stackit-dev-tools/terraform-provider-stackitprivatepreview
3
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

feat(kms): add wrapping key resource and datasource (#1060)

Browse source 
relates to STACKITTPR-416
This commit is contained in:
Ruben Hönle 2025-11-18 16:53:58 +01:00 committed by GitHub
parent 5e8c7a7369
commit 7709986560
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
13 changed files with 1395 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

47
docs/data-sources/kms_wrapping_key.md Normal file
View file

@ -0,0 +1,47 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "stackit_kms_wrapping_key Data Source - stackit"
subcategory: ""
description: |-
KMS wrapping key datasource schema.
---
# stackit_kms_wrapping_key (Data Source)
KMS wrapping key datasource schema.
## Example Usage
```terraform
data "stackit_kms_wrapping_key" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
keyring_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
wrapping_key_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
```
<!-- schema generated by tfplugindocs -->
## Schema
### Required
- `keyring_id` (String) The ID of the associated keyring
- `project_id` (String) STACKIT project ID to which the keyring is associated.
- `wrapping_key_id` (String) The ID of the wrapping key
### Optional
- `region` (String) The resource region. If not defined, the provider region is used.
### Read-Only
- `access_scope` (String) The access scope of the key. Default is `PUBLIC`. Possible values are: `PUBLIC`, `SNA`.
- `algorithm` (String) The wrapping algorithm used to wrap the key to import. Possible values are: `rsa_2048_oaep_sha256`, `rsa_3072_oaep_sha256`, `rsa_4096_oaep_sha256`, `rsa_4096_oaep_sha512`, `rsa_2048_oaep_sha256_aes_256_key_wrap`, `rsa_3072_oaep_sha256_aes_256_key_wrap`, `rsa_4096_oaep_sha256_aes_256_key_wrap`, `rsa_4096_oaep_sha512_aes_256_key_wrap`.
- `created_at` (String) The date and time the creation of the wrapping key was triggered.
- `description` (String) A user chosen description to distinguish multiple wrapping keys.
- `display_name` (String) The display name to distinguish multiple wrapping keys.
- `expires_at` (String) The date and time the wrapping key will expire.
- `id` (String) Terraform's internal resource ID. It is structured as "`project_id`,`region`,`keyring_id`,`wrapping_key_id`".
- `protection` (String) The underlying system that is responsible for protecting the key material. Possible values are: `software`.
- `public_key` (String) The public key of the wrapping key.
- `purpose` (String) The purpose for which the key will be used. Possible values are: `wrap_symmetric_key`, `wrap_asymmetric_key`.

2
docs/resources/kms_keyring.md
View file

@ -18,7 +18,7 @@ KMS Keyring resource schema. Uses the `default_region` specified in the provider
```terraform
resource "stackit_kms_keyring" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
display_name = "example name"
display_name = "example-name"
description = "example description"
}
```

50
docs/resources/kms_wrapping_key.md Normal file
View file

@ -0,0 +1,50 @@
---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "stackit_kms_wrapping_key Resource - stackit"
subcategory: ""
description: |-
KMS wrapping key resource schema.
---
# stackit_kms_wrapping_key (Resource)
KMS wrapping key resource schema.
## Example Usage
```terraform
resource "stackit_kms_wrapping_key" "example" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
keyring_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
display_name = "example-name"
protection = "software"
algorithm = "rsa_2048_oaep_sha256"
purpose = "wrap_symmetric_key"
}
```
<!-- schema generated by tfplugindocs -->
## Schema
### Required
- `algorithm` (String) The wrapping algorithm used to wrap the key to import. Possible values are: `rsa_2048_oaep_sha256`, `rsa_3072_oaep_sha256`, `rsa_4096_oaep_sha256`, `rsa_4096_oaep_sha512`, `rsa_2048_oaep_sha256_aes_256_key_wrap`, `rsa_3072_oaep_sha256_aes_256_key_wrap`, `rsa_4096_oaep_sha256_aes_256_key_wrap`, `rsa_4096_oaep_sha512_aes_256_key_wrap`.
- `display_name` (String) The display name to distinguish multiple wrapping keys.
- `keyring_id` (String) The ID of the associated keyring
- `project_id` (String) STACKIT project ID to which the keyring is associated.
- `protection` (String) The underlying system that is responsible for protecting the key material. Possible values are: `software`.
- `purpose` (String) The purpose for which the key will be used. Possible values are: `wrap_symmetric_key`, `wrap_asymmetric_key`.
### Optional
- `access_scope` (String) The access scope of the key. Default is `PUBLIC`. Possible values are: `PUBLIC`, `SNA`.
- `description` (String) A user chosen description to distinguish multiple wrapping keys.
- `region` (String) The resource region. If not defined, the provider region is used.
### Read-Only
- `created_at` (String) The date and time the creation of the wrapping key was triggered.
- `expires_at` (String) The date and time the wrapping key will expire.
- `id` (String) Terraform's internal resource ID. It is structured as "`project_id`,`region`,`keyring_id`,`wrapping_key_id`".
- `public_key` (String) The public key of the wrapping key.
- `wrapping_key_id` (String) The ID of the wrapping key