Docs Home
tencentcloud 1.81.182 published on Monday, Apr 14, 2025 by tencentcloudstack
tencentcloud.KmsExternalKey
Explore with Pulumi AI
tencentcloud 1.81.182 published on Monday, Apr 14, 2025 by tencentcloudstack
Provide a resource to create a KMS external key.
Example Usage
Create a basic instance.
import * as pulumi from "@pulumi/pulumi";
import * as tencentcloud from "@pulumi/tencentcloud";
const example = new tencentcloud.KmsExternalKey("example", {
alias: "tf-example-kms-externalkey",
description: "example of kms external key",
tags: {
createdBy: "terraform",
},
});
import pulumi
import pulumi_tencentcloud as tencentcloud
example = tencentcloud.KmsExternalKey("example",
alias="tf-example-kms-externalkey",
description="example of kms external key",
tags={
"createdBy": "terraform",
})
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/tencentcloud/tencentcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := tencentcloud.NewKmsExternalKey(ctx, "example", &tencentcloud.KmsExternalKeyArgs{
Alias: pulumi.String("tf-example-kms-externalkey"),
Description: pulumi.String("example of kms external key"),
Tags: pulumi.StringMap{
"createdBy": pulumi.String("terraform"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Tencentcloud = Pulumi.Tencentcloud;
return await Deployment.RunAsync(() =>
{
var example = new Tencentcloud.KmsExternalKey("example", new()
{
Alias = "tf-example-kms-externalkey",
Description = "example of kms external key",
Tags =
{
{ "createdBy", "terraform" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tencentcloud.KmsExternalKey;
import com.pulumi.tencentcloud.KmsExternalKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new KmsExternalKey("example", KmsExternalKeyArgs.builder()
.alias("tf-example-kms-externalkey")
.description("example of kms external key")
.tags(Map.of("createdBy", "terraform"))
.build());
}
}
resources:
example:
type: tencentcloud:KmsExternalKey
properties:
alias: tf-example-kms-externalkey
description: example of kms external key
tags:
createdBy: terraform
Specify the encryption algorithm and public key.
import * as pulumi from "@pulumi/pulumi";
import * as tencentcloud from "@pulumi/tencentcloud";
const example = new tencentcloud.KmsExternalKey("example", {
alias: "tf-example-kms-externalkey",
description: "example of kms external key",
isEnabled: true,
keyMaterialBase64: "your_public_key_base64_encoded",
tags: {
createdBy: "terraform",
},
wrappingAlgorithm: "RSAES_PKCS1_V1_5",
});
import pulumi
import pulumi_tencentcloud as tencentcloud
example = tencentcloud.KmsExternalKey("example",
alias="tf-example-kms-externalkey",
description="example of kms external key",
is_enabled=True,
key_material_base64="your_public_key_base64_encoded",
tags={
"createdBy": "terraform",
},
wrapping_algorithm="RSAES_PKCS1_V1_5")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/tencentcloud/tencentcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := tencentcloud.NewKmsExternalKey(ctx, "example", &tencentcloud.KmsExternalKeyArgs{
Alias: pulumi.String("tf-example-kms-externalkey"),
Description: pulumi.String("example of kms external key"),
IsEnabled: pulumi.Bool(true),
KeyMaterialBase64: pulumi.String("your_public_key_base64_encoded"),
Tags: pulumi.StringMap{
"createdBy": pulumi.String("terraform"),
},
WrappingAlgorithm: pulumi.String("RSAES_PKCS1_V1_5"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Tencentcloud = Pulumi.Tencentcloud;
return await Deployment.RunAsync(() =>
{
var example = new Tencentcloud.KmsExternalKey("example", new()
{
Alias = "tf-example-kms-externalkey",
Description = "example of kms external key",
IsEnabled = true,
KeyMaterialBase64 = "your_public_key_base64_encoded",
Tags =
{
{ "createdBy", "terraform" },
},
WrappingAlgorithm = "RSAES_PKCS1_V1_5",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tencentcloud.KmsExternalKey;
import com.pulumi.tencentcloud.KmsExternalKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new KmsExternalKey("example", KmsExternalKeyArgs.builder()
.alias("tf-example-kms-externalkey")
.description("example of kms external key")
.isEnabled(true)
.keyMaterialBase64("your_public_key_base64_encoded")
.tags(Map.of("createdBy", "terraform"))
.wrappingAlgorithm("RSAES_PKCS1_V1_5")
.build());
}
}
resources:
example:
type: tencentcloud:KmsExternalKey
properties:
alias: tf-example-kms-externalkey
description: example of kms external key
isEnabled: true
keyMaterialBase64: your_public_key_base64_encoded
tags:
createdBy: terraform
wrappingAlgorithm: RSAES_PKCS1_V1_5
Disable the external kms key.
import * as pulumi from "@pulumi/pulumi";
import * as tencentcloud from "@pulumi/tencentcloud";
const example = new tencentcloud.KmsExternalKey("example", {
alias: "tf-example-kms-externalkey",
description: "example of kms external key",
isEnabled: false,
keyMaterialBase64: "your_public_key_base64_encoded",
tags: {
"test-tag": "unit-test",
},
wrappingAlgorithm: "RSAES_PKCS1_V1_5",
});
import pulumi
import pulumi_tencentcloud as tencentcloud
example = tencentcloud.KmsExternalKey("example",
alias="tf-example-kms-externalkey",
description="example of kms external key",
is_enabled=False,
key_material_base64="your_public_key_base64_encoded",
tags={
"test-tag": "unit-test",
},
wrapping_algorithm="RSAES_PKCS1_V1_5")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/tencentcloud/tencentcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := tencentcloud.NewKmsExternalKey(ctx, "example", &tencentcloud.KmsExternalKeyArgs{
Alias: pulumi.String("tf-example-kms-externalkey"),
Description: pulumi.String("example of kms external key"),
IsEnabled: pulumi.Bool(false),
KeyMaterialBase64: pulumi.String("your_public_key_base64_encoded"),
Tags: pulumi.StringMap{
"test-tag": pulumi.String("unit-test"),
},
WrappingAlgorithm: pulumi.String("RSAES_PKCS1_V1_5"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Tencentcloud = Pulumi.Tencentcloud;
return await Deployment.RunAsync(() =>
{
var example = new Tencentcloud.KmsExternalKey("example", new()
{
Alias = "tf-example-kms-externalkey",
Description = "example of kms external key",
IsEnabled = false,
KeyMaterialBase64 = "your_public_key_base64_encoded",
Tags =
{
{ "test-tag", "unit-test" },
},
WrappingAlgorithm = "RSAES_PKCS1_V1_5",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tencentcloud.KmsExternalKey;
import com.pulumi.tencentcloud.KmsExternalKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new KmsExternalKey("example", KmsExternalKeyArgs.builder()
.alias("tf-example-kms-externalkey")
.description("example of kms external key")
.isEnabled(false)
.keyMaterialBase64("your_public_key_base64_encoded")
.tags(Map.of("test-tag", "unit-test"))
.wrappingAlgorithm("RSAES_PKCS1_V1_5")
.build());
}
}
resources:
example:
type: tencentcloud:KmsExternalKey
properties:
alias: tf-example-kms-externalkey
description: example of kms external key
isEnabled: false
keyMaterialBase64: your_public_key_base64_encoded
tags:
test-tag: unit-test
wrappingAlgorithm: RSAES_PKCS1_V1_5
Create KmsExternalKey Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new KmsExternalKey(name: string, args: KmsExternalKeyArgs, opts?: CustomResourceOptions);@overload
def KmsExternalKey(resource_name: str,
args: KmsExternalKeyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def KmsExternalKey(resource_name: str,
opts: Optional[ResourceOptions] = None,
alias: Optional[str] = None,
description: Optional[str] = None,
is_archived: Optional[bool] = None,
is_enabled: Optional[bool] = None,
key_material_base64: Optional[str] = None,
kms_external_key_id: Optional[str] = None,
pending_delete_window_in_days: Optional[float] = None,
tags: Optional[Mapping[str, str]] = None,
valid_to: Optional[float] = None,
wrapping_algorithm: Optional[str] = None)func NewKmsExternalKey(ctx *Context, name string, args KmsExternalKeyArgs, opts ...ResourceOption) (*KmsExternalKey, error)public KmsExternalKey(string name, KmsExternalKeyArgs args, CustomResourceOptions? opts = null)
public KmsExternalKey(String name, KmsExternalKeyArgs args)
public KmsExternalKey(String name, KmsExternalKeyArgs args, CustomResourceOptions options)
type: tencentcloud:KmsExternalKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args KmsExternalKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args KmsExternalKeyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args KmsExternalKeyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args KmsExternalKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args KmsExternalKeyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
KmsExternalKey Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The KmsExternalKey resource accepts the following input properties:
- Alias string
- Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
- Description string
- Description of CMK. The maximum is 1024 bytes.
