← All packages

Google Cloud (GCP) Classic

Pulumi Official

Package maintained by Pulumi

v6.24.0 published on Tuesday, May 17, 2022 by Pulumi

Source code

getKMSCryptoKey

Provides access to a Google Cloud Platform KMS CryptoKey. For more information see the official documentation and API.

A CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a Google Cloud KMS KeyRing.

Example Usage

using Pulumi;
using Gcp = Pulumi.Gcp;

class MyStack : Stack
{
    public MyStack()
    {
        var myKeyRing = Output.Create(Gcp.Kms.GetKMSKeyRing.InvokeAsync(new Gcp.Kms.GetKMSKeyRingArgs
        {
            Name = "my-key-ring",
            Location = "us-central1",
        }));
        var myCryptoKey = myKeyRing.Apply(myKeyRing => Output.Create(Gcp.Kms.GetKMSCryptoKey.InvokeAsync(new Gcp.Kms.GetKMSCryptoKeyArgs
        {
            Name = "my-crypto-key",
            KeyRing = myKeyRing.Id,
        })));
    }

}

package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/kms"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myKeyRing, err := kms.GetKMSKeyRing(ctx, &kms.GetKMSKeyRingArgs{
			Name:     "my-key-ring",
			Location: "us-central1",
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.GetKMSCryptoKey(ctx, &kms.GetKMSCryptoKeyArgs{
			Name:    "my-crypto-key",
			KeyRing: myKeyRing.Id,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var myKeyRing = Output.of(KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()
            .name("my-key-ring")
            .location("us-central1")
            .build()));

        final var myCryptoKey = Output.of(KmsFunctions.getKMSCryptoKey(GetKMSCryptoKeyArgs.builder()
            .name("my-crypto-key")
            .keyRing(myKeyRing.apply(getKMSKeyRingResult -> getKMSKeyRingResult.getId()))
            .build()));

        }
}

import pulumi
import pulumi_gcp as gcp

my_key_ring = gcp.kms.get_kms_key_ring(name="my-key-ring",
    location="us-central1")
my_crypto_key = gcp.kms.get_kms_crypto_key(name="my-crypto-key",
    key_ring=my_key_ring.id)

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const myKeyRing = gcp.kms.getKMSKeyRing({
    name: "my-key-ring",
    location: "us-central1",
});
const myCryptoKey = myKeyRing.then(myKeyRing => gcp.kms.getKMSCryptoKey({
    name: "my-crypto-key",
    keyRing: myKeyRing.id,
}));

variables:
  myKeyRing:
    Fn::Invoke:
      Function: gcp:kms:getKMSKeyRing
      Arguments:
        name: my-key-ring
        location: us-central1
  myCryptoKey:
    Fn::Invoke:
      Function: gcp:kms:getKMSCryptoKey
      Arguments:
        name: my-crypto-key
        keyRing: ${myKeyRing.id}

Using getKMSCryptoKey

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getKMSCryptoKey(args: GetKMSCryptoKeyArgs, opts?: InvokeOptions): Promise<GetKMSCryptoKeyResult>
function getKMSCryptoKeyOutput(args: GetKMSCryptoKeyOutputArgs, opts?: InvokeOptions): Output<GetKMSCryptoKeyResult>

def get_kms_crypto_key(key_ring: Optional[str] = None,
                       name: Optional[str] = None,
                       opts: Optional[InvokeOptions] = None) -> GetKMSCryptoKeyResult
def get_kms_crypto_key_output(key_ring: Optional[pulumi.Input[str]] = None,
                       name: Optional[pulumi.Input[str]] = None,
                       opts: Optional[InvokeOptions] = None) -> Output[GetKMSCryptoKeyResult]

func GetKMSCryptoKey(ctx *Context, args *GetKMSCryptoKeyArgs, opts ...InvokeOption) (*GetKMSCryptoKeyResult, error)
func GetKMSCryptoKeyOutput(ctx *Context, args *GetKMSCryptoKeyOutputArgs, opts ...InvokeOption) GetKMSCryptoKeyResultOutput

> Note: This function is named GetKMSCryptoKey in the Go SDK.

public static class GetKMSCryptoKey 
{
    public static Task<GetKMSCryptoKeyResult> InvokeAsync(GetKMSCryptoKeyArgs args, InvokeOptions? opts = null)
    public static Output<GetKMSCryptoKeyResult> Invoke(GetKMSCryptoKeyInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetKMSCryptoKeyResult> getKMSCryptoKey(GetKMSCryptoKeyArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

Fn::Invoke:
  Function: gcp:kms/getKMSCryptoKey:getKMSCryptoKey
  Arguments:
    # Arguments dictionary

The following arguments are supported:

KeyRing string: The id of the Google Cloud Platform KeyRing to which the key belongs.
Name string: The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

KeyRing string: The id of the Google Cloud Platform KeyRing to which the key belongs.
Name string: The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

keyRing String: The id of the Google Cloud Platform KeyRing to which the key belongs.
name String: The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

keyRing string: The id of the Google Cloud Platform KeyRing to which the key belongs.
name string: The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

key_ring str: The id of the Google Cloud Platform KeyRing to which the key belongs.
name str: The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

keyRing String: The id of the Google Cloud Platform KeyRing to which the key belongs.
name String: The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

getKMSCryptoKey Result

The following output properties are available:

DestroyScheduledDuration string
Id string: The provider-assigned unique ID for this managed resource.
ImportOnly bool
KeyRing string
Labels Dictionary<string, string>
Name string
Purpose string: Defines the cryptographic capabilities of the key.
RotationPeriod string: Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).
SkipInitialVersionCreation bool
VersionTemplates List<GetKMSCryptoKeyVersionTemplate>

DestroyScheduledDuration string
Id string: The provider-assigned unique ID for this managed resource.
ImportOnly bool
KeyRing string
Labels map[string]string
Name string
Purpose string: Defines the cryptographic capabilities of the key.
RotationPeriod string: Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).
SkipInitialVersionCreation bool
VersionTemplates []GetKMSCryptoKeyVersionTemplate

destroyScheduledDuration String
id String: The provider-assigned unique ID for this managed resource.
importOnly Boolean
keyRing String
labels Map
name String
purpose String: Defines the cryptographic capabilities of the key.
rotationPeriod String: Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).
skipInitialVersionCreation Boolean
versionTemplates ListKMSCryptoKeyVersionTemplate>

destroyScheduledDuration string
id string: The provider-assigned unique ID for this managed resource.
importOnly boolean
keyRing string
labels {[key: string]: string}
name string
purpose string: Defines the cryptographic capabilities of the key.
rotationPeriod string: Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).
skipInitialVersionCreation boolean
versionTemplates GetKMSCryptoKeyVersionTemplate[]

destroy_scheduled_duration str
id str: The provider-assigned unique ID for this managed resource.
import_only bool
key_ring str
labels Mapping[str, str]
name str
purpose str: Defines the cryptographic capabilities of the key.
rotation_period str: Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).
skip_initial_version_creation bool
version_templates Sequence[GetKMSCryptoKeyVersionTemplate]

destroyScheduledDuration String
id String: The provider-assigned unique ID for this managed resource.
importOnly Boolean
keyRing String
labels Map
name String
purpose String: Defines the cryptographic capabilities of the key.
rotationPeriod String: Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).
skipInitialVersionCreation Boolean
versionTemplates List