Google Native

Pulumi Official
Package maintained by Pulumi
v0.22.0 published on Friday, Jul 29, 2022 by Pulumi

CryptoKey

Create a new CryptoKey within a KeyRing. CryptoKey.purpose and CryptoKey.version_template.algorithm are required. Note - this resource’s API doesn’t support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

Create a CryptoKey Resource

new CryptoKey(name: string, args: CryptoKeyArgs, opts?: CustomResourceOptions);
@overload
def CryptoKey(resource_name: str,
              opts: Optional[ResourceOptions] = None,
              crypto_key_backend: Optional[str] = None,
              crypto_key_id: Optional[str] = None,
              destroy_scheduled_duration: Optional[str] = None,
              import_only: Optional[bool] = None,
              key_ring_id: Optional[str] = None,
              labels: Optional[Mapping[str, str]] = None,
              location: Optional[str] = None,
              next_rotation_time: Optional[str] = None,
              project: Optional[str] = None,
              purpose: Optional[CryptoKeyPurpose] = None,
              rotation_period: Optional[str] = None,
              skip_initial_version_creation: Optional[str] = None,
              version_template: Optional[CryptoKeyVersionTemplateArgs] = None)
@overload
def CryptoKey(resource_name: str,
              args: CryptoKeyArgs,
              opts: Optional[ResourceOptions] = None)
func NewCryptoKey(ctx *Context, name string, args CryptoKeyArgs, opts ...ResourceOption) (*CryptoKey, error)
public CryptoKey(string name, CryptoKeyArgs args, CustomResourceOptions? opts = null)
public CryptoKey(String name, CryptoKeyArgs args)
public CryptoKey(String name, CryptoKeyArgs args, CustomResourceOptions options)
type: google-native:cloudkms/v1:CryptoKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args CryptoKeyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args CryptoKeyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args CryptoKeyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args CryptoKeyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args CryptoKeyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

CryptoKey Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The CryptoKey resource accepts the following input properties:

KeyRingId string
CryptoKeyBackend string

Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.

CryptoKeyId string

Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

DestroyScheduledDuration string

Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.

ImportOnly bool

Immutable. Whether this key may contain imported versions only.

Labels Dictionary<string, string>

Labels with user-defined metadata. For more information, see Labeling Keys.

Location string
NextRotationTime string

At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

Project string
Purpose Pulumi.GoogleNative.Cloudkms.V1.CryptoKeyPurpose

Immutable. The immutable purpose of this CryptoKey.

RotationPeriod string

next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

SkipInitialVersionCreation string

If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.

VersionTemplate Pulumi.GoogleNative.Cloudkms.V1.Inputs.CryptoKeyVersionTemplateArgs

A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

KeyRingId string
CryptoKeyBackend string

Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.

CryptoKeyId string

Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

DestroyScheduledDuration string

Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.

ImportOnly bool

Immutable. Whether this key may contain imported versions only.

Labels map[string]string

Labels with user-defined metadata. For more information, see Labeling Keys.

Location string
NextRotationTime string

At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

Project string
Purpose CryptoKeyPurpose

Immutable. The immutable purpose of this CryptoKey.

RotationPeriod string

next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

SkipInitialVersionCreation string

If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.

VersionTemplate CryptoKeyVersionTemplateArgs

A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

keyRingId String
cryptoKeyBackend String

Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.

cryptoKeyId String

Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

destroyScheduledDuration String

Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.

importOnly Boolean

Immutable. Whether this key may contain imported versions only.

labels Map<String,String>

Labels with user-defined metadata. For more information, see Labeling Keys.

location String
nextRotationTime String

At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

project String
purpose CryptoKeyPurpose

Immutable. The immutable purpose of this CryptoKey.

rotationPeriod String

next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

skipInitialVersionCreation String

If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.

versionTemplate CryptoKeyVersionTemplateArgs

A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

keyRingId string
cryptoKeyBackend string

Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.

cryptoKeyId string

Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

destroyScheduledDuration string

Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.

importOnly boolean

Immutable. Whether this key may contain imported versions only.

labels {[key: string]: string}

Labels with user-defined metadata. For more information, see Labeling Keys.

location string
nextRotationTime string

At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

project string
purpose CryptoKeyPurpose

Immutable. The immutable purpose of this CryptoKey.

rotationPeriod string

next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

skipInitialVersionCreation string

If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.

versionTemplate CryptoKeyVersionTemplateArgs

A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

key_ring_id str
crypto_key_backend str

Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.

crypto_key_id str

Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

destroy_scheduled_duration str

Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.

import_only bool

Immutable. Whether this key may contain imported versions only.

labels Mapping[str, str]

Labels with user-defined metadata. For more information, see Labeling Keys.

location str
next_rotation_time str

At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

project str
purpose CryptoKeyPurpose

Immutable. The immutable purpose of this CryptoKey.

rotation_period str

next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

skip_initial_version_creation str

If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.

version_template CryptoKeyVersionTemplateArgs

A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

keyRingId String
cryptoKeyBackend String

Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.

cryptoKeyId String

Required. It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}

destroyScheduledDuration String

Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.

importOnly Boolean

Immutable. Whether this key may contain imported versions only.

labels Map<String>

Labels with user-defined metadata. For more information, see Labeling Keys.

location String
nextRotationTime String

At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

project String
purpose "CRYPTO_KEY_PURPOSE_UNSPECIFIED" | "ENCRYPT_DECRYPT" | "ASYMMETRIC_SIGN" | "ASYMMETRIC_DECRYPT" | "MAC"

Immutable. The immutable purpose of this CryptoKey.

rotationPeriod String

next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.

skipInitialVersionCreation String

If set to true, the request will create a CryptoKey without any CryptoKeyVersions. You must manually call CreateCryptoKeyVersion or ImportCryptoKeyVersion before you can use this CryptoKey.

versionTemplate Property Map

A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

Outputs

All input properties are implicitly available as output properties. Additionally, the CryptoKey resource produces the following output properties:

CreateTime string

The time at which this CryptoKey was created.

Id string

The provider-assigned unique ID for this managed resource.

Name string

The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.

Primary Pulumi.GoogleNative.Cloudkms.V1.Outputs.CryptoKeyVersionResponse

A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

CreateTime string

The time at which this CryptoKey was created.

Id string

The provider-assigned unique ID for this managed resource.

Name string

The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.

Primary CryptoKeyVersionResponse

A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

createTime String

The time at which this CryptoKey was created.

id String

The provider-assigned unique ID for this managed resource.

name String

The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.

primary CryptoKeyVersionResponse

A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

createTime string

The time at which this CryptoKey was created.

id string

The provider-assigned unique ID for this managed resource.

name string

The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.

primary CryptoKeyVersionResponse

A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

create_time str

The time at which this CryptoKey was created.

id str

The provider-assigned unique ID for this managed resource.

name str

The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.

primary CryptoKeyVersionResponse

A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

createTime String

The time at which this CryptoKey was created.

id String

The provider-assigned unique ID for this managed resource.

name String

The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.

primary Property Map

A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.

Supporting Types

CertificateChainsResponse

CaviumCerts List<string>

Cavium certificate chain corresponding to the attestation.

GoogleCardCerts List<string>

Google card certificate chain corresponding to the attestation.

GooglePartitionCerts List<string>

Google partition certificate chain corresponding to the attestation.

CaviumCerts []string

Cavium certificate chain corresponding to the attestation.

GoogleCardCerts []string

Google card certificate chain corresponding to the attestation.

GooglePartitionCerts []string

Google partition certificate chain corresponding to the attestation.

caviumCerts List<String>

Cavium certificate chain corresponding to the attestation.

googleCardCerts List<String>

Google card certificate chain corresponding to the attestation.

googlePartitionCerts List<String>

Google partition certificate chain corresponding to the attestation.

caviumCerts string[]

Cavium certificate chain corresponding to the attestation.

googleCardCerts string[]

Google card certificate chain corresponding to the attestation.

googlePartitionCerts string[]

Google partition certificate chain corresponding to the attestation.

cavium_certs Sequence[str]

Cavium certificate chain corresponding to the attestation.

google_card_certs Sequence[str]

Google card certificate chain corresponding to the attestation.

google_partition_certs Sequence[str]

Google partition certificate chain corresponding to the attestation.

caviumCerts List<String>

Cavium certificate chain corresponding to the attestation.

googleCardCerts List<String>

Google card certificate chain corresponding to the attestation.

googlePartitionCerts List<String>

Google partition certificate chain corresponding to the attestation.

CryptoKeyPurpose

CryptoKeyPurposeUnspecified
CRYPTO_KEY_PURPOSE_UNSPECIFIED

Not specified.

EncryptDecrypt
ENCRYPT_DECRYPT

CryptoKeys with this purpose may be used with Encrypt and Decrypt.

AsymmetricSign
ASYMMETRIC_SIGN

CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.

AsymmetricDecrypt
ASYMMETRIC_DECRYPT

CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.

Mac
MAC

CryptoKeys with this purpose may be used with MacSign.

CryptoKeyPurposeCryptoKeyPurposeUnspecified
CRYPTO_KEY_PURPOSE_UNSPECIFIED

Not specified.

CryptoKeyPurposeEncryptDecrypt
ENCRYPT_DECRYPT

CryptoKeys with this purpose may be used with Encrypt and Decrypt.

CryptoKeyPurposeAsymmetricSign
ASYMMETRIC_SIGN

CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.

CryptoKeyPurposeAsymmetricDecrypt
ASYMMETRIC_DECRYPT

CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.

CryptoKeyPurposeMac
MAC

CryptoKeys with this purpose may be used with MacSign.

CryptoKeyPurposeUnspecified
CRYPTO_KEY_PURPOSE_UNSPECIFIED

Not specified.

EncryptDecrypt
ENCRYPT_DECRYPT

CryptoKeys with this purpose may be used with Encrypt and Decrypt.

AsymmetricSign
ASYMMETRIC_SIGN

CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.

AsymmetricDecrypt
ASYMMETRIC_DECRYPT

CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.

Mac
MAC

CryptoKeys with this purpose may be used with MacSign.

CryptoKeyPurposeUnspecified
CRYPTO_KEY_PURPOSE_UNSPECIFIED

Not specified.

EncryptDecrypt
ENCRYPT_DECRYPT

CryptoKeys with this purpose may be used with Encrypt and Decrypt.

AsymmetricSign
ASYMMETRIC_SIGN

CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.

AsymmetricDecrypt
ASYMMETRIC_DECRYPT

CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.

Mac
MAC

CryptoKeys with this purpose may be used with MacSign.

CRYPTO_KEY_PURPOSE_UNSPECIFIED
CRYPTO_KEY_PURPOSE_UNSPECIFIED

Not specified.

ENCRYPT_DECRYPT
ENCRYPT_DECRYPT

CryptoKeys with this purpose may be used with Encrypt and Decrypt.

ASYMMETRIC_SIGN
ASYMMETRIC_SIGN

CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.

ASYMMETRIC_DECRYPT
ASYMMETRIC_DECRYPT

CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.

MAC
MAC

CryptoKeys with this purpose may be used with MacSign.

"CRYPTO_KEY_PURPOSE_UNSPECIFIED"
CRYPTO_KEY_PURPOSE_UNSPECIFIED

Not specified.

