autokey_config
Creates, updates, deletes, gets or lists a autokey_config resource.
Overview
| Name | autokey_config |
| Type | Resource |
| Id | google.cloudkms.autokey_config |
Fields
| Name | Datatype | Description |
|---|---|---|
name | string | Identifier. Name of the AutokeyConfig resource, e.g. folders/{FOLDER_NUMBER}/autokeyConfig. |
keyProject | string | Optional. Name of the key project, e.g. projects/{PROJECT_ID} or projects/{PROJECT_NUMBER}, where Cloud KMS Autokey will provision a new CryptoKey when a KeyHandle is created. On UpdateAutokeyConfig, the caller will require cloudkms.cryptoKeys.setIamPolicy permission on this key project. Once configured, for Cloud KMS Autokey to function properly, this key project must have the Cloud KMS API activated and the Cloud KMS Service Agent for this key project must be granted the cloudkms.admin role (or pertinent permissions). A request with an empty key project field will clear the configuration. |
state | string | Output only. The state for the AutokeyConfig. |
Methods
| Name | Accessible by | Required Params | Description |
|---|---|---|---|
get_autokey_config | SELECT | foldersId | Returns the AutokeyConfig for a folder. |
update_autokey_config | UPDATE | foldersId | Updates the AutokeyConfig for a folder. The caller must have both cloudkms.autokeyConfigs.update permission on the parent folder and cloudkms.cryptoKeys.setIamPolicy permission on the provided key project. A KeyHandle creation in the folder's descendant projects will use this configuration to determine where to create the resulting CryptoKey. |
SELECT examples
Returns the AutokeyConfig for a folder.
SELECT
name,
keyProject,
state
FROM google.cloudkms.autokey_config
WHERE foldersId = '{{ foldersId }}';
UPDATE example
Updates a autokey_config resource.
/*+ update */
UPDATE google.cloudkms.autokey_config
SET
name = '{{ name }}',
keyProject = '{{ keyProject }}'
WHERE
foldersId = '{{ foldersId }}';