google::crypto-key

Add a cryto key to a king ring.

Example

google::crypto-key crypto-key-example
    key-ring: $(google::key-ring example-key-ring)
    name: "crypto-key-ring-example"
    purpose: ENCRYPT_DECRYPT
    rotation-period: 1
    next-rotation-date: "09/21/2020"
    primary-key-version-id: 1

    crypto-key-version-template
        algorithm: GOOGLE_SYMMETRIC_ENCRYPTION
        protection-level: SOFTWARE
    end
end

Attributes

Attribute Description
key-ring The key ring that holds the crypto key. (Required)
name The name of the crypto key. Valid values satisfy the regex: [^(\\w|-)+$]. (Required)
next-rotation-date The next date when the symmetric key should rotate. Must be a string matching the mm/dd/yyyy format. Valid values satisfy the regex: [^(1[0-2]|0[1-9])\/(3[01]|[012][0-9]|)\/[0-9]{4}$].
rotation-period The period after which the symmetric key should automatically rotate. Minimum allowed value is 1.
purpose The immutable purpose of the key. Valid values are ENCRYPT_DECRYPT, ASYMMETRIC_SIGN or ASYMMETRIC_DECRYPT. (Required)
crypto-key-version-template subresource

The template describing settings for new crypto key versions. (Required)

algorithm
The algorithm to use when creating a crypto key version based on this resource. (Required)
protection-level
The protection level to use when creating a crypto key version based on this resource. (Required)
labels map The labels of the crypto key.
primary-key-version-id The ID of the primary key version.

Outputs

Attribute Description
id The ID of the crypto key.
versions list The list of versions of the crypto key.