Provides a KMS Client Key resource. Client key (of Application Access Point).
For information about KMS Client Key and how to use it, see What is Client Key.
Basic Usage
variable "name" {
default = "terraform-example"
}
resource "alicloud_kms_application_access_point" "AAP0" {
policies = ["aa"]
description = "aa"
application_access_point_name = var.name
}
resource "alicloud_kms_client_key" "default" {
aap_name = alicloud_kms_application_access_point.AAP0.application_access_point_name
password = "YouPassword123!"
not_before = "2023-09-01T14:11:22Z"
not_after = "2028-09-01T14:11:22Z"
private_key_data_file = "./private_key_data_file.txt"
}
The following arguments are supported:
aap_name
- (Required, ForceNew) ClientKey's parent Application Access Point name.not_after
- (Optional, ForceNew) The ClientKey expiration time. Example: "2027-08-10 T08:03:30Z".not_before
- (Optional, ForceNew) The valid start time of the ClientKey. Example: "2022-08-10 T08:03:30Z".password
- (Required, ForceNew) To enhance security, set a password for the downloaded Client Key,When an application accesses KMS, you must use the ClientKey content and this password to initialize the SDK client.private_key_data_file
- (Optional, ForceNew) The name of file that can save access key id and access key secret. Strongly suggest you to specified it when you creating access key, otherwise, you wouldn't get its secret ever.The following attributes are exported:
id
- The ID of the resource supplied above.create_time
- Create timestamp, e.g. "2022-08-10T08:03:30Z".The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 5 mins) Used when create the Client Key.delete
- (Defaults to 5 mins) Used when delete the Client Key.KMS Client Key can be imported using the id, e.g.
$ terraform import alicloud_kms_client_key.example <id>
Resource attributes such as password
, private_key_data_file
are not available for imported resources as this information cannot be read from the KMS API.