Docs Home
ibm 1.77.1 published on Monday, Apr 14, 2025 by ibm-cloud
ibm.getKpKey
Explore with Pulumi AI
Import the details of existing keyprotect keys as a read-only data source. You can then reference the fields of the data source in other resources within the same configuration using interpolation syntax. Retreives a list of keys from the key protect instance. Configuration of an key protect key data source requires that the region parameter is set for the IBM provider in the provider.tf to be the same as the target key protect instance location or region. If not specified, it defaults to us-south. A pulumi up will fail if the key protect instance location is set differently. For more information, about key protect keys, see Key Protect CLI Command Reference.
Example Usage
The following example creates a read-only copy of the mydatabase instance in us-east.
import * as pulumi from "@pulumi/pulumi";
import * as ibm from "@pulumi/ibm";
const test = ibm.getKpKey({
keyProtectId: "id-of-keyprotect-instance",
});
const smart_us_south = new ibm.CosBucket("smart-us-south", {
bucketName: "atest-bucket",
resourceInstanceId: "cos-instance-id",
regionLocation: "us-south",
storageClass: "smart",
kmsKeyCrn: test.then(test => test.keys?.[0]?.crn),
});
import pulumi
import pulumi_ibm as ibm
test = ibm.get_kp_key(key_protect_id="id-of-keyprotect-instance")
smart_us_south = ibm.CosBucket("smart-us-south",
bucket_name="atest-bucket",
resource_instance_id="cos-instance-id",
region_location="us-south",
storage_class="smart",
kms_key_crn=test.keys[0].crn)
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/ibm/ibm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
test, err := ibm.LookupKpKey(ctx, &ibm.LookupKpKeyArgs{
KeyProtectId: "id-of-keyprotect-instance",
}, nil)
if err != nil {
return err
}
_, err = ibm.NewCosBucket(ctx, "smart-us-south", &ibm.CosBucketArgs{
BucketName: pulumi.String("atest-bucket"),
ResourceInstanceId: pulumi.String("cos-instance-id"),
RegionLocation: pulumi.String("us-south"),
StorageClass: pulumi.String("smart"),
KmsKeyCrn: pulumi.String(test.Keys[0].Crn),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Ibm = Pulumi.Ibm;
return await Deployment.RunAsync(() =>
{
var test = Ibm.GetKpKey.Invoke(new()
{
KeyProtectId = "id-of-keyprotect-instance",
});
var smart_us_south = new Ibm.CosBucket("smart-us-south", new()
{
BucketName = "atest-bucket",
ResourceInstanceId = "cos-instance-id",
RegionLocation = "us-south",
StorageClass = "smart",
KmsKeyCrn = test.Apply(getKpKeyResult => getKpKeyResult.Keys[0]?.Crn),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.ibm.IbmFunctions;
import com.pulumi.ibm.inputs.GetKpKeyArgs;
import com.pulumi.ibm.CosBucket;
import com.pulumi.ibm.CosBucketArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var test = IbmFunctions.getKpKey(GetKpKeyArgs.builder()
.keyProtectId("id-of-keyprotect-instance")
.build());
var smart_us_south = new CosBucket("smart-us-south", CosBucketArgs.builder()
.bucketName("atest-bucket")
.resourceInstanceId("cos-instance-id")
.regionLocation("us-south")
.storageClass("smart")
.kmsKeyCrn(test.applyValue(getKpKeyResult -> getKpKeyResult.keys()[0].crn()))
.build());
}
}
resources:
smart-us-south:
type: ibm:CosBucket
properties:
bucketName: atest-bucket
resourceInstanceId: cos-instance-id
regionLocation: us-south
storageClass: smart
kmsKeyCrn: ${test.keys[0].crn}
variables:
test:
fn::invoke:
function: ibm:getKpKey
arguments:
keyProtectId: id-of-keyprotect-instance
Note:
key_protect attribute has been renamed as kms_key_crn , hence it is recommended to all the new users to use kms_key_crn.Although the support for older attribute name key_protect will be continued for existing customers.
Using getKpKey
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getKpKey(args: GetKpKeyArgs, opts?: InvokeOptions): Promise<GetKpKeyResult>
function getKpKeyOutput(args: GetKpKeyOutputArgs, opts?: InvokeOptions): Output<GetKpKeyResult>def get_kp_key(id: Optional[str] = None,
key_name: Optional[str] = None,
key_protect_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetKpKeyResult
def get_kp_key_output(id: Optional[pulumi.Input[str]] = None,
key_name: Optional[pulumi.Input[str]] = None,
key_protect_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetKpKeyResult]func LookupKpKey(ctx *Context, args *LookupKpKeyArgs, opts ...InvokeOption) (*LookupKpKeyResult, error)
func LookupKpKeyOutput(ctx *Context, args *LookupKpKeyOutputArgs, opts ...InvokeOption) LookupKpKeyResultOutput> Note: This function is named LookupKpKey in the Go SDK.
