Add support for protection level EXTERNAL_VPC keys - Githubissues

terraform-google-modules / terraform-google-kms

Allows managing a keyring, zero or more keys in the keyring, and IAM role bindings on individual keys

https://registry.terraform.io/modules/terraform-google-modules/kms/google

Apache License 2.0

47 stars 95 forks source link

Add support for protection level EXTERNAL_VPC keys #136

Closed romanini-ciandt closed 7 months ago

romanini-ciandt commented 7 months ago

TL;DR

google_kms_crypto_key resource supports 4 types of protection_level ("SOFTWARE", "HSM", "EXTERNAL", "EXTERNAL_VPC") while kms module key_protection_level lists only "SOFTWARE" and "HSM" as valid options.

Terraform Resources

google_kms_crypto_key

Detailed design

Looks like key_protection_level input would already accept "EXTERNAL_VPC", it is just missing in "possible values" example string list. The new input field that we would need to implement is crypto_key_backend in order to make "EXTERNAL_VPC" key protection level type fully work.

Additional information

No response