google_kms_crypto_key

A CryptoKey represents a logical key that can be used for cryptographic operations.

To get more information about CryptoKey, see:

Example Usage - Kms Crypto Key Basic

resource "google_kms_key_ring" "keyring" {
  name     = "keyring-example"
  location = "global"
}

resource "google_kms_crypto_key" "example-key" {
  name            = "crypto-key-example"
  key_ring        = google_kms_key_ring.keyring.id
  rotation_period = "7776000s"

  lifecycle {
    prevent_destroy = true
  }
}

Example Usage - Kms Crypto Key Asymmetric Sign

resource "google_kms_key_ring" "keyring" {
  name     = "keyring-example"
  location = "global"
}

resource "google_kms_crypto_key" "example-asymmetric-sign-key" {
  name     = "crypto-key-example"
  key_ring = google_kms_key_ring.keyring.id
  purpose  = "ASYMMETRIC_SIGN"

  version_template {
    algorithm = "EC_SIGN_P384_SHA384"
  }

  lifecycle {
    prevent_destroy = true
  }
}

Argument Reference

The following arguments are supported:


The version_template block supports:

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

The primary block contains:

Timeouts

This resource provides the following Timeouts configuration options:

Import

CryptoKey can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import CryptoKey using one of the formats above. For example:

import {
  id = "{{key_ring}}/cryptoKeys/{{name}}"
  to = google_kms_crypto_key.default
}

When using the terraform import command, CryptoKey can be imported using one of the formats above. For example:

$ terraform import google_kms_crypto_key.default {{key_ring}}/cryptoKeys/{{name}}
$ terraform import google_kms_crypto_key.default {{key_ring}}/{{name}}

User Project Overrides

This resource supports User Project Overrides.