Module to create CMK with either AWS generated key material or imported key material (BYOK).
For usage instructions see examples/simple.
No modules.
| Name |
Description |
Type |
Default |
Required |
| alias |
The display name of the alias. Leave an empty string to avoid creating an alias |
string |
"" |
no |
| customer_master_key_spec |
Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports |
string |
null |
no |
| deletion_window_in_days |
Duration in days after which the key is deleted after destruction of the resource |
number |
30 |
no |
| description |
Description of the Key |
string |
null |
no |
| enable_key_rotation |
Specifies whether key rotation is enabled |
bool |
null |
no |
| enabled |
Specifies whether the key is enabled |
bool |
true |
no |
| key_material_base64 |
WARNING: if specified, it will be stored in plaintext in the raw state. Base64 encoded 256-bit symmetric encryption key material to impor |
string |
null |
no |
| key_usage |
Specifies the intended use of the key |
string |
null |
no |
| policy |
A valid policy JSON document |
string |
null |
no |
| tags |
A map of tags to add to the key |
map(string) |
{} |
no |
| use_aws_key_material |
Whether to use AWS generated key material or BYOK (eg. using CloudHSM or a physical HSM) |
bool |
true |
no |
| valid_to |
Time at which the imported key material expires. If not specified, key material does not expire. Valid values: RFC3339 time string (YYYY-MM-DDTHH:MM:SSZ) |
string |
null |
no |