Docs Home
Packages
MongoDB Atlas v3.18.0 published on Thursday, Sep 12, 2024 by Pulumi
mongodbatlas.getEncryptionAtRest
Explore with Pulumi AI
# Data Source: mongodbatlas.EncryptionAtRest
mongodbatlas.EncryptionAtRest describes encryption at rest configuration for an Atlas project with one of the following providers:
Amazon Web Services Key Management Service Azure Key Vault Google Cloud KMS
IMPORTANT By default, Atlas enables encryption at rest for all cluster storage and snapshot volumes.
IMPORTANT Atlas limits this feature to dedicated cluster tiers of M10 and greater. For more information see: https://www.mongodb.com/docs/atlas/reference/api-resources-spec/#tag/Encryption-at-Rest-using-Customer-Key-Management
NOTE: Groups and projects are synonymous terms. You may find
groupIdin the official documentation.
Example Usage
S
Configuring encryption at rest using customer key management in AWS
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const setupOnly = new mongodbatlas.CloudProviderAccessSetup("setup_only", {
projectId: atlasProjectId,
providerName: "AWS",
});
const authRole = new mongodbatlas.CloudProviderAccessAuthorization("auth_role", {
projectId: atlasProjectId,
roleId: setupOnly.roleId,
aws: {
iamAssumedRoleArn: testRole.arn,
},
});
const testEncryptionAtRest = new mongodbatlas.EncryptionAtRest("test", {
projectId: atlasProjectId,
awsKmsConfig: {
enabled: true,
customerMasterKeyId: kmsKey.id,
region: atlasRegion,
roleId: authRole.roleId,
},
});
const cluster = new mongodbatlas.AdvancedCluster("cluster", {
projectId: testEncryptionAtRest.projectId,
name: "MyCluster",
clusterType: "REPLICASET",
backupEnabled: true,
encryptionAtRestProvider: "AWS",
replicationSpecs: [{
regionConfigs: [{
priority: 7,
providerName: "AWS",
regionName: "US_EAST_1",
electableSpecs: {
instanceSize: "M10",
nodeCount: 3,
},
}],
}],
});
const test = mongodbatlas.getEncryptionAtRestOutput({
projectId: testEncryptionAtRest.projectId,
});
export const isAwsKmsEncryptionAtRestValid = test.apply(test => test.awsKmsConfig?.valid);
import pulumi
import pulumi_mongodbatlas as mongodbatlas
setup_only = mongodbatlas.CloudProviderAccessSetup("setup_only",
project_id=atlas_project_id,
provider_name="AWS")
auth_role = mongodbatlas.CloudProviderAccessAuthorization("auth_role",
project_id=atlas_project_id,
role_id=setup_only.role_id,
aws={
"iam_assumed_role_arn": test_role["arn"],
})
test_encryption_at_rest = mongodbatlas.EncryptionAtRest("test",
project_id=atlas_project_id,
aws_kms_config={
"enabled": True,
"customer_master_key_id": kms_key["id"],
"region": atlas_region,
"role_id": auth_role.role_id,
})
cluster = mongodbatlas.AdvancedCluster("cluster",
project_id=test_encryption_at_rest.project_id,
name="MyCluster",
cluster_type="REPLICASET",
backup_enabled=True,
encryption_at_rest_provider="AWS",
replication_specs=[{
"region_configs": [{
"priority": 7,
"provider_name": "AWS",
"region_name": "US_EAST_1",
"electable_specs": {
"instance_size": "M10",
"node_count": 3,
},
}],
}])
test = mongodbatlas.get_encryption_at_rest_output(project_id=test_encryption_at_rest.project_id)
pulumi.export("isAwsKmsEncryptionAtRestValid", test.aws_kms_config.valid)
package main
import (
"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
setupOnly, err := mongodbatlas.NewCloudProviderAccessSetup(ctx, "setup_only", &mongodbatlas.CloudProviderAccessSetupArgs{
ProjectId: pulumi.Any(atlasProjectId),
ProviderName: pulumi.String("AWS"),
})
if err != nil {
return err
}
authRole, err := mongodbatlas.NewCloudProviderAccessAuthorization(ctx, "auth_role", &mongodbatlas.CloudProviderAccessAuthorizationArgs{
ProjectId: pulumi.Any(atlasProjectId),
RoleId: setupOnly.RoleId,
Aws: &mongodbatlas.CloudProviderAccessAuthorizationAwsArgs{
IamAssumedRoleArn: pulumi.Any(testRole.Arn),
},
})
if err != nil {
return err
}
testEncryptionAtRest, err := mongodbatlas.NewEncryptionAtRest(ctx, "test", &mongodbatlas.EncryptionAtRestArgs{
ProjectId: pulumi.Any(atlasProjectId),
AwsKmsConfig: &mongodbatlas.EncryptionAtRestAwsKmsConfigArgs{
Enabled: pulumi.Bool(true),
CustomerMasterKeyId: pulumi.Any(kmsKey.Id),
Region: pulumi.Any(atlasRegion),
RoleId: authRole.RoleId,
},
})
if err != nil {
return err
}
_, err = mongodbatlas.NewAdvancedCluster(ctx, "cluster", &mongodbatlas.AdvancedClusterArgs{
ProjectId: testEncryptionAtRest.ProjectId,
Name: pulumi.String("MyCluster"),
ClusterType: pulumi.String("REPLICASET"),
BackupEnabled: pulumi.Bool(true),
EncryptionAtRestProvider: pulumi.String("AWS"),
ReplicationSpecs: mongodbatlas.AdvancedClusterReplicationSpecArray{
&mongodbatlas.AdvancedClusterReplicationSpecArgs{
RegionConfigs: mongodbatlas.AdvancedClusterReplicationSpecRegionConfigArray{
&mongodbatlas.AdvancedClusterReplicationSpecRegionConfigArgs{
Priority: pulumi.Int(7),
ProviderName: pulumi.String("AWS"),
RegionName: pulumi.String("US_EAST_1"),
ElectableSpecs: &mongodbatlas.AdvancedClusterReplicationSpecRegionConfigElectableSpecsArgs{
InstanceSize: pulumi.String("M10"),
NodeCount: pulumi.Int(3),
},
},
},
},
},
})
if err != nil {
return err
}
test := mongodbatlas.LookupEncryptionAtRestOutput(ctx, mongodbatlas.GetEncryptionAtRestOutputArgs{
ProjectId: testEncryptionAtRest.ProjectId,
}, nil)
ctx.Export("isAwsKmsEncryptionAtRestValid", test.ApplyT(func(test mongodbatlas.GetEncryptionAtRestResult) (*bool, error) {
return &test.AwsKmsConfig.Valid, nil
}).(pulumi.BoolPtrOutput))
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var setupOnly = new Mongodbatlas.CloudProviderAccessSetup("setup_only", new()
{
ProjectId = atlasProjectId,
ProviderName = "AWS",
});
var authRole = new Mongodbatlas.CloudProviderAccessAuthorization("auth_role", new()
{
ProjectId = atlasProjectId,
RoleId = setupOnly.RoleId,
Aws = new Mongodbatlas.Inputs.CloudProviderAccessAuthorizationAwsArgs
{
IamAssumedRoleArn = testRole.Arn,
},
});
var testEncryptionAtRest = new Mongodbatlas.EncryptionAtRest("test", new()
{
ProjectId = atlasProjectId,
AwsKmsConfig = new Mongodbatlas.Inputs.EncryptionAtRestAwsKmsConfigArgs
{
Enabled = true,
CustomerMasterKeyId = kmsKey.Id,
Region = atlasRegion,
RoleId = authRole.RoleId,
},
});
var cluster = new Mongodbatlas.AdvancedCluster("cluster", new()
{
ProjectId = testEncryptionAtRest.ProjectId,
Name = "MyCluster",
ClusterType = "REPLICASET",
BackupEnabled = true,
EncryptionAtRestProvider = "AWS",
ReplicationSpecs = new[]
{
new Mongodbatlas.Inputs.AdvancedClusterReplicationSpecArgs
{
RegionConfigs = new[]
{
new Mongodbatlas.Inputs.AdvancedClusterReplicationSpecRegionConfigArgs
{
Priority = 7,
ProviderName = "AWS",
RegionName = "US_EAST_1",
ElectableSpecs = new Mongodbatlas.Inputs.AdvancedClusterReplicationSpecRegionConfigElectableSpecsArgs
{
InstanceSize = "M10",
NodeCount = 3,
},
},
},
},
},
});
var test = Mongodbatlas.GetEncryptionAtRest.Invoke(new()
{
ProjectId = testEncryptionAtRest.ProjectId,
});
return new Dictionary<string, object?>
{
["isAwsKmsEncryptionAtRestValid"] = test.Apply(getEncryptionAtRestResult => getEncryptionAtRestResult.AwsKmsConfig?.Valid),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.CloudProviderAccessSetup;
import com.pulumi.mongodbatlas.CloudProviderAccessSetupArgs;
import com.pulumi.mongodbatlas.CloudProviderAccessAuthorization;
import com.pulumi.mongodbatlas.CloudProviderAccessAuthorizationArgs;
import com.pulumi.mongodbatlas.inputs.CloudProviderAccessAuthorizationAwsArgs;
import com.pulumi.mongodbatlas.EncryptionAtRest;
import com.pulumi.mongodbatlas.EncryptionAtRestArgs;
import com.pulumi.mongodbatlas.inputs.EncryptionAtRestAwsKmsConfigArgs;
import com.pulumi.mongodbatlas.AdvancedCluster;
import com.pulumi.mongodbatlas.AdvancedClusterArgs;
import com.pulumi.mongodbatlas.inputs.AdvancedClusterReplicationSpecArgs;
import com.pulumi.mongodbatlas.MongodbatlasFunctions;
import com.pulumi.mongodbatlas.inputs.GetEncryptionAtRestArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var setupOnly = new CloudProviderAccessSetup("setupOnly", CloudProviderAccessSetupArgs.builder()
.projectId(atlasProjectId)
.providerName("AWS")
.build());
var authRole = new CloudProviderAccessAuthorization("authRole", CloudProviderAccessAuthorizationArgs.builder()
.projectId(atlasProjectId)
.roleId(setupOnly.roleId())
.aws(CloudProviderAccessAuthorizationAwsArgs.builder()
.iamAssumedRoleArn(testRole.arn())
.build())
.build());
var testEncryptionAtRest = new EncryptionAtRest("testEncryptionAtRest", EncryptionAtRestArgs.builder()
.projectId(atlasProjectId)
.awsKmsConfig(EncryptionAtRestAwsKmsConfigArgs.builder()
.enabled(true)
.customerMasterKeyId(kmsKey.id())
.region(atlasRegion)
.roleId(authRole.roleId())
.build())
.build());
var cluster = new AdvancedCluster("cluster", AdvancedClusterArgs.builder()
.projectId(testEncryptionAtRest.projectId())
.name("MyCluster")
.clusterType("REPLICASET")
.backupEnabled(true)
.encryptionAtRestProvider("AWS")
.replicationSpecs(AdvancedClusterReplicationSpecArgs.builder()
.regionConfigs(AdvancedClusterReplicationSpecRegionConfigArgs.builder()
.priority(7)
.providerName("AWS")
.regionName("US_EAST_1")
.electableSpecs(AdvancedClusterReplicationSpecRegionConfigElectableSpecsArgs.builder()
.instanceSize("M10")
.nodeCount(3)
.build())
.build())
.build())
.build());
final var test = MongodbatlasFunctions.getEncryptionAtRest(GetEncryptionAtRestArgs.builder()
.projectId(testEncryptionAtRest.projectId())
.build());
ctx.export("isAwsKmsEncryptionAtRestValid", test.applyValue(getEncryptionAtRestResult -> getEncryptionAtRestResult).applyValue(test -> test.applyValue(getEncryptionAtRestResult -> getEncryptionAtRestResult.awsKmsConfig().valid())));
}
}
resources:
setupOnly:
type: mongodbatlas:CloudProviderAccessSetup
name: setup_only
properties:
projectId: ${atlasProjectId}
providerName: AWS
authRole:
type: mongodbatlas:CloudProviderAccessAuthorization
name: auth_role
properties:
projectId: ${atlasProjectId}
roleId: ${setupOnly.roleId}
aws:
iamAssumedRoleArn: ${testRole.arn}
testEncryptionAtRest:
type: mongodbatlas:EncryptionAtRest
name: test
properties:
projectId: ${atlasProjectId}
awsKmsConfig:
enabled: true
customerMasterKeyId: ${kmsKey.id}
region: ${atlasRegion}
roleId: ${authRole.roleId}
cluster:
type: mongodbatlas:AdvancedCluster
properties:
projectId: ${testEncryptionAtRest.projectId}
name: MyCluster
clusterType: REPLICASET
backupEnabled: true
encryptionAtRestProvider: AWS
replicationSpecs:
- regionConfigs:
- priority: 7
providerName: AWS
regionName: US_EAST_1
electableSpecs:
instanceSize: M10
nodeCount: 3
variables:
test:
fn::invoke:
Function: mongodbatlas:getEncryptionAtRest
Arguments:
projectId: ${testEncryptionAtRest.projectId}
outputs:
isAwsKmsEncryptionAtRestValid: ${test.awsKmsConfig.valid}
Configuring encryption at rest using customer key management in Azure
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const testEncryptionAtRest = new mongodbatlas.EncryptionAtRest("test", {
projectId: atlasProjectId,
azureKeyVaultConfig: {
enabled: true,
azureEnvironment: "AZURE",
tenantId: azureTenantId,
subscriptionId: azureSubscriptionId,
clientId: azureClientId,
secret: azureClientSecret,
resourceGroupName: azureResourceGroupName,
keyVaultName: azureKeyVaultName,
keyIdentifier: azureKeyIdentifier,
},
});
const test = mongodbatlas.getEncryptionAtRestOutput({
projectId: testEncryptionAtRest.projectId,
});
export const isAzureEncryptionAtRestValid = test.apply(test => test.azureKeyVaultConfig?.valid);
import pulumi
import pulumi_mongodbatlas as mongodbatlas
test_encryption_at_rest = mongodbatlas.EncryptionAtRest("test",
project_id=atlas_project_id,
azure_key_vault_config={
"enabled": True,
"azure_environment": "AZURE",
"tenant_id": azure_tenant_id,
"subscription_id": azure_subscription_id,
"client_id": azure_client_id,
"secret": azure_client_secret,
"resource_group_name": azure_resource_group_name,
"key_vault_name": azure_key_vault_name,
"key_identifier": azure_key_identifier,
})
test = mongodbatlas.get_encryption_at_rest_output(project_id=test_encryption_at_rest.project_id)
pulumi.export("isAzureEncryptionAtRestValid", test.azure_key_vault_config.valid)
package main
import (
"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
testEncryptionAtRest, err := mongodbatlas.NewEncryptionAtRest(ctx, "test", &mongodbatlas.EncryptionAtRestArgs{
ProjectId: pulumi.Any(atlasProjectId),
AzureKeyVaultConfig: &mongodbatlas.EncryptionAtRestAzureKeyVaultConfigArgs{
Enabled: pulumi.Bool(true),
AzureEnvironment: pulumi.String("AZURE"),
TenantId: pulumi.Any(azureTenantId),
SubscriptionId: pulumi.Any(azureSubscriptionId),
ClientId: pulumi.Any(azureClientId),
Secret: pulumi.Any(azureClientSecret),
ResourceGroupName: pulumi.Any(azureResourceGroupName),
KeyVaultName: pulumi.Any(azureKeyVaultName),
KeyIdentifier: pulumi.Any(azureKeyIdentifier),
},
})
if err != nil {
return err
}
test := mongodbatlas.LookupEncryptionAtRestOutput(ctx, mongodbatlas.GetEncryptionAtRestOutputArgs{
ProjectId: testEncryptionAtRest.ProjectId,
}, nil)
ctx.Export("isAzureEncryptionAtRestValid", test.ApplyT(func(test mongodbatlas.GetEncryptionAtRestResult) (*bool, error) {
return &test.AzureKeyVaultConfig.Valid, nil
}).(pulumi.BoolPtrOutput))
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var testEncryptionAtRest = new Mongodbatlas.EncryptionAtRest("test", new()
{
ProjectId = atlasProjectId,
AzureKeyVaultConfig = new Mongodbatlas.Inputs.EncryptionAtRestAzureKeyVaultConfigArgs
{
Enabled = true,
AzureEnvironment = "AZURE",
TenantId = azureTenantId,
SubscriptionId = azureSubscriptionId,
ClientId = azureClientId,
Secret = azureClientSecret,
ResourceGroupName = azureResourceGroupName,
KeyVaultName = azureKeyVaultName,
KeyIdentifier = azureKeyIdentifier,
},
});
var test = Mongodbatlas.GetEncryptionAtRest.Invoke(new()
{
ProjectId = testEncryptionAtRest.ProjectId,
});
return new Dictionary<string, object?>
{
["isAzureEncryptionAtRestValid"] = test.Apply(getEncryptionAtRestResult => getEncryptionAtRestResult.AzureKeyVaultConfig?.Valid),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.EncryptionAtRest;
import com.pulumi.mongodbatlas.EncryptionAtRestArgs;
import com.pulumi.mongodbatlas.inputs.EncryptionAtRestAzureKeyVaultConfigArgs;
import com.pulumi.mongodbatlas.MongodbatlasFunctions;
import com.pulumi.mongodbatlas.inputs.GetEncryptionAtRestArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testEncryptionAtRest = new EncryptionAtRest("testEncryptionAtRest", EncryptionAtRestArgs.builder()
.projectId(atlasProjectId)
.azureKeyVaultConfig(EncryptionAtRestAzureKeyVaultConfigArgs.builder()
.enabled(true)
.azureEnvironment("AZURE")
.tenantId(azureTenantId)
.subscriptionId(azureSubscriptionId)
.clientId(azureClientId)
.secret(azureClientSecret)
.resourceGroupName(azureResourceGroupName)
.keyVaultName(azureKeyVaultName)
.keyIdentifier(azureKeyIdentifier)
.build())
.build());
final var test = MongodbatlasFunctions.getEncryptionAtRest(GetEncryptionAtRestArgs.builder()
.projectId(testEncryptionAtRest.projectId())
.build());
ctx.export("isAzureEncryptionAtRestValid", test.applyValue(getEncryptionAtRestResult -> getEncryptionAtRestResult).applyValue(test -> test.applyValue(getEncryptionAtRestResult -> getEncryptionAtRestResult.azureKeyVaultConfig().valid())));
}
}
resources:
testEncryptionAtRest:
type: mongodbatlas:EncryptionAtRest
name: test
properties:
projectId: ${atlasProjectId}
azureKeyVaultConfig:
enabled: true
azureEnvironment: AZURE
tenantId: ${azureTenantId}
subscriptionId: ${azureSubscriptionId}
clientId: ${azureClientId}
secret: ${azureClientSecret}
resourceGroupName: ${azureResourceGroupName}
keyVaultName: ${azureKeyVaultName}
keyIdentifier: ${azureKeyIdentifier}
variables:
test:
fn::invoke:
Function: mongodbatlas:getEncryptionAtRest
Arguments:
projectId: ${testEncryptionAtRest.projectId}
outputs:
isAzureEncryptionAtRestValid: ${test.azureKeyVaultConfig.valid}
NOTE: It is possible to configure Atlas Encryption at Rest to communicate with Azure Key Vault using Azure Private Link, ensuring that all traffic between Atlas and Key Vault takes place over Azure’s private network interfaces. Please review
mongodbatlas.EncryptionAtRestPrivateEndpointresource for details.
Configuring encryption at rest using customer key management in GCP
import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";
const testEncryptionAtRest = new mongodbatlas.EncryptionAtRest("test", {
projectId: atlasProjectId,
googleCloudKmsConfig: {
enabled: true,
serviceAccountKey: "{\"type\": \"service_account\",\"project_id\": \"my-project-common-0\",\"private_key_id\": \"e120598ea4f88249469fcdd75a9a785c1bb3\",\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEuwIBA(truncated)SfecnS0mT94D9\\n-----END PRIVATE KEY-----\\n\",\"client_email\": \"my-email-kms-0@my-project-common-0.iam.gserviceaccount.com\",\"client_id\": \"10180967717292066\",\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\"token_uri\": \"https://accounts.google.com/o/oauth2/token\",\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/my-email-kms-0%40my-project-common-0.iam.gserviceaccount.com\"}",
keyVersionResourceId: "projects/my-project-common-0/locations/us-east4/keyRings/my-key-ring-0/cryptoKeys/my-key-0/cryptoKeyVersions/1",
},
});
const test = mongodbatlas.getEncryptionAtRestOutput({
projectId: testEncryptionAtRest.projectId,
});
export const isGcpEncryptionAtRestValid = test.apply(test => test.googleCloudKmsConfig?.valid);
import pulumi
import pulumi_mongodbatlas as mongodbatlas
test_encryption_at_rest = mongodbatlas.EncryptionAtRest("test",
project_id=atlas_project_id,
google_cloud_kms_config={
"enabled": True,
"service_account_key": "{\"type\": \"service_account\",\"project_id\": \"my-project-common-0\",\"private_key_id\": \"e120598ea4f88249469fcdd75a9a785c1bb3\",\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEuwIBA(truncated)SfecnS0mT94D9\\n-----END PRIVATE KEY-----\\n\",\"client_email\": \"my-email-kms-0@my-project-common-0.iam.gserviceaccount.com\",\"client_id\": \"10180967717292066\",\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\"token_uri\": \"https://accounts.google.com/o/oauth2/token\",\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/my-email-kms-0%40my-project-common-0.iam.gserviceaccount.com\"}",
"key_version_resource_id": "projects/my-project-common-0/locations/us-east4/keyRings/my-key-ring-0/cryptoKeys/my-key-0/cryptoKeyVersions/1",
})
test = mongodbatlas.get_encryption_at_rest_output(project_id=test_encryption_at_rest.project_id)
pulumi.export("isGcpEncryptionAtRestValid", test.google_cloud_kms_config.valid)
package main
import (
"github.com/pulumi/pulumi-mongodbatlas/sdk/v3/go/mongodbatlas"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
testEncryptionAtRest, err := mongodbatlas.NewEncryptionAtRest(ctx, "test", &mongodbatlas.EncryptionAtRestArgs{
ProjectId: pulumi.Any(atlasProjectId),
GoogleCloudKmsConfig: &mongodbatlas.EncryptionAtRestGoogleCloudKmsConfigArgs{
Enabled: pulumi.Bool(true),
ServiceAccountKey: pulumi.String("{\"type\": \"service_account\",\"project_id\": \"my-project-common-0\",\"private_key_id\": \"e120598ea4f88249469fcdd75a9a785c1bb3\",\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEuwIBA(truncated)SfecnS0mT94D9\\n-----END PRIVATE KEY-----\\n\",\"client_email\": \"my-email-kms-0@my-project-common-0.iam.gserviceaccount.com\",\"client_id\": \"10180967717292066\",\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\"token_uri\": \"https://accounts.google.com/o/oauth2/token\",\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/my-email-kms-0%40my-project-common-0.iam.gserviceaccount.com\"}"),
KeyVersionResourceId: pulumi.String("projects/my-project-common-0/locations/us-east4/keyRings/my-key-ring-0/cryptoKeys/my-key-0/cryptoKeyVersions/1"),
},
})
if err != nil {
return err
}
test := mongodbatlas.LookupEncryptionAtRestOutput(ctx, mongodbatlas.GetEncryptionAtRestOutputArgs{
ProjectId: testEncryptionAtRest.ProjectId,
}, nil)
ctx.Export("isGcpEncryptionAtRestValid", test.ApplyT(func(test mongodbatlas.GetEncryptionAtRestResult) (*bool, error) {
return &test.GoogleCloudKmsConfig.Valid, nil
}).(pulumi.BoolPtrOutput))
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;
return await Deployment.RunAsync(() =>
{
var testEncryptionAtRest = new Mongodbatlas.EncryptionAtRest("test", new()
{
ProjectId = atlasProjectId,
GoogleCloudKmsConfig = new Mongodbatlas.Inputs.EncryptionAtRestGoogleCloudKmsConfigArgs
{
Enabled = true,
ServiceAccountKey = "{\"type\": \"service_account\",\"project_id\": \"my-project-common-0\",\"private_key_id\": \"e120598ea4f88249469fcdd75a9a785c1bb3\",\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEuwIBA(truncated)SfecnS0mT94D9\\n-----END PRIVATE KEY-----\\n\",\"client_email\": \"my-email-kms-0@my-project-common-0.iam.gserviceaccount.com\",\"client_id\": \"10180967717292066\",\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\"token_uri\": \"https://accounts.google.com/o/oauth2/token\",\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/my-email-kms-0%40my-project-common-0.iam.gserviceaccount.com\"}",
KeyVersionResourceId = "projects/my-project-common-0/locations/us-east4/keyRings/my-key-ring-0/cryptoKeys/my-key-0/cryptoKeyVersions/1",
},
});
var test = Mongodbatlas.GetEncryptionAtRest.Invoke(new()
{
ProjectId = testEncryptionAtRest.ProjectId,
});
return new Dictionary<string, object?>
{
["isGcpEncryptionAtRestValid"] = test.Apply(getEncryptionAtRestResult => getEncryptionAtRestResult.GoogleCloudKmsConfig?.Valid),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.EncryptionAtRest;
import com.pulumi.mongodbatlas.EncryptionAtRestArgs;
import com.pulumi.mongodbatlas.inputs.EncryptionAtRestGoogleCloudKmsConfigArgs;
import com.pulumi.mongodbatlas.MongodbatlasFunctions;
import com.pulumi.mongodbatlas.inputs.GetEncryptionAtRestArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testEncryptionAtRest = new EncryptionAtRest("testEncryptionAtRest", EncryptionAtRestArgs.builder()
.projectId(atlasProjectId)
.googleCloudKmsConfig(EncryptionAtRestGoogleCloudKmsConfigArgs.builder()
.enabled(true)
.serviceAccountKey("{\"type\": \"service_account\",\"project_id\": \"my-project-common-0\",\"private_key_id\": \"e120598ea4f88249469fcdd75a9a785c1bb3\",\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEuwIBA(truncated)SfecnS0mT94D9\\n-----END PRIVATE KEY-----\\n\",\"client_email\": \"my-email-kms-0@my-project-common-0.iam.gserviceaccount.com\",\"client_id\": \"10180967717292066\",\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\"token_uri\": \"https://accounts.google.com/o/oauth2/token\",\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/my-email-kms-0%40my-project-common-0.iam.gserviceaccount.com\"}")
.keyVersionResourceId("projects/my-project-common-0/locations/us-east4/keyRings/my-key-ring-0/cryptoKeys/my-key-0/cryptoKeyVersions/1")
.build())
.build());
final var test = MongodbatlasFunctions.getEncryptionAtRest(GetEncryptionAtRestArgs.builder()
.projectId(testEncryptionAtRest.projectId())
.build());
ctx.export("isGcpEncryptionAtRestValid", test.applyValue(getEncryptionAtRestResult -> getEncryptionAtRestResult).applyValue(test -> test.applyValue(getEncryptionAtRestResult -> getEncryptionAtRestResult.googleCloudKmsConfig().valid())));
}
}
resources:
testEncryptionAtRest:
type: mongodbatlas:EncryptionAtRest
name: test
properties:
projectId: ${atlasProjectId}
googleCloudKmsConfig:
enabled: true
serviceAccountKey: '{"type": "service_account","project_id": "my-project-common-0","private_key_id": "e120598ea4f88249469fcdd75a9a785c1bb3","private_key": "-----BEGIN PRIVATE KEY-----\nMIIEuwIBA(truncated)SfecnS0mT94D9\n-----END PRIVATE KEY-----\n","client_email": "my-email-kms-0@my-project-common-0.iam.gserviceaccount.com","client_id": "10180967717292066","auth_uri": "https://accounts.google.com/o/oauth2/auth","token_uri": "https://accounts.google.com/o/oauth2/token","auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs","client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/my-email-kms-0%40my-project-common-0.iam.gserviceaccount.com"}'
keyVersionResourceId: projects/my-project-common-0/locations/us-east4/keyRings/my-key-ring-0/cryptoKeys/my-key-0/cryptoKeyVersions/1
variables:
test:
fn::invoke:
Function: mongodbatlas:getEncryptionAtRest
Arguments:
projectId: ${testEncryptionAtRest.projectId}
outputs:
isGcpEncryptionAtRestValid: ${test.googleCloudKmsConfig.valid}
Using getEncryptionAtRest
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getEncryptionAtRest(args: GetEncryptionAtRestArgs, opts?: InvokeOptions): Promise<GetEncryptionAtRestResult>
function getEncryptionAtRestOutput(args: GetEncryptionAtRestOutputArgs, opts?: InvokeOptions): Output<GetEncryptionAtRestResult>def get_encryption_at_rest(project_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetEncryptionAtRestResult
def get_encryption_at_rest_output(project_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetEncryptionAtRestResult]func LookupEncryptionAtRest(ctx *Context, args *LookupEncryptionAtRestArgs, opts ...InvokeOption) (*LookupEncryptionAtRestResult, error)
func LookupEncryptionAtRestOutput(ctx *Context, args *LookupEncryptionAtRestOutputArgs, opts ...InvokeOption) LookupEncryptionAtRestResultOutput> Note: This function is named LookupEncryptionAtRest in the Go SDK.
public static class GetEncryptionAtRest
{
public static Task<GetEncryptionAtRestResult> InvokeAsync(GetEncryptionAtRestArgs args, InvokeOptions? opts = null)
public static Output<GetEncryptionAtRestResult> Invoke(GetEncryptionAtRestInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetEncryptionAtRestResult> getEncryptionAtRest(GetEncryptionAtRestArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: mongodbatlas:index/getEncryptionAtRest:getEncryptionAtRest
arguments:
# arguments dictionaryThe following arguments are supported:
- Project
Id string - Unique 24-hexadecimal digit string that identifies your project.
- Project
Id string - Unique 24-hexadecimal digit string that identifies your project.
- project
Id String - Unique 24-hexadecimal digit string that identifies your project.
- project
Id string - Unique 24-hexadecimal digit string that identifies your project.
- project_
id str - Unique 24-hexadecimal digit string that identifies your project.
- project
Id String - Unique 24-hexadecimal digit string that identifies your project.
getEncryptionAtRest Result
The following output properties are available:
- Aws
Kms GetConfig Encryption At Rest Aws Kms Config - Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project.
- Azure
Key GetVault Config Encryption At Rest Azure Key Vault Config - Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV).
- Google
Cloud GetKms Config Encryption At Rest Google Cloud Kms Config - Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS).
- Id string
- The ID of this resource.
- Project
Id string - Unique 24-hexadecimal digit string that identifies your project.
- Aws
Kms GetConfig Encryption At Rest Aws Kms Config - Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project.
- Azure
Key GetVault Config Encryption At Rest Azure Key Vault Config - Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV).
- Google
Cloud GetKms Config Encryption At Rest Google Cloud Kms Config - Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS).
- Id string
- The ID of this resource.
- Project
Id string - Unique 24-hexadecimal digit string that identifies your project.
- aws
Kms GetConfig Encryption At Rest Aws Kms Config - Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project.
- azure
Key GetVault Config Encryption At Rest Azure Key Vault Config - Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV).
- google
Cloud GetKms Config Encryption At Rest Google Cloud Kms Config - Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS).
- id String
- The ID of this resource.
- project
Id String - Unique 24-hexadecimal digit string that identifies your project.
- aws
Kms GetConfig Encryption At Rest Aws Kms Config - Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project.
- azure
Key GetVault Config Encryption At Rest Azure Key Vault Config - Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV).
- google
Cloud GetKms Config Encryption At Rest Google Cloud Kms Config - Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS).
- id string
- The ID of this resource.
- project
Id string - Unique 24-hexadecimal digit string that identifies your project.
- aws_
kms_ Getconfig Encryption At Rest Aws Kms Config - Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project.
- azure_
key_ Getvault_ config Encryption At Rest Azure Key Vault Config - Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV).
- google_
cloud_ Getkms_ config Encryption At Rest Google Cloud Kms Config - Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS).
- id str
- The ID of this resource.
- project_
id str - Unique 24-hexadecimal digit string that identifies your project.
- aws
Kms Property MapConfig - Amazon Web Services (AWS) KMS configuration details and encryption at rest configuration set for the specified project.
- azure
Key Property MapVault Config - Details that define the configuration of Encryption at Rest using Azure Key Vault (AKV).
- google
Cloud Property MapKms Config - Details that define the configuration of Encryption at Rest using Google Cloud Key Management Service (KMS).
- id String
- The ID of this resource.
- project
Id String - Unique 24-hexadecimal digit string that identifies your project.
Supporting Types
GetEncryptionAtRestAwsKmsConfig
- Access
Key stringId - Unique alphanumeric string that identifies an Identity and Access Management (IAM) access key with permissions required to access your Amazon Web Services (AWS) Customer Master Key (CMK).
- Customer
Master stringKey Id - Unique alphanumeric string that identifies the Amazon Web Services (AWS) Customer Master Key (CMK) you used to encrypt and decrypt the MongoDB master keys.
- Enabled bool
- Flag that indicates whether someone enabled encryption at rest for the specified project through Amazon Web Services (AWS) Key Management Service (KMS). To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of
false. - Region string
- Physical location where MongoDB Atlas deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Atlas deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Atlas creates them as part of the deployment. MongoDB Atlas assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.
- Role
Id string - Unique 24-hexadecimal digit string that identifies an Amazon Web Services (AWS) Identity and Access Management (IAM) role. This IAM role has the permissions required to manage your AWS customer master key.
- Secret
Access stringKey - Human-readable label of the Identity and Access Management (IAM) secret access key with permissions required to access your Amazon Web Services (AWS) customer master key.
- Valid bool
- Flag that indicates whether the Amazon Web Services (AWS) Key Management Service (KMS) encryption key can encrypt and decrypt data.
- Access
Key stringId - Unique alphanumeric string that identifies an Identity and Access Management (IAM) access key with permissions required to access your Amazon Web Services (AWS) Customer Master Key (CMK).
- Customer
Master stringKey Id - Unique alphanumeric string that identifies the Amazon Web Services (AWS) Customer Master Key (CMK) you used to encrypt and decrypt the MongoDB master keys.
- Enabled bool
- Flag that indicates whether someone enabled encryption at rest for the specified project through Amazon Web Services (AWS) Key Management Service (KMS). To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of
false. - Region string
- Physical location where MongoDB Atlas deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Atlas deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Atlas creates them as part of the deployment. MongoDB Atlas assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.
- Role
Id string - Unique 24-hexadecimal digit string that identifies an Amazon Web Services (AWS) Identity and Access Management (IAM) role. This IAM role has the permissions required to manage your AWS customer master key.
- Secret
Access stringKey - Human-readable label of the Identity and Access Management (IAM) secret access key with permissions required to access your Amazon Web Services (AWS) customer master key.
- Valid bool
- Flag that indicates whether the Amazon Web Services (AWS) Key Management Service (KMS) encryption key can encrypt and decrypt data.
- access
Key StringId - Unique alphanumeric string that identifies an Identity and Access Management (IAM) access key with permissions required to access your Amazon Web Services (AWS) Customer Master Key (CMK).
- customer
Master StringKey Id - Unique alphanumeric string that identifies the Amazon Web Services (AWS) Customer Master Key (CMK) you used to encrypt and decrypt the MongoDB master keys.
- enabled Boolean
- Flag that indicates whether someone enabled encryption at rest for the specified project through Amazon Web Services (AWS) Key Management Service (KMS). To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of
false. - region String
- Physical location where MongoDB Atlas deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Atlas deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Atlas creates them as part of the deployment. MongoDB Atlas assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.
- role
Id String - Unique 24-hexadecimal digit string that identifies an Amazon Web Services (AWS) Identity and Access Management (IAM) role. This IAM role has the permissions required to manage your AWS customer master key.
- secret
Access StringKey - Human-readable label of the Identity and Access Management (IAM) secret access key with permissions required to access your Amazon Web Services (AWS) customer master key.
- valid Boolean
- Flag that indicates whether the Amazon Web Services (AWS) Key Management Service (KMS) encryption key can encrypt and decrypt data.
- access
Key stringId - Unique alphanumeric string that identifies an Identity and Access Management (IAM) access key with permissions required to access your Amazon Web Services (AWS) Customer Master Key (CMK).
- customer
Master stringKey Id - Unique alphanumeric string that identifies the Amazon Web Services (AWS) Customer Master Key (CMK) you used to encrypt and decrypt the MongoDB master keys.
- enabled boolean
- Flag that indicates whether someone enabled encryption at rest for the specified project through Amazon Web Services (AWS) Key Management Service (KMS). To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of
false. - region string
- Physical location where MongoDB Atlas deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Atlas deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Atlas creates them as part of the deployment. MongoDB Atlas assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.
- role
Id string - Unique 24-hexadecimal digit string that identifies an Amazon Web Services (AWS) Identity and Access Management (IAM) role. This IAM role has the permissions required to manage your AWS customer master key.
- secret
Access stringKey - Human-readable label of the Identity and Access Management (IAM) secret access key with permissions required to access your Amazon Web Services (AWS) customer master key.
- valid boolean
- Flag that indicates whether the Amazon Web Services (AWS) Key Management Service (KMS) encryption key can encrypt and decrypt data.
- access_
key_ strid - Unique alphanumeric string that identifies an Identity and Access Management (IAM) access key with permissions required to access your Amazon Web Services (AWS) Customer Master Key (CMK).
- customer_
master_ strkey_ id - Unique alphanumeric string that identifies the Amazon Web Services (AWS) Customer Master Key (CMK) you used to encrypt and decrypt the MongoDB master keys.
- enabled bool
- Flag that indicates whether someone enabled encryption at rest for the specified project through Amazon Web Services (AWS) Key Management Service (KMS). To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of
false. - region str
- Physical location where MongoDB Atlas deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Atlas deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Atlas creates them as part of the deployment. MongoDB Atlas assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.
- role_
id str - Unique 24-hexadecimal digit string that identifies an Amazon Web Services (AWS) Identity and Access Management (IAM) role. This IAM role has the permissions required to manage your AWS customer master key.
- secret_
access_ strkey - Human-readable label of the Identity and Access Management (IAM) secret access key with permissions required to access your Amazon Web Services (AWS) customer master key.
- valid bool
- Flag that indicates whether the Amazon Web Services (AWS) Key Management Service (KMS) encryption key can encrypt and decrypt data.
- access
Key StringId - Unique alphanumeric string that identifies an Identity and Access Management (IAM) access key with permissions required to access your Amazon Web Services (AWS) Customer Master Key (CMK).
- customer
Master StringKey Id - Unique alphanumeric string that identifies the Amazon Web Services (AWS) Customer Master Key (CMK) you used to encrypt and decrypt the MongoDB master keys.
- enabled Boolean
- Flag that indicates whether someone enabled encryption at rest for the specified project through Amazon Web Services (AWS) Key Management Service (KMS). To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of
false. - region String
- Physical location where MongoDB Atlas deploys your AWS-hosted MongoDB cluster nodes. The region you choose can affect network latency for clients accessing your databases. When MongoDB Atlas deploys a dedicated cluster, it checks if a VPC or VPC connection exists for that provider and region. If not, MongoDB Atlas creates them as part of the deployment. MongoDB Atlas assigns the VPC a CIDR block. To limit a new VPC peering connection to one CIDR block and region, create the connection first. Deploy the cluster after the connection starts.
- role
Id String - Unique 24-hexadecimal digit string that identifies an Amazon Web Services (AWS) Identity and Access Management (IAM) role. This IAM role has the permissions required to manage your AWS customer master key.
- secret
Access StringKey - Human-readable label of the Identity and Access Management (IAM) secret access key with permissions required to access your Amazon Web Services (AWS) customer master key.
- valid Boolean
- Flag that indicates whether the Amazon Web Services (AWS) Key Management Service (KMS) encryption key can encrypt and decrypt data.
GetEncryptionAtRestAzureKeyVaultConfig
- Azure
Environment string - Azure environment in which your account credentials reside.
- Client
Id string - Unique 36-hexadecimal character string that identifies an Azure application associated with your Azure Active Directory tenant.
- Enabled bool
- Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of
false. - Key
Identifier string - Web address with a unique key that identifies for your Azure Key Vault.
- Key
Vault stringName - Unique string that identifies the Azure Key Vault that contains your key.
- Require
Private boolNetworking - Enable connection to your Azure Key Vault over private networking.
- Resource
Group stringName - Name of the Azure resource group that contains your Azure Key Vault.
- Secret string
- Private data that you need secured and that belongs to the specified Azure Key Vault (AKV) tenant (azureKeyVault.tenantID). This data can include any type of sensitive data such as passwords, database connection strings, API keys, and the like. AKV stores this information as encrypted binary data.
- Subscription
Id string - Unique 36-hexadecimal character string that identifies your Azure subscription.
- Tenant
Id string - Unique 36-hexadecimal character string that identifies the Azure Active Directory tenant within your Azure subscription.
- Valid bool
- Flag that indicates whether the Azure encryption key can encrypt and decrypt data.
- Azure
Environment string - Azure environment in which your account credentials reside.
- Client
Id string - Unique 36-hexadecimal character string that identifies an Azure application associated with your Azure Active Directory tenant.
- Enabled bool
- Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of
false. - Key
Identifier string - Web address with a unique key that identifies for your Azure Key Vault.
- Key
Vault stringName - Unique string that identifies the Azure Key Vault that contains your key.
- Require
Private boolNetworking - Enable connection to your Azure Key Vault over private networking.
- Resource
Group stringName - Name of the Azure resource group that contains your Azure Key Vault.
- Secret string
- Private data that you need secured and that belongs to the specified Azure Key Vault (AKV) tenant (azureKeyVault.tenantID). This data can include any type of sensitive data such as passwords, database connection strings, API keys, and the like. AKV stores this information as encrypted binary data.
- Subscription
Id string - Unique 36-hexadecimal character string that identifies your Azure subscription.
- Tenant
Id string - Unique 36-hexadecimal character string that identifies the Azure Active Directory tenant within your Azure subscription.
- Valid bool
- Flag that indicates whether the Azure encryption key can encrypt and decrypt data.
- azure
Environment String - Azure environment in which your account credentials reside.
- client
Id String - Unique 36-hexadecimal character string that identifies an Azure application associated with your Azure Active Directory tenant.
- enabled Boolean
- Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of
false. - key
Identifier String - Web address with a unique key that identifies for your Azure Key Vault.
- key
Vault StringName - Unique string that identifies the Azure Key Vault that contains your key.
- require
Private BooleanNetworking - Enable connection to your Azure Key Vault over private networking.
- resource
Group StringName - Name of the Azure resource group that contains your Azure Key Vault.
- secret String
- Private data that you need secured and that belongs to the specified Azure Key Vault (AKV) tenant (azureKeyVault.tenantID). This data can include any type of sensitive data such as passwords, database connection strings, API keys, and the like. AKV stores this information as encrypted binary data.
- subscription
Id String - Unique 36-hexadecimal character string that identifies your Azure subscription.
- tenant
Id String - Unique 36-hexadecimal character string that identifies the Azure Active Directory tenant within your Azure subscription.
- valid Boolean
- Flag that indicates whether the Azure encryption key can encrypt and decrypt data.
- azure
Environment string - Azure environment in which your account credentials reside.
- client
Id string - Unique 36-hexadecimal character string that identifies an Azure application associated with your Azure Active Directory tenant.
- enabled boolean
- Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of
false. - key
Identifier string - Web address with a unique key that identifies for your Azure Key Vault.
- key
Vault stringName - Unique string that identifies the Azure Key Vault that contains your key.
- require
Private booleanNetworking - Enable connection to your Azure Key Vault over private networking.
- resource
Group stringName - Name of the Azure resource group that contains your Azure Key Vault.
- secret string
- Private data that you need secured and that belongs to the specified Azure Key Vault (AKV) tenant (azureKeyVault.tenantID). This data can include any type of sensitive data such as passwords, database connection strings, API keys, and the like. AKV stores this information as encrypted binary data.
- subscription
Id string - Unique 36-hexadecimal character string that identifies your Azure subscription.
- tenant
Id string - Unique 36-hexadecimal character string that identifies the Azure Active Directory tenant within your Azure subscription.
- valid boolean
- Flag that indicates whether the Azure encryption key can encrypt and decrypt data.
- azure_
environment str - Azure environment in which your account credentials reside.
- client_
id str - Unique 36-hexadecimal character string that identifies an Azure application associated with your Azure Active Directory tenant.
- enabled bool
- Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of
false. - key_
identifier str - Web address with a unique key that identifies for your Azure Key Vault.
- key_
vault_ strname - Unique string that identifies the Azure Key Vault that contains your key.
- require_
private_ boolnetworking - Enable connection to your Azure Key Vault over private networking.
- resource_
group_ strname - Name of the Azure resource group that contains your Azure Key Vault.
- secret str
- Private data that you need secured and that belongs to the specified Azure Key Vault (AKV) tenant (azureKeyVault.tenantID). This data can include any type of sensitive data such as passwords, database connection strings, API keys, and the like. AKV stores this information as encrypted binary data.
- subscription_
id str - Unique 36-hexadecimal character string that identifies your Azure subscription.
- tenant_
id str - Unique 36-hexadecimal character string that identifies the Azure Active Directory tenant within your Azure subscription.
- valid bool
- Flag that indicates whether the Azure encryption key can encrypt and decrypt data.
- azure
Environment String - Azure environment in which your account credentials reside.
- client
Id String - Unique 36-hexadecimal character string that identifies an Azure application associated with your Azure Active Directory tenant.
- enabled Boolean
- Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of
false. - key
Identifier String - Web address with a unique key that identifies for your Azure Key Vault.
- key
Vault StringName - Unique string that identifies the Azure Key Vault that contains your key.
- require
Private BooleanNetworking - Enable connection to your Azure Key Vault over private networking.
- resource
Group StringName - Name of the Azure resource group that contains your Azure Key Vault.
- secret String
- Private data that you need secured and that belongs to the specified Azure Key Vault (AKV) tenant (azureKeyVault.tenantID). This data can include any type of sensitive data such as passwords, database connection strings, API keys, and the like. AKV stores this information as encrypted binary data.
- subscription
Id String - Unique 36-hexadecimal character string that identifies your Azure subscription.
- tenant
Id String - Unique 36-hexadecimal character string that identifies the Azure Active Directory tenant within your Azure subscription.
- valid Boolean
- Flag that indicates whether the Azure encryption key can encrypt and decrypt data.
GetEncryptionAtRestGoogleCloudKmsConfig
- Enabled bool
- Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of
false. - Key
Version stringResource Id - Resource path that displays the key version resource ID for your Google Cloud KMS.
- Service
Account stringKey - JavaScript Object Notation (JSON) object that contains the Google Cloud Key Management Service (KMS). Format the JSON as a string and not as an object.
- Valid bool
- Flag that indicates whether the Google Cloud Key Management Service (KMS) encryption key can encrypt and decrypt data.
- Enabled bool
- Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of
false. - Key
Version stringResource Id - Resource path that displays the key version resource ID for your Google Cloud KMS.
- Service
Account stringKey - JavaScript Object Notation (JSON) object that contains the Google Cloud Key Management Service (KMS). Format the JSON as a string and not as an object.
- Valid bool
- Flag that indicates whether the Google Cloud Key Management Service (KMS) encryption key can encrypt and decrypt data.
- enabled Boolean
- Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of
false. - key
Version StringResource Id - Resource path that displays the key version resource ID for your Google Cloud KMS.
- service
Account StringKey - JavaScript Object Notation (JSON) object that contains the Google Cloud Key Management Service (KMS). Format the JSON as a string and not as an object.
- valid Boolean
- Flag that indicates whether the Google Cloud Key Management Service (KMS) encryption key can encrypt and decrypt data.
- enabled boolean
- Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of
false. - key
Version stringResource Id - Resource path that displays the key version resource ID for your Google Cloud KMS.
- service
Account stringKey - JavaScript Object Notation (JSON) object that contains the Google Cloud Key Management Service (KMS). Format the JSON as a string and not as an object.
- valid boolean
- Flag that indicates whether the Google Cloud Key Management Service (KMS) encryption key can encrypt and decrypt data.
- enabled bool
- Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of
false. - key_
version_ strresource_ id - Resource path that displays the key version resource ID for your Google Cloud KMS.
- service_
account_ strkey - JavaScript Object Notation (JSON) object that contains the Google Cloud Key Management Service (KMS). Format the JSON as a string and not as an object.
- valid bool
- Flag that indicates whether the Google Cloud Key Management Service (KMS) encryption key can encrypt and decrypt data.
- enabled Boolean
- Flag that indicates whether someone enabled encryption at rest for the specified project. To disable encryption at rest using customer key management and remove the configuration details, pass only this parameter with a value of
false. - key
Version StringResource Id - Resource path that displays the key version resource ID for your Google Cloud KMS.
- service
Account StringKey - JavaScript Object Notation (JSON) object that contains the Google Cloud Key Management Service (KMS). Format the JSON as a string and not as an object.
- valid Boolean
- Flag that indicates whether the Google Cloud Key Management Service (KMS) encryption key can encrypt and decrypt data.
Package Details
- Repository
- MongoDB Atlas pulumi/pulumi-mongodbatlas
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
mongodbatlasTerraform Provider.