1. Packages
  2. Google Cloud Native
  3. API Docs
  4. cloudkms
  5. cloudkms/v1
  6. getCryptoKey

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

google-native.cloudkms/v1.getCryptoKey

Explore with Pulumi AI

google-native logo

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

    Returns metadata for a given CryptoKey, as well as its primary CryptoKeyVersion.

    Using getCryptoKey

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getCryptoKey(args: GetCryptoKeyArgs, opts?: InvokeOptions): Promise<GetCryptoKeyResult>
    function getCryptoKeyOutput(args: GetCryptoKeyOutputArgs, opts?: InvokeOptions): Output<GetCryptoKeyResult>
    def get_crypto_key(crypto_key_id: Optional[str] = None,
                       key_ring_id: Optional[str] = None,
                       location: Optional[str] = None,
                       project: Optional[str] = None,
                       opts: Optional[InvokeOptions] = None) -> GetCryptoKeyResult
    def get_crypto_key_output(crypto_key_id: Optional[pulumi.Input[str]] = None,
                       key_ring_id: Optional[pulumi.Input[str]] = None,
                       location: Optional[pulumi.Input[str]] = None,
                       project: Optional[pulumi.Input[str]] = None,
                       opts: Optional[InvokeOptions] = None) -> Output[GetCryptoKeyResult]
    func LookupCryptoKey(ctx *Context, args *LookupCryptoKeyArgs, opts ...InvokeOption) (*LookupCryptoKeyResult, error)
    func LookupCryptoKeyOutput(ctx *Context, args *LookupCryptoKeyOutputArgs, opts ...InvokeOption) LookupCryptoKeyResultOutput

    > Note: This function is named LookupCryptoKey in the Go SDK.

    public static class GetCryptoKey 
    {
        public static Task<GetCryptoKeyResult> InvokeAsync(GetCryptoKeyArgs args, InvokeOptions? opts = null)
        public static Output<GetCryptoKeyResult> Invoke(GetCryptoKeyInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetCryptoKeyResult> getCryptoKey(GetCryptoKeyArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: google-native:cloudkms/v1:getCryptoKey
      arguments:
        # arguments dictionary

    The following arguments are supported:

    CryptoKeyId string
    KeyRingId string
    Location string
    Project string
    CryptoKeyId string
    KeyRingId string
    Location string
    Project string
    cryptoKeyId String
    keyRingId String
    location String
    project String
    cryptoKeyId string
    keyRingId string
    location string
    project string
    cryptoKeyId String
    keyRingId String
    location String
    project String

    getCryptoKey Result

    The following output properties are available:

    CreateTime string
    The time at which this CryptoKey was created.
    CryptoKeyBackend string
    Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.
    DestroyScheduledDuration string
    Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
    ImportOnly bool
    Immutable. Whether this key may contain imported versions only.
    Labels Dictionary<string, string>
    Labels with user-defined metadata. For more information, see Labeling Keys.
    Name string
    The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.
    NextRotationTime string
    At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
    Primary Pulumi.GoogleNative.Cloudkms.V1.Outputs.CryptoKeyVersionResponse
    A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.
    Purpose string
    Immutable. The immutable purpose of this CryptoKey.
    RotationPeriod string
    next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
    VersionTemplate Pulumi.GoogleNative.Cloudkms.V1.Outputs.CryptoKeyVersionTemplateResponse
    A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.
    CreateTime string
    The time at which this CryptoKey was created.
    CryptoKeyBackend string
    Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.
    DestroyScheduledDuration string
    Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
    ImportOnly bool
    Immutable. Whether this key may contain imported versions only.
    Labels map[string]string
    Labels with user-defined metadata. For more information, see Labeling Keys.
    Name string
    The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.
    NextRotationTime string
    At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
    Primary CryptoKeyVersionResponse
    A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.
    Purpose string
    Immutable. The immutable purpose of this CryptoKey.
    RotationPeriod string
    next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
    VersionTemplate CryptoKeyVersionTemplateResponse
    A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.
    createTime String
    The time at which this CryptoKey was created.
    cryptoKeyBackend String
    Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.
    destroyScheduledDuration String
    Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
    importOnly Boolean
    Immutable. Whether this key may contain imported versions only.
    labels Map<String,String>
    Labels with user-defined metadata. For more information, see Labeling Keys.
    name String
    The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.
    nextRotationTime String
    At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
    primary CryptoKeyVersionResponse
    A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.
    purpose String
    Immutable. The immutable purpose of this CryptoKey.
    rotationPeriod String
    next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
    versionTemplate CryptoKeyVersionTemplateResponse
    A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.
    createTime string
    The time at which this CryptoKey was created.
    cryptoKeyBackend string
    Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.
    destroyScheduledDuration string
    Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
    importOnly boolean
    Immutable. Whether this key may contain imported versions only.
    labels {[key: string]: string}
    Labels with user-defined metadata. For more information, see Labeling Keys.
    name string
    The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.
    nextRotationTime string
    At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
    primary CryptoKeyVersionResponse
    A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.
    purpose string
    Immutable. The immutable purpose of this CryptoKey.
    rotationPeriod string
    next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
    versionTemplate CryptoKeyVersionTemplateResponse
    A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.
    create_time str
    The time at which this CryptoKey was created.
    crypto_key_backend str
    Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.
    destroy_scheduled_duration str
    Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
    import_only bool
    Immutable. Whether this key may contain imported versions only.
    labels Mapping[str, str]
    Labels with user-defined metadata. For more information, see Labeling Keys.
    name str
    The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.
    next_rotation_time str
    At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
    primary CryptoKeyVersionResponse
    A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.
    purpose str
    Immutable. The immutable purpose of this CryptoKey.
    rotation_period str
    next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
    version_template CryptoKeyVersionTemplateResponse
    A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.
    createTime String
    The time at which this CryptoKey was created.
    cryptoKeyBackend String
    Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.
    destroyScheduledDuration String
    Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
    importOnly Boolean
    Immutable. Whether this key may contain imported versions only.
    labels Map<String>
    Labels with user-defined metadata. For more information, see Labeling Keys.
    name String
    The resource name for this CryptoKey in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.
    nextRotationTime String
    At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
    primary Property Map
    A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.
    purpose String
    Immutable. The immutable purpose of this CryptoKey.
    rotationPeriod String
    next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
    versionTemplate Property Map
    A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.

