kms

package
v0.16.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 5, 2018 License: Apache-2.0 Imports: 2 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Alias 

type Alias struct {
	// contains filtered or unexported fields
}

Provides an alias for a KMS customer master key. AWS Console enforces 1-to-1 mapping between aliases & keys, but API (hence Terraform too) allows you to create as many aliases as the [account limits](http://docs.aws.amazon.com/kms/latest/developerguide/limits.html) allow you.

func GetAlias 

func GetAlias(ctx *pulumi.Context,
	name string, id pulumi.ID, state *AliasState, opts ...pulumi.ResourceOpt) (*Alias, error)

GetAlias gets an existing Alias resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAlias 

func NewAlias(ctx *pulumi.Context,
	name string, args *AliasArgs, opts ...pulumi.ResourceOpt) (*Alias, error)

NewAlias registers a new resource with the given unique name, arguments, and options.

func (*Alias) Arn 

func (r *Alias) Arn() *pulumi.StringOutput

The Amazon Resource Name (ARN) of the key alias.

func (*Alias) ID 

func (r *Alias) ID() *pulumi.IDOutput

ID is this resource's unique identifier assigned by its provider.

func (*Alias) Name 

func (r *Alias) Name() *pulumi.StringOutput

The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/)

func (*Alias) NamePrefix 

func (r *Alias) NamePrefix() *pulumi.StringOutput

Creates an unique alias beginning with the specified prefix. The name must start with the word "alias" followed by a forward slash (alias/). Conflicts with `name`.

func (*Alias) TargetKeyArn 

func (r *Alias) TargetKeyArn() *pulumi.StringOutput

The Amazon Resource Name (ARN) of the target key identifier.

func (*Alias) TargetKeyId 

func (r *Alias) TargetKeyId() *pulumi.StringOutput

Identifier for the key for which the alias is for, can be either an ARN or key_id.

func (*Alias) URN 

func (r *Alias) URN() *pulumi.URNOutput

URN is this resource's unique name assigned by Pulumi.

type AliasArgs 

type AliasArgs struct {
	// The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/)
	Name interface{}
	// Creates an unique alias beginning with the specified prefix.
	// The name must start with the word "alias" followed by a forward slash (alias/).  Conflicts with `name`.
	NamePrefix interface{}
	// Identifier for the key for which the alias is for, can be either an ARN or key_id.
	TargetKeyId interface{}
}

The set of arguments for constructing a Alias resource.

type AliasState 

type AliasState struct {
	// The Amazon Resource Name (ARN) of the key alias.
	Arn interface{}
	// The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/)
	Name interface{}
	// Creates an unique alias beginning with the specified prefix.
	// The name must start with the word "alias" followed by a forward slash (alias/).  Conflicts with `name`.
	NamePrefix interface{}
	// The Amazon Resource Name (ARN) of the target key identifier.
	TargetKeyArn interface{}
	// Identifier for the key for which the alias is for, can be either an ARN or key_id.
	TargetKeyId interface{}
}

Input properties used for looking up and filtering Alias resources.

type GetAliasArgs 

type GetAliasArgs struct {
	// The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/)
	Name interface{}
}

A collection of arguments for invoking getAlias.

type GetAliasResult 

type GetAliasResult struct {
	// The Amazon Resource Name(ARN) of the key alias.
	Arn interface{}
	// ARN pointed to by the alias.
	TargetKeyArn interface{}
	// Key identifier pointed to by the alias.
	TargetKeyId interface{}
	// id is the provider-assigned unique ID for this managed resource.
	Id interface{}
}

A collection of values returned by getAlias.

func LookupAlias 

func LookupAlias(ctx *pulumi.Context, args *GetAliasArgs) (*GetAliasResult, error)

Use this data source to get the ARN of a KMS key alias. By using this data source, you can reference key alias without having to hard code the ARN as input.

type GetCipherTextArgs 

type GetCipherTextArgs struct {
	// An optional mapping that makes up the encryption context.
	Context interface{}
	// Globally unique key ID for the customer master key.
	KeyId interface{}
	// Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.
	Plaintext interface{}
}

A collection of arguments for invoking getCipherText.

type GetCipherTextResult 

type GetCipherTextResult struct {
	// Base64 encoded ciphertext
	CiphertextBlob interface{}
	// id is the provider-assigned unique ID for this managed resource.
	Id interface{}
}

A collection of values returned by getCipherText.

func LookupCipherText 

func LookupCipherText(ctx *pulumi.Context, args *GetCipherTextArgs) (*GetCipherTextResult, error)

The KMS ciphertext data source allows you to encrypt plaintext into ciphertext by using an AWS KMS customer master key.

~> **Note:** All arguments including the plaintext be stored in the raw state as plain-text. [Read more about sensitive data in state](https://www.terraform.io/docs/state/sensitive-data.html).

type GetKeyArgs 

type GetKeyArgs struct {
	// List of grant tokens
	GrantTokens interface{}
	// Key identifier which can be one of the following format:
	// * Key ID. E.g: `1234abcd-12ab-34cd-56ef-1234567890ab`
	// * Key ARN. E.g.: `arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
	// * Alias name. E.g.: `alias/my-key`
	// * Alias ARN: E.g.: `arn:aws:kms:us-east-1:111122223333:alias/my-key`
	KeyId interface{}
}

A collection of arguments for invoking getKey.

type GetKeyResult 

type GetKeyResult struct {
	Arn             interface{}
	AwsAccountId    interface{}
	CreationDate    interface{}
	DeletionDate    interface{}
	Description     interface{}
	Enabled         interface{}
	ExpirationModel interface{}
	KeyManager      interface{}
	KeyState        interface{}
	KeyUsage        interface{}
	Origin          interface{}
	ValidTo         interface{}
	// id is the provider-assigned unique ID for this managed resource.
	Id interface{}
}

A collection of values returned by getKey.

func LookupKey 

func LookupKey(ctx *pulumi.Context, args *GetKeyArgs) (*GetKeyResult, error)

Use this data source to get detailed information about the specified KMS Key with flexible key id input. This can be useful to reference key alias without having to hard code the ARN as input.

type GetSecretArgs 

type GetSecretArgs struct {

	// One or more encrypted payload definitions from the KMS
	// service.  See the Secret Definitions below.
	Secrets interface{}
	// contains filtered or unexported fields
}

A collection of arguments for invoking getSecret.

type GetSecretResult added in v0.14.1 

type GetSecretResult struct {
	// id is the provider-assigned unique ID for this managed resource.
	Id interface{}
}

A collection of values returned by getSecret.

func LookupSecret 

func LookupSecret(ctx *pulumi.Context, args *GetSecretArgs) (*GetSecretResult, error)

!> **WARNING:** This data source is deprecated and will be removed in the next major version. You can migrate existing configurations to the [`aws_kms_secrets` data source](https://www.terraform.io/docs/providers/aws/d/kms_secrets.html) following instructions available in the [Version 2 Upgrade Guide](https://www.terraform.io/docs/providers/aws/guides/version-2-upgrade.html#data-source-aws_kms_secret).

The KMS secret data source allows you to use data encrypted with the AWS KMS service within your resource definitions.

~> **NOTE**: Using this data provider will allow you to conceal secret data within your resource definitions but does not take care of protecting that data in the logging output, plan output or state output.

Please take care to secure your secret data outside of resource definitions.

type GetSecretsArgs added in v0.15.1 

type GetSecretsArgs struct {
	// One or more encrypted payload definitions from the KMS service. See the Secret Definitions below.
	Secrets interface{}
}

A collection of arguments for invoking getSecrets.

type GetSecretsResult added in v0.15.1 

type GetSecretsResult struct {
	// Map containing each `secret` `name` as the key with its decrypted plaintext value
	Plaintext interface{}
	// id is the provider-assigned unique ID for this managed resource.
	Id interface{}
}

A collection of values returned by getSecrets.

func LookupSecrets added in v0.15.1 

func LookupSecrets(ctx *pulumi.Context, args *GetSecretsArgs) (*GetSecretsResult, error)

Decrypt multiple secrets from data encrypted with the AWS KMS service.

~> **NOTE**: Using this data provider will allow you to conceal secret data within your resource definitions but does not take care of protecting that data in all Terraform logging and state output. Please take care to secure your secret data beyond just the Terraform configuration.

type Grant 

type Grant struct {
	// contains filtered or unexported fields
}

Provides a resource-based access control mechanism for a KMS customer master key.

func GetGrant 

func GetGrant(ctx *pulumi.Context,
	name string, id pulumi.ID, state *GrantState, opts ...pulumi.ResourceOpt) (*Grant, error)

GetGrant gets an existing Grant resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewGrant 

func NewGrant(ctx *pulumi.Context,
	name string, args *GrantArgs, opts ...pulumi.ResourceOpt) (*Grant, error)

NewGrant registers a new resource with the given unique name, arguments, and options.

func (*Grant) Constraints 

func (r *Grant) Constraints() *pulumi.ArrayOutput

A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).

func (*Grant) GrantCreationTokens 

func (r *Grant) GrantCreationTokens() *pulumi.ArrayOutput

A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens. * `retire_on_delete` -(Defaults to false, Forces new resources) If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants. See [RetireGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) for more information.

func (*Grant) GrantId 

func (r *Grant) GrantId() *pulumi.StringOutput

The unique identifier for the grant.

func (*Grant) GrantToken 

func (r *Grant) GrantToken() *pulumi.StringOutput

The grant token for the created grant. For more information, see [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token).

func (*Grant) GranteePrincipal 

func (r *Grant) GranteePrincipal() *pulumi.StringOutput

The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, terraform's state may not always be refreshed to reflect what is true in AWS.

func (*Grant) ID 

func (r *Grant) ID() *pulumi.IDOutput

ID is this resource's unique identifier assigned by its provider.

func (*Grant) KeyId 

func (r *Grant) KeyId() *pulumi.StringOutput

The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.

func (*Grant) Name 

func (r *Grant) Name() *pulumi.StringOutput

A friendly name for identifying the grant.

func (*Grant) Operations 

func (r *Grant) Operations() *pulumi.ArrayOutput

A list of operations that the grant permits. The permitted values are: `Decrypt, Encrypt, GenerateDataKey, GenerateDataKeyWithoutPlaintext, ReEncryptFrom, ReEncryptTo, CreateGrant, RetireGrant, DescribeKey`

func (*Grant) RetireOnDelete 

func (r *Grant) RetireOnDelete() *pulumi.BoolOutput

func (*Grant) RetiringPrincipal 

func (r *Grant) RetiringPrincipal() *pulumi.StringOutput

func (*Grant) URN 

func (r *Grant) URN() *pulumi.URNOutput

URN is this resource's unique name assigned by Pulumi.

type GrantArgs 

type GrantArgs struct {
	// A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).
	Constraints interface{}
	// A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens.
	// * `retire_on_delete` -(Defaults to false, Forces new resources) If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants.
	// See [RetireGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) for more information.
	GrantCreationTokens interface{}
	// The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, terraform's state may not always be refreshed to reflect what is true in AWS.
	GranteePrincipal interface{}
	// The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.
	KeyId interface{}
	// A friendly name for identifying the grant.
	Name interface{}
	// A list of operations that the grant permits. The permitted values are: `Decrypt, Encrypt, GenerateDataKey, GenerateDataKeyWithoutPlaintext, ReEncryptFrom, ReEncryptTo, CreateGrant, RetireGrant, DescribeKey`
	Operations        interface{}
	RetireOnDelete    interface{}
	RetiringPrincipal interface{}
}

The set of arguments for constructing a Grant resource.

type GrantState 

type GrantState struct {
	// A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).
	Constraints interface{}
	// A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens.
	// * `retire_on_delete` -(Defaults to false, Forces new resources) If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants.
	// See [RetireGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) for more information.
	GrantCreationTokens interface{}
	// The unique identifier for the grant.
	GrantId interface{}
	// The grant token for the created grant. For more information, see [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token).
	GrantToken interface{}
	// The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, terraform's state may not always be refreshed to reflect what is true in AWS.
	GranteePrincipal interface{}
	// The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.
	KeyId interface{}
	// A friendly name for identifying the grant.
	Name interface{}
	// A list of operations that the grant permits. The permitted values are: `Decrypt, Encrypt, GenerateDataKey, GenerateDataKeyWithoutPlaintext, ReEncryptFrom, ReEncryptTo, CreateGrant, RetireGrant, DescribeKey`
	Operations        interface{}
	RetireOnDelete    interface{}
	RetiringPrincipal interface{}
}

