kms

package
v1.22.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 14, 2020 License: Apache-2.0 Imports: 4 Imported by: 0

Documentation

Overview

nolint: lll

nolint: lll

nolint: lll

nolint: lll

nolint: lll

nolint: lll

nolint: lll

nolint: lll

nolint: lll

nolint: lll

nolint: lll

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Alias 

type Alias struct {
	pulumi.CustomResourceState

	// The Amazon Resource Name (ARN) of the key alias.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/)
	Name pulumi.StringOutput `pulumi:"name"`
	// Creates an unique alias beginning with the specified prefix.
	// The name must start with the word "alias" followed by a forward slash (alias/).  Conflicts with `name`.
	NamePrefix pulumi.StringPtrOutput `pulumi:"namePrefix"`
	// The Amazon Resource Name (ARN) of the target key identifier.
	TargetKeyArn pulumi.StringOutput `pulumi:"targetKeyArn"`
	// Identifier for the key for which the alias is for, can be either an ARN or key_id.
	TargetKeyId pulumi.StringOutput `pulumi:"targetKeyId"`
}

Provides an alias for a KMS customer master key. AWS Console enforces 1-to-1 mapping between aliases & keys, but API (hence this provider too) allows you to create as many aliases as the [account limits](http://docs.aws.amazon.com/kms/latest/developerguide/limits.html) allow you.

> This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/kms_alias.html.markdown.

func GetAlias 

func GetAlias(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AliasState, opts ...pulumi.ResourceOption) (*Alias, error)

GetAlias gets an existing Alias resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAlias 

func NewAlias(ctx *pulumi.Context,
	name string, args *AliasArgs, opts ...pulumi.ResourceOption) (*Alias, error)

NewAlias registers a new resource with the given unique name, arguments, and options.

type AliasArgs 

type AliasArgs struct {
	// The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/)
	Name pulumi.StringPtrInput
	// Creates an unique alias beginning with the specified prefix.
	// The name must start with the word "alias" followed by a forward slash (alias/).  Conflicts with `name`.
	NamePrefix pulumi.StringPtrInput
	// Identifier for the key for which the alias is for, can be either an ARN or key_id.
	TargetKeyId pulumi.StringInput
}

The set of arguments for constructing a Alias resource.

func (AliasArgs) ElementType added in v1.19.0 

func (AliasArgs) ElementType() reflect.Type

type AliasState 

type AliasState struct {
	// The Amazon Resource Name (ARN) of the key alias.
	Arn pulumi.StringPtrInput
	// The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/)
	Name pulumi.StringPtrInput
	// Creates an unique alias beginning with the specified prefix.
	// The name must start with the word "alias" followed by a forward slash (alias/).  Conflicts with `name`.
	NamePrefix pulumi.StringPtrInput
	// The Amazon Resource Name (ARN) of the target key identifier.
	TargetKeyArn pulumi.StringPtrInput
	// Identifier for the key for which the alias is for, can be either an ARN or key_id.
	TargetKeyId pulumi.StringPtrInput
}

func (AliasState) ElementType added in v1.19.0 

func (AliasState) ElementType() reflect.Type

type Ciphertext added in v0.18.1 

type Ciphertext struct {
	pulumi.CustomResourceState

	// Base64 encoded ciphertext
	CiphertextBlob pulumi.StringOutput `pulumi:"ciphertextBlob"`
	// An optional mapping that makes up the encryption context.
	Context pulumi.StringMapOutput `pulumi:"context"`
	// Globally unique key ID for the customer master key.
	KeyId pulumi.StringOutput `pulumi:"keyId"`
	// Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.
	Plaintext pulumi.StringOutput `pulumi:"plaintext"`
}

The KMS ciphertext resource allows you to encrypt plaintext into ciphertext by using an AWS KMS customer master key. The value returned by this resource is stable across every apply. For a changing ciphertext value each apply, see the [`kms.Ciphertext` data source](https://www.terraform.io/docs/providers/aws/d/kms_ciphertext.html).

> **Note:** All arguments including the plaintext be stored in the raw state as plain-text. [Read more about sensitive data in state](https://www.terraform.io/docs/state/sensitive-data.html).

> This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/kms_ciphertext.html.markdown.

func GetCiphertext added in v0.18.1 

func GetCiphertext(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *CiphertextState, opts ...pulumi.ResourceOption) (*Ciphertext, error)

GetCiphertext gets an existing Ciphertext resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewCiphertext added in v0.18.1 

func NewCiphertext(ctx *pulumi.Context,
	name string, args *CiphertextArgs, opts ...pulumi.ResourceOption) (*Ciphertext, error)

NewCiphertext registers a new resource with the given unique name, arguments, and options.

type CiphertextArgs added in v0.18.1 

type CiphertextArgs struct {
	// An optional mapping that makes up the encryption context.
	Context pulumi.StringMapInput
	// Globally unique key ID for the customer master key.
	KeyId pulumi.StringInput
	// Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.
	Plaintext pulumi.StringInput
}

The set of arguments for constructing a Ciphertext resource.

func (CiphertextArgs) ElementType added in v1.19.0 

func (CiphertextArgs) ElementType() reflect.Type

type CiphertextState added in v0.18.1 

type CiphertextState struct {
	// Base64 encoded ciphertext
	CiphertextBlob pulumi.StringPtrInput
	// An optional mapping that makes up the encryption context.
	Context pulumi.StringMapInput
	// Globally unique key ID for the customer master key.
	KeyId pulumi.StringPtrInput
	// Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.
	Plaintext pulumi.StringPtrInput
}

func (CiphertextState) ElementType added in v1.19.0 

func (CiphertextState) ElementType() reflect.Type

type ExternalKey added in v0.18.1 

type ExternalKey struct {
	pulumi.CustomResourceState

	// The Amazon Resource Name (ARN) of the key.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// Duration in days after which the key is deleted after destruction of the resource. Must be between `7` and `30` days. Defaults to `30`.
	DeletionWindowInDays pulumi.IntPtrOutput `pulumi:"deletionWindowInDays"`
	// Description of the key.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Specifies whether the key is enabled. Keys pending import can only be `false`. Imported keys default to `true` unless expired.
	Enabled pulumi.BoolOutput `pulumi:"enabled"`
	// Whether the key material expires. Empty when pending key material import, otherwise `KEY_MATERIAL_EXPIRES` or `KEY_MATERIAL_DOES_NOT_EXPIRE`.
	ExpirationModel pulumi.StringOutput `pulumi:"expirationModel"`
	// Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material.
	KeyMaterialBase64 pulumi.StringPtrOutput `pulumi:"keyMaterialBase64"`
	// The state of the CMK.
	KeyState pulumi.StringOutput `pulumi:"keyState"`
	// The cryptographic operations for which you can use the CMK.
	KeyUsage pulumi.StringOutput `pulumi:"keyUsage"`
	// A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK.
	Policy pulumi.StringOutput `pulumi:"policy"`
	// A key-value map of tags to assign to the key.
	Tags pulumi.MapOutput `pulumi:"tags"`
	// Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)
	ValidTo pulumi.StringPtrOutput `pulumi:"validTo"`
}

Manages a KMS Customer Master Key that uses external key material. To instead manage a KMS Customer Master Key where AWS automatically generates and potentially rotates key material, see the [`kms.Key` resource](https://www.terraform.io/docs/providers/aws/r/kms_key.html).

> **Note:** All arguments including the key material will be stored in the raw state as plain-text. [Read more about sensitive data in state](https://www.terraform.io/docs/state/sensitive-data.html).

> This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/kms_external_key.html.markdown.

func GetExternalKey added in v0.18.1 

func GetExternalKey(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ExternalKeyState, opts ...pulumi.ResourceOption) (*ExternalKey, error)

GetExternalKey gets an existing ExternalKey resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewExternalKey added in v0.18.1 

func NewExternalKey(ctx *pulumi.Context,
	name string, args *ExternalKeyArgs, opts ...pulumi.ResourceOption) (*ExternalKey, error)

NewExternalKey registers a new resource with the given unique name, arguments, and options.

type ExternalKeyArgs added in v0.18.1 

type ExternalKeyArgs struct {
	// Duration in days after which the key is deleted after destruction of the resource. Must be between `7` and `30` days. Defaults to `30`.
	DeletionWindowInDays pulumi.IntPtrInput
	// Description of the key.
	Description pulumi.StringPtrInput
	// Specifies whether the key is enabled. Keys pending import can only be `false`. Imported keys default to `true` unless expired.
	Enabled pulumi.BoolPtrInput
	// Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material.
	KeyMaterialBase64 pulumi.StringPtrInput
	// A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK.
	Policy pulumi.StringPtrInput
	// A key-value map of tags to assign to the key.
	Tags pulumi.MapInput
	// Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)
	ValidTo pulumi.StringPtrInput
}

The set of arguments for constructing a ExternalKey resource.

func (ExternalKeyArgs) ElementType added in v1.19.0 

func (ExternalKeyArgs) ElementType() reflect.Type

type ExternalKeyState added in v0.18.1 

type ExternalKeyState struct {
	// The Amazon Resource Name (ARN) of the key.
	Arn pulumi.StringPtrInput
	// Duration in days after which the key is deleted after destruction of the resource. Must be between `7` and `30` days. Defaults to `30`.
	DeletionWindowInDays pulumi.IntPtrInput
	// Description of the key.
	Description pulumi.StringPtrInput
	// Specifies whether the key is enabled. Keys pending import can only be `false`. Imported keys default to `true` unless expired.
	Enabled pulumi.BoolPtrInput
	// Whether the key material expires. Empty when pending key material import, otherwise `KEY_MATERIAL_EXPIRES` or `KEY_MATERIAL_DOES_NOT_EXPIRE`.
	ExpirationModel pulumi.StringPtrInput
	// Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material.
	KeyMaterialBase64 pulumi.StringPtrInput
	// The state of the CMK.
	KeyState pulumi.StringPtrInput
	// The cryptographic operations for which you can use the CMK.
	KeyUsage pulumi.StringPtrInput
	// A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK.
	Policy pulumi.StringPtrInput
	// A key-value map of tags to assign to the key.
	Tags pulumi.MapInput
	// Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)
	ValidTo pulumi.StringPtrInput
}

func (ExternalKeyState) ElementType added in v1.19.0 

func (ExternalKeyState) ElementType() reflect.Type

type GetCipherTextArgs 

type GetCipherTextArgs struct {
	// An optional mapping that makes up the encryption context.
	Context map[string]string `pulumi:"context"`
	// Globally unique key ID for the customer master key.
	KeyId string `pulumi:"keyId"`
	// Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.
	Plaintext string `pulumi:"plaintext"`
}

A collection of arguments for invoking getCipherText.

type GetCipherTextResult 

type GetCipherTextResult struct {
	// Base64 encoded ciphertext
	CiphertextBlob string            `pulumi:"ciphertextBlob"`
	Context        map[string]string `pulumi:"context"`
	// id is the provider-assigned unique ID for this managed resource.
	Id        string `pulumi:"id"`
	KeyId     string `pulumi:"keyId"`
	Plaintext string `pulumi:"plaintext"`
}

A collection of values returned by getCipherText.

func GetCipherText added in v1.19.0 

func GetCipherText(ctx *pulumi.Context, args *GetCipherTextArgs, opts ...pulumi.InvokeOption) (*GetCipherTextResult, error)

The KMS ciphertext data source allows you to encrypt plaintext into ciphertext by using an AWS KMS customer master key. The value returned by this data source changes every apply. For a stable ciphertext value, see the [`kms.Ciphertext` resource](https://www.terraform.io/docs/providers/aws/r/kms_ciphertext.html).

> **Note:** All arguments including the plaintext be stored in the raw state as plain-text. [Read more about sensitive data in state](https://www.terraform.io/docs/state/sensitive-data.html).

> This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/d/kms_ciphertext.html.markdown.

type GetSecretArgs 

type GetSecretArgs struct {
	Secrets []GetSecretSecret `pulumi:"secrets"`
}

A collection of arguments for invoking getSecret.

type GetSecretResult added in v0.14.1 

type GetSecretResult struct {
	// id is the provider-assigned unique ID for this managed resource.
	Id      string            `pulumi:"id"`
	Secrets []GetSecretSecret `pulumi:"secrets"`
}

A collection of values returned by getSecret.

func GetSecret added in v1.19.0 

func GetSecret(ctx *pulumi.Context, args *GetSecretArgs, opts ...pulumi.InvokeOption) (*GetSecretResult, error)

!> **WARNING:** This data source was removed in version 2.0.0 of the AWS Provider. You can migrate existing configurations to the [`kms.getSecrets` data source](https://www.terraform.io/docs/providers/aws/d/kms_secrets.html) following instructions available in the [Version 2 Upgrade Guide](https://www.terraform.io/docs/providers/aws/guides/version-2-upgrade.html#data-source-aws_kms_secret).

> This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/d/kms_secret.html.markdown.

type GetSecretSecret added in v1.19.0 

type GetSecretSecret struct {
	Context     map[string]string `pulumi:"context"`
	GrantTokens []string          `pulumi:"grantTokens"`
	Name        string            `pulumi:"name"`
	Payload     string            `pulumi:"payload"`
}

type GetSecretSecretArgs added in v1.19.0 

type GetSecretSecretArgs struct {
	Context     pulumi.StringMapInput   `pulumi:"context"`
	GrantTokens pulumi.StringArrayInput `pulumi:"grantTokens"`
	Name        pulumi.StringInput      `pulumi:"name"`
	Payload     pulumi.StringInput      `pulumi:"payload"`
}

func (GetSecretSecretArgs) ElementType added in v1.19.0 

func (GetSecretSecretArgs) ElementType() reflect.Type

func (GetSecretSecretArgs) ToGetSecretSecretOutput added in v1.19.0 

func (i GetSecretSecretArgs) ToGetSecretSecretOutput() GetSecretSecretOutput

func (GetSecretSecretArgs) ToGetSecretSecretOutputWithContext added in v1.19.0 

func (i GetSecretSecretArgs) ToGetSecretSecretOutputWithContext(ctx context.Context) GetSecretSecretOutput

type GetSecretSecretArray added in v1.19.0 

type GetSecretSecretArray []GetSecretSecretInput

func (GetSecretSecretArray) ElementType added in v1.19.0 

func (GetSecretSecretArray) ElementType() reflect.Type

func (GetSecretSecretArray) ToGetSecretSecretArrayOutput added in v1.19.0 

func (i GetSecretSecretArray) ToGetSecretSecretArrayOutput() GetSecretSecretArrayOutput

func (GetSecretSecretArray) ToGetSecretSecretArrayOutputWithContext added in v1.19.0 

func (i GetSecretSecretArray) ToGetSecretSecretArrayOutputWithContext(ctx context.Context) GetSecretSecretArrayOutput

type GetSecretSecretArrayInput added in v1.19.0 

type GetSecretSecretArrayInput interface {
	pulumi.Input

	ToGetSecretSecretArrayOutput() GetSecretSecretArrayOutput
	ToGetSecretSecretArrayOutputWithContext(context.Context) GetSecretSecretArrayOutput
}

type GetSecretSecretArrayOutput added in v1.19.0 

type GetSecretSecretArrayOutput struct{ *pulumi.OutputState }

func (GetSecretSecretArrayOutput) ElementType added in v1.19.0 

func (GetSecretSecretArrayOutput) ElementType() reflect.Type

func (GetSecretSecretArrayOutput) Index added in v1.19.0 

func (o GetSecretSecretArrayOutput) Index(i pulumi.IntInput) GetSecretSecretOutput

func (GetSecretSecretArrayOutput) ToGetSecretSecretArrayOutput added in v1.19.0 

func (o GetSecretSecretArrayOutput) ToGetSecretSecretArrayOutput() GetSecretSecretArrayOutput

func (GetSecretSecretArrayOutput) ToGetSecretSecretArrayOutputWithContext added in v1.19.0 

func (o GetSecretSecretArrayOutput) ToGetSecretSecretArrayOutputWithContext(ctx context.Context) GetSecretSecretArrayOutput

type GetSecretSecretInput added in v1.19.0 

type GetSecretSecretInput interface {
	pulumi.Input

	ToGetSecretSecretOutput() GetSecretSecretOutput
	ToGetSecretSecretOutputWithContext(context.Context) GetSecretSecretOutput
}

type GetSecretSecretOutput added in v1.19.0 

type GetSecretSecretOutput struct{ *pulumi.OutputState }

func (GetSecretSecretOutput) Context added in v1.19.0 

func (o GetSecretSecretOutput) Context() pulumi.StringMapOutput

func (GetSecretSecretOutput) ElementType added in v1.19.0 

func (GetSecretSecretOutput) ElementType() reflect.Type

func (GetSecretSecretOutput) GrantTokens added in v1.19.0 

func (o GetSecretSecretOutput) GrantTokens() pulumi.StringArrayOutput

func (GetSecretSecretOutput) Name added in v1.19.0 

func (o GetSecretSecretOutput) Name() pulumi.StringOutput

func (GetSecretSecretOutput) Payload added in v1.19.0 

func (o GetSecretSecretOutput) Payload() pulumi.StringOutput

func (GetSecretSecretOutput) ToGetSecretSecretOutput added in v1.19.0 

func (o GetSecretSecretOutput) ToGetSecretSecretOutput() GetSecretSecretOutput

func (GetSecretSecretOutput) ToGetSecretSecretOutputWithContext added in v1.19.0 

func (o GetSecretSecretOutput) ToGetSecretSecretOutputWithContext(ctx context.Context) GetSecretSecretOutput

type GetSecretsArgs added in v0.15.1 

type GetSecretsArgs struct {
	// One or more encrypted payload definitions from the KMS service. See the Secret Definitions below.
	Secrets []GetSecretsSecret `pulumi:"secrets"`
}

A collection of arguments for invoking getSecrets.

type GetSecretsResult added in v0.15.1 

type GetSecretsResult struct {
	// id is the provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// Map containing each `secret` `name` as the key with its decrypted plaintext value
	Plaintext map[string]string  `pulumi:"plaintext"`
	Secrets   []GetSecretsSecret `pulumi:"secrets"`
}

A collection of values returned by getSecrets.

func GetSecrets added in v1.19.0 

func GetSecrets(ctx *pulumi.Context, args *GetSecretsArgs, opts ...pulumi.InvokeOption) (*GetSecretsResult, error)

Decrypt multiple secrets from data encrypted with the AWS KMS service.

> This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/d/kms_secrets.html.markdown.

type GetSecretsSecret added in v1.19.0 

type GetSecretsSecret struct {
	// An optional mapping that makes up the Encryption Context for the secret.
	Context map[string]string `pulumi:"context"`
	// An optional list of Grant Tokens for the secret.
	GrantTokens []string `pulumi:"grantTokens"`
	// The name to export this secret under in the attributes.
	Name string `pulumi:"name"`
	// Base64 encoded payload, as returned from a KMS encrypt operation.
	Payload string `pulumi:"payload"`
}

type GetSecretsSecretArgs added in v1.19.0 

type GetSecretsSecretArgs struct {
	// An optional mapping that makes up the Encryption Context for the secret.
	Context pulumi.StringMapInput `pulumi:"context"`
	// An optional list of Grant Tokens for the secret.
	GrantTokens pulumi.StringArrayInput `pulumi:"grantTokens"`
	// The name to export this secret under in the attributes.
	Name pulumi.StringInput `pulumi:"name"`
	// Base64 encoded payload, as returned from a KMS encrypt operation.
	Payload pulumi.StringInput `pulumi:"payload"`
}

func (GetSecretsSecretArgs) ElementType added in v1.19.0 

func (GetSecretsSecretArgs) ElementType() reflect.Type

func (GetSecretsSecretArgs) ToGetSecretsSecretOutput added in v1.19.0 

func (i GetSecretsSecretArgs) ToGetSecretsSecretOutput() GetSecretsSecretOutput

func (GetSecretsSecretArgs) ToGetSecretsSecretOutputWithContext added in v1.19.0 

func (i GetSecretsSecretArgs) ToGetSecretsSecretOutputWithContext(ctx context.Context) GetSecretsSecretOutput

type GetSecretsSecretArray added in v1.19.0 

type GetSecretsSecretArray []GetSecretsSecretInput

func (GetSecretsSecretArray) ElementType added in v1.19.0 

func (GetSecretsSecretArray) ElementType() reflect.Type

func (GetSecretsSecretArray) ToGetSecretsSecretArrayOutput added in v1.19.0 

func (i GetSecretsSecretArray) ToGetSecretsSecretArrayOutput() GetSecretsSecretArrayOutput

func (GetSecretsSecretArray) ToGetSecretsSecretArrayOutputWithContext added in v1.19.0 

func (i GetSecretsSecretArray) ToGetSecretsSecretArrayOutputWithContext(ctx context.Context) GetSecretsSecretArrayOutput

type GetSecretsSecretArrayInput added in v1.19.0 

type GetSecretsSecretArrayInput interface {
	pulumi.Input

	ToGetSecretsSecretArrayOutput() GetSecretsSecretArrayOutput
	ToGetSecretsSecretArrayOutputWithContext(context.Context) GetSecretsSecretArrayOutput
}

type GetSecretsSecretArrayOutput added in v1.19.0 

type GetSecretsSecretArrayOutput struct{ *pulumi.OutputState }

func (GetSecretsSecretArrayOutput) ElementType added in v1.19.0 

func (GetSecretsSecretArrayOutput) ElementType() reflect.Type

func (GetSecretsSecretArrayOutput) Index added in v1.19.0 

func (o GetSecretsSecretArrayOutput) Index(i pulumi.IntInput) GetSecretsSecretOutput

func (GetSecretsSecretArrayOutput) ToGetSecretsSecretArrayOutput added in v1.19.0 

func (o GetSecretsSecretArrayOutput) ToGetSecretsSecretArrayOutput() GetSecretsSecretArrayOutput

func (GetSecretsSecretArrayOutput) ToGetSecretsSecretArrayOutputWithContext added in v1.19.0 

func (o GetSecretsSecretArrayOutput) ToGetSecretsSecretArrayOutputWithContext(ctx context.Context) GetSecretsSecretArrayOutput

type GetSecretsSecretInput added in v1.19.0 

type GetSecretsSecretInput interface {
	pulumi.Input

	ToGetSecretsSecretOutput() GetSecretsSecretOutput
	ToGetSecretsSecretOutputWithContext(context.Context) GetSecretsSecretOutput
}

type GetSecretsSecretOutput added in v1.19.0 

type GetSecretsSecretOutput struct{ *pulumi.OutputState }

func (GetSecretsSecretOutput) Context added in v1.19.0 

func (o GetSecretsSecretOutput) Context() pulumi.StringMapOutput

An optional mapping that makes up the Encryption Context for the secret.

func (GetSecretsSecretOutput) ElementType added in v1.19.0 

func (GetSecretsSecretOutput) ElementType() reflect.Type

func (GetSecretsSecretOutput) GrantTokens added in v1.19.0 

func (o GetSecretsSecretOutput) GrantTokens() pulumi.StringArrayOutput

An optional list of Grant Tokens for the secret.

func (GetSecretsSecretOutput) Name added in v1.19.0 

func (o GetSecretsSecretOutput) Name() pulumi.StringOutput

The name to export this secret under in the attributes.

func (GetSecretsSecretOutput) Payload added in v1.19.0 

func (o GetSecretsSecretOutput) Payload() pulumi.StringOutput

Base64 encoded payload, as returned from a KMS encrypt operation.

func (GetSecretsSecretOutput) ToGetSecretsSecretOutput added in v1.19.0 

func (o GetSecretsSecretOutput) ToGetSecretsSecretOutput() GetSecretsSecretOutput

func (GetSecretsSecretOutput) ToGetSecretsSecretOutputWithContext added in v1.19.0 

func (o GetSecretsSecretOutput) ToGetSecretsSecretOutputWithContext(ctx context.Context) GetSecretsSecretOutput

type Grant 

type Grant struct {
	pulumi.CustomResourceState

	// A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).
	Constraints GrantConstraintArrayOutput `pulumi:"constraints"`
	// A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens.
	// * `retireOnDelete` -(Defaults to false, Forces new resources) If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants.
	// See [RetireGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) for more information.
	GrantCreationTokens pulumi.StringArrayOutput `pulumi:"grantCreationTokens"`
	// The unique identifier for the grant.
	GrantId pulumi.StringOutput `pulumi:"grantId"`
	// The grant token for the created grant. For more information, see [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token).
	GrantToken pulumi.StringOutput `pulumi:"grantToken"`
	// The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, the state may not always be refreshed to reflect what is true in AWS.
	GranteePrincipal pulumi.StringOutput `pulumi:"granteePrincipal"`
	// The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.
	KeyId pulumi.StringOutput `pulumi:"keyId"`
	// A friendly name for identifying the grant.
	Name pulumi.StringOutput `pulumi:"name"`
	// A list of operations that the grant permits. The permitted values are: `Decrypt, Encrypt, GenerateDataKey, GenerateDataKeyWithoutPlaintext, ReEncryptFrom, ReEncryptTo, CreateGrant, RetireGrant, DescribeKey`
	Operations     pulumi.StringArrayOutput `pulumi:"operations"`
	RetireOnDelete pulumi.BoolPtrOutput     `pulumi:"retireOnDelete"`
	// The principal that is given permission to retire the grant by using RetireGrant operation in ARN format. Note that due to eventual consistency issues around IAM principals, the state may not always be refreshed to reflect what is true in AWS.
	RetiringPrincipal pulumi.StringPtrOutput `pulumi:"retiringPrincipal"`
}

Provides a resource-based access control mechanism for a KMS customer master key.

