1. Packages
  2. Tencentcloud Provider
  3. API Docs
  4. KmsExternalKey
tencentcloud 1.81.182 published on Monday, Apr 14, 2025 by tencentcloudstack

tencentcloud.KmsExternalKey

Explore with Pulumi AI

Provide a resource to create a KMS external key.

Example Usage

Create a basic instance.

import * as pulumi from "@pulumi/pulumi";
import * as tencentcloud from "@pulumi/tencentcloud";

const example = new tencentcloud.KmsExternalKey("example", {
    alias: "tf-example-kms-externalkey",
    description: "example of kms external key",
    tags: {
        createdBy: "terraform",
    },
});
Copy
import pulumi
import pulumi_tencentcloud as tencentcloud

example = tencentcloud.KmsExternalKey("example",
    alias="tf-example-kms-externalkey",
    description="example of kms external key",
    tags={
        "createdBy": "terraform",
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/tencentcloud/tencentcloud"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := tencentcloud.NewKmsExternalKey(ctx, "example", &tencentcloud.KmsExternalKeyArgs{
			Alias:       pulumi.String("tf-example-kms-externalkey"),
			Description: pulumi.String("example of kms external key"),
			Tags: pulumi.StringMap{
				"createdBy": pulumi.String("terraform"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Tencentcloud = Pulumi.Tencentcloud;

return await Deployment.RunAsync(() => 
{
    var example = new Tencentcloud.KmsExternalKey("example", new()
    {
        Alias = "tf-example-kms-externalkey",
        Description = "example of kms external key",
        Tags = 
        {
            { "createdBy", "terraform" },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tencentcloud.KmsExternalKey;
import com.pulumi.tencentcloud.KmsExternalKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new KmsExternalKey("example", KmsExternalKeyArgs.builder()
            .alias("tf-example-kms-externalkey")
            .description("example of kms external key")
            .tags(Map.of("createdBy", "terraform"))
            .build());

    }
}
Copy
resources:
  example:
    type: tencentcloud:KmsExternalKey
    properties:
      alias: tf-example-kms-externalkey
      description: example of kms external key
      tags:
        createdBy: terraform
Copy

Specify the encryption algorithm and public key.

import * as pulumi from "@pulumi/pulumi";
import * as tencentcloud from "@pulumi/tencentcloud";

const example = new tencentcloud.KmsExternalKey("example", {
    alias: "tf-example-kms-externalkey",
    description: "example of kms external key",
    isEnabled: true,
    keyMaterialBase64: "your_public_key_base64_encoded",
    tags: {
        createdBy: "terraform",
    },
    wrappingAlgorithm: "RSAES_PKCS1_V1_5",
});
Copy
import pulumi
import pulumi_tencentcloud as tencentcloud

example = tencentcloud.KmsExternalKey("example",
    alias="tf-example-kms-externalkey",
    description="example of kms external key",
    is_enabled=True,
    key_material_base64="your_public_key_base64_encoded",
    tags={
        "createdBy": "terraform",
    },
    wrapping_algorithm="RSAES_PKCS1_V1_5")
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/tencentcloud/tencentcloud"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := tencentcloud.NewKmsExternalKey(ctx, "example", &tencentcloud.KmsExternalKeyArgs{
			Alias:             pulumi.String("tf-example-kms-externalkey"),
			Description:       pulumi.String("example of kms external key"),
			IsEnabled:         pulumi.Bool(true),
			KeyMaterialBase64: pulumi.String("your_public_key_base64_encoded"),
			Tags: pulumi.StringMap{
				"createdBy": pulumi.String("terraform"),
			},
			WrappingAlgorithm: pulumi.String("RSAES_PKCS1_V1_5"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Tencentcloud = Pulumi.Tencentcloud;

return await Deployment.RunAsync(() => 
{
    var example = new Tencentcloud.KmsExternalKey("example", new()
    {
        Alias = "tf-example-kms-externalkey",
        Description = "example of kms external key",
        IsEnabled = true,
        KeyMaterialBase64 = "your_public_key_base64_encoded",
        Tags = 
        {
            { "createdBy", "terraform" },
        },
        WrappingAlgorithm = "RSAES_PKCS1_V1_5",
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tencentcloud.KmsExternalKey;
import com.pulumi.tencentcloud.KmsExternalKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new KmsExternalKey("example", KmsExternalKeyArgs.builder()
            .alias("tf-example-kms-externalkey")
            .description("example of kms external key")
            .isEnabled(true)
            .keyMaterialBase64("your_public_key_base64_encoded")
            .tags(Map.of("createdBy", "terraform"))
            .wrappingAlgorithm("RSAES_PKCS1_V1_5")
            .build());

