Skip to main content

autokey_config

Creates, updates, deletes, gets or lists a autokey_config resource.

Overview

Nameautokey_config
TypeResource
Idgoogle.cloudkms.autokey_config

Fields

NameDatatypeDescription
namestringIdentifier. Name of the AutokeyConfig resource, e.g. folders/{FOLDER_NUMBER}/autokeyConfig.
keyProjectstringOptional. Name of the key project, e.g. projects/{PROJECT_ID} or projects/{PROJECT_NUMBER}, where Cloud KMS Autokey will provision a new CryptoKey when a KeyHandle is created. On UpdateAutokeyConfig, the caller will require cloudkms.cryptoKeys.setIamPolicy permission on this key project. Once configured, for Cloud KMS Autokey to function properly, this key project must have the Cloud KMS API activated and the Cloud KMS Service Agent for this key project must be granted the cloudkms.admin role (or pertinent permissions). A request with an empty key project field will clear the configuration.
statestringOutput only. The state for the AutokeyConfig.

Methods

NameAccessible byRequired ParamsDescription
get_autokey_configSELECTfoldersIdReturns the AutokeyConfig for a folder.
update_autokey_configUPDATEfoldersIdUpdates the AutokeyConfig for a folder. The caller must have both cloudkms.autokeyConfigs.update permission on the parent folder and cloudkms.cryptoKeys.setIamPolicy permission on the provided key project. A KeyHandle creation in the folder's descendant projects will use this configuration to determine where to create the resulting CryptoKey.

SELECT examples

Returns the AutokeyConfig for a folder.

SELECT
name,
keyProject,
state
FROM google.cloudkms.autokey_config
WHERE foldersId = '{{ foldersId }}';

UPDATE example

Updates a autokey_config resource.

/*+ update */
UPDATE google.cloudkms.autokey_config
SET
name = '{{ name }}',
keyProject = '{{ keyProject }}'
WHERE
foldersId = '{{ foldersId }}';