CryptoKey

A CryptoKey represents a logical key that can be used for cryptographic operations.

Note: CryptoKeys cannot be deleted from Google Cloud Platform. Destroying a provider-managed CryptoKey will remove it from state and delete all CryptoKeyVersions, rendering the key unusable, but will not delete the resource on the server. When the provider destroys these keys, any data previously encrypted with these keys will be irrecoverable. For this reason, it is strongly recommended that you add lifecycle hooks to the resource to prevent accidental destruction.

To get more information about CryptoKey, see:

API documentation
How-to Guides
- Creating a key

Create a CryptoKey Resource

new CryptoKey(name: string, args: CryptoKeyArgs, opts?: CustomResourceOptions);

def CryptoKey(resource_name, opts=None, key_ring=None, labels=None, name=None, purpose=None, rotation_period=None, version_template=None, __props__=None);

func NewCryptoKey(ctx *Context, name string, args CryptoKeyArgs, opts ...ResourceOption) (*CryptoKey, error)

public CryptoKey(string name, CryptoKeyArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args CryptoKeyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args CryptoKeyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args CryptoKeyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

CryptoKey Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The CryptoKey resource accepts the following input properties:

KeyRing string: The KeyRing that this key belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.
Labels Dictionary<string, string>: Labels with user-defined metadata to apply to this resource.
Name string: The resource name for the CryptoKey.
Purpose string: The immutable purpose of this CryptoKey. See the purpose reference for possible inputs.
RotationPeriod string: Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds). It must be greater than a day (ie, 86400).
VersionTemplate CryptoKeyVersionTemplateArgs: A template describing settings for new crypto key versions. Structure is documented below.

KeyRing string: The KeyRing that this key belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.
Labels map[string]string: Labels with user-defined metadata to apply to this resource.
Name string: The resource name for the CryptoKey.
Purpose string: The immutable purpose of this CryptoKey. See the purpose reference for possible inputs.
RotationPeriod string: Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds). It must be greater than a day (ie, 86400).
VersionTemplate CryptoKeyVersionTemplate: A template describing settings for new crypto key versions. Structure is documented below.

keyRing string: The KeyRing that this key belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.
labels {[key: string]: string}: Labels with user-defined metadata to apply to this resource.
name string: The resource name for the CryptoKey.
purpose string: The immutable purpose of this CryptoKey. See the purpose reference for possible inputs.
rotationPeriod string: Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds). It must be greater than a day (ie, 86400).
versionTemplate CryptoKeyVersionTemplate: A template describing settings for new crypto key versions. Structure is documented below.

key_ring str: The KeyRing that this key belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.
labels Dict[str, str]: Labels with user-defined metadata to apply to this resource.
name str: The resource name for the CryptoKey.
purpose str: The immutable purpose of this CryptoKey. See the purpose reference for possible inputs.
rotation_period str: Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds). It must be greater than a day (ie, 86400).
version_template Dict[CryptoKeyVersionTemplate]: A template describing settings for new crypto key versions. Structure is documented below.

Outputs

All input properties are implicitly available as output properties. Additionally, the CryptoKey resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
SelfLink string

Id string: The provider-assigned unique ID for this managed resource.
SelfLink string

id string: The provider-assigned unique ID for this managed resource.
selfLink string

id str: The provider-assigned unique ID for this managed resource.
self_link str

Look up an Existing CryptoKey Resource

Get an existing CryptoKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: CryptoKeyState, opts?: CustomResourceOptions): CryptoKey

static get(resource_name, id, opts=None, key_ring=None, labels=None, name=None, purpose=None, rotation_period=None, self_link=None, version_template=None, __props__=None);

func GetCryptoKey(ctx *Context, name string, id IDInput, state *CryptoKeyState, opts ...ResourceOption) (*CryptoKey, error)

public static CryptoKey Get(string name, Input<string> id, CryptoKeyState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

KeyRing string: The KeyRing that this key belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.
Labels Dictionary<string, string>: Labels with user-defined metadata to apply to this resource.
Name string: The resource name for the CryptoKey.
Purpose string: The immutable purpose of this CryptoKey. See the purpose reference for possible inputs.
RotationPeriod string: Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds). It must be greater than a day (ie, 86400).
SelfLink string
VersionTemplate CryptoKeyVersionTemplateArgs: A template describing settings for new crypto key versions. Structure is documented below.

KeyRing string: The KeyRing that this key belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.
Labels map[string]string: Labels with user-defined metadata to apply to this resource.
Name string: The resource name for the CryptoKey.
Purpose string: The immutable purpose of this CryptoKey. See the purpose reference for possible inputs.
RotationPeriod string: Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds). It must be greater than a day (ie, 86400).
SelfLink string
VersionTemplate CryptoKeyVersionTemplate: A template describing settings for new crypto key versions. Structure is documented below.

keyRing string: The KeyRing that this key belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.
labels {[key: string]: string}: Labels with user-defined metadata to apply to this resource.
name string: The resource name for the CryptoKey.
purpose string: The immutable purpose of this CryptoKey. See the purpose reference for possible inputs.
rotationPeriod string: Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds). It must be greater than a day (ie, 86400).
selfLink string
versionTemplate CryptoKeyVersionTemplate: A template describing settings for new crypto key versions. Structure is documented below.

key_ring str: The KeyRing that this key belongs to. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}'.
labels Dict[str, str]: Labels with user-defined metadata to apply to this resource.
name str: The resource name for the CryptoKey.
purpose str: The immutable purpose of this CryptoKey. See the purpose reference for possible inputs.
rotation_period str: Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds). It must be greater than a day (ie, 86400).
self_link str
version_template Dict[CryptoKeyVersionTemplate]: A template describing settings for new crypto key versions. Structure is documented below.

Supporting Types

CryptoKeyVersionTemplate

See the input and output API doc for this type.

Algorithm string: The algorithm to use when creating a version based on this template. See the algorithm reference for possible inputs.
ProtectionLevel string: The protection level to use when creating a version based on this template.

Algorithm string: The algorithm to use when creating a version based on this template. See the algorithm reference for possible inputs.
ProtectionLevel string: The protection level to use when creating a version based on this template.

algorithm string: The algorithm to use when creating a version based on this template. See the algorithm reference for possible inputs.
protectionLevel string: The protection level to use when creating a version based on this template.

algorithm str: The algorithm to use when creating a version based on this template. See the algorithm reference for possible inputs.
protection_level str: The protection level to use when creating a version based on this template.

Package Details

Repository: https://github.com/pulumi/pulumi-gcp
License: Apache-2.0
Notes: This Pulumi package is based on the google-beta Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud