha256, and rsasha512.
    CreationTime string
    The time that this resource was created in the control plane. This is in RFC3339 text format.
    Description string
    A mutable string of at most 1024 characters associated with this resource for the user's convenience.
    Digests []GetKeysZoneSigningKeyDigest
    A list of cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Each contains:
    Id string
    Unique identifier for the resource; defined by the server.
    IsActive bool
    Active keys will be used to sign subsequent changes to the ManagedZone. Inactive keys will still be present as DNSKEY Resource Records for the use of resolvers validating existing signatures.
    KeyLength int
    Length of the key in bits. Specified at creation time then immutable.
    KeyTag int
    The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B.
    PublicKey string
    Base64 encoded public half of this key.
    algorithm String
    String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. Possible values are ecdsap256sha256, ecdsap384sha384, rsasha1, rsasha256, and rsasha512.
    creationTime String
    The time that this resource was created in the control plane. This is in RFC3339 text format.
    description String
    A mutable string of at most 1024 characters associated with this resource for the user's convenience.
    digests List<GetKeysZoneSigningKeyDigest>
    A list of cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Each contains:
    id String
    Unique identifier for the resource; defined by the server.
    isActive Boolean
    Active keys will be used to sign subsequent changes to the ManagedZone. Inactive keys will still be present as DNSKEY Resource Records for the use of resolvers validating existing signatures.
    keyLength Integer
    Length of the key in bits. Specified at creation time then immutable.
    keyTag Integer
    The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B.
    publicKey String
    Base64 encoded public half of this key.
    algorithm string
    String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. Possible values are ecdsap256sha256, ecdsap384sha384, rsasha1, rsasha256, and rsasha512.
    creationTime string
    The time that this resource was created in the control plane. This is in RFC3339 text format.
    description string
    A mutable string of at most 1024 characters associated with this resource for the user's convenience.
    digests GetKeysZoneSigningKeyDigest[]
    A list of cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Each contains:
    id string
    Unique identifier for the resource; defined by the server.
    isActive boolean
    Active keys will be used to sign subsequent changes to the ManagedZone. Inactive keys will still be present as DNSKEY Resource Records for the use of resolvers validating existing signatures.
    keyLength number
    Length of the key in bits. Specified at creation time then immutable.
    keyTag number
    The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B.
    publicKey string
    Base64 encoded public half of this key.
    algorithm str
    String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. Possible values are ecdsap256sha256, ecdsap384sha384, rsasha1, rsasha256, and rsasha512.
    creation_time str
    The time that this resource was created in the control plane. This is in RFC3339 text format.
    description str
    A mutable string of at most 1024 characters associated with this resource for the user's convenience.
    digests Sequence[GetKeysZoneSigningKeyDigest]
    A list of cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Each contains:
    id str
    Unique identifier for the resource; defined by the server.
    is_active bool
    Active keys will be used to sign subsequent changes to the ManagedZone. Inactive keys will still be present as DNSKEY Resource Records for the use of resolvers validating existing signatures.
    key_length int
    Length of the key in bits. Specified at creation time then immutable.
    key_tag int
    The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B.
    public_key str
    Base64 encoded public half of this key.
    algorithm String
    String mnemonic specifying the DNSSEC algorithm of this key. Immutable after creation time. Possible values are ecdsap256sha256, ecdsap384sha384, rsasha1, rsasha256, and rsasha512.
    creationTime String
    The time that this resource was created in the control plane. This is in RFC3339 text format.
    description String
    A mutable string of at most 1024 characters associated with this resource for the user's convenience.
    digests List<Property Map>
    A list of cryptographic hashes of the DNSKEY resource record associated with this DnsKey. These digests are needed to construct a DS record that points at this DNS key. Each contains:
    id String
    Unique identifier for the resource; defined by the server.
    isActive Boolean
    Active keys will be used to sign subsequent changes to the ManagedZone. Inactive keys will still be present as DNSKEY Resource Records for the use of resolvers validating existing signatures.
    keyLength Number
    Length of the key in bits. Specified at creation time then immutable.
    keyTag Number
    The key tag is a non-cryptographic hash of the a DNSKEY resource record associated with this DnsKey. The key tag can be used to identify a DNSKEY more quickly (but it is not a unique identifier). In particular, the key tag is used in a parent zone's DS record to point at the DNSKEY in this child ManagedZone. The key tag is a number in the range [0, 65535] and the algorithm to calculate it is specified in RFC4034 Appendix B.
    publicKey String
    Base64 encoded public half of this key.

    GetKeysZoneSigningKeyDigest

    Digest string
    The base-16 encoded bytes of this digest. Suitable for use in a DS resource record.
    Type string
    Specifies the algorithm used to calculate this digest. Possible values are sha1, sha256 and sha384
    Digest string
    The base-16 encoded bytes of this digest. Suitable for use in a DS resource record.
    Type string
    Specifies the algorithm used to calculate this digest. Possible values are sha1, sha256 and sha384
    digest String
    The base-16 encoded bytes of this digest. Suitable for use in a DS resource record.
    type String
    Specifies the algorithm used to calculate this digest. Possible values are sha1, sha256 and sha384
    digest string
    The base-16 encoded bytes of this digest. Suitable for use in a DS resource record.
    type string
    Specifies the algorithm used to calculate this digest. Possible values are sha1, sha256 and sha384
    digest str
    The base-16 encoded bytes of this digest. Suitable for use in a DS resource record.
    type str
    Specifies the algorithm used to calculate this digest. Possible values are sha1, sha256 and sha384
    digest String
    The base-16 encoded bytes of this digest. Suitable for use in a DS resource record.
    type String
    Specifies the algorithm used to calculate this digest. Possible values are sha1, sha256 and sha384

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v7.18.0 published on Wednesday, Apr 10, 2024 by Pulumi