Docs
PackagesGoogle Cloud Native is in preview. Google Cloud Classic is fully supported.
google-native.cloudkms/v1.CryptoKeyVersion
Explore with Pulumi AI
Google Cloud Native is in preview. Google Cloud Classic is fully supported.
Create a new CryptoKeyVersion in a CryptoKey. The server will assign the next sequential id. If unset, state will be set to ENABLED. Note - this resource’s API doesn’t support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.
Create CryptoKeyVersion Resource
new CryptoKeyVersion(name: string, args: CryptoKeyVersionArgs, opts?: CustomResourceOptions);@overload
def CryptoKeyVersion(resource_name: str,
opts: Optional[ResourceOptions] = None,
crypto_key_id: Optional[str] = None,
external_protection_level_options: Optional[ExternalProtectionLevelOptionsArgs] = None,
key_ring_id: Optional[str] = None,
location: Optional[str] = None,
project: Optional[str] = None,
state: Optional[CryptoKeyVersionState] = None)
@overload
def CryptoKeyVersion(resource_name: str,
args: CryptoKeyVersionArgs,
opts: Optional[ResourceOptions] = None)func NewCryptoKeyVersion(ctx *Context, name string, args CryptoKeyVersionArgs, opts ...ResourceOption) (*CryptoKeyVersion, error)public CryptoKeyVersion(string name, CryptoKeyVersionArgs args, CustomResourceOptions? opts = null)
public CryptoKeyVersion(String name, CryptoKeyVersionArgs args)
public CryptoKeyVersion(String name, CryptoKeyVersionArgs args, CustomResourceOptions options)
type: google-native:cloudkms/v1:CryptoKeyVersion
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CryptoKeyVersionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CryptoKeyVersionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CryptoKeyVersionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CryptoKeyVersionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CryptoKeyVersionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
CryptoKeyVersion Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The CryptoKeyVersion resource accepts the following input properties:
- Key
Ring stringId - Crypto
Key stringId - External
Protection Pulumi.Level Options Google Native. Cloudkms. V1. Inputs. External Protection Level Options ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
- Location string
- Project string
- State
Pulumi.
Google Native. Cloudkms. V1. Crypto Key Version State The current state of the CryptoKeyVersion.
- Key
Ring stringId - Crypto
Key stringId - External
Protection ExternalLevel Options Protection Level Options Args ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
- Location string
- Project string
- State
Crypto
Key Version State Enum The current state of the CryptoKeyVersion.
- key
Ring StringId - crypto
Key StringId - external
Protection ExternalLevel Options Protection Level Options ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
- location String
- project String
- state
Crypto
Key Version State The current state of the CryptoKeyVersion.
- key
Ring stringId - crypto
Key stringId - external
Protection ExternalLevel Options Protection Level Options ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
- location string
- project string
- state
Crypto
Key Version State The current state of the CryptoKeyVersion.
- key_
ring_ strid - crypto_
key_ strid - external_
protection_ Externallevel_ options Protection Level Options Args ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
- location str
- project str
- state
Crypto
Key Version State The current state of the CryptoKeyVersion.
- key
Ring StringId - crypto
Key StringId - external
Protection Property MapLevel Options ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
- location String
- project String
- state "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED" | "PENDING_GENERATION" | "ENABLED" | "DISABLED" | "DESTROYED" | "DESTROY_SCHEDULED" | "PENDING_IMPORT" | "IMPORT_FAILED" | "GENERATION_FAILED" | "PENDING_EXTERNAL_DESTRUCTION" | "EXTERNAL_DESTRUCTION_FAILED"
The current state of the CryptoKeyVersion.
Outputs
All input properties are implicitly available as output properties. Additionally, the CryptoKeyVersion resource produces the following output properties:
- Algorithm string
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- Attestation
Pulumi.
Google Native. Cloudkms. V1. Outputs. Key Operation Attestation Response Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
- Create
Time string The time at which this CryptoKeyVersion was created.
