google_dns_keys

Get the DNSKEY and DS records of DNSSEC-signed managed zones.

For more information see the official documentation and API.

Example Usage

resource "google_dns_managed_zone" "foo" {
  name     = "foobar"
  dns_name = "foo.bar."

  dnssec_config {
    state         = "on"
    non_existence = "nsec3"
  }
}

data "google_dns_keys" "foo_dns_keys" {
  managed_zone = google_dns_managed_zone.foo.id
}

output "foo_dns_ds_record" {
  description = "DS record of the foo subdomain."
  value       = data.google_dns_keys.foo_dns_keys.key_signing_keys[0].ds_record
}

Argument Reference

The following arguments are supported:

Attributes Reference

The following attributes are exported:


The key_signing_keys and zone_signing_keys block supports: