ibm 1.80.0-beta0, Jun 24 25

ibm 1.80.0-beta0 published on Tuesday, Jun 24, 2025 by ibm-cloud

ibm.DlGatewayMacsecCak

Explore with Pulumi AI

ibm 1.80.0-beta0 published on Tuesday, Jun 24, 2025 by ibm-cloud

Create/Update/Delete a CAK associated with the MACsec configuration of a direct link. A connectivity association key (CAK) used in the MACsec Key Agreement (MKA) protocol. MACsec CAKs consist of both a name and key. The CAK’s name must be a hexadecimal string of even lengths between 2 to 64 inclusive. The CAK’s key must be a Hyper Protect Crypto Service Standard Key type=standard with key material a hexadecimal string exactly 64 characters in length.

For more information, about IBM Cloud Direct Link, see getting started with IBM Cloud Direct Link.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const test = new ibm.DlGatewayMacsecCak("test", {
    gateway: "0a06fb9b-820f-4c44-8a31-77f1f0806d28",
    keys: [{
        crn: "crn:v1:bluemix:public:hs-crypto:us-south:a/4111d05f36894e3cb9b46a43556d9000:abc111b8-37aa-4034-9def-f2607c87aaaa:key:bbb222bc-430a-4de9-9aad-84e5bb022222",
    }],
    session: "fallback",
});

import pulumi
import pulumi_ibm as ibm

test = ibm.DlGatewayMacsecCak("test",
    gateway="0a06fb9b-820f-4c44-8a31-77f1f0806d28",
    keys=[{
        "crn": "crn:v1:bluemix:public:hs-crypto:us-south:a/4111d05f36894e3cb9b46a43556d9000:abc111b8-37aa-4034-9def-f2607c87aaaa:key:bbb222bc-430a-4de9-9aad-84e5bb022222",
    }],
    session="fallback")

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ibm.NewDlGatewayMacsecCak(ctx, "test", &ibm.DlGatewayMacsecCakArgs{
			Gateway: pulumi.String("0a06fb9b-820f-4c44-8a31-77f1f0806d28"),
			Keys: ibm.DlGatewayMacsecCakKeyArray{
				&ibm.DlGatewayMacsecCakKeyArgs{
					Crn: pulumi.String("crn:v1:bluemix:public:hs-crypto:us-south:a/4111d05f36894e3cb9b46a43556d9000:abc111b8-37aa-4034-9def-f2607c87aaaa:key:bbb222bc-430a-4de9-9aad-84e5bb022222"),
				},
			},
			Session: pulumi.String("fallback"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var test = new Ibm.DlGatewayMacsecCak("test", new()
    {
        Gateway = "0a06fb9b-820f-4c44-8a31-77f1f0806d28",
        Keys = new[]
        {
            new Ibm.Inputs.DlGatewayMacsecCakKeyArgs
            {
                Crn = "crn:v1:bluemix:public:hs-crypto:us-south:a/4111d05f36894e3cb9b46a43556d9000:abc111b8-37aa-4034-9def-f2607c87aaaa:key:bbb222bc-430a-4de9-9aad-84e5bb022222",
            },
        },
        Session = "fallback",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.DlGatewayMacsecCak;
import com.pulumi.ibm.DlGatewayMacsecCakArgs;
import com.pulumi.ibm.inputs.DlGatewayMacsecCakKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var test = new DlGatewayMacsecCak("test", DlGatewayMacsecCakArgs.builder()
            .gateway("0a06fb9b-820f-4c44-8a31-77f1f0806d28")
            .keys(DlGatewayMacsecCakKeyArgs.builder()
                .crn("crn:v1:bluemix:public:hs-crypto:us-south:a/4111d05f36894e3cb9b46a43556d9000:abc111b8-37aa-4034-9def-f2607c87aaaa:key:bbb222bc-430a-4de9-9aad-84e5bb022222")
                .build())
            .session("fallback")
            .build());

    }
}

resources:
  test:
    type: ibm:DlGatewayMacsecCak
    properties:
      gateway: 0a06fb9b-820f-4c44-8a31-77f1f0806d28
      keys:
        - crn: crn:v1:bluemix:public:hs-crypto:us-south:a/4111d05f36894e3cb9b46a43556d9000:abc111b8-37aa-4034-9def-f2607c87aaaa:key:bbb222bc-430a-4de9-9aad-84e5bb022222
      session: fallback

Create DlGatewayMacsecCak Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new DlGatewayMacsecCak(name: string, args: DlGatewayMacsecCakArgs, opts?: CustomResourceOptions);

@overload
def DlGatewayMacsecCak(resource_name: str,
                       args: DlGatewayMacsecCakArgs,
                       opts: Optional[ResourceOptions] = None)

@overload
def DlGatewayMacsecCak(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       gateway: Optional[str] = None,
                       keys: Optional[Sequence[DlGatewayMacsecCakKeyArgs]] = None,
                       session: Optional[str] = None,
                       dl_gateway_macsec_cak_id: Optional[str] = None,
                       name: Optional[str] = None)

func NewDlGatewayMacsecCak(ctx *Context, name string, args DlGatewayMacsecCakArgs, opts ...ResourceOption) (*DlGatewayMacsecCak, error)

public DlGatewayMacsecCak(string name, DlGatewayMacsecCakArgs args, CustomResourceOptions? opts = null)

public DlGatewayMacsecCak(String name, DlGatewayMacsecCakArgs args)
public DlGatewayMacsecCak(String name, DlGatewayMacsecCakArgs args, CustomResourceOptions options)

type: ibm:DlGatewayMacsecCak
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args DlGatewayMacsecCakArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args DlGatewayMacsecCakArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args DlGatewayMacsecCakArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args DlGatewayMacsecCakArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args DlGatewayMacsecCakArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var dlGatewayMacsecCakResource = new Ibm.DlGatewayMacsecCak("dlGatewayMacsecCakResource", new()
{
    Gateway = "string",
    Keys = new[]
    {
        new Ibm.Inputs.DlGatewayMacsecCakKeyArgs
        {
            Crn = "string",
        },
    },
    Session = "string",
    DlGatewayMacsecCakId = "string",
    Name = "string",
});

example, err := ibm.NewDlGatewayMacsecCak(ctx, "dlGatewayMacsecCakResource", &ibm.DlGatewayMacsecCakArgs{
	Gateway: pulumi.String("string"),
	Keys: ibm.DlGatewayMacsecCakKeyArray{
		&ibm.DlGatewayMacsecCakKeyArgs{
			Crn: pulumi.String("string"),
		},
	},
	Session:              pulumi.String("string"),
	DlGatewayMacsecCakId: pulumi.String("string"),
	Name:                 pulumi.String("string"),
})

var dlGatewayMacsecCakResource = new DlGatewayMacsecCak("dlGatewayMacsecCakResource", DlGatewayMacsecCakArgs.builder()
    .gateway("string")
    .keys(DlGatewayMacsecCakKeyArgs.builder()
        .crn("string")
        .build())
    .session("string")
    .dlGatewayMacsecCakId("string")
    .name("string")
    .build());

dl_gateway_macsec_cak_resource = ibm.DlGatewayMacsecCak("dlGatewayMacsecCakResource",
    gateway="string",
    keys=[{
        "crn": "string",
    }],
    session="string",
    dl_gateway_macsec_cak_id="string",
    name="string")

const dlGatewayMacsecCakResource = new ibm.DlGatewayMacsecCak("dlGatewayMacsecCakResource", {
    gateway: "string",
    keys: [{
        crn: "string",
    }],
    session: "string",
    dlGatewayMacsecCakId: "string",
    name: "string",
});

type: ibm:DlGatewayMacsecCak
properties:
    dlGatewayMacsecCakId: string
    gateway: string
    keys:
        - crn: string
    name: string
    session: string

DlGatewayMacsecCak Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The DlGatewayMacsecCak resource accepts the following input properties:

Gateway string: Direct Link gateway identifier.
Keys List<DlGatewayMacsecCakKey>: A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:
Session string: The intended session the key will be used to secure. If the primary MACsec session fails due to a key/key name mismatch on the peers, the fallback session can take over. There must be a primary session CAK. A fallback CAK is optional
DlGatewayMacsecCakId string
Name string: The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.

