volcengine.kms.Key

Volcengine v0.0.46, Feb 27 26

Volcengine v0.0.46 published on Friday, Feb 27, 2026 by Volcengine

Schema (JSON)

volcengine/pulumi-volcengine

Volcengine v0.0.46 published on Friday, Feb 27, 2026 by Volcengine

Schema (JSON)

volcengine/pulumi-volcengine

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as volcengine from "@volcengine/pulumi";

const fooKeyring = new volcengine.kms.Keyring("fooKeyring", {
    keyringName: "tf-test",
    description: "tf-test",
    projectName: "default",
});
const fooKey = new volcengine.kms.Key("fooKey", {
    keyringName: fooKeyring.keyringName,
    keyName: "mrk-tf-key-mod",
    description: "tf test key-mod",
    tags: [{
        key: "tfkey3",
        value: "tfvalue3",
    }],
});
const foo1 = new volcengine.kms.Key("foo1", {
    keyringName: fooKeyring.keyringName,
    keyName: "Tf-test-key-1",
    rotateState: "Enable",
    rotateInterval: 90,
    keySpec: "SYMMETRIC_128",
    description: "Tf test key with SYMMETRIC_128",
    keyUsage: "ENCRYPT_DECRYPT",
    protectionLevel: "SOFTWARE",
    origin: "CloudKMS",
    multiRegion: false,
    pendingWindowInDays: 30,
    tags: [
        {
            key: "tfk1",
            value: "tfv1",
        },
        {
            key: "tfk2",
            value: "tfv2",
        },
    ],
});
const foo2 = new volcengine.kms.Key("foo2", {
    keyringName: fooKeyring.keyringName,
    keyName: "mrk-Tf-test-key-2",
    keyUsage: "ENCRYPT_DECRYPT",
    origin: "External",
    multiRegion: true,
});
const _default = new volcengine.kms.KeyMaterial("default", {
    keyringName: fooKeyring.keyringName,
    keyName: foo2.keyName,
    encryptedKeyMaterial: "***",
    importToken: "***",
    expirationModel: "KEY_MATERIAL_EXPIRES",
    validTo: 1770999621,
});

import pulumi
import pulumi_volcengine as volcengine

foo_keyring = volcengine.kms.Keyring("fooKeyring",
    keyring_name="tf-test",
    description="tf-test",
    project_name="default")
foo_key = volcengine.kms.Key("fooKey",
    keyring_name=foo_keyring.keyring_name,
    key_name="mrk-tf-key-mod",
    description="tf test key-mod",
    tags=[volcengine.kms.KeyTagArgs(
        key="tfkey3",
        value="tfvalue3",
    )])
foo1 = volcengine.kms.Key("foo1",
    keyring_name=foo_keyring.keyring_name,
    key_name="Tf-test-key-1",
    rotate_state="Enable",
    rotate_interval=90,
    key_spec="SYMMETRIC_128",
    description="Tf test key with SYMMETRIC_128",
    key_usage="ENCRYPT_DECRYPT",
    protection_level="SOFTWARE",
    origin="CloudKMS",
    multi_region=False,
    pending_window_in_days=30,
    tags=[
        volcengine.kms.KeyTagArgs(
            key="tfk1",
            value="tfv1",
        ),
        volcengine.kms.KeyTagArgs(
            key="tfk2",
            value="tfv2",
        ),
    ])
foo2 = volcengine.kms.Key("foo2",
    keyring_name=foo_keyring.keyring_name,
    key_name="mrk-Tf-test-key-2",
    key_usage="ENCRYPT_DECRYPT",
    origin="External",
    multi_region=True)
default = volcengine.kms.KeyMaterial("default",
    keyring_name=foo_keyring.keyring_name,
    key_name=foo2.key_name,
    encrypted_key_material="***",
    import_token="***",
    expiration_model="KEY_MATERIAL_EXPIRES",
    valid_to=1770999621)

package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/volcengine/pulumi-volcengine/sdk/go/volcengine/kms"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		fooKeyring, err := kms.NewKeyring(ctx, "fooKeyring", &kms.KeyringArgs{
			KeyringName: pulumi.String("tf-test"),
			Description: pulumi.String("tf-test"),
			ProjectName: pulumi.String("default"),
		})
		if err != nil {
			return err
		}
		_, err = kms.NewKey(ctx, "fooKey", &kms.KeyArgs{
			KeyringName: fooKeyring.KeyringName,
			KeyName:     pulumi.String("mrk-tf-key-mod"),
			Description: pulumi.String("tf test key-mod"),
			Tags: kms.KeyTagArray{
				&kms.KeyTagArgs{
					Key:   pulumi.String("tfkey3"),
					Value: pulumi.String("tfvalue3"),
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = kms.NewKey(ctx, "foo1", &kms.KeyArgs{
			KeyringName:         fooKeyring.KeyringName,
			KeyName:             pulumi.String("Tf-test-key-1"),
			RotateState:         pulumi.String("Enable"),
			RotateInterval:      pulumi.Int(90),
			KeySpec:             pulumi.String("SYMMETRIC_128"),
			Description:         pulumi.String("Tf test key with SYMMETRIC_128"),
			KeyUsage:            pulumi.String("ENCRYPT_DECRYPT"),
			ProtectionLevel:     pulumi.String("SOFTWARE"),
			Origin:              pulumi.String("CloudKMS"),
			MultiRegion:         pulumi.Bool(false),
			PendingWindowInDays: pulumi.Int(30),
			Tags: kms.KeyTagArray{
				&kms.KeyTagArgs{
					Key:   pulumi.String("tfk1"),
					Value: pulumi.String("tfv1"),
				},
				&kms.KeyTagArgs{
					Key:   pulumi.String("tfk2"),
					Value: pulumi.String("tfv2"),
				},
			},
		})
		if err != nil {
			return err
		}
		foo2, err := kms.NewKey(ctx, "foo2", &kms.KeyArgs{
			KeyringName: fooKeyring.KeyringName,
			KeyName:     pulumi.String("mrk-Tf-test-key-2"),
			KeyUsage:    pulumi.String("ENCRYPT_DECRYPT"),
			Origin:      pulumi.String("External"),
			MultiRegion: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = kms.NewKeyMaterial(ctx, "default", &kms.KeyMaterialArgs{
			KeyringName:          fooKeyring.KeyringName,
			KeyName:              foo2.KeyName,
			EncryptedKeyMaterial: pulumi.String("***"),
			ImportToken:          pulumi.String("***"),
			ExpirationModel:      pulumi.String("KEY_MATERIAL_EXPIRES"),
			ValidTo:              pulumi.Int(1770999621),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Volcengine = Pulumi.Volcengine;

