google-native.cloudkms/v1.getCryptoKey
Returns metadata for a given CryptoKey, as well as its primary CryptoKeyVersion.
Using getCryptoKey
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getCryptoKey(args: GetCryptoKeyArgs, opts?: InvokeOptions): Promise<GetCryptoKeyResult>
function getCryptoKeyOutput(args: GetCryptoKeyOutputArgs, opts?: InvokeOptions): Output<GetCryptoKeyResult>def get_crypto_key(crypto_key_id: Optional[str] = None,
key_ring_id: Optional[str] = None,
location: Optional[str] = None,
project: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetCryptoKeyResult
def get_crypto_key_output(crypto_key_id: Optional[pulumi.Input[str]] = None,
key_ring_id: Optional[pulumi.Input[str]] = None,
location: Optional[pulumi.Input[str]] = None,
project: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetCryptoKeyResult]func LookupCryptoKey(ctx *Context, args *LookupCryptoKeyArgs, opts ...InvokeOption) (*LookupCryptoKeyResult, error)
func LookupCryptoKeyOutput(ctx *Context, args *LookupCryptoKeyOutputArgs, opts ...InvokeOption) LookupCryptoKeyResultOutput> Note: This function is named LookupCryptoKey in the Go SDK.
public static class GetCryptoKey
{
public static Task<GetCryptoKeyResult> InvokeAsync(GetCryptoKeyArgs args, InvokeOptions? opts = null)
public static Output<GetCryptoKeyResult> Invoke(GetCryptoKeyInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetCryptoKeyResult> getCryptoKey(GetCryptoKeyArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: google-native:cloudkms/v1:getCryptoKey
arguments:
# arguments dictionaryThe following arguments are supported:
- Crypto
Key stringId - Key
Ring stringId - Location string
- Project string
- Crypto
Key stringId - Key
Ring stringId - Location string
- Project string
- crypto
Key StringId - key
Ring StringId - location String
- project String
- crypto
Key stringId - key
Ring stringId - location string
- project string
- crypto_
key_ strid - key_
ring_ strid - location str
- project str
- crypto
Key StringId - key
Ring StringId - location String
- project String
getCryptoKey Result
The following output properties are available:
- Create
Time string The time at which this CryptoKey was created.
- Crypto
Key stringBackend Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format
projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.- Destroy
Scheduled stringDuration Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
- Import
Only bool Immutable. Whether this key may contain imported versions only.
- Labels Dictionary<string, string>
Labels with user-defined metadata. For more information, see Labeling Keys.
- Name string
The resource name for this CryptoKey in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*.- Next
Rotation stringTime At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
- Primary
Pulumi.
Google Native. Cloudkms. V1. Outputs. Crypto Key Version Response A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.
- Purpose string
Immutable. The immutable purpose of this CryptoKey.
- Rotation
Period string next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
- Version
Template Pulumi.Google Native. Cloudkms. V1. Outputs. Crypto Key Version Template Response A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.
- Create
Time string The time at which this CryptoKey was created.
- Crypto
Key stringBackend Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format
projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.- Destroy
Scheduled stringDuration Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
- Import
Only bool Immutable. Whether this key may contain imported versions only.
- Labels map[string]string
Labels with user-defined metadata. For more information, see Labeling Keys.
- Name string
The resource name for this CryptoKey in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*.- Next
Rotation stringTime At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
- Primary
Crypto
Key Version Response A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.
- Purpose string
Immutable. The immutable purpose of this CryptoKey.
- Rotation
Period string next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
- Version
Template CryptoKey Version Template Response A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.
- create
Time String The time at which this CryptoKey was created.
- crypto
Key StringBackend Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format
projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.- destroy
Scheduled StringDuration Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
- import
Only Boolean Immutable. Whether this key may contain imported versions only.
- labels Map<String,String>
Labels with user-defined metadata. For more information, see Labeling Keys.
- name String
The resource name for this CryptoKey in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*.- next
Rotation StringTime At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
- primary
Crypto
Key Version Response A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.
- purpose String
Immutable. The immutable purpose of this CryptoKey.
- rotation
Period String next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
- version
Template CryptoKey Version Template Response A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.
- create
Time string The time at which this CryptoKey was created.
- crypto
Key stringBackend Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format
projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.- destroy
Scheduled stringDuration Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
- import
Only boolean Immutable. Whether this key may contain imported versions only.
- labels {[key: string]: string}
Labels with user-defined metadata. For more information, see Labeling Keys.
- name string
The resource name for this CryptoKey in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*.- next
Rotation stringTime At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
- primary
Crypto
Key Version Response A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.
- purpose string
Immutable. The immutable purpose of this CryptoKey.
- rotation
Period string next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
- version
Template CryptoKey Version Template Response A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.
- create_
time str The time at which this CryptoKey was created.
- crypto_
key_ strbackend Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format
projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.- destroy_
scheduled_ strduration Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
- import_
only bool Immutable. Whether this key may contain imported versions only.
- labels Mapping[str, str]
Labels with user-defined metadata. For more information, see Labeling Keys.