"ENCRYPT_DECRYPT"
ENCRYPT_DECRYPT

CryptoKeys with this purpose may be used with Encrypt and Decrypt.

"ASYMMETRIC_SIGN"
ASYMMETRIC_SIGN

CryptoKeys with this purpose may be used with AsymmetricSign and GetPublicKey.

"ASYMMETRIC_DECRYPT"
ASYMMETRIC_DECRYPT

CryptoKeys with this purpose may be used with AsymmetricDecrypt and GetPublicKey.

"MAC"
MAC

CryptoKeys with this purpose may be used with MacSign.

CryptoKeyVersionResponse

Algorithm string

The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

Attestation Pulumi.GoogleNative.Cloudkms.V1.Inputs.KeyOperationAttestationResponse

Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.

CreateTime string

The time at which this CryptoKeyVersion was created.

DestroyEventTime string

The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.

DestroyTime string

The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.

ExternalProtectionLevelOptions Pulumi.GoogleNative.Cloudkms.V1.Inputs.ExternalProtectionLevelOptionsResponse

ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.

GenerateTime string

The time this CryptoKeyVersion's key material was generated.

ImportFailureReason string

The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.

ImportJob string

The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.

ImportTime string

The time at which this CryptoKeyVersion's key material was most recently imported.

Name string

The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.

ProtectionLevel string

The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.

ReimportEligible bool

Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.

State string

The current state of the CryptoKeyVersion.

Algorithm string

The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

Attestation KeyOperationAttestationResponse

Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.

CreateTime string

The time at which this CryptoKeyVersion was created.

DestroyEventTime string

The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.

DestroyTime string

The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.

ExternalProtectionLevelOptions ExternalProtectionLevelOptionsResponse

ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.

GenerateTime string

The time this CryptoKeyVersion's key material was generated.

ImportFailureReason string

The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.

ImportJob string

The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.

ImportTime string

The time at which this CryptoKeyVersion's key material was most recently imported.

Name string

The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.

ProtectionLevel string

The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.

ReimportEligible bool

Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.

State string

The current state of the CryptoKeyVersion.

algorithm String

The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

attestation KeyOperationAttestationResponse

Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.

createTime String

The time at which this CryptoKeyVersion was created.

destroyEventTime String

The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.

destroyTime String

The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.

externalProtectionLevelOptions ExternalProtectionLevelOptionsResponse

ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.

generateTime String

The time this CryptoKeyVersion's key material was generated.

importFailureReason String

The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.

importJob String

The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.

importTime String

The time at which this CryptoKeyVersion's key material was most recently imported.

name String

The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.

protectionLevel String

The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.

reimportEligible Boolean

Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.

state String

The current state of the CryptoKeyVersion.

algorithm string

The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

attestation KeyOperationAttestationResponse

Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.

createTime string

The time at which this CryptoKeyVersion was created.

destroyEventTime string

The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.

destroyTime string

The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.

externalProtectionLevelOptions ExternalProtectionLevelOptionsResponse

ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.

generateTime string

The time this CryptoKeyVersion's key material was generated.

importFailureReason string

The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.

importJob string

The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.

importTime string

The time at which this CryptoKeyVersion's key material was most recently imported.

name string

The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.

protectionLevel string

The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.

reimportEligible boolean

Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.

state string

The current state of the CryptoKeyVersion.

algorithm str

The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

attestation KeyOperationAttestationResponse

Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.

create_time str

The time at which this CryptoKeyVersion was created.

destroy_event_time str

The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.

destroy_time str

The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.

external_protection_level_options ExternalProtectionLevelOptionsResponse

ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.

generate_time str

The time this CryptoKeyVersion's key material was generated.

import_failure_reason str

The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.

import_job str

The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.

import_time str

The time at which this CryptoKeyVersion's key material was most recently imported.

name str

The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.

protection_level str

The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.

reimport_eligible bool

Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.

state str

The current state of the CryptoKeyVersion.

algorithm String

The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.

attestation Property Map

Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.

createTime String

The time at which this CryptoKeyVersion was created.

destroyEventTime String

The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.

destroyTime String

The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.

externalProtectionLevelOptions Property Map

ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.

generateTime String

The time this CryptoKeyVersion's key material was generated.

importFailureReason String

The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.

importJob String

The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.

importTime String

The time at which this CryptoKeyVersion's key material was most recently imported.

name String

The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.

protectionLevel String

The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.

reimportEligible Boolean

Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.

state String

The current state of the CryptoKeyVersion.

CryptoKeyVersionTemplate

Algorithm Pulumi.GoogleNative.Cloudkms.V1.CryptoKeyVersionTemplateAlgorithm

Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

ProtectionLevel Pulumi.GoogleNative.Cloudkms.V1.CryptoKeyVersionTemplateProtectionLevel

ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

Algorithm CryptoKeyVersionTemplateAlgorithm

Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

ProtectionLevel CryptoKeyVersionTemplateProtectionLevel

ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

algorithm CryptoKeyVersionTemplateAlgorithm

Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

protectionLevel CryptoKeyVersionTemplateProtectionLevel

ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

algorithm CryptoKeyVersionTemplateAlgorithm

Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

protectionLevel CryptoKeyVersionTemplateProtectionLevel

ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

algorithm CryptoKeyVersionTemplateAlgorithm

Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

protection_level CryptoKeyVersionTemplateProtectionLevel

ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

algorithm "CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED" | "GOOGLE_SYMMETRIC_ENCRYPTION" | "RSA_SIGN_PSS_2048_SHA256" | "RSA_SIGN_PSS_3072_SHA256" | "RSA_SIGN_PSS_4096_SHA256" | "RSA_SIGN_PSS_4096_SHA512" | "RSA_SIGN_PKCS1_2048_SHA256" | "RSA_SIGN_PKCS1_3072_SHA256" | "RSA_SIGN_PKCS1_4096_SHA256" | "RSA_SIGN_PKCS1_4096_SHA512" | "RSA_SIGN_RAW_PKCS1_2048" | "RSA_SIGN_RAW_PKCS1_3072" | "RSA_SIGN_RAW_PKCS1_4096" | "RSA_DECRYPT_OAEP_2048_SHA256" | "RSA_DECRYPT_OAEP_3072_SHA256" | "RSA_DECRYPT_OAEP_4096_SHA256" | "RSA_DECRYPT_OAEP_4096_SHA512" | "RSA_DECRYPT_OAEP_2048_SHA1" | "RSA_DECRYPT_OAEP_3072_SHA1" | "RSA_DECRYPT_OAEP_4096_SHA1" | "EC_SIGN_P256_SHA256" | "EC_SIGN_P384_SHA384" | "EC_SIGN_SECP256K1_SHA256" | "HMAC_SHA256" | "EXTERNAL_SYMMETRIC_ENCRYPTION"

Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

protectionLevel "PROTECTION_LEVEL_UNSPECIFIED" | "SOFTWARE" | "HSM" | "EXTERNAL" | "EXTERNAL_VPC"

ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

CryptoKeyVersionTemplateAlgorithm

CryptoKeyVersionAlgorithmUnspecified
CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED

Not specified.

GoogleSymmetricEncryption
GOOGLE_SYMMETRIC_ENCRYPTION

Creates symmetric encryption keys.

RsaSignPss2048Sha256
RSA_SIGN_PSS_2048_SHA256

RSASSA-PSS 2048 bit key with a SHA256 digest.

RsaSignPss3072Sha256
RSA_SIGN_PSS_3072_SHA256

RSASSA-PSS 3072 bit key with a SHA256 digest.

RsaSignPss4096Sha256
RSA_SIGN_PSS_4096_SHA256

RSASSA-PSS 4096 bit key with a SHA256 digest.

RsaSignPss4096Sha512
RSA_SIGN_PSS_4096_SHA512

RSASSA-PSS 4096 bit key with a SHA512 digest.

RsaSignPkcs12048Sha256
RSA_SIGN_PKCS1_2048_SHA256

RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

RsaSignPkcs13072Sha256
RSA_SIGN_PKCS1_3072_SHA256

RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

RsaSignPkcs14096Sha256
RSA_SIGN_PKCS1_4096_SHA256

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

RsaSignPkcs14096Sha512
RSA_SIGN_PKCS1_4096_SHA512

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

RsaSignRawPkcs12048
RSA_SIGN_RAW_PKCS1_2048

RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.

RsaSignRawPkcs13072
RSA_SIGN_RAW_PKCS1_3072

RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.

RsaSignRawPkcs14096
RSA_SIGN_RAW_PKCS1_4096

RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.

RsaDecryptOaep2048Sha256
RSA_DECRYPT_OAEP_2048_SHA256

RSAES-OAEP 2048 bit key with a SHA256 digest.

RsaDecryptOaep3072Sha256
RSA_DECRYPT_OAEP_3072_SHA256

RSAES-OAEP 3072 bit key with a SHA256 digest.

RsaDecryptOaep4096Sha256
RSA_DECRYPT_OAEP_4096_SHA256

RSAES-OAEP 4096 bit key with a SHA256 digest.

RsaDecryptOaep4096Sha512
RSA_DECRYPT_OAEP_4096_SHA512

RSAES-OAEP 4096 bit key with a SHA512 digest.

RsaDecryptOaep2048Sha1
RSA_DECRYPT_OAEP_2048_SHA1

RSAES-OAEP 2048 bit key with a SHA1 digest.

RsaDecryptOaep3072Sha1
RSA_DECRYPT_OAEP_3072_SHA1

RSAES-OAEP 3072 bit key with a SHA1 digest.

RsaDecryptOaep4096Sha1
RSA_DECRYPT_OAEP_4096_SHA1

RSAES-OAEP 4096 bit key with a SHA1 digest.

EcSignP256Sha256
EC_SIGN_P256_SHA256

ECDSA on the NIST P-256 curve with a SHA256 digest.

EcSignP384Sha384
EC_SIGN_P384_SHA384

ECDSA on the NIST P-384 curve with a SHA384 digest.

EcSignSecp256k1Sha256
EC_SIGN_SECP256K1_SHA256

ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level.

HmacSha256
HMAC_SHA256

HMAC-SHA256 signing with a 256 bit key.

ExternalSymmetricEncryption
EXTERNAL_SYMMETRIC_ENCRYPTION

Algorithm representing symmetric encryption by an external key manager.

CryptoKeyVersionTemplateAlgorithmCryptoKeyVersionAlgorithmUnspecified
CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED

Not specified.

CryptoKeyVersionTemplateAlgorithmGoogleSymmetricEncryption
GOOGLE_SYMMETRIC_ENCRYPTION

Creates symmetric encryption keys.

CryptoKeyVersionTemplateAlgorithmRsaSignPss2048Sha256
RSA_SIGN_PSS_2048_SHA256

RSASSA-PSS 2048 bit key with a SHA256 digest.

CryptoKeyVersionTemplateAlgorithmRsaSignPss3072Sha256
RSA_SIGN_PSS_3072_SHA256

RSASSA-PSS 3072 bit key with a SHA256 digest.

CryptoKeyVersionTemplateAlgorithmRsaSignPss4096Sha256
RSA_SIGN_PSS_4096_SHA256

RSASSA-PSS 4096 bit key with a SHA256 digest.

CryptoKeyVersionTemplateAlgorithmRsaSignPss4096Sha512
RSA_SIGN_PSS_4096_SHA512

RSASSA-PSS 4096 bit key with a SHA512 digest.

