Docs Home
ibm 1.78.0 published on Wednesday, Apr 30, 2025 by ibm-cloud
ibm.KmsKeyWithPolicyOverrides
Explore with Pulumi AI
Example Usage
To Provision Key Protect Service And KMS Key With Policy Details
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const kmsInstance = new ibm.ResourceInstance("kmsInstance", {
service: "kms",
plan: "tiered-pricing",
location: "us-south",
});
const test = new ibm.KmsKeyWithPolicyOverrides("test", {
instanceId: kmsInstance.guid,
keyName: "key-name",
standardKey: false,
forceDelete: true,
rotations: [{
enabled: true,
intervalMonth: 5,
}],
dualAuthDeletes: [{
enabled: false,
}],
});
const smart_us_south = new ibm.CosBucket("smart-us-south", {
bucketName: "atest-bucket",
resourceInstanceId: "cos-instance-id",
regionLocation: "us-south",
storageClass: "smart",
kmsKeyCrn: test.kmsKeyWithPolicyOverridesId,
});
import pulumi
import pulumi_ibm as ibm
kms_instance = ibm.ResourceInstance("kmsInstance",
service="kms",
plan="tiered-pricing",
location="us-south")
test = ibm.KmsKeyWithPolicyOverrides("test",
instance_id=kms_instance.guid,
key_name="key-name",
standard_key=False,
force_delete=True,
rotations=[{
"enabled": True,
"interval_month": 5,
}],
dual_auth_deletes=[{
"enabled": False,
}])
smart_us_south = ibm.CosBucket("smart-us-south",
bucket_name="atest-bucket",
resource_instance_id="cos-instance-id",
region_location="us-south",
storage_class="smart",
kms_key_crn=test.kms_key_with_policy_overrides_id)
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
kmsInstance, err := ibm.NewResourceInstance(ctx, "kmsInstance", &ibm.ResourceInstanceArgs{
Service: pulumi.String("kms"),
Plan: pulumi.String("tiered-pricing"),
Location: pulumi.String("us-south"),
})
if err != nil {
return err
}
test, err := ibm.NewKmsKeyWithPolicyOverrides(ctx, "test", &ibm.KmsKeyWithPolicyOverridesArgs{
InstanceId: kmsInstance.Guid,
KeyName: pulumi.String("key-name"),
StandardKey: pulumi.Bool(false),
ForceDelete: pulumi.Bool(true),
Rotations: ibm.KmsKeyWithPolicyOverridesRotationArray{
&ibm.KmsKeyWithPolicyOverridesRotationArgs{
Enabled: pulumi.Bool(true),
IntervalMonth: pulumi.Float64(5),
},
},
DualAuthDeletes: ibm.KmsKeyWithPolicyOverridesDualAuthDeleteArray{
&ibm.KmsKeyWithPolicyOverridesDualAuthDeleteArgs{
Enabled: pulumi.Bool(false),
},
},
})
if err != nil {
return err
}
_, err = ibm.NewCosBucket(ctx, "smart-us-south", &ibm.CosBucketArgs{
BucketName: pulumi.String("atest-bucket"),
ResourceInstanceId: pulumi.String("cos-instance-id"),
RegionLocation: pulumi.String("us-south"),
StorageClass: pulumi.String("smart"),
KmsKeyCrn: test.KmsKeyWithPolicyOverridesId,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var kmsInstance = new Ibm.ResourceInstance("kmsInstance", new()
{
Service = "kms",
Plan = "tiered-pricing",
Location = "us-south",
});
var test = new Ibm.KmsKeyWithPolicyOverrides("test", new()
{
InstanceId = kmsInstance.Guid,
KeyName = "key-name",
StandardKey = false,
ForceDelete = true,
Rotations = new[]
{
new Ibm.Inputs.KmsKeyWithPolicyOverridesRotationArgs
{
Enabled = true,
IntervalMonth = 5,
},
},
DualAuthDeletes = new[]
{
new Ibm.Inputs.KmsKeyWithPolicyOverridesDualAuthDeleteArgs
{
Enabled = false,
},
},
});
var smart_us_south = new Ibm.CosBucket("smart-us-south", new()
{
BucketName = "atest-bucket",
ResourceInstanceId = "cos-instance-id",
RegionLocation = "us-south",
StorageClass = "smart",
KmsKeyCrn = test.KmsKeyWithPolicyOverridesId,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.ResourceInstance;
import com.pulumi.ibm.ResourceInstanceArgs;
import com.pulumi.ibm.KmsKeyWithPolicyOverrides;
import com.pulumi.ibm.KmsKeyWithPolicyOverridesArgs;
import com.pulumi.ibm.inputs.KmsKeyWithPolicyOverridesRotationArgs;
import com.pulumi.ibm.inputs.KmsKeyWithPolicyOverridesDualAuthDeleteArgs;
import com.pulumi.ibm.CosBucket;
import com.pulumi.ibm.CosBucketArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var kmsInstance = new ResourceInstance("kmsInstance", ResourceInstanceArgs.builder()
.service("kms")
.plan("tiered-pricing")
.location("us-south")
.build());
var test = new KmsKeyWithPolicyOverrides("test", KmsKeyWithPolicyOverridesArgs.builder()
.instanceId(kmsInstance.guid())
.keyName("key-name")
.standardKey(false)
.forceDelete(true)
.rotations(KmsKeyWithPolicyOverridesRotationArgs.builder()
.enabled(true)
.intervalMonth(5)
.build())
.dualAuthDeletes(KmsKeyWithPolicyOverridesDualAuthDeleteArgs.builder()
.enabled(false)
.build())
.build());
var smart_us_south = new CosBucket("smart-us-south", CosBucketArgs.builder()
.bucketName("atest-bucket")
.resourceInstanceId("cos-instance-id")
.regionLocation("us-south")
.storageClass("smart")
.kmsKeyCrn(test.kmsKeyWithPolicyOverridesId())
.build());
}
}
resources:
kmsInstance:
type: ibm:ResourceInstance
properties:
service: kms
plan: tiered-pricing
location: us-south
test:
type: ibm:KmsKeyWithPolicyOverrides
properties:
instanceId: ${kmsInstance.guid}
keyName: key-name
standardKey: false
forceDelete: true
rotations:
- enabled: true
intervalMonth: 5
dualAuthDeletes:
- enabled: false
smart-us-south:
type: ibm:CosBucket
properties:
bucketName: atest-bucket
resourceInstanceId: cos-instance-id
regionLocation: us-south
storageClass: smart
kmsKeyCrn: ${test.kmsKeyWithPolicyOverridesId}
Note:
key_protect attribute to associate a kms_key with a COS bucket has been renamed as kms_key_crn , hence it is recommended to all the new users to use kms_key_crn.Although the support for older attribute name key_protect will be continued for existing customers.