return await Deployment.RunAsync(() => 
{
    var fooKeyring = new Volcengine.Kms.Keyring("fooKeyring", new()
    {
        KeyringName = "tf-test",
        Description = "tf-test",
        ProjectName = "default",
    });

    var fooKey = new Volcengine.Kms.Key("fooKey", new()
    {
        KeyringName = fooKeyring.KeyringName,
        KeyName = "mrk-tf-key-mod",
        Description = "tf test key-mod",
        Tags = new[]
        {
            new Volcengine.Kms.Inputs.KeyTagArgs
            {
                Key = "tfkey3",
                Value = "tfvalue3",
            },
        },
    });

    var foo1 = new Volcengine.Kms.Key("foo1", new()
    {
        KeyringName = fooKeyring.KeyringName,
        KeyName = "Tf-test-key-1",
        RotateState = "Enable",
        RotateInterval = 90,
        KeySpec = "SYMMETRIC_128",
        Description = "Tf test key with SYMMETRIC_128",
        KeyUsage = "ENCRYPT_DECRYPT",
        ProtectionLevel = "SOFTWARE",
        Origin = "CloudKMS",
        MultiRegion = false,
        PendingWindowInDays = 30,
        Tags = new[]
        {
            new Volcengine.Kms.Inputs.KeyTagArgs
            {
                Key = "tfk1",
                Value = "tfv1",
            },
            new Volcengine.Kms.Inputs.KeyTagArgs
            {
                Key = "tfk2",
                Value = "tfv2",
            },
        },
    });

    var foo2 = new Volcengine.Kms.Key("foo2", new()
    {
        KeyringName = fooKeyring.KeyringName,
        KeyName = "mrk-Tf-test-key-2",
        KeyUsage = "ENCRYPT_DECRYPT",
        Origin = "External",
        MultiRegion = true,
    });

    var @default = new Volcengine.Kms.KeyMaterial("default", new()
    {
        KeyringName = fooKeyring.KeyringName,
        KeyName = foo2.KeyName,
        EncryptedKeyMaterial = "***",
        ImportToken = "***",
        ExpirationModel = "KEY_MATERIAL_EXPIRES",
        ValidTo = 1770999621,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.volcengine.kms.Keyring;
import com.pulumi.volcengine.kms.KeyringArgs;
import com.pulumi.volcengine.kms.Key;
import com.pulumi.volcengine.kms.KeyArgs;
import com.pulumi.volcengine.kms.inputs.KeyTagArgs;
import com.pulumi.volcengine.kms.KeyMaterial;
import com.pulumi.volcengine.kms.KeyMaterialArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var fooKeyring = new Keyring("fooKeyring", KeyringArgs.builder()        
            .keyringName("tf-test")
            .description("tf-test")
            .projectName("default")
            .build());

        var fooKey = new Key("fooKey", KeyArgs.builder()        
            .keyringName(fooKeyring.keyringName())
            .keyName("mrk-tf-key-mod")
            .description("tf test key-mod")
            .tags(KeyTagArgs.builder()
                .key("tfkey3")
                .value("tfvalue3")
                .build())
            .build());

        var foo1 = new Key("foo1", KeyArgs.builder()        
            .keyringName(fooKeyring.keyringName())
            .keyName("Tf-test-key-1")
            .rotateState("Enable")
            .rotateInterval(90)
            .keySpec("SYMMETRIC_128")
            .description("Tf test key with SYMMETRIC_128")
            .keyUsage("ENCRYPT_DECRYPT")
            .protectionLevel("SOFTWARE")
            .origin("CloudKMS")
            .multiRegion(false)
            .pendingWindowInDays(30)
            .tags(            
                KeyTagArgs.builder()
                    .key("tfk1")
                    .value("tfv1")
                    .build(),
                KeyTagArgs.builder()
                    .key("tfk2")
                    .value("tfv2")
                    .build())
            .build());

        var foo2 = new Key("foo2", KeyArgs.builder()        
            .keyringName(fooKeyring.keyringName())
            .keyName("mrk-Tf-test-key-2")
            .keyUsage("ENCRYPT_DECRYPT")
            .origin("External")
            .multiRegion(true)
            .build());

        var default_ = new KeyMaterial("default", KeyMaterialArgs.builder()        
            .keyringName(fooKeyring.keyringName())
            .keyName(foo2.keyName())
            .encryptedKeyMaterial("***")
            .importToken("***")
            .expirationModel("KEY_MATERIAL_EXPIRES")
            .validTo(1770999621)
            .build());

