Volcengine v0.0.46 published on Friday, Feb 27, 2026 by Volcengine
Volcengine v0.0.46 published on Friday, Feb 27, 2026 by Volcengine
Provides a resource to manage kms key material
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as volcengine from "@volcengine/pulumi";
// It is necessary to first use data volcengine_kms_key_materials to obtain the import materials, such as import_token, public_key.
// Reference document: https://www.volcengine.com/docs/6476/144950?lang=zh
const _default = new volcengine.kms.KeyMaterial("default", {
encryptedKeyMaterial: "***",
expirationModel: "KEY_MATERIAL_EXPIRES",
importToken: "***",
keyId: "8798cd1e-****-4f9b-****-d51847ad53ae",
keyName: "Test-3",
keyringName: "Tf-test-1",
validTo: 1770969621,
});
import pulumi
import pulumi_volcengine as volcengine
# It is necessary to first use data volcengine_kms_key_materials to obtain the import materials, such as import_token, public_key.
# Reference document: https://www.volcengine.com/docs/6476/144950?lang=zh
default = volcengine.kms.KeyMaterial("default",
encrypted_key_material="***",
expiration_model="KEY_MATERIAL_EXPIRES",
import_token="***",
key_id="8798cd1e-****-4f9b-****-d51847ad53ae",
key_name="Test-3",
keyring_name="Tf-test-1",
valid_to=1770969621)
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/volcengine/pulumi-volcengine/sdk/go/volcengine/kms"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// It is necessary to first use data volcengine_kms_key_materials to obtain the import materials, such as import_token, public_key.
// Reference document: https://www.volcengine.com/docs/6476/144950?lang=zh
_, err := kms.NewKeyMaterial(ctx, "default", &kms.KeyMaterialArgs{
EncryptedKeyMaterial: pulumi.String("***"),
ExpirationModel: pulumi.String("KEY_MATERIAL_EXPIRES"),
ImportToken: pulumi.String("***"),
KeyId: pulumi.String("8798cd1e-****-4f9b-****-d51847ad53ae"),
KeyName: pulumi.String("Test-3"),
KeyringName: pulumi.String("Tf-test-1"),
ValidTo: pulumi.Int(1770969621),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Volcengine = Pulumi.Volcengine;
return await Deployment.RunAsync(() =>
{
// It is necessary to first use data volcengine_kms_key_materials to obtain the import materials, such as import_token, public_key.
// Reference document: https://www.volcengine.com/docs/6476/144950?lang=zh
var @default = new Volcengine.Kms.KeyMaterial("default", new()
{
EncryptedKeyMaterial = "***",
ExpirationModel = "KEY_MATERIAL_EXPIRES",
ImportToken = "***",
KeyId = "8798cd1e-****-4f9b-****-d51847ad53ae",
KeyName = "Test-3",
KeyringName = "Tf-test-1",
ValidTo = 1770969621,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.volcengine.kms.KeyMaterial;
import com.pulumi.volcengine.kms.KeyMaterialArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// It is necessary to first use data volcengine_kms_key_materials to obtain the import materials, such as import_token, public_key.
// Reference document: https://www.volcengine.com/docs/6476/144950?lang=zh
var default_ = new KeyMaterial("default", KeyMaterialArgs.builder()
.encryptedKeyMaterial("***")
.expirationModel("KEY_MATERIAL_EXPIRES")
.importToken("***")
.keyId("8798cd1e-****-4f9b-****-d51847ad53ae")
.keyName("Test-3")
.keyringName("Tf-test-1")
.validTo(1770969621)
.build());
}
}
resources:
# It is necessary to first use data volcengine_kms_key_materials to obtain the import materials, such as import_token, public_key.
# // Reference document: https://www.volcengine.com/docs/6476/144950?lang=zh
default:
type: volcengine:kms:KeyMaterial
properties:
encryptedKeyMaterial: '***'
expirationModel: KEY_MATERIAL_EXPIRES
importToken: '***'
keyId: 8798cd1e-****-4f9b-****-d51847ad53ae
keyName: Test-3
keyringName: Tf-test-1
validTo: 1.770969621e+09
Create KeyMaterial Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new KeyMaterial(name: string, args: KeyMaterialArgs, opts?: CustomResourceOptions);@overload
def KeyMaterial(resource_name: str,
args: KeyMaterialArgs,
opts: Optional[ResourceOptions] = None)
@overload
def KeyMaterial(resource_name: str,
opts: Optional[ResourceOptions] = None,
encrypted_key_material: Optional[str] = None,
import_token: Optional[str] = None,
expiration_model: Optional[str] = None,
key_id: Optional[str] = None,
key_name: Optional[str] = None,
keyring_name: Optional[str] = None,
valid_to: Optional[int] = None)func NewKeyMaterial(ctx *Context, name string, args KeyMaterialArgs, opts ...ResourceOption) (*KeyMaterial, error)public KeyMaterial(string name, KeyMaterialArgs args, CustomResourceOptions? opts = null)
public KeyMaterial(String name, KeyMaterialArgs args)
public KeyMaterial(String name, KeyMaterialArgs args, CustomResourceOptions options)
type: volcengine:kms:KeyMaterial
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args KeyMaterialArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args KeyMaterialArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args KeyMaterialArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args KeyMaterialArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args KeyMaterialArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var keyMaterialResource = new Volcengine.Kms.KeyMaterial("keyMaterialResource", new()
{
EncryptedKeyMaterial = "string",
ImportToken = "string",
ExpirationModel = "string",
KeyId = "string",
KeyName = "string",
KeyringName = "string",
ValidTo = 0,
});
example, err := kms.NewKeyMaterial(ctx, "keyMaterialResource", &kms.KeyMaterialArgs{
EncryptedKeyMaterial: pulumi.String("string"),
ImportToken: pulumi.String("string"),
ExpirationModel: pulumi.String("string"),
KeyId: pulumi.String("string"),
KeyName: pulumi.String("string"),
KeyringName: pulumi.String("string"),
ValidTo: pulumi.Int(0),
})
var keyMaterialResource = new KeyMaterial("keyMaterialResource", KeyMaterialArgs.builder()
.encryptedKeyMaterial("string")
.importToken("string")
.expirationModel("string")
.keyId("string")
.keyName("string")
.keyringName("string")
.validTo(0)
.build());
key_material_resource = volcengine.kms.KeyMaterial("keyMaterialResource",
encrypted_key_material="string",
import_token="string",
expiration_model="string",
key_id="string",
key_name="string",
keyring_name="string",
valid_to=0)
const keyMaterialResource = new volcengine.kms.KeyMaterial("keyMaterialResource", {
encryptedKeyMaterial: "string",
importToken: "string",
expirationModel: "string",
keyId: "string",
keyName: "string",
keyringName: "string",
validTo: 0,
});
type: volcengine:kms:KeyMaterial
properties:
encryptedKeyMaterial: string
expirationModel: string
importToken: string
keyId: string
keyName: string
keyringName: string
validTo: 0
KeyMaterial Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The KeyMaterial resource accepts the following input properties:
- Encrypted
Key stringMaterial - The encrypted key material, Base64 encoded.
- Import
Token string - The import token.
- Expiration
Model string - The expiration model of key material. Valid values:
KEY_MATERIAL_DOES_NOT_EXPIRE,KEY_MATERIAL_EXPIRES. Default value:KEY_MATERIAL_DOES_NOT_EXPIRE. - Key
Id string - The id of key. When key_id is not specified, both keyring_name and key_name must be specified.
- Key
Name string - The name of key.
- Keyring
Name string - The name of keyring.
- Valid
To int - The valid to timestamp of key material. Required when expiration_model is KEY_MATERIAL_EXPIRES. Unit: second.
- Encrypted
Key stringMaterial - The encrypted key material, Base64 encoded.
- Import
Token string - The import token.
- Expiration
Model string - The expiration model of key material. Valid values:
KEY_MATERIAL_DOES_NOT_EXPIRE,KEY_MATERIAL_EXPIRES. Default value:KEY_MATERIAL_DOES_NOT_EXPIRE. - Key
Id string - The id of key. When key_id is not specified, both keyring_name and key_name must be specified.