To Provision HPCS Service And KMS Key With Policy Details
Below steps explains how to provision a HPCS service , intialize the service and and KMS key with policy details.
Step 1: Provision the service using ibm.ResourceInstance
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const hpcs = new ibm.ResourceInstance("hpcs", {
location: "us-south",
parameters: {
units: "2",
},
plan: "standard",
service: "hs-crypto",
});
import pulumi
import pulumi_ibm as ibm
hpcs = ibm.ResourceInstance("hpcs",
location="us-south",
parameters={
"units": "2",
},
plan="standard",
service="hs-crypto")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ibm.NewResourceInstance(ctx, "hpcs", &ibm.ResourceInstanceArgs{
Location: pulumi.String("us-south"),
Parameters: pulumi.StringMap{
"units": pulumi.String("2"),
},
Plan: pulumi.String("standard"),
Service: pulumi.String("hs-crypto"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var hpcs = new Ibm.ResourceInstance("hpcs", new()
{
Location = "us-south",
Parameters =
{
{ "units", "2" },
},
Plan = "standard",
Service = "hs-crypto",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.ResourceInstance;
import com.pulumi.ibm.ResourceInstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var hpcs = new ResourceInstance("hpcs", ResourceInstanceArgs.builder()
.location("us-south")
.parameters(Map.of("units", 2))
.plan("standard")
.service("hs-crypto")
.build());
}
}
resources:
hpcs:
type: ibm:ResourceInstance
properties:
location: us-south
parameters:
units: 2
plan: standard
service: hs-crypto
Step 2: Initialize your service instance manually
To manage your keys, you need to initialize your service instance first. Two options are provided for initializing a service instance. You can use the IBM Hyper Protect Crypto Services Management Utilities to initialize a service instance by using master key parts stored on smart cards. This provides the highest level of security. You can also use the IBM Cloud Trusted Key Entry (TKE) command-line interface (CLI) plug-in to initialize your service instance. For more details refer here
Step 3: Manage your keys using ibm.KmsKeyWithPolicyOverrides
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const key = new ibm.KmsKeyWithPolicyOverrides("key", {
instanceId: ibm_resource_instance.hpcs.guid,
keyName: _var.key_name,
standardKey: false,
forceDelete: true,
});
import pulumi
import pulumi_ibm as ibm
key = ibm.KmsKeyWithPolicyOverrides("key",
instance_id=ibm_resource_instance["hpcs"]["guid"],
key_name=var["key_name"],
standard_key=False,
force_delete=True)
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ibm.NewKmsKeyWithPolicyOverrides(ctx, "key", &ibm.KmsKeyWithPolicyOverridesArgs{
InstanceId: pulumi.Any(ibm_resource_instance.Hpcs.Guid),
KeyName: pulumi.Any(_var.Key_name),
StandardKey: pulumi.Bool(false),
ForceDelete: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var key = new Ibm.KmsKeyWithPolicyOverrides("key", new()
{
InstanceId = ibm_resource_instance.Hpcs.Guid,
KeyName = @var.Key_name,
StandardKey = false,
ForceDelete = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.KmsKeyWithPolicyOverrides;
import com.pulumi.ibm.KmsKeyWithPolicyOverridesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var key = new KmsKeyWithPolicyOverrides("key", KmsKeyWithPolicyOverridesArgs.builder()
.instanceId(ibm_resource_instance.hpcs().guid())
.keyName(var_.key_name())
.standardKey(false)
.forceDelete(true)
.build());
}
}
resources:
key:
type: ibm:KmsKeyWithPolicyOverrides
properties:
instanceId: ${ibm_resource_instance.hpcs.guid}
keyName: ${var.key_name}
standardKey: false
forceDelete: true
To Provision KMS And Import A Key With Policy Details
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const kpInstance = new ibm.ResourceInstance("kpInstance", {
service: "kms",
plan: "tiered-pricing",
location: "us-south",
});
const key = new ibm.KmsKeyWithPolicyOverrides("key", {
instanceId: kpInstance.guid,
keyName: "key",
standardKey: false,
payload: "aW1wb3J0ZWQucGF5bG9hZA==",
});
import pulumi
import pulumi_ibm as ibm
kp_instance = ibm.ResourceInstance("kpInstance",
service="kms",
plan="tiered-pricing",
location="us-south")
key = ibm.KmsKeyWithPolicyOverrides("key",
instance_id=kp_instance.guid,
key_name="key",
standard_key=False,
payload="aW1wb3J0ZWQucGF5bG9hZA==")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
kpInstance, err := ibm.NewResourceInstance(ctx, "kpInstance", &ibm.ResourceInstanceArgs{
Service: pulumi.String("kms"),
Plan: pulumi.String("tiered-pricing"),
Location: pulumi.String("us-south"),
})
if err != nil {
return err
}
_, err = ibm.NewKmsKeyWithPolicyOverrides(ctx, "key", &ibm.KmsKeyWithPolicyOverridesArgs{
InstanceId: kpInstance.Guid,
KeyName: pulumi.String("key"),
StandardKey: pulumi.Bool(false),
Payload: pulumi.String("aW1wb3J0ZWQucGF5bG9hZA=="),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var kpInstance = new Ibm.ResourceInstance("kpInstance", new()
{
Service = "kms",
Plan = "tiered-pricing",
Location = "us-south",
});
var key = new Ibm.KmsKeyWithPolicyOverrides("key", new()
{
InstanceId = kpInstance.Guid,
KeyName = "key",
StandardKey = false,
Payload = "aW1wb3J0ZWQucGF5bG9hZA==",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.ResourceInstance;
import com.pulumi.ibm.ResourceInstanceArgs;
import com.pulumi.ibm.KmsKeyWithPolicyOverrides;
import com.pulumi.ibm.KmsKeyWithPolicyOverridesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var kpInstance = new ResourceInstance("kpInstance", ResourceInstanceArgs.builder()
.service("kms")
.plan("tiered-pricing")
.location("us-south")
.build());
var key = new KmsKeyWithPolicyOverrides("key", KmsKeyWithPolicyOverridesArgs.builder()
.instanceId(kpInstance.guid())
.keyName("key")
.standardKey(false)
.payload("aW1wb3J0ZWQucGF5bG9hZA==")
.build());
}
}
resources:
kpInstance:
type: ibm:ResourceInstance
properties:
service: kms
plan: tiered-pricing
location: us-south
key:
type: ibm:KmsKeyWithPolicyOverrides
properties:
instanceId: ${kpInstance.guid}
keyName: key
standardKey: false
payload: aW1wb3J0ZWQucGF5bG9hZA==
Create KmsKeyWithPolicyOverrides Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new KmsKeyWithPolicyOverrides(name: string, args: KmsKeyWithPolicyOverridesArgs, opts?: CustomResourceOptions);@overload
def KmsKeyWithPolicyOverrides(resource_name: str,
args: KmsKeyWithPolicyOverridesArgs,
opts: Optional[ResourceOptions] = None)
@overload
def KmsKeyWithPolicyOverrides(resource_name: str,
opts: Optional[ResourceOptions] = None,
instance_id: Optional[str] = None,
key_name: Optional[str] = None,
endpoint_type: Optional[str] = None,
description: Optional[str] = None,
expiration_date: Optional[str] = None,
force_delete: Optional[bool] = None,
encrypted_nonce: Optional[str] = None,
iv_value: Optional[str] = None,
dual_auth_deletes: Optional[Sequence[KmsKeyWithPolicyOverridesDualAuthDeleteArgs]] = None,
key_ring_id: Optional[str] = None,
kms_key_with_policy_overrides_id: Optional[str] = None,
payload: Optional[str] = None,
rotations: Optional[Sequence[KmsKeyWithPolicyOverridesRotationArgs]] = None,
standard_key: Optional[bool] = None,
timeouts: Optional[KmsKeyWithPolicyOverridesTimeoutsArgs] = None)func NewKmsKeyWithPolicyOverrides(ctx *Context, name string, args KmsKeyWithPolicyOverridesArgs, opts ...ResourceOption) (*KmsKeyWithPolicyOverrides, error)public KmsKeyWithPolicyOverrides(string name, KmsKeyWithPolicyOverridesArgs args, CustomResourceOptions? opts = null)
public KmsKeyWithPolicyOverrides(String name, KmsKeyWithPolicyOverridesArgs args)
public KmsKeyWithPolicyOverrides(String name, KmsKeyWithPolicyOverridesArgs args, CustomResourceOptions options)
type: ibm:KmsKeyWithPolicyOverrides
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args KmsKeyWithPolicyOverridesArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args KmsKeyWithPolicyOverridesArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args KmsKeyWithPolicyOverridesArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args KmsKeyWithPolicyOverridesArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args KmsKeyWithPolicyOverridesArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var kmsKeyWithPolicyOverridesResource = new Ibm.KmsKeyWithPolicyOverrides("kmsKeyWithPolicyOverridesResource", new()
{
InstanceId = "string",
KeyName = "string",
EndpointType = "string",
Description = "string",
ExpirationDate = "string",
ForceDelete = false,
EncryptedNonce = "string",
IvValue = "string",
DualAuthDeletes = new[]
{
new Ibm.Inputs.KmsKeyWithPolicyOverridesDualAuthDeleteArgs
{
Enabled = false,
},
},
KeyRingId = "string",
KmsKeyWithPolicyOverridesId = "string",
Payload = "string",
Rotations = new[]
{
new Ibm.Inputs.KmsKeyWithPolicyOverridesRotationArgs
{
Enabled = false,
IntervalMonth = 0,
},
},
StandardKey = false,
Timeouts = new Ibm.Inputs.KmsKeyWithPolicyOverridesTimeoutsArgs
{
Create = "string",
Update = "string",
},
});
example, err := ibm.NewKmsKeyWithPolicyOverrides(ctx, "kmsKeyWithPolicyOverridesResource", &ibm.KmsKeyWithPolicyOverridesArgs{
InstanceId: pulumi.String("string"),
KeyName: pulumi.String("string"),
EndpointType: pulumi.String("string"),
Description: pulumi.String("string"),
ExpirationDate: pulumi.String("string"),
ForceDelete: pulumi.Bool(false),
EncryptedNonce: pulumi.String("string"),
IvValue: pulumi.String("string"),
DualAuthDeletes: ibm.KmsKeyWithPolicyOverridesDualAuthDeleteArray{
&ibm.KmsKeyWithPolicyOverridesDualAuthDeleteArgs{
Enabled: pulumi.Bool(false),
},
},
KeyRingId: pulumi.String("string"),
KmsKeyWithPolicyOverridesId: pulumi.String("string"),
Payload: pulumi.String("string"),
Rotations: ibm.KmsKeyWithPolicyOverridesRotationArray{
&ibm.KmsKeyWithPolicyOverridesRotationArgs{
Enabled: pulumi.Bool(false),
IntervalMonth: pulumi.Float64(0),
},
},
StandardKey: pulumi.Bool(false),
Timeouts: &ibm.KmsKeyWithPolicyOverridesTimeoutsArgs{
Create: pulumi.String("string"),
Update: pulumi.String("string"),
},
})
var kmsKeyWithPolicyOverridesResource = new KmsKeyWithPolicyOverrides("kmsKeyWithPolicyOverridesResource", KmsKeyWithPolicyOverridesArgs.builder()
.instanceId("string")
.keyName("string")
.endpointType("string")
.description("string")
.expirationDate("string")
.forceDelete(false)
.encryptedNonce("string")
.ivValue("string")
.dualAuthDeletes(KmsKeyWithPolicyOverridesDualAuthDeleteArgs.builder()
.enabled(false)
.build())
.keyRingId("string")
.kmsKeyWithPolicyOverridesId("string")
.payload("string")
.rotations(KmsKeyWithPolicyOverridesRotationArgs.builder()
.enabled(false)
.intervalMonth(0)
.build())
.standardKey(false)
.timeouts(KmsKeyWithPolicyOverridesTimeoutsArgs.builder()
.create("string")
.update("string")
.build())
.build());
kms_key_with_policy_overrides_resource = ibm.KmsKeyWithPolicyOverrides("kmsKeyWithPolicyOverridesResource",
instance_id="string",
key_name="string",
endpoint_type="string",
description="string",
expiration_date="string",
force_delete=False,
encrypted_nonce="string",
iv_value="string",
dual_auth_deletes=[{
"enabled": False,
}],
key_ring_id="string",
kms_key_with_policy_overrides_id="string",
payload="string",
rotations=[{
"enabled": False,
"interval_month": 0,
}],
standard_key=False,
timeouts={
"create": "string",
"update": "string",
})
const kmsKeyWithPolicyOverridesResource = new ibm.KmsKeyWithPolicyOverrides("kmsKeyWithPolicyOverridesResource", {
instanceId: "string",
keyName: "string",
endpointType: "string",
description: "string",
expirationDate: "string",
forceDelete: false,
encryptedNonce: "string",
ivValue: "string",
dualAuthDeletes: [{
enabled: false,
}],
keyRingId: "string",
kmsKeyWithPolicyOverridesId: "string",
payload: "string",
rotations: [{
enabled: false,
intervalMonth: 0,
}],
standardKey: false,
timeouts: {
create: "string",
update: "string",
},
});
type: ibm:KmsKeyWithPolicyOverrides
properties:
description: string
dualAuthDeletes:
- enabled: false
encryptedNonce: string
endpointType: string
expirationDate: string
forceDelete: false
instanceId: string
ivValue: string
keyName: string
keyRingId: string
kmsKeyWithPolicyOverridesId: string
payload: string
rotations:
- enabled: false
intervalMonth: 0
standardKey: false
timeouts:
create: string
update: string
KmsKeyWithPolicyOverrides Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The KmsKeyWithPolicyOverrides resource accepts the following input properties:
- Instance
Id string - The HPCS or key-protect instance ID.
- Key
Name string - The name of the key.
- Description string
- description of the key
- Dual
Auth List<KmsDeletes Key With Policy Overrides Dual Auth Delete> - Data associated with the dual authorization delete policy.
Nested scheme for
dual_auth_delete: - Encrypted
Nonce string - The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the
ibmcloud kp import-token getcommand. Then, encrypt the value by runningibmcloud kp import-token encrypt-nonce. Only for imported root key. - Endpoint
Type string - The type of the public or private endpoint to be used for creating keys.
- Expiration
Date string - Expiry date of the key material. The date format follows with RFC 3339. You can set an expiration date on any key on its creation. A key moves into the deactivated state within one hour past its expiration date, if one is assigned. If you create a key without specifying an expiration date, the key does not expire. For example,
2018-12-01T23:20:50Z. - Force
Delete bool - set to true to force delete the key
- Iv
Value string - Used with import tokens. The initialization vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running
ibmcloud kp import-token encrypt-nonce. Only for imported root key. - Key
Ring stringId - The ID of the key ring where you want to add your Key Protect key. The default value is
default. - Kms
Key stringWith Policy Overrides Id - (String) The CRN of the key.
- Payload string
- The base64 encoded key that you want to store and manage in the service. To import an existing key, provide a 256-bit key. To generate a new key, omit this parameter.
- Rotations
List<Kms
Key With Policy Overrides Rotation> - Specifies the key rotation time interval in months, with a minimum of 1, and a maximum of 12.
Nested scheme for
rotation: - Standard
Key bool - Set flag true for standard key, and false for root key. Default value is false.Yes.
- Timeouts
Kms
Key With Policy Overrides Timeouts
- Instance
Id string - The HPCS or key-protect instance ID.
- Key
Name string - The name of the key.
- Description string
- description of the key
- Dual
Auth []KmsDeletes Key With Policy Overrides Dual Auth Delete Args - Data associated with the dual authorization delete policy.
Nested scheme for
dual_auth_delete: - Encrypted
Nonce string - The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the
ibmcloud kp import-token getcommand. Then, encrypt the value by runningibmcloud kp import-token encrypt-nonce. Only for imported root key. - Endpoint
Type string - The type of the public or private endpoint to be used for creating keys.
- Expiration
Date string - Expiry date of the key material. The date format follows with RFC 3339. You can set an expiration date on any key on its creation. A key moves into the deactivated state within one hour past its expiration date, if one is assigned. If you create a key without specifying an expiration date, the key does not expire. For example,
2018-12-01T23:20:50Z. - Force
Delete bool - set to true to force delete the key
- Iv
Value string - Used with import tokens. The initialization vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running
ibmcloud kp import-token encrypt-nonce. Only for imported root key. - Key
Ring stringId - The ID of the key ring where you want to add your Key Protect key. The default value is
default. - Kms
Key stringWith Policy Overrides Id - (String) The CRN of the key.
- Payload string
- The base64 encoded key that you want to store and manage in the service. To import an existing key, provide a 256-bit key. To generate a new key, omit this parameter.
- Rotations
[]Kms
Key With Policy Overrides Rotation Args - Specifies the key rotation time interval in months, with a minimum of 1, and a maximum of 12.
Nested scheme for
rotation: - Standard
Key bool - Set flag true for standard key, and false for root key. Default value is false.Yes.
- Timeouts
Kms
Key With Policy Overrides Timeouts Args
- instance
Id String - The HPCS or key-protect instance ID.
- key
Name String - The name of the key.
- description String
- description of the key
- dual
Auth List<KmsDeletes Key With Policy Overrides Dual Auth Delete> - Data associated with the dual authorization delete policy.
Nested scheme for
dual_auth_delete: - encrypted
Nonce String - The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the
ibmcloud kp import-token getcommand. Then, encrypt the value by runningibmcloud kp import-token encrypt-nonce. Only for imported root key. - endpoint
Type String - The type of the public or private endpoint to be used for creating keys.
- expiration
Date String - Expiry date of the key material. The date format follows with RFC 3339. You can set an expiration date on any key on its creation. A key moves into the deactivated state within one hour past its expiration date, if one is assigned. If you create a key without specifying an expiration date, the key does not expire. For example,
2018-12-01T23:20:50Z. - force
Delete Boolean - set to true to force delete the key
- iv
Value String - Used with import tokens. The initialization vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running
ibmcloud kp import-token encrypt-nonce. Only for imported root key. - key
Ring StringId - The ID of the key ring where you want to add your Key Protect key. The default value is
default. - kms
Key StringWith Policy Overrides Id - (String) The CRN of the key.
- payload String
- The base64 encoded key that you want to store and manage in the service. To import an existing key, provide a 256-bit key. To generate a new key, omit this parameter.
- rotations
List<Kms
Key With Policy Overrides Rotation> - Specifies the key rotation time interval in months, with a minimum of 1, and a maximum of 12.
Nested scheme for
rotation: - standard
Key Boolean - Set flag true for standard key, and false for root key. Default value is false.Yes.
- timeouts
Kms
Key With Policy Overrides Timeouts
- instance
Id string - The HPCS or key-protect instance ID.
- key
Name string - The name of the key.
- description string
- description of the key
- dual
Auth KmsDeletes Key With Policy Overrides Dual Auth Delete[] - Data associated with the dual authorization delete policy.
Nested scheme for
dual_auth_delete: - encrypted
Nonce string - The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the
ibmcloud kp import-token getcommand. Then, encrypt the value by runningibmcloud kp import-token encrypt-nonce. Only for imported root key. - endpoint
Type string - The type of the public or private endpoint to be used for creating keys.
- expiration
Date string - Expiry date of the key material. The date format follows with RFC 3339. You can set an expiration date on any key on its creation. A key moves into the deactivated state within one hour past its expiration date, if one is assigned. If you create a key without specifying an expiration date, the key does not expire. For example,
2018-12-01T23:20:50Z. - force
Delete boolean - set to true to force delete the key
- iv
Value string - Used with import tokens. The initialization vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running
ibmcloud kp import-token encrypt-nonce. Only for imported root key. - key
Ring stringId - The ID of the key ring where you want to add your Key Protect key. The default value is
default. - kms
Key stringWith Policy Overrides Id - (String) The CRN of the key.
- payload string
- The base64 encoded key that you want to store and manage in the service. To import an existing key, provide a 256-bit key. To generate a new key, omit this parameter.
- rotations
Kms
Key With Policy Overrides Rotation[] - Specifies the key rotation time interval in months, with a minimum of 1, and a maximum of 12.
Nested scheme for
rotation: - standard
Key boolean - Set flag true for standard key, and false for root key. Default value is false.Yes.
- timeouts
Kms
Key With Policy Overrides Timeouts
- instance_
id str - The HPCS or key-protect instance ID.
- key_
name str - The name of the key.
- description str
- description of the key
- dual_
auth_ Sequence[Kmsdeletes Key With Policy Overrides Dual Auth Delete Args] - Data associated with the dual authorization delete policy.
Nested scheme for
dual_auth_delete: - encrypted_
nonce str - The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the
ibmcloud kp import-token getcommand. Then, encrypt the value by runningibmcloud kp import-token encrypt-nonce. Only for imported root key. - endpoint_
type str - The type of the public or private endpoint to be used for creating keys.
- expiration_
date str - Expiry date of the key material. The date format follows with RFC 3339. You can set an expiration date on any key on its creation. A key moves into the deactivated state within one hour past its expiration date, if one is assigned. If you create a key without specifying an expiration date, the key does not expire. For example,
2018-12-01T23:20:50Z. - force_
delete bool - set to true to force delete the key
- iv_
value str - Used with import tokens. The initialization vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running
ibmcloud kp import-token encrypt-nonce. Only for imported root key. - key_
ring_ strid - The ID of the key ring where you want to add your Key Protect key. The default value is
default. - kms_
key_ strwith_ policy_ overrides_ id - (String) The CRN of the key.
- payload str
- The base64 encoded key that you want to store and manage in the service. To import an existing key, provide a 256-bit key. To generate a new key, omit this parameter.
- rotations
Sequence[Kms
Key With Policy Overrides Rotation Args] - Specifies the key rotation time interval in months, with a minimum of 1, and a maximum of 12.
Nested scheme for
rotation: - standard_
key bool - Set flag true for standard key, and false for root key. Default value is false.Yes.
- timeouts
Kms
Key With Policy Overrides Timeouts Args
- instance
Id String - The HPCS or key-protect instance ID.
- key
Name String - The name of the key.
- description String
- description of the key
- dual
Auth List<Property Map>Deletes - Data associated with the dual authorization delete policy.
Nested scheme for
dual_auth_delete: - encrypted
Nonce String - The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the
ibmcloud kp import-token getcommand. Then, encrypt the value by runningibmcloud kp import-token encrypt-nonce. Only for imported root key. - endpoint
Type String - The type of the public or private endpoint to be used for creating keys.
- expiration
Date String - Expiry date of the key material. The date format follows with RFC 3339. You can set an expiration date on any key on its creation. A key moves into the deactivated state within one hour past its expiration date, if one is assigned. If you create a key without specifying an expiration date, the key does not expire. For example,
2018-12-01T23:20:50Z. - force
Delete Boolean - set to true to force delete the key
- iv
Value String - Used with import tokens. The initialization vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running
ibmcloud kp import-token encrypt-nonce. Only for imported root key. - key
Ring StringId - The ID of the key ring where you want to add your Key Protect key. The default value is
default. - kms
Key StringWith Policy Overrides Id - (String) The CRN of the key.
- payload String
- The base64 encoded key that you want to store and manage in the service. To import an existing key, provide a 256-bit key. To generate a new key, omit this parameter.
- rotations List<Property Map>
- Specifies the key rotation time interval in months, with a minimum of 1, and a maximum of 12.
Nested scheme for
rotation: - standard
Key Boolean - Set flag true for standard key, and false for root key. Default value is false.Yes.
- timeouts Property Map
Outputs
All input properties are implicitly available as output properties. Additionally, the KmsKeyWithPolicyOverrides resource produces the following output properties:
- Crn string
- (String) The CRN of the key.
- Id string
- The provider-assigned unique ID for this managed resource.
- Instance
Crn string - Key protect or HPCS instance CRN
- Key
Id string - (String) The ID of the key.
- Registrations
List<Kms
Key With Policy Overrides Registration> - Registrations of the key across different services
- Resource
Controller stringUrl - The URL of the IBM Cloud dashboard that can be used to explore and view details about the resource
- Resource
Crn string - The crn of the resource
- Resource
Group stringName - The resource group name in which resource is provisioned
- Resource
Name string - The name of the resource
- Resource
Status string - The status of the resource
- Type string
- (String) The type of the key KMS or HPCS.
- Crn string
- (String) The CRN of the key.
- Id string
- The provider-assigned unique ID for this managed resource.
- Instance
Crn string - Key protect or HPCS instance CRN
- Key
Id string - (String) The ID of the key.
- Registrations
[]Kms
Key With Policy Overrides Registration - Registrations of the key across different services
- Resource
Controller stringUrl - The URL of the IBM Cloud dashboard that can be used to explore and view details about the resource
- Resource
Crn string - The crn of the resource
- Resource
Group stringName - The resource group name in which resource is provisioned
- Resource
Name string - The name of the resource
- Resource
Status string - The status of the resource
- Type string
- (String) The type of the key KMS or HPCS.
- crn String
- (String) The CRN of the key.
- id String
- The provider-assigned unique ID for this managed resource.
- instance
Crn String - Key protect or HPCS instance CRN
- key
Id String - (String) The ID of the key.
- registrations
List<Kms
Key With Policy Overrides Registration> - Registrations of the key across different services
- resource
Controller StringUrl - The URL of the IBM Cloud dashboard that can be used to explore and view details about the resource
- resource
Crn String - The crn of the resource
- resource
Group StringName - The resource group name in which resource is provisioned
- resource
Name String - The name of the resource
- resource
Status String - The status of the resource
- type String
- (String) The type of the key KMS or HPCS.
- crn string
- (String) The CRN of the key.
- id string
- The provider-assigned unique ID for this managed resource.
- instance
Crn string - Key protect or HPCS instance CRN
- key
Id string - (String) The ID of the key.
- registrations
Kms
Key With Policy Overrides Registration[] - Registrations of the key across different services
- resource
Controller stringUrl - The URL of the IBM Cloud dashboard that can be used to explore and view details about the resource
- resource
Crn string - The crn of the resource
- resource
Group stringName - The resource group name in which resource is provisioned
- resource
Name string - The name of the resource
- resource
Status string - The status of the resource
- type string
- (String) The type of the key KMS or HPCS.
- crn str
- (String) The CRN of the key.
- id str
- The provider-assigned unique ID for this managed resource.
- instance_
crn str - Key protect or HPCS instance CRN
- key_
id str - (String) The ID of the key.
- registrations
Sequence[Kms
Key With Policy Overrides Registration] - Registrations of the key across different services
- resource_
controller_ strurl - The URL of the IBM Cloud dashboard that can be used to explore and view details about the resource
- resource_
crn str - The crn of the resource
- resource_
group_ strname - The resource group name in which resource is provisioned
- resource_
name str - The name of the resource
- resource_
status str - The status of the resource
- type str
- (String) The type of the key KMS or HPCS.
- crn String
- (String) The CRN of the key.
- id String
- The provider-assigned unique ID for this managed resource.
- instance
Crn String - Key protect or HPCS instance CRN
- key
Id String - (String) The ID of the key.
- registrations List<Property Map>
- Registrations of the key across different services
- resource
Controller StringUrl - The URL of the IBM Cloud dashboard that can be used to explore and view details about the resource
- resource
Crn String - The crn of the resource
- resource
Group StringName - The resource group name in which resource is provisioned
- resource
Name String - The name of the resource
- resource
Status String - The status of the resource
- type String
- (String) The type of the key KMS or HPCS.
Look up Existing KmsKeyWithPolicyOverrides Resource
Get an existing KmsKeyWithPolicyOverrides resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: KmsKeyWithPolicyOverridesState, opts?: CustomResourceOptions): KmsKeyWithPolicyOverrides@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
crn: Optional[str] = None,
description: Optional[str] = None,
dual_auth_deletes: Optional[Sequence[KmsKeyWithPolicyOverridesDualAuthDeleteArgs]] = None,
encrypted_nonce: Optional[str] = None,
endpoint_type: Optional[str] = None,
expiration_date: Optional[str] = None,
force_delete: Optional[bool] = None,
instance_crn: Optional[str] = None,
instance_id: Optional[str] = None,
iv_value: Optional[str] = None,
key_id: Optional[str] = None,
key_name: Optional[str] = None,
key_ring_id: Optional[str] = None,
kms_key_with_policy_overrides_id: Optional[str] = None,
payload: Optional[str] = None,
registrations: Optional[Sequence[KmsKeyWithPolicyOverridesRegistrationArgs]] = None,
resource_controller_url: Optional[str] = None,
resource_crn: Optional[str] = None,
resource_group_name: Optional[str] = None,
resource_name: Optional[str] = None,
resource_status: Optional[str] = None,
rotations: Optional[Sequence[KmsKeyWithPolicyOverridesRotationArgs]] = None,
standard_key: Optional[bool] = None,
timeouts: Optional[KmsKeyWithPolicyOverridesTimeoutsArgs] = None,
type: Optional[str] = None) -> KmsKeyWithPolicyOverridesfunc GetKmsKeyWithPolicyOverrides(ctx *Context, name string, id IDInput, state *KmsKeyWithPolicyOverridesState, opts ...ResourceOption) (*KmsKeyWithPolicyOverrides, error)public static KmsKeyWithPolicyOverrides Get(string name, Input<string> id, KmsKeyWithPolicyOverridesState? state, CustomResourceOptions? opts = null)public static KmsKeyWithPolicyOverrides get(String name, Output<String> id, KmsKeyWithPolicyOverridesState state, CustomResourceOptions options)resources: _: type: ibm:KmsKeyWithPolicyOverrides get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Crn string
- (String) The CRN of the key.
- Description string
- description of the key
- Dual
Auth List<KmsDeletes Key With Policy Overrides Dual Auth Delete> - Data associated with the dual authorization delete policy.
Nested scheme for
dual_auth_delete: - Encrypted
Nonce string - The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the
ibmcloud kp import-token getcommand. Then, encrypt the value by runningibmcloud kp import-token encrypt-nonce. Only for imported root key. - Endpoint
Type string - The type of the public or private endpoint to be used for creating keys.
- Expiration
Date string - Expiry date of the key material. The date format follows with RFC 3339. You can set an expiration date on any key on its creation. A key moves into the deactivated state within one hour past its expiration date, if one is assigned. If you create a key without specifying an expiration date, the key does not expire. For example,
2018-12-01T23:20:50Z. - Force
Delete bool - set to true to force delete the key
- Instance
Crn string - Key protect or HPCS instance CRN
- Instance
Id string - The HPCS or key-protect instance ID.
- Iv
Value string - Used with import tokens. The initialization vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running
ibmcloud kp import-token encrypt-nonce. Only for imported root key. - Key
Id string - (String) The ID of the key.
- Key
Name string - The name of the key.
- Key
Ring stringId - The ID of the key ring where you want to add your Key Protect key. The default value is
default. - Kms
Key stringWith Policy Overrides Id - (String) The CRN of the key.
- Payload string
- The base64 encoded key that you want to store and manage in the service. To import an existing key, provide a 256-bit key. To generate a new key, omit this parameter.
- Registrations
List<Kms
Key With Policy Overrides Registration> - Registrations of the key across different services
- Resource
Controller stringUrl - The URL of the IBM Cloud dashboard that can be used to explore and view details about the resource
- Resource
Crn string - The crn of the resource
- Resource
Group stringName - The resource group name in which resource is provisioned
- Resource
Name string - The name of the resource
- Resource
Status string - The status of the resource
- Rotations
List<Kms
Key With Policy Overrides Rotation> - Specifies the key rotation time interval in months, with a minimum of 1, and a maximum of 12.
Nested scheme for
rotation: - Standard
Key bool - Set flag true for standard key, and false for root key. Default value is false.Yes.
- Timeouts
Kms
Key With Policy Overrides Timeouts - Type string
- (String) The type of the key KMS or HPCS.
- Crn string
- (String) The CRN of the key.
- Description string
- description of the key
- Dual
Auth []KmsDeletes Key With Policy Overrides Dual Auth Delete Args - Data associated with the dual authorization delete policy.
Nested scheme for
dual_auth_delete: - Encrypted
Nonce string - The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the
ibmcloud kp import-token getcommand. Then, encrypt the value by runningibmcloud kp import-token encrypt-nonce. Only for imported root key. - Endpoint
Type string - The type of the public or private endpoint to be used for creating keys.
- Expiration
Date string - Expiry date of the key material. The date format follows with RFC 3339. You can set an expiration date on any key on its creation. A key moves into the deactivated state within one hour past its expiration date, if one is assigned. If you create a key without specifying an expiration date, the key does not expire. For example,
2018-12-01T23:20:50Z. - Force
Delete bool - set to true to force delete the key
- Instance
Crn string - Key protect or HPCS instance CRN
- Instance
Id string - The HPCS or key-protect instance ID.
- Iv
Value string - Used with import tokens. The initialization vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running
ibmcloud kp import-token encrypt-nonce. Only for imported root key. - Key
Id string - (String) The ID of the key.
- Key
Name string - The name of the key.
- Key
Ring stringId - The ID of the key ring where you want to add your Key Protect key. The default value is
default. - Kms
Key stringWith Policy Overrides Id - (String) The CRN of the key.
- Payload string
- The base64 encoded key that you want to store and manage in the service. To import an existing key, provide a 256-bit key. To generate a new key, omit this parameter.
- Registrations
[]Kms
Key With Policy Overrides Registration Args - Registrations of the key across different services
- Resource
Controller stringUrl - The URL of the IBM Cloud dashboard that can be used to explore and view details about the resource
- Resource
Crn string - The crn of the resource
- Resource
Group stringName - The resource group name in which resource is provisioned
- Resource
Name string - The name of the resource
- Resource
Status string - The status of the resource
- Rotations
[]Kms
Key With Policy Overrides Rotation Args - Specifies the key rotation time interval in months, with a minimum of 1, and a maximum of 12.
Nested scheme for
rotation: - Standard
Key bool - Set flag true for standard key, and false for root key. Default value is false.Yes.
- Timeouts
Kms
Key With Policy Overrides Timeouts Args - Type string
- (String) The type of the key KMS or HPCS.
- crn String
- (String) The CRN of the key.
- description String
- description of the key
- dual
Auth List<KmsDeletes Key With Policy Overrides Dual Auth Delete> - Data associated with the dual authorization delete policy.
Nested scheme for
dual_auth_delete: - encrypted
Nonce String - The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the
ibmcloud kp import-token getcommand. Then, encrypt the value by runningibmcloud kp import-token encrypt-nonce. Only for imported root key. - endpoint
Type String - The type of the public or private endpoint to be used for creating keys.
- expiration
Date String - Expiry date of the key material. The date format follows with RFC 3339. You can set an expiration date on any key on its creation. A key moves into the deactivated state within one hour past its expiration date, if one is assigned. If you create a key without specifying an expiration date, the key does not expire. For example,
2018-12-01T23:20:50Z. - force
Delete Boolean - set to true to force delete the key
- instance
Crn String - Key protect or HPCS instance CRN
- instance
Id String - The HPCS or key-protect instance ID.
- iv
Value String - Used with import tokens. The initialization vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running
ibmcloud kp import-token encrypt-nonce. Only for imported root key. - key
Id String - (String) The ID of the key.
- key
Name String - The name of the key.
- key
Ring StringId - The ID of the key ring where you want to add your Key Protect key. The default value is
default. - kms
Key StringWith Policy Overrides Id - (String) The CRN of the key.
- payload String
- The base64 encoded key that you want to store and manage in the service. To import an existing key, provide a 256-bit key. To generate a new key, omit this parameter.
- registrations
List<Kms
Key With Policy Overrides Registration> - Registrations of the key across different services
- resource
Controller StringUrl - The URL of the IBM Cloud dashboard that can be used to explore and view details about the resource
- resource
Crn String - The crn of the resource
- resource
Group StringName - The resource group name in which resource is provisioned
- resource
Name String - The name of the resource
- resource
Status String - The status of the resource
- rotations
List<Kms
Key With Policy Overrides Rotation> - Specifies the key rotation time interval in months, with a minimum of 1, and a maximum of 12.
Nested scheme for
rotation: - standard
Key Boolean - Set flag true for standard key, and false for root key. Default value is false.Yes.
- timeouts
Kms
Key With Policy Overrides Timeouts - type String
- (String) The type of the key KMS or HPCS.
- crn string
- (String) The CRN of the key.
- description string
- description of the key
- dual
Auth KmsDeletes Key With Policy Overrides Dual Auth Delete[] - Data associated with the dual authorization delete policy.
Nested scheme for
dual_auth_delete: - encrypted
Nonce string - The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the
ibmcloud kp import-token getcommand. Then, encrypt the value by runningibmcloud kp import-token encrypt-nonce. Only for imported root key. - endpoint
Type string - The type of the public or private endpoint to be used for creating keys.
- expiration
Date string - Expiry date of the key material. The date format follows with RFC 3339. You can set an expiration date on any key on its creation. A key moves into the deactivated state within one hour past its expiration date, if one is assigned. If you create a key without specifying an expiration date, the key does not expire. For example,
2018-12-01T23:20:50Z. - force
Delete boolean - set to true to force delete the key
- instance
Crn string - Key protect or HPCS instance CRN
- instance
Id string - The HPCS or key-protect instance ID.
- iv
Value string - Used with import tokens. The initialization vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running
ibmcloud kp import-token encrypt-nonce. Only for imported root key. - key
Id string - (String) The ID of the key.
- key
Name string - The name of the key.
- key
Ring stringId - The ID of the key ring where you want to add your Key Protect key. The default value is
default. - kms
Key stringWith Policy Overrides Id - (String) The CRN of the key.
- payload string
- The base64 encoded key that you want to store and manage in the service. To import an existing key, provide a 256-bit key. To generate a new key, omit this parameter.
- registrations
Kms
Key With Policy Overrides Registration[] - Registrations of the key across different services
- resource
Controller stringUrl - The URL of the IBM Cloud dashboard that can be used to explore and view details about the resource
- resource
Crn string - The crn of the resource
- resource
Group stringName - The resource group name in which resource is provisioned
- resource
Name string - The name of the resource
- resource
Status string - The status of the resource
- rotations
Kms
Key With Policy Overrides Rotation[] - Specifies the key rotation time interval in months, with a minimum of 1, and a maximum of 12.
Nested scheme for
rotation: - standard
Key boolean - Set flag true for standard key, and false for root key. Default value is false.Yes.
- timeouts
Kms
Key With Policy Overrides Timeouts - type string
- (String) The type of the key KMS or HPCS.
- crn str
- (String) The CRN of the key.
- description str
- description of the key
- dual_
auth_ Sequence[Kmsdeletes Key With Policy Overrides Dual Auth Delete Args] - Data associated with the dual authorization delete policy.
Nested scheme for
dual_auth_delete: - encrypted_
nonce str - The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the
ibmcloud kp import-token getcommand. Then, encrypt the value by runningibmcloud kp import-token encrypt-nonce. Only for imported root key. - endpoint_
type str - The type of the public or private endpoint to be used for creating keys.
- expiration_
date str - Expiry date of the key material. The date format follows with RFC 3339. You can set an expiration date on any key on its creation. A key moves into the deactivated state within one hour past its expiration date, if one is assigned. If you create a key without specifying an expiration date, the key does not expire. For example,
2018-12-01T23:20:50Z. - force_
delete bool - set to true to force delete the key
- instance_
crn str - Key protect or HPCS instance CRN
- instance_
id str - The HPCS or key-protect instance ID.
- iv_
value str - Used with import tokens. The initialization vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running
ibmcloud kp import-token encrypt-nonce. Only for imported root key. - key_
id str - (String) The ID of the key.
- key_
name str - The name of the key.
- key_
ring_ strid - The ID of the key ring where you want to add your Key Protect key. The default value is
default. - kms_
key_ strwith_ policy_ overrides_ id - (String) The CRN of the key.
- payload str
- The base64 encoded key that you want to store and manage in the service. To import an existing key, provide a 256-bit key. To generate a new key, omit this parameter.
- registrations
Sequence[Kms
Key With Policy Overrides Registration Args] - Registrations of the key across different services
- resource_
controller_ strurl - The URL of the IBM Cloud dashboard that can be used to explore and view details about the resource
- resource_
crn str - The crn of the resource
- resource_
group_ strname - The resource group name in which resource is provisioned
- resource_
name str - The name of the resource
- resource_
status str - The status of the resource
- rotations
Sequence[Kms
Key With Policy Overrides Rotation Args] - Specifies the key rotation time interval in months, with a minimum of 1, and a maximum of 12.
Nested scheme for
rotation: - standard_
key bool - Set flag true for standard key, and false for root key. Default value is false.Yes.
- timeouts
Kms
Key With Policy Overrides Timeouts Args - type str
- (String) The type of the key KMS or HPCS.
- crn String
- (String) The CRN of the key.
- description String
- description of the key
- dual
Auth List<Property Map>Deletes - Data associated with the dual authorization delete policy.
Nested scheme for
dual_auth_delete: - encrypted
Nonce String - The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the
ibmcloud kp import-token getcommand. Then, encrypt the value by runningibmcloud kp import-token encrypt-nonce. Only for imported root key. - endpoint
Type String - The type of the public or private endpoint to be used for creating keys.
- expiration
Date String - Expiry date of the key material. The date format follows with RFC 3339. You can set an expiration date on any key on its creation. A key moves into the deactivated state within one hour past its expiration date, if one is assigned. If you create a key without specifying an expiration date, the key does not expire. For example,
2018-12-01T23:20:50Z. - force
Delete Boolean - set to true to force delete the key
- instance
Crn String - Key protect or HPCS instance CRN
- instance
Id String - The HPCS or key-protect instance ID.
- iv
Value String - Used with import tokens. The initialization vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running
ibmcloud kp import-token encrypt-nonce. Only for imported root key. - key
Id String - (String) The ID of the key.
- key
Name String - The name of the key.
- key
Ring StringId - The ID of the key ring where you want to add your Key Protect key. The default value is
default. - kms
Key StringWith Policy Overrides Id - (String) The CRN of the key.
- payload String
- The base64 encoded key that you want to store and manage in the service. To import an existing key, provide a 256-bit key. To generate a new key, omit this parameter.
- registrations List<Property Map>
- Registrations of the key across different services
- resource
Controller StringUrl - The URL of the IBM Cloud dashboard that can be used to explore and view details about the resource
- resource
Crn String - The crn of the resource
- resource
Group StringName - The resource group name in which resource is provisioned
- resource
Name String - The name of the resource
- resource
Status String - The status of the resource
- rotations List<Property Map>
- Specifies the key rotation time interval in months, with a minimum of 1, and a maximum of 12.
Nested scheme for
rotation: - standard
Key Boolean - Set flag true for standard key, and false for root key. Default value is false.Yes.
- timeouts Property Map
- type String
- (String) The type of the key KMS or HPCS.
Supporting Types
KmsKeyWithPolicyOverridesDualAuthDelete, KmsKeyWithPolicyOverridesDualAuthDeleteArgs
- Enabled bool
- If set to true, Key Protect enables a dual authorization policy on a single key.
- Enabled bool
- If set to true, Key Protect enables a dual authorization policy on a single key.
- enabled Boolean
- If set to true, Key Protect enables a dual authorization policy on a single key.
- enabled boolean
- If set to true, Key Protect enables a dual authorization policy on a single key.
- enabled bool
- If set to true, Key Protect enables a dual authorization policy on a single key.
- enabled Boolean
- If set to true, Key Protect enables a dual authorization policy on a single key.
KmsKeyWithPolicyOverridesRegistration, KmsKeyWithPolicyOverridesRegistrationArgs
- Key
Id string - (String) The ID of the key.
- Prevent
Key boolDeletion - Resource
Crn string
- Key
Id string - (String) The ID of the key.
- Prevent
Key boolDeletion - Resource
Crn string
- key
Id String - (String) The ID of the key.
- prevent
Key BooleanDeletion - resource
Crn String
- key
Id string - (String) The ID of the key.
- prevent
Key booleanDeletion - resource
Crn string
- key_
id str - (String) The ID of the key.
- prevent_
key_ booldeletion - resource_
crn str
- key
Id String - (String) The ID of the key.
- prevent
Key BooleanDeletion - resource
Crn String
KmsKeyWithPolicyOverridesRotation, KmsKeyWithPolicyOverridesRotationArgs
- Enabled bool
- If set to true, Key Protect enables a rotation policy on a single key.
- Interval
Month double - Specifies the key rotation time interval in months, with a minimum of 1, and a maximum of 12
- Enabled bool
- If set to true, Key Protect enables a rotation policy on a single key.
- Interval
Month float64 - Specifies the key rotation time interval in months, with a minimum of 1, and a maximum of 12
- enabled Boolean
- If set to true, Key Protect enables a rotation policy on a single key.
- interval
Month Double - Specifies the key rotation time interval in months, with a minimum of 1, and a maximum of 12
- enabled boolean
- If set to true, Key Protect enables a rotation policy on a single key.
- interval
Month number - Specifies the key rotation time interval in months, with a minimum of 1, and a maximum of 12
- enabled bool
- If set to true, Key Protect enables a rotation policy on a single key.
- interval_
month float - Specifies the key rotation time interval in months, with a minimum of 1, and a maximum of 12
- enabled Boolean
- If set to true, Key Protect enables a rotation policy on a single key.
- interval
Month Number - Specifies the key rotation time interval in months, with a minimum of 1, and a maximum of 12
KmsKeyWithPolicyOverridesTimeouts, KmsKeyWithPolicyOverridesTimeoutsArgs
Import
The ibm_kms_key_with_policy_overrides can be imported by using the id and crn.
Example
$ pulumi import ibm:index/kmsKeyWithPolicyOverrides:KmsKeyWithPolicyOverrides crn crn:v1:bluemix:public:kms:us-south:a/faf6addbf6bf4768hhhhe342a5bdd702:05f5bf91-ec66-462f-80eb-8yyui138a315:key:52448f62-9272-4d29-a515-15019e3e5asd
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- ibm ibm-cloud/terraform-provider-ibm
- License
- Notes
- This Pulumi package is based on the
ibmTerraform Provider.