---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "stackit_kms_key Data Source - stackit"
subcategory: ""
description: |-
  KMS Key datasource schema. Uses the default_region specified in the provider configuration as a fallback in case no region is defined on datasource level.
---

# stackit_kms_key (Data Source)

KMS Key datasource schema. Uses the `default_region` specified in the provider configuration as a fallback in case no `region` is defined on datasource level.

## Example Usage

```terraform
data "stackit_kms_key" "key" {
  project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  keyring_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  key_id     = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `key_id` (String) The ID of the key
- `keyring_id` (String) The ID of the associated key ring
- `project_id` (String) STACKIT project ID to which the key is associated.

### Optional

- `region` (String) The resource region. If not defined, the provider region is used.

### Read-Only

- `access_scope` (String) The access scope of the key. Default is `PUBLIC`. Possible values are: `PUBLIC`, `SNA`.
- `algorithm` (String) The encryption algorithm that the key will use to encrypt data. Possible values are: `aes_256_gcm`, `rsa_2048_oaep_sha256`, `rsa_3072_oaep_sha256`, `rsa_4096_oaep_sha256`, `rsa_4096_oaep_sha512`, `hmac_sha256`, `hmac_sha384`, `hmac_sha512`, `ecdsa_p256_sha256`, `ecdsa_p384_sha384`, `ecdsa_p521_sha512`.
- `description` (String) A user chosen description to distinguish multiple keys
- `display_name` (String) The display name to distinguish multiple keys
- `id` (String) Terraform's internal resource ID. It is structured as "`project_id`,`region`,`keyring_id`,`key_id`".
- `import_only` (Boolean) States whether versions can be created or only imported.
- `protection` (String) The underlying system that is responsible for protecting the key material. Possible values are: `software`.
- `purpose` (String) The purpose for which the key will be used. Possible values are: `symmetric_encrypt_decrypt`, `asymmetric_encrypt_decrypt`, `message_authentication_code`, `asymmetric_sign_verify`.