- Key
Name string - The name of key.
- Keyring
Name string - The name of keyring.
- Valid
To int - The valid to timestamp of key material. Required when expiration_model is KEY_MATERIAL_EXPIRES. Unit: second.
- encrypted
Key StringMaterial - The encrypted key material, Base64 encoded.
- import
Token String - The import token.
- expiration
Model String - The expiration model of key material. Valid values:
KEY_MATERIAL_DOES_NOT_EXPIRE,KEY_MATERIAL_EXPIRES. Default value:KEY_MATERIAL_DOES_NOT_EXPIRE. - key
Id String - The id of key. When key_id is not specified, both keyring_name and key_name must be specified.
- key
Name String - The name of key.
- keyring
Name String - The name of keyring.
- valid
To Integer - The valid to timestamp of key material. Required when expiration_model is KEY_MATERIAL_EXPIRES. Unit: second.
- encrypted
Key stringMaterial - The encrypted key material, Base64 encoded.
- import
Token string - The import token.
- expiration
Model string - The expiration model of key material. Valid values:
KEY_MATERIAL_DOES_NOT_EXPIRE,KEY_MATERIAL_EXPIRES. Default value:KEY_MATERIAL_DOES_NOT_EXPIRE. - key
Id string - The id of key. When key_id is not specified, both keyring_name and key_name must be specified.
- key
Name string - The name of key.
- keyring
Name string - The name of keyring.
- valid
To number - The valid to timestamp of key material. Required when expiration_model is KEY_MATERIAL_EXPIRES. Unit: second.
- encrypted_
key_ strmaterial - The encrypted key material, Base64 encoded.
- import_
token str - The import token.
- expiration_
model str - The expiration model of key material. Valid values:
KEY_MATERIAL_DOES_NOT_EXPIRE,KEY_MATERIAL_EXPIRES. Default value:KEY_MATERIAL_DOES_NOT_EXPIRE. - key_
id str - The id of key. When key_id is not specified, both keyring_name and key_name must be specified.
- key_
name str - The name of key.
- keyring_
name str - The name of keyring.
- valid_
to int - The valid to timestamp of key material. Required when expiration_model is KEY_MATERIAL_EXPIRES. Unit: second.
- encrypted
Key StringMaterial - The encrypted key material, Base64 encoded.
- import
Token String - The import token.
- expiration
Model String - The expiration model of key material. Valid values:
KEY_MATERIAL_DOES_NOT_EXPIRE,KEY_MATERIAL_EXPIRES. Default value:KEY_MATERIAL_DOES_NOT_EXPIRE. - key
Id String - The id of key. When key_id is not specified, both keyring_name and key_name must be specified.
- key
Name String - The name of key.
- keyring
Name String - The name of keyring.
- valid
To Number - The valid to timestamp of key material. Required when expiration_model is KEY_MATERIAL_EXPIRES. Unit: second.
Outputs
All input properties are implicitly available as output properties. Additionally, the KeyMaterial resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing KeyMaterial Resource
Get an existing KeyMaterial resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: KeyMaterialState, opts?: CustomResourceOptions): KeyMaterial@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
encrypted_key_material: Optional[str] = None,
expiration_model: Optional[str] = None,
import_token: Optional[str] = None,
key_id: Optional[str] = None,
key_name: Optional[str] = None,
keyring_name: Optional[str] = None,
valid_to: Optional[int] = None) -> KeyMaterialfunc GetKeyMaterial(ctx *Context, name string, id IDInput, state *KeyMaterialState, opts ...ResourceOption) (*KeyMaterial, error)public static KeyMaterial Get(string name, Input<string> id, KeyMaterialState? state, CustomResourceOptions? opts = null)public static KeyMaterial get(String name, Output<String> id, KeyMaterialState state, CustomResourceOptions options)resources: _: type: volcengine:kms:KeyMaterial get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Encrypted
Key stringMaterial - The encrypted key material, Base64 encoded.
