1. Docs
  2. Reference
  3. API
  4. @pulumi/alicloud
  5. kms

Module kms

This page documents the language specification for the alicloud package. If you're looking for help working with the inputs, outputs, or functions of alicloud resources in a Pulumi program, please see the resource documentation for examples and API reference.

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-alicloud repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-alicloud repo.

Resources

Functions

Others

Resources

Resource Alias

class Alias extends CustomResource

Create an alias for the master key (CMK).

NOTE: Available in v1.77.0+.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

const thisKey = new alicloud.kms.Key("thisKey", {});
const thisAlias = new alicloud.kms.Alias("thisAlias", {
    aliasName: "alias/test_kms_alias",
    keyId: thisKey.id,
});

constructor

new Alias(name: string, args: AliasArgs, opts?: pulumi.CustomResourceOptions)

Create a Alias resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AliasState, opts?: pulumi.CustomResourceOptions): Alias

Get an existing Alias resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Alias

Returns true if the given object is an instance of Alias. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property aliasName

public aliasName: pulumi.Output<string>;

The alias of CMK. EncryptGenerateDataKeyDescribeKey can be called using aliases. Length of characters other than prefixes: minimum length of 1 character and maximum length of 255 characters. Must contain prefix alias/.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property keyId

public keyId: pulumi.Output<string>;

The id of the key.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Ciphertext

class Ciphertext extends CustomResource

constructor

new Ciphertext(name: string, args: CiphertextArgs, opts?: pulumi.CustomResourceOptions)

Create a Ciphertext resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: CiphertextState, opts?: pulumi.CustomResourceOptions): Ciphertext

Get an existing Ciphertext resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Ciphertext

Returns true if the given object is an instance of Ciphertext. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property ciphertextBlob

public ciphertextBlob: pulumi.Output<string>;

The ciphertext of the data key encrypted with the primary CMK version.

property encryptionContext

public encryptionContext: pulumi.Output<{[key: string]: string} | undefined>;

- (Optional, ForceNew) The Encryption context. If you specify this parameter here, it is also required when you call the Decrypt API operation. For more information, see Encryption Context.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property keyId

public keyId: pulumi.Output<string>;

The globally unique ID of the CMK.

property plaintext

public plaintext: pulumi.Output<string>;

The plaintext to be encrypted which must be encoded in Base64.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Key

class Key extends CustomResource

A kms key can help user to protect data security in the transmission process. For information about Alikms Key and how to use it, see What is Resource Alikms Key.

NOTE: Available in v1.85.0+.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

const key = new alicloud.kms.Key("key", {
    description: "Hello KMS",
    keyState: "Enabled",
    pendingWindowInDays: 7,
});

constructor

new Key(name: string, args?: KeyArgs, opts?: pulumi.CustomResourceOptions)

Create a Key resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: KeyState, opts?: pulumi.CustomResourceOptions): Key

Get an existing Key resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Key

Returns true if the given object is an instance of Key. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The Alicloud Resource Name (ARN) of the key. * creationDate -The date and time when the CMK was created. The time is displayed in UTC. * creator -The creator of the CMK. * deleteDate -The scheduled date to delete CMK. The time is displayed in UTC. This value is returned only when the KeyState value is PendingDeletion.

property automaticRotation

public automaticRotation: pulumi.Output<string | undefined>;

Specifies whether to enable automatic key rotation. Default:“Disabled”.

property creationDate

public creationDate: pulumi.Output<string>;

property creator

public creator: pulumi.Output<string>;

property deleteDate

public deleteDate: pulumi.Output<string>;

property deletionWindowInDays

public deletionWindowInDays: pulumi.Output<number | undefined>;

Field ‘deletion_window_in_days’ has been deprecated from provider version 1.85.0. New field ‘pending_window_in_days’ instead.

property description

public description: pulumi.Output<string | undefined>;

The description of the key as viewed in Alicloud console.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property isEnabled

public isEnabled: pulumi.Output<boolean | undefined>;

Field ‘is_enabled’ has been deprecated from provider version 1.85.0. New field ‘key_state’ instead.

property keySpec

public keySpec: pulumi.Output<string | undefined>;

The type of the CMK.

property keyState

public keyState: pulumi.Output<string | undefined>;

The status of CMK. Defaults to Enabled.

property keyUsage

public keyUsage: pulumi.Output<string | undefined>;

Specifies the usage of CMK. Currently, default to ‘ENCRYPT/DECRYPT’, indicating that CMK is used for encryption and decryption.

property lastRotationDate

public lastRotationDate: pulumi.Output<string>;

The date and time the last rotation was performed. The time is displayed in UTC.

property materialExpireTime

public materialExpireTime: pulumi.Output<string>;

The time and date the key material for the CMK expires. The time is displayed in UTC. If the value is empty, the key material for the CMK does not expire.

property nextRotationDate

public nextRotationDate: pulumi.Output<string>;

The time the next rotation is scheduled for execution.

property origin

public origin: pulumi.Output<string | undefined>;

The source of the key material for the CMK. Defaults to “Aliyun_KMS”.

property pendingWindowInDays

public pendingWindowInDays: pulumi.Output<number | undefined>;

Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.

property primaryKeyVersion

public primaryKeyVersion: pulumi.Output<string>;

The ID of the current primary key version of the symmetric CMK.

property protectionLevel

public protectionLevel: pulumi.Output<string | undefined>;

The protection level of the CMK. Defaults to “SOFTWARE”.

property rotationInterval

public rotationInterval: pulumi.Output<string | undefined>;

The period of automatic key rotation. Unit: seconds.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource KeyVersion

class KeyVersion extends CustomResource

Provides a Alikms Key Version resource. For information about Alikms Key Version and how to use it, see What is Resource Alikms Key Version.

NOTE: Available in v1.85.0+.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

const _this = new alicloud.kms.Key("this", {});
const keyversion = new alicloud.kms.KeyVersion("keyversion", {keyId: _this.id});

constructor

new KeyVersion(name: string, args: KeyVersionArgs, opts?: pulumi.CustomResourceOptions)

Create a KeyVersion resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: KeyVersionState, opts?: pulumi.CustomResourceOptions): KeyVersion

Get an existing KeyVersion resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is KeyVersion

Returns true if the given object is an instance of KeyVersion. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property creationDate

public creationDate: pulumi.Output<string>;

The date and time (UTC time) when the Alikms key version was created.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property keyId

public keyId: pulumi.Output<string>;

The id of the master key (CMK).

property keyVersionId

public keyVersionId: pulumi.Output<string>;

The id of the Alikms key version.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Secret

class Secret extends CustomResource

constructor

new Secret(name: string, args: SecretArgs, opts?: pulumi.CustomResourceOptions)

Create a Secret resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SecretState, opts?: pulumi.CustomResourceOptions): Secret

Get an existing Secret resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Secret

Returns true if the given object is an instance of Secret. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The Alicloud Resource Name (ARN) of the secret.

property description

public description: pulumi.Output<string | undefined>;

The description of the secret.

property encryptionKeyId

public encryptionKeyId: pulumi.Output<string | undefined>;

The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.

property forceDeleteWithoutRecovery

public forceDeleteWithoutRecovery: pulumi.Output<boolean | undefined>;

Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property plannedDeleteTime

public plannedDeleteTime: pulumi.Output<string>;

The time when the secret is scheduled to be deleted.

property recoveryWindowInDays

public recoveryWindowInDays: pulumi.Output<number | undefined>;

Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when forceDeleteWithoutRecovery is true.

property secretData

public secretData: pulumi.Output<string>;

The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version.

property secretDataType

public secretDataType: pulumi.Output<string | undefined>;

The type of the secret value. Valid values: text, binary. Default to “text”.

property secretName

public secretName: pulumi.Output<string>;

The name of the secret.

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A mapping of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property versionId

public versionId: pulumi.Output<string>;

The version number of the initial version. Version numbers are unique in each secret object.

property versionStages

public versionStages: pulumi.Output<string[]>;

) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with “ACSCurrent”.

Functions

Function getAliases

getAliases(args?: GetAliasesArgs, opts?: pulumi.InvokeOptions): Promise<GetAliasesResult>

This data source provides a list of KMS aliases in an Alibaba Cloud account according to the specified filters.

NOTE: Available in v1.79.0+.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

// Declare the data source
const kmsAliases = pulumi.output(alicloud.kms.getAliases({
    ids: ["d89e8a53-b708-41aa-8c67-6873axxx"],
    nameRegex: "alias/tf-testKmsAlias_123",
}, { async: true }));

export const firstKeyId = alicloud_kms_keys_kms_keys_ds.keys.0.id;

Function getCiphertext

getCiphertext(args: GetCiphertextArgs, opts?: pulumi.InvokeOptions): Promise<GetCiphertextResult>

Function getKeys

getKeys(args?: GetKeysArgs, opts?: pulumi.InvokeOptions): Promise<GetKeysResult>

This data source provides a list of KMS keys in an Alibaba Cloud account according to the specified filters.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

// Declare the data source
const kmsKeysDs = pulumi.output(alicloud.kms.getKeys({
    descriptionRegex: "Hello KMS",
    outputFile: "kms_keys.json",
}, { async: true }));

export const firstKeyId = kmsKeysDs.keys[0].id;

Function getKeyVersions

getKeyVersions(args: GetKeyVersionsArgs, opts?: pulumi.InvokeOptions): Promise<GetKeyVersionsResult>

This data source provides a list of KMS KeyVersions in an Alibaba Cloud account according to the specified filters.

NOTE: Available in v1.85.0+

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

// Declare the data source
const alicloudKmsKeyVersionsDs = pulumi.output(alicloud.kms.getKeyVersions({
    ids: ["d89e8a53-b708-41aa-8c67-6873axxx"],
    keyId: "08438c-b4d5-4d05-928c-07b7xxxx",
}, { async: true }));

export const allVersions = alicloudKmsKeyVersionsDs.versions;

Function getPlaintext

getPlaintext(args: GetPlaintextArgs, opts?: pulumi.InvokeOptions): Promise<GetPlaintextResult>

Function getSecrets

getSecrets(args?: GetSecretsArgs, opts?: pulumi.InvokeOptions): Promise<GetSecretsResult>

This data source provides a list of KMS Secrets in an Alibaba Cloud account according to the specified filters.

NOTE: Available in v1.86.0+.

Others

interface AliasArgs

interface AliasArgs

The set of arguments for constructing a Alias resource.

property aliasName

aliasName: pulumi.Input<string>;

The alias of CMK. EncryptGenerateDataKeyDescribeKey can be called using aliases. Length of characters other than prefixes: minimum length of 1 character and maximum length of 255 characters. Must contain prefix alias/.

property keyId

keyId: pulumi.Input<string>;

The id of the key.

interface AliasState

interface AliasState

Input properties used for looking up and filtering Alias resources.

property aliasName

aliasName?: pulumi.Input<string>;

The alias of CMK. EncryptGenerateDataKeyDescribeKey can be called using aliases. Length of characters other than prefixes: minimum length of 1 character and maximum length of 255 characters. Must contain prefix alias/.

property keyId

keyId?: pulumi.Input<string>;

The id of the key.

interface CiphertextArgs

interface CiphertextArgs

The set of arguments for constructing a Ciphertext resource.

property encryptionContext

encryptionContext?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

- (Optional, ForceNew) The Encryption context. If you specify this parameter here, it is also required when you call the Decrypt API operation. For more information, see Encryption Context.

property keyId

keyId: pulumi.Input<string>;

The globally unique ID of the CMK.

property plaintext

plaintext: pulumi.Input<string>;

The plaintext to be encrypted which must be encoded in Base64.

interface CiphertextState

interface CiphertextState

Input properties used for looking up and filtering Ciphertext resources.

property ciphertextBlob

ciphertextBlob?: pulumi.Input<string>;

The ciphertext of the data key encrypted with the primary CMK version.

property encryptionContext

encryptionContext?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

- (Optional, ForceNew) The Encryption context. If you specify this parameter here, it is also required when you call the Decrypt API operation. For more information, see Encryption Context.

property keyId

keyId?: pulumi.Input<string>;

The globally unique ID of the CMK.

property plaintext

plaintext?: pulumi.Input<string>;

The plaintext to be encrypted which must be encoded in Base64.

interface GetAliasesArgs

interface GetAliasesArgs

A collection of arguments for invoking getAliases.

property ids

ids?: string[];

A list of KMS aliases IDs. The value is same as KMS alias_name.

property nameRegex

nameRegex?: undefined | string;

A regex string to filter the results by the KMS alias name.

property outputFile

outputFile?: undefined | string;

interface GetAliasesResult

interface GetAliasesResult

A collection of values returned by getAliases.

