Skip to content

googleKmsCryptoKeyVersion

Provides access to a Google Cloud Platform KMS CryptoKeyVersion. For more information see the official documentation and API.

A CryptoKeyVersion represents an individual cryptographic key, and the associated key material.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
new google.dataGoogleKmsCryptoKeyVersion.DataGoogleKmsCryptoKeyVersion(
  this,
  "my_crypto_key_version",
  {
    crypto_key: "${data.google_kms_crypto_key.my_key.id}",
  }
);
const dataGoogleKmsKeyRingMyKeyRing =
  new google.dataGoogleKmsKeyRing.DataGoogleKmsKeyRing(this, "my_key_ring", {
    location: "us-central1",
    name: "my-key-ring",
  });
new google.dataGoogleKmsCryptoKey.DataGoogleKmsCryptoKey(
  this,
  "my_crypto_key",
  {
    key_ring: dataGoogleKmsKeyRingMyKeyRing.id,
    name: "my-crypto-key",
  }
);

Argument Reference

The following arguments are supported:

  • cryptoKey - (Required) The id of the Google Cloud Platform CryptoKey to which the key version belongs. This is also the id field of the googleKmsCryptoKey resource/datasource.

  • version - (Optional) The version number for this CryptoKeyVersion. Defaults to 1.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format //cloudkmsGoogleapisCom/v1/{{cryptoKey}}/cryptoKeyVersions/{{version}}

  • name - The resource name for this CryptoKeyVersion in the format projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*

  • state - The current state of the CryptoKeyVersion. See the state reference for possible outputs.

  • protectionLevel - The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion. See the protection_level reference for possible outputs.

  • algorithm - The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports. See the algorithm reference for possible outputs.

  • publicKey - If the enclosing CryptoKey has purpose asymmetricSign or asymmetricDecrypt, this block contains details about the public key associated to this CryptoKeyVersion. Structure is documented below.

The publicKey block, if present, contains:

  • pem - The public key, encoded in PEM format. For more information, see the RFC 7468 sections for General Considerations and Textual Encoding of Subject Public Key Info.

  • algorithm - The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.