- Is
Archived bool - Specify whether to archive key. Default value is
false. This field is conflict withis_enabled, valid when key_state isEnabled,Disabled,Archived. - Is
Enabled bool - Specify whether to enable key. Default value is
false. This field is conflict withis_archived, valid when key_state isEnabled,Disabled,Archived. - Key
Material stringBase64 - The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
- Kms
External stringKey Id - ID of the resource.
- Pending
Delete doubleWindow In Days - Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
- Dictionary<string, string>
- Tags of CMK.
- Valid
To double - This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
- Wrapping
Algorithm string - The algorithm for encrypting key material. Available values include
RSAES_PKCS1_V1_5,RSAES_OAEP_SHA_1andRSAES_OAEP_SHA_256. Default value isRSAES_PKCS1_V1_5.
- Alias string
- Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
- Description string
- Description of CMK. The maximum is 1024 bytes.
- Is
Archived bool - Specify whether to archive key. Default value is
false. This field is conflict withis_enabled, valid when key_state isEnabled,Disabled,Archived. - Is
Enabled bool - Specify whether to enable key. Default value is
false. This field is conflict withis_archived, valid when key_state isEnabled,Disabled,Archived. - Key
Material stringBase64 - The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
- Kms
External stringKey Id - ID of the resource.
- Pending
Delete float64Window In Days - Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
- map[string]string
- Tags of CMK.
- Valid
To float64 - This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
- Wrapping
Algorithm string - The algorithm for encrypting key material. Available values include
RSAES_PKCS1_V1_5,RSAES_OAEP_SHA_1andRSAES_OAEP_SHA_256. Default value isRSAES_PKCS1_V1_5.
- alias String
- Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
- description String
- Description of CMK. The maximum is 1024 bytes.
- is
Archived Boolean - Specify whether to archive key. Default value is
false. This field is conflict withis_enabled, valid when key_state isEnabled,Disabled,Archived. - is
Enabled Boolean - Specify whether to enable key. Default value is
false. This field is conflict withis_archived, valid when key_state isEnabled,Disabled,Archived. - key
Material StringBase64 - The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
- kms
External StringKey Id - ID of the resource.
- pending
Delete DoubleWindow In Days - Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
- Map<String,String>
- Tags of CMK.
- valid
To Double - This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
- wrapping
Algorithm String - The algorithm for encrypting key material. Available values include
RSAES_PKCS1_V1_5,RSAES_OAEP_SHA_1andRSAES_OAEP_SHA_256. Default value isRSAES_PKCS1_V1_5.
- alias string
- Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
- description string
- Description of CMK. The maximum is 1024 bytes.
- is
Archived boolean - Specify whether to archive key. Default value is
false. This field is conflict withis_enabled, valid when key_state isEnabled,Disabled,Archived. - is
Enabled boolean - Specify whether to enable key. Default value is
false. This field is conflict withis_archived, valid when key_state isEnabled,Disabled,Archived. - key
Material stringBase64 - The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
- kms
External stringKey Id - ID of the resource.
- pending
Delete numberWindow In Days - Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
- {[key: string]: string}
- Tags of CMK.
- valid
To number - This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
- wrapping
Algorithm string - The algorithm for encrypting key material. Available values include
RSAES_PKCS1_V1_5,RSAES_OAEP_SHA_1andRSAES_OAEP_SHA_256. Default value isRSAES_PKCS1_V1_5.
- alias str
- Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
- description str
- Description of CMK. The maximum is 1024 bytes.
- is_
archived bool - Specify whether to archive key. Default value is
false. This field is conflict withis_enabled, valid when key_state isEnabled,Disabled,Archived. - is_
enabled bool - Specify whether to enable key. Default value is
false. This field is conflict withis_archived, valid when key_state isEnabled,Disabled,Archived. - key_
material_ strbase64 - The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
- kms_
external_ strkey_ id - ID of the resource.
- pending_
delete_ floatwindow_ in_ days - Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
- Mapping[str, str]
- Tags of CMK.
- valid_
to float - This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
- wrapping_
algorithm str - The algorithm for encrypting key material. Available values include
RSAES_PKCS1_V1_5,RSAES_OAEP_SHA_1andRSAES_OAEP_SHA_256. Default value isRSAES_PKCS1_V1_5.
- alias String
- Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
- description String
- Description of CMK. The maximum is 1024 bytes.
- is
Archived Boolean - Specify whether to archive key. Default value is
false. This field is conflict withis_enabled, valid when key_state isEnabled,Disabled,Archived. - is
Enabled Boolean - Specify whether to enable key. Default value is
false. This field is conflict withis_archived, valid when key_state isEnabled,Disabled,Archived. - key
Material StringBase64 - The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
- kms
External StringKey Id - ID of the resource.
- pending
Delete NumberWindow In Days - Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
- Map<String>
- Tags of CMK.
- valid
To Number - This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
- wrapping
Algorithm String - The algorithm for encrypting key material. Available values include
RSAES_PKCS1_V1_5,RSAES_OAEP_SHA_1andRSAES_OAEP_SHA_256. Default value isRSAES_PKCS1_V1_5.
Outputs
All input properties are implicitly available as output properties. Additionally, the KmsExternalKey resource produces the following output properties:
Look up Existing KmsExternalKey Resource
Get an existing KmsExternalKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: KmsExternalKeyState, opts?: CustomResourceOptions): KmsExternalKey@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
alias: Optional[str] = None,
description: Optional[str] = None,
is_archived: Optional[bool] = None,
is_enabled: Optional[bool] = None,
key_material_base64: Optional[str] = None,
key_state: Optional[str] = None,
kms_external_key_id: Optional[str] = None,
pending_delete_window_in_days: Optional[float] = None,
tags: Optional[Mapping[str, str]] = None,
valid_to: Optional[float] = None,
wrapping_algorithm: Optional[str] = None) -> KmsExternalKeyfunc GetKmsExternalKey(ctx *Context, name string, id IDInput, state *KmsExternalKeyState, opts ...ResourceOption) (*KmsExternalKey, error)public static KmsExternalKey Get(string name, Input<string> id, KmsExternalKeyState? state, CustomResourceOptions? opts = null)public static KmsExternalKey get(String name, Output<String> id, KmsExternalKeyState state, CustomResourceOptions options)resources: _: type: tencentcloud:KmsExternalKey get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Alias string
- Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
- Description string
- Description of CMK. The maximum is 1024 bytes.
- Is
Archived bool - Specify whether to archive key. Default value is
false. This field is conflict withis_enabled, valid when key_state isEnabled,Disabled,Archived. - Is
Enabled bool - Specify whether to enable key. Default value is
false. This field is conflict withis_archived, valid when key_state isEnabled,Disabled,Archived. - Key
Material stringBase64 - The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
- Key
State string - State of CMK.
- Kms
External stringKey Id - ID of the resource.
- Pending
Delete doubleWindow In Days - Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
- Dictionary<string, string>
- Tags of CMK.
- Valid
To double - This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
- Wrapping
Algorithm string - The algorithm for encrypting key material. Available values include
RSAES_PKCS1_V1_5,RSAES_OAEP_SHA_1andRSAES_OAEP_SHA_256. Default value isRSAES_PKCS1_V1_5.
- Alias string
- Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
- Description string
- Description of CMK. The maximum is 1024 bytes.
- Is
Archived bool - Specify whether to archive key. Default value is
false. This field is conflict withis_enabled, valid when key_state isEnabled,Disabled,Archived. - Is
Enabled bool - Specify whether to enable key. Default value is
false. This field is conflict withis_archived, valid when key_state isEnabled,Disabled,Archived. - Key
Material stringBase64 - The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
- Key
State string - State of CMK.
- Kms
External stringKey Id - ID of the resource.
- Pending
Delete float64Window In Days - Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
- map[string]string
- Tags of CMK.
