Skip to main content
A symmetric KMS key.

Schema

Required

  • algorithm (String) : Encryption algorithm that should be used when using the key to encrypt plaintext. Must be specified only during create operations. Cannot be updated.

    Supported values

    Supported symmetric encryption algorithms. Possible values:
    • SYMMETRIC_ALGORITHM_UNSPECIFIED
    • AES_128: Deprecated. It is impossible to create new keys with this algorithm. AES algorithm with 128-bit keys.
    • AES_256 - AES algorithm with 256-bit keys.
  • parent_id (String) Identifier of the parent resource to which the resource belongs.

Optional

  • description (String) Description of the key.
  • labels (Map of String) : Labels associated with the resource.
  • metadata (Attributes) :

    Inner value description

    Common resource metadata. (see below for nested schema)
  • name (String) Human readable name for the resource.
  • rotation_period (String) : Key rotation period. Duration as a string: possibly signed sequence of decimal numbers, each with optional fraction and a unit suffix, such as 300ms, -1.5h or 2h45m. Valid time units are ns, us (or µs), ms, s, m, h, d.

Read-Only

  • created_at (String) : Timestamp indicating when the resource was created. A string representing a timestamp in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ or YYYY-MM-DDTHH:MM:SS.SSS±HH:MM
  • id (String) Identifier for the resource, unique for its resource type.
  • resource_version (Number) : Version of the resource for safe concurrent modifications and consistent reads. Positive and monotonically increases on each resource spec change (but not on each change of the resource’s container(s) or status). Service allows zero value or current.
  • status (Attributes) The current status of the symmetric key. (see below for nested schema)
  • updated_at (String) : Timestamp indicating when the resource was last updated. A string representing a timestamp in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ or YYYY-MM-DDTHH:MM:SS.SSS±HH:MM

Nested Schema for metadata

Nested Schema for status

Read-Only:
  • deleted_at (String) : Time when the key was scheduled for deletion. A string representing a timestamp in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ or YYYY-MM-DDTHH:MM:SS.SSS±HH:MM
  • purge_at (String) : Time when the key will be permanently deleted. A string representing a timestamp in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ or YYYY-MM-DDTHH:MM:SS.SSS±HH:MM
  • state (String) : State (ACTIVE, SCHEDULED_FOR_DELETION).

    Supported values

    Key state Possible values:
    • KEY_STATE_UNSPECIFIED
    • ACTIVE - Key is active, ready for use
    • SCHEDULED_FOR_DELETION - Key is scheduled for deletion.