AWS v6.71.0, Mar 7 25

AWS v6.71.0 published on Friday, Mar 7, 2025 by Pulumi

aws.paymentcryptography.Key

Explore with Pulumi AI

AWS v6.71.0 published on Friday, Mar 7, 2025 by Pulumi

pulumi/pulumi-aws

Example Usage

Basic Usage

Coming soon!

Coming soon!

Coming soon!

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.paymentcryptography.Key;
import com.pulumi.aws.paymentcryptography.KeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var test = new Key("test", KeyArgs.builder()
            .exportable(true)
            .keyAttributes(KeyKeyAttributesArgs.builder()
                .keyAlgorithm("TDES_3KEY")
                .keyClass("SYMMETRIC_KEY")
                .keyUsage("TR31_P0_PIN_ENCRYPTION_KEY")
                .keyModesOfUse(KeyKeyAttributesKeyModesOfUseArgs.builder()
                    .decrypt(true)
                    .encrypt(true)
                    .wrap(true)
                    .unwrap(true)
                    .build())
                .build())
            .build());

    }
}

resources:
  test:
    type: aws:paymentcryptography:Key
    properties:
      exportable: true
      keyAttributes:
        - keyAlgorithm: TDES_3KEY
          keyClass: SYMMETRIC_KEY
          keyUsage: TR31_P0_PIN_ENCRYPTION_KEY
          keyModesOfUse:
            - decrypt: true
              encrypt: true
              wrap: true
              unwrap: true

Create Key Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Key(name: string, args: KeyArgs, opts?: CustomResourceOptions);

@overload
def Key(resource_name: str,
        args: KeyArgs,
        opts: Optional[ResourceOptions] = None)

@overload
def Key(resource_name: str,
        opts: Optional[ResourceOptions] = None,
        exportable: Optional[bool] = None,
        deletion_window_in_days: Optional[int] = None,
        enabled: Optional[bool] = None,
        key_attributes: Optional[KeyKeyAttributesArgs] = None,
        key_check_value_algorithm: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        timeouts: Optional[KeyTimeoutsArgs] = None)

func NewKey(ctx *Context, name string, args KeyArgs, opts ...ResourceOption) (*Key, error)

public Key(string name, KeyArgs args, CustomResourceOptions? opts = null)

public Key(String name, KeyArgs args)
public Key(String name, KeyArgs args, CustomResourceOptions options)

type: aws:paymentcryptography:Key
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args KeyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args KeyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args KeyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args KeyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args KeyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var awsKeyResource = new Aws.PaymentCryptography.Key("awsKeyResource", new()
{
    Exportable = false,
    DeletionWindowInDays = 0,
    Enabled = false,
    KeyAttributes = new Aws.PaymentCryptography.Inputs.KeyKeyAttributesArgs
    {
        KeyAlgorithm = "string",
        KeyClass = "string",
        KeyUsage = "string",
        KeyModesOfUse = new Aws.PaymentCryptography.Inputs.KeyKeyAttributesKeyModesOfUseArgs
        {
            Decrypt = false,
            DeriveKey = false,
            Encrypt = false,
            Generate = false,
            NoRestrictions = false,
            Sign = false,
            Unwrap = false,
            Verify = false,
            Wrap = false,
        },
    },
    KeyCheckValueAlgorithm = "string",
    Tags = 
    {
        { "string", "string" },
    },
    Timeouts = new Aws.PaymentCryptography.Inputs.KeyTimeoutsArgs
    {
        Create = "string",
        Delete = "string",
        Update = "string",
    },
});

example, err := paymentcryptography.NewKey(ctx, "awsKeyResource", &paymentcryptography.KeyArgs{
	Exportable:           pulumi.Bool(false),
	DeletionWindowInDays: pulumi.Int(0),
	Enabled:              pulumi.Bool(false),
	KeyAttributes: &paymentcryptography.KeyKeyAttributesArgs{
		KeyAlgorithm: pulumi.String("string"),
		KeyClass:     pulumi.String("string"),
		KeyUsage:     pulumi.String("string"),
		KeyModesOfUse: &paymentcryptography.KeyKeyAttributesKeyModesOfUseArgs{
			Decrypt:        pulumi.Bool(false),
			DeriveKey:      pulumi.Bool(false),
			Encrypt:        pulumi.Bool(false),
			Generate:       pulumi.Bool(false),
			NoRestrictions: pulumi.Bool(false),
			Sign:           pulumi.Bool(false),
			Unwrap:         pulumi.Bool(false),
			Verify:         pulumi.Bool(false),
			Wrap:           pulumi.Bool(false),
		},
	},
	KeyCheckValueAlgorithm: pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	Timeouts: &paymentcryptography.KeyTimeoutsArgs{
		Create: pulumi.String("string"),
		Delete: pulumi.String("string"),
		Update: pulumi.String("string"),
	},
})