- Destroy
Event stringTime The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
- Destroy
Time string The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
- External
Destruction stringFailure Reason The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
- Generate
Time string The time this CryptoKeyVersion's key material was generated.
- Generation
Failure stringReason The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
- Id string
The provider-assigned unique ID for this managed resource.
- Import
Failure stringReason The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
- Import
Job string The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
- Import
Time string The time at which this CryptoKeyVersion's key material was most recently imported.
- Name string
The resource name for this CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.- Protection
Level string The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- Reimport
Eligible bool Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
- Algorithm string
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- Attestation
Key
Operation Attestation Response Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
- Create
Time string The time at which this CryptoKeyVersion was created.
- Destroy
Event stringTime The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
- Destroy
Time string The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
- External
Destruction stringFailure Reason The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
- Generate
Time string The time this CryptoKeyVersion's key material was generated.
- Generation
Failure stringReason The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
- Id string
The provider-assigned unique ID for this managed resource.
- Import
Failure stringReason The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
- Import
Job string The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
- Import
Time string The time at which this CryptoKeyVersion's key material was most recently imported.
- Name string
The resource name for this CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.- Protection
Level string The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- Reimport
Eligible bool Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
- algorithm String
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- attestation
Key
Operation Attestation Response Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
- create
Time String The time at which this CryptoKeyVersion was created.
- destroy
Event StringTime The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
- destroy
Time String The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
- external
Destruction StringFailure Reason The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
- generate
Time String The time this CryptoKeyVersion's key material was generated.
- generation
Failure StringReason The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
- id String
The provider-assigned unique ID for this managed resource.
- import
Failure StringReason The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
- import
Job String The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
- import
Time String The time at which this CryptoKeyVersion's key material was most recently imported.
- name String
The resource name for this CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.- protection
Level String The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- reimport
Eligible Boolean Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
- algorithm string
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- attestation
Key
Operation Attestation Response Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
- create
Time string The time at which this CryptoKeyVersion was created.
- destroy
Event stringTime The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
- destroy
Time string The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
- external
Destruction stringFailure Reason The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
- generate
Time string The time this CryptoKeyVersion's key material was generated.
- generation
Failure stringReason The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
- id string
The provider-assigned unique ID for this managed resource.
- import
Failure stringReason The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
- import
Job string The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
- import
Time string The time at which this CryptoKeyVersion's key material was most recently imported.
- name string
The resource name for this CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.- protection
Level string The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- reimport
Eligible boolean Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
- algorithm str
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- attestation
Key
Operation Attestation Response Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
- create_
time str The time at which this CryptoKeyVersion was created.
- destroy_
event_ strtime The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
- destroy_
time str The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
- external_
destruction_ strfailure_ reason The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
- generate_
time str The time this CryptoKeyVersion's key material was generated.
- generation_
failure_ strreason The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
- id str
The provider-assigned unique ID for this managed resource.
- import_
failure_ strreason The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
- import_
job str The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
- import_
time str The time at which this CryptoKeyVersion's key material was most recently imported.
- name str
The resource name for this CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.- protection_
level str The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- reimport_
eligible bool Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
- algorithm String
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- attestation Property Map
Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
- create
Time String The time at which this CryptoKeyVersion was created.
- destroy
Event StringTime The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
- destroy
Time String The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
- external
Destruction StringFailure Reason The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
- generate
Time String The time this CryptoKeyVersion's key material was generated.
- generation
Failure StringReason The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
- id String
The provider-assigned unique ID for this managed resource.
- import
Failure StringReason The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
- import
Job String The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
- import
Time String The time at which this CryptoKeyVersion's key material was most recently imported.
- name String
The resource name for this CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.- protection
Level String The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- reimport
Eligible Boolean Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
Supporting Types
CertificateChainsResponse, CertificateChainsResponseArgs
- Cavium
Certs List<string> Cavium certificate chain corresponding to the attestation.
- Google
Card List<string>Certs Google card certificate chain corresponding to the attestation.
- Google
Partition List<string>Certs Google partition certificate chain corresponding to the attestation.
- Cavium
Certs []string Cavium certificate chain corresponding to the attestation.
- Google
Card []stringCerts Google card certificate chain corresponding to the attestation.
- Google
Partition []stringCerts Google partition certificate chain corresponding to the attestation.
- cavium
Certs List<String> Cavium certificate chain corresponding to the attestation.
- google
Card List<String>Certs Google card certificate chain corresponding to the attestation.
- google
Partition List<String>Certs Google partition certificate chain corresponding to the attestation.
- cavium
Certs string[] Cavium certificate chain corresponding to the attestation.
- google
Card string[]Certs Google card certificate chain corresponding to the attestation.
- google
Partition string[]Certs Google partition certificate chain corresponding to the attestation.
- cavium_
certs Sequence[str] Cavium certificate chain corresponding to the attestation.
- google_
card_ Sequence[str]certs Google card certificate chain corresponding to the attestation.
- google_
partition_ Sequence[str]certs Google partition certificate chain corresponding to the attestation.
- cavium
Certs List<String> Cavium certificate chain corresponding to the attestation.
- google
Card List<String>Certs Google card certificate chain corresponding to the attestation.
- google
Partition List<String>Certs Google partition certificate chain corresponding to the attestation.
CryptoKeyVersionState, CryptoKeyVersionStateArgs
- Crypto
Key Version State Unspecified - CRYPTO_KEY_VERSION_STATE_UNSPECIFIED
Not specified.
- Pending
Generation - PENDING_GENERATION
This version is still being generated. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
- Enabled
- ENABLED
This version may be used for cryptographic operations.
- Disabled
- DISABLED
This version may not be used, but the key material is still available, and the version can be placed back into the ENABLED state.
- Destroyed
- DESTROYED
This version is destroyed, and the key material is no longer stored. This version may only become ENABLED again if this version is reimport_eligible and the original key material is reimported with a call to KeyManagementService.ImportCryptoKeyVersion.
- Destroy
Scheduled - DESTROY_SCHEDULED
This version is scheduled for destruction, and will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the DISABLED state.
- Pending
Import - PENDING_IMPORT
This version is still being imported. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
- Import
Failed - IMPORT_FAILED
This version was not imported successfully. It may not be used, enabled, disabled, or destroyed. The submitted key material has been discarded. Additional details can be found in CryptoKeyVersion.import_failure_reason.
- Generation
Failed - GENERATION_FAILED
This version was not generated successfully. It may not be used, enabled, disabled, or destroyed. Additional details can be found in CryptoKeyVersion.generation_failure_reason.
- Pending
External Destruction - PENDING_EXTERNAL_DESTRUCTION
This version was destroyed, and it may not be used or enabled again. Cloud KMS is waiting for the corresponding key material residing in an external key manager to be destroyed.
- External
Destruction Failed - EXTERNAL_DESTRUCTION_FAILED
This version was destroyed, and it may not be used or enabled again. However, Cloud KMS could not confirm that the corresponding key material residing in an external key manager was destroyed. Additional details can be found in CryptoKeyVersion.external_destruction_failure_reason.
- Crypto
Key Version State Crypto Key Version State Unspecified - CRYPTO_KEY_VERSION_STATE_UNSPECIFIED
Not specified.
- Crypto
Key Version State Pending Generation - PENDING_GENERATION
This version is still being generated. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
- Crypto
Key Version State Enabled - ENABLED
This version may be used for cryptographic operations.
- Crypto
Key Version State Disabled - DISABLED
This version may not be used, but the key material is still available, and the version can be placed back into the ENABLED state.
- Crypto
Key Version State Destroyed - DESTROYED
This version is destroyed, and the key material is no longer stored. This version may only become ENABLED again if this version is reimport_eligible and the original key material is reimported with a call to KeyManagementService.ImportCryptoKeyVersion.
- Crypto
Key Version State Destroy Scheduled - DESTROY_SCHEDULED
This version is scheduled for destruction, and will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the DISABLED state.
- Crypto
Key Version State Pending Import - PENDING_IMPORT
This version is still being imported. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
- Crypto
Key Version State Import Failed - IMPORT_FAILED
This version was not imported successfully. It may not be used, enabled, disabled, or destroyed. The submitted key material has been discarded. Additional details can be found in CryptoKeyVersion.import_failure_reason.
- Crypto
Key Version State Generation Failed - GENERATION_FAILED
This version was not generated successfully. It may not be used, enabled, disabled, or destroyed. Additional details can be found in CryptoKeyVersion.generation_failure_reason.
- Crypto
Key Version State Pending External Destruction - PENDING_EXTERNAL_DESTRUCTION
This version was destroyed, and it may not be used or enabled again. Cloud KMS is waiting for the corresponding key material residing in an external key manager to be destroyed.
- Crypto
Key Version State External Destruction Failed - EXTERNAL_DESTRUCTION_FAILED
This version was destroyed, and it may not be used or enabled again. However, Cloud KMS could not confirm that the corresponding key material residing in an external key manager was destroyed. Additional details can be found in CryptoKeyVersion.external_destruction_failure_reason.
- Crypto
Key Version State Unspecified - CRYPTO_KEY_VERSION_STATE_UNSPECIFIED
Not specified.
- Pending
Generation - PENDING_GENERATION
This version is still being generated. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
- Enabled
- ENABLED
This version may be used for cryptographic operations.
- Disabled
- DISABLED
This version may not be used, but the key material is still available, and the version can be placed back into the ENABLED state.
- Destroyed
- DESTROYED
This version is destroyed, and the key material is no longer stored. This version may only become ENABLED again if this version is reimport_eligible and the original key material is reimported with a call to KeyManagementService.ImportCryptoKeyVersion.
- Destroy
Scheduled - DESTROY_SCHEDULED
This version is scheduled for destruction, and will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the DISABLED state.
- Pending
Import - PENDING_IMPORT
This version is still being imported. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
- Import
Failed - IMPORT_FAILED
This version was not imported successfully. It may not be used, enabled, disabled, or destroyed. The submitted key material has been discarded. Additional details can be found in CryptoKeyVersion.import_failure_reason.
- Generation
Failed - GENERATION_FAILED
This version was not generated successfully. It may not be used, enabled, disabled, or destroyed. Additional details can be found in CryptoKeyVersion.generation_failure_reason.
- Pending
External Destruction - PENDING_EXTERNAL_DESTRUCTION
This version was destroyed, and it may not be used or enabled again. Cloud KMS is waiting for the corresponding key material residing in an external key manager to be destroyed.
- External
Destruction Failed - EXTERNAL_DESTRUCTION_FAILED
This version was destroyed, and it may not be used or enabled again. However, Cloud KMS could not confirm that the corresponding key material residing in an external key manager was destroyed. Additional details can be found in CryptoKeyVersion.external_destruction_failure_reason.
- Crypto
Key Version State Unspecified - CRYPTO_KEY_VERSION_STATE_UNSPECIFIED
Not specified.
- Pending
Generation - PENDING_GENERATION
This version is still being generated. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
- Enabled
- ENABLED
This version may be used for cryptographic operations.
- Disabled
- DISABLED
This version may not be used, but the key material is still available, and the version can be placed back into the ENABLED state.
- Destroyed
- DESTROYED
This version is destroyed, and the key material is no longer stored. This version may only become ENABLED again if this version is reimport_eligible and the original key material is reimported with a call to KeyManagementService.ImportCryptoKeyVersion.
- Destroy
Scheduled - DESTROY_SCHEDULED
This version is scheduled for destruction, and will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the DISABLED state.
