google_netapp_kmsconfig

NetApp Volumes always encrypts your data at rest using volume-specific keys.

A CMEK policy (customer-managed encryption key) warps such volume-specific keys in a key stored in Cloud Key Management Service (KMS).

To get more information about kmsconfig, see:

Open in Cloud Shell

Example Usage - Kms Config Create

resource "google_kms_key_ring" "keyring" {
  name     = "key-ring"
  location = "us-central1"
}

resource "google_kms_crypto_key" "crypto_key" {
  name            = "crypto-name"
  key_ring        = google_kms_key_ring.keyring.id
  # rotation_period = "7776000s"
}

resource "google_netapp_kmsconfig" "kmsConfig" {
  name = "kms-test"
  description="this is a test description"
  crypto_key_name=google_kms_crypto_key.crypto_key.id
  location="us-central1"
}

Argument Reference

The following arguments are supported:


Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

kmsconfig can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import kmsconfig using one of the formats above. For example:

import {
  id = "projects/{{project}}/locations/{{location}}/kmsConfigs/{{name}}"
  to = google_netapp_kmsconfig.default
}

When using the terraform import command, kmsconfig can be imported using one of the formats above. For example:

$ terraform import google_netapp_kmsconfig.default projects/{{project}}/locations/{{location}}/kmsConfigs/{{name}}
$ terraform import google_netapp_kmsconfig.default {{project}}/{{location}}/{{name}}
$ terraform import google_netapp_kmsconfig.default {{location}}/{{name}}

User Project Overrides

This resource supports User Project Overrides.