Oracle Cloud Infrastructure

v0.5.0 published on Monday, Sep 12, 2022 by Pulumi

getKeys

This data source provides the list of Keys in Oracle Cloud Infrastructure Kms service.

Lists the master encryption keys in the specified vault and compartment.

As a management operation, this call is subject to a Key Management limit that applies to the total number of requests across all management read operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of management read operations exceeds 10 requests per second for a given tenancy.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Oci = Pulumi.Oci;

return await Deployment.RunAsync(() => 
{
    var testKeys = Oci.Kms.GetKeys.Invoke(new()
    {
        CompartmentId = @var.Compartment_id,
        ManagementEndpoint = @var.Key_management_endpoint,
        Algorithm = @var.Key_algorithm,
        Length = @var.Key_length,
        CurveId = oci_kms_curve.Test_curve.Id,
        ProtectionMode = @var.Key_protection_mode,
    });

});
package main

import (
	"github.com/pulumi/pulumi-oci/sdk/go/oci/Kms"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := Kms.GetKeys(ctx, &kms.GetKeysArgs{
			CompartmentId:      _var.Compartment_id,
			ManagementEndpoint: _var.Key_management_endpoint,
			Algorithm:          pulumi.StringRef(_var.Key_algorithm),
			Length:             pulumi.IntRef(_var.Key_length),
			CurveId:            pulumi.StringRef(oci_kms_curve.Test_curve.Id),
			ProtectionMode:     pulumi.StringRef(_var.Key_protection_mode),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.Kms.KmsFunctions;
import com.pulumi.oci.Kms.inputs.GetKeysArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var testKeys = KmsFunctions.getKeys(GetKeysArgs.builder()
            .compartmentId(var_.compartment_id())
            .managementEndpoint(var_.key_management_endpoint())
            .algorithm(var_.key_algorithm())
            .length(var_.key_length())
            .curveId(oci_kms_curve.test_curve().id())
            .protectionMode(var_.key_protection_mode())
            .build());

    }
}
import pulumi
import pulumi_oci as oci

test_keys = oci.Kms.get_keys(compartment_id=var["compartment_id"],
    management_endpoint=var["key_management_endpoint"],
    algorithm=var["key_algorithm"],
    length=var["key_length"],
    curve_id=oci_kms_curve["test_curve"]["id"],
    protection_mode=var["key_protection_mode"])
import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";

const testKeys = oci.Kms.getKeys({
    compartmentId: _var.compartment_id,
    managementEndpoint: _var.key_management_endpoint,
    algorithm: _var.key_algorithm,
    length: _var.key_length,
    curveId: oci_kms_curve.test_curve.id,
    protectionMode: _var.key_protection_mode,
});
variables:
  testKeys:
    Fn::Invoke:
      Function: oci:Kms:getKeys
      Arguments:
        compartmentId: ${var.compartment_id}
        managementEndpoint: ${var.key_management_endpoint}
        algorithm: ${var.key_algorithm}
        length: ${var.key_length}
        curveId: ${oci_kms_curve.test_curve.id}
        protectionMode: ${var.key_protection_mode}

Using getKeys

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getKeys(args: GetKeysArgs, opts?: InvokeOptions): Promise<GetKeysResult>
function getKeysOutput(args: GetKeysOutputArgs, opts?: InvokeOptions): Output<GetKeysResult>
def get_keys(algorithm: Optional[str] = None,
             compartment_id: Optional[str] = None,
             curve_id: Optional[str] = None,
             filters: Optional[Sequence[_kms.GetKeysFilter]] = None,
             length: Optional[int] = None,
             management_endpoint: Optional[str] = None,
             protection_mode: Optional[str] = None,
             opts: Optional[InvokeOptions] = None) -> GetKeysResult
def get_keys_output(algorithm: Optional[pulumi.Input[str]] = None,
             compartment_id: Optional[pulumi.Input[str]] = None,
             curve_id: Optional[pulumi.Input[str]] = None,
             filters: Optional[pulumi.Input[Sequence[pulumi.Input[_kms.GetKeysFilterArgs]]]] = None,
             length: Optional[pulumi.Input[int]] = None,
             management_endpoint: Optional[pulumi.Input[str]] = None,
             protection_mode: Optional[pulumi.Input[str]] = None,
             opts: Optional[InvokeOptions] = None) -> Output[GetKeysResult]
func GetKeys(ctx *Context, args *GetKeysArgs, opts ...InvokeOption) (*GetKeysResult, error)
func GetKeysOutput(ctx *Context, args *GetKeysOutputArgs, opts ...InvokeOption) GetKeysResultOutput

