stackit-dev-tools/terraform-provider-stackitprivatepreview
3
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions
terraform-provider-stackitp.../docs/resources/kms_key.md
Ruben Hönle 5e8c7a7369
feat(kms): add key resource and datasource (#1055) 
relates to STACKITTPR-411
2025-11-17 10:58:11 +00:00

51 lines
2.9 KiB
Markdown
Raw Blame History

---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "stackit_kms_key Resource - stackit"
subcategory: ""
description: |-
KMS Key resource schema. Uses the default_region specified in the provider configuration as a fallback in case no region is defined on resource level.
~> Keys will not be instantly destroyed by terraform during a terraform destroy. They will just be scheduled for deletion via the API and thrown out of the Terraform state afterwards. This way we can ensure no key setups are deleted by accident and it gives you the option to recover your keys within the grace period.
---
# stackit_kms_key (Resource)
KMS Key resource schema. Uses the `default_region` specified in the provider configuration as a fallback in case no `region` is defined on resource level.
~> Keys will **not** be instantly destroyed by terraform during a `terraform destroy`. They will just be scheduled for deletion via the API and thrown out of the Terraform state afterwards. **This way we can ensure no key setups are deleted by accident and it gives you the option to recover your keys within the grace period.**
## Example Usage
```terraform
resource "stackit_kms_key" "key" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
keyring_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
display_name = "key-01"
protection = "software"
algorithm = "aes_256_gcm"
purpose = "symmetric_encrypt_decrypt"
}
```
<!-- schema generated by tfplugindocs -->
## Schema
### Required
- `algorithm` (String) The encryption algorithm that the key will use to encrypt data. Possible values are: `aes_256_gcm`, `rsa_2048_oaep_sha256`, `rsa_3072_oaep_sha256`, `rsa_4096_oaep_sha256`, `rsa_4096_oaep_sha512`, `hmac_sha256`, `hmac_sha384`, `hmac_sha512`, `ecdsa_p256_sha256`, `ecdsa_p384_sha384`, `ecdsa_p521_sha512`.
- `display_name` (String) The display name to distinguish multiple keys
- `keyring_id` (String) The ID of the associated keyring
- `project_id` (String) STACKIT project ID to which the key is associated.
- `protection` (String) The underlying system that is responsible for protecting the key material. Possible values are: `software`.
- `purpose` (String) The purpose for which the key will be used. Possible values are: `symmetric_encrypt_decrypt`, `asymmetric_encrypt_decrypt`, `message_authentication_code`, `asymmetric_sign_verify`.
### Optional
- `access_scope` (String) The access scope of the key. Default is `PUBLIC`. Possible values are: `PUBLIC`, `SNA`.
- `description` (String) A user chosen description to distinguish multiple keys
- `import_only` (Boolean) States whether versions can be created or only imported.
- `region` (String) The resource region. If not defined, the provider region is used.
### Read-Only
- `id` (String) Terraform's internal resource ID. It is structured as "`project_id`,`region`,`keyring_id`,`key_id`".
- `key_id` (String) The ID of the key
Reference in a new issue View git blame Copy permalink