ibm 1.78.0, Apr 30 25

ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud

ibm.getKmsKeyPolicies

Explore with Pulumi AI

ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud

Import the details of existing Key Protect and Hyper Protect Crypto Service (HPCS) keys policies as a read-only data source. You can then reference the fields of the data source in other resources within the same configuration using interpolation syntax. Retreives a list of key policies from the hs-crypto or key-protect instance for the provided key id.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const test = ibm.getKmsKeyPolicies({
    instanceId: "guid-of-keyprotect-or hs-crypto-instance",
    keyId: "key-id-of-the-key",
});

import pulumi
import pulumi_ibm as ibm

test = ibm.get_kms_key_policies(instance_id="guid-of-keyprotect-or hs-crypto-instance",
    key_id="key-id-of-the-key")

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ibm.LookupKmsKeyPolicies(ctx, &ibm.LookupKmsKeyPoliciesArgs{
			InstanceId: "guid-of-keyprotect-or hs-crypto-instance",
			KeyId:      pulumi.StringRef("key-id-of-the-key"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var test = Ibm.GetKmsKeyPolicies.Invoke(new()
    {
        InstanceId = "guid-of-keyprotect-or hs-crypto-instance",
        KeyId = "key-id-of-the-key",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IbmFunctions;
import com.pulumi.ibm.inputs.GetKmsKeyPoliciesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var test = IbmFunctions.getKmsKeyPolicies(GetKmsKeyPoliciesArgs.builder()
            .instanceId("guid-of-keyprotect-or hs-crypto-instance")
            .keyId("key-id-of-the-key")
            .build());

    }
}

variables:
  test:
    fn::invoke:
      function: ibm:getKmsKeyPolicies
      arguments:
        instanceId: guid-of-keyprotect-or hs-crypto-instance
        keyId: key-id-of-the-key

Using getKmsKeyPolicies

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getKmsKeyPolicies(args: GetKmsKeyPoliciesArgs, opts?: InvokeOptions): Promise<GetKmsKeyPoliciesResult>
function getKmsKeyPoliciesOutput(args: GetKmsKeyPoliciesOutputArgs, opts?: InvokeOptions): Output<GetKmsKeyPoliciesResult>

def get_kms_key_policies(alias: Optional[str] = None,
                         endpoint_type: Optional[str] = None,
                         id: Optional[str] = None,
                         instance_id: Optional[str] = None,
                         key_id: Optional[str] = None,
                         opts: Optional[InvokeOptions] = None) -> GetKmsKeyPoliciesResult
def get_kms_key_policies_output(alias: Optional[pulumi.Input[str]] = None,
                         endpoint_type: Optional[pulumi.Input[str]] = None,
                         id: Optional[pulumi.Input[str]] = None,
                         instance_id: Optional[pulumi.Input[str]] = None,
                         key_id: Optional[pulumi.Input[str]] = None,
                         opts: Optional[InvokeOptions] = None) -> Output[GetKmsKeyPoliciesResult]

func LookupKmsKeyPolicies(ctx *Context, args *LookupKmsKeyPoliciesArgs, opts ...InvokeOption) (*LookupKmsKeyPoliciesResult, error)
func LookupKmsKeyPoliciesOutput(ctx *Context, args *LookupKmsKeyPoliciesOutputArgs, opts ...InvokeOption) LookupKmsKeyPoliciesResultOutput

> Note: This function is named LookupKmsKeyPolicies in the Go SDK.

public static class GetKmsKeyPolicies 
{
    public static Task<GetKmsKeyPoliciesResult> InvokeAsync(GetKmsKeyPoliciesArgs args, InvokeOptions? opts = null)
    public static Output<GetKmsKeyPoliciesResult> Invoke(GetKmsKeyPoliciesInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetKmsKeyPoliciesResult> getKmsKeyPolicies(GetKmsKeyPoliciesArgs args, InvokeOptions options)
public static Output<GetKmsKeyPoliciesResult> getKmsKeyPolicies(GetKmsKeyPoliciesArgs args, InvokeOptions options)

fn::invoke:
  function: ibm:index/getKmsKeyPolicies:getKmsKeyPolicies
  arguments:
    # arguments dictionary

The following arguments are supported:

InstanceId string: The keyprotect instance guid.
Alias string: The alias of the key.
EndpointType string: The type of the public or private endpoint to be used for fetching keys.
Id string: (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.
KeyId string: The id of the key.

InstanceId string: The keyprotect instance guid.
Alias string: The alias of the key.
EndpointType string: The type of the public or private endpoint to be used for fetching keys.
Id string: (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.
KeyId string: The id of the key.

instanceId String: The keyprotect instance guid.
alias String: The alias of the key.
endpointType String: The type of the public or private endpoint to be used for fetching keys.
id String: (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.
keyId String: The id of the key.

instanceId string: The keyprotect instance guid.
alias string: The alias of the key.
endpointType string: The type of the public or private endpoint to be used for fetching keys.
id string: (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.
keyId string: The id of the key.

instance_id str: The keyprotect instance guid.
alias str: The alias of the key.
endpoint_type str: The type of the public or private endpoint to be used for fetching keys.
id str: (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.
key_id str: The id of the key.

instanceId String: The keyprotect instance guid.
alias String: The alias of the key.
endpointType String: The type of the public or private endpoint to be used for fetching keys.
id String: (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.
keyId String: The id of the key.

getKmsKeyPolicies Result

The following output properties are available:

Id string: (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.
InstanceId string
Policies List<GetKmsKeyPoliciesPolicy>
Alias string: (String) The alias of the key.
EndpointType string
KeyId string: (String) The ID of the key.

Id string: (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.
InstanceId string
Policies []GetKmsKeyPoliciesPolicy
Alias string: (String) The alias of the key.
EndpointType string
KeyId string: (String) The ID of the key.

id String: (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.
instanceId String
policies List<GetKmsKeyPoliciesPolicy>
alias String: (String) The alias of the key.
endpointType String
keyId String: (String) The ID of the key.

id string: (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.
instanceId string
policies GetKmsKeyPoliciesPolicy[]
alias string: (String) The alias of the key.
endpointType string
keyId string: (String) The ID of the key.

id str: (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.
instance_id str
policies Sequence[GetKmsKeyPoliciesPolicy]
alias str: (String) The alias of the key.
endpoint_type str
key_id str: (String) The ID of the key.

id String: (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.
instanceId String
policies List<Property Map>
alias String: (String) The alias of the key.
endpointType String
keyId String: (String) The ID of the key.

Supporting Types

GetKmsKeyPoliciesPolicy

DualAuthDeletes List<GetKmsKeyPoliciesPolicyDualAuthDelete>: (List) The data associated with the dual authorization delete policy.
Rotations List<GetKmsKeyPoliciesPolicyRotation>: (List) The key rotation time interval in months, with a minimum of 1, and a maximum of 12.

DualAuthDeletes []GetKmsKeyPoliciesPolicyDualAuthDelete: (List) The data associated with the dual authorization delete policy.
Rotations []GetKmsKeyPoliciesPolicyRotation: (List) The key rotation time interval in months, with a minimum of 1, and a maximum of 12.

dualAuthDeletes List<GetKmsKeyPoliciesPolicyDualAuthDelete>: (List) The data associated with the dual authorization delete policy.
rotations List<GetKmsKeyPoliciesPolicyRotation>: (List) The key rotation time interval in months, with a minimum of 1, and a maximum of 12.

dualAuthDeletes GetKmsKeyPoliciesPolicyDualAuthDelete[]: (List) The data associated with the dual authorization delete policy.
rotations GetKmsKeyPoliciesPolicyRotation[]: (List) The key rotation time interval in months, with a minimum of 1, and a maximum of 12.

dual_auth_deletes Sequence[GetKmsKeyPoliciesPolicyDualAuthDelete]: (List) The data associated with the dual authorization delete policy.
rotations Sequence[GetKmsKeyPoliciesPolicyRotation]: (List) The key rotation time interval in months, with a minimum of 1, and a maximum of 12.

dualAuthDeletes List<Property Map>: (List) The data associated with the dual authorization delete policy.
rotations List<Property Map>: (List) The key rotation time interval in months, with a minimum of 1, and a maximum of 12.

GetKmsKeyPoliciesPolicyDualAuthDelete

CreatedBy string: (String) The unique ID for the resource that created the policy.
CreationDate string: (Timestamp) The date the policy was created. The date format follows RFC 3339.
Crn string: (String) The Cloud Resource Name (CRN) that uniquely identifies your cloud resources.
Enabled bool: (Bool) If set to true, Key Protect enables a dual authorization policy on the key.
Id string: (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.
LastUpdateDate string: (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339.
UpdatedBy string: (String) The unique ID for the resource that updated the policy.

CreatedBy string: (String) The unique ID for the resource that created the policy.
CreationDate string: (Timestamp) The date the policy was created. The date format follows RFC 3339.
Crn string: (String) The Cloud Resource Name (CRN) that uniquely identifies your cloud resources.
Enabled bool: (Bool) If set to true, Key Protect enables a dual authorization policy on the key.
Id string: (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.
LastUpdateDate string: (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339.
UpdatedBy string: (String) The unique ID for the resource that updated the policy.

createdBy String: (String) The unique ID for the resource that created the policy.
creationDate String: (Timestamp) The date the policy was created. The date format follows RFC 3339.
crn String: (String) The Cloud Resource Name (CRN) that uniquely identifies your cloud resources.
enabled Boolean: (Bool) If set to true, Key Protect enables a dual authorization policy on the key.
id String: (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.
lastUpdateDate String: (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339.
updatedBy String: (String) The unique ID for the resource that updated the policy.