CryptoKeyVersionTemplateAlgorithmRsaSignPkcs12048Sha256
RSA_SIGN_PKCS1_2048_SHA256

RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

CryptoKeyVersionTemplateAlgorithmRsaSignPkcs13072Sha256
RSA_SIGN_PKCS1_3072_SHA256

RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

CryptoKeyVersionTemplateAlgorithmRsaSignPkcs14096Sha256
RSA_SIGN_PKCS1_4096_SHA256

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

CryptoKeyVersionTemplateAlgorithmRsaSignPkcs14096Sha512
RSA_SIGN_PKCS1_4096_SHA512

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

CryptoKeyVersionTemplateAlgorithmRsaSignRawPkcs12048
RSA_SIGN_RAW_PKCS1_2048

RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.

CryptoKeyVersionTemplateAlgorithmRsaSignRawPkcs13072
RSA_SIGN_RAW_PKCS1_3072

RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.

CryptoKeyVersionTemplateAlgorithmRsaSignRawPkcs14096
RSA_SIGN_RAW_PKCS1_4096

RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.

CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep2048Sha256
RSA_DECRYPT_OAEP_2048_SHA256

RSAES-OAEP 2048 bit key with a SHA256 digest.

CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep3072Sha256
RSA_DECRYPT_OAEP_3072_SHA256

RSAES-OAEP 3072 bit key with a SHA256 digest.

CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep4096Sha256
RSA_DECRYPT_OAEP_4096_SHA256

RSAES-OAEP 4096 bit key with a SHA256 digest.

CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep4096Sha512
RSA_DECRYPT_OAEP_4096_SHA512

RSAES-OAEP 4096 bit key with a SHA512 digest.

CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep2048Sha1
RSA_DECRYPT_OAEP_2048_SHA1

RSAES-OAEP 2048 bit key with a SHA1 digest.

CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep3072Sha1
RSA_DECRYPT_OAEP_3072_SHA1

RSAES-OAEP 3072 bit key with a SHA1 digest.

CryptoKeyVersionTemplateAlgorithmRsaDecryptOaep4096Sha1
RSA_DECRYPT_OAEP_4096_SHA1

RSAES-OAEP 4096 bit key with a SHA1 digest.

CryptoKeyVersionTemplateAlgorithmEcSignP256Sha256
EC_SIGN_P256_SHA256

ECDSA on the NIST P-256 curve with a SHA256 digest.

CryptoKeyVersionTemplateAlgorithmEcSignP384Sha384
EC_SIGN_P384_SHA384

ECDSA on the NIST P-384 curve with a SHA384 digest.

CryptoKeyVersionTemplateAlgorithmEcSignSecp256k1Sha256
EC_SIGN_SECP256K1_SHA256

ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level.

CryptoKeyVersionTemplateAlgorithmHmacSha256
HMAC_SHA256

HMAC-SHA256 signing with a 256 bit key.

CryptoKeyVersionTemplateAlgorithmExternalSymmetricEncryption
EXTERNAL_SYMMETRIC_ENCRYPTION

Algorithm representing symmetric encryption by an external key manager.

CryptoKeyVersionAlgorithmUnspecified
CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED

Not specified.

GoogleSymmetricEncryption
GOOGLE_SYMMETRIC_ENCRYPTION

Creates symmetric encryption keys.

RsaSignPss2048Sha256
RSA_SIGN_PSS_2048_SHA256

RSASSA-PSS 2048 bit key with a SHA256 digest.

RsaSignPss3072Sha256
RSA_SIGN_PSS_3072_SHA256

RSASSA-PSS 3072 bit key with a SHA256 digest.

RsaSignPss4096Sha256
RSA_SIGN_PSS_4096_SHA256

RSASSA-PSS 4096 bit key with a SHA256 digest.

RsaSignPss4096Sha512
RSA_SIGN_PSS_4096_SHA512

RSASSA-PSS 4096 bit key with a SHA512 digest.

RsaSignPkcs12048Sha256
RSA_SIGN_PKCS1_2048_SHA256

RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

RsaSignPkcs13072Sha256
RSA_SIGN_PKCS1_3072_SHA256

RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

RsaSignPkcs14096Sha256
RSA_SIGN_PKCS1_4096_SHA256

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

RsaSignPkcs14096Sha512
RSA_SIGN_PKCS1_4096_SHA512

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

RsaSignRawPkcs12048
RSA_SIGN_RAW_PKCS1_2048

RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.

RsaSignRawPkcs13072
RSA_SIGN_RAW_PKCS1_3072

RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.

RsaSignRawPkcs14096
RSA_SIGN_RAW_PKCS1_4096

RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.

RsaDecryptOaep2048Sha256
RSA_DECRYPT_OAEP_2048_SHA256

RSAES-OAEP 2048 bit key with a SHA256 digest.

RsaDecryptOaep3072Sha256
RSA_DECRYPT_OAEP_3072_SHA256

RSAES-OAEP 3072 bit key with a SHA256 digest.

RsaDecryptOaep4096Sha256
RSA_DECRYPT_OAEP_4096_SHA256

RSAES-OAEP 4096 bit key with a SHA256 digest.

RsaDecryptOaep4096Sha512
RSA_DECRYPT_OAEP_4096_SHA512

RSAES-OAEP 4096 bit key with a SHA512 digest.

RsaDecryptOaep2048Sha1
RSA_DECRYPT_OAEP_2048_SHA1

RSAES-OAEP 2048 bit key with a SHA1 digest.

RsaDecryptOaep3072Sha1
RSA_DECRYPT_OAEP_3072_SHA1

RSAES-OAEP 3072 bit key with a SHA1 digest.

