| <a name="input_key_management"></a> [key\_management](#input\_key\_management) | Key Protect instance variables | <pre>object({<br/> name = optional(string)<br/> resource_group = optional(string)<br/> use_data = optional(bool)<br/> use_hs_crypto = optional(bool)<br/> access_tags = optional(list(string), [])<br/> service_endpoints = optional(string, "public-and-private")<br/> keys = optional(<br/> list(<br/> object({<br/> name = string<br/> root_key = optional(bool)<br/> payload = optional(string)<br/> key_ring = optional(string) # Any key_ring added will be created<br/> force_delete = optional(bool)<br/> existing_key_crn = optional(string) # CRN of an existing key in the same or different account.<br/> endpoint = optional(string) # can be public or private<br/> iv_value = optional(string) # (Optional, Forces new resource, String) Used with import tokens. The initialization vector (IV) that is generated when you encrypt a nonce. The IV value is required to decrypt the encrypted nonce value that you provide when you make a key import request to the service. To generate an IV, encrypt the nonce by running ibmcloud kp import-token encrypt-nonce. Only for imported root key.<br/> encrypted_nonce = optional(string) # The encrypted nonce value that verifies your request to import a key to Key Protect. This value must be encrypted by using the key that you want to import to the service. To retrieve a nonce, use the ibmcloud kp import-token get command. Then, encrypt the value by running ibmcloud kp import-token encrypt-nonce. Only for imported root key.<br/> policies = optional(<br/> object({<br/> rotation = optional(<br/> object({<br/> interval_month = number<br/> })<br/> )<br/> dual_auth_delete = optional(<br/> object({<br/> enabled = bool<br/> })<br/> )<br/> })<br/> )<br/> })<br/> )<br/> )<br/> })</pre> | n/a | yes |
0 commit comments