- Pending
Import - PENDING_IMPORT
This version is still being imported. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
- Import
Failed - IMPORT_FAILED
This version was not imported successfully. It may not be used, enabled, disabled, or destroyed. The submitted key material has been discarded. Additional details can be found in CryptoKeyVersion.import_failure_reason.
- Generation
Failed - GENERATION_FAILED
This version was not generated successfully. It may not be used, enabled, disabled, or destroyed. Additional details can be found in CryptoKeyVersion.generation_failure_reason.
- Pending
External Destruction - PENDING_EXTERNAL_DESTRUCTION
This version was destroyed, and it may not be used or enabled again. Cloud KMS is waiting for the corresponding key material residing in an external key manager to be destroyed.
- External
Destruction Failed - EXTERNAL_DESTRUCTION_FAILED
This version was destroyed, and it may not be used or enabled again. However, Cloud KMS could not confirm that the corresponding key material residing in an external key manager was destroyed. Additional details can be found in CryptoKeyVersion.external_destruction_failure_reason.
- CRYPTO_KEY_VERSION_STATE_UNSPECIFIED
- CRYPTO_KEY_VERSION_STATE_UNSPECIFIED
Not specified.
- PENDING_GENERATION
- PENDING_GENERATION
This version is still being generated. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
- ENABLED
- ENABLED
This version may be used for cryptographic operations.
- DISABLED
- DISABLED
This version may not be used, but the key material is still available, and the version can be placed back into the ENABLED state.
- DESTROYED
- DESTROYED
This version is destroyed, and the key material is no longer stored. This version may only become ENABLED again if this version is reimport_eligible and the original key material is reimported with a call to KeyManagementService.ImportCryptoKeyVersion.
- DESTROY_SCHEDULED
- DESTROY_SCHEDULED
This version is scheduled for destruction, and will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the DISABLED state.
- PENDING_IMPORT
- PENDING_IMPORT
This version is still being imported. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
- IMPORT_FAILED
- IMPORT_FAILED
This version was not imported successfully. It may not be used, enabled, disabled, or destroyed. The submitted key material has been discarded. Additional details can be found in CryptoKeyVersion.import_failure_reason.
- GENERATION_FAILED
- GENERATION_FAILED
This version was not generated successfully. It may not be used, enabled, disabled, or destroyed. Additional details can be found in CryptoKeyVersion.generation_failure_reason.
- PENDING_EXTERNAL_DESTRUCTION
- PENDING_EXTERNAL_DESTRUCTION
This version was destroyed, and it may not be used or enabled again. Cloud KMS is waiting for the corresponding key material residing in an external key manager to be destroyed.
- EXTERNAL_DESTRUCTION_FAILED
- EXTERNAL_DESTRUCTION_FAILED
This version was destroyed, and it may not be used or enabled again. However, Cloud KMS could not confirm that the corresponding key material residing in an external key manager was destroyed. Additional details can be found in CryptoKeyVersion.external_destruction_failure_reason.
- "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED"
- CRYPTO_KEY_VERSION_STATE_UNSPECIFIED
Not specified.
- "PENDING_GENERATION"
- PENDING_GENERATION
This version is still being generated. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
- "ENABLED"
- ENABLED
This version may be used for cryptographic operations.
- "DISABLED"
- DISABLED
This version may not be used, but the key material is still available, and the version can be placed back into the ENABLED state.
- "DESTROYED"
- DESTROYED
This version is destroyed, and the key material is no longer stored. This version may only become ENABLED again if this version is reimport_eligible and the original key material is reimported with a call to KeyManagementService.ImportCryptoKeyVersion.
- "DESTROY_SCHEDULED"
- DESTROY_SCHEDULED
This version is scheduled for destruction, and will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the DISABLED state.
- "PENDING_IMPORT"
- PENDING_IMPORT
This version is still being imported. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
- "IMPORT_FAILED"
- IMPORT_FAILED
This version was not imported successfully. It may not be used, enabled, disabled, or destroyed. The submitted key material has been discarded. Additional details can be found in CryptoKeyVersion.import_failure_reason.
