Key

A kms key can help user to protect data security in the transmission process. For information about Alikms Key and how to use it, see What is Resource Alikms Key.

NOTE: Available in v1.85.0+.

Example Usage

using Pulumi;
using AliCloud = Pulumi.AliCloud;

class MyStack : Stack
{
    public MyStack()
    {
        var key = new AliCloud.Kms.Key("key", new AliCloud.Kms.KeyArgs
        {
            Description = "Hello KMS",
            KeyState = "Enabled",
            PendingWindowInDays = 7,
        });
    }

}

Coming soon!

import pulumi
import pulumi_alicloud as alicloud

key = alicloud.kms.Key("key",
    description="Hello KMS",
    key_state="Enabled",
    pending_window_in_days="7")

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

const key = new alicloud.kms.Key("key", {
    description: "Hello KMS",
    keyState: "Enabled",
    pendingWindowInDays: 7,
});

Create a Key Resource

new Key(name: string, args?: KeyArgs, opts?: CustomResourceOptions);

def Key(resource_name, opts=None, automatic_rotation=None, deletion_window_in_days=None, description=None, is_enabled=None, key_spec=None, key_state=None, key_usage=None, origin=None, pending_window_in_days=None, protection_level=None, rotation_interval=None, __props__=None);

func NewKey(ctx *Context, name string, args *KeyArgs, opts ...ResourceOption) (*Key, error)

public Key(string name, KeyArgs? args = null, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args KeyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args KeyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args KeyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

Key Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The Key resource accepts the following input properties:

AutomaticRotation string

Specifies whether to enable automatic key rotation. Default:“Disabled”.

DeletionWindowInDays int

Field ‘deletion_window_in_days’ has been deprecated from provider version 1.85.0. New field ‘pending_window_in_days’ instead.

Deprecated: Field 'deletion_window_in_days' has been deprecated from provider version 1.85.0. New field 'pending_window_in_days' instead.

Description string

The description of the key as viewed in Alicloud console.

IsEnabled bool

Field ‘is_enabled’ has been deprecated from provider version 1.85.0. New field ‘key_state’ instead.

Deprecated: Field 'is_enabled' has been deprecated from provider version 1.85.0. New field 'key_state' instead.

KeySpec string

The type of the CMK.

KeyStatus string

The status of CMK. Defaults to Enabled.

KeyUsage string

Specifies the usage of CMK. Currently, default to ‘ENCRYPT/DECRYPT’, indicating that CMK is used for encryption and decryption.

Origin string

The source of the key material for the CMK. Defaults to “Aliyun_KMS”.

PendingWindowInDays int

Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.

ProtectionLevel string

The protection level of the CMK. Defaults to “SOFTWARE”.

RotationInterval string

The period of automatic key rotation. Unit: seconds.

AutomaticRotation string

Specifies whether to enable automatic key rotation. Default:“Disabled”.

DeletionWindowInDays int

Field ‘deletion_window_in_days’ has been deprecated from provider version 1.85.0. New field ‘pending_window_in_days’ instead.

Deprecated: Field 'deletion_window_in_days' has been deprecated from provider version 1.85.0. New field 'pending_window_in_days' instead.

Description string

The description of the key as viewed in Alicloud console.

IsEnabled bool

Field ‘is_enabled’ has been deprecated from provider version 1.85.0. New field ‘key_state’ instead.

Deprecated: Field 'is_enabled' has been deprecated from provider version 1.85.0. New field 'key_state' instead.

KeySpec string

The type of the CMK.

KeyState string

The status of CMK. Defaults to Enabled.

KeyUsage string

Specifies the usage of CMK. Currently, default to ‘ENCRYPT/DECRYPT’, indicating that CMK is used for encryption and decryption.

Origin string

The source of the key material for the CMK. Defaults to “Aliyun_KMS”.

PendingWindowInDays int

Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.

ProtectionLevel string

The protection level of the CMK. Defaults to “SOFTWARE”.

RotationInterval string

The period of automatic key rotation. Unit: seconds.

automaticRotation string

Specifies whether to enable automatic key rotation. Default:“Disabled”.

deletionWindowInDays number

Field ‘deletion_window_in_days’ has been deprecated from provider version 1.85.0. New field ‘pending_window_in_days’ instead.