> Note: This function is named GetKeys in the Go SDK.

public static class GetKeys 
{
    public static Task<GetKeysResult> InvokeAsync(GetKeysArgs args, InvokeOptions? opts = null)
    public static Output<GetKeysResult> Invoke(GetKeysInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetKeysResult> getKeys(GetKeysArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
  function: oci:Kms/getKeys:getKeys
  arguments:
    # arguments dictionary

The following arguments are supported:

CompartmentId string

The OCID of the compartment.

ManagementEndpoint string

The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.

Algorithm string

The algorithm used by a key's key versions to encrypt or decrypt data. Currently, support includes AES, RSA, and ECDSA algorithms.

CurveId string

The curve ID of the keys. (This pertains only to ECDSA keys.)

Filters List<GetKeysFilter>
Length int

The length of the key in bytes, expressed as an integer. Supported values include 16, 24, or 32.

ProtectionMode string

A key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server.

CompartmentId string

The OCID of the compartment.

ManagementEndpoint string

The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.

Algorithm string

The algorithm used by a key's key versions to encrypt or decrypt data. Currently, support includes AES, RSA, and ECDSA algorithms.

CurveId string

The curve ID of the keys. (This pertains only to ECDSA keys.)

Filters []GetKeysFilter
Length int

The length of the key in bytes, expressed as an integer. Supported values include 16, 24, or 32.

ProtectionMode string

A key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server.

compartmentId String

The OCID of the compartment.

managementEndpoint String

The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.

algorithm String

The algorithm used by a key's key versions to encrypt or decrypt data. Currently, support includes AES, RSA, and ECDSA algorithms.

curveId String

The curve ID of the keys. (This pertains only to ECDSA keys.)

filters List<GetKeysFilter>
length Integer

The length of the key in bytes, expressed as an integer. Supported values include 16, 24, or 32.

protectionMode String

A key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server.

compartmentId string

The OCID of the compartment.

managementEndpoint string

The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.

algorithm string

The algorithm used by a key's key versions to encrypt or decrypt data. Currently, support includes AES, RSA, and ECDSA algorithms.

curveId string

The curve ID of the keys. (This pertains only to ECDSA keys.)

filters GetKeysFilter[]
length number

The length of the key in bytes, expressed as an integer. Supported values include 16, 24, or 32.

protectionMode string

A key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server.

compartment_id str

The OCID of the compartment.

management_endpoint str

The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.

algorithm str

The algorithm used by a key's key versions to encrypt or decrypt data. Currently, support includes AES, RSA, and ECDSA algorithms.

curve_id str

The curve ID of the keys. (This pertains only to ECDSA keys.)

filters GetKeysFilter]
length int

The length of the key in bytes, expressed as an integer. Supported values include 16, 24, or 32.

protection_mode str

A key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server.

compartmentId String

The OCID of the compartment.

managementEndpoint String

The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.

algorithm String

The algorithm used by a key's key versions to encrypt or decrypt data. Currently, support includes AES, RSA, and ECDSA algorithms.

curveId String

The curve ID of the keys. (This pertains only to ECDSA keys.)

filters List<Property Map>
length Number

The length of the key in bytes, expressed as an integer. Supported values include 16, 24, or 32.

protectionMode String

A key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server.

getKeys Result

The following output properties are available:

CompartmentId string

The OCID of the compartment that contains this master encryption key.

Id string

The provider-assigned unique ID for this managed resource.

Keys List<GetKeysKey>

The list of keys.

ManagementEndpoint string
Algorithm string

The algorithm used by a key's key versions to encrypt or decrypt.

CurveId string

Supported curve IDs for ECDSA keys.

Filters List<GetKeysFilter>
Length int

The length of the key in bytes, expressed as an integer. Supported values include the following:

  • AES: 16, 24, or 32
  • RSA: 256, 384, or 512
  • ECDSA: 32, 48, or 66
ProtectionMode string

The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. By default, a key's protection mode is set to HSM. You can't change a key's protection mode after the key is created or imported.

CompartmentId string

The OCID of the compartment that contains this master encryption key.

Id string

The provider-assigned unique ID for this managed resource.

Keys []GetKeysKey

The list of keys.

ManagementEndpoint string
Algorithm string

The algorithm used by a key's key versions to encrypt or decrypt.

CurveId string

Supported curve IDs for ECDSA keys.

Filters []GetKeysFilter
Length int

The length of the key in bytes, expressed as an integer. Supported values include the following:

  • AES: 16, 24, or 32
  • RSA: 256, 384, or 512
  • ECDSA: 32, 48, or 66
ProtectionMode string

The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. By default, a key's protection mode is set to HSM. You can't change a key's protection mode after the key is created or imported.

compartmentId String

The OCID of the compartment that contains this master encryption key.

id String

The provider-assigned unique ID for this managed resource.

keys List<GetKeysKey>

The list of keys.

managementEndpoint String
algorithm String

The algorithm used by a key's key versions to encrypt or decrypt.

curveId String

Supported curve IDs for ECDSA keys.

filters List<GetKeysFilter>
length Integer

The length of the key in bytes, expressed as an integer. Supported values include the following:

  • AES: 16, 24, or 32
  • RSA: 256, 384, or 512
  • ECDSA: 32, 48, or 66
protectionMode String

The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. By default, a key's protection mode is set to HSM. You can't change a key's protection mode after the key is created or imported.

compartmentId string

The OCID of the compartment that contains this master encryption key.

id string

The provider-assigned unique ID for this managed resource.

keys GetKeysKey[]

The list of keys.

managementEndpoint string
algorithm string

The algorithm used by a key's key versions to encrypt or decrypt.

curveId string

Supported curve IDs for ECDSA keys.

filters GetKeysFilter[]
length number

The length of the key in bytes, expressed as an integer. Supported values include the following:

  • AES: 16, 24, or 32
  • RSA: 256, 384, or 512
  • ECDSA: 32, 48, or 66
protectionMode string

The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. By default, a key's protection mode is set to HSM. You can't change a key's protection mode after the key is created or imported.

compartment_id str

The OCID of the compartment that contains this master encryption key.

id str

The provider-assigned unique ID for this managed resource.

keys GetKeysKey]

The list of keys.

management_endpoint str
algorithm str

The algorithm used by a key's key versions to encrypt or decrypt.

curve_id str

Supported curve IDs for ECDSA keys.

filters GetKeysFilter]
length int

The length of the key in bytes, expressed as an integer. Supported values include the following:

  • AES: 16, 24, or 32
  • RSA: 256, 384, or 512
  • ECDSA: 32, 48, or 66
protection_mode str

The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. By default, a key's protection mode is set to HSM. You can't change a key's protection mode after the key is created or imported.

compartmentId String

The OCID of the compartment that contains this master encryption key.

id String

The provider-assigned unique ID for this managed resource.

keys List<Property Map>

The list of keys.

managementEndpoint String
algorithm String

The algorithm used by a key's key versions to encrypt or decrypt.

curveId String

Supported curve IDs for ECDSA keys.

filters List<Property Map>
length Number

The length of the key in bytes, expressed as an integer. Supported values include the following:

  • AES: 16, 24, or 32
  • RSA: 256, 384, or 512
  • ECDSA: 32, 48, or 66
protectionMode String

The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. By default, a key's protection mode is set to HSM. You can't change a key's protection mode after the key is created or imported.

Supporting Types

GetKeysFilter

Name string
Values List<string>
Regex bool
Name string
Values []string
Regex bool
name String
values List<String>
regex Boolean
name string
values string[]
regex boolean
name str
values Sequence[str]
regex bool
name String
values List<String>
regex Boolean

GetKeysKey

CompartmentId string

The OCID of the compartment.

CurrentKeyVersion string

The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.

DefinedTags Dictionary<string, object>

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}

DesiredState string
DisplayName string

A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.

FreeformTags Dictionary<string, object>

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}

Id string

The OCID of the key.