var awsKeyResource = new Key("awsKeyResource", KeyArgs.builder()
    .exportable(false)
    .deletionWindowInDays(0)
    .enabled(false)
    .keyAttributes(KeyKeyAttributesArgs.builder()
        .keyAlgorithm("string")
        .keyClass("string")
        .keyUsage("string")
        .keyModesOfUse(KeyKeyAttributesKeyModesOfUseArgs.builder()
            .decrypt(false)
            .deriveKey(false)
            .encrypt(false)
            .generate(false)
            .noRestrictions(false)
            .sign(false)
            .unwrap(false)
            .verify(false)
            .wrap(false)
            .build())
        .build())
    .keyCheckValueAlgorithm("string")
    .tags(Map.of("string", "string"))
    .timeouts(KeyTimeoutsArgs.builder()
        .create("string")
        .delete("string")
        .update("string")
        .build())
    .build());

aws_key_resource = aws.paymentcryptography.Key("awsKeyResource",
    exportable=False,
    deletion_window_in_days=0,
    enabled=False,
    key_attributes={
        "key_algorithm": "string",
        "key_class": "string",
        "key_usage": "string",
        "key_modes_of_use": {
            "decrypt": False,
            "derive_key": False,
            "encrypt": False,
            "generate": False,
            "no_restrictions": False,
            "sign": False,
            "unwrap": False,
            "verify": False,
            "wrap": False,
        },
    },
    key_check_value_algorithm="string",
    tags={
        "string": "string",
    },
    timeouts={
        "create": "string",
        "delete": "string",
        "update": "string",
    })

const awsKeyResource = new aws.paymentcryptography.Key("awsKeyResource", {
    exportable: false,
    deletionWindowInDays: 0,
    enabled: false,
    keyAttributes: {
        keyAlgorithm: "string",
        keyClass: "string",
        keyUsage: "string",
        keyModesOfUse: {
            decrypt: false,
            deriveKey: false,
            encrypt: false,
            generate: false,
            noRestrictions: false,
            sign: false,
            unwrap: false,
            verify: false,
            wrap: false,
        },
    },
    keyCheckValueAlgorithm: "string",
    tags: {
        string: "string",
    },
    timeouts: {
        create: "string",
        "delete": "string",
        update: "string",
    },
});

type: aws:paymentcryptography:Key
properties:
    deletionWindowInDays: 0
    enabled: false
    exportable: false
    keyAttributes:
        keyAlgorithm: string
        keyClass: string
        keyModesOfUse:
            decrypt: false
            deriveKey: false
            encrypt: false
            generate: false
            noRestrictions: false
            sign: false
            unwrap: false
            verify: false
            wrap: false
        keyUsage: string
    keyCheckValueAlgorithm: string
    tags:
        string: string
    timeouts:
        create: string
        delete: string
        update: string

Key Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Key resource accepts the following input properties:

Exportable bool

Whether the key is exportable from the service.

DeletionWindowInDays int

Enabled bool

Whether to enable the key.

KeyAttributes KeyKeyAttributes

Role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.

The following arguments are optional:

KeyCheckValueAlgorithm string

Algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).

Tags Dictionary<string, string>

Map of tags assigned to the WorkSpaces Connection Alias. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Timeouts KeyTimeouts

Exportable bool

Whether the key is exportable from the service.

DeletionWindowInDays int

Enabled bool

Whether to enable the key.

KeyAttributes KeyKeyAttributesArgs

Role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.

The following arguments are optional:

KeyCheckValueAlgorithm string

Algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).

Tags map[string]string

Timeouts KeyTimeoutsArgs

exportable Boolean

Whether the key is exportable from the service.

deletionWindowInDays Integer

enabled Boolean

Whether to enable the key.

keyAttributes KeyKeyAttributes

Role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.

The following arguments are optional:

keyCheckValueAlgorithm String

Algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).

tags Map<String,String>

timeouts KeyTimeouts

exportable boolean

Whether the key is exportable from the service.

deletionWindowInDays number

enabled boolean

Whether to enable the key.

keyAttributes KeyKeyAttributes

Role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.

The following arguments are optional:

keyCheckValueAlgorithm string

Algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).

tags {[key: string]: string}

timeouts KeyTimeouts

exportable bool

Whether the key is exportable from the service.

deletion_window_in_days int

enabled bool

Whether to enable the key.

key_attributes KeyKeyAttributesArgs

Role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.

