This page documents the language specification for the alicloud package. If you're looking for help working with the inputs, outputs, or functions of alicloud resources in a Pulumi program, please see the resource documentation for examples and API reference.

kms¶

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-alicloud repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-alicloud repo.

class pulumi_alicloud.kms.Alias(resource_name, opts=None, alias_name=None, key_id=None, __props__=None, __name__=None, __opts__=None)¶

Create an alias for the master key (CMK).

NOTE: Available in v1.77.0+.

import pulumi
import pulumi_alicloud as alicloud

this_key = alicloud.kms.Key("thisKey")
this_alias = alicloud.kms.Alias("thisAlias",
    alias_name="alias/test_kms_alias",
    key_id=this_key.id)

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
alias_name (pulumi.Input[str]) – The alias of CMK. Encrypt、GenerateDataKey、DescribeKey can be called using aliases. Length of characters other than prefixes: minimum length of 1 character and maximum length of 255 characters. Must contain prefix alias/.
key_id (pulumi.Input[str]) – The id of the key.

alias_name: pulumi.Output[str] = None¶: The alias of CMK. Encrypt、GenerateDataKey、DescribeKey can be called using aliases. Length of characters other than prefixes: minimum length of 1 character and maximum length of 255 characters. Must contain prefix alias/.

key_id: pulumi.Output[str] = None¶: The id of the key.

static get(resource_name, id, opts=None, alias_name=None, key_id=None)¶

Get an existing Alias resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
alias_name (pulumi.Input[str]) – The alias of CMK. Encrypt、GenerateDataKey、DescribeKey can be called using aliases. Length of characters other than prefixes: minimum length of 1 character and maximum length of 255 characters. Must contain prefix alias/.
key_id (pulumi.Input[str]) – The id of the key.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_alicloud.kms.AwaitableGetAliasesResult(aliases=None, id=None, ids=None, name_regex=None, names=None, output_file=None)¶

class pulumi_alicloud.kms.AwaitableGetCiphertextResult(ciphertext_blob=None, encryption_context=None, id=None, key_id=None, plaintext=None)¶

class pulumi_alicloud.kms.AwaitableGetKeyVersionsResult(id=None, ids=None, key_id=None, output_file=None, versions=None)¶

class pulumi_alicloud.kms.AwaitableGetKeysResult(description_regex=None, id=None, ids=None, keys=None, output_file=None, status=None)¶

class pulumi_alicloud.kms.AwaitableGetPlaintextResult(ciphertext_blob=None, encryption_context=None, id=None, key_id=None, plaintext=None)¶

class pulumi_alicloud.kms.AwaitableGetSecretVersionsResult(enable_details=None, id=None, ids=None, include_deprecated=None, output_file=None, secret_name=None, version_stage=None, versions=None)¶

class pulumi_alicloud.kms.AwaitableGetSecretsResult(fetch_tags=None, id=None, ids=None, name_regex=None, names=None, output_file=None, secrets=None, tags=None)¶

class pulumi_alicloud.kms.Ciphertext(resource_name, opts=None, encryption_context=None, key_id=None, plaintext=None, __props__=None, __name__=None, __opts__=None)¶

Create a Ciphertext resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[dict] encryption_context: -

(Optional, ForceNew) The Encryption context. If you specify this parameter here, it is also required when you call the Decrypt API operation. For more information, see Encryption Context.

Parameters

key_id (pulumi.Input[str]) – The globally unique ID of the CMK.
plaintext (pulumi.Input[str]) – The plaintext to be encrypted which must be encoded in Base64.

ciphertext_blob: pulumi.Output[str] = None¶: The ciphertext of the data key encrypted with the primary CMK version.

encryption_context: pulumi.Output[dict] = None¶

(Optional, ForceNew) The Encryption context. If you specify this parameter here, it is also required when you call the Decrypt API operation. For more information, see Encryption Context.

key_id: pulumi.Output[str] = None¶: The globally unique ID of the CMK.

plaintext: pulumi.Output[str] = None¶: The plaintext to be encrypted which must be encoded in Base64.

static get(resource_name, id, opts=None, ciphertext_blob=None, encryption_context=None, key_id=None, plaintext=None)¶

Get an existing Ciphertext resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
ciphertext_blob (pulumi.Input[str]) – The ciphertext of the data key encrypted with the primary CMK version.
encryption_context (pulumi.Input[dict]) –
(Optional, ForceNew) The Encryption context. If you specify this parameter here, it is also required when you call the Decrypt API operation. For more information, see Encryption Context.
key_id (pulumi.Input[str]) – The globally unique ID of the CMK.
plaintext (pulumi.Input[str]) – The plaintext to be encrypted which must be encoded in Base64.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_alicloud.kms.GetAliasesResult(aliases=None, id=None, ids=None, name_regex=None, names=None, output_file=None)¶

A collection of values returned by getAliases.

aliases = None¶: A list of KMS User alias. Each element contains the following attributes:

id = None¶: The provider-assigned unique ID for this managed resource.

ids = None¶: A list of kms aliases IDs. The value is same as KMS alias_name.

names = None¶: A list of KMS alias name.

class pulumi_alicloud.kms.GetCiphertextResult(ciphertext_blob=None, encryption_context=None, id=None, key_id=None, plaintext=None)¶

A collection of values returned by getCiphertext.

ciphertext_blob = None¶: The ciphertext of the data key encrypted with the primary CMK version.

id = None¶: The provider-assigned unique ID for this managed resource.

class pulumi_alicloud.kms.GetKeyVersionsResult(id=None, ids=None, key_id=None, output_file=None, versions=None)¶

A collection of values returned by getKeyVersions.

id = None¶: The provider-assigned unique ID for this managed resource.

ids = None¶: A list of KMS KeyVersion IDs.

key_id = None¶: ID of the key.

versions = None¶: A list of KMS KeyVersions. Each element contains the following attributes:

class pulumi_alicloud.kms.GetKeysResult(description_regex=None, id=None, ids=None, keys=None, output_file=None, status=None)¶

A collection of values returned by getKeys.

id = None¶: The provider-assigned unique ID for this managed resource.

ids = None¶: A list of KMS key IDs.

keys = None¶: A list of KMS keys. Each element contains the following attributes:

status = None¶: Status of the key. Possible values: Enabled, Disabled and PendingDeletion.

class pulumi_alicloud.kms.GetPlaintextResult(ciphertext_blob=None, encryption_context=None, id=None, key_id=None, plaintext=None)¶

A collection of values returned by getPlaintext.

id = None¶: The provider-assigned unique ID for this managed resource.

key_id = None¶: The globally unique ID of the CMK. It is the ID of the CMK used to decrypt ciphertext.

plaintext = None¶: The decrypted plaintext.

class pulumi_alicloud.kms.GetSecretVersionsResult(enable_details=None, id=None, ids=None, include_deprecated=None, output_file=None, secret_name=None, version_stage=None, versions=None)¶

A collection of values returned by getSecretVersions.

id = None¶: The provider-assigned unique ID for this managed resource.

ids = None¶: A list of Kms Secret Version ids.

secret_name = None¶: The name of the secret.

versions = None¶: A list of KMS Secret Versions. Each element contains the following attributes:

class pulumi_alicloud.kms.GetSecretsResult(fetch_tags=None, id=None, ids=None, name_regex=None, names=None, output_file=None, secrets=None, tags=None)¶

A collection of values returned by getSecrets.

id = None¶: The provider-assigned unique ID for this managed resource.

ids = None¶: A list of Kms Secret ids. The value is same as KMS secret_name.

names = None¶: A list of KMS Secret names.

secrets = None¶: A list of KMS Secrets. Each element contains the following attributes:

tags = None¶: A mapping of tags to assign to the resource.

class pulumi_alicloud.kms.Key(resource_name, opts=None, automatic_rotation=None, deletion_window_in_days=None, description=None, is_enabled=None, key_spec=None, key_state=None, key_usage=None, origin=None, pending_window_in_days=None, protection_level=None, rotation_interval=None, __props__=None, __name__=None, __opts__=None)¶

A kms key can help user to protect data security in the transmission process. For information about Alikms Key and how to use it, see What is Resource Alikms Key.

NOTE: Available in v1.85.0+.

import pulumi
import pulumi_alicloud as alicloud

key = alicloud.kms.Key("key",
    description="Hello KMS",
    key_state="Enabled",
    pending_window_in_days="7")

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
automatic_rotation (pulumi.Input[str]) – Specifies whether to enable automatic key rotation. Default:”Disabled”.
deletion_window_in_days (pulumi.Input[float]) – Field ‘deletion_window_in_days’ has been deprecated from provider version 1.85.0. New field ‘pending_window_in_days’ instead.
description (pulumi.Input[str]) – The description of the key as viewed in Alicloud console.
is_enabled (pulumi.Input[bool]) – Field ‘is_enabled’ has been deprecated from provider version 1.85.0. New field ‘key_state’ instead.
key_spec (pulumi.Input[str]) – The type of the CMK.
key_state (pulumi.Input[str]) – The status of CMK. Defaults to Enabled.
key_usage (pulumi.Input[str]) – Specifies the usage of CMK. Currently, default to ‘ENCRYPT/DECRYPT’, indicating that CMK is used for encryption and decryption.
origin (pulumi.Input[str]) – The source of the key material for the CMK. Defaults to “Aliyun_KMS”.
pending_window_in_days (pulumi.Input[float]) – Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.
protection_level (pulumi.Input[str]) – The protection level of the CMK. Defaults to “SOFTWARE”.
rotation_interval (pulumi.Input[str]) – The period of automatic key rotation. Unit: seconds.

arn: pulumi.Output[str] = None¶

The Alicloud Resource Name (ARN) of the key.

creation_date -The date and time when the CMK was created. The time is displayed in UTC.
creator -The creator of the CMK.
delete_date -The scheduled date to delete CMK. The time is displayed in UTC. This value is returned only when the KeyState value is PendingDeletion.

automatic_rotation: pulumi.Output[str] = None¶: Specifies whether to enable automatic key rotation. Default:”Disabled”.

deletion_window_in_days: pulumi.Output[float] = None¶: Field ‘deletion_window_in_days’ has been deprecated from provider version 1.85.0. New field ‘pending_window_in_days’ instead.

description: pulumi.Output[str] = None¶: The description of the key as viewed in Alicloud console.

is_enabled: pulumi.Output[bool] = None¶: Field ‘is_enabled’ has been deprecated from provider version 1.85.0. New field ‘key_state’ instead.

key_spec: pulumi.Output[str] = None¶: The type of the CMK.

key_state: pulumi.Output[str] = None¶: The status of CMK. Defaults to Enabled.

key_usage: pulumi.Output[str] = None¶: Specifies the usage of CMK. Currently, default to ‘ENCRYPT/DECRYPT’, indicating that CMK is used for encryption and decryption.

last_rotation_date: pulumi.Output[str] = None¶: The date and time the last rotation was performed. The time is displayed in UTC.

material_expire_time: pulumi.Output[str] = None¶: The time and date the key material for the CMK expires. The time is displayed in UTC. If the value is empty, the key material for the CMK does not expire.

next_rotation_date: pulumi.Output[str] = None¶: The time the next rotation is scheduled for execution.

origin: pulumi.Output[str] = None¶: The source of the key material for the CMK. Defaults to “Aliyun_KMS”.

pending_window_in_days: pulumi.Output[float] = None¶: Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.

primary_key_version: pulumi.Output[str] = None¶: The ID of the current primary key version of the symmetric CMK.

protection_level: pulumi.Output[str] = None¶: The protection level of the CMK. Defaults to “SOFTWARE”.

rotation_interval: pulumi.Output[str] = None¶: The period of automatic key rotation. Unit: seconds.

static get(resource_name, id, opts=None, arn=None, automatic_rotation=None, creation_date=None, creator=None, delete_date=None, deletion_window_in_days=None, description=None, is_enabled=None, key_spec=None, key_state=None, key_usage=None, last_rotation_date=None, material_expire_time=None, next_rotation_date=None, origin=None, pending_window_in_days=None, primary_key_version=None, protection_level=None, rotation_interval=None)¶

Get an existing Key resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
arn (pulumi.Input[str]) – The Alicloud Resource Name (ARN) of the key.

* `creation_date` -The date and time when the CMK was created. The time is displayed in UTC.
* `creator` -The creator of the CMK.
* `delete_date` -The scheduled date to delete CMK. The time is displayed in UTC. This value is returned only when the KeyState value is PendingDeletion.

Parameters

automatic_rotation (pulumi.Input[str]) – Specifies whether to enable automatic key rotation. Default:”Disabled”.
deletion_window_in_days (pulumi.Input[float]) – Field ‘deletion_window_in_days’ has been deprecated from provider version 1.85.0. New field ‘pending_window_in_days’ instead.
description (pulumi.Input[str]) – The description of the key as viewed in Alicloud console.
is_enabled (pulumi.Input[bool]) – Field ‘is_enabled’ has been deprecated from provider version 1.85.0. New field ‘key_state’ instead.
key_spec (pulumi.Input[str]) – The type of the CMK.
key_state (pulumi.Input[str]) – The status of CMK. Defaults to Enabled.
key_usage (pulumi.Input[str]) – Specifies the usage of CMK. Currently, default to ‘ENCRYPT/DECRYPT’, indicating that CMK is used for encryption and decryption.
last_rotation_date (pulumi.Input[str]) – The date and time the last rotation was performed. The time is displayed in UTC.
material_expire_time (pulumi.Input[str]) – The time and date the key material for the CMK expires. The time is displayed in UTC. If the value is empty, the key material for the CMK does not expire.
next_rotation_date (pulumi.Input[str]) – The time the next rotation is scheduled for execution.
origin (pulumi.Input[str]) – The source of the key material for the CMK. Defaults to “Aliyun_KMS”.
pending_window_in_days (pulumi.Input[float]) – Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.
primary_key_version (pulumi.Input[str]) – The ID of the current primary key version of the symmetric CMK.
protection_level (pulumi.Input[str]) – The protection level of the CMK. Defaults to “SOFTWARE”.
rotation_interval (pulumi.Input[str]) – The period of automatic key rotation. Unit: seconds.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_alicloud.kms.KeyVersion(resource_name, opts=None, key_id=None, __props__=None, __name__=None, __opts__=None)¶

Provides a Alikms Key Version resource. For information about Alikms Key Version and how to use it, see What is Resource Alikms Key Version.

NOTE: Available in v1.85.0+.

import pulumi
import pulumi_alicloud as alicloud

this = alicloud.kms.Key("this")
keyversion = alicloud.kms.KeyVersion("keyversion", key_id=this.id)

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
key_id (pulumi.Input[str]) – The id of the master key (CMK).

creation_date: pulumi.Output[str] = None¶: The date and time (UTC time) when the Alikms key version was created.

key_id: pulumi.Output[str] = None¶: The id of the master key (CMK).

key_version_id: pulumi.Output[str] = None¶: The id of the Alikms key version.

static get(resource_name, id, opts=None, creation_date=None, key_id=None, key_version_id=None)¶

Get an existing KeyVersion resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
creation_date (pulumi.Input[str]) – The date and time (UTC time) when the Alikms key version was created.
key_id (pulumi.Input[str]) – The id of the master key (CMK).
key_version_id (pulumi.Input[str]) – The id of the Alikms key version.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_alicloud.kms.Secret(resource_name, opts=None, description=None, encryption_key_id=None, force_delete_without_recovery=None, recovery_window_in_days=None, secret_data=None, secret_data_type=None, secret_name=None, tags=None, version_id=None, version_stages=None, __props__=None, __name__=None, __opts__=None)¶

Create a Secret resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] description: The description of the secret. :param pulumi.Input[str] encryption_key_id: The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret. :param pulumi.Input[bool] force_delete_without_recovery: Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false. :param pulumi.Input[float] recovery_window_in_days: Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true. :param pulumi.Input[str] secret_data: The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version. :param pulumi.Input[str] secret_data_type: The type of the secret value. Valid values: text, binary. Default to “text”. :param pulumi.Input[str] secret_name: The name of the secret. :param pulumi.Input[dict] tags: A mapping of tags to assign to the resource. :param pulumi.Input[str] version_id: The version number of the initial version. Version numbers are unique in each secret object. :param pulumi.Input[list] version_stages: ) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with “ACSCurrent”.

arn: pulumi.Output[str] = None¶: The Alicloud Resource Name (ARN) of the secret.

description: pulumi.Output[str] = None¶: The description of the secret.

encryption_key_id: pulumi.Output[str] = None¶: The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.

force_delete_without_recovery: pulumi.Output[bool] = None¶: Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.

planned_delete_time: pulumi.Output[str] = None¶: The time when the secret is scheduled to be deleted.

recovery_window_in_days: pulumi.Output[float] = None¶: Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.

secret_data: pulumi.Output[str] = None¶: The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version.

secret_data_type: pulumi.Output[str] = None¶: The type of the secret value. Valid values: text, binary. Default to “text”.

secret_name: pulumi.Output[str] = None¶: The name of the secret.

tags: pulumi.Output[dict] = None¶: A mapping of tags to assign to the resource.

version_id: pulumi.Output[str] = None¶: The version number of the initial version. Version numbers are unique in each secret object.

version_stages: pulumi.Output[list] = None¶: ) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with “ACSCurrent”.

static get(resource_name, id, opts=None, arn=None, description=None, encryption_key_id=None, force_delete_without_recovery=None, planned_delete_time=None, recovery_window_in_days=None, secret_data=None, secret_data_type=None, secret_name=None, tags=None, version_id=None, version_stages=None)¶

Get an existing Secret resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
arn (pulumi.Input[str]) – The Alicloud Resource Name (ARN) of the secret.
description (pulumi.Input[str]) – The description of the secret.
encryption_key_id (pulumi.Input[str]) – The ID of the KMS CMK that is used to encrypt the secret value. If you do not specify this parameter, Secrets Manager automatically creates an encryption key to encrypt the secret.
force_delete_without_recovery (pulumi.Input[bool]) – Specifies whether to forcibly delete the secret. If this parameter is set to true, the secret cannot be recovered. Valid values: true, false. Default to: false.
planned_delete_time (pulumi.Input[str]) – The time when the secret is scheduled to be deleted.
recovery_window_in_days (pulumi.Input[float]) – Specifies the recovery period of the secret if you do not forcibly delete it. Default value: 30. It will be ignored when force_delete_without_recovery is true.
secret_data (pulumi.Input[str]) – The value of the secret that you want to create. Secrets Manager encrypts the secret value and stores it in the initial version.
secret_data_type (pulumi.Input[str]) – The type of the secret value. Valid values: text, binary. Default to “text”.
secret_name (pulumi.Input[str]) – The name of the secret.
tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.
version_id (pulumi.Input[str]) – The version number of the initial version. Version numbers are unique in each secret object.
version_stages (pulumi.Input[list]) – ) The stage labels that mark the new secret version. If you do not specify this parameter, Secrets Manager marks it with “ACSCurrent”.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

pulumi_alicloud.kms.get_aliases(ids=None, name_regex=None, output_file=None, opts=None)¶

This data source provides a list of KMS aliases in an Alibaba Cloud account according to the specified filters.

NOTE: Available in v1.79.0+.

import pulumi
import pulumi_alicloud as alicloud

kms_aliases = alicloud.kms.get_aliases(ids=["d89e8a53-b708-41aa-8c67-6873axxx"],
    name_regex="alias/tf-testKmsAlias_123")
pulumi.export("firstKeyId", data["kms.getKeys"]["kms_keys_ds"]["keys"][0]["id"])

Parameters

ids (list) – A list of KMS aliases IDs. The value is same as KMS alias_name.
name_regex (str) – A regex string to filter the results by the KMS alias name.

pulumi_alicloud.kms.get_ciphertext(encryption_context=None, key_id=None, plaintext=None, opts=None)¶

Use this data source to access information about an existing resource.

