Docs Home
ibm 1.77.1 published on Monday, Apr 14, 2025 by ibm-cloud
ibm.KpKey
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const kpInstance = new ibm.ResourceInstance("kpInstance", {
service: "kms",
plan: "tiered-pricing",
location: "us-south",
});
const test = new ibm.KpKey("test", {
keyProtectId: kpInstance.guid,
keyName: "key-name",
standardKey: false,
});
const smart_us_south = new ibm.CosBucket("smart-us-south", {
bucketName: "atest-bucket",
resourceInstanceId: "cos-instance-id",
regionLocation: "us-south",
storageClass: "smart",
kmsKeyCrn: test.kpKeyId,
});
import pulumi
import pulumi_ibm as ibm
kp_instance = ibm.ResourceInstance("kpInstance",
service="kms",
plan="tiered-pricing",
location="us-south")
test = ibm.KpKey("test",
key_protect_id=kp_instance.guid,
key_name="key-name",
standard_key=False)
smart_us_south = ibm.CosBucket("smart-us-south",
bucket_name="atest-bucket",
resource_instance_id="cos-instance-id",
region_location="us-south",
storage_class="smart",
kms_key_crn=test.kp_key_id)
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
kpInstance, err := ibm.NewResourceInstance(ctx, "kpInstance", &ibm.ResourceInstanceArgs{
Service: pulumi.String("kms"),
Plan: pulumi.String("tiered-pricing"),
Location: pulumi.String("us-south"),
})
if err != nil {
return err
}
test, err := ibm.NewKpKey(ctx, "test", &ibm.KpKeyArgs{
KeyProtectId: kpInstance.Guid,
KeyName: pulumi.String("key-name"),
StandardKey: pulumi.Bool(false),
})
if err != nil {
return err
}
_, err = ibm.NewCosBucket(ctx, "smart-us-south", &ibm.CosBucketArgs{
BucketName: pulumi.String("atest-bucket"),
ResourceInstanceId: pulumi.String("cos-instance-id"),
RegionLocation: pulumi.String("us-south"),
StorageClass: pulumi.String("smart"),
KmsKeyCrn: test.KpKeyId,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var kpInstance = new Ibm.ResourceInstance("kpInstance", new()
{
Service = "kms",
Plan = "tiered-pricing",
Location = "us-south",
});
var test = new Ibm.KpKey("test", new()
{
KeyProtectId = kpInstance.Guid,
KeyName = "key-name",
StandardKey = false,
});
var smart_us_south = new Ibm.CosBucket("smart-us-south", new()
{
BucketName = "atest-bucket",
ResourceInstanceId = "cos-instance-id",
RegionLocation = "us-south",
StorageClass = "smart",
KmsKeyCrn = test.KpKeyId,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.ResourceInstance;
import com.pulumi.ibm.ResourceInstanceArgs;
import com.pulumi.ibm.KpKey;
import com.pulumi.ibm.KpKeyArgs;
import com.pulumi.ibm.CosBucket;
import com.pulumi.ibm.CosBucketArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var kpInstance = new ResourceInstance("kpInstance", ResourceInstanceArgs.builder()
.service("kms")
.plan("tiered-pricing")
.location("us-south")
.build());
var test = new KpKey("test", KpKeyArgs.builder()
.keyProtectId(kpInstance.guid())
.keyName("key-name")
.standardKey(false)
.build());
var smart_us_south = new CosBucket("smart-us-south", CosBucketArgs.builder()
.bucketName("atest-bucket")
.resourceInstanceId("cos-instance-id")
.regionLocation("us-south")
.storageClass("smart")
.kmsKeyCrn(test.kpKeyId())
.build());
}
}
resources:
kpInstance:
type: ibm:ResourceInstance
properties:
service: kms
plan: tiered-pricing
location: us-south
test:
type: ibm:KpKey
properties:
keyProtectId: ${kpInstance.guid}
keyName: key-name
standardKey: false
smart-us-south:
type: ibm:CosBucket
properties:
bucketName: atest-bucket
resourceInstanceId: cos-instance-id
regionLocation: us-south
storageClass: smart
kmsKeyCrn: ${test.kpKeyId}
Note:
key_protect attribute to associate a kms_key with a COS bucket has been renamed as kms_key_crn , hence it is recommended to all the new users to use kms_key_crn.Although the support for older attribute name key_protect will be continued for existing customers.