RsaDecryptOaep4096Sha1
RSA_DECRYPT_OAEP_4096_SHA1

RSAES-OAEP 4096 bit key with a SHA1 digest.

EcSignP256Sha256
EC_SIGN_P256_SHA256

ECDSA on the NIST P-256 curve with a SHA256 digest.

EcSignP384Sha384
EC_SIGN_P384_SHA384

ECDSA on the NIST P-384 curve with a SHA384 digest.

EcSignSecp256k1Sha256
EC_SIGN_SECP256K1_SHA256

ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level.

HmacSha256
HMAC_SHA256

HMAC-SHA256 signing with a 256 bit key.

ExternalSymmetricEncryption
EXTERNAL_SYMMETRIC_ENCRYPTION

Algorithm representing symmetric encryption by an external key manager.

CryptoKeyVersionAlgorithmUnspecified
CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED

Not specified.

GoogleSymmetricEncryption
GOOGLE_SYMMETRIC_ENCRYPTION

Creates symmetric encryption keys.

RsaSignPss2048Sha256
RSA_SIGN_PSS_2048_SHA256

RSASSA-PSS 2048 bit key with a SHA256 digest.

RsaSignPss3072Sha256
RSA_SIGN_PSS_3072_SHA256

RSASSA-PSS 3072 bit key with a SHA256 digest.

RsaSignPss4096Sha256
RSA_SIGN_PSS_4096_SHA256

RSASSA-PSS 4096 bit key with a SHA256 digest.

RsaSignPss4096Sha512
RSA_SIGN_PSS_4096_SHA512

RSASSA-PSS 4096 bit key with a SHA512 digest.

RsaSignPkcs12048Sha256
RSA_SIGN_PKCS1_2048_SHA256

RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

RsaSignPkcs13072Sha256
RSA_SIGN_PKCS1_3072_SHA256

RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

RsaSignPkcs14096Sha256
RSA_SIGN_PKCS1_4096_SHA256

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

RsaSignPkcs14096Sha512
RSA_SIGN_PKCS1_4096_SHA512

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

RsaSignRawPkcs12048
RSA_SIGN_RAW_PKCS1_2048

RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.

RsaSignRawPkcs13072
RSA_SIGN_RAW_PKCS1_3072

RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.

RsaSignRawPkcs14096
RSA_SIGN_RAW_PKCS1_4096

RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.

RsaDecryptOaep2048Sha256
RSA_DECRYPT_OAEP_2048_SHA256

RSAES-OAEP 2048 bit key with a SHA256 digest.

RsaDecryptOaep3072Sha256
RSA_DECRYPT_OAEP_3072_SHA256

RSAES-OAEP 3072 bit key with a SHA256 digest.

RsaDecryptOaep4096Sha256
RSA_DECRYPT_OAEP_4096_SHA256

RSAES-OAEP 4096 bit key with a SHA256 digest.

RsaDecryptOaep4096Sha512
RSA_DECRYPT_OAEP_4096_SHA512

RSAES-OAEP 4096 bit key with a SHA512 digest.

RsaDecryptOaep2048Sha1
RSA_DECRYPT_OAEP_2048_SHA1

RSAES-OAEP 2048 bit key with a SHA1 digest.

RsaDecryptOaep3072Sha1
RSA_DECRYPT_OAEP_3072_SHA1

RSAES-OAEP 3072 bit key with a SHA1 digest.

RsaDecryptOaep4096Sha1
RSA_DECRYPT_OAEP_4096_SHA1

RSAES-OAEP 4096 bit key with a SHA1 digest.

EcSignP256Sha256
EC_SIGN_P256_SHA256

ECDSA on the NIST P-256 curve with a SHA256 digest.

EcSignP384Sha384
EC_SIGN_P384_SHA384

ECDSA on the NIST P-384 curve with a SHA384 digest.

EcSignSecp256k1Sha256
EC_SIGN_SECP256K1_SHA256

ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level.

HmacSha256
HMAC_SHA256

HMAC-SHA256 signing with a 256 bit key.

ExternalSymmetricEncryption
EXTERNAL_SYMMETRIC_ENCRYPTION

Algorithm representing symmetric encryption by an external key manager.

CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED
CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED

Not specified.

GOOGLE_SYMMETRIC_ENCRYPTION
GOOGLE_SYMMETRIC_ENCRYPTION

Creates symmetric encryption keys.

RSA_SIGN_PSS2048_SHA256
RSA_SIGN_PSS_2048_SHA256

RSASSA-PSS 2048 bit key with a SHA256 digest.

RSA_SIGN_PSS3072_SHA256
RSA_SIGN_PSS_3072_SHA256

RSASSA-PSS 3072 bit key with a SHA256 digest.

RSA_SIGN_PSS4096_SHA256
RSA_SIGN_PSS_4096_SHA256

RSASSA-PSS 4096 bit key with a SHA256 digest.

RSA_SIGN_PSS4096_SHA512
RSA_SIGN_PSS_4096_SHA512

RSASSA-PSS 4096 bit key with a SHA512 digest.

RSA_SIGN_PKCS12048_SHA256
RSA_SIGN_PKCS1_2048_SHA256

RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

RSA_SIGN_PKCS13072_SHA256
RSA_SIGN_PKCS1_3072_SHA256

RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

RSA_SIGN_PKCS14096_SHA256
RSA_SIGN_PKCS1_4096_SHA256

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

RSA_SIGN_PKCS14096_SHA512
RSA_SIGN_PKCS1_4096_SHA512

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

RSA_SIGN_RAW_PKCS12048
RSA_SIGN_RAW_PKCS1_2048

RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.

RSA_SIGN_RAW_PKCS13072
RSA_SIGN_RAW_PKCS1_3072

RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.

RSA_SIGN_RAW_PKCS14096
RSA_SIGN_RAW_PKCS1_4096

RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.

RSA_DECRYPT_OAEP2048_SHA256
RSA_DECRYPT_OAEP_2048_SHA256

RSAES-OAEP 2048 bit key with a SHA256 digest.

RSA_DECRYPT_OAEP3072_SHA256
RSA_DECRYPT_OAEP_3072_SHA256

RSAES-OAEP 3072 bit key with a SHA256 digest.

RSA_DECRYPT_OAEP4096_SHA256
RSA_DECRYPT_OAEP_4096_SHA256

RSAES-OAEP 4096 bit key with a SHA256 digest.

RSA_DECRYPT_OAEP4096_SHA512
RSA_DECRYPT_OAEP_4096_SHA512

RSAES-OAEP 4096 bit key with a SHA512 digest.

RSA_DECRYPT_OAEP2048_SHA1
RSA_DECRYPT_OAEP_2048_SHA1

RSAES-OAEP 2048 bit key with a SHA1 digest.

RSA_DECRYPT_OAEP3072_SHA1
RSA_DECRYPT_OAEP_3072_SHA1

RSAES-OAEP 3072 bit key with a SHA1 digest.

RSA_DECRYPT_OAEP4096_SHA1
RSA_DECRYPT_OAEP_4096_SHA1

RSAES-OAEP 4096 bit key with a SHA1 digest.

EC_SIGN_P256_SHA256
EC_SIGN_P256_SHA256

ECDSA on the NIST P-256 curve with a SHA256 digest.

EC_SIGN_P384_SHA384
EC_SIGN_P384_SHA384

ECDSA on the NIST P-384 curve with a SHA384 digest.

EC_SIGN_SECP256K1_SHA256
EC_SIGN_SECP256K1_SHA256

ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level.

HMAC_SHA256
HMAC_SHA256

HMAC-SHA256 signing with a 256 bit key.

EXTERNAL_SYMMETRIC_ENCRYPTION
EXTERNAL_SYMMETRIC_ENCRYPTION

Algorithm representing symmetric encryption by an external key manager.

"CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED"
CRYPTO_KEY_VERSION_ALGORITHM_UNSPECIFIED

Not specified.

"GOOGLE_SYMMETRIC_ENCRYPTION"
GOOGLE_SYMMETRIC_ENCRYPTION

Creates symmetric encryption keys.

"RSA_SIGN_PSS_2048_SHA256"
RSA_SIGN_PSS_2048_SHA256

RSASSA-PSS 2048 bit key with a SHA256 digest.

"RSA_SIGN_PSS_3072_SHA256"
RSA_SIGN_PSS_3072_SHA256

RSASSA-PSS 3072 bit key with a SHA256 digest.

"RSA_SIGN_PSS_4096_SHA256"
RSA_SIGN_PSS_4096_SHA256

RSASSA-PSS 4096 bit key with a SHA256 digest.

"RSA_SIGN_PSS_4096_SHA512"
RSA_SIGN_PSS_4096_SHA512

RSASSA-PSS 4096 bit key with a SHA512 digest.

"RSA_SIGN_PKCS1_2048_SHA256"
RSA_SIGN_PKCS1_2048_SHA256

RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

"RSA_SIGN_PKCS1_3072_SHA256"
RSA_SIGN_PKCS1_3072_SHA256

RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

"RSA_SIGN_PKCS1_4096_SHA256"
RSA_SIGN_PKCS1_4096_SHA256

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

"RSA_SIGN_PKCS1_4096_SHA512"
RSA_SIGN_PKCS1_4096_SHA512

RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

"RSA_SIGN_RAW_PKCS1_2048"
RSA_SIGN_RAW_PKCS1_2048

RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.

"RSA_SIGN_RAW_PKCS1_3072"
RSA_SIGN_RAW_PKCS1_3072

RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.

"RSA_SIGN_RAW_PKCS1_4096"
RSA_SIGN_RAW_PKCS1_4096

RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.

"RSA_DECRYPT_OAEP_2048_SHA256"
RSA_DECRYPT_OAEP_2048_SHA256

RSAES-OAEP 2048 bit key with a SHA256 digest.

"RSA_DECRYPT_OAEP_3072_SHA256"
RSA_DECRYPT_OAEP_3072_SHA256

RSAES-OAEP 3072 bit key with a SHA256 digest.

"RSA_DECRYPT_OAEP_4096_SHA256"
RSA_DECRYPT_OAEP_4096_SHA256

RSAES-OAEP 4096 bit key with a SHA256 digest.

"RSA_DECRYPT_OAEP_4096_SHA512"
RSA_DECRYPT_OAEP_4096_SHA512

RSAES-OAEP 4096 bit key with a SHA512 digest.

"RSA_DECRYPT_OAEP_2048_SHA1"
RSA_DECRYPT_OAEP_2048_SHA1

RSAES-OAEP 2048 bit key with a SHA1 digest.

"RSA_DECRYPT_OAEP_3072_SHA1"
RSA_DECRYPT_OAEP_3072_SHA1

RSAES-OAEP 3072 bit key with a SHA1 digest.

"RSA_DECRYPT_OAEP_4096_SHA1"
RSA_DECRYPT_OAEP_4096_SHA1

RSAES-OAEP 4096 bit key with a SHA1 digest.

"EC_SIGN_P256_SHA256"
EC_SIGN_P256_SHA256

ECDSA on the NIST P-256 curve with a SHA256 digest.

"EC_SIGN_P384_SHA384"
EC_SIGN_P384_SHA384

ECDSA on the NIST P-384 curve with a SHA384 digest.

"EC_SIGN_SECP256K1_SHA256"
EC_SIGN_SECP256K1_SHA256

ECDSA on the non-NIST secp256k1 curve. This curve is only supported for HSM protection level.

