@@ -25,6 +25,19 @@ resource "scaleway_key_manager_key" "main" {
2525}
2626```
2727
28+ ### Example: Asymmetric Key with Custom Algorithm
29+
30+ ```terraform
31+ resource "scaleway_key_manager_key" "rsa_4096" {
32+ name = "rsa-4096-key"
33+ region = "fr-par"
34+ usage = "asymmetric_encryption"
35+ algorithm = "rsa_oaep_4096_sha256" # Specify RSA-4096 instead of default RSA-3072
36+ description = "Key for encrypting large files with RSA-4096"
37+ unprotected = true
38+ }
39+ ```
40+
2841## Argument Reference
2942
3043The following arguments are supported:
@@ -36,6 +49,11 @@ The following arguments are supported:
3649 - `symmetric_encryption`
3750 - `asymmetric_encryption`
3851 - `asymmetric_signing`
52+ - `algorithm` (String, Optional) – The algorithm to use for the key. If not specified, a default algorithm is chosen based on the `usage`:
53+ - For `symmetric_encryption`: defaults to `aes_256_gcm`
54+ - For `asymmetric_encryption`: defaults to `rsa_oaep_3072_sha256`. Other options include `rsa_oaep_2048_sha256`, `rsa_oaep_4096_sha256`
55+ - For `asymmetric_signing`: defaults to `ec_p256_sha256`. Other options include `rsa_pss_2048_sha256`, etc.
56+ - See [Scaleway Key Manager documentation](https://www.scaleway.com/en/docs/key-manager/concepts/) for the full list of supported algorithms.
3957- `description` (String, Optional) – A description for the key.
4058- `tags` (List of String, Optional) – A list of tags to assign to the key.
4159- `unprotected` (Boolean, Optional) – If `true`, the key can be deleted. Defaults to `false` (protected).
@@ -50,6 +68,7 @@ The following arguments are supported:
5068In addition to all arguments above, the following attributes are exported:
5169
5270- `id` – The ID of the key.
71+ - `algorithm` – The algorithm used by the key (computed if not specified).
5372- `state` – The state of the key (e.g., `enabled`).
5473- `created_at` – The date and time when the key was created.
5574- `updated_at` – The date and time when the key was last updated.
0 commit comments