stackit-dev-tools/terraform-provider-stackitprivatepreview
2
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

feat(kms): add key resource and datasource (#1055)

Browse source 
relates to STACKITTPR-411
This commit is contained in:
Ruben Hönle 2025-11-17 11:58:11 +01:00 committed by GitHub
parent b5f82e7de9
commit 5e8c7a7369
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
13 changed files with 1369 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

51
docs/resources/kms_key.md Normal file
View file

@ -0,0 +1,51 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "stackit_kms_key Resource - stackit"
subcategory: ""
description: |-
KMS Key resource schema. Uses the default_region specified in the provider configuration as a fallback in case no region is defined on resource level.
~> Keys will not be instantly destroyed by terraform during a terraform destroy. They will just be scheduled for deletion via the API and thrown out of the Terraform state afterwards. This way we can ensure no key setups are deleted by accident and it gives you the option to recover your keys within the grace period.
---
# stackit_kms_key (Resource)
KMS Key resource schema. Uses the `default_region` specified in the provider configuration as a fallback in case no `region` is defined on resource level.
~> Keys will **not** be instantly destroyed by terraform during a `terraform destroy`. They will just be scheduled for deletion via the API and thrown out of the Terraform state afterwards. **This way we can ensure no key setups are deleted by accident and it gives you the option to recover your keys within the grace period.**
## Example Usage
```terraform
resource "stackit_kms_key" "key" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
keyring_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
display_name = "key-01"
protection = "software"
algorithm = "aes_256_gcm"
purpose = "symmetric_encrypt_decrypt"
}
```
<!-- schema generated by tfplugindocs -->
## Schema
### Required
- `algorithm` (String) The encryption algorithm that the key will use to encrypt data. Possible values are: `aes_256_gcm`, `rsa_2048_oaep_sha256`, `rsa_3072_oaep_sha256`, `rsa_4096_oaep_sha256`, `rsa_4096_oaep_sha512`, `hmac_sha256`, `hmac_sha384`, `hmac_sha512`, `ecdsa_p256_sha256`, `ecdsa_p384_sha384`, `ecdsa_p521_sha512`.
- `display_name` (String) The display name to distinguish multiple keys
- `keyring_id` (String) The ID of the associated keyring
- `project_id` (String) STACKIT project ID to which the key is associated.
- `protection` (String) The underlying system that is responsible for protecting the key material. Possible values are: `software`.
- `purpose` (String) The purpose for which the key will be used. Possible values are: `symmetric_encrypt_decrypt`, `asymmetric_encrypt_decrypt`, `message_authentication_code`, `asymmetric_sign_verify`.
### Optional
- `access_scope` (String) The access scope of the key. Default is `PUBLIC`. Possible values are: `PUBLIC`, `SNA`.
- `description` (String) A user chosen description to distinguish multiple keys
- `import_only` (Boolean) States whether versions can be created or only imported.
- `region` (String) The resource region. If not defined, the provider region is used.
### Read-Only
- `id` (String) Terraform's internal resource ID. It is structured as "`project_id`,`region`,`keyring_id`,`key_id`".
- `key_id` (String) The ID of the key