Create KpKey Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new KpKey(name: string, args: KpKeyArgs, opts?: CustomResourceOptions);@overload
def KpKey(resource_name: str,
args: KpKeyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def KpKey(resource_name: str,
opts: Optional[ResourceOptions] = None,
key_name: Optional[str] = None,
key_protect_id: Optional[str] = None,
encrypted_nonce: Optional[str] = None,
force_delete: Optional[bool] = None,
iv_value: Optional[str] = None,
kp_key_id: Optional[str] = None,
payload: Optional[str] = None,
standard_key: Optional[bool] = None,
timeouts: Optional[KpKeyTimeoutsArgs] = None)func NewKpKey(ctx *Context, name string, args KpKeyArgs, opts ...ResourceOption) (*KpKey, error)public KpKey(string name, KpKeyArgs args, CustomResourceOptions? opts = null)type: ibm:KpKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. KpKeyArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. KpKeyArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. KpKeyArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. KpKeyArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. KpKeyArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var kpKeyResource = new Ibm.KpKey("kpKeyResource", new()
{
KeyName = "string",
KeyProtectId = "string",
EncryptedNonce = "string",
ForceDelete = false,
IvValue = "string",
KpKeyId = "string",
Payload = "string",
StandardKey = false,
Timeouts = new Ibm.Inputs.KpKeyTimeoutsArgs
{
Create = "string",
Update = "string",
},
});
example, err := ibm.NewKpKey(ctx, "kpKeyResource", &ibm.KpKeyArgs{
KeyName: pulumi.String("string"),
KeyProtectId: pulumi.String("string"),
EncryptedNonce: pulumi.String("string"),
ForceDelete: pulumi.Bool(false),
IvValue: pulumi.String("string"),
KpKeyId: pulumi.String("string"),
Payload: pulumi.String("string"),
StandardKey: pulumi.Bool(false),
Timeouts: &ibm.KpKeyTimeoutsArgs{
Create: pulumi.String("string"),
Update: pulumi.String("string"),
},
})
var kpKeyResource = new KpKey("kpKeyResource", KpKeyArgs.builder()
.keyName("string")
.keyProtectId("string")
.encryptedNonce("string")
.forceDelete(false)
.ivValue("string")
.kpKeyId("string")
.payload("string")
.standardKey(false)
.timeouts(KpKeyTimeoutsArgs.builder()
.create("string")
.update("string")
.build())
.build());
kp_key_resource = ibm.KpKey("kpKeyResource",
key_name="string",
key_protect_id="string",
encrypted_nonce="string",
force_delete=False,
iv_value="string",
kp_key_id="string",
payload="string",
standard_key=False,
timeouts={
"create": "string",
"update": "string",
})
const kpKeyResource = new ibm.KpKey("kpKeyResource", {
keyName: "string",
keyProtectId: "string",
encryptedNonce: "string",
forceDelete: false,
ivValue: "string",
kpKeyId: "string",
payload: "string",
standardKey: false,
timeouts: {
create: "string",
update: "string",
},
});
type: ibm:KpKey
properties:
encryptedNonce: string
forceDelete: false
ivValue: string
keyName: string
keyProtectId: string
kpKeyId: string
payload: string
standardKey: false
timeouts:
create: string
update: string
KpKey Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The KpKey resource accepts the following input properties:
- Key
Name This property is required. string - The name of the key.
- Key
Protect Id This property is required. string - The Key Protect service instance ID.
- Encrypted
Nonce string - The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the
ibmcloud kp import-token getcommand. Then, encrypt the value by runningibmcloud kp import-token encrypt-nonce. Only for imported root key. - Force
Delete bool - set to true to force delete the key
- Iv
Value string - Used with import tokens. The Initialization Vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running
ibmcloud kp import-token encrypt-nonce. Only for imported root key. - Kp
Key stringId - (String) The CRN of the key.
- Payload string
- The base64 encoded key that you want to store and manage in the service. To import an existing key, provide a 256-bit key. To generate a new key, omit this parameter.
- Standard
Key bool - Set flag true for standard key, and false for root key. Default value is false.
- Timeouts
Kp
Key Timeouts
- Key
Name This property is required. string - The name of the key.
- Key
Protect Id This property is required. string - The Key Protect service instance ID.
- Encrypted
Nonce string - The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the
ibmcloud kp import-token getcommand. Then, encrypt the value by runningibmcloud kp import-token encrypt-nonce. Only for imported root key. - Force
Delete bool - set to true to force delete the key
- Iv
Value string - Used with import tokens. The Initialization Vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running
ibmcloud kp import-token encrypt-nonce. Only for imported root key. - Kp
Key stringId - (String) The CRN of the key.
- Payload string
- The base64 encoded key that you want to store and manage in the service. To import an existing key, provide a 256-bit key. To generate a new key, omit this parameter.
- Standard
Key bool - Set flag true for standard key, and false for root key. Default value is false.
- Timeouts
Kp
Key Timeouts Args
- key
Name This property is required. String - The name of the key.
- key
Protect Id This property is required. String - The Key Protect service instance ID.
- encrypted
Nonce String - The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the
ibmcloud kp import-token getcommand. Then, encrypt the value by runningibmcloud kp import-token encrypt-nonce. Only for imported root key. - force
Delete Boolean - set to true to force delete the key
- iv
Value String - Used with import tokens. The Initialization Vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running
ibmcloud kp import-token encrypt-nonce. Only for imported root key. - kp
Key StringId - (String) The CRN of the key.
- payload String
- The base64 encoded key that you want to store and manage in the service. To import an existing key, provide a 256-bit key. To generate a new key, omit this parameter.
- standard
Key Boolean - Set flag true for standard key, and false for root key. Default value is false.
- timeouts
Kp
Key Timeouts
- key
Name This property is required. string - The name of the key.
- key
Protect Id This property is required. string - The Key Protect service instance ID.
- encrypted
Nonce string - The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the
ibmcloud kp import-token getcommand. Then, encrypt the value by runningibmcloud kp import-token encrypt-nonce. Only for imported root key. - force
Delete boolean - set to true to force delete the key
- iv
Value string - Used with import tokens. The Initialization Vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running
ibmcloud kp import-token encrypt-nonce. Only for imported root key. - kp
Key stringId - (String) The CRN of the key.
- payload string
- The base64 encoded key that you want to store and manage in the service. To import an existing key, provide a 256-bit key. To generate a new key, omit this parameter.
- standard
Key boolean - Set flag true for standard key, and false for root key. Default value is false.
- timeouts
Kp
Key Timeouts
- key_
name This property is required. str - The name of the key.
- key_
protect_ id This property is required. str - The Key Protect service instance ID.
- encrypted_
nonce str - The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the
ibmcloud kp import-token getcommand. Then, encrypt the value by runningibmcloud kp import-token encrypt-nonce. Only for imported root key. - force_
delete bool - set to true to force delete the key
- iv_
value str - Used with import tokens. The Initialization Vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running
ibmcloud kp import-token encrypt-nonce. Only for imported root key. - kp_
key_ strid - (String) The CRN of the key.
- payload str
- The base64 encoded key that you want to store and manage in the service. To import an existing key, provide a 256-bit key. To generate a new key, omit this parameter.
- standard_
key bool - Set flag true for standard key, and false for root key. Default value is false.
- timeouts
Kp
Key Timeouts Args
- key
Name This property is required. String - The name of the key.
- key
Protect Id This property is required. String - The Key Protect service instance ID.
- encrypted
Nonce String - The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the
ibmcloud kp import-token getcommand. Then, encrypt the value by runningibmcloud kp import-token encrypt-nonce. Only for imported root key. - force
Delete Boolean - set to true to force delete the key
- iv
Value String - Used with import tokens. The Initialization Vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running
ibmcloud kp import-token encrypt-nonce. Only for imported root key. - kp
Key StringId - (String) The CRN of the key.
- payload String
- The base64 encoded key that you want to store and manage in the service. To import an existing key, provide a 256-bit key. To generate a new key, omit this parameter.
- standard
Key Boolean - Set flag true for standard key, and false for root key. Default value is false.
- timeouts Property Map
Outputs
All input properties are implicitly available as output properties. Additionally, the KpKey resource produces the following output properties:
- Crn string
- (String) The CRN of the key.
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Id string - (String) The ID of the key.
- Resource
Controller stringUrl - The URL of the IBM Cloud dashboard that can be used to explore and view details about the resource
- Resource
Crn string - The crn of the resource
- Resource
Group stringName - The resource group name in which resource is provisioned
- Resource
Name string - The name of the resource
- Resource
Status string - The status of the resource
- Crn string
- (String) The CRN of the key.
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Id string - (String) The ID of the key.
- Resource
Controller stringUrl - The URL of the IBM Cloud dashboard that can be used to explore and view details about the resource
- Resource
Crn string - The crn of the resource
- Resource
Group stringName - The resource group name in which resource is provisioned
- Resource
Name string - The name of the resource
- Resource
Status string - The status of the resource
- crn String
- (String) The CRN of the key.
- id String
- The provider-assigned unique ID for this managed resource.
- key
Id String - (String) The ID of the key.
- resource
Controller StringUrl - The URL of the IBM Cloud dashboard that can be used to explore and view details about the resource
- resource
Crn String - The crn of the resource
- resource
Group StringName - The resource group name in which resource is provisioned
- resource
Name String - The name of the resource
- resource
Status String - The status of the resource
- crn string
- (String) The CRN of the key.
- id string
- The provider-assigned unique ID for this managed resource.
- key
Id string - (String) The ID of the key.
- resource
Controller stringUrl - The URL of the IBM Cloud dashboard that can be used to explore and view details about the resource
- resource
Crn string - The crn of the resource
- resource
Group stringName - The resource group name in which resource is provisioned
- resource
Name string - The name of the resource
- resource
Status string - The status of the resource
- crn str
- (String) The CRN of the key.
- id str
- The provider-assigned unique ID for this managed resource.
- key_
id str - (String) The ID of the key.
- resource_
controller_ strurl - The URL of the IBM Cloud dashboard that can be used to explore and view details about the resource
- resource_
crn str - The crn of the resource
- resource_
group_ strname - The resource group name in which resource is provisioned
- resource_
name str - The name of the resource
- resource_
status str - The status of the resource
- crn String
- (String) The CRN of the key.
- id String
- The provider-assigned unique ID for this managed resource.
- key
Id String - (String) The ID of the key.
- resource
Controller StringUrl - The URL of the IBM Cloud dashboard that can be used to explore and view details about the resource
- resource
Crn String - The crn of the resource
- resource
Group StringName - The resource group name in which resource is provisioned
- resource
Name String - The name of the resource
- resource
Status String - The status of the resource
Look up Existing KpKey Resource
Get an existing KpKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: KpKeyState, opts?: CustomResourceOptions): KpKey@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
crn: Optional[str] = None,
encrypted_nonce: Optional[str] = None,
force_delete: Optional[bool] = None,
iv_value: Optional[str] = None,
key_id: Optional[str] = None,
key_name: Optional[str] = None,
key_protect_id: Optional[str] = None,
kp_key_id: Optional[str] = None,
payload: Optional[str] = None,
resource_controller_url: Optional[str] = None,
resource_crn: Optional[str] = None,
resource_group_name: Optional[str] = None,
resource_name: Optional[str] = None,
resource_status: Optional[str] = None,
standard_key: Optional[bool] = None,
timeouts: Optional[KpKeyTimeoutsArgs] = None) -> KpKeyfunc GetKpKey(ctx *Context, name string, id IDInput, state *KpKeyState, opts ...ResourceOption) (*KpKey, error)public static KpKey Get(string name, Input<string> id, KpKeyState? state, CustomResourceOptions? opts = null)public static KpKey get(String name, Output<String> id, KpKeyState state, CustomResourceOptions options)resources: _: type: ibm:KpKey get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Crn string
- (String) The CRN of the key.