    }
}

resources:
  fooKeyring:
    type: volcengine:kms:Keyring
    properties:
      keyringName: tf-test
      description: tf-test
      projectName: default
  fooKey:
    type: volcengine:kms:Key
    properties:
      keyringName: ${fooKeyring.keyringName}
      keyName: mrk-tf-key-mod
      description: tf test key-mod
      tags:
        - key: tfkey3
          value: tfvalue3
  foo1:
    type: volcengine:kms:Key
    properties:
      keyringName: ${fooKeyring.keyringName}
      keyName: Tf-test-key-1
      rotateState: Enable
      rotateInterval: 90
      keySpec: SYMMETRIC_128
      description: Tf test key with SYMMETRIC_128
      keyUsage: ENCRYPT_DECRYPT
      protectionLevel: SOFTWARE
      origin: CloudKMS
      multiRegion: false
      #The scheduled deletion time when deleting the key
      pendingWindowInDays: 30
      tags:
        - key: tfk1
          value: tfv1
        - key: tfk2
          value: tfv2
  foo2:
    type: volcengine:kms:Key
    properties:
      keyringName: ${fooKeyring.keyringName}
      keyName: mrk-Tf-test-key-2
      keyUsage: ENCRYPT_DECRYPT
      origin: External
      multiRegion: true
  default:
    type: volcengine:kms:KeyMaterial
    properties:
      keyringName: ${fooKeyring.keyringName}
      keyName: ${foo2.keyName}
      encryptedKeyMaterial: '***'
      importToken: '***'
      expirationModel: KEY_MATERIAL_EXPIRES
      validTo: 1.770999621e+09

Create Key Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Key(name: string, args: KeyArgs, opts?: CustomResourceOptions);

@overload
def Key(resource_name: str,
        args: KeyArgs,
        opts: Optional[ResourceOptions] = None)

@overload
def Key(resource_name: str,
        opts: Optional[ResourceOptions] = None,
        key_name: Optional[str] = None,
        keyring_name: Optional[str] = None,
        multi_region: Optional[bool] = None,
        key_spec: Optional[str] = None,
        key_usage: Optional[str] = None,
        description: Optional[str] = None,
        custom_key_store_id: Optional[str] = None,
        origin: Optional[str] = None,
        pending_window_in_days: Optional[int] = None,
        protection_level: Optional[str] = None,
        rotate_interval: Optional[int] = None,
        rotate_state: Optional[str] = None,
        tags: Optional[Sequence[KeyTagArgs]] = None,
        xks_key_id: Optional[str] = None)

func NewKey(ctx *Context, name string, args KeyArgs, opts ...ResourceOption) (*Key, error)

public Key(string name, KeyArgs args, CustomResourceOptions? opts = null)

public Key(String name, KeyArgs args)
public Key(String name, KeyArgs args, CustomResourceOptions options)

type: volcengine:kms:Key
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args KeyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args KeyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args KeyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args KeyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args KeyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var keyResource = new Volcengine.Kms.Key("keyResource", new()
{
    KeyName = "string",
    KeyringName = "string",
    MultiRegion = false,
    KeySpec = "string",
    KeyUsage = "string",
    Description = "string",
    CustomKeyStoreId = "string",
    Origin = "string",
    PendingWindowInDays = 0,
    ProtectionLevel = "string",
    RotateInterval = 0,
    RotateState = "string",
    Tags = new[]
    {
        new Volcengine.Kms.Inputs.KeyTagArgs
        {
            Key = "string",
            Value = "string",
        },
    },
    XksKeyId = "string",
});

example, err := kms.NewKey(ctx, "keyResource", &kms.KeyArgs{
	KeyName:             pulumi.String("string"),
	KeyringName:         pulumi.String("string"),
	MultiRegion:         pulumi.Bool(false),
	KeySpec:             pulumi.String("string"),
	KeyUsage:            pulumi.String("string"),
	Description:         pulumi.String("string"),
	CustomKeyStoreId:    pulumi.String("string"),
	Origin:              pulumi.String("string"),
	PendingWindowInDays: pulumi.Int(0),
	ProtectionLevel:     pulumi.String("string"),
	RotateInterval:      pulumi.Int(0),
	RotateState:         pulumi.String("string"),
	Tags: kms.KeyTagArray{
		&kms.KeyTagArgs{
			Key:   pulumi.String("string"),
			Value: pulumi.String("string"),
		},
	},
	XksKeyId: pulumi.String("string"),
})

var keyResource = new Key("keyResource", KeyArgs.builder()
    .keyName("string")
    .keyringName("string")
    .multiRegion(false)
    .keySpec("string")
    .keyUsage("string")
    .description("string")
    .customKeyStoreId("string")
    .origin("string")
    .pendingWindowInDays(0)
    .protectionLevel("string")
    .rotateInterval(0)
    .rotateState("string")
    .tags(KeyTagArgs.builder()
        .key("string")
        .value("string")
        .build())
    .xksKeyId("string")
    .build());

key_resource = volcengine.kms.Key("keyResource",
    key_name="string",
    keyring_name="string",
    multi_region=False,
    key_spec="string",
    key_usage="string",
    description="string",
    custom_key_store_id="string",
    origin="string",
    pending_window_in_days=0,
    protection_level="string",
    rotate_interval=0,
    rotate_state="string",
    tags=[{
        "key": "string",
        "value": "string",
    }],
    xks_key_id="string")

const keyResource = new volcengine.kms.Key("keyResource", {
    keyName: "string",
    keyringName: "string",
    multiRegion: false,
    keySpec: "string",
    keyUsage: "string",
    description: "string",
    customKeyStoreId: "string",
    origin: "string",
    pendingWindowInDays: 0,
    protectionLevel: "string",
    rotateInterval: 0,
    rotateState: "string",
    tags: [{
        key: "string",
        value: "string",
    }],
    xksKeyId: "string",
});

type: volcengine:kms:Key
properties:
    customKeyStoreId: string
    description: string
    keyName: string
    keySpec: string
    keyUsage: string
    keyringName: string
    multiRegion: false
    origin: string
    pendingWindowInDays: 0
    protectionLevel: string
    rotateInterval: 0
    rotateState: string
    tags:
        - key: string
          value: string
    xksKeyId: string

Key Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Key resource accepts the following input properties:

KeyName string: The name of the key.
KeyringName string: The name of the keyring.
CustomKeyStoreId string: The ID of the custom key store.
Description string: The description of the key.
KeySpec string: The type of the key. Valid values: SYMMETRIC_256, SYMMETRIC_128, RSA_2048, RSA_3072, RSA_4096, EC_P256K, EC_P256, EC_P384, EC_P521, EC_SM2. Default value: SYMMETRIC_256.
KeyUsage string: The usage of the key. Valid values: ENCRYPT_DECRYPT, SIGN_VERIFY, GENERATE_VERIFY_MAC. Default value: ENCRYPT_DECRYPT.
MultiRegion bool: Whether it is the master key of the Multi-region type. When multi_region is true, the key name must start with "mrk-".
Origin string: The origin of the key. Valid values: CloudKMS, External, ExternalKeyStore. Default value: CloudKMS.
PendingWindowInDays int: The pre-deletion cycle of the key. Valid values: [7, 30]. Default value: 7.
ProtectionLevel string: The protection level of the key. Valid values: SOFTWARE, HSM. Default value: SOFTWARE.
RotateInterval int: Key rotation period, unit: days; value range: [90, 2560], required when rotate_state is Enable.
RotateState string: The rotation state of the key. Valid values: Enable, Disable. Only symmetric keys support rotation.
Tags List<KeyTag>: Tags.
XksKeyId string: The ID of the external key store.

KeyName string: The name of the key.
KeyringName string: The name of the keyring.
CustomKeyStoreId string: The ID of the custom key store.
Description string: The description of the key.
KeySpec string: The type of the key. Valid values: SYMMETRIC_256, SYMMETRIC_128, RSA_2048, RSA_3072, RSA_4096, EC_P256K, EC_P256, EC_P384, EC_P521, EC_SM2. Default value: SYMMETRIC_256.
KeyUsage string: The usage of the key. Valid values: ENCRYPT_DECRYPT, SIGN_VERIFY, GENERATE_VERIFY_MAC. Default value: ENCRYPT_DECRYPT.
MultiRegion bool: Whether it is the master key of the Multi-region type. When multi_region is true, the key name must start with "mrk-".
Origin string: The origin of the key. Valid values: CloudKMS, External, ExternalKeyStore. Default value: CloudKMS.
PendingWindowInDays int: The pre-deletion cycle of the key. Valid values: [7, 30]. Default value: 7.
ProtectionLevel string: The protection level of the key. Valid values: SOFTWARE, HSM. Default value: SOFTWARE.
RotateInterval int: Key rotation period, unit: days; value range: [90, 2560], required when rotate_state is Enable.
RotateState string: The rotation state of the key. Valid values: Enable, Disable. Only symmetric keys support rotation.
Tags []KeyTagArgs: Tags.
XksKeyId string: The ID of the external key store.

keyName String: The name of the key.
keyringName String: The name of the keyring.
customKeyStoreId String: The ID of the custom key store.
description String: The description of the key.
keySpec String: The type of the key. Valid values: SYMMETRIC_256, SYMMETRIC_128, RSA_2048, RSA_3072, RSA_4096, EC_P256K, EC_P256, EC_P384, EC_P521, EC_SM2. Default value: SYMMETRIC_256.
keyUsage String: The usage of the key. Valid values: ENCRYPT_DECRYPT, SIGN_VERIFY, GENERATE_VERIFY_MAC. Default value: ENCRYPT_DECRYPT.
multiRegion Boolean: Whether it is the master key of the Multi-region type. When multi_region is true, the key name must start with "mrk-".
origin String: The origin of the key. Valid values: CloudKMS, External, ExternalKeyStore. Default value: CloudKMS.
pendingWindowInDays Integer: The pre-deletion cycle of the key. Valid values: [7, 30]. Default value: 7.
protectionLevel String: The protection level of the key. Valid values: SOFTWARE, HSM. Default value: SOFTWARE.
rotateInterval Integer: Key rotation period, unit: days; value range: [90, 2560], required when rotate_state is Enable.
rotateState String: The rotation state of the key. Valid values: Enable, Disable. Only symmetric keys support rotation.
tags List<KeyTag>: Tags.
xksKeyId String: The ID of the external key store.

keyName string: The name of the key.
keyringName string: The name of the keyring.
customKeyStoreId string: The ID of the custom key store.
description string: The description of the key.
keySpec string: The type of the key. Valid values: SYMMETRIC_256, SYMMETRIC_128, RSA_2048, RSA_3072, RSA_4096, EC_P256K, EC_P256, EC_P384, EC_P521, EC_SM2. Default value: SYMMETRIC_256.
keyUsage string: The usage of the key. Valid values: ENCRYPT_DECRYPT, SIGN_VERIFY, GENERATE_VERIFY_MAC. Default value: ENCRYPT_DECRYPT.
multiRegion boolean: Whether it is the master key of the Multi-region type. When multi_region is true, the key name must start with "mrk-".
origin string: The origin of the key. Valid values: CloudKMS, External, ExternalKeyStore. Default value: CloudKMS.
pendingWindowInDays number: The pre-deletion cycle of the key. Valid values: [7, 30]. Default value: 7.
protectionLevel string: The protection level of the key. Valid values: SOFTWARE, HSM. Default value: SOFTWARE.
rotateInterval number: Key rotation period, unit: days; value range: [90, 2560], required when rotate_state is Enable.
rotateState string: The rotation state of the key. Valid values: Enable, Disable. Only symmetric keys support rotation.
tags KeyTag[]: Tags.
xksKeyId string: The ID of the external key store.

key_name str: The name of the key.
keyring_name str: The name of the keyring.
custom_key_store_id str: The ID of the custom key store.
description str: The description of the key.
key_spec str: The type of the key. Valid values: SYMMETRIC_256, SYMMETRIC_128, RSA_2048, RSA_3072, RSA_4096, EC_P256K, EC_P256, EC_P384, EC_P521, EC_SM2. Default value: SYMMETRIC_256.
key_usage str: The usage of the key. Valid values: ENCRYPT_DECRYPT, SIGN_VERIFY, GENERATE_VERIFY_MAC. Default value: ENCRYPT_DECRYPT.
multi_region bool: Whether it is the master key of the Multi-region type. When multi_region is true, the key name must start with "mrk-".
origin str: The origin of the key. Valid values: CloudKMS, External, ExternalKeyStore. Default value: CloudKMS.
pending_window_in_days int: The pre-deletion cycle of the key. Valid values: [7, 30]. Default value: 7.
protection_level str: The protection level of the key. Valid values: SOFTWARE, HSM. Default value: SOFTWARE.
rotate_interval int: Key rotation period, unit: days; value range: [90, 2560], required when rotate_state is Enable.
rotate_state str: The rotation state of the key. Valid values: Enable, Disable. Only symmetric keys support rotation.
tags Sequence[KeyTagArgs]: Tags.
xks_key_id str: The ID of the external key store.

keyName String: The name of the key.
keyringName String: The name of the keyring.
customKeyStoreId String: The ID of the custom key store.
description String: The description of the key.
keySpec String: The type of the key. Valid values: SYMMETRIC_256, SYMMETRIC_128, RSA_2048, RSA_3072, RSA_4096, EC_P256K, EC_P256, EC_P384, EC_P521, EC_SM2. Default value: SYMMETRIC_256.
keyUsage String: The usage of the key. Valid values: ENCRYPT_DECRYPT, SIGN_VERIFY, GENERATE_VERIFY_MAC. Default value: ENCRYPT_DECRYPT.
multiRegion Boolean: Whether it is the master key of the Multi-region type. When multi_region is true, the key name must start with "mrk-".
origin String: The origin of the key. Valid values: CloudKMS, External, ExternalKeyStore. Default value: CloudKMS.
pendingWindowInDays Number: The pre-deletion cycle of the key. Valid values: [7, 30]. Default value: 7.
protectionLevel String: The protection level of the key. Valid values: SOFTWARE, HSM. Default value: SOFTWARE.
rotateInterval Number: Key rotation period, unit: days; value range: [90, 2560], required when rotate_state is Enable.
rotateState String: The rotation state of the key. Valid values: Enable, Disable. Only symmetric keys support rotation.
tags List<Property Map>: Tags.
xksKeyId String: The ID of the external key store.

Outputs

All input properties are implicitly available as output properties. Additionally, the Key resource produces the following output properties:

CreationDate int: The date when the keyring was created.
Id string: The provider-assigned unique ID for this managed resource.
KeyMaterialExpireTime string: The time when the key material will expire.
LastRotationTime string: The last time the key was rotated.
MultiRegionConfiguration KeyMultiRegionConfiguration: The configuration of Multi-region key.
RotationState string: The rotation configuration of the key.
ScheduleDeleteTime string: The time when the key will be deleted.
ScheduleRotationTime string: The next time the key will be rotated.
State string: The state of the key.
Trn string: The name of the resource.
UpdateDate int: The date when the keyring was updated.

CreationDate int: The date when the keyring was created.
Id string: The provider-assigned unique ID for this managed resource.
KeyMaterialExpireTime string: The time when the key material will expire.
LastRotationTime string: The last time the key was rotated.
MultiRegionConfiguration KeyMultiRegionConfiguration: The configuration of Multi-region key.
RotationState string: The rotation configuration of the key.
ScheduleDeleteTime string: The time when the key will be deleted.
ScheduleRotationTime string: The next time the key will be rotated.
State string: The state of the key.
Trn string: The name of the resource.
UpdateDate int: The date when the keyring was updated.

creationDate Integer: The date when the keyring was created.
id String: The provider-assigned unique ID for this managed resource.
keyMaterialExpireTime String: The time when the key material will expire.
lastRotationTime String: The last time the key was rotated.
multiRegionConfiguration KeyMultiRegionConfiguration: The configuration of Multi-region key.
rotationState String: The rotation configuration of the key.
scheduleDeleteTime String: The time when the key will be deleted.
scheduleRotationTime String: The next time the key will be rotated.
state String: The state of the key.
trn String: The name of the resource.
updateDate Integer: The date when the keyring was updated.

creationDate number: The date when the keyring was created.
id string: The provider-assigned unique ID for this managed resource.
keyMaterialExpireTime string: The time when the key material will expire.
lastRotationTime string: The last time the key was rotated.
multiRegionConfiguration KeyMultiRegionConfiguration: The configuration of Multi-region key.
rotationState string: The rotation configuration of the key.
scheduleDeleteTime string: The time when the key will be deleted.
scheduleRotationTime string: The next time the key will be rotated.
state string: The state of the key.
trn string: The name of the resource.
updateDate number: The date when the keyring was updated.

creation_date int: The date when the keyring was created.
id str: The provider-assigned unique ID for this managed resource.
key_material_expire_time str: The time when the key material will expire.
last_rotation_time str: The last time the key was rotated.
multi_region_configuration KeyMultiRegionConfiguration: The configuration of Multi-region key.
rotation_state str: The rotation configuration of the key.
schedule_delete_time str: The time when the key will be deleted.
schedule_rotation_time str: The next time the key will be rotated.
state str: The state of the key.
trn str: The name of the resource.
update_date int: The date when the keyring was updated.

creationDate Number: The date when the keyring was created.
id String: The provider-assigned unique ID for this managed resource.
keyMaterialExpireTime String: The time when the key material will expire.
lastRotationTime String: The last time the key was rotated.
multiRegionConfiguration Property Map: The configuration of Multi-region key.
rotationState String: The rotation configuration of the key.
scheduleDeleteTime String: The time when the key will be deleted.
scheduleRotationTime String: The next time the key will be rotated.
state String: The state of the key.
trn String: The name of the resource.
updateDate Number: The date when the keyring was updated.

