oci_kms_key

This resource provides the Key resource in Oracle Cloud Infrastructure Kms service.

Creates a new master encryption key.

As a management operation, this call is subject to a Key Management limit that applies to the total number of requests across all management write operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of management write operations exceeds 10 requests per second for a given tenancy.

Example Usage

resource "oci_kms_key" "test_key" {
	#Required
	compartment_id = var.compartment_id
	display_name = var.key_display_name
	key_shape {
		#Required
		algorithm = var.key_key_shape_algorithm
		length = var.key_key_shape_length

		#Optional
		curve_id = oci_kms_curve.test_curve.id
	}
	management_endpoint = var.key_management_endpoint

	#Optional
	auto_key_rotation_details {

		#Optional
		last_rotation_message = var.key_auto_key_rotation_details_last_rotation_message
		last_rotation_status = var.key_auto_key_rotation_details_last_rotation_status
		rotation_interval_in_days = var.key_auto_key_rotation_details_rotation_interval_in_days
		time_of_last_rotation = var.key_auto_key_rotation_details_time_of_last_rotation
		time_of_next_rotation = var.key_auto_key_rotation_details_time_of_next_rotation
		time_of_schedule_start = var.key_auto_key_rotation_details_time_of_schedule_start
	}
	defined_tags = {"Operations.CostCenter"= "42"}
	external_key_reference {
		#Required
		external_key_id = oci_kms_key.test_key.id
	}
	freeform_tags = {"Department"= "Finance"}
	is_auto_rotation_enabled = var.key_is_auto_rotation_enabled
	protection_mode = var.key_protection_mode
}

Argument Reference

The following arguments are supported:

** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values

Attributes Reference

The following attributes are exported:

Timeouts

The timeouts block allows you to specify timeouts for certain operations: * create - (Defaults to 20 minutes), when creating the Key * update - (Defaults to 20 minutes), when updating the Key * delete - (Defaults to 20 minutes), when destroying the Key

Import

Keys can be imported using the id, e.g.

$ terraform import oci_kms_key.test_key "managementEndpoint/{managementEndpoint}/keys/{keyId}"