tencentcloud 1.81.182, Apr 14 25

tencentcloud 1.81.182 published on Monday, Apr 14, 2025 by tencentcloudstack

tencentcloudstack/terraform-provider-tencentcloud

tencentcloud.KmsExternalKey

Explore with Pulumi AI

tencentcloud 1.81.182 published on Monday, Apr 14, 2025 by tencentcloudstack

tencentcloudstack/terraform-provider-tencentcloud

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as tencentcloud from "@pulumi/tencentcloud";

const example = new tencentcloud.KmsExternalKey("example", {
    alias: "tf-example-kms-externalkey",
    description: "example of kms external key",
    tags: {
        createdBy: "terraform",
    },
});

import pulumi
import pulumi_tencentcloud as tencentcloud

example = tencentcloud.KmsExternalKey("example",
    alias="tf-example-kms-externalkey",
    description="example of kms external key",
    tags={
        "createdBy": "terraform",
    })

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/tencentcloud/tencentcloud"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := tencentcloud.NewKmsExternalKey(ctx, "example", &tencentcloud.KmsExternalKeyArgs{
			Alias:       pulumi.String("tf-example-kms-externalkey"),
			Description: pulumi.String("example of kms external key"),
			Tags: pulumi.StringMap{
				"createdBy": pulumi.String("terraform"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Tencentcloud = Pulumi.Tencentcloud;

return await Deployment.RunAsync(() => 
{
    var example = new Tencentcloud.KmsExternalKey("example", new()
    {
        Alias = "tf-example-kms-externalkey",
        Description = "example of kms external key",
        Tags = 
        {
            { "createdBy", "terraform" },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tencentcloud.KmsExternalKey;
import com.pulumi.tencentcloud.KmsExternalKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new KmsExternalKey("example", KmsExternalKeyArgs.builder()
            .alias("tf-example-kms-externalkey")
            .description("example of kms external key")
            .tags(Map.of("createdBy", "terraform"))
            .build());

    }
}

resources:
  example:
    type: tencentcloud:KmsExternalKey
    properties:
      alias: tf-example-kms-externalkey
      description: example of kms external key
      tags:
        createdBy: terraform

Specify the encryption algorithm and public key.

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as tencentcloud from "@pulumi/tencentcloud";

const example = new tencentcloud.KmsExternalKey("example", {
    alias: "tf-example-kms-externalkey",
    description: "example of kms external key",
    isEnabled: true,
    keyMaterialBase64: "your_public_key_base64_encoded",
    tags: {
        createdBy: "terraform",
    },
    wrappingAlgorithm: "RSAES_PKCS1_V1_5",
});

import pulumi
import pulumi_tencentcloud as tencentcloud

example = tencentcloud.KmsExternalKey("example",
    alias="tf-example-kms-externalkey",
    description="example of kms external key",
    is_enabled=True,
    key_material_base64="your_public_key_base64_encoded",
    tags={
        "createdBy": "terraform",
    },
    wrapping_algorithm="RSAES_PKCS1_V1_5")

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/tencentcloud/tencentcloud"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := tencentcloud.NewKmsExternalKey(ctx, "example", &tencentcloud.KmsExternalKeyArgs{
			Alias:             pulumi.String("tf-example-kms-externalkey"),
			Description:       pulumi.String("example of kms external key"),
			IsEnabled:         pulumi.Bool(true),
			KeyMaterialBase64: pulumi.String("your_public_key_base64_encoded"),
			Tags: pulumi.StringMap{
				"createdBy": pulumi.String("terraform"),
			},
			WrappingAlgorithm: pulumi.String("RSAES_PKCS1_V1_5"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Tencentcloud = Pulumi.Tencentcloud;

return await Deployment.RunAsync(() => 
{
    var example = new Tencentcloud.KmsExternalKey("example", new()
    {
        Alias = "tf-example-kms-externalkey",
        Description = "example of kms external key",
        IsEnabled = true,
        KeyMaterialBase64 = "your_public_key_base64_encoded",
        Tags = 
        {
            { "createdBy", "terraform" },
        },
        WrappingAlgorithm = "RSAES_PKCS1_V1_5",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tencentcloud.KmsExternalKey;
import com.pulumi.tencentcloud.KmsExternalKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new KmsExternalKey("example", KmsExternalKeyArgs.builder()
            .alias("tf-example-kms-externalkey")
            .description("example of kms external key")
            .isEnabled(true)
            .keyMaterialBase64("your_public_key_base64_encoded")
            .tags(Map.of("createdBy", "terraform"))
            .wrappingAlgorithm("RSAES_PKCS1_V1_5")
            .build());

    }
}

resources:
  example:
    type: tencentcloud:KmsExternalKey
    properties:
      alias: tf-example-kms-externalkey
      description: example of kms external key
      isEnabled: true
      keyMaterialBase64: your_public_key_base64_encoded
      tags:
        createdBy: terraform
      wrappingAlgorithm: RSAES_PKCS1_V1_5

Disable the external kms key.

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as tencentcloud from "@pulumi/tencentcloud";

const example = new tencentcloud.KmsExternalKey("example", {
    alias: "tf-example-kms-externalkey",
    description: "example of kms external key",
    isEnabled: false,
    keyMaterialBase64: "your_public_key_base64_encoded",
    tags: {
        "test-tag": "unit-test",
    },
    wrappingAlgorithm: "RSAES_PKCS1_V1_5",
});

import pulumi
import pulumi_tencentcloud as tencentcloud

example = tencentcloud.KmsExternalKey("example",
    alias="tf-example-kms-externalkey",
    description="example of kms external key",
    is_enabled=False,
    key_material_base64="your_public_key_base64_encoded",
    tags={
        "test-tag": "unit-test",
    },
    wrapping_algorithm="RSAES_PKCS1_V1_5")

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/tencentcloud/tencentcloud"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := tencentcloud.NewKmsExternalKey(ctx, "example", &tencentcloud.KmsExternalKeyArgs{
			Alias:             pulumi.String("tf-example-kms-externalkey"),
			Description:       pulumi.String("example of kms external key"),
			IsEnabled:         pulumi.Bool(false),
			KeyMaterialBase64: pulumi.String("your_public_key_base64_encoded"),
			Tags: pulumi.StringMap{
				"test-tag": pulumi.String("unit-test"),
			},
			WrappingAlgorithm: pulumi.String("RSAES_PKCS1_V1_5"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Tencentcloud = Pulumi.Tencentcloud;

return await Deployment.RunAsync(() => 
{
    var example = new Tencentcloud.KmsExternalKey("example", new()
    {
        Alias = "tf-example-kms-externalkey",
        Description = "example of kms external key",
        IsEnabled = false,
        KeyMaterialBase64 = "your_public_key_base64_encoded",
        Tags = 
        {
            { "test-tag", "unit-test" },
        },
        WrappingAlgorithm = "RSAES_PKCS1_V1_5",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tencentcloud.KmsExternalKey;
import com.pulumi.tencentcloud.KmsExternalKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new KmsExternalKey("example", KmsExternalKeyArgs.builder()
            .alias("tf-example-kms-externalkey")
            .description("example of kms external key")
            .isEnabled(false)
            .keyMaterialBase64("your_public_key_base64_encoded")
            .tags(Map.of("test-tag", "unit-test"))
            .wrappingAlgorithm("RSAES_PKCS1_V1_5")
            .build());

    }
}

resources:
  example:
    type: tencentcloud:KmsExternalKey
    properties:
      alias: tf-example-kms-externalkey
      description: example of kms external key
      isEnabled: false
      keyMaterialBase64: your_public_key_base64_encoded
      tags:
        test-tag: unit-test
      wrappingAlgorithm: RSAES_PKCS1_V1_5

Create KmsExternalKey Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

TypeScript
Python
Go
C#
Java
YAML

new KmsExternalKey(name: string, args: KmsExternalKeyArgs, opts?: CustomResourceOptions);

@overload
def KmsExternalKey(resource_name: str,
                   args: KmsExternalKeyArgs,
                   opts: Optional[ResourceOptions] = None)

@overload
def KmsExternalKey(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   alias: Optional[str] = None,
                   description: Optional[str] = None,
                   is_archived: Optional[bool] = None,
                   is_enabled: Optional[bool] = None,
                   key_material_base64: Optional[str] = None,
                   kms_external_key_id: Optional[str] = None,
                   pending_delete_window_in_days: Optional[float] = None,
                   tags: Optional[Mapping[str, str]] = None,
                   valid_to: Optional[float] = None,
                   wrapping_algorithm: Optional[str] = None)

func NewKmsExternalKey(ctx *Context, name string, args KmsExternalKeyArgs, opts ...ResourceOption) (*KmsExternalKey, error)

public KmsExternalKey(string name, KmsExternalKeyArgs args, CustomResourceOptions? opts = null)

public KmsExternalKey(String name, KmsExternalKeyArgs args)
public KmsExternalKey(String name, KmsExternalKeyArgs args, CustomResourceOptions options)

type: tencentcloud:KmsExternalKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args KmsExternalKeyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args KmsExternalKeyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args KmsExternalKeyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args KmsExternalKeyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args KmsExternalKeyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

KmsExternalKey Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The KmsExternalKey resource accepts the following input properties:

Alias string: Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
Description string: Description of CMK. The maximum is 1024 bytes.
IsArchived bool: Specify whether to archive key. Default value is false. This field is conflict with is_enabled, valid when key_state is Enabled, Disabled, Archived.
IsEnabled bool: Specify whether to enable key. Default value is false. This field is conflict with is_archived, valid when key_state is Enabled, Disabled, Archived.
KeyMaterialBase64 string: The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
KmsExternalKeyId string: ID of the resource.
PendingDeleteWindowInDays double: Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
Tags Dictionary<string, string>: Tags of CMK.
ValidTo double: This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
WrappingAlgorithm string: The algorithm for encrypting key material. Available values include RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256. Default value is RSAES_PKCS1_V1_5.

Alias string: Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
Description string: Description of CMK. The maximum is 1024 bytes.
IsArchived bool: Specify whether to archive key. Default value is false. This field is conflict with is_enabled, valid when key_state is Enabled, Disabled, Archived.
IsEnabled bool: Specify whether to enable key. Default value is false. This field is conflict with is_archived, valid when key_state is Enabled, Disabled, Archived.
KeyMaterialBase64 string: The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
KmsExternalKeyId string: ID of the resource.
PendingDeleteWindowInDays float64: Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
Tags map[string]string: Tags of CMK.
ValidTo float64: This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
WrappingAlgorithm string: The algorithm for encrypting key material. Available values include RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256. Default value is RSAES_PKCS1_V1_5.

alias String: Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
description String: Description of CMK. The maximum is 1024 bytes.
isArchived Boolean: Specify whether to archive key. Default value is false. This field is conflict with is_enabled, valid when key_state is Enabled, Disabled, Archived.
isEnabled Boolean: Specify whether to enable key. Default value is false. This field is conflict with is_archived, valid when key_state is Enabled, Disabled, Archived.
keyMaterialBase64 String: The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
kmsExternalKeyId String: ID of the resource.
pendingDeleteWindowInDays Double: Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
tags Map<String,String>: Tags of CMK.
validTo Double: This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
wrappingAlgorithm String: The algorithm for encrypting key material. Available values include RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256. Default value is RSAES_PKCS1_V1_5.

alias string: Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
description string: Description of CMK. The maximum is 1024 bytes.
isArchived boolean: Specify whether to archive key. Default value is false. This field is conflict with is_enabled, valid when key_state is Enabled, Disabled, Archived.
isEnabled boolean: Specify whether to enable key. Default value is false. This field is conflict with is_archived, valid when key_state is Enabled, Disabled, Archived.
keyMaterialBase64 string: The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
kmsExternalKeyId string: ID of the resource.
pendingDeleteWindowInDays number: Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
tags {[key: string]: string}: Tags of CMK.
validTo number: This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
wrappingAlgorithm string: The algorithm for encrypting key material. Available values include RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256. Default value is RSAES_PKCS1_V1_5.

alias str: Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
description str: Description of CMK. The maximum is 1024 bytes.
is_archived bool: Specify whether to archive key. Default value is false. This field is conflict with is_enabled, valid when key_state is Enabled, Disabled, Archived.
is_enabled bool: Specify whether to enable key. Default value is false. This field is conflict with is_archived, valid when key_state is Enabled, Disabled, Archived.
key_material_base64 str: The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
kms_external_key_id str: ID of the resource.
pending_delete_window_in_days float: Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
tags Mapping[str, str]: Tags of CMK.
valid_to float: This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
wrapping_algorithm str: The algorithm for encrypting key material. Available values include RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256. Default value is RSAES_PKCS1_V1_5.

alias String: Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
description String: Description of CMK. The maximum is 1024 bytes.
isArchived Boolean: Specify whether to archive key. Default value is false. This field is conflict with is_enabled, valid when key_state is Enabled, Disabled, Archived.
isEnabled Boolean: Specify whether to enable key. Default value is false. This field is conflict with is_archived, valid when key_state is Enabled, Disabled, Archived.
keyMaterialBase64 String: The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
kmsExternalKeyId String: ID of the resource.
pendingDeleteWindowInDays Number: Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
tags Map<String>: Tags of CMK.
validTo Number: This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
wrappingAlgorithm String: The algorithm for encrypting key material. Available values include RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256. Default value is RSAES_PKCS1_V1_5.

Outputs

All input properties are implicitly available as output properties. Additionally, the KmsExternalKey resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
KeyState string: State of CMK.

Id string: The provider-assigned unique ID for this managed resource.
KeyState string: State of CMK.

id String: The provider-assigned unique ID for this managed resource.
keyState String: State of CMK.

id string: The provider-assigned unique ID for this managed resource.
keyState string: State of CMK.

id str: The provider-assigned unique ID for this managed resource.
key_state str: State of CMK.

id String: The provider-assigned unique ID for this managed resource.
keyState String: State of CMK.

Look up Existing KmsExternalKey Resource

Get an existing KmsExternalKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

TypeScript
Python
Go
C#
Java
YAML

public static get(name: string, id: Input<ID>, state?: KmsExternalKeyState, opts?: CustomResourceOptions): KmsExternalKey

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        alias: Optional[str] = None,
        description: Optional[str] = None,
        is_archived: Optional[bool] = None,
        is_enabled: Optional[bool] = None,
        key_material_base64: Optional[str] = None,
        key_state: Optional[str] = None,
        kms_external_key_id: Optional[str] = None,
        pending_delete_window_in_days: Optional[float] = None,
        tags: Optional[Mapping[str, str]] = None,
        valid_to: Optional[float] = None,
        wrapping_algorithm: Optional[str] = None) -> KmsExternalKey

func GetKmsExternalKey(ctx *Context, name string, id IDInput, state *KmsExternalKeyState, opts ...ResourceOption) (*KmsExternalKey, error)

public static KmsExternalKey Get(string name, Input<string> id, KmsExternalKeyState? state, CustomResourceOptions? opts = null)

public static KmsExternalKey get(String name, Output<String> id, KmsExternalKeyState state, CustomResourceOptions options)

resources:  _:    type: tencentcloud:KmsExternalKey    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Alias string: Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
Description string: Description of CMK. The maximum is 1024 bytes.
IsArchived bool: Specify whether to archive key. Default value is false. This field is conflict with is_enabled, valid when key_state is Enabled, Disabled, Archived.
IsEnabled bool: Specify whether to enable key. Default value is false. This field is conflict with is_archived, valid when key_state is Enabled, Disabled, Archived.
KeyMaterialBase64 string: The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
KeyState string: State of CMK.
KmsExternalKeyId string: ID of the resource.
PendingDeleteWindowInDays double: Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
Tags Dictionary<string, string>: Tags of CMK.
ValidTo double: This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
WrappingAlgorithm string: The algorithm for encrypting key material. Available values include RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256. Default value is RSAES_PKCS1_V1_5.

Alias string: Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
Description string: Description of CMK. The maximum is 1024 bytes.
IsArchived bool: Specify whether to archive key. Default value is false. This field is conflict with is_enabled, valid when key_state is Enabled, Disabled, Archived.
IsEnabled bool: Specify whether to enable key. Default value is false. This field is conflict with is_archived, valid when key_state is Enabled, Disabled, Archived.
KeyMaterialBase64 string: The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
KeyState string: State of CMK.
KmsExternalKeyId string: ID of the resource.
PendingDeleteWindowInDays float64: Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
Tags map[string]string: Tags of CMK.
ValidTo float64: This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
WrappingAlgorithm string: The algorithm for encrypting key material. Available values include RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256. Default value is RSAES_PKCS1_V1_5.

alias String: Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
description String: Description of CMK. The maximum is 1024 bytes.
isArchived Boolean: Specify whether to archive key. Default value is false. This field is conflict with is_enabled, valid when key_state is Enabled, Disabled, Archived.
isEnabled Boolean: Specify whether to enable key. Default value is false. This field is conflict with is_archived, valid when key_state is Enabled, Disabled, Archived.
keyMaterialBase64 String: The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
keyState String: State of CMK.
kmsExternalKeyId String: ID of the resource.
pendingDeleteWindowInDays Double: Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
tags Map<String,String>: Tags of CMK.
validTo Double: This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
wrappingAlgorithm String: The algorithm for encrypting key material. Available values include RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256. Default value is RSAES_PKCS1_V1_5.

alias string: Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
description string: Description of CMK. The maximum is 1024 bytes.
isArchived boolean: Specify whether to archive key. Default value is false. This field is conflict with is_enabled, valid when key_state is Enabled, Disabled, Archived.
isEnabled boolean: Specify whether to enable key. Default value is false. This field is conflict with is_archived, valid when key_state is Enabled, Disabled, Archived.
keyMaterialBase64 string: The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
keyState string: State of CMK.
kmsExternalKeyId string: ID of the resource.
pendingDeleteWindowInDays number: Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
tags {[key: string]: string}: Tags of CMK.
validTo number: This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
wrappingAlgorithm string: The algorithm for encrypting key material. Available values include RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256. Default value is RSAES_PKCS1_V1_5.

alias str: Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
description str: Description of CMK. The maximum is 1024 bytes.
is_archived bool: Specify whether to archive key. Default value is false. This field is conflict with is_enabled, valid when key_state is Enabled, Disabled, Archived.
is_enabled bool: Specify whether to enable key. Default value is false. This field is conflict with is_archived, valid when key_state is Enabled, Disabled, Archived.
key_material_base64 str: The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
key_state str: State of CMK.
kms_external_key_id str: ID of the resource.
pending_delete_window_in_days float: Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
tags Mapping[str, str]: Tags of CMK.
valid_to float: This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
wrapping_algorithm str: The algorithm for encrypting key material. Available values include RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256. Default value is RSAES_PKCS1_V1_5.

alias String: Name of CMK. The name can only contain English letters, numbers, underscore and hyphen '-'. The first character must be a letter or number.
description String: Description of CMK. The maximum is 1024 bytes.
isArchived Boolean: Specify whether to archive key. Default value is false. This field is conflict with is_enabled, valid when key_state is Enabled, Disabled, Archived.
isEnabled Boolean: Specify whether to enable key. Default value is false. This field is conflict with is_archived, valid when key_state is Enabled, Disabled, Archived.
keyMaterialBase64 String: The base64-encoded key material encrypted with the public_key. For regions using the national secret version, the length of the imported key material is required to be 128 bits, and for regions using the FIPS version, the length of the imported key material is required to be 256 bits.
keyState String: State of CMK.
kmsExternalKeyId String: ID of the resource.
pendingDeleteWindowInDays Number: Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 7 days.
tags Map<String>: Tags of CMK.
validTo Number: This value means the effective timestamp of the key material, 0 means it does not expire. Need to be greater than the current timestamp, the maximum support is 2147443200.
wrappingAlgorithm String: The algorithm for encrypting key material. Available values include RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1 and RSAES_OAEP_SHA_256. Default value is RSAES_PKCS1_V1_5.

Import

KMS external keys can be imported using the id, e.g.

$ pulumi import tencentcloud:index/kmsExternalKey:KmsExternalKey example 287e8f40-7cbb-11eb-9a3a-xxxxx

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: tencentcloud tencentcloudstack/terraform-provider-tencentcloud
License
Notes: This Pulumi package is based on the tencentcloud Terraform Provider.

tencentcloud 1.81.182 published on Monday, Apr 14, 2025 by tencentcloudstack

tencentcloudstack/terraform-provider-tencentcloud

tencentcloud.KmsExternalKey

On this page

On this page

Example Usage

Create a basic instance.

Specify the encryption algorithm and public key.

Disable the external kms key.

Create KmsExternalKey Resource

Constructor syntax

Parameters

KmsExternalKey Resource Properties

Inputs

Outputs

Look up Existing KmsExternalKey Resource

Import

Package Details

On this page

On this page