- name str
The resource name for this CryptoKey in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*.- next_
rotation_ strtime At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
- primary
Crypto
Key Version Response A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.
- purpose str
Immutable. The immutable purpose of this CryptoKey.
- rotation_
period str next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
- version_
template CryptoKey Version Template Response A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.
- create
Time String The time at which this CryptoKey was created.
- crypto
Key StringBackend Immutable. The resource name of the backend environment where the key material for all CryptoKeyVersions associated with this CryptoKey reside and where all related cryptographic operations are performed. Only applicable if CryptoKeyVersions have a ProtectionLevel of EXTERNAL_VPC, with the resource name in the format
projects/*/locations/*/ekmConnections/*. Note, this list is non-exhaustive and may apply to additional ProtectionLevels in the future.- destroy
Scheduled StringDuration Immutable. The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. If not specified at creation time, the default duration is 24 hours.
- import
Only Boolean Immutable. Whether this key may contain imported versions only.
- labels Map<String>
Labels with user-defined metadata. For more information, see Labeling Keys.
- name String
The resource name for this CryptoKey in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*.- next
Rotation StringTime At next_rotation_time, the Key Management Service will automatically: 1. Create a new version of this CryptoKey. 2. Mark the new version as primary. Key rotations performed manually via CreateCryptoKeyVersion and UpdateCryptoKeyPrimaryVersion do not affect next_rotation_time. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
- primary Property Map
A copy of the "primary" CryptoKeyVersion that will be used by Encrypt when this CryptoKey is given in EncryptRequest.name. The CryptoKey's primary version can be updated via UpdateCryptoKeyPrimaryVersion. Keys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be omitted.
- purpose String
Immutable. The immutable purpose of this CryptoKey.
- rotation
Period String next_rotation_time will be advanced by this period when the service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. If rotation_period is set, next_rotation_time must also be set. Keys with purpose ENCRYPT_DECRYPT support automatic rotation. For other keys, this field must be omitted.
- version
Template Property Map A template describing settings for new CryptoKeyVersion instances. The properties of new CryptoKeyVersion instances created by either CreateCryptoKeyVersion or auto-rotation are controlled by this template.
Supporting Types
CertificateChainsResponse
- Cavium
Certs List<string> Cavium certificate chain corresponding to the attestation.
- Google
Card List<string>Certs Google card certificate chain corresponding to the attestation.
- Google
Partition List<string>Certs Google partition certificate chain corresponding to the attestation.
- Cavium
Certs []string Cavium certificate chain corresponding to the attestation.
- Google
Card []stringCerts Google card certificate chain corresponding to the attestation.
- Google
Partition []stringCerts Google partition certificate chain corresponding to the attestation.
- cavium
Certs List<String> Cavium certificate chain corresponding to the attestation.
- google
Card List<String>Certs Google card certificate chain corresponding to the attestation.
- google
Partition List<String>Certs Google partition certificate chain corresponding to the attestation.
- cavium
Certs string[] Cavium certificate chain corresponding to the attestation.
- google
Card string[]Certs Google card certificate chain corresponding to the attestation.
- google
Partition string[]Certs Google partition certificate chain corresponding to the attestation.
- cavium_
certs Sequence[str] Cavium certificate chain corresponding to the attestation.
- google_
card_ Sequence[str]certs Google card certificate chain corresponding to the attestation.
- google_
partition_ Sequence[str]certs Google partition certificate chain corresponding to the attestation.
- cavium
Certs List<String> Cavium certificate chain corresponding to the attestation.
- google
Card List<String>Certs Google card certificate chain corresponding to the attestation.
- google
Partition List<String>Certs Google partition certificate chain corresponding to the attestation.
CryptoKeyVersionResponse
- Algorithm string
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- Attestation
Pulumi.
Google Native. Cloudkms. V1. Inputs. Key Operation Attestation Response Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
- Create
Time string The time at which this CryptoKeyVersion was created.
- Destroy
Event stringTime The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
- Destroy
Time string The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
- External
Protection Pulumi.Level Options Google Native. Cloudkms. V1. Inputs. External Protection Level Options Response ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
- Generate
Time string The time this CryptoKeyVersion's key material was generated.
- Import
Failure stringReason The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
- Import
Job string The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
- Import
Time string The time at which this CryptoKeyVersion's key material was most recently imported.
- Name string
The resource name for this CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.- Protection
Level string The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- Reimport
Eligible bool Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
- State string
The current state of the CryptoKeyVersion.
- Algorithm string
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- Attestation
Key
Operation Attestation Response Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
- Create
Time string The time at which this CryptoKeyVersion was created.
- Destroy
Event stringTime The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
- Destroy
Time string The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
- External
Protection ExternalLevel Options Protection Level Options Response ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
- Generate
Time string The time this CryptoKeyVersion's key material was generated.
- Import
Failure stringReason The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
- Import
Job string The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
- Import
Time string The time at which this CryptoKeyVersion's key material was most recently imported.
- Name string
The resource name for this CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.- Protection
Level string The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- Reimport
Eligible bool Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
- State string
The current state of the CryptoKeyVersion.
- algorithm String
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- attestation
Key
Operation Attestation Response Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
- create
Time String The time at which this CryptoKeyVersion was created.
- destroy
Event StringTime The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
- destroy
Time String The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
- external
Protection ExternalLevel Options Protection Level Options Response ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
- generate
Time String The time this CryptoKeyVersion's key material was generated.
- import
Failure StringReason The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
- import
Job String The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
- import
Time String The time at which this CryptoKeyVersion's key material was most recently imported.
- name String
The resource name for this CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.- protection
Level String The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- reimport
Eligible Boolean Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
- state String
The current state of the CryptoKeyVersion.
- algorithm string
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- attestation
Key
Operation Attestation Response Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
- create
Time string The time at which this CryptoKeyVersion was created.
- destroy
Event stringTime The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
- destroy
Time string The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
- external
Protection ExternalLevel Options Protection Level Options Response ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
- generate
Time string The time this CryptoKeyVersion's key material was generated.
- import
Failure stringReason The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
- import
Job string The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
- import
Time string The time at which this CryptoKeyVersion's key material was most recently imported.
- name string
The resource name for this CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.- protection
Level string The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- reimport
Eligible boolean Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
- state string
The current state of the CryptoKeyVersion.
- algorithm str
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- attestation
Key
Operation Attestation Response Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
- create_
time str The time at which this CryptoKeyVersion was created.
- destroy_
event_ strtime The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
- destroy_
time str The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
- external_
protection_ Externallevel_ options Protection Level Options Response ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
- generate_
time str The time this CryptoKeyVersion's key material was generated.
- import_
failure_ strreason The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
- import_
job str The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
- import_
time str The time at which this CryptoKeyVersion's key material was most recently imported.
- name str
The resource name for this CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.- protection_
level str The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- reimport_
eligible bool Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
- state str
The current state of the CryptoKeyVersion.
- algorithm String
The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
- attestation Property Map
Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
- create
Time String The time at which this CryptoKeyVersion was created.
- destroy
Event StringTime The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
- destroy
Time String The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
- external
Protection Property MapLevel Options ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
- generate
Time String The time this CryptoKeyVersion's key material was generated.
- import
Failure StringReason The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
- import
Job String The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
- import
Time String The time at which this CryptoKeyVersion's key material was most recently imported.
- name String
The resource name for this CryptoKeyVersion in the format
projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.- protection
Level String The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
- reimport
Eligible Boolean Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.
- state String
The current state of the CryptoKeyVersion.
CryptoKeyVersionTemplateResponse
- Algorithm string
Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
- Protection
Level string ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
- Algorithm string
Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
- Protection
Level string ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
- algorithm String
Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
- protection
Level String ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
- algorithm string
Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
- protection
Level string ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
- algorithm str
Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
- protection_
level str ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
- algorithm String
Algorithm to use when creating a CryptoKeyVersion based on this template. For backwards compatibility, GOOGLE_SYMMETRIC_ENCRYPTION is implied if both this field is omitted and CryptoKey.purpose is ENCRYPT_DECRYPT.
- protection
Level String ProtectionLevel to use when creating a CryptoKeyVersion based on this template. Immutable. Defaults to SOFTWARE.
ExternalProtectionLevelOptionsResponse
- Ekm
Connection stringKey Path The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- External
Key stringUri The URI for an external resource that this CryptoKeyVersion represents.
- Ekm
Connection stringKey Path The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- External
Key stringUri The URI for an external resource that this CryptoKeyVersion represents.
- ekm
Connection StringKey Path The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- external
Key StringUri The URI for an external resource that this CryptoKeyVersion represents.
- ekm
Connection stringKey Path The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- external
Key stringUri The URI for an external resource that this CryptoKeyVersion represents.
- ekm_
connection_ strkey_ path The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- external_
key_ struri The URI for an external resource that this CryptoKeyVersion represents.
- ekm
Connection StringKey Path The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
- external
Key StringUri The URI for an external resource that this CryptoKeyVersion represents.
KeyOperationAttestationResponse
- Cert
Chains Pulumi.Google Native. Cloudkms. V1. Inputs. Certificate Chains Response The certificate chains needed to validate the attestation
- Content string
The attestation data provided by the HSM when the key operation was performed.
- Format string
The format of the attestation data.
- Cert
Chains CertificateChains Response The certificate chains needed to validate the attestation
- Content string
The attestation data provided by the HSM when the key operation was performed.
- Format string
The format of the attestation data.
- cert
Chains CertificateChains Response The certificate chains needed to validate the attestation
- content String
The attestation data provided by the HSM when the key operation was performed.
- format String
The format of the attestation data.
- cert
Chains CertificateChains Response The certificate chains needed to validate the attestation
- content string
The attestation data provided by the HSM when the key operation was performed.
- format string
The format of the attestation data.
- cert_
chains CertificateChains Response The certificate chains needed to validate the attestation
- content str
The attestation data provided by the HSM when the key operation was performed.
- format str
The format of the attestation data.
- cert
Chains Property Map The certificate chains needed to validate the attestation
- content String
The attestation data provided by the HSM when the key operation was performed.
- format String
The format of the attestation data.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0