confluent_byok_key
describes a BYOK Key data source.
provider "confluent" {
cloud_api_key = var.confluent_cloud_api_key # optionally use CONFLUENT_CLOUD_API_KEY env var
cloud_api_secret = var.confluent_cloud_api_secret # optionally use CONFLUENT_CLOUD_API_SECRET env var
}
data "confluent_byok_key" "azure_key"{
id = "cck-abcde"
}
output "byok" {
value = data.confluent_byok_key.azure_key
}
The following arguments are supported:
id
- (Required String) The ID of the BYOK key, for example, cck-abcde
.In addition to the preceding arguments, the following attributes are exported:
id
- (Required String) The ID of the BYOK key, for example, cck-abcde
.aws
(Optional Configuration Block) supports the following:
key_arn
- (Required String) The Amazon Resource Name (ARN) of an AWS KMS key.roles
- (Optional List of Strings) The Amazon Resource Names (ARNs) of IAM Roles created for this key-environment combination.azure
(Optional Configuration Block) supports the following:
key_identifier
- (Required String) The unique Key Object Identifier URL of an Azure Key Vault key.key_vault_id
- (Required String) Key Vault ID containing the key.tenant_id
- (Required String) Tenant ID (uuid) hosting the Key Vault containing the key.application_id
- (Optional String) The Application ID created for this key-environment combination.gcp
(Optional Configuration Block) supports the following:
key_id
- (Required String) The Google Cloud Platform key ID.security_group
- (Optional String) The Google security group created for this key.