Name | Description | Type | Default | Required |
---|---|---|---|---|
environment | Environment name | string |
"dev" |
no |
google_kms_crypto_key_iam_binding_enabled | (Optional) Whether or not to create IAM bindings for the Google Cloud KMS crypto key within the module. Set to true to include IAM bindings, false to exclude them. | bool |
true |
no |
key_algorithm | The algorithm to use when creating a version based on this template. See the https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm for possible inputs. | string |
"GOOGLE_SYMMETRIC_ENCRYPTION" |
no |
key_protection_level | The protection level to use when creating a version based on this template. Default value: "SOFTWARE" Possible values: ["SOFTWARE", "HSM"] | string |
"SOFTWARE" |
no |
key_rotation_period | specifies the duration, expressed in seconds, for the automatic rotation of cryptographic keys | string |
null |
no |
keyring | Keyring name. | string |
n/a | yes |
keys | Key names. | list(string) |
[ |
no |
label_order | Label order, e.g. name ,application . |
list(any) |
[ |
no |
location | Location for the keyring. | string |
"" |
no |
module_enabled | (Optional) Whether or not to create resources within the module. | bool |
true |
no |
prevent_destroy | Set the prevent_destroy lifecycle attribute on keys. | bool |
true |
no |
project_id | (Optional) The ID of the project in which the resource belongs. If it is not set, the provider project is used. | string |
null |
no |
purpose | The immutable purpose of the CryptoKey. Possible values are ENCRYPT_DECRYPT, ASYMMETRIC_SIGN, and ASYMMETRIC_DECRYPT. | string |
"ENCRYPT_DECRYPT" |
no |
role | this role use for permissions | string |
"roles/cloudkms.cryptoKeyEncrypterDecrypter" |
no |
service_accounts | List of comma-separated owners for each key declared in set_owners_for. | list(string) |
[] |
no |
Name | Description |
---|---|
key | n/a |
keyring | Self link of the keyring. |
keyring_name | Name of the keyring. |
keyring_resource | Keyring resource. |