alicloud_kms_key
A kms key can help user to protect data security in the transmission process. For information about Alikms Key and how to use it, see What is Resource Alikms Key.
-> NOTE: Available since v1.85.0.
Example Usage
Basic Usage
resource "alicloud_kms_key" "key" {
description = "Hello KMS"
pending_window_in_days = "7"
status = "Enabled"
}
Argument Reference
The following arguments are supported:
-
description
- (Optional) The description of the CMK. The description can be 0 to 8,192 characters in length. -
key_usage
- (Optional, ForceNew, Computed) The usage of the CMK. Default value:ENCRYPT/DECRYPT
. Valid values:ENCRYPT/DECRYPT
: encrypts or decrypts data.SIGN/VERIFY
: generates or verifies a digital signature.
-
deletion_window_in_days
- (Deprecated since v1.85.0) Fielddeletion_window_in_days
has been deprecated from provider version 1.85.0. New fieldpending_window_in_days
instead. -
is_enabled
- (Deprecated since v1.85.0) Fieldis_enabled
has been deprecated from provider version 1.85.0. New fieldstatus
instead. -
automatic_rotation
- (Optional, Computed) Specifies whether to enable automatic key rotation. Default value:Disabled
. Valid values:Enabled
Disabled
NOTE: If you set the origin parameter to EXTERNAL or the key_spec parameter to an asymmetric CMK type, automatic key rotation is unavailable.
-
key_spec
- (Optional, ForceNew, Computed) The type of the CMK. Default value:Aliyun_AES_256
. Valid values:Aliyun_AES_256
,Aliyun_AES_128
,Aliyun_AES_192
,Aliyun_SM4
,RSA_2048
,RSA_3072
,EC_P256
,EC_P256K
,EC_SM2
. Note: The default type of the CMK isAliyun_AES_256
. Only Dedicated KMS supportsAliyun_AES_128
andAliyun_AES_192
. -
key_state
- (Deprecated since v1.123.1) Fieldkey_state
has been deprecated from provider version 1.123.1. New fieldstatus
instead. -
status
- (Optional, Computed, Available since v1.123.1) The status of CMK. Default value:Enabled
. Valid Values:Disabled
Enabled
PendingDeletion
-
origin
- (Optional, ForceNew, Computed) The source of key material. Default value:Aliyun_KMS
. Valid values:Aliyun_KMS
EXTERNAL
NOTE: The value of this parameter is case-sensitive. If you set thekey_spec
to an asymmetric CMK type, you are not allowed to set theorigin
to EXTERNAL. If you set theorigin
to EXTERNAL, you must import key material. For more information, see import key material.
-
pending_window_in_days
- (Optional, Computed, Int) The number of days before the CMK is deleted. During this period, the CMK is in the PendingDeletion state. After this period ends, you cannot cancel the deletion. Valid values: 7 to 366. Unit: days. NOTE: From version 1.184.0,pending_window_in_days
can be set to366
. -
protection_level
- (Optional, ForceNew) The protection level of the CMK. Default value:SOFTWARE
. Valid values:SOFTWARE
HSM
NOTE: The value of this parameter is case-sensitive. Assume that you set this parameter to HSM. If you set the origin parameter to Aliyun_KMS, the CMK is created in a managed hardware security module (HSM). If you set the origin parameter to EXTERNA, you can import an external key to the managed HSM.
-
rotation_interval
- (Optional) The interval for automatic key rotation. Specify the value in the integer[unit] format. The following units are supported: d (day), h (hour), m (minute), and s (second). For example, you can use either 7d or 604800s to specify a seven-day interval. The interval can range from 7 days to 730 days. NOTE: It is Required whenautomatic_rotation = "Enabled"
-> NOTE: When the pre-deletion days elapses, the key is permanently deleted and cannot be recovered.
dkms_instance_id
- (Optional, ForceNew, Available since v1.183.0) The instance ID of the exclusive KMS instance.tags
- (Optional, Available since v1.207.0) A mapping of tags to assign to the resource.
Attributes Reference
id
- The ID of the key.arn
- The Alicloud Resource Name (ARN) of the key.creation_date
-The date and time when the CMK was created. The time is displayed in UTC.creator
-The creator of the CMK.delete_date
-The scheduled date to delete CMK. The time is displayed in UTC. This value is returned only when the KeyState value is PendingDeletion.last_rotation_date
- The date and time the last rotation was performed. The time is displayed in UTC.material_expire_time
- The time and date the key material for the CMK expires. The time is displayed in UTC. If the value is empty, the key material for the CMK does not expire.next_rotation_date
- The time the next rotation is scheduled for execution.primary_key_version
- The ID of the current primary key version of the symmetric CMK.
Import
Alikms key can be imported using the id, e.g.
$ terraform import alicloud_kms_key.example <id>
- 本页导读 (0)