Gateway string: Direct Link gateway identifier.
Keys []DlGatewayMacsecCakKeyArgs: A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:
Session string: The intended session the key will be used to secure. If the primary MACsec session fails due to a key/key name mismatch on the peers, the fallback session can take over. There must be a primary session CAK. A fallback CAK is optional
DlGatewayMacsecCakId string
Name string: The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.

gateway String: Direct Link gateway identifier.
keys List<DlGatewayMacsecCakKey>: A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:
session String: The intended session the key will be used to secure. If the primary MACsec session fails due to a key/key name mismatch on the peers, the fallback session can take over. There must be a primary session CAK. A fallback CAK is optional
dlGatewayMacsecCakId String
name String: The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.

gateway string: Direct Link gateway identifier.
keys DlGatewayMacsecCakKey[]: A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:
session string: The intended session the key will be used to secure. If the primary MACsec session fails due to a key/key name mismatch on the peers, the fallback session can take over. There must be a primary session CAK. A fallback CAK is optional
dlGatewayMacsecCakId string
name string: The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.

gateway str: Direct Link gateway identifier.
keys Sequence[DlGatewayMacsecCakKeyArgs]: A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:
session str: The intended session the key will be used to secure. If the primary MACsec session fails due to a key/key name mismatch on the peers, the fallback session can take over. There must be a primary session CAK. A fallback CAK is optional
dl_gateway_macsec_cak_id str
name str: The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.

gateway String: Direct Link gateway identifier.
keys List<Property Map>: A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:
session String: The intended session the key will be used to secure. If the primary MACsec session fails due to a key/key name mismatch on the peers, the fallback session can take over. There must be a primary session CAK. A fallback CAK is optional
dlGatewayMacsecCakId String
name String: The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.

Outputs

All input properties are implicitly available as output properties. Additionally, the DlGatewayMacsecCak resource produces the following output properties:

CakId string: CAK ID
Caks List<DlGatewayMacsecCakCak>: Determines how SAK rekeying occurs.
Id string: The provider-assigned unique ID for this managed resource.

CakId string: CAK ID
Caks []DlGatewayMacsecCakCak: Determines how SAK rekeying occurs.
Id string: The provider-assigned unique ID for this managed resource.

cakId String: CAK ID
caks List<DlGatewayMacsecCakCak>: Determines how SAK rekeying occurs.
id String: The provider-assigned unique ID for this managed resource.

cakId string: CAK ID
caks DlGatewayMacsecCakCak[]: Determines how SAK rekeying occurs.
id string: The provider-assigned unique ID for this managed resource.

cak_id str: CAK ID
caks Sequence[DlGatewayMacsecCakCak]: Determines how SAK rekeying occurs.
id str: The provider-assigned unique ID for this managed resource.

cakId String: CAK ID
caks List<Property Map>: Determines how SAK rekeying occurs.
id String: The provider-assigned unique ID for this managed resource.

Look up Existing DlGatewayMacsecCak Resource

Get an existing DlGatewayMacsecCak resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: DlGatewayMacsecCakState, opts?: CustomResourceOptions): DlGatewayMacsecCak

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        cak_id: Optional[str] = None,
        caks: Optional[Sequence[DlGatewayMacsecCakCakArgs]] = None,
        dl_gateway_macsec_cak_id: Optional[str] = None,
        gateway: Optional[str] = None,
        keys: Optional[Sequence[DlGatewayMacsecCakKeyArgs]] = None,
        name: Optional[str] = None,
        session: Optional[str] = None) -> DlGatewayMacsecCak

func GetDlGatewayMacsecCak(ctx *Context, name string, id IDInput, state *DlGatewayMacsecCakState, opts ...ResourceOption) (*DlGatewayMacsecCak, error)

public static DlGatewayMacsecCak Get(string name, Input<string> id, DlGatewayMacsecCakState? state, CustomResourceOptions? opts = null)

public static DlGatewayMacsecCak get(String name, Output<String> id, DlGatewayMacsecCakState state, CustomResourceOptions options)

resources:  _:    type: ibm:DlGatewayMacsecCak    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

CakId string: CAK ID
Caks List<DlGatewayMacsecCakCak>: Determines how SAK rekeying occurs.
DlGatewayMacsecCakId string
Gateway string: Direct Link gateway identifier.
Keys List<DlGatewayMacsecCakKey>: A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:
Name string: The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.
Session string: The intended session the key will be used to secure. If the primary MACsec session fails due to a key/key name mismatch on the peers, the fallback session can take over. There must be a primary session CAK. A fallback CAK is optional

CakId string: CAK ID
Caks []DlGatewayMacsecCakCakArgs: Determines how SAK rekeying occurs.
DlGatewayMacsecCakId string
Gateway string: Direct Link gateway identifier.
Keys []DlGatewayMacsecCakKeyArgs: A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:
Name string: The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.
Session string: The intended session the key will be used to secure. If the primary MACsec session fails due to a key/key name mismatch on the peers, the fallback session can take over. There must be a primary session CAK. A fallback CAK is optional

cakId String: CAK ID
caks List<DlGatewayMacsecCakCak>: Determines how SAK rekeying occurs.
dlGatewayMacsecCakId String
gateway String: Direct Link gateway identifier.
keys List<DlGatewayMacsecCakKey>: A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:
name String: The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.
session String: The intended session the key will be used to secure. If the primary MACsec session fails due to a key/key name mismatch on the peers, the fallback session can take over. There must be a primary session CAK. A fallback CAK is optional

cakId string: CAK ID
caks DlGatewayMacsecCakCak[]: Determines how SAK rekeying occurs.
dlGatewayMacsecCakId string
gateway string: Direct Link gateway identifier.
keys DlGatewayMacsecCakKey[]: A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:
name string: The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.
session string: The intended session the key will be used to secure. If the primary MACsec session fails due to a key/key name mismatch on the peers, the fallback session can take over. There must be a primary session CAK. A fallback CAK is optional

cak_id str: CAK ID
caks Sequence[DlGatewayMacsecCakCakArgs]: Determines how SAK rekeying occurs.
dl_gateway_macsec_cak_id str
gateway str: Direct Link gateway identifier.
keys Sequence[DlGatewayMacsecCakKeyArgs]: A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:
name str: The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.
session str: The intended session the key will be used to secure. If the primary MACsec session fails due to a key/key name mismatch on the peers, the fallback session can take over. There must be a primary session CAK. A fallback CAK is optional

cakId String: CAK ID
caks List<Property Map>: Determines how SAK rekeying occurs.
dlGatewayMacsecCakId String
gateway String: Direct Link gateway identifier.
keys List<Property Map>: A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:
name String: The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.
session String: The intended session the key will be used to secure. If the primary MACsec session fails due to a key/key name mismatch on the peers, the fallback session can take over. There must be a primary session CAK. A fallback CAK is optional

Supporting Types

DlGatewayMacsecCakCak, DlGatewayMacsecCakCakArgs

ActiveDeltas List<DlGatewayMacsecCakCakActiveDelta>

(List) This field will be present when the status of the MACsec CAK is rotating or inactive. It may be present when the CAK status is failed. Nested schema for active_delta:

CakId string

CreatedAt string

(String) The date and time the resource was created.

Keys List<DlGatewayMacsecCakCakKey>

A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:

Name string

The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.

Session string

The intended session the key will be used to secure. If the primary MACsec session fails due to a key/key name mismatch on the peers, the fallback session can take over. There must be a primary session CAK. A fallback CAK is optional

Status string

(String) Current status of the CAK.

Status operational is returned when the CAK is configured - successfully.
Status rotating is returned during a key rotation. The CAK defined by active_delta is still configured on the device and could be securing the MACsec session. In the case of a primary CAK, the status will be rotating for a period of time while waiting for the MACsec session to be secured with the new CAK. After that time, the CAK will either enter active or inactive status.
Status active is returned when the CAK is configured successfully and is currently used to secure the MACsec session.
Status inactive is returned when the CAK is configured successfully, but is not currently used to secure the MACsec session. The CAK may enter rotating status, and ultimately the active status, if it is found to be used to secure the MACsec session. The CAK may never leave this status on its own (e.g. if there is a key/key name mismatch). You are allowed to patch the CAK in this state to start the rotation procedure again.
Status failed is returned when the CAK cannot be configured. To recover, first resolve any issues with your HPCS key, then patch this CAK with the same or new key. Alternatively, you can delete this CAK if used for the fallback session.

UpdatedAt string

(String) The date and time the resource was last updated.

ActiveDeltas []DlGatewayMacsecCakCakActiveDelta

(List) This field will be present when the status of the MACsec CAK is rotating or inactive. It may be present when the CAK status is failed. Nested schema for active_delta:

CakId string

CreatedAt string

(String) The date and time the resource was created.

Keys []DlGatewayMacsecCakCakKey

A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:

Name string

Session string

Status string

(String) Current status of the CAK.

Status operational is returned when the CAK is configured - successfully.
Status rotating is returned during a key rotation. The CAK defined by active_delta is still configured on the device and could be securing the MACsec session. In the case of a primary CAK, the status will be rotating for a period of time while waiting for the MACsec session to be secured with the new CAK. After that time, the CAK will either enter active or inactive status.
Status active is returned when the CAK is configured successfully and is currently used to secure the MACsec session.
Status inactive is returned when the CAK is configured successfully, but is not currently used to secure the MACsec session. The CAK may enter rotating status, and ultimately the active status, if it is found to be used to secure the MACsec session. The CAK may never leave this status on its own (e.g. if there is a key/key name mismatch). You are allowed to patch the CAK in this state to start the rotation procedure again.
Status failed is returned when the CAK cannot be configured. To recover, first resolve any issues with your HPCS key, then patch this CAK with the same or new key. Alternatively, you can delete this CAK if used for the fallback session.

UpdatedAt string

(String) The date and time the resource was last updated.

activeDeltas List<DlGatewayMacsecCakCakActiveDelta>

(List) This field will be present when the status of the MACsec CAK is rotating or inactive. It may be present when the CAK status is failed. Nested schema for active_delta:

cakId String

createdAt String

(String) The date and time the resource was created.

keys List<DlGatewayMacsecCakCakKey>

A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:

name String

session String

status String

(String) Current status of the CAK.

Status operational is returned when the CAK is configured - successfully.
Status rotating is returned during a key rotation. The CAK defined by active_delta is still configured on the device and could be securing the MACsec session. In the case of a primary CAK, the status will be rotating for a period of time while waiting for the MACsec session to be secured with the new CAK. After that time, the CAK will either enter active or inactive status.
Status active is returned when the CAK is configured successfully and is currently used to secure the MACsec session.
Status inactive is returned when the CAK is configured successfully, but is not currently used to secure the MACsec session. The CAK may enter rotating status, and ultimately the active status, if it is found to be used to secure the MACsec session. The CAK may never leave this status on its own (e.g. if there is a key/key name mismatch). You are allowed to patch the CAK in this state to start the rotation procedure again.
Status failed is returned when the CAK cannot be configured. To recover, first resolve any issues with your HPCS key, then patch this CAK with the same or new key. Alternatively, you can delete this CAK if used for the fallback session.

updatedAt String

(String) The date and time the resource was last updated.

activeDeltas DlGatewayMacsecCakCakActiveDelta[]

(List) This field will be present when the status of the MACsec CAK is rotating or inactive. It may be present when the CAK status is failed. Nested schema for active_delta:

cakId string

createdAt string

(String) The date and time the resource was created.

keys DlGatewayMacsecCakCakKey[]

A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:

name string

session string

status string

(String) Current status of the CAK.

Status operational is returned when the CAK is configured - successfully.
Status rotating is returned during a key rotation. The CAK defined by active_delta is still configured on the device and could be securing the MACsec session. In the case of a primary CAK, the status will be rotating for a period of time while waiting for the MACsec session to be secured with the new CAK. After that time, the CAK will either enter active or inactive status.
Status active is returned when the CAK is configured successfully and is currently used to secure the MACsec session.
Status inactive is returned when the CAK is configured successfully, but is not currently used to secure the MACsec session. The CAK may enter rotating status, and ultimately the active status, if it is found to be used to secure the MACsec session. The CAK may never leave this status on its own (e.g. if there is a key/key name mismatch). You are allowed to patch the CAK in this state to start the rotation procedure again.
Status failed is returned when the CAK cannot be configured. To recover, first resolve any issues with your HPCS key, then patch this CAK with the same or new key. Alternatively, you can delete this CAK if used for the fallback session.

updatedAt string

(String) The date and time the resource was last updated.

active_deltas Sequence[DlGatewayMacsecCakCakActiveDelta]

(List) This field will be present when the status of the MACsec CAK is rotating or inactive. It may be present when the CAK status is failed. Nested schema for active_delta:

cak_id str

created_at str

(String) The date and time the resource was created.

keys Sequence[DlGatewayMacsecCakCakKey]

A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:

name str

session str

status str

(String) Current status of the CAK.

Status operational is returned when the CAK is configured - successfully.
Status rotating is returned during a key rotation. The CAK defined by active_delta is still configured on the device and could be securing the MACsec session. In the case of a primary CAK, the status will be rotating for a period of time while waiting for the MACsec session to be secured with the new CAK. After that time, the CAK will either enter active or inactive status.
Status active is returned when the CAK is configured successfully and is currently used to secure the MACsec session.
Status inactive is returned when the CAK is configured successfully, but is not currently used to secure the MACsec session. The CAK may enter rotating status, and ultimately the active status, if it is found to be used to secure the MACsec session. The CAK may never leave this status on its own (e.g. if there is a key/key name mismatch). You are allowed to patch the CAK in this state to start the rotation procedure again.
Status failed is returned when the CAK cannot be configured. To recover, first resolve any issues with your HPCS key, then patch this CAK with the same or new key. Alternatively, you can delete this CAK if used for the fallback session.

updated_at str

(String) The date and time the resource was last updated.

activeDeltas List<Property Map>

(List) This field will be present when the status of the MACsec CAK is rotating or inactive. It may be present when the CAK status is failed. Nested schema for active_delta:

cakId String

createdAt String

(String) The date and time the resource was created.

keys List<Property Map>

A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:

name String

session String

status String

(String) Current status of the CAK.

Status operational is returned when the CAK is configured - successfully.
Status rotating is returned during a key rotation. The CAK defined by active_delta is still configured on the device and could be securing the MACsec session. In the case of a primary CAK, the status will be rotating for a period of time while waiting for the MACsec session to be secured with the new CAK. After that time, the CAK will either enter active or inactive status.
Status active is returned when the CAK is configured successfully and is currently used to secure the MACsec session.
Status inactive is returned when the CAK is configured successfully, but is not currently used to secure the MACsec session. The CAK may enter rotating status, and ultimately the active status, if it is found to be used to secure the MACsec session. The CAK may never leave this status on its own (e.g. if there is a key/key name mismatch). You are allowed to patch the CAK in this state to start the rotation procedure again.
Status failed is returned when the CAK cannot be configured. To recover, first resolve any issues with your HPCS key, then patch this CAK with the same or new key. Alternatively, you can delete this CAK if used for the fallback session.

updatedAt String

(String) The date and time the resource was last updated.

DlGatewayMacsecCakCakActiveDelta, DlGatewayMacsecCakCakActiveDeltaArgs

Keys List<DlGatewayMacsecCakCakActiveDeltaKey>: A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:
Name string: The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.

Keys []DlGatewayMacsecCakCakActiveDeltaKey: A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:
Name string: The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.

keys List<DlGatewayMacsecCakCakActiveDeltaKey>: A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:
name String: The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.

keys DlGatewayMacsecCakCakActiveDeltaKey[]: A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:
name string: The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.

keys Sequence[DlGatewayMacsecCakCakActiveDeltaKey]: A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:
name str: The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.

keys List<Property Map>: A reference to a Hyper Protect Crypto Service Standard Key. Nested schema for key:
name String: The name identifies the connectivity association key (CAK) within the MACsec key chain. The CAK's name must be a hexadecimal string of even lengths between 2 to 64 inclusive. This value, along with the material of the key, must match on the MACsec peers.

DlGatewayMacsecCakCakActiveDeltaKey, DlGatewayMacsecCakCakActiveDeltaKeyArgs

Crn string: The CRN of the referenced key.

Crn string: The CRN of the referenced key.

crn String: The CRN of the referenced key.

crn string: The CRN of the referenced key.

crn str: The CRN of the referenced key.

crn String: The CRN of the referenced key.

DlGatewayMacsecCakCakKey, DlGatewayMacsecCakCakKeyArgs

Crn string: The CRN of the referenced key.

Crn string: The CRN of the referenced key.

crn String: The CRN of the referenced key.

crn string: The CRN of the referenced key.

crn str: The CRN of the referenced key.

crn String: The CRN of the referenced key.

DlGatewayMacsecCakKey, DlGatewayMacsecCakKeyArgs

Crn string: The CRN of the referenced key.

Crn string: The CRN of the referenced key.

crn String: The CRN of the referenced key.

crn string: The CRN of the referenced key.

crn str: The CRN of the referenced key.

crn String: The CRN of the referenced key.

Package Details

Repository: ibm ibm-cloud/terraform-provider-ibm
License
Notes: This Pulumi package is based on the ibm Terraform Provider.

ibm 1.80.0-beta0 published on Tuesday, Jun 24, 2025 by ibm-cloud

ibm-cloud/terraform-provider-ibm

ibm.DlGatewayMacsecCak

On this page

On this page

Example Usage

Create DlGatewayMacsecCak Resource

Constructor syntax

Parameters

Constructor example

DlGatewayMacsecCak Resource Properties

Inputs

Outputs

Look up Existing DlGatewayMacsecCak Resource

Supporting Types

DlGatewayMacsecCakCak, DlGatewayMacsecCakCakArgs

DlGatewayMacsecCakCakActiveDelta, DlGatewayMacsecCakCakActiveDeltaArgs

DlGatewayMacsecCakCakActiveDeltaKey, DlGatewayMacsecCakCakActiveDeltaKeyArgs

DlGatewayMacsecCakCakKey, DlGatewayMacsecCakCakKeyArgs

DlGatewayMacsecCakKey, DlGatewayMacsecCakKeyArgs

Package Details

On this page

On this page