Skip to main content


Supported platform

  • gcp


GCP KMS crypto key


resourcePathstringFull resource path
namestringCrypto key name
primarygcp.project.kmsService.keyring.cryptokey.versionPrimary version for encrypt to use for this crypto key
purposestringCrypto key purpose
createdtimeCreation timestamp
nextRotationtimeTime at which KMS will create a new version of this key and mark it as primary
rotationPeriodtimeRotation period
versionTemplatedictTemplate describing the settings for new crypto key versions
labelsmap[string]stringUser-defined labels
importOnlyboolWhether this key may contain imported versions only
destroyScheduledDurationtimePeriod of time that versions of this key spend in DESTROY_SCHEDULED state before being destroyed
cryptoKeyBackendstringResource name of the backend environment where the key material for all crypto key versions reside
versions[]gcp.project.kmsService.keyring.cryptokey.versionList of cryptokey versions
iamPolicy[]gcp.resourcemanager.bindingCrypto key IAM policy