Parameters

encryption_context (dict) –
(Optional) The Encryption context. If you specify this parameter here, it is also required when you call the Decrypt API operation. For more information, see Encryption Context.
key_id (str) – The globally unique ID of the CMK.
plaintext (str) – The plaintext to be encrypted which must be encoded in Base64.

pulumi_alicloud.kms.get_key_versions(ids=None, key_id=None, output_file=None, opts=None)¶

This data source provides a list of KMS KeyVersions in an Alibaba Cloud account according to the specified filters.

NOTE: Available in v1.85.0+

import pulumi
import pulumi_alicloud as alicloud

alicloud_kms_key_versions_ds = alicloud.kms.get_key_versions(ids=["d89e8a53-b708-41aa-8c67-6873axxx"],
    key_id="08438c-b4d5-4d05-928c-07b7xxxx")
pulumi.export("allVersions", alicloud_kms_key_versions_ds.versions)

Parameters

ids (list) – A list of KMS KeyVersion IDs.
key_id (str) – The id of kms key.

pulumi_alicloud.kms.get_keys(description_regex=None, ids=None, output_file=None, status=None, opts=None)¶

This data source provides a list of KMS keys in an Alibaba Cloud account according to the specified filters.

import pulumi
import pulumi_alicloud as alicloud

kms_keys_ds = alicloud.kms.get_keys(description_regex="Hello KMS",
    output_file="kms_keys.json")
pulumi.export("firstKeyId", kms_keys_ds.keys[0]["id"])

Parameters

description_regex (str) – A regex string to filter the results by the KMS key description.
ids (list) – A list of KMS key IDs.
status (str) – Filter the results by status of the KMS keys. Valid values: Enabled, Disabled, PendingDeletion.

pulumi_alicloud.kms.get_plaintext(ciphertext_blob=None, encryption_context=None, opts=None)¶

Use this data source to access information about an existing resource.

Parameters

ciphertext_blob (str) – The ciphertext to be decrypted.
encryption_context (dict) –
(Optional) The Encryption context. If you specify this parameter in the Encrypt or GenerateDataKey API operation, it is also required when you call the Decrypt API operation. For more information, see Encryption Context.

pulumi_alicloud.kms.get_secret_versions(enable_details=None, ids=None, include_deprecated=None, output_file=None, secret_name=None, version_stage=None, opts=None)¶

This data source provides a list of KMS Secret Versions in an Alibaba Cloud account according to the specified filters.

NOTE: Available in v1.88.0+.

import pulumi
import pulumi_alicloud as alicloud

kms_secret_versions_ds = alicloud.kms.get_secret_versions(enable_details=True,
    secret_name="secret_name")
pulumi.export("firstSecretData", kms_secret_versions_ds.versions[0]["secret_data"])

Parameters

enable_details (bool) – Default to false and only output secret_name, version_id, version_stages. Set it to true can output more details.
ids (list) – A list of KMS Secret Version ids.
include_deprecated (str) – Specifies whether to return deprecated secret versions. Default to false.
secret_name (str) – The name of the secret.
version_stage (str) – The stage of the secret version.

pulumi_alicloud.kms.get_secrets(fetch_tags=None, ids=None, name_regex=None, output_file=None, tags=None, opts=None)¶

This data source provides a list of KMS Secrets in an Alibaba Cloud account according to the specified filters.

NOTE: Available in v1.86.0+.

import pulumi
import pulumi_alicloud as alicloud

kms_secrets_ds = alicloud.kms.get_secrets(fetch_tags=True,
    name_regex="name_regex",
    tags={
        "k-aa": "v-aa",
        "k-bb": "v-bb",
    })
pulumi.export("firstSecretId", kms_secrets_ds.secrets[0]["id"])

Parameters

fetch_tags (bool) – Whether to include the predetermined resource tag in the return value. Default to false.
ids (list) – A list of KMS Secret ids. The value is same as KMS secret_name.
name_regex (str) – A regex string to filter the results by the KMS secret_name.
tags (dict) – A mapping of tags to assign to the resource.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

kms¶

On This Page