Skip to content

googleStorageHmacKey

The hmacKeys resource represents an HMAC key within Cloud Storage. The resource consists of a secret and HMAC key metadata. HMAC keys can be used as credentials for service accounts.

To get more information about HmacKey, see:

\~> Warning: All arguments including the secret value will be stored in the raw state as plain-text. Read more about sensitive data in state. On import, the secret value will not be retrieved.

\~> Warning: All arguments including secret will be stored in the raw state as plain-text. Read more about sensitive data in state.

Open in Cloud Shell

Example Usage - Storage Hmac Key

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleServiceAccountServiceAccount =
  new google.serviceAccount.ServiceAccount(this, "service_account", {
    account_id: "my-svc-acc",
  });
new google.storageHmacKey.StorageHmacKey(this, "key", {
  service_account_email: googleServiceAccountServiceAccount.email,
});

Argument Reference

The following arguments are supported:

  • serviceAccountEmail - (Required) The email address of the key's associated service account.

  • state - (Optional) The state of the key. Can be set to one of ACTIVE, INACTIVE. Default value is active. Possible values are active and inactive.

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format projects/{{project}}/hmacKeys/{{accessId}}

  • secret - HMAC secret key material. Note: This property is sensitive and will not be displayed in the plan.

  • accessId - The access ID of the HMAC Key.

  • timeCreated - 'The creation time of the HMAC key in RFC 3339 format. '

  • updated - 'The last modification time of the HMAC key metadata in RFC 3339 format.'

Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 20 minutes.
  • update - Default is 20 minutes.
  • delete - Default is 20 minutes.

Import

HmacKey can be imported using any of these accepted formats:

$ terraform import google_storage_hmac_key.default projects/{{project}}/hmacKeys/{{access_id}}
$ terraform import google_storage_hmac_key.default {{project}}/{{access_id}}
$ terraform import google_storage_hmac_key.default {{access_id}}

User Project Overrides

This resource supports User Project Overrides.