Docs Home
tencentcloud 1.81.189 published on Wednesday, Apr 30, 2025 by tencentcloudstack
tencentcloud.KmsKey
Explore with Pulumi AI
tencentcloud 1.81.189 published on Wednesday, Apr 30, 2025 by tencentcloudstack
Provide a resource to create a KMS key.
Example Usage
Create and enable a instance.
import * as pulumi from "@pulumi/pulumi";
import * as tencentcloud from "@pulumi/tencentcloud";
const example = new tencentcloud.KmsKey("example", {
alias: "tf-example-kms-key",
description: "example of kms key",
isEnabled: true,
keyRotationEnabled: false,
pendingDeleteWindowInDays: 7,
tags: {
createdBy: "Terraform",
},
});
import pulumi
import pulumi_tencentcloud as tencentcloud
example = tencentcloud.KmsKey("example",
alias="tf-example-kms-key",
description="example of kms key",
is_enabled=True,
key_rotation_enabled=False,
pending_delete_window_in_days=7,
tags={
"createdBy": "Terraform",
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/tencentcloud/tencentcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := tencentcloud.NewKmsKey(ctx, "example", &tencentcloud.KmsKeyArgs{
Alias: pulumi.String("tf-example-kms-key"),
Description: pulumi.String("example of kms key"),
IsEnabled: pulumi.Bool(true),
KeyRotationEnabled: pulumi.Bool(false),
PendingDeleteWindowInDays: pulumi.Float64(7),
Tags: pulumi.StringMap{
"createdBy": pulumi.String("Terraform"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Tencentcloud = Pulumi.Tencentcloud;
return await Deployment.RunAsync(() =>
{
var example = new Tencentcloud.KmsKey("example", new()
{
Alias = "tf-example-kms-key",
Description = "example of kms key",
IsEnabled = true,
KeyRotationEnabled = false,
PendingDeleteWindowInDays = 7,
Tags =
{
{ "createdBy", "Terraform" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tencentcloud.KmsKey;
import com.pulumi.tencentcloud.KmsKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new KmsKey("example", KmsKeyArgs.builder()
.alias("tf-example-kms-key")
.description("example of kms key")
.isEnabled(true)
.keyRotationEnabled(false)
.pendingDeleteWindowInDays(7)
.tags(Map.of("createdBy", "Terraform"))
.build());
}
}
resources:
example:
type: tencentcloud:KmsKey
properties:
alias: tf-example-kms-key
description: example of kms key
isEnabled: true
keyRotationEnabled: false
pendingDeleteWindowInDays: 7
tags:
createdBy: Terraform
Create kms instance with HSM
import * as pulumi from "@pulumi/pulumi";
import * as tencentcloud from "@pulumi/tencentcloud";
const example = new tencentcloud.KmsKey("example", {
alias: "tf-example-kms-key",
description: "example of kms key",
hsmClusterId: "cls-hsm-mwpd9cjm",
isEnabled: true,
keyRotationEnabled: false,
pendingDeleteWindowInDays: 7,
tags: {
createdBy: "Terraform",
},
});
import pulumi
import pulumi_tencentcloud as tencentcloud
example = tencentcloud.KmsKey("example",
alias="tf-example-kms-key",
description="example of kms key",
hsm_cluster_id="cls-hsm-mwpd9cjm",
is_enabled=True,
key_rotation_enabled=False,
pending_delete_window_in_days=7,
tags={
"createdBy": "Terraform",
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/tencentcloud/tencentcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := tencentcloud.NewKmsKey(ctx, "example", &tencentcloud.KmsKeyArgs{
