ibm 1.78.0, Apr 30 25

ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud

ibm.getKmsKeys

Explore with Pulumi AI

ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";

const test = ibm.getKmsKeys({
    instanceId: "guid-of-keyprotect-or hs-crypto-instance",
    limit: 100,
});
const smart_us_south = new ibm.CosBucket("smart-us-south", {
    bucketName: "atest-bucket",
    resourceInstanceId: "cos-instance-id",
    regionLocation: "us-south",
    storageClass: "smart",
    kmsKeyCrn: test.then(test => test.keys?.[0]?.crn),
});

import pulumi
import pulumi_ibm as ibm

test = ibm.get_kms_keys(instance_id="guid-of-keyprotect-or hs-crypto-instance",
    limit=100)
smart_us_south = ibm.CosBucket("smart-us-south",
    bucket_name="atest-bucket",
    resource_instance_id="cos-instance-id",
    region_location="us-south",
    storage_class="smart",
    kms_key_crn=test.keys[0].crn)

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		test, err := ibm.GetKmsKeys(ctx, &ibm.GetKmsKeysArgs{
			InstanceId: "guid-of-keyprotect-or hs-crypto-instance",
			Limit:      pulumi.Float64Ref(100),
		}, nil)
		if err != nil {
			return err
		}
		_, err = ibm.NewCosBucket(ctx, "smart-us-south", &ibm.CosBucketArgs{
			BucketName:         pulumi.String("atest-bucket"),
			ResourceInstanceId: pulumi.String("cos-instance-id"),
			RegionLocation:     pulumi.String("us-south"),
			StorageClass:       pulumi.String("smart"),
			KmsKeyCrn:          pulumi.String(test.Keys[0].Crn),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;

return await Deployment.RunAsync(() => 
{
    var test = Ibm.GetKmsKeys.Invoke(new()
    {
        InstanceId = "guid-of-keyprotect-or hs-crypto-instance",
        Limit = 100,
    });

    var smart_us_south = new Ibm.CosBucket("smart-us-south", new()
    {
        BucketName = "atest-bucket",
        ResourceInstanceId = "cos-instance-id",
        RegionLocation = "us-south",
        StorageClass = "smart",
        KmsKeyCrn = test.Apply(getKmsKeysResult => getKmsKeysResult.Keys[0]?.Crn),
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IbmFunctions;
import com.pulumi.ibm.inputs.GetKmsKeysArgs;
import com.pulumi.ibm.CosBucket;
import com.pulumi.ibm.CosBucketArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var test = IbmFunctions.getKmsKeys(GetKmsKeysArgs.builder()
            .instanceId("guid-of-keyprotect-or hs-crypto-instance")
            .limit(100)
            .build());

        var smart_us_south = new CosBucket("smart-us-south", CosBucketArgs.builder()
            .bucketName("atest-bucket")
            .resourceInstanceId("cos-instance-id")
            .regionLocation("us-south")
            .storageClass("smart")
            .kmsKeyCrn(test.applyValue(getKmsKeysResult -> getKmsKeysResult.keys()[0].crn()))
            .build());

    }
}

resources:
  smart-us-south:
    type: ibm:CosBucket
    properties:
      bucketName: atest-bucket
      resourceInstanceId: cos-instance-id
      regionLocation: us-south
      storageClass: smart
      kmsKeyCrn: ${test.keys[0].crn}
variables:
  test:
    fn::invoke:
      function: ibm:getKmsKeys
      arguments:
        instanceId: guid-of-keyprotect-or hs-crypto-instance
        limit: 100

Note:

key_protect attribute has been renamed as kms_key_crn , hence it is recommended to all the new users to use kms_key_crn.Although the support for older attribute name key_protect will be continued for existing customers.

Using getKmsKeys

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getKmsKeys(args: GetKmsKeysArgs, opts?: InvokeOptions): Promise<GetKmsKeysResult>
function getKmsKeysOutput(args: GetKmsKeysOutputArgs, opts?: InvokeOptions): Output<GetKmsKeysResult>

def get_kms_keys(alias: Optional[str] = None,
                 endpoint_type: Optional[str] = None,
                 id: Optional[str] = None,
                 instance_id: Optional[str] = None,
                 key_id: Optional[str] = None,
                 key_name: Optional[str] = None,
                 limit: Optional[float] = None,
                 opts: Optional[InvokeOptions] = None) -> GetKmsKeysResult
def get_kms_keys_output(alias: Optional[pulumi.Input[str]] = None,
                 endpoint_type: Optional[pulumi.Input[str]] = None,
                 id: Optional[pulumi.Input[str]] = None,
                 instance_id: Optional[pulumi.Input[str]] = None,
                 key_id: Optional[pulumi.Input[str]] = None,
                 key_name: Optional[pulumi.Input[str]] = None,
                 limit: Optional[pulumi.Input[float]] = None,
                 opts: Optional[InvokeOptions] = None) -> Output[GetKmsKeysResult]

func GetKmsKeys(ctx *Context, args *GetKmsKeysArgs, opts ...InvokeOption) (*GetKmsKeysResult, error)
func GetKmsKeysOutput(ctx *Context, args *GetKmsKeysOutputArgs, opts ...InvokeOption) GetKmsKeysResultOutput