- Valid
To float64 - This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
- Wrapping
Algorithm string - The algorithm for encrypting key material. Available values include
RSAES_PKCS1_V1_5,RSAES_OAEP_SHA_1andRSAES_OAEP_SHA_256. Default value isRSAES_PKCS1_V1_5.
- alias String
- Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
- description String
- Description of CMK. The maximum is 1024 bytes.
- is
Archived Boolean - Specify whether to archive key. Default value is
false. This field is conflict withis_enabled, valid when key_state isEnabled,Disabled,Archived. - is
Enabled Boolean - Specify whether to enable key. Default value is
false. This field is conflict withis_archived, valid when key_state isEnabled,Disabled,Archived. - key
Material StringBase64 - The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
- key
State String - State of CMK.
- kms
External StringKey Id - ID of the resource.
- pending
Delete DoubleWindow In Days - Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
- Map<String,String>
- Tags of CMK.
- valid
To Double - This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
- wrapping
Algorithm String - The algorithm for encrypting key material. Available values include
RSAES_PKCS1_V1_5,RSAES_OAEP_SHA_1andRSAES_OAEP_SHA_256. Default value isRSAES_PKCS1_V1_5.
- alias string
- Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
- description string
- Description of CMK. The maximum is 1024 bytes.
- is
Archived boolean - Specify whether to archive key. Default value is
false. This field is conflict withis_enabled, valid when key_state isEnabled,Disabled,Archived. - is
Enabled boolean - Specify whether to enable key. Default value is
false. This field is conflict withis_archived, valid when key_state isEnabled,Disabled,Archived. - key
Material stringBase64 - The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
- key
State string - State of CMK.
- kms
External stringKey Id - ID of the resource.
- pending
Delete numberWindow In Days - Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
- {[key: string]: string}
- Tags of CMK.
- valid
To number - This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
- wrapping
Algorithm string - The algorithm for encrypting key material. Available values include
RSAES_PKCS1_V1_5,RSAES_OAEP_SHA_1andRSAES_OAEP_SHA_256. Default value isRSAES_PKCS1_V1_5.
- alias str
- Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
- description str
- Description of CMK. The maximum is 1024 bytes.
- is_
archived bool - Specify whether to archive key. Default value is
false. This field is conflict withis_enabled, valid when key_state isEnabled,Disabled,Archived. - is_
enabled bool - Specify whether to enable key. Default value is
false. This field is conflict withis_archived, valid when key_state isEnabled,Disabled,Archived. - key_
material_ strbase64 - The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
- key_
state str - State of CMK.
- kms_
external_ strkey_ id - ID of the resource.
- pending_
delete_ floatwindow_ in_ days - Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
- Mapping[str, str]
- Tags of CMK.
- valid_
to float - This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
- wrapping_
algorithm str - The algorithm for encrypting key material. Available values include
RSAES_PKCS1_V1_5,RSAES_OAEP_SHA_1andRSAES_OAEP_SHA_256. Default value isRSAES_PKCS1_V1_5.
- alias String
- Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
- description String
- Description of CMK. The maximum is 1024 bytes.
- is
Archived Boolean - Specify whether to archive key. Default value is
false. This field is conflict withis_enabled, valid when key_state isEnabled,Disabled,Archived. - is
Enabled Boolean - Specify whether to enable key. Default value is
false. This field is conflict withis_archived, valid when key_state isEnabled,Disabled,Archived. - key
Material StringBase64 - The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
- key
State String - State of CMK.
- kms
External StringKey Id - ID of the resource.
- pending
Delete NumberWindow In Days - Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
- Map<String>
- Tags of CMK.
- valid
To Number - This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
- wrapping
Algorithm String - The algorithm for encrypting key material. Available values include
RSAES_PKCS1_V1_5,RSAES_OAEP_SHA_1andRSAES_OAEP_SHA_256. Default value isRSAES_PKCS1_V1_5.
Import
KMS external keys can be imported using the id, e.g.
$ pulumi import tencentcloud:index/kmsExternalKey:KmsExternalKey example 287e8f40-7cbb-11eb-9a3a-xxxxx
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- tencentcloud tencentcloudstack/terraform-provider-tencentcloud
- License
- Notes
- This Pulumi package is based on the
tencentcloudTerraform Provider.
tencentcloud 1.81.182 published on Monday, Apr 14, 2025 by tencentcloudstack