google_kms_key_ring

Allows creation of a Google Cloud Platform KMS KeyRing. For more information see the official documentation and API.

A KeyRing is a grouping of CryptoKeys for organizational purposes. A KeyRing belongs to a Google Cloud Platform Project and resides in a specific location.

Note: KeyRings cannot be deleted from Google Cloud Platform. Destroying a Terraform-managed KeyRing will remove it from state but will not delete the resource on the server.

Example Usage

resource "google_kms_key_ring" "my_key_ring" {
  name     = "my-key-ring"
  location = "us-central1"
}

Argument Reference

The following arguments are supported:

• name - (Required) The KeyRing's name. A KeyRing’s name must be unique within a location and match the regular expression [a-zA-Z0-9_-]{1,63}

• location - (Required) The Google Cloud Platform location for the KeyRing. A full list of valid locations can be found by running gcloud kms locations list.

• project - (Optional) The project in which the resource belongs. If it is not provided, the provider project is used.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

• id - The ID of the created KeyRing. Its format is {projectId}/{location}/{keyRingName}.

Import

KeyRings can be imported using the KeyRing autogenerated id, e.g.

$ terraform import google_kms_key_ring.my_key_ring my-gcp-project/us-central1/my-key-ring

$ terraform import google_kms_key_ring.my_key_ring us-central1/my-key-ring