Deprecated: Field 'deletion_window_in_days' has been deprecated from provider version 1.85.0. New field 'pending_window_in_days' instead.

description string

The description of the key as viewed in Alicloud console.

isEnabled boolean

Field ‘is_enabled’ has been deprecated from provider version 1.85.0. New field ‘key_state’ instead.

Deprecated: Field 'is_enabled' has been deprecated from provider version 1.85.0. New field 'key_state' instead.

keySpec string

The type of the CMK.

keyState string

The status of CMK. Defaults to Enabled.

keyUsage string

Specifies the usage of CMK. Currently, default to ‘ENCRYPT/DECRYPT’, indicating that CMK is used for encryption and decryption.

origin string

The source of the key material for the CMK. Defaults to “Aliyun_KMS”.

pendingWindowInDays number

Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.

protectionLevel string

The protection level of the CMK. Defaults to “SOFTWARE”.

rotationInterval string

The period of automatic key rotation. Unit: seconds.

automatic_rotation str

Specifies whether to enable automatic key rotation. Default:“Disabled”.

deletion_window_in_days float

Field ‘deletion_window_in_days’ has been deprecated from provider version 1.85.0. New field ‘pending_window_in_days’ instead.

Deprecated: Field 'deletion_window_in_days' has been deprecated from provider version 1.85.0. New field 'pending_window_in_days' instead.

description str

The description of the key as viewed in Alicloud console.

is_enabled bool

Field ‘is_enabled’ has been deprecated from provider version 1.85.0. New field ‘key_state’ instead.

Deprecated: Field 'is_enabled' has been deprecated from provider version 1.85.0. New field 'key_state' instead.

key_spec str

The type of the CMK.

key_state str

The status of CMK. Defaults to Enabled.

key_usage str

Specifies the usage of CMK. Currently, default to ‘ENCRYPT/DECRYPT’, indicating that CMK is used for encryption and decryption.

origin str

The source of the key material for the CMK. Defaults to “Aliyun_KMS”.

pending_window_in_days float

Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.

protection_level str

The protection level of the CMK. Defaults to “SOFTWARE”.

rotation_interval str

The period of automatic key rotation. Unit: seconds.

Outputs

All input properties are implicitly available as output properties. Additionally, the Key resource produces the following output properties:

Arn string: The Alicloud Resource Name (ARN) of the key. * creation_date -The date and time when the CMK was created. The time is displayed in UTC. * creator -The creator of the CMK. * delete_date -The scheduled date to delete CMK. The time is displayed in UTC. This value is returned only when the KeyState value is PendingDeletion.
CreationDate string
Creator string
DeleteDate string
Id string: The provider-assigned unique ID for this managed resource.
LastRotationDate string: The date and time the last rotation was performed. The time is displayed in UTC.
MaterialExpireTime string: The time and date the key material for the CMK expires. The time is displayed in UTC. If the value is empty, the key material for the CMK does not expire.
NextRotationDate string: The time the next rotation is scheduled for execution.
PrimaryKeyVersion string: The ID of the current primary key version of the symmetric CMK.

Arn string: The Alicloud Resource Name (ARN) of the key. * creation_date -The date and time when the CMK was created. The time is displayed in UTC. * creator -The creator of the CMK. * delete_date -The scheduled date to delete CMK. The time is displayed in UTC. This value is returned only when the KeyState value is PendingDeletion.
CreationDate string
Creator string
DeleteDate string
Id string: The provider-assigned unique ID for this managed resource.
LastRotationDate string: The date and time the last rotation was performed. The time is displayed in UTC.
MaterialExpireTime string: The time and date the key material for the CMK expires. The time is displayed in UTC. If the value is empty, the key material for the CMK does not expire.
NextRotationDate string: The time the next rotation is scheduled for execution.
PrimaryKeyVersion string: The ID of the current primary key version of the symmetric CMK.