- Encrypted
Nonce string - The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the
ibmcloud kp import-token getcommand. Then, encrypt the value by runningibmcloud kp import-token encrypt-nonce. Only for imported root key. - Force
Delete bool - set to true to force delete the key
- Iv
Value string - Used with import tokens. The Initialization Vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running
ibmcloud kp import-token encrypt-nonce. Only for imported root key. - Key
Id string - (String) The ID of the key.
- Key
Name string - The name of the key.
- Key
Protect stringId - The Key Protect service instance ID.
- Kp
Key stringId - (String) The CRN of the key.
- Payload string
- The base64 encoded key that you want to store and manage in the service. To import an existing key, provide a 256-bit key. To generate a new key, omit this parameter.
- Resource
Controller stringUrl - The URL of the IBM Cloud dashboard that can be used to explore and view details about the resource
- Resource
Crn string - The crn of the resource
- Resource
Group stringName - The resource group name in which resource is provisioned
- Resource
Name string - The name of the resource
- Resource
Status string - The status of the resource
- Standard
Key bool - Set flag true for standard key, and false for root key. Default value is false.
- Timeouts
Kp
Key Timeouts
- Crn string
- (String) The CRN of the key.
- Encrypted
Nonce string - The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the
ibmcloud kp import-token getcommand. Then, encrypt the value by runningibmcloud kp import-token encrypt-nonce. Only for imported root key. - Force
Delete bool - set to true to force delete the key
- Iv
Value string - Used with import tokens. The Initialization Vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running
ibmcloud kp import-token encrypt-nonce. Only for imported root key. - Key
Id string - (String) The ID of the key.
- Key
Name string - The name of the key.
- Key
Protect stringId - The Key Protect service instance ID.
- Kp
Key stringId - (String) The CRN of the key.
- Payload string
- The base64 encoded key that you want to store and manage in the service. To import an existing key, provide a 256-bit key. To generate a new key, omit this parameter.
- Resource
Controller stringUrl - The URL of the IBM Cloud dashboard that can be used to explore and view details about the resource
- Resource
Crn string - The crn of the resource
- Resource
Group stringName - The resource group name in which resource is provisioned
- Resource
Name string - The name of the resource
- Resource
Status string - The status of the resource
- Standard
Key bool - Set flag true for standard key, and false for root key. Default value is false.
- Timeouts
Kp
Key Timeouts Args
- crn String
- (String) The CRN of the key.
- encrypted
Nonce String - The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the
ibmcloud kp import-token getcommand. Then, encrypt the value by runningibmcloud kp import-token encrypt-nonce. Only for imported root key. - force
Delete Boolean - set to true to force delete the key
- iv
Value String - Used with import tokens. The Initialization Vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running
ibmcloud kp import-token encrypt-nonce. Only for imported root key. - key
Id String - (String) The ID of the key.
- key
Name String - The name of the key.
- key
Protect StringId - The Key Protect service instance ID.
- kp
Key StringId - (String) The CRN of the key.
- payload String
- The base64 encoded key that you want to store and manage in the service. To import an existing key, provide a 256-bit key. To generate a new key, omit this parameter.
- resource
Controller StringUrl - The URL of the IBM Cloud dashboard that can be used to explore and view details about the resource
- resource
Crn String - The crn of the resource
- resource
Group StringName - The resource group name in which resource is provisioned
- resource
Name String - The name of the resource
- resource
Status String - The status of the resource
- standard
Key Boolean - Set flag true for standard key, and false for root key. Default value is false.
- timeouts
Kp
Key Timeouts
- crn string
- (String) The CRN of the key.