    }
}
Copy
resources:
  example:
    type: tencentcloud:KmsExternalKey
    properties:
      alias: tf-example-kms-externalkey
      description: example of kms external key
      isEnabled: true
      keyMaterialBase64: your_public_key_base64_encoded
      tags:
        createdBy: terraform
      wrappingAlgorithm: RSAES_PKCS1_V1_5
Copy

Disable the external kms key.

import * as pulumi from "@pulumi/pulumi";
import * as tencentcloud from "@pulumi/tencentcloud";

const example = new tencentcloud.KmsExternalKey("example", {
    alias: "tf-example-kms-externalkey",
    description: "example of kms external key",
    isEnabled: false,
    keyMaterialBase64: "your_public_key_base64_encoded",
    tags: {
        "test-tag": "unit-test",
    },
    wrappingAlgorithm: "RSAES_PKCS1_V1_5",
});
Copy
import pulumi
import pulumi_tencentcloud as tencentcloud

example = tencentcloud.KmsExternalKey("example",
    alias="tf-example-kms-externalkey",
    description="example of kms external key",
    is_enabled=False,
    key_material_base64="your_public_key_base64_encoded",
    tags={
        "test-tag": "unit-test",
    },
    wrapping_algorithm="RSAES_PKCS1_V1_5")
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/tencentcloud/tencentcloud"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := tencentcloud.NewKmsExternalKey(ctx, "example", &tencentcloud.KmsExternalKeyArgs{
			Alias:             pulumi.String("tf-example-kms-externalkey"),
			Description:       pulumi.String("example of kms external key"),
			IsEnabled:         pulumi.Bool(false),
			KeyMaterialBase64: pulumi.String("your_public_key_base64_encoded"),
			Tags: pulumi.StringMap{
				"test-tag": pulumi.String("unit-test"),
			},
			WrappingAlgorithm: pulumi.String("RSAES_PKCS1_V1_5"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Tencentcloud = Pulumi.Tencentcloud;

return await Deployment.RunAsync(() => 
{
    var example = new Tencentcloud.KmsExternalKey("example", new()
    {
        Alias = "tf-example-kms-externalkey",
        Description = "example of kms external key",
        IsEnabled = false,
        KeyMaterialBase64 = "your_public_key_base64_encoded",
        Tags = 
        {
            { "test-tag", "unit-test" },
        },
        WrappingAlgorithm = "RSAES_PKCS1_V1_5",
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tencentcloud.KmsExternalKey;
import com.pulumi.tencentcloud.KmsExternalKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new KmsExternalKey("example", KmsExternalKeyArgs.builder()
            .alias("tf-example-kms-externalkey")
            .description("example of kms external key")
            .isEnabled(false)
            .keyMaterialBase64("your_public_key_base64_encoded")
            .tags(Map.of("test-tag", "unit-test"))
            .wrappingAlgorithm("RSAES_PKCS1_V1_5")
            .build());

    }
}
Copy
resources:
  example:
    type: tencentcloud:KmsExternalKey
    properties:
      alias: tf-example-kms-externalkey
      description: example of kms external key
      isEnabled: false
      keyMaterialBase64: your_public_key_base64_encoded
      tags:
        test-tag: unit-test
      wrappingAlgorithm: RSAES_PKCS1_V1_5
Copy

Create KmsExternalKey Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new KmsExternalKey(name: string, args: KmsExternalKeyArgs, opts?: CustomResourceOptions);
@overload
def KmsExternalKey(resource_name: str,
                   args: KmsExternalKeyArgs,
                   opts: Optional[ResourceOptions] = None)

@overload
def KmsExternalKey(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   alias: Optional[str] = None,
                   description: Optional[str] = None,
                   is_archived: Optional[bool] = None,
                   is_enabled: Optional[bool] = None,
                   key_material_base64: Optional[str] = None,
                   kms_external_key_id: Optional[str] = None,
                   pending_delete_window_in_days: Optional[float] = None,
                   tags: Optional[Mapping[str, str]] = None,
                   valid_to: Optional[float] = None,
                   wrapping_algorithm: Optional[str] = None)
func NewKmsExternalKey(ctx *Context, name string, args KmsExternalKeyArgs, opts ...ResourceOption) (*KmsExternalKey, error)
public KmsExternalKey(string name, KmsExternalKeyArgs args, CustomResourceOptions? opts = null)
public KmsExternalKey(String name, KmsExternalKeyArgs args)
public KmsExternalKey(String name, KmsExternalKeyArgs args, CustomResourceOptions options)
type: tencentcloud:KmsExternalKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. KmsExternalKeyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. KmsExternalKeyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. KmsExternalKeyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. KmsExternalKeyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. KmsExternalKeyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

KmsExternalKey Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The KmsExternalKey resource accepts the following input properties:

Alias This property is required. string
Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
Description string
Description of CMK. The maximum is 1024 bytes.
IsArchived bool
Specify whether to archive key. Default value is false. This field is conflict with is_enabled, valid when key_state is Enabled, Disabled, Archived.
IsEnabled bool
Specify whether to enable key. Default value is false. This field is conflict with is_archived, valid when key_state is Enabled, Disabled, Archived.
KeyMaterialBase64 string
The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
KmsExternalKeyId string
ID of the resource.
PendingDeleteWindowInDays double
Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
Tags Dictionary<string, string>
Tags of CMK.
ValidTo double
This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
WrappingAlgorithm string
The algorithm for encrypting key material. Available values include RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256. Default value is RSAES_PKCS1_V1_5.
Alias This property is required. string
Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
Description string
Description of CMK. The maximum is 1024 bytes.
IsArchived bool
Specify whether to archive key. Default value is false. This field is conflict with is_enabled, valid when key_state is Enabled, Disabled, Archived.
IsEnabled bool
Specify whether to enable key. Default value is false. This field is conflict with is_archived, valid when key_state is Enabled, Disabled, Archived.
KeyMaterialBase64 string
The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
KmsExternalKeyId string
ID of the resource.
PendingDeleteWindowInDays float64
Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
Tags map[string]string
Tags of CMK.
ValidTo float64
This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
WrappingAlgorithm string
The algorithm for encrypting key material. Available values include RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256. Default value is RSAES_PKCS1_V1_5.
alias This property is required. String
Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
description String
Description of CMK. The maximum is 1024 bytes.
isArchived Boolean
Specify whether to archive key. Default value is false. This field is conflict with is_enabled, valid when key_state is Enabled, Disabled, Archived.
isEnabled Boolean
Specify whether to enable key. Default value is false. This field is conflict with is_archived, valid when key_state is Enabled, Disabled, Archived.
keyMaterialBase64 String
The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
kmsExternalKeyId String
ID of the resource.
pendingDeleteWindowInDays Double
Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
tags Map<String,String>
Tags of CMK.
validTo Double
This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
wrappingAlgorithm String
The algorithm for encrypting key material. Available values include RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256. Default value is RSAES_PKCS1_V1_5.
alias This property is required. string
Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
description string
Description of CMK. The maximum is 1024 bytes.
isArchived boolean
Specify whether to archive key. Default value is false. This field is conflict with is_enabled, valid when key_state is Enabled, Disabled, Archived.
isEnabled boolean
Specify whether to enable key. Default value is false. This field is conflict with is_archived, valid when key_state is Enabled, Disabled, Archived.
keyMaterialBase64 string
The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
kmsExternalKeyId string
ID of the resource.
pendingDeleteWindowInDays number
Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
tags {[key: string]: string}
Tags of CMK.
validTo number
This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
wrappingAlgorithm string
The algorithm for encrypting key material. Available values include RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256. Default value is RSAES_PKCS1_V1_5.
alias This property is required. str
Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
description str
Description of CMK. The maximum is 1024 bytes.
is_archived bool
Specify whether to archive key. Default value is false. This field is conflict with is_enabled, valid when key_state is Enabled, Disabled, Archived.
is_enabled bool
Specify whether to enable key. Default value is false. This field is conflict with is_archived, valid when key_state is Enabled, Disabled, Archived.
key_material_base64 str
The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
kms_external_key_id str
ID of the resource.
pending_delete_window_in_days float
Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
tags Mapping[str, str]
Tags of CMK.
valid_to float
This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
wrapping_algorithm str
The algorithm for encrypting key material. Available values include RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256. Default value is RSAES_PKCS1_V1_5.
alias This property is required. String
Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
description String
Description of CMK. The maximum is 1024 bytes.
isArchived Boolean
Specify whether to archive key. Default value is false. This field is conflict with is_enabled, valid when key_state is Enabled, Disabled, Archived.
isEnabled Boolean
Specify whether to enable key. Default value is false. This field is conflict with is_archived, valid when key_state is Enabled, Disabled, Archived.
keyMaterialBase64 String
The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
kmsExternalKeyId String
ID of the resource.
pendingDeleteWindowInDays Number
Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
tags Map<String>
Tags of CMK.
validTo Number
This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
wrappingAlgorithm String
The algorithm for encrypting key material. Available values include RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256. Default value is RSAES_PKCS1_V1_5.

Outputs

All input properties are implicitly available as output properties. Additionally, the KmsExternalKey resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
KeyState string
State of CMK.
Id string
The provider-assigned unique ID for this managed resource.
KeyState string
State of CMK.
id String
The provider-assigned unique ID for this managed resource.
keyState String
State of CMK.
id string
The provider-assigned unique ID for this managed resource.
keyState string
State of CMK.
id str
The provider-assigned unique ID for this managed resource.
key_state str
State of CMK.
id String
The provider-assigned unique ID for this managed resource.
keyState String
State of CMK.

Look up Existing KmsExternalKey Resource

Get an existing KmsExternalKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: KmsExternalKeyState, opts?: CustomResourceOptions): KmsExternalKey
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        alias: Optional[str] = None,
        description: Optional[str] = None,
        is_archived: Optional[bool] = None,
        is_enabled: Optional[bool] = None,
        key_material_base64: Optional[str] = None,
        key_state: Optional[str] = None,
        kms_external_key_id: Optional[str] = None,
        pending_delete_window_in_days: Optional[float] = None,
        tags: Optional[Mapping[str, str]] = None,
        valid_to: Optional[float] = None,
        wrapping_algorithm: Optional[str] = None) -> KmsExternalKey
func GetKmsExternalKey(ctx *Context, name string, id IDInput, state *KmsExternalKeyState, opts ...ResourceOption) (*KmsExternalKey, error)
public static KmsExternalKey Get(string name, Input<string> id, KmsExternalKeyState? state, CustomResourceOptions? opts = null)
public static KmsExternalKey get(String name, Output<String> id, KmsExternalKeyState state, CustomResourceOptions options)
resources:  _:    type: tencentcloud:KmsExternalKey    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Alias string
Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
Description string
Description of CMK. The maximum is 1024 bytes.
IsArchived bool
Specify whether to archive key. Default value is false. This field is conflict with is_enabled, valid when key_state is Enabled, Disabled, Archived.
IsEnabled bool
Specify whether to enable key. Default value is false. This field is conflict with is_archived, valid when key_state is Enabled, Disabled, Archived.
KeyMaterialBase64 string
The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
KeyState string
State of CMK.
KmsExternalKeyId string
ID of the resource.
PendingDeleteWindowInDays double
Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
Tags Dictionary<string, string>
Tags of CMK.
ValidTo double
This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
WrappingAlgorithm string
The algorithm for encrypting key material. Available values include RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256. Default value is RSAES_PKCS1_V1_5.
Alias string
Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
Description string
Description of CMK. The maximum is 1024 bytes.
IsArchived bool
Specify whether to archive key. Default value is false. This field is conflict with is_enabled, valid when key_state is Enabled, Disabled, Archived.
IsEnabled bool
Specify whether to enable key. Default value is false. This field is conflict with is_archived, valid when key_state is Enabled, Disabled, Archived.
KeyMaterialBase64 string
The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
KeyState string
State of CMK.
KmsExternalKeyId string
ID of the resource.
PendingDeleteWindowInDays float64
Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
Tags map[string]string
Tags of CMK.
ValidTo float64
This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
WrappingAlgorithm string
The algorithm for encrypting key material. Available values include RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256. Default value is RSAES_PKCS1_V1_5.
alias String
Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
description String
Description of CMK. The maximum is 1024 bytes.
isArchived Boolean
Specify whether to archive key. Default value is false. This field is conflict with is_enabled, valid when key_state is Enabled, Disabled, Archived.
isEnabled Boolean
Specify whether to enable key. Default value is false. This field is conflict with is_archived, valid when key_state is Enabled, Disabled, Archived.
keyMaterialBase64 String
The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
keyState String
State of CMK.
kmsExternalKeyId String
ID of the resource.
pendingDeleteWindowInDays Double
Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
tags Map<String,String>
Tags of CMK.
validTo Double
This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
wrappingAlgorithm String
The algorithm for encrypting key material. Available values include RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256. Default value is RSAES_PKCS1_V1_5.
alias string
Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
description string
Description of CMK. The maximum is 1024 bytes.
isArchived boolean
Specify whether to archive key. Default value is false. This field is conflict with is_enabled, valid when key_state is Enabled, Disabled, Archived.
isEnabled boolean
Specify whether to enable key. Default value is false. This field is conflict with is_archived, valid when key_state is Enabled, Disabled, Archived.
keyMaterialBase64 string
The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
keyState string
State of CMK.
kmsExternalKeyId string
ID of the resource.
pendingDeleteWindowInDays number
Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
tags {[key: string]: string}
Tags of CMK.
validTo number
This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
wrappingAlgorithm string
The algorithm for encrypting key material. Available values include RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256. Default value is RSAES_PKCS1_V1_5.
alias str
Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
description str
Description of CMK. The maximum is 1024 bytes.
is_archived bool
Specify whether to archive key. Default value is false. This field is conflict with is_enabled, valid when key_state is Enabled, Disabled, Archived.
is_enabled bool
Specify whether to enable key. Default value is false. This field is conflict with is_archived, valid when key_state is Enabled, Disabled, Archived.
key_material_base64 str
The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
key_state str
State of CMK.
kms_external_key_id str
ID of the resource.
pending_delete_window_in_days float
Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
tags Mapping[str, str]
Tags of CMK.
valid_to float
This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
wrapping_algorithm str
The algorithm for encrypting key material. Available values include RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256. Default value is RSAES_PKCS1_V1_5.
alias String
Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
description String
Description of CMK. The maximum is 1024 bytes.
isArchived Boolean
Specify whether to archive key. Default value is false. This field is conflict with is_enabled, valid when key_state is Enabled, Disabled, Archived.
isEnabled Boolean
Specify whether to enable key. Default value is false. This field is conflict with is_archived, valid when key_state is Enabled, Disabled, Archived.
keyMaterialBase64 String
The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
keyState String
State of CMK.
kmsExternalKeyId String
ID of the resource.
pendingDeleteWindowInDays Number
Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
tags Map<String>
Tags of CMK.
validTo Number
This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
wrappingAlgorithm String
The algorithm for encrypting key material. Available values include RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256. Default value is RSAES_PKCS1_V1_5.

Import

KMS external keys can be imported using the id, e.g.

$ pulumi import tencentcloud:index/kmsExternalKey:KmsExternalKey example 287e8f40-7cbb-11eb-9a3a-xxxxx
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
tencentcloud tencentcloudstack/terraform-provider-tencentcloud
License
Notes
This Pulumi package is based on the tencentcloud Terraform Provider.