"HMAC_SHA256"
HMAC_SHA256

HMAC-SHA256 signing with a 256 bit key.

"EXTERNAL_SYMMETRIC_ENCRYPTION"
EXTERNAL_SYMMETRIC_ENCRYPTION

Algorithm representing symmetric encryption by an external key manager.

CryptoKeyVersionTemplateProtectionLevel

ProtectionLevelUnspecified
PROTECTION_LEVEL_UNSPECIFIED

Not specified.

Software
SOFTWARE

Crypto operations are performed in software.

Hsm
HSM

Crypto operations are performed in a Hardware Security Module.

External
EXTERNAL

Crypto operations are performed by an external key manager.

ExternalVpc
EXTERNAL_VPC

Crypto operations are performed in an EKM-over-VPC backend.

CryptoKeyVersionTemplateProtectionLevelProtectionLevelUnspecified
PROTECTION_LEVEL_UNSPECIFIED

Not specified.

CryptoKeyVersionTemplateProtectionLevelSoftware
SOFTWARE

Crypto operations are performed in software.

CryptoKeyVersionTemplateProtectionLevelHsm
HSM

Crypto operations are performed in a Hardware Security Module.

CryptoKeyVersionTemplateProtectionLevelExternal
EXTERNAL

Crypto operations are performed by an external key manager.

CryptoKeyVersionTemplateProtectionLevelExternalVpc
EXTERNAL_VPC

Crypto operations are performed in an EKM-over-VPC backend.

ProtectionLevelUnspecified
PROTECTION_LEVEL_UNSPECIFIED

Not specified.

Software
SOFTWARE

Crypto operations are performed in software.

Hsm
HSM

Crypto operations are performed in a Hardware Security Module.

External
EXTERNAL

Crypto operations are performed by an external key manager.

ExternalVpc
EXTERNAL_VPC

Crypto operations are performed in an EKM-over-VPC backend.

ProtectionLevelUnspecified
PROTECTION_LEVEL_UNSPECIFIED

Not specified.

Software
SOFTWARE

Crypto operations are performed in software.

Hsm
HSM

Crypto operations are performed in a Hardware Security Module.

External
EXTERNAL

Crypto operations are performed by an external key manager.

ExternalVpc
EXTERNAL_VPC

Crypto operations are performed in an EKM-over-VPC backend.

PROTECTION_LEVEL_UNSPECIFIED
PROTECTION_LEVEL_UNSPECIFIED

Not specified.

SOFTWARE
SOFTWARE

Crypto operations are performed in software.

HSM
HSM

Crypto operations are performed in a Hardware Security Module.

EXTERNAL
EXTERNAL

Crypto operations are performed by an external key manager.

EXTERNAL_VPC
EXTERNAL_VPC

Crypto operations are performed in an EKM-over-VPC backend.

"PROTECTION_LEVEL_UNSPECIFIED"
PROTECTION_LEVEL_UNSPECIFIED

Not specified.

"SOFTWARE"
SOFTWARE

Crypto operations are performed in software.

"HSM"
HSM

Crypto operations are performed in a Hardware Security Module.

"EXTERNAL"
EXTERNAL

Crypto operations are performed by an external key manager.

"EXTERNAL_VPC"
EXTERNAL_VPC

Crypto operations are performed in an EKM-over-VPC backend.

CryptoKeyVersionTemplateResponse

Algorithm string

Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

ProtectionLevel string

ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

Algorithm string

Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

ProtectionLevel string

ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

algorithm String

Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

protectionLevel String

ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

algorithm string

Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

protectionLevel string

ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

algorithm str

Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

protection_level str

ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

algorithm String

Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.

protectionLevel String

ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

ExternalProtectionLevelOptionsResponse

EkmConnectionKeyPath string

The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.

ExternalKeyUri string

The URI for an external resource that this CryptoKeyVersion represents.

EkmConnectionKeyPath string

The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.

ExternalKeyUri string

The URI for an external resource that this CryptoKeyVersion represents.

ekmConnectionKeyPath String

The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.

externalKeyUri String

The URI for an external resource that this CryptoKeyVersion represents.

ekmConnectionKeyPath string

The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.

externalKeyUri string

The URI for an external resource that this CryptoKeyVersion represents.

ekm_connection_key_path str

The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.

external_key_uri str

The URI for an external resource that this CryptoKeyVersion represents.

ekmConnectionKeyPath String

The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.

externalKeyUri String

The URI for an external resource that this CryptoKeyVersion represents.

KeyOperationAttestationResponse

CertChains Pulumi.GoogleNative.Cloudkms.V1.Inputs.CertificateChainsResponse

The certificate chains needed to validate the attestation

Content string

The attestation data provided by the HSM when the key operation was performed.

Format string

The format of the attestation data.

CertChains CertificateChainsResponse

The certificate chains needed to validate the attestation

Content string

The attestation data provided by the HSM when the key operation was performed.

Format string

The format of the attestation data.

certChains CertificateChainsResponse

The certificate chains needed to validate the attestation

content String

The attestation data provided by the HSM when the key operation was performed.

format String

The format of the attestation data.

certChains CertificateChainsResponse

The certificate chains needed to validate the attestation

content string

The attestation data provided by the HSM when the key operation was performed.

format string

The format of the attestation data.

cert_chains CertificateChainsResponse

The certificate chains needed to validate the attestation

content str

The attestation data provided by the HSM when the key operation was performed.

format str

The format of the attestation data.

certChains Property Map

The certificate chains needed to validate the attestation

content String

The attestation data provided by the HSM when the key operation was performed.

format String

The format of the attestation data.

Package Details

Repository
https://github.com/pulumi/pulumi-google-native
License
Apache-2.0