KMS key module

This module supports creating a standard or root key in an existing key ring and KMS instance. KMS can be Key Protect or Hyper Protect Crypto Services (HPCS) Standard plan instance. You can specify rotation and deletion policies for the keys.

Overview

terraform-ibm-kms-key

Usage

provider "ibm" {
  ibmcloud_api_key = "XXXXXXXXXX"
  # Must be the same region the KMS instance is in
  region           = "us-south"
}

# KMS root key
module "kms_root_key" {
  source          = "terraform-ibm-modules/kms-key/ibm"
  version         = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
  kms_instance_id = "XXxxXXxx-xxxx-XXXX-xxxx-XXxxXXxx"
  key_name        = "my-root-key"
}

# KMS standard key
module "kms_standard_key" {
  source          = "terraform-ibm-modules/kms-key/ibm"
  version         = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release
  kms_instance_id = "XXxxXXxx-xxxx-XXXX-xxxx-XXxxXXxx"
  key_name        = "my-standard-key"
  standard_key    = true
}

Required IAM access policies

You need the following permissions to run this module.

Account Management
- Resource Group service
  - Viewer platform access
IAM Services
- KMS service
  - Viewer platform access
  - Manager service access

Requirements

Name	Version
terraform	>= 1.0.0
ibm	>= 1.49.0, < 2.0.0

Modules

No modules.

Resources

Name	Type
ibm_kms_key.key	resource
ibm_kms_key_policies.root_key_policy	resource
ibm_kms_key_policies.standard_key_policy	resource

Inputs

Name	Description	Type	Default	Required
dual_auth_delete_enabled	If set to true, KMS enables a dual authorization policy on a single key. Note: Once the dual authorization policy is set on the key, it cannot be reverted. A key with dual authorization policy enabled cannot be destroyed by using Terraform.	`bool`	`false`	no
endpoint_type	Endpoint to use when creating the Key	`string`	`"public"`	no
force_delete	Set as true to enable forcing deletion even if key is in use	`bool`	`false`	no
key_name	Name to give the key	`string`	n/a	yes
kms_instance_id	ID or GUID of KMS Instance	`string`	n/a	yes
kms_key_ring_id	The ID of the key ring where you want to add your KMS key	`string`	`"default"`	no
rotation_interval_month	The key rotation time interval in months. Rotation policy cannot be set for standard key, so value is ignored if var.standard_key is true	`number`	`1`	no
standard_key	Set as true for Standard Key, false for Root Key	`bool`	`false`	no

Outputs

Name	Description
crn	Key CRN
dual_auth_delete	Is Dual Auth Delete Enabled
key_id	Key ID
rotation_interval_month	Month Interval for Rotation

Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.

To set up your local development environment, see Local development setup in the project documentation.

terraform-ibm-modules / terraform-ibm-kms-key Goto Github PK

terraform-ibm-kms-key's Introduction

KMS key module

Overview

terraform-ibm-kms-key

Usage

Required IAM access policies

Requirements

Modules

Resources

Inputs

Outputs

Contributing

terraform-ibm-kms-key's People

Contributors

Watchers

Forkers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent