google_kms_key_ring_import_job

A KeyRingImportJob can be used to create CryptoKeys and CryptoKeyVersions using pre-existing key material, generated outside of Cloud KMS. A KeyRingImportJob expires 3 days after it is created. Once expired, Cloud KMS will no longer be able to import or unwrap any key material that was wrapped with the KeyRingImportJob's public key.

To get more information about KeyRingImportJob, see:

Example Usage - Kms Key Ring Import Job

resource "google_kms_key_ring" "keyring" {
  name     = "keyring-example"
  location = "global"
}

resource "google_kms_crypto_key" "example-key" {
  name            = "cryptokey-example""
  key_ring        = google_kms_key_ring.keyring.id
  skip_initial_version_creation = true
}

resource "google_kms_key_ring_import_job" "import-job" {
  key_ring = google_kms_key_ring.keyring.id
  import_job_id = "my-import-job"

  import_method = "RSA_OAEP_3072_SHA1_AES_256"
  protection_level = "SOFTWARE"
}

Argument Reference

The following arguments are supported:


Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

The public_key block contains:

The attestation block contains:

Timeouts

This resource provides the following Timeouts configuration options:

Import

KeyRingImportJob can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import KeyRingImportJob using one of the formats above. For example:

import {
  id = "{{name}}"
  to = google_kms_key_ring_import_job.default
}

When using the terraform import command, KeyRingImportJob can be imported using one of the formats above. For example:

$ terraform import google_kms_key_ring_import_job.default {{name}}