confluent_schema_registry_dek
describes a Schema Registry Data Encryption Key (DEK) data source.
provider "confluent" {
cloud_api_key = var.confluent_cloud_api_key # optionally use CONFLUENT_CLOUD_API_KEY env var
cloud_api_secret = var.confluent_cloud_api_secret # optionally use CONFLUENT_CLOUD_API_SECRET env var
}
data "confluent_schema_registry_dek" "my_key" {
schema_registry_cluster {
id = confluent_schema_registry_cluster.essentials.id
}
rest_endpoint = confluent_schema_registry_cluster.essentials.rest_endpoint
credentials {
key = "<Schema Registry API Key for confluent_schema_registry_cluster.essentials>"
secret = "<Schema Registry API Secret for confluent_schema_registry_cluster.essentials>"
}
kek_name = "my_kek"
subject_name = "my_subject"
}
provider "confluent" {
schema_registry_id = var.schema_registry_id # optionally use SCHEMA_REGISTRY_ID env var
schema_registry_rest_endpoint = var.schema_registry_rest_endpoint # optionally use SCHEMA_REGISTRY_REST_ENDPOINT env var
schema_registry_api_key = var.schema_registry_api_key # optionally use SCHEMA_REGISTRY_API_KEY env var
schema_registry_api_secret = var.schema_registry_api_secret # optionally use SCHEMA_REGISTRY_API_SECRET env var
}
data "confluent_schema_registry_dek" "my_key" {
kek_name = "my_kek"
subject_name = "my_subject"
}
The following arguments are supported:
schema_registry_cluster
- (Optional Configuration Block) supports the following:
id
- (Required String) The ID of the Schema Registry cluster, for example, lsrc-abc123
.rest_endpoint
- (Optional String) The REST endpoint of the Schema Registry cluster, for example, https://psrc-00000.us-central1.gcp.confluent.cloud:443
).credentials
(Optional Configuration Block) supports the following:
key
- (Required String) The Schema Registry API Key.secret
- (Required String, Sensitive) The Schema Registry API Secret.kek_name
- (Required String) The name of the KEK used to encrypt this DEK.subject_name
- (Required String) The subject for this DEK.version
- (Optional Integer) The version of this DEK. Defaults to 1
.algorithm
- (Optional String) Accepted values are: AES128_GCM
, AES256_GCM
, and AES256_SIV
. Defaults to AES256_GCM
.In addition to the preceding arguments, the following attributes are exported:
id
- (Required String) The ID of the Schema Registry Dek, in the format <Schema Registry Cluster Id>/<Schema Registry Kek Name>/<Subject>/<Version>/<Algorithm>
, for example, lsrc-8wrx70/testkek/ts/1/AES256_GCM
.encrypted_key_material
- (Optional String) The encrypted key material for the DEK.key_material
- (Optional String) The decrypted version of encrypted key material.hard_delete
- (Optional Boolean) An optional flag to control whether a dek should be soft or hard deleted.