IsPrimary bool

A boolean that will be true when key is primary, and will be false when key is a replica from a primary key.

KeyShapes List<GetKeysKeyKeyShape>

The cryptographic properties of a key.

ManagementEndpoint string

The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.

ProtectionMode string

A key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server.

ReplicaDetails List<GetKeysKeyReplicaDetail>

Key replica details

RestoreFromFiles List<GetKeysKeyRestoreFromFile>
RestoreFromObjectStores List<GetKeysKeyRestoreFromObjectStore>
RestoreTrigger bool
RestoredFromKeyId string
State string

The key's current lifecycle state. Example: ENABLED

TimeCreated string

The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z

TimeOfDeletion string

An optional property indicating when to delete the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

VaultId string

The OCID of the vault that contains this key.

CompartmentId string

The OCID of the compartment.

CurrentKeyVersion string

The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.

DefinedTags map[string]interface{}

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}

DesiredState string
DisplayName string

A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.

FreeformTags map[string]interface{}

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}

Id string

The OCID of the key.

IsPrimary bool

A boolean that will be true when key is primary, and will be false when key is a replica from a primary key.

KeyShapes []GetKeysKeyKeyShape

The cryptographic properties of a key.

ManagementEndpoint string

The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.

ProtectionMode string

A key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server.

ReplicaDetails []GetKeysKeyReplicaDetail

Key replica details

RestoreFromFiles []GetKeysKeyRestoreFromFile
RestoreFromObjectStores []GetKeysKeyRestoreFromObjectStore
RestoreTrigger bool
RestoredFromKeyId string
State string

The key's current lifecycle state. Example: ENABLED

TimeCreated string

The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z

TimeOfDeletion string

An optional property indicating when to delete the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

VaultId string

The OCID of the vault that contains this key.

compartmentId String

The OCID of the compartment.

currentKeyVersion String

The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.

definedTags Map<String,Object>

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}

desiredState String
displayName String

A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.

freeformTags Map<String,Object>

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}

id String

The OCID of the key.

isPrimary Boolean

A boolean that will be true when key is primary, and will be false when key is a replica from a primary key.

keyShapes List<GetKeysKeyKeyShape>

The cryptographic properties of a key.

managementEndpoint String

The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.

protectionMode String

A key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server.

replicaDetails List<GetKeysKeyReplicaDetail>

Key replica details

restoreFromFiles List<GetKeysKeyRestoreFromFile>
restoreFromObjectStores List<GetKeysKeyRestoreFromObjectStore>
restoreTrigger Boolean
restoredFromKeyId String
state String

The key's current lifecycle state. Example: ENABLED

timeCreated String

The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z

timeOfDeletion String

An optional property indicating when to delete the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

vaultId String

The OCID of the vault that contains this key.

compartmentId string

The OCID of the compartment.

currentKeyVersion string

The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.

definedTags {[key: string]: any}

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}

desiredState string
displayName string

A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.

freeformTags {[key: string]: any}

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}

id string

The OCID of the key.

isPrimary boolean

A boolean that will be true when key is primary, and will be false when key is a replica from a primary key.

keyShapes GetKeysKeyKeyShape[]

The cryptographic properties of a key.

managementEndpoint string

The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.

protectionMode string

A key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server.

replicaDetails GetKeysKeyReplicaDetail[]

Key replica details

restoreFromFiles GetKeysKeyRestoreFromFile[]
restoreFromObjectStores GetKeysKeyRestoreFromObjectStore[]
restoreTrigger boolean
restoredFromKeyId string
state string

The key's current lifecycle state. Example: ENABLED

timeCreated string

The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z

timeOfDeletion string

An optional property indicating when to delete the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

vaultId string

The OCID of the vault that contains this key.

compartment_id str

The OCID of the compartment.

current_key_version str

The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.

defined_tags Mapping[str, Any]

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}

desired_state str
display_name str

A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.

freeform_tags Mapping[str, Any]

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}

id str

The OCID of the key.

is_primary bool

A boolean that will be true when key is primary, and will be false when key is a replica from a primary key.

key_shapes GetKeysKeyKeyShape]

The cryptographic properties of a key.

management_endpoint str

The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.

protection_mode str

A key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server.

replica_details GetKeysKeyReplicaDetail]

Key replica details

restore_from_files GetKeysKeyRestoreFromFile]
restore_from_object_stores GetKeysKeyRestoreFromObjectStore]
restore_trigger bool
restored_from_key_id str
state str

The key's current lifecycle state. Example: ENABLED

time_created str

The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z

time_of_deletion str

An optional property indicating when to delete the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

vault_id str

The OCID of the vault that contains this key.

compartmentId String

The OCID of the compartment.

currentKeyVersion String

The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.

definedTags Map<Any>

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}

desiredState String
displayName String

A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.

freeformTags Map<Any>

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}

id String

The OCID of the key.

isPrimary Boolean

A boolean that will be true when key is primary, and will be false when key is a replica from a primary key.

keyShapes List<Property Map>

The cryptographic properties of a key.

managementEndpoint String

The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.

protectionMode String

A key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server.

replicaDetails List<Property Map>

Key replica details

restoreFromFiles List<Property Map>
restoreFromObjectStores List<Property Map>
restoreTrigger Boolean
restoredFromKeyId String
state String

The key's current lifecycle state. Example: ENABLED

timeCreated String

The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z

timeOfDeletion String

An optional property indicating when to delete the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

vaultId String

The OCID of the vault that contains this key.

GetKeysKeyKeyShape

Algorithm string

The algorithm used by a key's key versions to encrypt or decrypt data. Currently, support includes AES, RSA, and ECDSA algorithms.

CurveId string

The curve ID of the keys. (This pertains only to ECDSA keys.)

Length int

The length of the key in bytes, expressed as an integer. Supported values include 16, 24, or 32.

Algorithm string

The algorithm used by a key's key versions to encrypt or decrypt data. Currently, support includes AES, RSA, and ECDSA algorithms.

CurveId string

The curve ID of the keys. (This pertains only to ECDSA keys.)

Length int

The length of the key in bytes, expressed as an integer. Supported values include 16, 24, or 32.

algorithm String

The algorithm used by a key's key versions to encrypt or decrypt data. Currently, support includes AES, RSA, and ECDSA algorithms.

curveId String

The curve ID of the keys. (This pertains only to ECDSA keys.)

length Integer

The length of the key in bytes, expressed as an integer. Supported values include 16, 24, or 32.

algorithm string

The algorithm used by a key's key versions to encrypt or decrypt data. Currently, support includes AES, RSA, and ECDSA algorithms.

curveId string

The curve ID of the keys. (This pertains only to ECDSA keys.)

length number

The length of the key in bytes, expressed as an integer. Supported values include 16, 24, or 32.

algorithm str

The algorithm used by a key's key versions to encrypt or decrypt data. Currently, support includes AES, RSA, and ECDSA algorithms.

curve_id str

The curve ID of the keys. (This pertains only to ECDSA keys.)

length int

The length of the key in bytes, expressed as an integer. Supported values include 16, 24, or 32.

algorithm String

The algorithm used by a key's key versions to encrypt or decrypt data. Currently, support includes AES, RSA, and ECDSA algorithms.

curveId String

The curve ID of the keys. (This pertains only to ECDSA keys.)

length Number

The length of the key in bytes, expressed as an integer. Supported values include 16, 24, or 32.

GetKeysKeyReplicaDetail

ReplicationId string

ReplicationId associated with a key operation

ReplicationId string

ReplicationId associated with a key operation

replicationId String

ReplicationId associated with a key operation

replicationId string

ReplicationId associated with a key operation

replication_id str

ReplicationId associated with a key operation

replicationId String

ReplicationId associated with a key operation

GetKeysKeyRestoreFromFile

GetKeysKeyRestoreFromObjectStore

Bucket string
Destination string
Namespace string
Object string
Uri string
Bucket string
Destination string
Namespace string
Object string
Uri string
bucket String
destination String
namespace String
object String
uri String
bucket string
destination string
namespace string
object string
uri string
bucket String
destination String
namespace String
object String
uri String

Package Details

Repository
https://github.com/pulumi/pulumi-oci
License
Apache-2.0
Notes

This Pulumi package is based on the oci Terraform Provider.