Google Cloud Native v0.32.0, Nov 29 23

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

pulumi/pulumi-google-native

google-native.cloudkms/v1.CryptoKeyVersion

Explore with Pulumi AI

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

pulumi/pulumi-google-native

Create CryptoKeyVersion Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new CryptoKeyVersion(name: string, args: CryptoKeyVersionArgs, opts?: CustomResourceOptions);

@overload
def CryptoKeyVersion(resource_name: str,
                     args: CryptoKeyVersionArgs,
                     opts: Optional[ResourceOptions] = None)

@overload
def CryptoKeyVersion(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     key_ring_id: Optional[str] = None,
                     crypto_key_id: Optional[str] = None,
                     external_protection_level_options: Optional[ExternalProtectionLevelOptionsArgs] = None,
                     location: Optional[str] = None,
                     project: Optional[str] = None,
                     state: Optional[CryptoKeyVersionState] = None)

func NewCryptoKeyVersion(ctx *Context, name string, args CryptoKeyVersionArgs, opts ...ResourceOption) (*CryptoKeyVersion, error)

public CryptoKeyVersion(string name, CryptoKeyVersionArgs args, CustomResourceOptions? opts = null)

public CryptoKeyVersion(String name, CryptoKeyVersionArgs args)
public CryptoKeyVersion(String name, CryptoKeyVersionArgs args, CustomResourceOptions options)

type: google-native:cloudkms/v1:CryptoKeyVersion
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args CryptoKeyVersionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args CryptoKeyVersionArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args CryptoKeyVersionArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args CryptoKeyVersionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args CryptoKeyVersionArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var cryptoKeyVersionResource = new GoogleNative.Cloudkms.V1.CryptoKeyVersion("cryptoKeyVersionResource", new()
{
    KeyRingId = "string",
    CryptoKeyId = "string",
    ExternalProtectionLevelOptions = new GoogleNative.Cloudkms.V1.Inputs.ExternalProtectionLevelOptionsArgs
    {
        EkmConnectionKeyPath = "string",
        ExternalKeyUri = "string",
    },
    Location = "string",
    Project = "string",
    State = GoogleNative.Cloudkms.V1.CryptoKeyVersionState.CryptoKeyVersionStateUnspecified,
});

example, err := cloudkms.NewCryptoKeyVersion(ctx, "cryptoKeyVersionResource", &cloudkms.CryptoKeyVersionArgs{
	KeyRingId:   pulumi.String("string"),
	CryptoKeyId: pulumi.String("string"),
	ExternalProtectionLevelOptions: &cloudkms.ExternalProtectionLevelOptionsArgs{
		EkmConnectionKeyPath: pulumi.String("string"),
		ExternalKeyUri:       pulumi.String("string"),
	},
	Location: pulumi.String("string"),
	Project:  pulumi.String("string"),
	State:    cloudkms.CryptoKeyVersionStateCryptoKeyVersionStateUnspecified,
})

var cryptoKeyVersionResource = new CryptoKeyVersion("cryptoKeyVersionResource", CryptoKeyVersionArgs.builder()
    .keyRingId("string")
    .cryptoKeyId("string")
    .externalProtectionLevelOptions(ExternalProtectionLevelOptionsArgs.builder()
        .ekmConnectionKeyPath("string")
        .externalKeyUri("string")
        .build())
    .location("string")
    .project("string")
    .state("CRYPTO_KEY_VERSION_STATE_UNSPECIFIED")
    .build());

crypto_key_version_resource = google_native.cloudkms.v1.CryptoKeyVersion("cryptoKeyVersionResource",
    key_ring_id="string",
    crypto_key_id="string",
    external_protection_level_options=google_native.cloudkms.v1.ExternalProtectionLevelOptionsArgs(
        ekm_connection_key_path="string",
        external_key_uri="string",
    ),
    location="string",
    project="string",
    state=google_native.cloudkms.v1.CryptoKeyVersionState.CRYPTO_KEY_VERSION_STATE_UNSPECIFIED)

const cryptoKeyVersionResource = new google_native.cloudkms.v1.CryptoKeyVersion("cryptoKeyVersionResource", {
    keyRingId: "string",
    cryptoKeyId: "string",
    externalProtectionLevelOptions: {
        ekmConnectionKeyPath: "string",
        externalKeyUri: "string",
    },
    location: "string",
    project: "string",
    state: google_native.cloudkms.v1.CryptoKeyVersionState.CryptoKeyVersionStateUnspecified,
});

type: google-native:cloudkms/v1:CryptoKeyVersion
properties:
    cryptoKeyId: string
    externalProtectionLevelOptions:
        ekmConnectionKeyPath: string
        externalKeyUri: string
    keyRingId: string
    location: string
    project: string
    state: CRYPTO_KEY_VERSION_STATE_UNSPECIFIED

CryptoKeyVersion Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The CryptoKeyVersion resource accepts the following input properties:

KeyRingId string
CryptoKeyId string
ExternalProtectionLevelOptions Pulumi.GoogleNative.Cloudkms.V1.Inputs.ExternalProtectionLevelOptions: ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
Location string
Project string
State Pulumi.GoogleNative.Cloudkms.V1.CryptoKeyVersionState: The current state of the CryptoKeyVersion.

KeyRingId string
CryptoKeyId string
ExternalProtectionLevelOptions ExternalProtectionLevelOptionsArgs: ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
Location string
Project string
State CryptoKeyVersionStateEnum: The current state of the CryptoKeyVersion.

keyRingId String
cryptoKeyId String
externalProtectionLevelOptions ExternalProtectionLevelOptions: ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
location String
project String
state CryptoKeyVersionState: The current state of the CryptoKeyVersion.

keyRingId string
cryptoKeyId string
externalProtectionLevelOptions ExternalProtectionLevelOptions: ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
location string
project string
state CryptoKeyVersionState: The current state of the CryptoKeyVersion.

key_ring_id str
crypto_key_id str
external_protection_level_options ExternalProtectionLevelOptionsArgs: ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
location str
project str
state CryptoKeyVersionState: The current state of the CryptoKeyVersion.

keyRingId String
cryptoKeyId String
externalProtectionLevelOptions Property Map: ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.
location String
project String
state "CRYPTO_KEY_VERSION_STATE_UNSPECIFIED" | "PENDING_GENERATION" | "ENABLED" | "DISABLED" | "DESTROYED" | "DESTROY_SCHEDULED" | "PENDING_IMPORT" | "IMPORT_FAILED" | "GENERATION_FAILED" | "PENDING_EXTERNAL_DESTRUCTION" | "EXTERNAL_DESTRUCTION_FAILED": The current state of the CryptoKeyVersion.

Outputs

All input properties are implicitly available as output properties. Additionally, the CryptoKeyVersion resource produces the following output properties:

Algorithm string: The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
Attestation Pulumi.GoogleNative.Cloudkms.V1.Outputs.KeyOperationAttestationResponse: Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
CreateTime string: The time at which this CryptoKeyVersion was created.
DestroyEventTime string: The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
DestroyTime string: The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
ExternalDestructionFailureReason string: The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
GenerateTime string: The time this CryptoKeyVersion's key material was generated.
GenerationFailureReason string: The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
Id string: The provider-assigned unique ID for this managed resource.
ImportFailureReason string: The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
ImportJob string: The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
ImportTime string: The time at which this CryptoKeyVersion's key material was most recently imported.
Name string: The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.
ProtectionLevel string: The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
ReimportEligible bool: Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.

