KMS key ring module

This module creates a key ring to help organize keys in a KMS instance. KMS can be Key Protect or Hyper Protect Crypto Services(HPCS) instance. For more information, about key management rings, see creating key rings in Key Protect and managing key rings in HPCS.

Usage

provider "ibm" {
  ibmcloud_api_key = "XXXXXXXXXX"
  # Must be the same region the KMS instance is in
  region           = "us-south"
}

module "kms_key_ring" {
  source  = "terraform-ibm-modules/kms-key-ring/ibm"
  version = "latest" # Replace "latest" with a release version to lock into a specific release
  instance_id   = "XXxxXXxx-xxxx-XXXX-xxxx-XXxxXXxx"
  key_ring_id   = "my-key-ring"
}

Required IAM access policies

You need the following permissions to run this module.

• Account Management
  • Resource Group service
    • Viewer platform access
• IAM Services
  • KMS service
    • Viewer platform access
    • Manager service access

Examples

• Basic example
• Complete example

Requirements

Name	Version
terraform	>= 1.0.0, <1.7.0
ibm	>= 1.58.0, < 2.0.0

Modules

No modules.

Resources

Name	Type
ibm_kms_key_rings.key_ring	resource

Inputs

Name	Description	Type	Default	Required
endpoint_type	The type of endpoint to be used for creating keys. Accepts 'public' or 'private'	string	"public"	no
force_delete	Set to true if you wish to force delete the kms key rings, else false.	bool	true	no
instance_id	The KMS instance GUID	string	n/a	yes
key_ring_id	The ID that identifies the Key Ring. Each ID is unique within the given KMS instance but is not reserved across the KMS service	string	n/a	yes

Outputs

Name	Description
key_ring_id	ID of the Key Ring

Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.

To set up your local development environment, see Local development setup in the project documentation.