Look up Existing Key Resource

Get an existing Key resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: KeyState, opts?: CustomResourceOptions): Key

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        creation_date: Optional[int] = None,
        custom_key_store_id: Optional[str] = None,
        description: Optional[str] = None,
        key_material_expire_time: Optional[str] = None,
        key_name: Optional[str] = None,
        key_spec: Optional[str] = None,
        key_usage: Optional[str] = None,
        keyring_name: Optional[str] = None,
        last_rotation_time: Optional[str] = None,
        multi_region: Optional[bool] = None,
        multi_region_configuration: Optional[KeyMultiRegionConfigurationArgs] = None,
        origin: Optional[str] = None,
        pending_window_in_days: Optional[int] = None,
        protection_level: Optional[str] = None,
        rotate_interval: Optional[int] = None,
        rotate_state: Optional[str] = None,
        rotation_state: Optional[str] = None,
        schedule_delete_time: Optional[str] = None,
        schedule_rotation_time: Optional[str] = None,
        state: Optional[str] = None,
        tags: Optional[Sequence[KeyTagArgs]] = None,
        trn: Optional[str] = None,
        update_date: Optional[int] = None,
        xks_key_id: Optional[str] = None) -> Key

func GetKey(ctx *Context, name string, id IDInput, state *KeyState, opts ...ResourceOption) (*Key, error)

public static Key Get(string name, Input<string> id, KeyState? state, CustomResourceOptions? opts = null)

public static Key get(String name, Output<String> id, KeyState state, CustomResourceOptions options)

resources:  _:    type: volcengine:kms:Key    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

CreationDate int: The date when the keyring was created.
CustomKeyStoreId string: The ID of the custom key store.
Description string: The description of the key.
KeyMaterialExpireTime string: The time when the key material will expire.
KeyName string: The name of the key.
KeySpec string: The type of the key. Valid values: SYMMETRIC_256, SYMMETRIC_128, RSA_2048, RSA_3072, RSA_4096, EC_P256K, EC_P256, EC_P384, EC_P521, EC_SM2. Default value: SYMMETRIC_256.
KeyUsage string: The usage of the key. Valid values: ENCRYPT_DECRYPT, SIGN_VERIFY, GENERATE_VERIFY_MAC. Default value: ENCRYPT_DECRYPT.
KeyringName string: The name of the keyring.
LastRotationTime string: The last time the key was rotated.
MultiRegion bool: Whether it is the master key of the Multi-region type. When multi_region is true, the key name must start with "mrk-".
MultiRegionConfiguration KeyMultiRegionConfiguration: The configuration of Multi-region key.
Origin string: The origin of the key. Valid values: CloudKMS, External, ExternalKeyStore. Default value: CloudKMS.
PendingWindowInDays int: The pre-deletion cycle of the key. Valid values: [7, 30]. Default value: 7.
ProtectionLevel string: The protection level of the key. Valid values: SOFTWARE, HSM. Default value: SOFTWARE.
RotateInterval int: Key rotation period, unit: days; value range: [90, 2560], required when rotate_state is Enable.
RotateState string: The rotation state of the key. Valid values: Enable, Disable. Only symmetric keys support rotation.
RotationState string: The rotation configuration of the key.
ScheduleDeleteTime string: The time when the key will be deleted.
ScheduleRotationTime string: The next time the key will be rotated.
State string: The state of the key.
Tags List<KeyTag>: Tags.
Trn string: The name of the resource.
UpdateDate int: The date when the keyring was updated.
XksKeyId string: The ID of the external key store.

CreationDate int: The date when the keyring was created.
CustomKeyStoreId string: The ID of the custom key store.
Description string: The description of the key.
KeyMaterialExpireTime string: The time when the key material will expire.
KeyName string: The name of the key.
KeySpec string: The type of the key. Valid values: SYMMETRIC_256, SYMMETRIC_128, RSA_2048, RSA_3072, RSA_4096, EC_P256K, EC_P256, EC_P384, EC_P521, EC_SM2. Default value: SYMMETRIC_256.
KeyUsage string: The usage of the key. Valid values: ENCRYPT_DECRYPT, SIGN_VERIFY, GENERATE_VERIFY_MAC. Default value: ENCRYPT_DECRYPT.
KeyringName string: The name of the keyring.
LastRotationTime string: The last time the key was rotated.
MultiRegion bool: Whether it is the master key of the Multi-region type. When multi_region is true, the key name must start with "mrk-".
MultiRegionConfiguration KeyMultiRegionConfigurationArgs: The configuration of Multi-region key.
Origin string: The origin of the key. Valid values: CloudKMS, External, ExternalKeyStore. Default value: CloudKMS.
PendingWindowInDays int: The pre-deletion cycle of the key. Valid values: [7, 30]. Default value: 7.
ProtectionLevel string: The protection level of the key. Valid values: SOFTWARE, HSM. Default value: SOFTWARE.
RotateInterval int: Key rotation period, unit: days; value range: [90, 2560], required when rotate_state is Enable.
RotateState string: The rotation state of the key. Valid values: Enable, Disable. Only symmetric keys support rotation.
RotationState string: The rotation configuration of the key.
ScheduleDeleteTime string: The time when the key will be deleted.
ScheduleRotationTime string: The next time the key will be rotated.
State string: The state of the key.
Tags []KeyTagArgs: Tags.
Trn string: The name of the resource.
UpdateDate int: The date when the keyring was updated.
XksKeyId string: The ID of the external key store.

creationDate Integer: The date when the keyring was created.
customKeyStoreId String: The ID of the custom key store.
description String: The description of the key.
keyMaterialExpireTime String: The time when the key material will expire.
keyName String: The name of the key.
keySpec String: The type of the key. Valid values: SYMMETRIC_256, SYMMETRIC_128, RSA_2048, RSA_3072, RSA_4096, EC_P256K, EC_P256, EC_P384, EC_P521, EC_SM2. Default value: SYMMETRIC_256.
keyUsage String: The usage of the key. Valid values: ENCRYPT_DECRYPT, SIGN_VERIFY, GENERATE_VERIFY_MAC. Default value: ENCRYPT_DECRYPT.
keyringName String: The name of the keyring.
lastRotationTime String: The last time the key was rotated.
multiRegion Boolean: Whether it is the master key of the Multi-region type. When multi_region is true, the key name must start with "mrk-".
multiRegionConfiguration KeyMultiRegionConfiguration: The configuration of Multi-region key.
origin String: The origin of the key. Valid values: CloudKMS, External, ExternalKeyStore. Default value: CloudKMS.
pendingWindowInDays Integer: The pre-deletion cycle of the key. Valid values: [7, 30]. Default value: 7.
protectionLevel String: The protection level of the key. Valid values: SOFTWARE, HSM. Default value: SOFTWARE.
rotateInterval Integer: Key rotation period, unit: days; value range: [90, 2560], required when rotate_state is Enable.
rotateState String: The rotation state of the key. Valid values: Enable, Disable. Only symmetric keys support rotation.
rotationState String: The rotation configuration of the key.
scheduleDeleteTime String: The time when the key will be deleted.
scheduleRotationTime String: The next time the key will be rotated.
state String: The state of the key.
tags List<KeyTag>: Tags.
trn String: The name of the resource.
updateDate Integer: The date when the keyring was updated.
xksKeyId String: The ID of the external key store.

creationDate number: The date when the keyring was created.
customKeyStoreId string: The ID of the custom key store.
description string: The description of the key.
keyMaterialExpireTime string: The time when the key material will expire.
keyName string: The name of the key.
keySpec string: The type of the key. Valid values: SYMMETRIC_256, SYMMETRIC_128, RSA_2048, RSA_3072, RSA_4096, EC_P256K, EC_P256, EC_P384, EC_P521, EC_SM2. Default value: SYMMETRIC_256.
keyUsage string: The usage of the key. Valid values: ENCRYPT_DECRYPT, SIGN_VERIFY, GENERATE_VERIFY_MAC. Default value: ENCRYPT_DECRYPT.
keyringName string: The name of the keyring.
lastRotationTime string: The last time the key was rotated.
multiRegion boolean: Whether it is the master key of the Multi-region type. When multi_region is true, the key name must start with "mrk-".
multiRegionConfiguration KeyMultiRegionConfiguration: The configuration of Multi-region key.
origin string: The origin of the key. Valid values: CloudKMS, External, ExternalKeyStore. Default value: CloudKMS.
pendingWindowInDays number: The pre-deletion cycle of the key. Valid values: [7, 30]. Default value: 7.
protectionLevel string: The protection level of the key. Valid values: SOFTWARE, HSM. Default value: SOFTWARE.
rotateInterval number: Key rotation period, unit: days; value range: [90, 2560], required when rotate_state is Enable.
rotateState string: The rotation state of the key. Valid values: Enable, Disable. Only symmetric keys support rotation.
rotationState string: The rotation configuration of the key.
scheduleDeleteTime string: The time when the key will be deleted.
scheduleRotationTime string: The next time the key will be rotated.
state string: The state of the key.
tags KeyTag[]: Tags.
trn string: The name of the resource.
updateDate number: The date when the keyring was updated.
xksKeyId string: The ID of the external key store.

creation_date int: The date when the keyring was created.
custom_key_store_id str: The ID of the custom key store.
description str: The description of the key.
key_material_expire_time str: The time when the key material will expire.
key_name str: The name of the key.
key_spec str: The type of the key. Valid values: SYMMETRIC_256, SYMMETRIC_128, RSA_2048, RSA_3072, RSA_4096, EC_P256K, EC_P256, EC_P384, EC_P521, EC_SM2. Default value: SYMMETRIC_256.
key_usage str: The usage of the key. Valid values: ENCRYPT_DECRYPT, SIGN_VERIFY, GENERATE_VERIFY_MAC. Default value: ENCRYPT_DECRYPT.
keyring_name str: The name of the keyring.
last_rotation_time str: The last time the key was rotated.
multi_region bool: Whether it is the master key of the Multi-region type. When multi_region is true, the key name must start with "mrk-".
multi_region_configuration KeyMultiRegionConfigurationArgs: The configuration of Multi-region key.
origin str: The origin of the key. Valid values: CloudKMS, External, ExternalKeyStore. Default value: CloudKMS.
pending_window_in_days int: The pre-deletion cycle of the key. Valid values: [7, 30]. Default value: 7.
protection_level str: The protection level of the key. Valid values: SOFTWARE, HSM. Default value: SOFTWARE.
rotate_interval int: Key rotation period, unit: days; value range: [90, 2560], required when rotate_state is Enable.
rotate_state str: The rotation state of the key. Valid values: Enable, Disable. Only symmetric keys support rotation.
rotation_state str: The rotation configuration of the key.
schedule_delete_time str: The time when the key will be deleted.
schedule_rotation_time str: The next time the key will be rotated.
state str: The state of the key.
tags Sequence[KeyTagArgs]: Tags.
trn str: The name of the resource.
update_date int: The date when the keyring was updated.
xks_key_id str: The ID of the external key store.