- "GENERATION_FAILED"
- GENERATION_FAILED
This version was not generated successfully. It may not be used, enabled, disabled, or destroyed. Additional details can be found in CryptoKeyVersion.generation_failure_reason.
- "PENDING_EXTERNAL_DESTRUCTION"
- PENDING_EXTERNAL_DESTRUCTION
This version was destroyed, and it may not be used or enabled again. Cloud KMS is waiting for the corresponding key material residing in an external key manager to be destroyed.
- "EXTERNAL_DESTRUCTION_FAILED"
- EXTERNAL_DESTRUCTION_FAILED
This version was destroyed, and it may not be used or enabled again. However, Cloud KMS could not confirm that the corresponding key material residing in an external key manager was destroyed. Additional details can be found in CryptoKeyVersion.external_destruction_failure_reason.
ExternalProtectionLevelOptions, ExternalProtectionLevelOptionsArgs
- Ekm
Connection stringKey Path The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- External
Key stringUri The URI for an external resource that this CryptoKeyVersion represents.
- Ekm
Connection stringKey Path The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- External
Key stringUri The URI for an external resource that this CryptoKeyVersion represents.
- ekm
Connection StringKey Path The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- external
Key StringUri The URI for an external resource that this CryptoKeyVersion represents.
- ekm
Connection stringKey Path The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- external
Key stringUri The URI for an external resource that this CryptoKeyVersion represents.
- ekm_
connection_ strkey_ path The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- external_
key_ struri The URI for an external resource that this CryptoKeyVersion represents.
- ekm
Connection StringKey Path The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- external
Key StringUri The URI for an external resource that this CryptoKeyVersion represents.
ExternalProtectionLevelOptionsResponse, ExternalProtectionLevelOptionsResponseArgs
- Ekm
Connection stringKey Path The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- External
Key stringUri The URI for an external resource that this CryptoKeyVersion represents.
- Ekm
Connection stringKey Path The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- External
Key stringUri The URI for an external resource that this CryptoKeyVersion represents.
- ekm
Connection StringKey Path The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- external
Key StringUri The URI for an external resource that this CryptoKeyVersion represents.
- ekm
Connection stringKey Path The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- external
Key stringUri The URI for an external resource that this CryptoKeyVersion represents.
- ekm_
connection_ strkey_ path The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- external_
key_ struri The URI for an external resource that this CryptoKeyVersion represents.
- ekm
Connection StringKey Path The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- external
Key StringUri The URI for an external resource that this CryptoKeyVersion represents.
KeyOperationAttestationResponse, KeyOperationAttestationResponseArgs
- Cert
Chains Pulumi.Google Native. Cloudkms. V1. Inputs. Certificate Chains Response The certificate chains needed to validate the attestation
- Content string
The attestation data provided by the HSM when the key operation was performed.
- Format string
The format of the attestation data.
- Cert
Chains CertificateChains Response The certificate chains needed to validate the attestation
- Content string
The attestation data provided by the HSM when the key operation was performed.
- Format string
The format of the attestation data.
- cert
Chains CertificateChains Response The certificate chains needed to validate the attestation
- content String
The attestation data provided by the HSM when the key operation was performed.
- format String
The format of the attestation data.
- cert
Chains CertificateChains Response The certificate chains needed to validate the attestation
- content string
The attestation data provided by the HSM when the key operation was performed.
- format string
The format of the attestation data.
- cert_
chains CertificateChains Response The certificate chains needed to validate the attestation
- content str
The attestation data provided by the HSM when the key operation was performed.
- format str
The format of the attestation data.
- cert
Chains Property Map The certificate chains needed to validate the attestation
- content String
The attestation data provided by the HSM when the key operation was performed.
- format String
The format of the attestation data.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0
Google Cloud Native is in preview. Google Cloud Classic is fully supported.