stackit v0.0.4 published on Friday, Feb 20, 2026 by stackitcloud
stackit v0.0.4 published on Friday, Feb 20, 2026 by stackitcloud
KMS Key datasource schema. Uses the default_region specified in the provider configuration as a fallback in case no region is defined on datasource level.
Example Usage
data "stackit_kms_key" "key" {
project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
keyring_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
key_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
Using getKmsKey
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getKmsKey(args: GetKmsKeyArgs, opts?: InvokeOptions): Promise<GetKmsKeyResult>
function getKmsKeyOutput(args: GetKmsKeyOutputArgs, opts?: InvokeOptions): Output<GetKmsKeyResult>def get_kms_key(key_id: Optional[str] = None,
keyring_id: Optional[str] = None,
project_id: Optional[str] = None,
region: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetKmsKeyResult
def get_kms_key_output(key_id: Optional[pulumi.Input[str]] = None,
keyring_id: Optional[pulumi.Input[str]] = None,
project_id: Optional[pulumi.Input[str]] = None,
region: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetKmsKeyResult]func LookupKmsKey(ctx *Context, args *LookupKmsKeyArgs, opts ...InvokeOption) (*LookupKmsKeyResult, error)
func LookupKmsKeyOutput(ctx *Context, args *LookupKmsKeyOutputArgs, opts ...InvokeOption) LookupKmsKeyResultOutput> Note: This function is named LookupKmsKey in the Go SDK.
public static class GetKmsKey
{
public static Task<GetKmsKeyResult> InvokeAsync(GetKmsKeyArgs args, InvokeOptions? opts = null)
public static Output<GetKmsKeyResult> Invoke(GetKmsKeyInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetKmsKeyResult> getKmsKey(GetKmsKeyArgs args, InvokeOptions options)
public static Output<GetKmsKeyResult> getKmsKey(GetKmsKeyArgs args, InvokeOptions options)
fn::invoke:
function: stackit:index/getKmsKey:getKmsKey
arguments:
# arguments dictionaryThe following arguments are supported:
- key_
id str - The ID of the key
- keyring_
id str - The ID of the associated key ring
- project_
id str - STACKIT project ID to which the key is associated.
- region str
- The resource region. If not defined, the provider region is used.
getKmsKey Result
The following output properties are available:
- Access
Scope string - The access scope of the key. Default is
PUBLIC. Possible values are:PUBLIC,SNA. - Algorithm string
- The encryption algorithm that the key will use to encrypt data. Possible values are:
aes_256_gcm,rsa_2048_oaep_sha256,rsa_3072_oaep_sha256,rsa_4096_oaep_sha256,rsa_4096_oaep_sha512,hmac_sha256,hmac_sha384,hmac_sha512,ecdsa_p256_sha256,ecdsa_p384_sha384,ecdsa_p521_sha512. - Description string
- A user chosen description to distinguish multiple keys
- Display
Name string - The display name to distinguish multiple keys
- Id string
- Import
Only bool - States whether versions can be created or only imported.
- Key
Id string - The ID of the key
- Keyring
Id string - The ID of the associated key ring
- Project
Id string - STACKIT project ID to which the key is associated.
- Protection string
- The underlying system that is responsible for protecting the key material. Possible values are:
software. - Purpose string
- The purpose for which the key will be used. Possible values are:
symmetric_encrypt_decrypt,asymmetric_encrypt_decrypt,message_authentication_code,asymmetric_sign_verify. - Region string
- The resource region. If not defined, the provider region is used.
- Access
Scope string - The access scope of the key. Default is
PUBLIC. Possible values are:PUBLIC,SNA. - Algorithm string
- The encryption algorithm that the key will use to encrypt data. Possible values are:
aes_256_gcm,rsa_2048_oaep_sha256,rsa_3072_oaep_sha256,rsa_4096_oaep_sha256,rsa_4096_oaep_sha512,hmac_sha256,hmac_sha384,hmac_sha512,ecdsa_p256_sha256,ecdsa_p384_sha384,ecdsa_p521_sha512. - Description string
- A user chosen description to distinguish multiple keys
- Display
Name string - The display name to distinguish multiple keys
- Id string
- Import
Only bool - States whether versions can be created or only imported.
- Key
Id string - The ID of the key
- Keyring
Id string - The ID of the associated key ring
- Project
Id string - STACKIT project ID to which the key is associated.
- Protection string
- The underlying system that is responsible for protecting the key material. Possible values are:
software. - Purpose string
- The purpose for which the key will be used. Possible values are:
symmetric_encrypt_decrypt,asymmetric_encrypt_decrypt,message_authentication_code,asymmetric_sign_verify. - Region string
- The resource region. If not defined, the provider region is used.
- access
Scope String - The access scope of the key. Default is
PUBLIC. Possible values are:PUBLIC,SNA. - algorithm String
- The encryption algorithm that the key will use to encrypt data. Possible values are:
aes_256_gcm,rsa_2048_oaep_sha256,rsa_3072_oaep_sha256,rsa_4096_oaep_sha256,rsa_4096_oaep_sha512,hmac_sha256,hmac_sha384,hmac_sha512,ecdsa_p256_sha256,ecdsa_p384_sha384,ecdsa_p521_sha512. - description String
- A user chosen description to distinguish multiple keys
- display
Name String - The display name to distinguish multiple keys
- id String
- import
Only Boolean - States whether versions can be created or only imported.
- key
Id String - The ID of the key
- keyring
Id String - The ID of the associated key ring
- project
Id String - STACKIT project ID to which the key is associated.
- protection String
- The underlying system that is responsible for protecting the key material. Possible values are:
software. - purpose String
- The purpose for which the key will be used. Possible values are:
symmetric_encrypt_decrypt,asymmetric_encrypt_decrypt,message_authentication_code,asymmetric_sign_verify. - region String
- The resource region. If not defined, the provider region is used.
- access
Scope string - The access scope of the key. Default is
PUBLIC. Possible values are:PUBLIC,SNA. - algorithm string
- The encryption algorithm that the key will use to encrypt data. Possible values are:
aes_256_gcm,rsa_2048_oaep_sha256,rsa_3072_oaep_sha256,rsa_4096_oaep_sha256,rsa_4096_oaep_sha512,hmac_sha256,hmac_sha384,hmac_sha512,ecdsa_p256_sha256,ecdsa_p384_sha384,ecdsa_p521_sha512. - description string
- A user chosen description to distinguish multiple keys
- display
Name string - The display name to distinguish multiple keys
- id string
- import
Only boolean - States whether versions can be created or only imported.
- key
Id string - The ID of the key
- keyring
Id string - The ID of the associated key ring
- project
Id string - STACKIT project ID to which the key is associated.
- protection string
- The underlying system that is responsible for protecting the key material. Possible values are:
software. - purpose string
- The purpose for which the key will be used. Possible values are:
symmetric_encrypt_decrypt,asymmetric_encrypt_decrypt,message_authentication_code,asymmetric_sign_verify. - region string
- The resource region. If not defined, the provider region is used.
- access_
scope str - The access scope of the key. Default is
PUBLIC. Possible values are:PUBLIC,SNA. - algorithm str
- The encryption algorithm that the key will use to encrypt data. Possible values are:
aes_256_gcm,rsa_2048_oaep_sha256,rsa_3072_oaep_sha256,rsa_4096_oaep_sha256,rsa_4096_oaep_sha512,hmac_sha256,hmac_sha384,hmac_sha512,ecdsa_p256_sha256,ecdsa_p384_sha384,ecdsa_p521_sha512. - description str
- A user chosen description to distinguish multiple keys
- display_
name str - The display name to distinguish multiple keys
- id str
- import_
only bool - States whether versions can be created or only imported.
- key_
id str - The ID of the key
- keyring_
id str - The ID of the associated key ring
- project_
id str - STACKIT project ID to which the key is associated.
- protection str
- The underlying system that is responsible for protecting the key material. Possible values are:
software. - purpose str
- The purpose for which the key will be used. Possible values are:
symmetric_encrypt_decrypt,asymmetric_encrypt_decrypt,message_authentication_code,asymmetric_sign_verify. - region str
- The resource region. If not defined, the provider region is used.
- access
Scope String - The access scope of the key. Default is
PUBLIC. Possible values are:PUBLIC,SNA. - algorithm String
- The encryption algorithm that the key will use to encrypt data. Possible values are:
aes_256_gcm,rsa_2048_oaep_sha256,rsa_3072_oaep_sha256,rsa_4096_oaep_sha256,rsa_4096_oaep_sha512,hmac_sha256,hmac_sha384,hmac_sha512,ecdsa_p256_sha256,ecdsa_p384_sha384,ecdsa_p521_sha512. - description String
- A user chosen description to distinguish multiple keys
- display
Name String - The display name to distinguish multiple keys
- id String
- import
Only Boolean - States whether versions can be created or only imported.
- key
Id String - The ID of the key
- keyring
Id String - The ID of the associated key ring
- project
Id String - STACKIT project ID to which the key is associated.
- protection String
- The underlying system that is responsible for protecting the key material. Possible values are:
software. - purpose String
- The purpose for which the key will be used. Possible values are:
symmetric_encrypt_decrypt,asymmetric_encrypt_decrypt,message_authentication_code,asymmetric_sign_verify. - region String
- The resource region. If not defined, the provider region is used.
Package Details
- Repository
- stackit stackitcloud/pulumi-stackit
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
stackitTerraform Provider.
stackit v0.0.4 published on Friday, Feb 20, 2026 by stackitcloud
