Google Cloud (GCP) Classic

Pulumi Official
Package maintained by Pulumi
v6.24.0 published on Tuesday, May 17, 2022 by Pulumi

getKMSCryptoKey

Provides access to a Google Cloud Platform KMS CryptoKey. For more information see the official documentation and API.

A CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a Google Cloud KMS KeyRing.

Example Usage

using Pulumi;
using Gcp = Pulumi.Gcp;

class MyStack : Stack
{
    public MyStack()
    {
        var myKeyRing = Output.Create(Gcp.Kms.GetKMSKeyRing.InvokeAsync(new Gcp.Kms.GetKMSKeyRingArgs
        {
            Name = "my-key-ring",
            Location = "us-central1",
        }));
        var myCryptoKey = myKeyRing.Apply(myKeyRing => Output.Create(Gcp.Kms.GetKMSCryptoKey.InvokeAsync(new Gcp.Kms.GetKMSCryptoKeyArgs
        {
            Name = "my-crypto-key",
            KeyRing = myKeyRing.Id,
        })));
    }

}
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/kms"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myKeyRing, err := kms.GetKMSKeyRing(ctx, &kms.GetKMSKeyRingArgs{
			Name:     "my-key-ring",
			Location: "us-central1",
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.GetKMSCryptoKey(ctx, &kms.GetKMSCryptoKeyArgs{
			Name:    "my-crypto-key",
			KeyRing: myKeyRing.Id,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var myKeyRing = Output.of(KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()
            .name("my-key-ring")
            .location("us-central1")
            .build()));

        final var myCryptoKey = Output.of(KmsFunctions.getKMSCryptoKey(GetKMSCryptoKeyArgs.builder()
            .name("my-crypto-key")
            .keyRing(myKeyRing.apply(getKMSKeyRingResult -> getKMSKeyRingResult.getId()))
            .build()));

        }
}
import pulumi
import pulumi_gcp as gcp

my_key_ring = gcp.kms.get_kms_key_ring(name="my-key-ring",
    location="us-central1")
my_crypto_key = gcp.kms.get_kms_crypto_key(name="my-crypto-key",
    key_ring=my_key_ring.id)
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const myKeyRing = gcp.kms.getKMSKeyRing({
    name: "my-key-ring",
    location: "us-central1",
});
const myCryptoKey = myKeyRing.then(myKeyRing => gcp.kms.getKMSCryptoKey({
    name: "my-crypto-key",
    keyRing: myKeyRing.id,
}));
variables:
  myKeyRing:
    Fn::Invoke:
      Function: gcp:kms:getKMSKeyRing
      Arguments:
        name: my-key-ring
        location: us-central1
  myCryptoKey:
    Fn::Invoke:
      Function: gcp:kms:getKMSCryptoKey
      Arguments:
        name: my-crypto-key
        keyRing: ${myKeyRing.id}

Using getKMSCryptoKey

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getKMSCryptoKey(args: GetKMSCryptoKeyArgs, opts?: InvokeOptions): Promise<GetKMSCryptoKeyResult>
function getKMSCryptoKeyOutput(args: GetKMSCryptoKeyOutputArgs, opts?: InvokeOptions): Output<GetKMSCryptoKeyResult>
def get_kms_crypto_key(key_ring: Optional[str] = None,
                       name: Optional[str] = None,
                       opts: Optional[InvokeOptions] = None) -> GetKMSCryptoKeyResult
def get_kms_crypto_key_output(key_ring: Optional[pulumi.Input[str]] = None,
                       name: Optional[pulumi.Input[str]] = None,
                       opts: Optional[InvokeOptions] = None) -> Output[GetKMSCryptoKeyResult]
func GetKMSCryptoKey(ctx *Context, args *GetKMSCryptoKeyArgs, opts ...InvokeOption) (*GetKMSCryptoKeyResult, error)
func GetKMSCryptoKeyOutput(ctx *Context, args *GetKMSCryptoKeyOutputArgs, opts ...InvokeOption) GetKMSCryptoKeyResultOutput

> Note: This function is named GetKMSCryptoKey in the Go SDK.

public static class GetKMSCryptoKey 
{
    public static Task<GetKMSCryptoKeyResult> InvokeAsync(GetKMSCryptoKeyArgs args, InvokeOptions? opts = null)
    public static Output<GetKMSCryptoKeyResult> Invoke(GetKMSCryptoKeyInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetKMSCryptoKeyResult> getKMSCryptoKey(GetKMSCryptoKeyArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
Fn::Invoke:
  Function: gcp:kms/getKMSCryptoKey:getKMSCryptoKey
  Arguments:
    # Arguments dictionary

The following arguments are supported:

KeyRing string

The id of the Google Cloud Platform KeyRing to which the key belongs.

Name string

The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

KeyRing string

The id of the Google Cloud Platform KeyRing to which the key belongs.

Name string

The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

keyRing String

The id of the Google Cloud Platform KeyRing to which the key belongs.

name String

The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

keyRing string

The id of the Google Cloud Platform KeyRing to which the key belongs.

name string

The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

key_ring str

The id of the Google Cloud Platform KeyRing to which the key belongs.

name str

The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

keyRing String

The id of the Google Cloud Platform KeyRing to which the key belongs.

name String

The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

getKMSCryptoKey Result

The following output properties are available:

DestroyScheduledDuration string
Id string

The provider-assigned unique ID for this managed resource.

ImportOnly bool
KeyRing string
Labels Dictionary<string, string>
Name string
Purpose string

Defines the cryptographic capabilities of the key.

RotationPeriod string

Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).

SkipInitialVersionCreation bool
VersionTemplates List<GetKMSCryptoKeyVersionTemplate>
DestroyScheduledDuration string
Id string

The provider-assigned unique ID for this managed resource.

ImportOnly bool
KeyRing string
Labels map[string]string
Name string
Purpose string

Defines the cryptographic capabilities of the key.

RotationPeriod string

Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).

SkipInitialVersionCreation bool
VersionTemplates []GetKMSCryptoKeyVersionTemplate
destroyScheduledDuration String
id String

The provider-assigned unique ID for this managed resource.

importOnly Boolean
keyRing String
labels Map
name String
purpose String

Defines the cryptographic capabilities of the key.

rotationPeriod String

Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).

skipInitialVersionCreation Boolean
versionTemplates ListKMSCryptoKeyVersionTemplate>
destroyScheduledDuration string
id string

The provider-assigned unique ID for this managed resource.

importOnly boolean
keyRing string
labels {[key: string]: string}
name string
purpose string

Defines the cryptographic capabilities of the key.

rotationPeriod string

Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).

skipInitialVersionCreation boolean
versionTemplates GetKMSCryptoKeyVersionTemplate[]
destroy_scheduled_duration str
id str

The provider-assigned unique ID for this managed resource.

import_only bool
key_ring str
labels Mapping[str, str]
name str
purpose str

Defines the cryptographic capabilities of the key.

rotation_period str

Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).

skip_initial_version_creation bool
version_templates Sequence[GetKMSCryptoKeyVersionTemplate]
destroyScheduledDuration String
id String

The provider-assigned unique ID for this managed resource.

importOnly Boolean
keyRing String
labels Map
name String
purpose String

Defines the cryptographic capabilities of the key.

rotationPeriod String

Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).

skipInitialVersionCreation Boolean
versionTemplates List

Supporting Types

GetKMSCryptoKeyVersionTemplate

Package Details

Repository
https://github.com/pulumi/pulumi-gcp
License
Apache-2.0
Notes

This Pulumi package is based on the google-beta Terraform Provider.