Input properties used for looking up and filtering Grant resources.

type Key 

type Key struct {
	// contains filtered or unexported fields
}

Provides a KMS customer master key.

func GetKey 

func GetKey(ctx *pulumi.Context,
	name string, id pulumi.ID, state *KeyState, opts ...pulumi.ResourceOpt) (*Key, error)

GetKey gets an existing Key resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKey 

func NewKey(ctx *pulumi.Context,
	name string, args *KeyArgs, opts ...pulumi.ResourceOpt) (*Key, error)

NewKey registers a new resource with the given unique name, arguments, and options.

func (*Key) Arn 

func (r *Key) Arn() *pulumi.StringOutput

The Amazon Resource Name (ARN) of the key.

func (*Key) DeletionWindowInDays 

func (r *Key) DeletionWindowInDays() *pulumi.IntOutput

Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.

func (*Key) Description 

func (r *Key) Description() *pulumi.StringOutput

The description of the key as viewed in AWS console.

func (*Key) EnableKeyRotation 

func (r *Key) EnableKeyRotation() *pulumi.BoolOutput

Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) is enabled. Defaults to false.

func (*Key) ID 

func (r *Key) ID() *pulumi.IDOutput

ID is this resource's unique identifier assigned by its provider.

func (*Key) IsEnabled 

func (r *Key) IsEnabled() *pulumi.BoolOutput

Specifies whether the key is enabled. Defaults to true.

func (*Key) KeyId 

func (r *Key) KeyId() *pulumi.StringOutput

The globally unique identifier for the key.

func (*Key) KeyUsage 

func (r *Key) KeyUsage() *pulumi.StringOutput

Specifies the intended use of the key. Defaults to ENCRYPT_DECRYPT, and only symmetric encryption and decryption are supported.

func (*Key) Policy 

func (r *Key) Policy() *pulumi.StringOutput

A valid policy JSON document. For more information about building AWS IAM policy documents with Terraform, see the [AWS IAM Policy Document Guide](https://www.terraform.io/docs/providers/aws/guides/iam-policy-documents.html).

func (*Key) Tags 

func (r *Key) Tags() *pulumi.MapOutput

A mapping of tags to assign to the object.

func (*Key) URN 

func (r *Key) URN() *pulumi.URNOutput

URN is this resource's unique name assigned by Pulumi.

type KeyArgs 

type KeyArgs struct {
	// Duration in days after which the key is deleted
	// after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.
	DeletionWindowInDays interface{}
	// The description of the key as viewed in AWS console.
	Description interface{}
	// Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html)
	// is enabled. Defaults to false.
	EnableKeyRotation interface{}
	// Specifies whether the key is enabled. Defaults to true.
	IsEnabled interface{}
	// Specifies the intended use of the key.
	// Defaults to ENCRYPT_DECRYPT, and only symmetric encryption and decryption are supported.
	KeyUsage interface{}
	// A valid policy JSON document. For more information about building AWS IAM policy documents with Terraform, see the [AWS IAM Policy Document Guide](https://www.terraform.io/docs/providers/aws/guides/iam-policy-documents.html).
	Policy interface{}
	// A mapping of tags to assign to the object.
	Tags interface{}
}

The set of arguments for constructing a Key resource.

type KeyState 

type KeyState struct {
	// The Amazon Resource Name (ARN) of the key.
	Arn interface{}
	// Duration in days after which the key is deleted
	// after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.
	DeletionWindowInDays interface{}
	// The description of the key as viewed in AWS console.
	Description interface{}
	// Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html)
	// is enabled. Defaults to false.
	EnableKeyRotation interface{}
	// Specifies whether the key is enabled. Defaults to true.
	IsEnabled interface{}
	// The globally unique identifier for the key.
	KeyId interface{}
	// Specifies the intended use of the key.
	// Defaults to ENCRYPT_DECRYPT, and only symmetric encryption and decryption are supported.
	KeyUsage interface{}
	// A valid policy JSON document. For more information about building AWS IAM policy documents with Terraform, see the [AWS IAM Policy Document Guide](https://www.terraform.io/docs/providers/aws/guides/iam-policy-documents.html).
	Policy interface{}
	// A mapping of tags to assign to the object.
	Tags interface{}
}

Input properties used for looking up and filtering Key resources.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.