Algorithm string: The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
Attestation KeyOperationAttestationResponse: Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
CreateTime string: The time at which this CryptoKeyVersion was created.
DestroyEventTime string: The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
DestroyTime string: The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
ExternalDestructionFailureReason string: The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
GenerateTime string: The time this CryptoKeyVersion's key material was generated.
GenerationFailureReason string: The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
Id string: The provider-assigned unique ID for this managed resource.
ImportFailureReason string: The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
ImportJob string: The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
ImportTime string: The time at which this CryptoKeyVersion's key material was most recently imported.
Name string: The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.
ProtectionLevel string: The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
ReimportEligible bool: Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.

algorithm String: The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
attestation KeyOperationAttestationResponse: Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
createTime String: The time at which this CryptoKeyVersion was created.
destroyEventTime String: The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
destroyTime String: The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
externalDestructionFailureReason String: The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
generateTime String: The time this CryptoKeyVersion's key material was generated.
generationFailureReason String: The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
id String: The provider-assigned unique ID for this managed resource.
importFailureReason String: The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
importJob String: The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
importTime String: The time at which this CryptoKeyVersion's key material was most recently imported.
name String: The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.
protectionLevel String: The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
reimportEligible Boolean: Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.

algorithm string: The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
attestation KeyOperationAttestationResponse: Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
createTime string: The time at which this CryptoKeyVersion was created.
destroyEventTime string: The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
destroyTime string: The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
externalDestructionFailureReason string: The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
generateTime string: The time this CryptoKeyVersion's key material was generated.
generationFailureReason string: The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
id string: The provider-assigned unique ID for this managed resource.
importFailureReason string: The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
importJob string: The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
importTime string: The time at which this CryptoKeyVersion's key material was most recently imported.
name string: The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.
protectionLevel string: The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
reimportEligible boolean: Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.

algorithm str: The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
attestation KeyOperationAttestationResponse: Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
create_time str: The time at which this CryptoKeyVersion was created.
destroy_event_time str: The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
destroy_time str: The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
external_destruction_failure_reason str: The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
generate_time str: The time this CryptoKeyVersion's key material was generated.
generation_failure_reason str: The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
id str: The provider-assigned unique ID for this managed resource.
import_failure_reason str: The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
import_job str: The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
import_time str: The time at which this CryptoKeyVersion's key material was most recently imported.
name str: The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.
protection_level str: The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
reimport_eligible bool: Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.

algorithm String: The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.
attestation Property Map: Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google. Only provided for key versions with protection_level HSM.
createTime String: The time at which this CryptoKeyVersion was created.
destroyEventTime String: The time this CryptoKeyVersion's key material was destroyed. Only present if state is DESTROYED.
destroyTime String: The time this CryptoKeyVersion's key material is scheduled for destruction. Only present if state is DESTROY_SCHEDULED.
externalDestructionFailureReason String: The root cause of the most recent external destruction failure. Only present if state is EXTERNAL_DESTRUCTION_FAILED.
generateTime String: The time this CryptoKeyVersion's key material was generated.
generationFailureReason String: The root cause of the most recent generation failure. Only present if state is GENERATION_FAILED.
id String: The provider-assigned unique ID for this managed resource.
importFailureReason String: The root cause of the most recent import failure. Only present if state is IMPORT_FAILED.
importJob String: The name of the ImportJob used in the most recent import of this CryptoKeyVersion. Only present if the underlying key material was imported.
importTime String: The time at which this CryptoKeyVersion's key material was most recently imported.
name String: The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*.
protectionLevel String: The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.
reimportEligible Boolean: Whether or not this key version is eligible for reimport, by being specified as a target in ImportCryptoKeyVersionRequest.crypto_key_version.

Supporting Types

CertificateChainsResponse, CertificateChainsResponseArgs

CaviumCerts List<string>: Cavium certificate chain corresponding to the attestation.
GoogleCardCerts List<string>: Google card certificate chain corresponding to the attestation.
GooglePartitionCerts List<string>: Google partition certificate chain corresponding to the attestation.

CaviumCerts []string: Cavium certificate chain corresponding to the attestation.
GoogleCardCerts []string: Google card certificate chain corresponding to the attestation.
GooglePartitionCerts []string: Google partition certificate chain corresponding to the attestation.

caviumCerts List<String>: Cavium certificate chain corresponding to the attestation.
googleCardCerts List<String>: Google card certificate chain corresponding to the attestation.
googlePartitionCerts List<String>: Google partition certificate chain corresponding to the attestation.

caviumCerts string[]: Cavium certificate chain corresponding to the attestation.
googleCardCerts string[]: Google card certificate chain corresponding to the attestation.
googlePartitionCerts string[]: Google partition certificate chain corresponding to the attestation.

cavium_certs Sequence[str]: Cavium certificate chain corresponding to the attestation.
google_card_certs Sequence[str]: Google card certificate chain corresponding to the attestation.
google_partition_certs Sequence[str]: Google partition certificate chain corresponding to the attestation.

caviumCerts List<String>: Cavium certificate chain corresponding to the attestation.
googleCardCerts List<String>: Google card certificate chain corresponding to the attestation.
googlePartitionCerts List<String>: Google partition certificate chain corresponding to the attestation.

CryptoKeyVersionState, CryptoKeyVersionStateArgs

CryptoKeyVersionStateUnspecified: CRYPTO_KEY_VERSION_STATE_UNSPECIFIEDNot specified.
PendingGeneration: PENDING_GENERATIONThis version is still being generated. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
Enabled: ENABLEDThis version may be used for cryptographic operations.
Disabled: DISABLEDThis version may not be used, but the key material is still available, and the version can be placed back into the ENABLED state.
Destroyed: DESTROYEDThis version is destroyed, and the key material is no longer stored. This version may only become ENABLED again if this version is reimport_eligible and the original key material is reimported with a call to KeyManagementService.ImportCryptoKeyVersion.
DestroyScheduled: DESTROY_SCHEDULEDThis version is scheduled for destruction, and will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the DISABLED state.
PendingImport: PENDING_IMPORTThis version is still being imported. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
ImportFailed: IMPORT_FAILEDThis version was not imported successfully. It may not be used, enabled, disabled, or destroyed. The submitted key material has been discarded. Additional details can be found in CryptoKeyVersion.import_failure_reason.
GenerationFailed: GENERATION_FAILEDThis version was not generated successfully. It may not be used, enabled, disabled, or destroyed. Additional details can be found in CryptoKeyVersion.generation_failure_reason.
PendingExternalDestruction: PENDING_EXTERNAL_DESTRUCTIONThis version was destroyed, and it may not be used or enabled again. Cloud KMS is waiting for the corresponding key material residing in an external key manager to be destroyed.
ExternalDestructionFailed: EXTERNAL_DESTRUCTION_FAILEDThis version was destroyed, and it may not be used or enabled again. However, Cloud KMS could not confirm that the corresponding key material residing in an external key manager was destroyed. Additional details can be found in CryptoKeyVersion.external_destruction_failure_reason.

CryptoKeyVersionStateCryptoKeyVersionStateUnspecified: CRYPTO_KEY_VERSION_STATE_UNSPECIFIEDNot specified.
CryptoKeyVersionStatePendingGeneration: PENDING_GENERATIONThis version is still being generated. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
CryptoKeyVersionStateEnabled: ENABLEDThis version may be used for cryptographic operations.
CryptoKeyVersionStateDisabled: DISABLEDThis version may not be used, but the key material is still available, and the version can be placed back into the ENABLED state.
CryptoKeyVersionStateDestroyed: DESTROYEDThis version is destroyed, and the key material is no longer stored. This version may only become ENABLED again if this version is reimport_eligible and the original key material is reimported with a call to KeyManagementService.ImportCryptoKeyVersion.
CryptoKeyVersionStateDestroyScheduled: DESTROY_SCHEDULEDThis version is scheduled for destruction, and will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the DISABLED state.
CryptoKeyVersionStatePendingImport: PENDING_IMPORTThis version is still being imported. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
CryptoKeyVersionStateImportFailed: IMPORT_FAILEDThis version was not imported successfully. It may not be used, enabled, disabled, or destroyed. The submitted key material has been discarded. Additional details can be found in CryptoKeyVersion.import_failure_reason.
CryptoKeyVersionStateGenerationFailed: GENERATION_FAILEDThis version was not generated successfully. It may not be used, enabled, disabled, or destroyed. Additional details can be found in CryptoKeyVersion.generation_failure_reason.
CryptoKeyVersionStatePendingExternalDestruction: PENDING_EXTERNAL_DESTRUCTIONThis version was destroyed, and it may not be used or enabled again. Cloud KMS is waiting for the corresponding key material residing in an external key manager to be destroyed.
CryptoKeyVersionStateExternalDestructionFailed: EXTERNAL_DESTRUCTION_FAILEDThis version was destroyed, and it may not be used or enabled again. However, Cloud KMS could not confirm that the corresponding key material residing in an external key manager was destroyed. Additional details can be found in CryptoKeyVersion.external_destruction_failure_reason.

CryptoKeyVersionStateUnspecified: CRYPTO_KEY_VERSION_STATE_UNSPECIFIEDNot specified.
PendingGeneration: PENDING_GENERATIONThis version is still being generated. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
Enabled: ENABLEDThis version may be used for cryptographic operations.
Disabled: DISABLEDThis version may not be used, but the key material is still available, and the version can be placed back into the ENABLED state.
Destroyed: DESTROYEDThis version is destroyed, and the key material is no longer stored. This version may only become ENABLED again if this version is reimport_eligible and the original key material is reimported with a call to KeyManagementService.ImportCryptoKeyVersion.
DestroyScheduled: DESTROY_SCHEDULEDThis version is scheduled for destruction, and will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the DISABLED state.
PendingImport: PENDING_IMPORTThis version is still being imported. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
ImportFailed: IMPORT_FAILEDThis version was not imported successfully. It may not be used, enabled, disabled, or destroyed. The submitted key material has been discarded. Additional details can be found in CryptoKeyVersion.import_failure_reason.
GenerationFailed: GENERATION_FAILEDThis version was not generated successfully. It may not be used, enabled, disabled, or destroyed. Additional details can be found in CryptoKeyVersion.generation_failure_reason.
PendingExternalDestruction: PENDING_EXTERNAL_DESTRUCTIONThis version was destroyed, and it may not be used or enabled again. Cloud KMS is waiting for the corresponding key material residing in an external key manager to be destroyed.
ExternalDestructionFailed: EXTERNAL_DESTRUCTION_FAILEDThis version was destroyed, and it may not be used or enabled again. However, Cloud KMS could not confirm that the corresponding key material residing in an external key manager was destroyed. Additional details can be found in CryptoKeyVersion.external_destruction_failure_reason.

CryptoKeyVersionStateUnspecified: CRYPTO_KEY_VERSION_STATE_UNSPECIFIEDNot specified.
PendingGeneration: PENDING_GENERATIONThis version is still being generated. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
Enabled: ENABLEDThis version may be used for cryptographic operations.
Disabled: DISABLEDThis version may not be used, but the key material is still available, and the version can be placed back into the ENABLED state.
Destroyed: DESTROYEDThis version is destroyed, and the key material is no longer stored. This version may only become ENABLED again if this version is reimport_eligible and the original key material is reimported with a call to KeyManagementService.ImportCryptoKeyVersion.
DestroyScheduled: DESTROY_SCHEDULEDThis version is scheduled for destruction, and will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the DISABLED state.
PendingImport: PENDING_IMPORTThis version is still being imported. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
ImportFailed: IMPORT_FAILEDThis version was not imported successfully. It may not be used, enabled, disabled, or destroyed. The submitted key material has been discarded. Additional details can be found in CryptoKeyVersion.import_failure_reason.
GenerationFailed: GENERATION_FAILEDThis version was not generated successfully. It may not be used, enabled, disabled, or destroyed. Additional details can be found in CryptoKeyVersion.generation_failure_reason.
PendingExternalDestruction: PENDING_EXTERNAL_DESTRUCTIONThis version was destroyed, and it may not be used or enabled again. Cloud KMS is waiting for the corresponding key material residing in an external key manager to be destroyed.
ExternalDestructionFailed: EXTERNAL_DESTRUCTION_FAILEDThis version was destroyed, and it may not be used or enabled again. However, Cloud KMS could not confirm that the corresponding key material residing in an external key manager was destroyed. Additional details can be found in CryptoKeyVersion.external_destruction_failure_reason.

CRYPTO_KEY_VERSION_STATE_UNSPECIFIED: CRYPTO_KEY_VERSION_STATE_UNSPECIFIEDNot specified.
PENDING_GENERATION: PENDING_GENERATIONThis version is still being generated. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
ENABLED: ENABLEDThis version may be used for cryptographic operations.
DISABLED: DISABLEDThis version may not be used, but the key material is still available, and the version can be placed back into the ENABLED state.
DESTROYED: DESTROYEDThis version is destroyed, and the key material is no longer stored. This version may only become ENABLED again if this version is reimport_eligible and the original key material is reimported with a call to KeyManagementService.ImportCryptoKeyVersion.
DESTROY_SCHEDULED: DESTROY_SCHEDULEDThis version is scheduled for destruction, and will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the DISABLED state.
PENDING_IMPORT: PENDING_IMPORTThis version is still being imported. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
IMPORT_FAILED: IMPORT_FAILEDThis version was not imported successfully. It may not be used, enabled, disabled, or destroyed. The submitted key material has been discarded. Additional details can be found in CryptoKeyVersion.import_failure_reason.
GENERATION_FAILED: GENERATION_FAILEDThis version was not generated successfully. It may not be used, enabled, disabled, or destroyed. Additional details can be found in CryptoKeyVersion.generation_failure_reason.
PENDING_EXTERNAL_DESTRUCTION: PENDING_EXTERNAL_DESTRUCTIONThis version was destroyed, and it may not be used or enabled again. Cloud KMS is waiting for the corresponding key material residing in an external key manager to be destroyed.
EXTERNAL_DESTRUCTION_FAILED: EXTERNAL_DESTRUCTION_FAILEDThis version was destroyed, and it may not be used or enabled again. However, Cloud KMS could not confirm that the corresponding key material residing in an external key manager was destroyed. Additional details can be found in CryptoKeyVersion.external_destruction_failure_reason.

"CRYPTO_KEY_VERSION_STATE_UNSPECIFIED": CRYPTO_KEY_VERSION_STATE_UNSPECIFIEDNot specified.
"PENDING_GENERATION": PENDING_GENERATIONThis version is still being generated. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
"ENABLED": ENABLEDThis version may be used for cryptographic operations.
"DISABLED": DISABLEDThis version may not be used, but the key material is still available, and the version can be placed back into the ENABLED state.
"DESTROYED": DESTROYEDThis version is destroyed, and the key material is no longer stored. This version may only become ENABLED again if this version is reimport_eligible and the original key material is reimported with a call to KeyManagementService.ImportCryptoKeyVersion.
"DESTROY_SCHEDULED": DESTROY_SCHEDULEDThis version is scheduled for destruction, and will be destroyed soon. Call RestoreCryptoKeyVersion to put it back into the DISABLED state.
"PENDING_IMPORT": PENDING_IMPORTThis version is still being imported. It may not be used, enabled, disabled, or destroyed yet. Cloud KMS will automatically mark this version ENABLED as soon as the version is ready.
"IMPORT_FAILED": IMPORT_FAILEDThis version was not imported successfully. It may not be used, enabled, disabled, or destroyed. The submitted key material has been discarded. Additional details can be found in CryptoKeyVersion.import_failure_reason.
"GENERATION_FAILED": GENERATION_FAILEDThis version was not generated successfully. It may not be used, enabled, disabled, or destroyed. Additional details can be found in CryptoKeyVersion.generation_failure_reason.
"PENDING_EXTERNAL_DESTRUCTION": PENDING_EXTERNAL_DESTRUCTIONThis version was destroyed, and it may not be used or enabled again. Cloud KMS is waiting for the corresponding key material residing in an external key manager to be destroyed.
"EXTERNAL_DESTRUCTION_FAILED": EXTERNAL_DESTRUCTION_FAILEDThis version was destroyed, and it may not be used or enabled again. However, Cloud KMS could not confirm that the corresponding key material residing in an external key manager was destroyed. Additional details can be found in CryptoKeyVersion.external_destruction_failure_reason.