property aliases

aliases: GetAliasesAlias[];

A list of KMS User alias. Each element contains the following attributes:

property id

id: string;

The provider-assigned unique ID for this managed resource.

property ids

ids: string[];

A list of kms aliases IDs. The value is same as KMS alias_name.

property nameRegex

nameRegex?: undefined | string;

property names

names: string[];

A list of KMS alias name.

property outputFile

outputFile?: undefined | string;

interface GetCiphertextArgs

interface GetCiphertextArgs

A collection of arguments for invoking getCiphertext.

property encryptionContext

encryptionContext?: undefined | {[key: string]: string};

- (Optional) The Encryption context. If you specify this parameter here, it is also required when you call the Decrypt API operation. For more information, see Encryption Context.

property keyId

keyId: string;

The globally unique ID of the CMK.

property plaintext

plaintext: string;

The plaintext to be encrypted which must be encoded in Base64.

interface GetCiphertextResult

interface GetCiphertextResult

A collection of values returned by getCiphertext.

property ciphertextBlob

ciphertextBlob: string;

The ciphertext of the data key encrypted with the primary CMK version.

property encryptionContext

encryptionContext?: undefined | {[key: string]: string};

property id

id: string;

The provider-assigned unique ID for this managed resource.

property keyId

keyId: string;

property plaintext

plaintext: string;

interface GetKeysArgs

interface GetKeysArgs

A collection of arguments for invoking getKeys.

property descriptionRegex

descriptionRegex?: undefined | string;

A regex string to filter the results by the KMS key description.

property ids

ids?: string[];

A list of KMS key IDs.

property outputFile

outputFile?: undefined | string;

property status

status?: undefined | string;

Filter the results by status of the KMS keys. Valid values: Enabled, Disabled, PendingDeletion.

interface GetKeysResult

interface GetKeysResult

A collection of values returned by getKeys.

property descriptionRegex

descriptionRegex?: undefined | string;

property id

id: string;

The provider-assigned unique ID for this managed resource.

property ids

ids: string[];

A list of KMS key IDs.

property keys

keys: GetKeysKey[];

A list of KMS keys. Each element contains the following attributes:

property outputFile

outputFile?: undefined | string;

property status

status?: undefined | string;

Status of the key. Possible values: Enabled, Disabled and PendingDeletion.

interface GetKeyVersionsArgs

interface GetKeyVersionsArgs

A collection of arguments for invoking getKeyVersions.

property ids

ids?: string[];

A list of KMS KeyVersion IDs.

property keyId

keyId: string;

The id of kms key.

property outputFile

outputFile?: undefined | string;

interface GetKeyVersionsResult

interface GetKeyVersionsResult

A collection of values returned by getKeyVersions.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property ids

ids: string[];

A list of KMS KeyVersion IDs.

property keyId

keyId: string;

ID of the key.

property outputFile

outputFile?: undefined | string;

property versions

versions: GetKeyVersionsVersion[];

A list of KMS KeyVersions. Each element contains the following attributes:

interface GetPlaintextArgs

interface GetPlaintextArgs

A collection of arguments for invoking getPlaintext.

property ciphertextBlob

ciphertextBlob: string;

The ciphertext to be decrypted.

property encryptionContext

encryptionContext?: undefined | {[key: string]: string};

- (Optional) The Encryption context. If you specify this parameter in the Encrypt or GenerateDataKey API operation, it is also required when you call the Decrypt API operation. For more information, see Encryption Context.

interface GetPlaintextResult

interface GetPlaintextResult

A collection of values returned by getPlaintext.

property ciphertextBlob

ciphertextBlob: string;

property encryptionContext

encryptionContext?: undefined | {[key: string]: string};

property id

id: string;

The provider-assigned unique ID for this managed resource.

property keyId

keyId: string;

The globally unique ID of the CMK. It is the ID of the CMK used to decrypt ciphertext.

property plaintext

plaintext: string;

The decrypted plaintext.

interface GetSecretsArgs

interface GetSecretsArgs

A collection of arguments for invoking getSecrets.

property fetchTags

fetchTags?: undefined | false | true;

Whether to include the predetermined resource tag in the return value. Default to false.

property ids

ids?: string[];

A list of KMS Secret ids. The value is same as KMS secret_name.

property nameRegex

nameRegex?: undefined | string;

A regex string to filter the results by the KMS secret_name.

property outputFile

outputFile?: undefined | string;

property tags

tags?: undefined | {[key: string]: any};

A mapping of tags to assign to the resource.

interface GetSecretsResult

interface GetSecretsResult

A collection of values returned by getSecrets.

property fetchTags

fetchTags?: undefined | false | true;

property id

id: string;

The provider-assigned unique ID for this managed resource.

property ids

ids: string[];

A list of Kms Secret ids. The value is same as KMS secret_name.

property nameRegex

nameRegex?: undefined | string;

property names

names: string[];

A list of KMS Secret names.

property outputFile

outputFile?: undefined | string;

property secrets

secrets: GetSecretsSecret[];

A list of KMS Secrets. Each element contains the following attributes:

property tags

tags?: undefined | {[key: string]: any};

A mapping of tags to assign to the resource.

interface KeyArgs

interface KeyArgs

The set of arguments for constructing a Key resource.

property automaticRotation

automaticRotation?: pulumi.Input<string>;

Specifies whether to enable automatic key rotation. Default:“Disabled”.

property deletionWindowInDays

DEPRECATED Field 'deletion_window_in_days' has been deprecated from provider version 1.85.0. New field 'pending_window_in_days' instead.
deletionWindowInDays?: pulumi.Input<number>;

Field ‘deletion_window_in_days’ has been deprecated from provider version 1.85.0. New field ‘pending_window_in_days’ instead.

property description

description?: pulumi.Input<string>;

The description of the key as viewed in Alicloud console.

property isEnabled

DEPRECATED Field 'is_enabled' has been deprecated from provider version 1.85.0. New field 'key_state' instead.
isEnabled?: pulumi.Input<boolean>;

Field ‘is_enabled’ has been deprecated from provider version 1.85.0. New field ‘key_state’ instead.

property keySpec

keySpec?: pulumi.Input<string>;

The type of the CMK.

property keyState

keyState?: pulumi.Input<string>;

The status of CMK. Defaults to Enabled.

property keyUsage

keyUsage?: pulumi.Input<string>;

Specifies the usage of CMK. Currently, default to ‘ENCRYPT/DECRYPT’, indicating that CMK is used for encryption and decryption.

property origin

origin?: pulumi.Input<string>;

The source of the key material for the CMK. Defaults to “Aliyun_KMS”.

property pendingWindowInDays

pendingWindowInDays?: pulumi.Input<number>;

Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.

property protectionLevel

protectionLevel?: pulumi.Input<string>;

The protection level of the CMK. Defaults to “SOFTWARE”.

property rotationInterval

rotationInterval?: pulumi.Input<string>;

The period of automatic key rotation. Unit: seconds.

interface KeyState

interface KeyState

Input properties used for looking up and filtering Key resources.

property arn

arn?: pulumi.Input<string>;

The Alicloud Resource Name (ARN) of the key. * creationDate -The date and time when the CMK was created. The time is displayed in UTC. * creator -The creator of the CMK. * deleteDate -The scheduled date to delete CMK. The time is displayed in UTC. This value is returned only when the KeyState value is PendingDeletion.

property automaticRotation

automaticRotation?: pulumi.Input<string>;

Specifies whether to enable automatic key rotation. Default:“Disabled”.

property creationDate

creationDate?: pulumi.Input<string>;

property creator

creator?: pulumi.Input<string>;

property deleteDate

deleteDate?: pulumi.Input<string>;

property deletionWindowInDays

DEPRECATED Field 'deletion_window_in_days' has been deprecated from provider version 1.85.0. New field 'pending_window_in_days' instead.
deletionWindowInDays?: pulumi.Input<number>;

Field ‘deletion_window_in_days’ has been deprecated from provider version 1.85.0. New field ‘pending_window_in_days’ instead.

property description

description?: pulumi.Input<string>;

The description of the key as viewed in Alicloud console.

property isEnabled

DEPRECATED Field 'is_enabled' has been deprecated from provider version 1.85.0. New field 'key_state' instead.
isEnabled?: pulumi.Input<boolean>;

Field ‘is_enabled’ has been deprecated from provider version 1.85.0. New field ‘key_state’ instead.

property keySpec

keySpec?: pulumi.Input<string>;

The type of the CMK.

property keyState

keyState?: pulumi.Input<string>;

The status of CMK. Defaults to Enabled.

property keyUsage

keyUsage?: pulumi.Input<string>;

Specifies the usage of CMK. Currently, default to ‘ENCRYPT/DECRYPT’, indicating that CMK is used for encryption and decryption.

property lastRotationDate

lastRotationDate?: pulumi.Input<string>;

The date and time the last rotation was performed. The time is displayed in UTC.

property materialExpireTime

materialExpireTime?: pulumi.Input<string>;

The time and date the key material for the CMK expires. The time is displayed in UTC. If the value is empty, the key material for the CMK does not expire.

property nextRotationDate

nextRotationDate?: pulumi.Input<string>;

The time the next rotation is scheduled for execution.

property origin

origin?: pulumi.Input<string>;

The source of the key material for the CMK. Defaults to “Aliyun_KMS”.

property pendingWindowInDays

pendingWindowInDays?: pulumi.Input<number>;

Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.

property primaryKeyVersion

primaryKeyVersion?: pulumi.Input<string>;

The ID of the current primary key version of the symmetric CMK.

property protectionLevel

protectionLevel?: pulumi.Input<string>;

The protection level of the CMK. Defaults to “SOFTWARE”.

property rotationInterval

rotationInterval?: pulumi.Input<string>;

The period of automatic key rotation. Unit: seconds.

interface KeyVersionArgs

interface KeyVersionArgs

The set of arguments for constructing a KeyVersion resource.

property keyId

keyId: pulumi.Input<string>;

The id of the master key (CMK).

interface KeyVersionState

interface KeyVersionState

Input properties used for looking up and filtering KeyVersion resources.

property creationDate

creationDate?: pulumi.Input<string>;

The date and time (UTC time) when the Alikms key version was created.

property keyId

keyId?: pulumi.Input<string>;

The id of the master key (CMK).

property keyVersionId

keyVersionId?: pulumi.Input<string>;

The id of the Alikms key version.

interface SecretArgs

interface SecretArgs

The set of arguments for constructing a Secret resource.

property description

description?: pulumi.Input<string>;

The description of the secret.

property encryptionKeyId

encryptionKeyId?: pulumi.Input<string>;

The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.

property forceDeleteWithoutRecovery

forceDeleteWithoutRecovery?: pulumi.Input<boolean>;

Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.

property recoveryWindowInDays

recoveryWindowInDays?: pulumi.Input<number>;

Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when forceDeleteWithoutRecovery is true.

property secretData

secretData: pulumi.Input<string>;

The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version.

property secretDataType

secretDataType?: pulumi.Input<string>;

The type of the secret value. Valid values: text, binary. Default to “text”.

property secretName

secretName: pulumi.Input<string>;

The name of the secret.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags to assign to the resource.

property versionId

versionId: pulumi.Input<string>;

The version number of the initial version. Version numbers are unique in each secret object.

property versionStages

versionStages?: pulumi.Input<pulumi.Input<string>[]>;

) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with “ACSCurrent”.

interface SecretState

interface SecretState

Input properties used for looking up and filtering Secret resources.

property arn

arn?: pulumi.Input<string>;

The Alicloud Resource Name (ARN) of the secret.

property description

description?: pulumi.Input<string>;

The description of the secret.

property encryptionKeyId

encryptionKeyId?: pulumi.Input<string>;

The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.

property forceDeleteWithoutRecovery

forceDeleteWithoutRecovery?: pulumi.Input<boolean>;

Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.

property plannedDeleteTime

plannedDeleteTime?: pulumi.Input<string>;

The time when the secret is scheduled to be deleted.

property recoveryWindowInDays

recoveryWindowInDays?: pulumi.Input<number>;

Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when forceDeleteWithoutRecovery is true.

property secretData

secretData?: pulumi.Input<string>;

The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version.

property secretDataType

secretDataType?: pulumi.Input<string>;

The type of the secret value. Valid values: text, binary. Default to “text”.

property secretName

secretName?: pulumi.Input<string>;

The name of the secret.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags to assign to the resource.

property versionId

versionId?: pulumi.Input<string>;

The version number of the initial version. Version numbers are unique in each secret object.

property versionStages

versionStages?: pulumi.Input<pulumi.Input<string>[]>;

) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with “ACSCurrent”.