> This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/kms_grant.html.markdown.

func GetGrant 

func GetGrant(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *GrantState, opts ...pulumi.ResourceOption) (*Grant, error)

GetGrant gets an existing Grant resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewGrant 

func NewGrant(ctx *pulumi.Context,
	name string, args *GrantArgs, opts ...pulumi.ResourceOption) (*Grant, error)

NewGrant registers a new resource with the given unique name, arguments, and options.

type GrantArgs 

type GrantArgs struct {
	// A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).
	Constraints GrantConstraintArrayInput
	// A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens.
	// * `retireOnDelete` -(Defaults to false, Forces new resources) If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants.
	// See [RetireGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) for more information.
	GrantCreationTokens pulumi.StringArrayInput
	// The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, the state may not always be refreshed to reflect what is true in AWS.
	GranteePrincipal pulumi.StringInput
	// The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.
	KeyId pulumi.StringInput
	// A friendly name for identifying the grant.
	Name pulumi.StringPtrInput
	// A list of operations that the grant permits. The permitted values are: `Decrypt, Encrypt, GenerateDataKey, GenerateDataKeyWithoutPlaintext, ReEncryptFrom, ReEncryptTo, CreateGrant, RetireGrant, DescribeKey`
	Operations     pulumi.StringArrayInput
	RetireOnDelete pulumi.BoolPtrInput
	// The principal that is given permission to retire the grant by using RetireGrant operation in ARN format. Note that due to eventual consistency issues around IAM principals, the state may not always be refreshed to reflect what is true in AWS.
	RetiringPrincipal pulumi.StringPtrInput
}

The set of arguments for constructing a Grant resource.

func (GrantArgs) ElementType added in v1.19.0 

func (GrantArgs) ElementType() reflect.Type

type GrantConstraint added in v1.19.0 

type GrantConstraint struct {
	EncryptionContextEquals map[string]string `pulumi:"encryptionContextEquals"`
	EncryptionContextSubset map[string]string `pulumi:"encryptionContextSubset"`
}

type GrantConstraintArgs added in v1.19.0 

type GrantConstraintArgs struct {
	EncryptionContextEquals pulumi.StringMapInput `pulumi:"encryptionContextEquals"`
	EncryptionContextSubset pulumi.StringMapInput `pulumi:"encryptionContextSubset"`
}

func (GrantConstraintArgs) ElementType added in v1.19.0 

func (GrantConstraintArgs) ElementType() reflect.Type

func (GrantConstraintArgs) ToGrantConstraintOutput added in v1.19.0 

func (i GrantConstraintArgs) ToGrantConstraintOutput() GrantConstraintOutput

func (GrantConstraintArgs) ToGrantConstraintOutputWithContext added in v1.19.0 

func (i GrantConstraintArgs) ToGrantConstraintOutputWithContext(ctx context.Context) GrantConstraintOutput

type GrantConstraintArray added in v1.19.0 

type GrantConstraintArray []GrantConstraintInput

func (GrantConstraintArray) ElementType added in v1.19.0 

func (GrantConstraintArray) ElementType() reflect.Type

func (GrantConstraintArray) ToGrantConstraintArrayOutput added in v1.19.0 

func (i GrantConstraintArray) ToGrantConstraintArrayOutput() GrantConstraintArrayOutput

func (GrantConstraintArray) ToGrantConstraintArrayOutputWithContext added in v1.19.0 

func (i GrantConstraintArray) ToGrantConstraintArrayOutputWithContext(ctx context.Context) GrantConstraintArrayOutput

type GrantConstraintArrayInput added in v1.19.0 

type GrantConstraintArrayInput interface {
	pulumi.Input

	ToGrantConstraintArrayOutput() GrantConstraintArrayOutput
	ToGrantConstraintArrayOutputWithContext(context.Context) GrantConstraintArrayOutput
}

type GrantConstraintArrayOutput added in v1.19.0 

type GrantConstraintArrayOutput struct{ *pulumi.OutputState }

func (GrantConstraintArrayOutput) ElementType added in v1.19.0 

func (GrantConstraintArrayOutput) ElementType() reflect.Type

func (GrantConstraintArrayOutput) Index added in v1.19.0 

func (o GrantConstraintArrayOutput) Index(i pulumi.IntInput) GrantConstraintOutput

func (GrantConstraintArrayOutput) ToGrantConstraintArrayOutput added in v1.19.0 

func (o GrantConstraintArrayOutput) ToGrantConstraintArrayOutput() GrantConstraintArrayOutput

func (GrantConstraintArrayOutput) ToGrantConstraintArrayOutputWithContext added in v1.19.0 

func (o GrantConstraintArrayOutput) ToGrantConstraintArrayOutputWithContext(ctx context.Context) GrantConstraintArrayOutput

type GrantConstraintInput added in v1.19.0 

type GrantConstraintInput interface {
	pulumi.Input

	ToGrantConstraintOutput() GrantConstraintOutput
	ToGrantConstraintOutputWithContext(context.Context) GrantConstraintOutput
}

type GrantConstraintOutput added in v1.19.0 

type GrantConstraintOutput struct{ *pulumi.OutputState }

func (GrantConstraintOutput) ElementType added in v1.19.0 

func (GrantConstraintOutput) ElementType() reflect.Type

func (GrantConstraintOutput) EncryptionContextEquals added in v1.19.0 

func (o GrantConstraintOutput) EncryptionContextEquals() pulumi.StringMapOutput

func (GrantConstraintOutput) EncryptionContextSubset added in v1.19.0 

func (o GrantConstraintOutput) EncryptionContextSubset() pulumi.StringMapOutput

func (GrantConstraintOutput) ToGrantConstraintOutput added in v1.19.0 

func (o GrantConstraintOutput) ToGrantConstraintOutput() GrantConstraintOutput

func (GrantConstraintOutput) ToGrantConstraintOutputWithContext added in v1.19.0 

func (o GrantConstraintOutput) ToGrantConstraintOutputWithContext(ctx context.Context) GrantConstraintOutput

type GrantState 

type GrantState struct {
	// A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).
	Constraints GrantConstraintArrayInput
	// A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens.
	// * `retireOnDelete` -(Defaults to false, Forces new resources) If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants.
	// See [RetireGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) for more information.
	GrantCreationTokens pulumi.StringArrayInput
	// The unique identifier for the grant.
	GrantId pulumi.StringPtrInput
	// The grant token for the created grant. For more information, see [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token).
	GrantToken pulumi.StringPtrInput
	// The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, the state may not always be refreshed to reflect what is true in AWS.
	GranteePrincipal pulumi.StringPtrInput
	// The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.
	KeyId pulumi.StringPtrInput
	// A friendly name for identifying the grant.
	Name pulumi.StringPtrInput
	// A list of operations that the grant permits. The permitted values are: `Decrypt, Encrypt, GenerateDataKey, GenerateDataKeyWithoutPlaintext, ReEncryptFrom, ReEncryptTo, CreateGrant, RetireGrant, DescribeKey`
	Operations     pulumi.StringArrayInput
	RetireOnDelete pulumi.BoolPtrInput
	// The principal that is given permission to retire the grant by using RetireGrant operation in ARN format. Note that due to eventual consistency issues around IAM principals, the state may not always be refreshed to reflect what is true in AWS.
	RetiringPrincipal pulumi.StringPtrInput
}

func (GrantState) ElementType added in v1.19.0 

func (GrantState) ElementType() reflect.Type

type Key 

type Key struct {
	pulumi.CustomResourceState

	// The Amazon Resource Name (ARN) of the key.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports.
	// Valid values: `SYMMETRIC_DEFAULT`,  `RSA_2048`, `RSA_3072`, `RSA_4096`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`. Defaults to `SYMMETRIC_DEFAULT`. For help with choosing a key spec, see the [AWS KMS Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html).
	CustomerMasterKeySpec pulumi.StringPtrOutput `pulumi:"customerMasterKeySpec"`
	// Duration in days after which the key is deleted
	// after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.
	DeletionWindowInDays pulumi.IntPtrOutput `pulumi:"deletionWindowInDays"`
	// The description of the key as viewed in AWS console.
	Description pulumi.StringOutput `pulumi:"description"`
	// Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html)
	// is enabled. Defaults to false.
	EnableKeyRotation pulumi.BoolPtrOutput `pulumi:"enableKeyRotation"`
	// Specifies whether the key is enabled. Defaults to true.
	IsEnabled pulumi.BoolPtrOutput `pulumi:"isEnabled"`
	// The globally unique identifier for the key.
	KeyId pulumi.StringOutput `pulumi:"keyId"`
	// Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT` or `SIGN_VERIFY`.
	// Defaults to `ENCRYPT_DECRYPT`.
	KeyUsage pulumi.StringPtrOutput `pulumi:"keyUsage"`
	Policy   pulumi.StringOutput    `pulumi:"policy"`
	// A mapping of tags to assign to the object.
	Tags pulumi.MapOutput `pulumi:"tags"`
}

Provides a KMS customer master key.

> This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/kms_key.html.markdown.

func GetKey 

func GetKey(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *KeyState, opts ...pulumi.ResourceOption) (*Key, error)

GetKey gets an existing Key resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKey 

func NewKey(ctx *pulumi.Context,
	name string, args *KeyArgs, opts ...pulumi.ResourceOption) (*Key, error)

NewKey registers a new resource with the given unique name, arguments, and options.

type KeyArgs 

type KeyArgs struct {
	// Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports.
	// Valid values: `SYMMETRIC_DEFAULT`,  `RSA_2048`, `RSA_3072`, `RSA_4096`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`. Defaults to `SYMMETRIC_DEFAULT`. For help with choosing a key spec, see the [AWS KMS Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html).
	CustomerMasterKeySpec pulumi.StringPtrInput
	// Duration in days after which the key is deleted
	// after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.
	DeletionWindowInDays pulumi.IntPtrInput
	// The description of the key as viewed in AWS console.
	Description pulumi.StringPtrInput
	// Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html)
	// is enabled. Defaults to false.
	EnableKeyRotation pulumi.BoolPtrInput
	// Specifies whether the key is enabled. Defaults to true.
	IsEnabled pulumi.BoolPtrInput
	// Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT` or `SIGN_VERIFY`.
	// Defaults to `ENCRYPT_DECRYPT`.
	KeyUsage pulumi.StringPtrInput
	Policy   pulumi.StringPtrInput
	// A mapping of tags to assign to the object.
	Tags pulumi.MapInput
}

The set of arguments for constructing a Key resource.

func (KeyArgs) ElementType added in v1.19.0 

func (KeyArgs) ElementType() reflect.Type

type KeyState 

type KeyState struct {
	// The Amazon Resource Name (ARN) of the key.
	Arn pulumi.StringPtrInput
	// Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports.
	// Valid values: `SYMMETRIC_DEFAULT`,  `RSA_2048`, `RSA_3072`, `RSA_4096`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`. Defaults to `SYMMETRIC_DEFAULT`. For help with choosing a key spec, see the [AWS KMS Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html).
	CustomerMasterKeySpec pulumi.StringPtrInput
	// Duration in days after which the key is deleted
	// after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.
	DeletionWindowInDays pulumi.IntPtrInput
	// The description of the key as viewed in AWS console.
	Description pulumi.StringPtrInput
	// Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html)
	// is enabled. Defaults to false.
	EnableKeyRotation pulumi.BoolPtrInput
	// Specifies whether the key is enabled. Defaults to true.
	IsEnabled pulumi.BoolPtrInput
	// The globally unique identifier for the key.
	KeyId pulumi.StringPtrInput
	// Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT` or `SIGN_VERIFY`.
	// Defaults to `ENCRYPT_DECRYPT`.
	KeyUsage pulumi.StringPtrInput
	Policy   pulumi.StringPtrInput
	// A mapping of tags to assign to the object.
	Tags pulumi.MapInput
}

func (KeyState) ElementType added in v1.19.0 

func (KeyState) ElementType() reflect.Type

type LookupAliasArgs added in v1.19.0 

type LookupAliasArgs struct {
	// The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/)
	Name string `pulumi:"name"`
}

A collection of arguments for invoking getAlias.

type LookupAliasResult added in v1.19.0 

type LookupAliasResult struct {
	// The Amazon Resource Name(ARN) of the key alias.
	Arn string `pulumi:"arn"`
	// id is the provider-assigned unique ID for this managed resource.
	Id   string `pulumi:"id"`
	Name string `pulumi:"name"`
	// ARN pointed to by the alias.
	TargetKeyArn string `pulumi:"targetKeyArn"`
	// Key identifier pointed to by the alias.
	TargetKeyId string `pulumi:"targetKeyId"`
}

A collection of values returned by getAlias.

func LookupAlias 

func LookupAlias(ctx *pulumi.Context, args *LookupAliasArgs, opts ...pulumi.InvokeOption) (*LookupAliasResult, error)

Use this data source to get the ARN of a KMS key alias. By using this data source, you can reference key alias without having to hard code the ARN as input.

> This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/d/kms_alias.html.markdown.

type LookupKeyArgs added in v1.19.0 

type LookupKeyArgs struct {
	// List of grant tokens
	GrantTokens []string `pulumi:"grantTokens"`
	// Key identifier which can be one of the following format:
	// * Key ID. E.g: `1234abcd-12ab-34cd-56ef-1234567890ab`
	// * Key ARN. E.g.: `arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
	// * Alias name. E.g.: `alias/my-key`
	// * Alias ARN: E.g.: `arn:aws:kms:us-east-1:111122223333:alias/my-key`
	KeyId string `pulumi:"keyId"`
}

A collection of arguments for invoking getKey.

type LookupKeyResult added in v1.19.0 

type LookupKeyResult struct {
	Arn                   string   `pulumi:"arn"`
	AwsAccountId          string   `pulumi:"awsAccountId"`
	CreationDate          string   `pulumi:"creationDate"`
	CustomerMasterKeySpec string   `pulumi:"customerMasterKeySpec"`
	DeletionDate          string   `pulumi:"deletionDate"`
	Description           string   `pulumi:"description"`
	Enabled               bool     `pulumi:"enabled"`
	ExpirationModel       string   `pulumi:"expirationModel"`
	GrantTokens           []string `pulumi:"grantTokens"`
	// id is the provider-assigned unique ID for this managed resource.
	Id         string `pulumi:"id"`
	KeyId      string `pulumi:"keyId"`
	KeyManager string `pulumi:"keyManager"`
	KeyState   string `pulumi:"keyState"`
	KeyUsage   string `pulumi:"keyUsage"`
	Origin     string `pulumi:"origin"`
	ValidTo    string `pulumi:"validTo"`
}

A collection of values returned by getKey.

func LookupKey 

func LookupKey(ctx *pulumi.Context, args *LookupKeyArgs, opts ...pulumi.InvokeOption) (*LookupKeyResult, error)

Use this data source to get detailed information about the specified KMS Key with flexible key id input. This can be useful to reference key alias without having to hard code the ARN as input.

> This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/d/kms_key.html.markdown.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.