https://github.com/terraform-ibm-modules/terraform-ibm-toolkit-kms

Module to provision or lookup a Key Management System provider (Key Protect or Hyper Protect Crypto Service)
https://github.com/terraform-ibm-modules/terraform-ibm-toolkit-kms

Last synced: 5 months ago
JSON representation

Module to provision or lookup a Key Management System provider (Key Protect or Hyper Protect Crypto Service)

• Host: GitHub
• URL: https://github.com/terraform-ibm-modules/terraform-ibm-toolkit-kms
• Owner: terraform-ibm-modules
• License: apache-2.0
• Created: 2021-08-19T12:19:39.000Z (almost 4 years ago)
• Default Branch: main
• Last Pushed: 2022-09-07T17:39:21.000Z (over 2 years ago)
• Last Synced: 2023-03-03T23:23:45.382Z (about 2 years ago)
• Language: HCL
• Size: 27.3 KB
• Stars: 0
• Watchers: 5
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# KMS module

Module to provision and/or lookup a Key Management Service (KMS) on IBM Cloud. 

Within IBM Cloud there are two options for Key Management Services: bring-your-own-key software-based Key Protect service and keep-your-own-key HMS Hyper Protect Crypto Service (HPCS). As you might imagine, the cost of each of these services is significantly different and it is often preferable to use Key Protect in POC and development environments then switch to HPCS for critical environments.

Fortunately, the APIs used to access Key Protect and HPCS are the same making them easily interchangeable. This module makes use of the Key Protect and HPCS modules as submodules and conditionally provisions one or the other based on the value of the `service` variable. If `keyprotect` is provided for the value then an instance of Key Protect is provisioned. If `hpcs` is provided then an HPCS instance is used. If an instance of Key Protect or HPCS already exists then you can provide `false` in the value for the `provision` flag and the module will look for an existing instance with the name provided.

## Software dependencies

The module depends on the following software components:

### Command-line tools

- terraform - v14

### Terraform providers

None

## Module dependencies

This module makes use of the output from other modules:

- Resource group - github.com/cloud-native-toolkit/terraform-ibm-resource-group

## Example usage

[Refer test cases for more details](test/stages/stage2-kms.tf)

```hcl-terraform

terraform {

  required_providers {

    ibm = {

      source = "ibm-cloud/ibm"

    }

  }

  required_version = ">= 0.13"

}

provider "ibm" {

  ibmcloud_api_key = var.ibmcloud_api_key

  region = var.region

}

module "kms" {

  source = "github.com/cloud-native-toolkit/terraform-ibm-kms.git"

  service             = var.service

  resource_group_name = module.resource_group.name

  region              = var.region

  name_prefix         = var.name_prefix

  provision           = true

}

```