    Supporting Types

    CertificateChainsResponse

    CaviumCerts List<string>
    Cavium certificate chain corresponding to the attestation.
    GoogleCardCerts List<string>
    Google card certificate chain corresponding to the attestation.
    GooglePartitionCerts List<string>
    Google partition certificate chain corresponding to the attestation.
    CaviumCerts []string
    Cavium certificate chain corresponding to the attestation.
    GoogleCardCerts []string
    Google card certificate chain corresponding to the attestation.
    GooglePartitionCerts []string
    Google partition certificate chain corresponding to the attestation.
    caviumCerts List<String>
    Cavium certificate chain corresponding to the attestation.
    googleCardCerts List<String>
    Google card certificate chain corresponding to the attestation.
    googlePartitionCerts List<String>
    Google partition certificate chain corresponding to the attestation.
    caviumCerts string[]
    Cavium certificate chain corresponding to the attestation.
    googleCardCerts string[]
    Google card certificate chain corresponding to the attestation.
    googlePartitionCerts string[]
    Google partition certificate chain corresponding to the attestation.
    cavium_certs Sequence[str]
    Cavium certificate chain corresponding to the attestation.
    google_card_certs Sequence[str]
    Google card certificate chain corresponding to the attestation.
    google_partition_certs Sequence[str]
    Google partition certificate chain corresponding to the attestation.
    caviumCerts List<String>
    Cavium certificate chain corresponding to the attestation.
    googleCardCerts List<String>
    Google card certificate chain corresponding to the attestation.
    googlePartitionCerts List<String>
    Google partition certificate chain corresponding to the attestation.

    CryptoKeyVersionResponse

    Algorithm string
    The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
    Attestation Pulumi.GoogleNative.Cloudkms.V1.Inputs.KeyOperationAttestationResponse
    Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
    CreateTime string
    The time at which this CryptoKeyVersion was created.
    DestroyEventTime string
    The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
    DestroyTime string
    The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
    ExternalDestructionFailureReason string
    The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
    ExternalProtectionLevelOptions Pulumi.GoogleNative.Cloudkms.V1.Inputs.ExternalProtectionLevelOptionsResponse
    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
    GenerateTime string
    The time this CryptoKeyVersion's key material was generated.
    GenerationFailureReason string
    The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
    ImportFailureReason string
    The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
    ImportJob string
    The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
    ImportTime string
    The time at which this CryptoKeyVersion's key material was most recently imported.
    Name string
    The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.
    ProtectionLevel string
    The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
    ReimportEligible bool
    Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
    State string
    The current state of the CryptoKeyVersion.
    Algorithm string
    The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
    Attestation KeyOperationAttestationResponse
    Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
    CreateTime string
    The time at which this CryptoKeyVersion was created.
    DestroyEventTime string
    The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
    DestroyTime string
    The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
    ExternalDestructionFailureReason string
    The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
    ExternalProtectionLevelOptions ExternalProtectionLevelOptionsResponse
    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
    GenerateTime string
    The time this CryptoKeyVersion's key material was generated.
    GenerationFailureReason string
    The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
    ImportFailureReason string
    The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
    ImportJob string
    The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
    ImportTime string
    The time at which this CryptoKeyVersion's key material was most recently imported.
    Name string
    The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.
    ProtectionLevel string
    The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
    ReimportEligible bool
    Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
    State string
    The current state of the CryptoKeyVersion.
    algorithm String
    The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
    attestation KeyOperationAttestationResponse
    Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
    createTime String
    The time at which this CryptoKeyVersion was created.
    destroyEventTime String
    The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
    destroyTime String
    The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
    externalDestructionFailureReason String
    The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
    externalProtectionLevelOptions ExternalProtectionLevelOptionsResponse
    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
    generateTime String
    The time this CryptoKeyVersion's key material was generated.
    generationFailureReason String
    The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
    importFailureReason String
    The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
    importJob String
    The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
    importTime String
    The time at which this CryptoKeyVersion's key material was most recently imported.
    name String
    The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.
    protectionLevel String
    The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
    reimportEligible Boolean
    Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
    state String
    The current state of the CryptoKeyVersion.
    algorithm string
    The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
    attestation KeyOperationAttestationResponse
    Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
    createTime string
    The time at which this CryptoKeyVersion was created.
    destroyEventTime string
    The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
    destroyTime string
    The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
    externalDestructionFailureReason string
    The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
    externalProtectionLevelOptions ExternalProtectionLevelOptionsResponse
    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
    generateTime string
    The time this CryptoKeyVersion's key material was generated.
    generationFailureReason string
    The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
    importFailureReason string
    The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
    importJob string
    The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
    importTime string
    The time at which this CryptoKeyVersion's key material was most recently imported.
    name string
    The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.
    protectionLevel string
    The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
    reimportEligible boolean
    Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
    state string
    The current state of the CryptoKeyVersion.
    algorithm str
    The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
    attestation KeyOperationAttestationResponse
    Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
    create_time str
    The time at which this CryptoKeyVersion was created.
    destroy_event_time str
    The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
    destroy_time str
    The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
    external_destruction_failure_reason str
    The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
    external_protection_level_options ExternalProtectionLevelOptionsResponse
    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
    generate_time str
    The time this CryptoKeyVersion's key material was generated.
    generation_failure_reason str
    The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
    import_failure_reason str
    The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
    import_job str
    The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
    import_time str
    The time at which this CryptoKeyVersion's key material was most recently imported.
    name str
    The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.
    protection_level str
    The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
    reimport_eligible bool
    Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
    state str
    The current state of the CryptoKeyVersion.
    algorithm String
    The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
    attestation Property Map
    Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
    createTime String
    The time at which this CryptoKeyVersion was created.
    destroyEventTime String
    The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
    destroyTime String
    The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
    externalDestructionFailureReason String
    The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
    externalProtectionLevelOptions Property Map
    ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
    generateTime String
    The time this CryptoKeyVersion's key material was generated.
    generationFailureReason String
    The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
    importFailureReason String
    The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
    importJob String
    The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
    importTime String
    The time at which this CryptoKeyVersion's key material was most recently imported.
    name String
    The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.
    protectionLevel String
    The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
    reimportEligible Boolean
    Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
    state String
    The current state of the CryptoKeyVersion.

    CryptoKeyVersionTemplateResponse

    Algorithm string
    Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
    ProtectionLevel string
    ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
    Algorithm string
    Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
    ProtectionLevel string
    ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
    algorithm String
    Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
    protectionLevel String
    ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
    algorithm string
    Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
    protectionLevel string
    ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
    algorithm str
    Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
    protection_level str
    ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
    algorithm String
    Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
    protectionLevel String
    ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.

    ExternalProtectionLevelOptionsResponse

    EkmConnectionKeyPath string
    The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
    ExternalKeyUri string
    The URI for an external resource that this CryptoKeyVersion represents.
    EkmConnectionKeyPath string
    The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
    ExternalKeyUri string
    The URI for an external resource that this CryptoKeyVersion represents.
    ekmConnectionKeyPath String
    The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
    externalKeyUri String
    The URI for an external resource that this CryptoKeyVersion represents.
    ekmConnectionKeyPath string
    The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
    externalKeyUri string
    The URI for an external resource that this CryptoKeyVersion represents.
    ekm_connection_key_path str
    The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
    external_key_uri str
    The URI for an external resource that this CryptoKeyVersion represents.
    ekmConnectionKeyPath String
    The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
    externalKeyUri String
    The URI for an external resource that this CryptoKeyVersion represents.

    KeyOperationAttestationResponse

    CertChains Pulumi.GoogleNative.Cloudkms.V1.Inputs.CertificateChainsResponse
    The certificate chains needed to validate the attestation
    Content string
    The attestation data provided by the HSM when the key operation was performed.
    Format string
    The format of the attestation data.
    CertChains CertificateChainsResponse
    The certificate chains needed to validate the attestation
    Content string
    The attestation data provided by the HSM when the key operation was performed.
    Format string
    The format of the attestation data.
    certChains CertificateChainsResponse
    The certificate chains needed to validate the attestation
    content String
    The attestation data provided by the HSM when the key operation was performed.
    format String
    The format of the attestation data.
    certChains CertificateChainsResponse
    The certificate chains needed to validate the attestation
    content string
    The attestation data provided by the HSM when the key operation was performed.
    format string
    The format of the attestation data.
    cert_chains CertificateChainsResponse
    The certificate chains needed to validate the attestation
    content str
    The attestation data provided by the HSM when the key operation was performed.
    format str
    The format of the attestation data.
    certChains Property Map
    The certificate chains needed to validate the attestation
    content String
    The attestation data provided by the HSM when the key operation was performed.
    format String
    The format of the attestation data.

    Package Details

    Repository
    Google Cloud Native pulumi/pulumi-google-native
    License
    Apache-2.0
    google-native logo

    Google Cloud Native is in preview. Google Cloud Classic is fully supported.

    Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi