Puppet Task: kms_aws_create_key

Defined in:: tasks/kms_aws_create_key.json,
tasks/kms_aws_create_key.rb

Overview

Creates a customer master key (CMK) in the caller's AWS account. You can use a CMK to encrypt small amounts of data (4 KiB or less) directly, but CMKs are more commonly used to encrypt data keys, which are used to encrypt raw data. For more information about data keys and the difference between CMKs and data keys, see the following: The GenerateDataKey operation AWS Key Management Service Concepts in the AWS Key Management Service Developer Guide If you plan to import key material, use the Origin parameter with a value of EXTERNAL to create a CMK with no key material. To create a CMK in a custom key store, use CustomKeyStoreId parameter to specify the custom key store. You must also use the Origin parameter with a value of AWS_CLOUDHSM. The AWS CloudHSM cluster that is associated with the custom key store must have at least two active HSMs, each in a different Availability Zone in the Region. You cannot use this operation to create a CMK in a different AWS account.

Supports noop? false

Parameters

policy (Optional[String[1]]) —
tags (Optional[String[1]]) —
bypass_policy_lockout_safety_check (Optional[String[1]]) —
custom_key_store_id (Optional[String[1]]) —
description (Optional[String[1]]) —
key_usage (Optional[String[1]]) —
origin (Optional[String[1]]) —