google_kms_crypto_key_version

A CryptoKeyVersion represents an individual cryptographic key, and the associated key material.

Destroying a cryptoKeyVersion will not delete the resource from the project.

To get more information about CryptoKeyVersion, see:

Example Usage - Kms Crypto Key Version Basic

resource "google_kms_key_ring" "keyring" {
  name     = "keyring-example"
  location = "global"
}

resource "google_kms_crypto_key" "cryptokey" {
  name            = "crypto-key-example"
  key_ring        = google_kms_key_ring.keyring.id
  rotation_period = "7776000s"
}

resource "google_kms_crypto_key_version" "example-key" {
  crypto_key = google_kms_crypto_key.cryptokey.id
}

Argument Reference

The following arguments are supported:


The external_protection_level_options block supports:

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

The attestation block contains:

The cert_chains block supports:

The external_protection_level_options block supports:

Timeouts

This resource provides the following Timeouts configuration options:

Import

CryptoKeyVersion can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import CryptoKeyVersion using one of the formats above. For example:

import {
  id = "{{name}}"
  to = google_kms_crypto_key_version.default
}

When using the terraform import command, CryptoKeyVersion can be imported using one of the formats above. For example:

$ terraform import google_kms_crypto_key_version.default {{name}}