arn string: The Alicloud Resource Name (ARN) of the key. * creation_date -The date and time when the CMK was created. The time is displayed in UTC. * creator -The creator of the CMK. * delete_date -The scheduled date to delete CMK. The time is displayed in UTC. This value is returned only when the KeyState value is PendingDeletion.
creationDate string
creator string
deleteDate string
id string: The provider-assigned unique ID for this managed resource.
lastRotationDate string: The date and time the last rotation was performed. The time is displayed in UTC.
materialExpireTime string: The time and date the key material for the CMK expires. The time is displayed in UTC. If the value is empty, the key material for the CMK does not expire.
nextRotationDate string: The time the next rotation is scheduled for execution.
primaryKeyVersion string: The ID of the current primary key version of the symmetric CMK.

arn str: The Alicloud Resource Name (ARN) of the key. * creation_date -The date and time when the CMK was created. The time is displayed in UTC. * creator -The creator of the CMK. * delete_date -The scheduled date to delete CMK. The time is displayed in UTC. This value is returned only when the KeyState value is PendingDeletion.
creation_date str
creator str
delete_date str
id str: The provider-assigned unique ID for this managed resource.
last_rotation_date str: The date and time the last rotation was performed. The time is displayed in UTC.
material_expire_time str: The time and date the key material for the CMK expires. The time is displayed in UTC. If the value is empty, the key material for the CMK does not expire.
next_rotation_date str: The time the next rotation is scheduled for execution.
primary_key_version str: The ID of the current primary key version of the symmetric CMK.

Look up an Existing Key Resource

Get an existing Key resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: KeyState, opts?: CustomResourceOptions): Key

static get(resource_name, id, opts=None, arn=None, automatic_rotation=None, creation_date=None, creator=None, delete_date=None, deletion_window_in_days=None, description=None, is_enabled=None, key_spec=None, key_state=None, key_usage=None, last_rotation_date=None, material_expire_time=None, next_rotation_date=None, origin=None, pending_window_in_days=None, primary_key_version=None, protection_level=None, rotation_interval=None, __props__=None);

func GetKey(ctx *Context, name string, id IDInput, state *KeyState, opts ...ResourceOption) (*Key, error)

public static Key Get(string name, Input<string> id, KeyState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Arn string

The Alicloud Resource Name (ARN) of the key. * creation_date -The date and time when the CMK was created. The time is displayed in UTC. * creator -The creator of the CMK. * delete_date -The scheduled date to delete CMK. The time is displayed in UTC. This value is returned only when the KeyState value is PendingDeletion.

AutomaticRotation string

Specifies whether to enable automatic key rotation. Default:“Disabled”.

CreationDate string

Creator string

DeleteDate string

DeletionWindowInDays int

Field ‘deletion_window_in_days’ has been deprecated from provider version 1.85.0. New field ‘pending_window_in_days’ instead.

Deprecated: Field 'deletion_window_in_days' has been deprecated from provider version 1.85.0. New field 'pending_window_in_days' instead.

Description string

The description of the key as viewed in Alicloud console.

IsEnabled bool

Field ‘is_enabled’ has been deprecated from provider version 1.85.0. New field ‘key_state’ instead.

Deprecated: Field 'is_enabled' has been deprecated from provider version 1.85.0. New field 'key_state' instead.

KeySpec string

The type of the CMK.

KeyStatus string

The status of CMK. Defaults to Enabled.

KeyUsage string

Specifies the usage of CMK. Currently, default to ‘ENCRYPT/DECRYPT’, indicating that CMK is used for encryption and decryption.

LastRotationDate string

The date and time the last rotation was performed. The time is displayed in UTC.

MaterialExpireTime string

The time and date the key material for the CMK expires. The time is displayed in UTC. If the value is empty, the key material for the CMK does not expire.

NextRotationDate string

The time the next rotation is scheduled for execution.

Origin string

The source of the key material for the CMK. Defaults to “Aliyun_KMS”.

PendingWindowInDays int

Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.

PrimaryKeyVersion string

The ID of the current primary key version of the symmetric CMK.

ProtectionLevel string

The protection level of the CMK. Defaults to “SOFTWARE”.

RotationInterval string

The period of automatic key rotation. Unit: seconds.

Arn string

AutomaticRotation string

Specifies whether to enable automatic key rotation. Default:“Disabled”.

CreationDate string

Creator string

DeleteDate string

DeletionWindowInDays int

Field ‘deletion_window_in_days’ has been deprecated from provider version 1.85.0. New field ‘pending_window_in_days’ instead.