public static class GetKpKey
{
public static Task<GetKpKeyResult> InvokeAsync(GetKpKeyArgs args, InvokeOptions? opts = null)
public static Output<GetKpKeyResult> Invoke(GetKpKeyInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetKpKeyResult> getKpKey(GetKpKeyArgs args, InvokeOptions options)
public static Output<GetKpKeyResult> getKpKey(GetKpKeyArgs args, InvokeOptions options)
fn::invoke:
function: ibm:index/getKpKey:getKpKey
arguments:
# arguments dictionaryThe following arguments are supported:
- Key
Protect stringId - The ID of the Key Protect service instance.
- Id string
- (String) The unique identifier of the key.
- Key
Name string - Optional- The name of the key. Only the keys with matching name will be retrieved.
- Key
Protect stringId - The ID of the Key Protect service instance.
- Id string
- (String) The unique identifier of the key.
- Key
Name string - Optional- The name of the key. Only the keys with matching name will be retrieved.
- key
Protect StringId - The ID of the Key Protect service instance.
- id String
- (String) The unique identifier of the key.
- key
Name String - Optional- The name of the key. Only the keys with matching name will be retrieved.
- key
Protect stringId - The ID of the Key Protect service instance.
- id string
- (String) The unique identifier of the key.
- key
Name string - Optional- The name of the key. Only the keys with matching name will be retrieved.
- key_
protect_ strid - The ID of the Key Protect service instance.
- id str
- (String) The unique identifier of the key.
- key_
name str - Optional- The name of the key. Only the keys with matching name will be retrieved.
- key
Protect StringId - The ID of the Key Protect service instance.
- id String
- (String) The unique identifier of the key.
- key
Name String - Optional- The name of the key. Only the keys with matching name will be retrieved.
getKpKey Result
The following output properties are available:
- Id string
- (String) The unique identifier of the key.
- Key
Protect stringId - Keys
List<Get
Kp Key Key> - (List of objects) - A list of all keys in your Key Protect service instance.
- Key
Name string
- Id string
- (String) The unique identifier of the key.
- Key
Protect stringId - Keys
[]Get
Kp Key Key - (List of objects) - A list of all keys in your Key Protect service instance.
- Key
Name string
- id String
- (String) The unique identifier of the key.
- key
Protect StringId - keys
List<Get
Kp Key Key> - (List of objects) - A list of all keys in your Key Protect service instance.
- key
Name String
- id string
- (String) The unique identifier of the key.
- key
Protect stringId - keys
Get
Kp Key Key[] - (List of objects) - A list of all keys in your Key Protect service instance.
- key
Name string
- id str
- (String) The unique identifier of the key.
- key_
protect_ strid - keys
Sequence[Get
Kp Key Key] - (List of objects) - A list of all keys in your Key Protect service instance.
- key_
name str
- id String
- (String) The unique identifier of the key.
- key
Protect StringId - keys List<Property Map>
- (List of objects) - A list of all keys in your Key Protect service instance.
- key
Name String
Supporting Types
GetKpKeyKey
- Crn string
- (String) The CRN of the key.
- Id string
- (String) The unique identifier of the key.
- Name string
- (String) The name of the key.
- Standard
Key bool - (Bool) Set the flag true for standard key, and false for root key. Default value is false.
- Crn string
- (String) The CRN of the key.
- Id string
- (String) The unique identifier of the key.
- Name string
- (String) The name of the key.
- Standard
Key bool - (Bool) Set the flag true for standard key, and false for root key. Default value is false.
- crn String
- (String) The CRN of the key.
- id String
- (String) The unique identifier of the key.
- name String
- (String) The name of the key.
- standard
Key Boolean - (Bool) Set the flag true for standard key, and false for root key. Default value is false.
- crn string
- (String) The CRN of the key.
- id string
- (String) The unique identifier of the key.
- name string
- (String) The name of the key.
- standard
Key boolean - (Bool) Set the flag true for standard key, and false for root key. Default value is false.
- crn str
- (String) The CRN of the key.
- id str
- (String) The unique identifier of the key.
- name str
- (String) The name of the key.
- standard_
key bool - (Bool) Set the flag true for standard key, and false for root key. Default value is false.
- crn String
- (String) The CRN of the key.
- id String
- (String) The unique identifier of the key.
- name String
- (String) The name of the key.
- standard
Key Boolean - (Bool) Set the flag true for standard key, and false for root key. Default value is false.
Package Details
- Repository
- ibm ibm-cloud/terraform-provider-ibm
- License
- Notes
- This Pulumi package is based on the
ibmTerraform Provider.