Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/terraform-ibm-modules/terraform-ibm-kms-key

Module for creation of KMS keys
https://github.com/terraform-ibm-modules/terraform-ibm-kms-key

core-team graduated hpcs ibm-cloud key-protect kms supported terraform terraform-module

Last synced: 3 days ago
JSON representation

Module for creation of KMS keys

Awesome Lists containing this project

README 

        
# KMS key module



[![Graduated (Supported)](https://img.shields.io/badge/Status-Graduated%20(Supported)-brightgreen)](https://terraform-ibm-modules.github.io/documentation/#/badge-status)

[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)

[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)

[![latest release](https://img.shields.io/github/v/release/terraform-ibm-modules/terraform-ibm-kms-key?logo=GitHub&sort=semver)](https://github.com/terraform-ibm-modules/terraform-ibm-kms-key/releases/latest)

[![Renovate enabled](https://img.shields.io/badge/renovate-enabled-brightgreen.svg)](https://renovatebot.com/)



This module supports creating a standard or root key in an existing key ring and KMS instance. KMS can be Key Protect or Hyper Protect Crypto Services (HPCS) Standard plan instance. You can specify rotation and deletion policies for the keys.



## Overview

* [terraform-ibm-kms-key](#terraform-ibm-kms-key)

* [Examples](./examples)

    * [Basic example](./examples/basic)

    * [Complete example](./examples/complete)

* [Contributing](#contributing)



## terraform-ibm-kms-key



### Usage



```hcl

provider "ibm" {

  ibmcloud_api_key = "XXXXXXXXXX"

  # Must be the same region the KMS instance is in

  region           = "us-south"

}



# KMS root key

module "kms_root_key" {

  source          = "terraform-ibm-modules/kms-key/ibm"

  version         = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release

  kms_instance_id = "XXxxXXxx-xxxx-XXXX-xxxx-XXxxXXxx"

  key_name        = "my-root-key"

}



# KMS standard key

module "kms_standard_key" {

  source          = "terraform-ibm-modules/kms-key/ibm"

  version         = "X.X.X" # Replace "X.X.X" with a release version to lock into a specific release

  kms_instance_id = "XXxxXXxx-xxxx-XXXX-xxxx-XXxxXXxx"

  key_name        = "my-standard-key"

  standard_key    = true

}

```



### Required IAM access policies

You need the following permissions to run this module.



- Account Management

    - **Resource Group** service

        - `Viewer` platform access

- IAM Services

    - **KMS** service

        - `Viewer` platform access

        - `Manager` service access



### Requirements



| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 1.0.0 |

|  [ibm](#requirement\_ibm) | >= 1.49.0, < 2.0.0 |



### Modules



No modules.



### Resources



| Name | Type |

|------|------|

| [ibm_kms_key.key](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/kms_key) | resource |

| [ibm_kms_key_policies.root_key_policy](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/kms_key_policies) | resource |

| [ibm_kms_key_policies.standard_key_policy](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/kms_key_policies) | resource |



### Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [dual\_auth\_delete\_enabled](#input\_dual\_auth\_delete\_enabled) | If set to true, KMS enables a dual authorization policy on a single key. Note: Once the dual authorization policy is set on the key, it cannot be reverted. A key with dual authorization policy enabled cannot be destroyed by using Terraform. | `bool` | `false` | no |

|  [endpoint\_type](#input\_endpoint\_type) | Endpoint to use when creating the Key | `string` | `"public"` | no |

|  [force\_delete](#input\_force\_delete) | Set as true to enable forcing deletion even if key is in use | `bool` | `false` | no |

|  [key\_name](#input\_key\_name) | Name to give the key | `string` | n/a | yes |

|  [kms\_instance\_id](#input\_kms\_instance\_id) | ID or GUID of KMS Instance | `string` | n/a | yes |

|  [kms\_key\_ring\_id](#input\_kms\_key\_ring\_id) | The ID of the key ring where you want to add your KMS key | `string` | `"default"` | no |

|  [rotation\_interval\_month](#input\_rotation\_interval\_month) | The key rotation time interval in months. Rotation policy cannot be set for standard key, so value is ignored if var.standard\_key is true | `number` | `1` | no |

|  [standard\_key](#input\_standard\_key) | Set as true for Standard Key, false for Root Key | `bool` | `false` | no |



### Outputs



| Name | Description |

|------|-------------|

|  [crn](#output\_crn) | Key CRN |

|  [dual\_auth\_delete](#output\_dual\_auth\_delete) | Is Dual Auth Delete Enabled |

|  [key\_id](#output\_key\_id) | Key ID |

|  [rotation\_interval\_month](#output\_rotation\_interval\_month) | Month Interval for Rotation |



## Contributing



You can report issues and request features for this module in GitHub issues in the module repo. See [Report an issue or request a feature](https://github.com/terraform-ibm-modules/.github/blob/main/.github/SUPPORT.md).



To set up your local development environment, see [Local development setup](https://terraform-ibm-modules.github.io/documentation/#/local-dev-setup) in the project documentation.