createdBy string: (String) The unique ID for the resource that created the policy.
creationDate string: (Timestamp) The date the policy was created. The date format follows RFC 3339.
crn string: (String) The Cloud Resource Name (CRN) that uniquely identifies your cloud resources.
enabled boolean: (Bool) If set to true, Key Protect enables a dual authorization policy on the key.
id string: (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.
lastUpdateDate string: (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339.
updatedBy string: (String) The unique ID for the resource that updated the policy.

created_by str: (String) The unique ID for the resource that created the policy.
creation_date str: (Timestamp) The date the policy was created. The date format follows RFC 3339.
crn str: (String) The Cloud Resource Name (CRN) that uniquely identifies your cloud resources.
enabled bool: (Bool) If set to true, Key Protect enables a dual authorization policy on the key.
id str: (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.
last_update_date str: (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339.
updated_by str: (String) The unique ID for the resource that updated the policy.

createdBy String: (String) The unique ID for the resource that created the policy.
creationDate String: (Timestamp) The date the policy was created. The date format follows RFC 3339.
crn String: (String) The Cloud Resource Name (CRN) that uniquely identifies your cloud resources.
enabled Boolean: (Bool) If set to true, Key Protect enables a dual authorization policy on the key.
id String: (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.
lastUpdateDate String: (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339.
updatedBy String: (String) The unique ID for the resource that updated the policy.

GetKmsKeyPoliciesPolicyRotation

CreatedBy string: (String) The unique ID for the resource that created the policy.
CreationDate string: (Timestamp) The date the policy was created. The date format follows RFC 3339.
Crn string: (String) The Cloud Resource Name (CRN) that uniquely identifies your cloud resources.
Enabled bool: (Bool) If set to true, Key Protect enables a dual authorization policy on the key.
Id string: (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.
IntervalMonth double: (Int) The key rotation time interval in months.
LastUpdateDate string: (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339.
UpdatedBy string: (String) The unique ID for the resource that updated the policy.

CreatedBy string: (String) The unique ID for the resource that created the policy.
CreationDate string: (Timestamp) The date the policy was created. The date format follows RFC 3339.
Crn string: (String) The Cloud Resource Name (CRN) that uniquely identifies your cloud resources.
Enabled bool: (Bool) If set to true, Key Protect enables a dual authorization policy on the key.
Id string: (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.
IntervalMonth float64: (Int) The key rotation time interval in months.
LastUpdateDate string: (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339.
UpdatedBy string: (String) The unique ID for the resource that updated the policy.

createdBy String: (String) The unique ID for the resource that created the policy.
creationDate String: (Timestamp) The date the policy was created. The date format follows RFC 3339.
crn String: (String) The Cloud Resource Name (CRN) that uniquely identifies your cloud resources.
enabled Boolean: (Bool) If set to true, Key Protect enables a dual authorization policy on the key.
id String: (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.
intervalMonth Double: (Int) The key rotation time interval in months.
lastUpdateDate String: (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339.
updatedBy String: (String) The unique ID for the resource that updated the policy.

createdBy string: (String) The unique ID for the resource that created the policy.
creationDate string: (Timestamp) The date the policy was created. The date format follows RFC 3339.
crn string: (String) The Cloud Resource Name (CRN) that uniquely identifies your cloud resources.
enabled boolean: (Bool) If set to true, Key Protect enables a dual authorization policy on the key.
id string: (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.
intervalMonth number: (Int) The key rotation time interval in months.
lastUpdateDate string: (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339.
updatedBy string: (String) The unique ID for the resource that updated the policy.

created_by str: (String) The unique ID for the resource that created the policy.
creation_date str: (Timestamp) The date the policy was created. The date format follows RFC 3339.
crn str: (String) The Cloud Resource Name (CRN) that uniquely identifies your cloud resources.
enabled bool: (Bool) If set to true, Key Protect enables a dual authorization policy on the key.
id str: (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.
interval_month float: (Int) The key rotation time interval in months.
last_update_date str: (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339.
updated_by str: (String) The unique ID for the resource that updated the policy.

createdBy String: (String) The unique ID for the resource that created the policy.
creationDate String: (Timestamp) The date the policy was created. The date format follows RFC 3339.
crn String: (String) The Cloud Resource Name (CRN) that uniquely identifies your cloud resources.
enabled Boolean: (Bool) If set to true, Key Protect enables a dual authorization policy on the key.
id String: (String) The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.
intervalMonth Number: (Int) The key rotation time interval in months.
lastUpdateDate String: (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339.
updatedBy String: (String) The unique ID for the resource that updated the policy.

Package Details

Repository: ibm ibm-cloud/terraform-provider-ibm
License
Notes: This Pulumi package is based on the ibm Terraform Provider.

ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud

ibm-cloud/terraform-provider-ibm

ibm.getKmsKeyPolicies

On this page

On this page

Example Usage

Using getKmsKeyPolicies

getKmsKeyPolicies Result

Supporting Types

GetKmsKeyPoliciesPolicy

GetKmsKeyPoliciesPolicyDualAuthDelete

GetKmsKeyPoliciesPolicyRotation

Package Details

On this page

On this page