Alias: pulumi.String("tf-example-kms-key"),
Description: pulumi.String("example of kms key"),
HsmClusterId: pulumi.String("cls-hsm-mwpd9cjm"),
IsEnabled: pulumi.Bool(true),
KeyRotationEnabled: pulumi.Bool(false),
PendingDeleteWindowInDays: pulumi.Float64(7),
Tags: pulumi.StringMap{
"createdBy": pulumi.String("Terraform"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Tencentcloud = Pulumi.Tencentcloud;
return await Deployment.RunAsync(() =>
{
var example = new Tencentcloud.KmsKey("example", new()
{
Alias = "tf-example-kms-key",
Description = "example of kms key",
HsmClusterId = "cls-hsm-mwpd9cjm",
IsEnabled = true,
KeyRotationEnabled = false,
PendingDeleteWindowInDays = 7,
Tags =
{
{ "createdBy", "Terraform" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tencentcloud.KmsKey;
import com.pulumi.tencentcloud.KmsKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new KmsKey("example", KmsKeyArgs.builder()
.alias("tf-example-kms-key")
.description("example of kms key")
.hsmClusterId("cls-hsm-mwpd9cjm")
.isEnabled(true)
.keyRotationEnabled(false)
.pendingDeleteWindowInDays(7)
.tags(Map.of("createdBy", "Terraform"))
.build());
}
}
resources:
example:
type: tencentcloud:KmsKey
properties:
alias: tf-example-kms-key
description: example of kms key
hsmClusterId: cls-hsm-mwpd9cjm
isEnabled: true
keyRotationEnabled: false
pendingDeleteWindowInDays: 7
tags:
createdBy: Terraform
Specify the Key Usage as an asymmetry method.
import * as pulumi from "@pulumi/pulumi";
import * as tencentcloud from "@pulumi/tencentcloud";
const example = new tencentcloud.KmsKey("example", {
alias: "tf-example-kms-key",
description: "example of kms key",
isEnabled: false,
keyUsage: "ASYMMETRIC_DECRYPT_RSA_2048",
});
import pulumi
import pulumi_tencentcloud as tencentcloud
example = tencentcloud.KmsKey("example",
alias="tf-example-kms-key",
description="example of kms key",
is_enabled=False,
key_usage="ASYMMETRIC_DECRYPT_RSA_2048")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/tencentcloud/tencentcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := tencentcloud.NewKmsKey(ctx, "example", &tencentcloud.KmsKeyArgs{
Alias: pulumi.String("tf-example-kms-key"),
Description: pulumi.String("example of kms key"),
IsEnabled: pulumi.Bool(false),
KeyUsage: pulumi.String("ASYMMETRIC_DECRYPT_RSA_2048"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Tencentcloud = Pulumi.Tencentcloud;
return await Deployment.RunAsync(() =>
{
var example = new Tencentcloud.KmsKey("example", new()
{
Alias = "tf-example-kms-key",
Description = "example of kms key",
IsEnabled = false,
KeyUsage = "ASYMMETRIC_DECRYPT_RSA_2048",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tencentcloud.KmsKey;
import com.pulumi.tencentcloud.KmsKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new KmsKey("example", KmsKeyArgs.builder()
.alias("tf-example-kms-key")
.description("example of kms key")
.isEnabled(false)
.keyUsage("ASYMMETRIC_DECRYPT_RSA_2048")
.build());
}
}
resources:
example:
type: tencentcloud:KmsKey
properties:
alias: tf-example-kms-key
description: example of kms key
isEnabled: false
keyUsage: ASYMMETRIC_DECRYPT_RSA_2048
Disable the kms key instance.
import * as pulumi from "@pulumi/pulumi";
import * as tencentcloud from "@pulumi/tencentcloud";
const example = new tencentcloud.KmsKey("example", {
alias: "tf-example-kms-key",
description: "example of kms key",
isEnabled: false,
keyRotationEnabled: false,
tags: {
createdBy: "Terraform",
},
});
import pulumi
import pulumi_tencentcloud as tencentcloud
example = tencentcloud.KmsKey("example",
alias="tf-example-kms-key",
description="example of kms key",
is_enabled=False,
key_rotation_enabled=False,
tags={
"createdBy": "Terraform",
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/tencentcloud/tencentcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := tencentcloud.NewKmsKey(ctx, "example", &tencentcloud.KmsKeyArgs{
Alias: pulumi.String("tf-example-kms-key"),
Description: pulumi.String("example of kms key"),
IsEnabled: pulumi.Bool(false),
KeyRotationEnabled: pulumi.Bool(false),
Tags: pulumi.StringMap{
"createdBy": pulumi.String("Terraform"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Tencentcloud = Pulumi.Tencentcloud;
return await Deployment.RunAsync(() =>
{
var example = new Tencentcloud.KmsKey("example", new()
{
Alias = "tf-example-kms-key",
Description = "example of kms key",
IsEnabled = false,
KeyRotationEnabled = false,
Tags =
{
{ "createdBy", "Terraform" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tencentcloud.KmsKey;
import com.pulumi.tencentcloud.KmsKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new KmsKey("example", KmsKeyArgs.builder()
.alias("tf-example-kms-key")
.description("example of kms key")
.isEnabled(false)
.keyRotationEnabled(false)
.tags(Map.of("createdBy", "Terraform"))
.build());
}
}
resources:
example:
type: tencentcloud:KmsKey
properties:
alias: tf-example-kms-key
description: example of kms key
isEnabled: false
keyRotationEnabled: false
tags:
createdBy: Terraform
Create KmsKey Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new KmsKey(name: string, args: KmsKeyArgs, opts?: CustomResourceOptions);@overload
def KmsKey(resource_name: str,
args: KmsKeyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def KmsKey(resource_name: str,
opts: Optional[ResourceOptions] = None,
alias: Optional[str] = None,
description: Optional[str] = None,
hsm_cluster_id: Optional[str] = None,
is_archived: Optional[bool] = None,
is_enabled: Optional[bool] = None,
key_rotation_enabled: Optional[bool] = None,
key_usage: Optional[str] = None,
kms_key_id: Optional[str] = None,
pending_delete_window_in_days: Optional[float] = None,
tags: Optional[Mapping[str, str]] = None)func NewKmsKey(ctx *Context, name string, args KmsKeyArgs, opts ...ResourceOption) (*KmsKey, error)public KmsKey(string name, KmsKeyArgs args, CustomResourceOptions? opts = null)
public KmsKey(String name, KmsKeyArgs args)
public KmsKey(String name, KmsKeyArgs args, CustomResourceOptions options)
type: tencentcloud:KmsKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args KmsKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args KmsKeyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args KmsKeyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args KmsKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args KmsKeyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
KmsKey Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The KmsKey resource accepts the following input properties:
- Alias string
- Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
- Description string
- Description of CMK. The maximum is 1024 bytes.
- Hsm
Cluster stringId - The HSM cluster ID corresponding to KMS Advanced Edition (only valid for KMS Exclusive/Managed Edition service instances).
- Is
Archived bool - Specify whether to archive key. Default value is
false. This field is conflict withis_enabled, valid when key_state isEnabled,Disabled,Archived. - Is
Enabled bool - Specify whether to enable key. Default value is
false. This field is conflict withis_archived, valid when key_state isEnabled,Disabled,Archived. - Key
Rotation boolEnabled - Specify whether to enable key rotation, valid when key_usage is
ENCRYPT_DECRYPT. Default value isfalse. - Key
Usage string - Usage of CMK. Available values include
ENCRYPT_DECRYPT,ASYMMETRIC_DECRYPT_RSA_2048,ASYMMETRIC_DECRYPT_SM2,ASYMMETRIC_SIGN_VERIFY_SM2,ASYMMETRIC_SIGN_VERIFY_RSA_2048,ASYMMETRIC_SIGN_VERIFY_ECC. Default value isENCRYPT_DECRYPT. - Kms
Key stringId - ID of the resource.
- Pending
Delete doubleWindow In Days - Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
- Dictionary<string, string>
- Tags of CMK.
- Alias string
- Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
- Description string
- Description of CMK. The maximum is 1024 bytes.
- Hsm
Cluster stringId - The HSM cluster ID corresponding to KMS Advanced Edition (only valid for KMS Exclusive/Managed Edition service instances).
- Is
Archived bool - Specify whether to archive key. Default value is
false. This field is conflict withis_enabled, valid when key_state isEnabled,Disabled,Archived. - Is
Enabled bool - Specify whether to enable key. Default value is
false. This field is conflict withis_archived, valid when key_state isEnabled,Disabled,Archived. - Key
Rotation boolEnabled - Specify whether to enable key rotation, valid when key_usage is
ENCRYPT_DECRYPT. Default value isfalse. - Key
Usage string - Usage of CMK. Available values include
ENCRYPT_DECRYPT,ASYMMETRIC_DECRYPT_RSA_2048,ASYMMETRIC_DECRYPT_SM2,ASYMMETRIC_SIGN_VERIFY_SM2,ASYMMETRIC_SIGN_VERIFY_RSA_2048,ASYMMETRIC_SIGN_VERIFY_ECC. Default value isENCRYPT_DECRYPT. - Kms
Key stringId - ID of the resource.
- Pending
Delete float64Window In Days - Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
- map[string]string
- Tags of CMK.
- alias String
- Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
- description String
- Description of CMK. The maximum is 1024 bytes.
- hsm
Cluster StringId - The HSM cluster ID corresponding to KMS Advanced Edition (only valid for KMS Exclusive/Managed Edition service instances).
- is
Archived Boolean - Specify whether to archive key. Default value is
false. This field is conflict withis_enabled, valid when key_state isEnabled,Disabled,Archived. - is
Enabled Boolean - Specify whether to enable key. Default value is
false. This field is conflict withis_archived, valid when key_state isEnabled,Disabled,Archived. - key
Rotation BooleanEnabled - Specify whether to enable key rotation, valid when key_usage is
ENCRYPT_DECRYPT. Default value isfalse. - key
Usage String - Usage of CMK. Available values include
ENCRYPT_DECRYPT,ASYMMETRIC_DECRYPT_RSA_2048,ASYMMETRIC_DECRYPT_SM2,ASYMMETRIC_SIGN_VERIFY_SM2,ASYMMETRIC_SIGN_VERIFY_RSA_2048,ASYMMETRIC_SIGN_VERIFY_ECC. Default value isENCRYPT_DECRYPT. - kms
Key StringId - ID of the resource.
- pending
Delete DoubleWindow In Days - Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
- Map<String,String>
- Tags of CMK.
- alias string
- Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
- description string
- Description of CMK. The maximum is 1024 bytes.
- hsm
Cluster stringId - The HSM cluster ID corresponding to KMS Advanced Edition (only valid for KMS Exclusive/Managed Edition service instances).
- is
Archived boolean - Specify whether to archive key. Default value is
false. This field is conflict withis_enabled, valid when key_state isEnabled,Disabled,Archived. - is
Enabled boolean - Specify whether to enable key. Default value is
false. This field is conflict withis_archived, valid when key_state isEnabled,Disabled,Archived. - key
Rotation booleanEnabled - Specify whether to enable key rotation, valid when key_usage is
ENCRYPT_DECRYPT. Default value isfalse. - key
Usage string - Usage of CMK. Available values include
ENCRYPT_DECRYPT,ASYMMETRIC_DECRYPT_RSA_2048,ASYMMETRIC_DECRYPT_SM2,ASYMMETRIC_SIGN_VERIFY_SM2,ASYMMETRIC_SIGN_VERIFY_RSA_2048,ASYMMETRIC_SIGN_VERIFY_ECC. Default value isENCRYPT_DECRYPT. - kms
Key stringId - ID of the resource.
- pending
Delete numberWindow In Days - Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
- {[key: string]: string}
- Tags of CMK.
- alias str
- Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
- description str
- Description of CMK. The maximum is 1024 bytes.
- hsm_
cluster_ strid - The HSM cluster ID corresponding to KMS Advanced Edition (only valid for KMS Exclusive/Managed Edition service instances).
- is_
archived bool - Specify whether to archive key. Default value is
false. This field is conflict withis_enabled, valid when key_state isEnabled,Disabled,Archived. - is_
enabled bool - Specify whether to enable key. Default value is
false. This field is conflict withis_archived, valid when key_state isEnabled,Disabled,Archived. - key_
rotation_ boolenabled - Specify whether to enable key rotation, valid when key_usage is
ENCRYPT_DECRYPT. Default value isfalse. - key_
usage str - Usage of CMK. Available values include
ENCRYPT_DECRYPT,ASYMMETRIC_DECRYPT_RSA_2048,ASYMMETRIC_DECRYPT_SM2,ASYMMETRIC_SIGN_VERIFY_SM2,ASYMMETRIC_SIGN_VERIFY_RSA_2048,ASYMMETRIC_SIGN_VERIFY_ECC. Default value isENCRYPT_DECRYPT. - kms_
key_ strid - ID of the resource.
- pending_
delete_ floatwindow_ in_ days - Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
- Mapping[str, str]
- Tags of CMK.
- alias String
- Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
- description String
- Description of CMK. The maximum is 1024 bytes.
- hsm
Cluster StringId - The HSM cluster ID corresponding to KMS Advanced Edition (only valid for KMS Exclusive/Managed Edition service instances).
- is
Archived Boolean - Specify whether to archive key. Default value is
false. This field is conflict withis_enabled, valid when key_state isEnabled,Disabled,Archived. - is
Enabled Boolean - Specify whether to enable key. Default value is
false. This field is conflict withis_archived, valid when key_state isEnabled,Disabled,Archived. - key
Rotation BooleanEnabled - Specify whether to enable key rotation, valid when key_usage is
ENCRYPT_DECRYPT. Default value isfalse. - key
Usage String - Usage of CMK. Available values include
ENCRYPT_DECRYPT,ASYMMETRIC_DECRYPT_RSA_2048,ASYMMETRIC_DECRYPT_SM2,ASYMMETRIC_SIGN_VERIFY_SM2,ASYMMETRIC_SIGN_VERIFY_RSA_2048,ASYMMETRIC_SIGN_VERIFY_ECC. Default value isENCRYPT_DECRYPT. - kms
Key StringId - ID of the resource.
- pending
Delete NumberWindow In Days - Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
- Map<String>
- Tags of CMK.
Outputs
All input properties are implicitly available as output properties. Additionally, the KmsKey resource produces the following output properties:
Look up Existing KmsKey Resource
Get an existing KmsKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: KmsKeyState, opts?: CustomResourceOptions): KmsKey@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
alias: Optional[str] = None,
description: Optional[str] = None,
hsm_cluster_id: Optional[str] = None,
is_archived: Optional[bool] = None,
is_enabled: Optional[bool] = None,
key_rotation_enabled: Optional[bool] = None,
key_state: Optional[str] = None,
key_usage: Optional[str] = None,
kms_key_id: Optional[str] = None,
pending_delete_window_in_days: Optional[float] = None,
tags: Optional[Mapping[str, str]] = None) -> KmsKeyfunc GetKmsKey(ctx *Context, name string, id IDInput, state *KmsKeyState, opts ...ResourceOption) (*KmsKey, error)public static KmsKey Get(string name, Input<string> id, KmsKeyState? state, CustomResourceOptions? opts = null)public static KmsKey get(String name, Output<String> id, KmsKeyState state, CustomResourceOptions options)resources: _: type: tencentcloud:KmsKey get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Alias string
- Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
- Description string
- Description of CMK. The maximum is 1024 bytes.
- Hsm
Cluster stringId - The HSM cluster ID corresponding to KMS Advanced Edition (only valid for KMS Exclusive/Managed Edition service instances).
- Is
Archived bool - Specify whether to archive key. Default value is
false. This field is conflict withis_enabled, valid when key_state isEnabled,Disabled,Archived. - Is
Enabled bool - Specify whether to enable key. Default value is
false. This field is conflict withis_archived, valid when key_state isEnabled,Disabled,Archived. - Key
Rotation boolEnabled - Specify whether to enable key rotation, valid when key_usage is
ENCRYPT_DECRYPT. Default value isfalse. - Key
State string - State of CMK.
- Key
Usage string - Usage of CMK. Available values include
ENCRYPT_DECRYPT,ASYMMETRIC_DECRYPT_RSA_2048,ASYMMETRIC_DECRYPT_SM2,ASYMMETRIC_SIGN_VERIFY_SM2,ASYMMETRIC_SIGN_VERIFY_RSA_2048,ASYMMETRIC_SIGN_VERIFY_ECC. Default value isENCRYPT_DECRYPT. - Kms
Key stringId - ID of the resource.
- Pending
Delete doubleWindow In Days - Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
- Dictionary<string, string>
- Tags of CMK.
- Alias string
- Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
- Description string
- Description of CMK. The maximum is 1024 bytes.
- Hsm
Cluster stringId - The HSM cluster ID corresponding to KMS Advanced Edition (only valid for KMS Exclusive/Managed Edition service instances).
- Is
Archived bool - Specify whether to archive key. Default value is
false. This field is conflict withis_enabled, valid when key_state isEnabled,Disabled,Archived. - Is
Enabled bool - Specify whether to enable key. Default value is
false. This field is conflict withis_archived, valid when key_state isEnabled,Disabled,Archived. - Key
Rotation boolEnabled - Specify whether to enable key rotation, valid when key_usage is
ENCRYPT_DECRYPT. Default value isfalse. - Key
State string - State of CMK.
- Key
Usage string - Usage of CMK. Available values include
ENCRYPT_DECRYPT,ASYMMETRIC_DECRYPT_RSA_2048,ASYMMETRIC_DECRYPT_SM2,ASYMMETRIC_SIGN_VERIFY_SM2,ASYMMETRIC_SIGN_VERIFY_RSA_2048,ASYMMETRIC_SIGN_VERIFY_ECC. Default value isENCRYPT_DECRYPT. - Kms
Key stringId - ID of the resource.
- Pending
Delete float64Window In Days - Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
- map[string]string
- Tags of CMK.
- alias String
- Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
- description String
- Description of CMK. The maximum is 1024 bytes.
- hsm
Cluster StringId - The HSM cluster ID corresponding to KMS Advanced Edition (only valid for KMS Exclusive/Managed Edition service instances).
- is
Archived Boolean - Specify whether to archive key. Default value is
false. This field is conflict withis_enabled, valid when key_state isEnabled,Disabled,Archived. - is
Enabled Boolean - Specify whether to enable key. Default value is
false. This field is conflict withis_archived, valid when key_state isEnabled,Disabled,Archived. - key
Rotation BooleanEnabled - Specify whether to enable key rotation, valid when key_usage is
ENCRYPT_DECRYPT. Default value isfalse. - key
State String - State of CMK.
- key
Usage String - Usage of CMK. Available values include
ENCRYPT_DECRYPT,ASYMMETRIC_DECRYPT_RSA_2048,ASYMMETRIC_DECRYPT_SM2,ASYMMETRIC_SIGN_VERIFY_SM2,ASYMMETRIC_SIGN_VERIFY_RSA_2048,ASYMMETRIC_SIGN_VERIFY_ECC. Default value isENCRYPT_DECRYPT. - kms
Key StringId - ID of the resource.
- pending
Delete DoubleWindow In Days - Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
- Map<String,String>
- Tags of CMK.
- alias string
- Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
- description string
- Description of CMK. The maximum is 1024 bytes.
- hsm
Cluster stringId - The HSM cluster ID corresponding to KMS Advanced Edition (only valid for KMS Exclusive/Managed Edition service instances).
- is
Archived boolean - Specify whether to archive key. Default value is
false. This field is conflict withis_enabled, valid when key_state isEnabled,Disabled,Archived. - is
Enabled boolean - Specify whether to enable key. Default value is
false. This field is conflict withis_archived, valid when key_state isEnabled,Disabled,Archived. - key
Rotation booleanEnabled - Specify whether to enable key rotation, valid when key_usage is
ENCRYPT_DECRYPT. Default value isfalse. - key
State string - State of CMK.
- key
Usage string - Usage of CMK. Available values include
ENCRYPT_DECRYPT,ASYMMETRIC_DECRYPT_RSA_2048,ASYMMETRIC_DECRYPT_SM2,ASYMMETRIC_SIGN_VERIFY_SM2,ASYMMETRIC_SIGN_VERIFY_RSA_2048,ASYMMETRIC_SIGN_VERIFY_ECC. Default value isENCRYPT_DECRYPT. - kms
Key stringId - ID of the resource.
- pending
Delete numberWindow In Days - Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
- {[key: string]: string}
- Tags of CMK.
- alias str
- Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
- description str
- Description of CMK. The maximum is 1024 bytes.
- hsm_
cluster_ strid - The HSM cluster ID corresponding to KMS Advanced Edition (only valid for KMS Exclusive/Managed Edition service instances).
- is_
archived bool - Specify whether to archive key. Default value is
false. This field is conflict withis_enabled, valid when key_state isEnabled,Disabled,Archived. - is_
enabled bool - Specify whether to enable key. Default value is
false. This field is conflict withis_archived, valid when key_state isEnabled,Disabled,Archived. - key_
rotation_ boolenabled - Specify whether to enable key rotation, valid when key_usage is
ENCRYPT_DECRYPT. Default value isfalse. - key_
state str - State of CMK.
- key_
usage str - Usage of CMK. Available values include
ENCRYPT_DECRYPT,ASYMMETRIC_DECRYPT_RSA_2048,ASYMMETRIC_DECRYPT_SM2,ASYMMETRIC_SIGN_VERIFY_SM2,ASYMMETRIC_SIGN_VERIFY_RSA_2048,ASYMMETRIC_SIGN_VERIFY_ECC. Default value isENCRYPT_DECRYPT. - kms_
key_ strid - ID of the resource.
- pending_
delete_ floatwindow_ in_ days - Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
- Mapping[str, str]
- Tags of CMK.
- alias String
- Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
- description String
- Description of CMK. The maximum is 1024 bytes.
- hsm
Cluster StringId - The HSM cluster ID corresponding to KMS Advanced Edition (only valid for KMS Exclusive/Managed Edition service instances).
- is
Archived Boolean - Specify whether to archive key. Default value is
false. This field is conflict withis_enabled, valid when key_state isEnabled,Disabled,Archived. - is
Enabled Boolean - Specify whether to enable key. Default value is
false. This field is conflict withis_archived, valid when key_state isEnabled,Disabled,Archived. - key
Rotation BooleanEnabled - Specify whether to enable key rotation, valid when key_usage is
ENCRYPT_DECRYPT. Default value isfalse. - key
State String - State of CMK.
- key
Usage String - Usage of CMK. Available values include
ENCRYPT_DECRYPT,ASYMMETRIC_DECRYPT_RSA_2048,ASYMMETRIC_DECRYPT_SM2,ASYMMETRIC_SIGN_VERIFY_SM2,ASYMMETRIC_SIGN_VERIFY_RSA_2048,ASYMMETRIC_SIGN_VERIFY_ECC. Default value isENCRYPT_DECRYPT. - kms
Key StringId - ID of the resource.
- pending
Delete NumberWindow In Days - Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
- Map<String>
- Tags of CMK.
Import
KMS keys can be imported using the id, e.g.
$ pulumi import tencentcloud:index/kmsKey:KmsKey example 287e8f40-7cbb-11eb-9a3a-5254004f7f94
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- tencentcloud tencentcloudstack/terraform-provider-tencentcloud
- License
- Notes
- This Pulumi package is based on the
tencentcloudTerraform Provider.
tencentcloud 1.81.189 published on Wednesday, Apr 30, 2025 by tencentcloudstack