creationDate Number: The date when the keyring was created.
customKeyStoreId String: The ID of the custom key store.
description String: The description of the key.
keyMaterialExpireTime String: The time when the key material will expire.
keyName String: The name of the key.
keySpec String: The type of the key. Valid values: SYMMETRIC_256, SYMMETRIC_128, RSA_2048, RSA_3072, RSA_4096, EC_P256K, EC_P256, EC_P384, EC_P521, EC_SM2. Default value: SYMMETRIC_256.
keyUsage String: The usage of the key. Valid values: ENCRYPT_DECRYPT, SIGN_VERIFY, GENERATE_VERIFY_MAC. Default value: ENCRYPT_DECRYPT.
keyringName String: The name of the keyring.
lastRotationTime String: The last time the key was rotated.
multiRegion Boolean: Whether it is the master key of the Multi-region type. When multi_region is true, the key name must start with "mrk-".
multiRegionConfiguration Property Map: The configuration of Multi-region key.
origin String: The origin of the key. Valid values: CloudKMS, External, ExternalKeyStore. Default value: CloudKMS.
pendingWindowInDays Number: The pre-deletion cycle of the key. Valid values: [7, 30]. Default value: 7.
protectionLevel String: The protection level of the key. Valid values: SOFTWARE, HSM. Default value: SOFTWARE.
rotateInterval Number: Key rotation period, unit: days; value range: [90, 2560], required when rotate_state is Enable.
rotateState String: The rotation state of the key. Valid values: Enable, Disable. Only symmetric keys support rotation.
rotationState String: The rotation configuration of the key.
scheduleDeleteTime String: The time when the key will be deleted.
scheduleRotationTime String: The next time the key will be rotated.
state String: The state of the key.
tags List<Property Map>: Tags.
trn String: The name of the resource.
updateDate Number: The date when the keyring was updated.
xksKeyId String: The ID of the external key store.

Supporting Types

KeyMultiRegionConfiguration, KeyMultiRegionConfigurationArgs

MultiRegionKeyType string: The type of the multi-region key.
PrimaryKey KeyMultiRegionConfigurationPrimaryKey: Trn and region id of the primary multi-region key.
ReplicaKeys List<KeyMultiRegionConfigurationReplicaKey>: Trn and region id of replica multi-region keys.

MultiRegionKeyType string: The type of the multi-region key.
PrimaryKey KeyMultiRegionConfigurationPrimaryKey: Trn and region id of the primary multi-region key.
ReplicaKeys []KeyMultiRegionConfigurationReplicaKey: Trn and region id of replica multi-region keys.

multiRegionKeyType String: The type of the multi-region key.
primaryKey KeyMultiRegionConfigurationPrimaryKey: Trn and region id of the primary multi-region key.
replicaKeys List<KeyMultiRegionConfigurationReplicaKey>: Trn and region id of replica multi-region keys.

multiRegionKeyType string: The type of the multi-region key.
primaryKey KeyMultiRegionConfigurationPrimaryKey: Trn and region id of the primary multi-region key.
replicaKeys KeyMultiRegionConfigurationReplicaKey[]: Trn and region id of replica multi-region keys.

multi_region_key_type str: The type of the multi-region key.
primary_key KeyMultiRegionConfigurationPrimaryKey: Trn and region id of the primary multi-region key.
replica_keys Sequence[KeyMultiRegionConfigurationReplicaKey]: Trn and region id of replica multi-region keys.

multiRegionKeyType String: The type of the multi-region key.
primaryKey Property Map: Trn and region id of the primary multi-region key.
replicaKeys List<Property Map>: Trn and region id of replica multi-region keys.

KeyMultiRegionConfigurationPrimaryKey, KeyMultiRegionConfigurationPrimaryKeyArgs

Region string: The region id of multi-region key.
Trn string: The name of the resource.

Region string: The region id of multi-region key.
Trn string: The name of the resource.

region String: The region id of multi-region key.
trn String: The name of the resource.

region string: The region id of multi-region key.
trn string: The name of the resource.

region str: The region id of multi-region key.
trn str: The name of the resource.

region String: The region id of multi-region key.
trn String: The name of the resource.

KeyMultiRegionConfigurationReplicaKey, KeyMultiRegionConfigurationReplicaKeyArgs

Region string: The region id of multi-region key.
Trn string: The name of the resource.

Region string: The region id of multi-region key.
Trn string: The name of the resource.

region String: The region id of multi-region key.
trn String: The name of the resource.

region string: The region id of multi-region key.
trn string: The name of the resource.

region str: The region id of multi-region key.
trn str: The name of the resource.

region String: The region id of multi-region key.
trn String: The name of the resource.

KeyTag, KeyTagArgs

Key string: The Key of Tags.
Value string: The Value of Tags.

Key string: The Key of Tags.
Value string: The Value of Tags.

key String: The Key of Tags.
value String: The Value of Tags.

key string: The Key of Tags.
value string: The Value of Tags.

key str: The Key of Tags.
value str: The Value of Tags.

key String: The Key of Tags.
value String: The Value of Tags.

Import

KmsKey can be imported using the id, e.g.

$ pulumi import volcengine:kms/key:Key default resource_id

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: volcengine volcengine/pulumi-volcengine
License: Apache-2.0
Notes: This Pulumi package is based on the volcengine Terraform Provider.

Volcengine v0.0.46 published on Friday, Feb 27, 2026 by Volcengine

Schema (JSON)

volcengine/pulumi-volcengine

On this page

On this page

Example Usage

Create Key Resource

Constructor syntax

Parameters

Constructor example

Key Resource Properties

Inputs

Outputs

Look up Existing Key Resource

Supporting Types

KeyMultiRegionConfiguration, KeyMultiRegionConfigurationArgs

KeyMultiRegionConfigurationPrimaryKey, KeyMultiRegionConfigurationPrimaryKeyArgs

KeyMultiRegionConfigurationReplicaKey, KeyMultiRegionConfigurationReplicaKeyArgs

KeyTag, KeyTagArgs

Import

Package Details

On this page

On this page