Skip to content

googleKmsCryptoKey

Provides access to a Google Cloud Platform KMS CryptoKey. For more information see the official documentation and API.

A CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a Google Cloud KMS KeyRing.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const dataGoogleKmsKeyRingMyKeyRing =
  new google.dataGoogleKmsKeyRing.DataGoogleKmsKeyRing(this, "my_key_ring", {
    location: "us-central1",
    name: "my-key-ring",
  });
new google.dataGoogleKmsCryptoKey.DataGoogleKmsCryptoKey(
  this,
  "my_crypto_key",
  {
    key_ring: dataGoogleKmsKeyRingMyKeyRing.id,
    name: "my-crypto-key",
  }
);

Argument Reference

The following arguments are supported:

  • name - (Required) The CryptoKey's name. A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression [aZAZ09_-]{1,63}

  • keyRing - (Required) The id of the Google Cloud Platform KeyRing to which the key belongs.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • rotationPeriod - Every time this period passes, generate a new CryptoKeyVersion and set it as the primary. The first rotation will take place after the specified period. The rotation period has the format of a decimal number with up to 9 fractional digits, followed by the letter s (seconds).

  • purpose - Defines the cryptographic capabilities of the key.

  • id - The identifier of the created CryptoKey. Its format is projects/{projectId}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{cryptoKeyName}.