Deprecated: Field 'deletion_window_in_days' has been deprecated from provider version 1.85.0. New field 'pending_window_in_days' instead.

Description string

The description of the key as viewed in Alicloud console.

IsEnabled bool

Field ‘is_enabled’ has been deprecated from provider version 1.85.0. New field ‘key_state’ instead.

Deprecated: Field 'is_enabled' has been deprecated from provider version 1.85.0. New field 'key_state' instead.

KeySpec string

The type of the CMK.

KeyState string

The status of CMK. Defaults to Enabled.

KeyUsage string

Specifies the usage of CMK. Currently, default to ‘ENCRYPT/DECRYPT’, indicating that CMK is used for encryption and decryption.

LastRotationDate string

The date and time the last rotation was performed. The time is displayed in UTC.

MaterialExpireTime string

The time and date the key material for the CMK expires. The time is displayed in UTC. If the value is empty, the key material for the CMK does not expire.

NextRotationDate string

The time the next rotation is scheduled for execution.

Origin string

The source of the key material for the CMK. Defaults to “Aliyun_KMS”.

PendingWindowInDays int

Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.

PrimaryKeyVersion string

The ID of the current primary key version of the symmetric CMK.

ProtectionLevel string

The protection level of the CMK. Defaults to “SOFTWARE”.

RotationInterval string

The period of automatic key rotation. Unit: seconds.

arn string

automaticRotation string

Specifies whether to enable automatic key rotation. Default:“Disabled”.

creationDate string

creator string

deleteDate string

deletionWindowInDays number

Field ‘deletion_window_in_days’ has been deprecated from provider version 1.85.0. New field ‘pending_window_in_days’ instead.

Deprecated: Field 'deletion_window_in_days' has been deprecated from provider version 1.85.0. New field 'pending_window_in_days' instead.

description string

The description of the key as viewed in Alicloud console.

isEnabled boolean

Field ‘is_enabled’ has been deprecated from provider version 1.85.0. New field ‘key_state’ instead.

Deprecated: Field 'is_enabled' has been deprecated from provider version 1.85.0. New field 'key_state' instead.

keySpec string

The type of the CMK.

keyState string

The status of CMK. Defaults to Enabled.

keyUsage string

Specifies the usage of CMK. Currently, default to ‘ENCRYPT/DECRYPT’, indicating that CMK is used for encryption and decryption.

lastRotationDate string

The date and time the last rotation was performed. The time is displayed in UTC.

materialExpireTime string

The time and date the key material for the CMK expires. The time is displayed in UTC. If the value is empty, the key material for the CMK does not expire.

nextRotationDate string

The time the next rotation is scheduled for execution.

origin string

The source of the key material for the CMK. Defaults to “Aliyun_KMS”.

pendingWindowInDays number

Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.

primaryKeyVersion string

The ID of the current primary key version of the symmetric CMK.

protectionLevel string

The protection level of the CMK. Defaults to “SOFTWARE”.

rotationInterval string

The period of automatic key rotation. Unit: seconds.

arn str

automatic_rotation str

Specifies whether to enable automatic key rotation. Default:“Disabled”.

creation_date str

creator str

delete_date str

deletion_window_in_days float

Field ‘deletion_window_in_days’ has been deprecated from provider version 1.85.0. New field ‘pending_window_in_days’ instead.

Deprecated: Field 'deletion_window_in_days' has been deprecated from provider version 1.85.0. New field 'pending_window_in_days' instead.

description str

The description of the key as viewed in Alicloud console.

is_enabled bool

Field ‘is_enabled’ has been deprecated from provider version 1.85.0. New field ‘key_state’ instead.

Deprecated: Field 'is_enabled' has been deprecated from provider version 1.85.0. New field 'key_state' instead.

key_spec str

The type of the CMK.

key_state str

The status of CMK. Defaults to Enabled.

key_usage str

Specifies the usage of CMK. Currently, default to ‘ENCRYPT/DECRYPT’, indicating that CMK is used for encryption and decryption.

last_rotation_date str

The date and time the last rotation was performed. The time is displayed in UTC.

material_expire_time str

The time and date the key material for the CMK expires. The time is displayed in UTC. If the value is empty, the key material for the CMK does not expire.

next_rotation_date str