> Note: This function is named GetKmsKeys in the Go SDK.

public static class GetKmsKeys 
{
    public static Task<GetKmsKeysResult> InvokeAsync(GetKmsKeysArgs args, InvokeOptions? opts = null)
    public static Output<GetKmsKeysResult> Invoke(GetKmsKeysInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetKmsKeysResult> getKmsKeys(GetKmsKeysArgs args, InvokeOptions options)
public static Output<GetKmsKeysResult> getKmsKeys(GetKmsKeysArgs args, InvokeOptions options)

fn::invoke:
  function: ibm:index/getKmsKeys:getKmsKeys
  arguments:
    # arguments dictionary

The following arguments are supported:

InstanceId string: The key-protect instance ID.
Alias string: The alias of the key.
EndpointType string: The type of the public or private endpoint to be used for fetching keys.
Id string: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
KeyId string: The keyID of the key to be fetched.
KeyName string: The name of the key. Only matching name of the keys are retrieved.
Limit double: The limit till the keys need to be fetched in the instance.

InstanceId string: The key-protect instance ID.
Alias string: The alias of the key.
EndpointType string: The type of the public or private endpoint to be used for fetching keys.
Id string: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
KeyId string: The keyID of the key to be fetched.
KeyName string: The name of the key. Only matching name of the keys are retrieved.
Limit float64: The limit till the keys need to be fetched in the instance.

instanceId String: The key-protect instance ID.
alias String: The alias of the key.
endpointType String: The type of the public or private endpoint to be used for fetching keys.
id String: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
keyId String: The keyID of the key to be fetched.
keyName String: The name of the key. Only matching name of the keys are retrieved.
limit Double: The limit till the keys need to be fetched in the instance.

instanceId string: The key-protect instance ID.
alias string: The alias of the key.
endpointType string: The type of the public or private endpoint to be used for fetching keys.
id string: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
keyId string: The keyID of the key to be fetched.
keyName string: The name of the key. Only matching name of the keys are retrieved.
limit number: The limit till the keys need to be fetched in the instance.

instance_id str: The key-protect instance ID.
alias str: The alias of the key.
endpoint_type str: The type of the public or private endpoint to be used for fetching keys.
id str: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
key_id str: The keyID of the key to be fetched.
key_name str: The name of the key. Only matching name of the keys are retrieved.
limit float: The limit till the keys need to be fetched in the instance.

instanceId String: The key-protect instance ID.
alias String: The alias of the key.
endpointType String: The type of the public or private endpoint to be used for fetching keys.
id String: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
keyId String: The keyID of the key to be fetched.
keyName String: The name of the key. Only matching name of the keys are retrieved.
limit Number: The limit till the keys need to be fetched in the instance.

getKmsKeys Result

The following output properties are available:

Id string: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
InstanceId string
Keys List<GetKmsKeysKey>: (String) Lists the Keys of HPCS or Key-protect instance.
Alias string
EndpointType string
KeyId string
KeyName string
Limit double

Id string: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
InstanceId string
Keys []GetKmsKeysKey: (String) Lists the Keys of HPCS or Key-protect instance.
Alias string
EndpointType string
KeyId string
KeyName string
Limit float64

id String: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
instanceId String
keys List<GetKmsKeysKey>: (String) Lists the Keys of HPCS or Key-protect instance.
alias String
endpointType String
keyId String
keyName String
limit Double

id string: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
instanceId string
keys GetKmsKeysKey[]: (String) Lists the Keys of HPCS or Key-protect instance.
alias string
endpointType string
keyId string
keyName string
limit number

id str: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
instance_id str
keys Sequence[GetKmsKeysKey]: (String) Lists the Keys of HPCS or Key-protect instance.
alias str
endpoint_type str
key_id str
key_name str
limit float

id String: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
instanceId String
keys List<Property Map>: (String) Lists the Keys of HPCS or Key-protect instance.
alias String
endpointType String
keyId String
keyName String
limit Number

Supporting Types

GetKmsKeysKey

Aliases List<string>: (String) A list of alias names that are assigned to the key.
Crn string: (String) The CRN of the key.
Description string
Id string: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
KeyRingId string: (String) The ID of the key ring that the key belongs to.
Name string: (String) The name for the key.
Policies List<GetKmsKeysKeyPolicy>
StandardKey bool: (String) Set the flag true for standard key, and false for root key. Default value is false.

Aliases []string: (String) A list of alias names that are assigned to the key.
Crn string: (String) The CRN of the key.
Description string
Id string: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
KeyRingId string: (String) The ID of the key ring that the key belongs to.
Name string: (String) The name for the key.
Policies []GetKmsKeysKeyPolicy
StandardKey bool: (String) Set the flag true for standard key, and false for root key. Default value is false.

aliases List<String>: (String) A list of alias names that are assigned to the key.
crn String: (String) The CRN of the key.
description String
id String: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
keyRingId String: (String) The ID of the key ring that the key belongs to.
name String: (String) The name for the key.
policies List<GetKmsKeysKeyPolicy>
standardKey Boolean: (String) Set the flag true for standard key, and false for root key. Default value is false.

aliases string[]: (String) A list of alias names that are assigned to the key.
crn string: (String) The CRN of the key.
description string
id string: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
keyRingId string: (String) The ID of the key ring that the key belongs to.
name string: (String) The name for the key.
policies GetKmsKeysKeyPolicy[]
standardKey boolean: (String) Set the flag true for standard key, and false for root key. Default value is false.

aliases Sequence[str]: (String) A list of alias names that are assigned to the key.
crn str: (String) The CRN of the key.
description str
id str: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
key_ring_id str: (String) The ID of the key ring that the key belongs to.
name str: (String) The name for the key.
policies Sequence[GetKmsKeysKeyPolicy]
standard_key bool: (String) Set the flag true for standard key, and false for root key. Default value is false.

aliases List<String>: (String) A list of alias names that are assigned to the key.
crn String: (String) The CRN of the key.
description String
id String: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
keyRingId String: (String) The ID of the key ring that the key belongs to.
name String: (String) The name for the key.
policies List<Property Map>
standardKey Boolean: (String) Set the flag true for standard key, and false for root key. Default value is false.

GetKmsKeysKeyPolicy

DualAuthDeletes List<GetKmsKeysKeyPolicyDualAuthDelete>: (String) The data associated with the dual authorization delete policy.
Rotations List<GetKmsKeysKeyPolicyRotation>: (String) The key rotation time interval in months, with a minimum of 1, and a maximum of 12.

DualAuthDeletes []GetKmsKeysKeyPolicyDualAuthDelete: (String) The data associated with the dual authorization delete policy.
Rotations []GetKmsKeysKeyPolicyRotation: (String) The key rotation time interval in months, with a minimum of 1, and a maximum of 12.

dualAuthDeletes List<GetKmsKeysKeyPolicyDualAuthDelete>: (String) The data associated with the dual authorization delete policy.
rotations List<GetKmsKeysKeyPolicyRotation>: (String) The key rotation time interval in months, with a minimum of 1, and a maximum of 12.

dualAuthDeletes GetKmsKeysKeyPolicyDualAuthDelete[]: (String) The data associated with the dual authorization delete policy.
rotations GetKmsKeysKeyPolicyRotation[]: (String) The key rotation time interval in months, with a minimum of 1, and a maximum of 12.

dual_auth_deletes Sequence[GetKmsKeysKeyPolicyDualAuthDelete]: (String) The data associated with the dual authorization delete policy.
rotations Sequence[GetKmsKeysKeyPolicyRotation]: (String) The key rotation time interval in months, with a minimum of 1, and a maximum of 12.

dualAuthDeletes List<Property Map>: (String) The data associated with the dual authorization delete policy.
rotations List<Property Map>: (String) The key rotation time interval in months, with a minimum of 1, and a maximum of 12.

GetKmsKeysKeyPolicyDualAuthDelete

CreatedBy string: (String) The unique ID for the resource that created the policy.
CreationDate string: (Timestamp) The date the policy was created. The date format follows RFC 3339.
Crn string: (String) The CRN of the key.
Enabled bool: (String) If set to true, Key Protect enables a dual authorization policy on the key.
Id string: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
LastUpdateDate string: (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339.
UpdatedBy string: (String) The unique ID for the resource that updated the policy.

CreatedBy string: (String) The unique ID for the resource that created the policy.
CreationDate string: (Timestamp) The date the policy was created. The date format follows RFC 3339.
Crn string: (String) The CRN of the key.
Enabled bool: (String) If set to true, Key Protect enables a dual authorization policy on the key.
Id string: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
LastUpdateDate string: (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339.
UpdatedBy string: (String) The unique ID for the resource that updated the policy.

createdBy String: (String) The unique ID for the resource that created the policy.
creationDate String: (Timestamp) The date the policy was created. The date format follows RFC 3339.
crn String: (String) The CRN of the key.
enabled Boolean: (String) If set to true, Key Protect enables a dual authorization policy on the key.
id String: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
lastUpdateDate String: (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339.
updatedBy String: (String) The unique ID for the resource that updated the policy.

createdBy string: (String) The unique ID for the resource that created the policy.
creationDate string: (Timestamp) The date the policy was created. The date format follows RFC 3339.
crn string: (String) The CRN of the key.
enabled boolean: (String) If set to true, Key Protect enables a dual authorization policy on the key.
id string: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
lastUpdateDate string: (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339.
updatedBy string: (String) The unique ID for the resource that updated the policy.

created_by str: (String) The unique ID for the resource that created the policy.
creation_date str: (Timestamp) The date the policy was created. The date format follows RFC 3339.
crn str: (String) The CRN of the key.
enabled bool: (String) If set to true, Key Protect enables a dual authorization policy on the key.
id str: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
last_update_date str: (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339.
updated_by str: (String) The unique ID for the resource that updated the policy.

createdBy String: (String) The unique ID for the resource that created the policy.
creationDate String: (Timestamp) The date the policy was created. The date format follows RFC 3339.
crn String: (String) The CRN of the key.
enabled Boolean: (String) If set to true, Key Protect enables a dual authorization policy on the key.
id String: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
lastUpdateDate String: (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339.
updatedBy String: (String) The unique ID for the resource that updated the policy.

GetKmsKeysKeyPolicyRotation

CreatedBy string: (String) The unique ID for the resource that created the policy.
CreationDate string: (Timestamp) The date the policy was created. The date format follows RFC 3339.
Crn string: (String) The CRN of the key.
Enabled bool: (String) If set to true, Key Protect enables a dual authorization policy on the key.
Id string: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
IntervalMonth double: (String) The key rotation time interval in months.
LastUpdateDate string: (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339.
UpdatedBy string: (String) The unique ID for the resource that updated the policy.

CreatedBy string: (String) The unique ID for the resource that created the policy.
CreationDate string: (Timestamp) The date the policy was created. The date format follows RFC 3339.
Crn string: (String) The CRN of the key.
Enabled bool: (String) If set to true, Key Protect enables a dual authorization policy on the key.
Id string: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
IntervalMonth float64: (String) The key rotation time interval in months.
LastUpdateDate string: (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339.
UpdatedBy string: (String) The unique ID for the resource that updated the policy.

createdBy String: (String) The unique ID for the resource that created the policy.
creationDate String: (Timestamp) The date the policy was created. The date format follows RFC 3339.
crn String: (String) The CRN of the key.
enabled Boolean: (String) If set to true, Key Protect enables a dual authorization policy on the key.
id String: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
intervalMonth Double: (String) The key rotation time interval in months.
lastUpdateDate String: (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339.
updatedBy String: (String) The unique ID for the resource that updated the policy.

createdBy string: (String) The unique ID for the resource that created the policy.
creationDate string: (Timestamp) The date the policy was created. The date format follows RFC 3339.
crn string: (String) The CRN of the key.
enabled boolean: (String) If set to true, Key Protect enables a dual authorization policy on the key.
id string: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
intervalMonth number: (String) The key rotation time interval in months.
lastUpdateDate string: (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339.
updatedBy string: (String) The unique ID for the resource that updated the policy.

created_by str: (String) The unique ID for the resource that created the policy.
creation_date str: (Timestamp) The date the policy was created. The date format follows RFC 3339.
crn str: (String) The CRN of the key.
enabled bool: (String) If set to true, Key Protect enables a dual authorization policy on the key.
id str: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
interval_month float: (String) The key rotation time interval in months.
last_update_date str: (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339.
updated_by str: (String) The unique ID for the resource that updated the policy.

createdBy String: (String) The unique ID for the resource that created the policy.
creationDate String: (Timestamp) The date the policy was created. The date format follows RFC 3339.
crn String: (String) The CRN of the key.
enabled Boolean: (String) If set to true, Key Protect enables a dual authorization policy on the key.
id String: (String) The v4 UUID is used to uniquely identify the policy resource, as specified by RFC 4122.
intervalMonth Number: (String) The key rotation time interval in months.
lastUpdateDate String: (Timestamp) The date when the policy last replaced or modified. The date format follows RFC 3339.
updatedBy String: (String) The unique ID for the resource that updated the policy.

Package Details

Repository: ibm ibm-cloud/terraform-provider-ibm
License
Notes: This Pulumi package is based on the ibm Terraform Provider.

ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud

ibm-cloud/terraform-provider-ibm

ibm.getKmsKeys

On this page

On this page

Example Usage

Using getKmsKeys

getKmsKeys Result

Supporting Types

GetKmsKeysKey

GetKmsKeysKeyPolicy

GetKmsKeysKeyPolicyDualAuthDelete

GetKmsKeysKeyPolicyRotation

Package Details

On this page

On this page