gcp logo
Google Cloud Classic v6.57.0, May 30 23

gcp.kms.getKMSCryptoKey

Explore with Pulumi AI

Provides access to a Google Cloud Platform KMS CryptoKey. For more information see the official documentation and API.

A CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a Google Cloud KMS KeyRing.

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var myKeyRing = Gcp.Kms.GetKMSKeyRing.Invoke(new()
    {
        Name = "my-key-ring",
        Location = "us-central1",
    });

    var myCryptoKey = Gcp.Kms.GetKMSCryptoKey.Invoke(new()
    {
        Name = "my-crypto-key",
        KeyRing = myKeyRing.Apply(getKMSKeyRingResult => getKMSKeyRingResult.Id),
    });

});
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/kms"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myKeyRing, err := kms.GetKMSKeyRing(ctx, &kms.GetKMSKeyRingArgs{
			Name:     "my-key-ring",
			Location: "us-central1",
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.GetKMSCryptoKey(ctx, &kms.GetKMSCryptoKeyArgs{
			Name:    "my-crypto-key",
			KeyRing: myKeyRing.Id,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.kms.KmsFunctions;
import com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;
import com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var myKeyRing = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()
            .name("my-key-ring")
            .location("us-central1")
            .build());

        final var myCryptoKey = KmsFunctions.getKMSCryptoKey(GetKMSCryptoKeyArgs.builder()
            .name("my-crypto-key")
            .keyRing(myKeyRing.applyValue(getKMSKeyRingResult -> getKMSKeyRingResult.id()))
            .build());

    }
}
import pulumi
import pulumi_gcp as gcp

my_key_ring = gcp.kms.get_kms_key_ring(name="my-key-ring",
    location="us-central1")
my_crypto_key = gcp.kms.get_kms_crypto_key(name="my-crypto-key",
    key_ring=my_key_ring.id)
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const myKeyRing = gcp.kms.getKMSKeyRing({
    name: "my-key-ring",
    location: "us-central1",
});
const myCryptoKey = myKeyRing.then(myKeyRing => gcp.kms.getKMSCryptoKey({
    name: "my-crypto-key",
    keyRing: myKeyRing.id,
}));
variables:
  myKeyRing:
    fn::invoke:
      Function: gcp:kms:getKMSKeyRing
      Arguments:
        name: my-key-ring
        location: us-central1
  myCryptoKey:
    fn::invoke:
      Function: gcp:kms:getKMSCryptoKey
      Arguments:
        name: my-crypto-key
        keyRing: ${myKeyRing.id}

Using getKMSCryptoKey

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getKMSCryptoKey(args: GetKMSCryptoKeyArgs, opts?: InvokeOptions): Promise<GetKMSCryptoKeyResult>
function getKMSCryptoKeyOutput(args: GetKMSCryptoKeyOutputArgs, opts?: InvokeOptions): Output<GetKMSCryptoKeyResult>
def get_kms_crypto_key(key_ring: Optional[str] = None,
                       name: Optional[str] = None,
                       opts: Optional[InvokeOptions] = None) -> GetKMSCryptoKeyResult
def get_kms_crypto_key_output(key_ring: Optional[pulumi.Input[str]] = None,
                       name: Optional[pulumi.Input[str]] = None,
                       opts: Optional[InvokeOptions] = None) -> Output[GetKMSCryptoKeyResult]
func GetKMSCryptoKey(ctx *Context, args *GetKMSCryptoKeyArgs, opts ...InvokeOption) (*GetKMSCryptoKeyResult, error)
func GetKMSCryptoKeyOutput(ctx *Context, args *GetKMSCryptoKeyOutputArgs, opts ...InvokeOption) GetKMSCryptoKeyResultOutput

> Note: This function is named GetKMSCryptoKey in the Go SDK.

public static class GetKMSCryptoKey 
{
    public static Task<GetKMSCryptoKeyResult> InvokeAsync(GetKMSCryptoKeyArgs args, InvokeOptions? opts = null)
    public static Output<GetKMSCryptoKeyResult> Invoke(GetKMSCryptoKeyInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetKMSCryptoKeyResult> getKMSCryptoKey(GetKMSCryptoKeyArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
  function: gcp:kms/getKMSCryptoKey:getKMSCryptoKey
  arguments:
    # arguments dictionary

The following arguments are supported:

KeyRing string

The id of the Google Cloud Platform KeyRing to which the key belongs.

Name string

The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

KeyRing string

The id of the Google Cloud Platform KeyRing to which the key belongs.

Name string

The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

keyRing String

The id of the Google Cloud Platform KeyRing to which the key belongs.

name String

The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

keyRing string

The id of the Google Cloud Platform KeyRing to which the key belongs.

name string

The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

key_ring str

The id of the Google Cloud Platform KeyRing to which the key belongs.

name str

The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

keyRing String

The id of the Google Cloud Platform KeyRing to which the key belongs.

name String

The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

getKMSCryptoKey Result

The following output properties are available:

DestroyScheduledDuration string
Id string

The provider-assigned unique ID for this managed resource.

ImportOnly bool
KeyRing string
Labels Dictionary<string, string>
Name string
Purpose string

Defines the cryptographic capabilities of the key.

RotationPeriod string

Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).

SkipInitialVersionCreation bool
VersionTemplates List<GetKMSCryptoKeyVersionTemplate>
DestroyScheduledDuration string
Id string

The provider-assigned unique ID for this managed resource.

ImportOnly bool
KeyRing string
Labels map[string]string
Name string
Purpose string

Defines the cryptographic capabilities of the key.

RotationPeriod string

Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).

SkipInitialVersionCreation bool
VersionTemplates []GetKMSCryptoKeyVersionTemplate
destroyScheduledDuration String
id String

The provider-assigned unique ID for this managed resource.

importOnly Boolean
keyRing String
labels Map<String,String>
name String
purpose String

Defines the cryptographic capabilities of the key.

rotationPeriod String

Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).

skipInitialVersionCreation Boolean
versionTemplates List<GetKMSCryptoKeyVersionTemplate>
destroyScheduledDuration string
id string

The provider-assigned unique ID for this managed resource.

importOnly boolean
keyRing string
labels {[key: string]: string}
name string
purpose string

Defines the cryptographic capabilities of the key.

rotationPeriod string

Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).

skipInitialVersionCreation boolean
versionTemplates GetKMSCryptoKeyVersionTemplate[]
destroy_scheduled_duration str
id str

The provider-assigned unique ID for this managed resource.

import_only bool
key_ring str
labels Mapping[str, str]
name str
purpose str

Defines the cryptographic capabilities of the key.

rotation_period str

Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).

skip_initial_version_creation bool
version_templates Sequence[GetKMSCryptoKeyVersionTemplate]
destroyScheduledDuration String
id String

The provider-assigned unique ID for this managed resource.

importOnly Boolean
keyRing String
labels Map<String>
name String
purpose String

Defines the cryptographic capabilities of the key.

rotationPeriod String

Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).

skipInitialVersionCreation Boolean
versionTemplates List<Property Map>

Supporting Types

GetKMSCryptoKeyVersionTemplate

Package Details

Repository
Google Cloud (GCP) Classic pulumi/pulumi-gcp
License
Apache-2.0
Notes

This Pulumi package is based on the google-beta Terraform Provider.