- encrypted
Nonce string - The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the
ibmcloud kp import-token getcommand. Then, encrypt the value by runningibmcloud kp import-token encrypt-nonce. Only for imported root key. - force
Delete boolean - set to true to force delete the key
- iv
Value string - Used with import tokens. The Initialization Vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running
ibmcloud kp import-token encrypt-nonce. Only for imported root key. - key
Id string - (String) The ID of the key.
- key
Name string - The name of the key.
- key
Protect stringId - The Key Protect service instance ID.
- kp
Key stringId - (String) The CRN of the key.
- payload string
- The base64 encoded key that you want to store and manage in the service. To import an existing key, provide a 256-bit key. To generate a new key, omit this parameter.
- resource
Controller stringUrl - The URL of the IBM Cloud dashboard that can be used to explore and view details about the resource
- resource
Crn string - The crn of the resource
- resource
Group stringName - The resource group name in which resource is provisioned
- resource
Name string - The name of the resource
- resource
Status string - The status of the resource
- standard
Key boolean - Set flag true for standard key, and false for root key. Default value is false.
- timeouts
Kp
Key Timeouts
- crn str
- (String) The CRN of the key.
- encrypted_
nonce str - The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the
ibmcloud kp import-token getcommand. Then, encrypt the value by runningibmcloud kp import-token encrypt-nonce. Only for imported root key. - force_
delete bool - set to true to force delete the key
- iv_
value str - Used with import tokens. The Initialization Vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running
ibmcloud kp import-token encrypt-nonce. Only for imported root key. - key_
id str - (String) The ID of the key.
- key_
name str - The name of the key.
- key_
protect_ strid - The Key Protect service instance ID.
- kp_
key_ strid - (String) The CRN of the key.
- payload str
- The base64 encoded key that you want to store and manage in the service. To import an existing key, provide a 256-bit key. To generate a new key, omit this parameter.
- resource_
controller_ strurl - The URL of the IBM Cloud dashboard that can be used to explore and view details about the resource
- resource_
crn str - The crn of the resource
- resource_
group_ strname - The resource group name in which resource is provisioned
- resource_
name str - The name of the resource
- resource_
status str - The status of the resource
- standard_
key bool - Set flag true for standard key, and false for root key. Default value is false.
- timeouts
Kp
Key Timeouts Args
- crn String
- (String) The CRN of the key.
- encrypted
Nonce String - The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the
ibmcloud kp import-token getcommand. Then, encrypt the value by runningibmcloud kp import-token encrypt-nonce. Only for imported root key. - force
Delete Boolean - set to true to force delete the key
- iv
Value String - Used with import tokens. The Initialization Vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running
ibmcloud kp import-token encrypt-nonce. Only for imported root key. - key
Id String - (String) The ID of the key.
- key
Name String - The name of the key.
- key
Protect StringId - The Key Protect service instance ID.
- kp
Key StringId - (String) The CRN of the key.
- payload String
- The base64 encoded key that you want to store and manage in the service. To import an existing key, provide a 256-bit key. To generate a new key, omit this parameter.
- resource
Controller StringUrl - The URL of the IBM Cloud dashboard that can be used to explore and view details about the resource
- resource
Crn String - The crn of the resource
- resource
Group StringName - The resource group name in which resource is provisioned
- resource
Name String - The name of the resource
- resource
Status String - The status of the resource
- standard
Key Boolean - Set flag true for standard key, and false for root key. Default value is false.
- timeouts Property Map
Supporting Types
KpKeyTimeouts, KpKeyTimeoutsArgs
, KpKeyTimeoutsArgs
Import
ibm_kp_key can be imported by using the id and crn.
Example
$ pulumi import ibm:index/kpKey:KpKey crn crn:v1:bluemix:public:kms:us-south:a/faf6addbf6bf4768hhhhe342a5bdd702:05f5bf91-ec66-462f-80eb-8yyui138a315:key:52448f62-9272-4d29-a515-15019e3e5asd
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- ibm ibm-cloud/terraform-provider-ibm
- License
- Notes
- This Pulumi package is based on the
ibmTerraform Provider.