ExternalProtectionLevelOptions, ExternalProtectionLevelOptionsArgs

EkmConnectionKeyPath string: The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
ExternalKeyUri string: The URI for an external resource that this CryptoKeyVersion represents.

EkmConnectionKeyPath string: The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
ExternalKeyUri string: The URI for an external resource that this CryptoKeyVersion represents.

ekmConnectionKeyPath String: The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
externalKeyUri String: The URI for an external resource that this CryptoKeyVersion represents.

ekmConnectionKeyPath string: The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
externalKeyUri string: The URI for an external resource that this CryptoKeyVersion represents.

ekm_connection_key_path str: The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
external_key_uri str: The URI for an external resource that this CryptoKeyVersion represents.

ekmConnectionKeyPath String: The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
externalKeyUri String: The URI for an external resource that this CryptoKeyVersion represents.

ExternalProtectionLevelOptionsResponse, ExternalProtectionLevelOptionsResponseArgs

EkmConnectionKeyPath string: The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
ExternalKeyUri string: The URI for an external resource that this CryptoKeyVersion represents.

EkmConnectionKeyPath string: The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
ExternalKeyUri string: The URI for an external resource that this CryptoKeyVersion represents.

ekmConnectionKeyPath String: The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
externalKeyUri String: The URI for an external resource that this CryptoKeyVersion represents.

ekmConnectionKeyPath string: The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
externalKeyUri string: The URI for an external resource that this CryptoKeyVersion represents.

ekm_connection_key_path str: The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
external_key_uri str: The URI for an external resource that this CryptoKeyVersion represents.

ekmConnectionKeyPath String: The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of external_key_uri when using an EkmConnection.
externalKeyUri String: The URI for an external resource that this CryptoKeyVersion represents.

KeyOperationAttestationResponse, KeyOperationAttestationResponseArgs

CertChains Pulumi.GoogleNative.Cloudkms.V1.Inputs.CertificateChainsResponse: The certificate chains needed to validate the attestation
Content string: The attestation data provided by the HSM when the key operation was performed.
Format string: The format of the attestation data.

CertChains CertificateChainsResponse: The certificate chains needed to validate the attestation
Content string: The attestation data provided by the HSM when the key operation was performed.
Format string: The format of the attestation data.

certChains CertificateChainsResponse: The certificate chains needed to validate the attestation
content String: The attestation data provided by the HSM when the key operation was performed.
format String: The format of the attestation data.

certChains CertificateChainsResponse: The certificate chains needed to validate the attestation
content string: The attestation data provided by the HSM when the key operation was performed.
format string: The format of the attestation data.

cert_chains CertificateChainsResponse: The certificate chains needed to validate the attestation
content str: The attestation data provided by the HSM when the key operation was performed.
format str: The format of the attestation data.

certChains Property Map: The certificate chains needed to validate the attestation
content String: The attestation data provided by the HSM when the key operation was performed.
format String: The format of the attestation data.

Package Details

Repository: Google Cloud Native pulumi/pulumi-google-native
License: Apache-2.0

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

pulumi/pulumi-google-native

google-native.cloudkms/v1.CryptoKeyVersion

On this page

On this page

Create CryptoKeyVersion Resource

Constructor syntax

Parameters

Constructor example

CryptoKeyVersion Resource Properties

Inputs

Outputs

Supporting Types

CertificateChainsResponse, CertificateChainsResponseArgs

CryptoKeyVersionState, CryptoKeyVersionStateArgs

ExternalProtectionLevelOptions, ExternalProtectionLevelOptionsArgs

ExternalProtectionLevelOptionsResponse, ExternalProtectionLevelOptionsResponseArgs

KeyOperationAttestationResponse, KeyOperationAttestationResponseArgs

Package Details

On this page

On this page