- Expiration
Model string - The expiration model of key material. Valid values:
KEY_MATERIAL_DOES_NOT_EXPIRE,KEY_MATERIAL_EXPIRES. Default value:KEY_MATERIAL_DOES_NOT_EXPIRE. - Import
Token string - The import token.
- Key
Id string - The id of key. When key_id is not specified, both keyring_name and key_name must be specified.
- Key
Name string - The name of key.
- Keyring
Name string - The name of keyring.
- Valid
To int - The valid to timestamp of key material. Required when expiration_model is KEY_MATERIAL_EXPIRES. Unit: second.
- Encrypted
Key stringMaterial - The encrypted key material, Base64 encoded.
- Expiration
Model string - The expiration model of key material. Valid values:
KEY_MATERIAL_DOES_NOT_EXPIRE,KEY_MATERIAL_EXPIRES. Default value:KEY_MATERIAL_DOES_NOT_EXPIRE. - Import
Token string - The import token.
- Key
Id string - The id of key. When key_id is not specified, both keyring_name and key_name must be specified.
- Key
Name string - The name of key.
- Keyring
Name string - The name of keyring.
- Valid
To int - The valid to timestamp of key material. Required when expiration_model is KEY_MATERIAL_EXPIRES. Unit: second.
- encrypted
Key StringMaterial - The encrypted key material, Base64 encoded.
- expiration
Model String - The expiration model of key material. Valid values:
KEY_MATERIAL_DOES_NOT_EXPIRE,KEY_MATERIAL_EXPIRES. Default value:KEY_MATERIAL_DOES_NOT_EXPIRE. - import
Token String - The import token.
- key
Id String - The id of key. When key_id is not specified, both keyring_name and key_name must be specified.
- key
Name String - The name of key.
- keyring
Name String - The name of keyring.
- valid
To Integer - The valid to timestamp of key material. Required when expiration_model is KEY_MATERIAL_EXPIRES. Unit: second.
- encrypted
Key stringMaterial - The encrypted key material, Base64 encoded.
- expiration
Model string - The expiration model of key material. Valid values:
KEY_MATERIAL_DOES_NOT_EXPIRE,KEY_MATERIAL_EXPIRES. Default value:KEY_MATERIAL_DOES_NOT_EXPIRE. - import
Token string - The import token.
- key
Id string - The id of key. When key_id is not specified, both keyring_name and key_name must be specified.
- key
Name string - The name of key.
- keyring
Name string - The name of keyring.
- valid
To number - The valid to timestamp of key material. Required when expiration_model is KEY_MATERIAL_EXPIRES. Unit: second.
- encrypted_
key_ strmaterial - The encrypted key material, Base64 encoded.
- expiration_
model str - The expiration model of key material. Valid values:
KEY_MATERIAL_DOES_NOT_EXPIRE,KEY_MATERIAL_EXPIRES. Default value:KEY_MATERIAL_DOES_NOT_EXPIRE. - import_
token str - The import token.
- key_
id str - The id of key. When key_id is not specified, both keyring_name and key_name must be specified.
- key_
name str - The name of key.
- keyring_
name str - The name of keyring.
- valid_
to int - The valid to timestamp of key material. Required when expiration_model is KEY_MATERIAL_EXPIRES. Unit: second.
- encrypted
Key StringMaterial - The encrypted key material, Base64 encoded.
- expiration
Model String - The expiration model of key material. Valid values:
KEY_MATERIAL_DOES_NOT_EXPIRE,KEY_MATERIAL_EXPIRES. Default value:KEY_MATERIAL_DOES_NOT_EXPIRE. - import
Token String - The import token.
- key
Id String - The id of key. When key_id is not specified, both keyring_name and key_name must be specified.
- key
Name String - The name of key.
- keyring
Name String - The name of keyring.
- valid
To Number - The valid to timestamp of key material. Required when expiration_model is KEY_MATERIAL_EXPIRES. Unit: second.
Package Details
- Repository
- volcengine volcengine/pulumi-volcengine
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
volcengineTerraform Provider.
Volcengine v0.0.46 published on Friday, Feb 27, 2026 by Volcengine