The following arguments are optional:

key_check_value_algorithm str

Algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).

tags Mapping[str, str]

timeouts KeyTimeoutsArgs

exportable Boolean

Whether the key is exportable from the service.

deletionWindowInDays Number

enabled Boolean

Whether to enable the key.

keyAttributes Property Map

Role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.

The following arguments are optional:

keyCheckValueAlgorithm String

Algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).

tags Map<String>

timeouts Property Map

Outputs

All input properties are implicitly available as output properties. Additionally, the Key resource produces the following output properties:

Arn string: ARN of the key.
Id string: The provider-assigned unique ID for this managed resource.
KeyCheckValue string: Key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
KeyOrigin string: Source of the key material.
State string: State of key that is being created or deleted.
TagsAll Dictionary<string, string>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

Arn string: ARN of the key.
Id string: The provider-assigned unique ID for this managed resource.
KeyCheckValue string: Key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
KeyOrigin string: Source of the key material.
KeyState string: State of key that is being created or deleted.
TagsAll map[string]string: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn String: ARN of the key.
id String: The provider-assigned unique ID for this managed resource.
keyCheckValue String: Key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
keyOrigin String: Source of the key material.
keyState String: State of key that is being created or deleted.
tagsAll Map<String,String>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn string: ARN of the key.
id string: The provider-assigned unique ID for this managed resource.
keyCheckValue string: Key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
keyOrigin string: Source of the key material.
keyState string: State of key that is being created or deleted.
tagsAll {[key: string]: string}: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn str: ARN of the key.
id str: The provider-assigned unique ID for this managed resource.
key_check_value str: Key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
key_origin str: Source of the key material.
key_state str: State of key that is being created or deleted.
tags_all Mapping[str, str]: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn String: ARN of the key.
id String: The provider-assigned unique ID for this managed resource.
keyCheckValue String: Key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.
keyOrigin String: Source of the key material.
keyState String: State of key that is being created or deleted.
tagsAll Map<String>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

Look up Existing Key Resource

Get an existing Key resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: KeyState, opts?: CustomResourceOptions): Key

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        deletion_window_in_days: Optional[int] = None,
        enabled: Optional[bool] = None,
        exportable: Optional[bool] = None,
        key_attributes: Optional[KeyKeyAttributesArgs] = None,
        key_check_value: Optional[str] = None,
        key_check_value_algorithm: Optional[str] = None,
        key_origin: Optional[str] = None,
        key_state: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        timeouts: Optional[KeyTimeoutsArgs] = None) -> Key

func GetKey(ctx *Context, name string, id IDInput, state *KeyState, opts ...ResourceOption) (*Key, error)

public static Key Get(string name, Input<string> id, KeyState? state, CustomResourceOptions? opts = null)

public static Key get(String name, Output<String> id, KeyState state, CustomResourceOptions options)

resources:  _:    type: aws:paymentcryptography:Key    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Arn string

ARN of the key.

DeletionWindowInDays int

Enabled bool

Whether to enable the key.

Exportable bool

Whether the key is exportable from the service.

KeyAttributes KeyKeyAttributes

Role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.

The following arguments are optional:

KeyCheckValue string

Key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.

KeyCheckValueAlgorithm string

Algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).

KeyOrigin string

Source of the key material.

State string

State of key that is being created or deleted.

Tags Dictionary<string, string>

TagsAll Dictionary<string, string>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

Timeouts KeyTimeouts

Arn string

ARN of the key.

DeletionWindowInDays int

Enabled bool

Whether to enable the key.

Exportable bool

Whether the key is exportable from the service.

KeyAttributes KeyKeyAttributesArgs

Role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.

The following arguments are optional:

KeyCheckValue string

Key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.

KeyCheckValueAlgorithm string

Algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).

KeyOrigin string

Source of the key material.

KeyState string

State of key that is being created or deleted.

Tags map[string]string

TagsAll map[string]string

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

Timeouts KeyTimeoutsArgs

arn String

ARN of the key.

deletionWindowInDays Integer

enabled Boolean

Whether to enable the key.

exportable Boolean

Whether the key is exportable from the service.

keyAttributes KeyKeyAttributes

Role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.

The following arguments are optional:

keyCheckValue String

Key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.

keyCheckValueAlgorithm String

Algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).

keyOrigin String

Source of the key material.

keyState String

State of key that is being created or deleted.

tags Map<String,String>

tagsAll Map<String,String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

timeouts KeyTimeouts

arn string

ARN of the key.

deletionWindowInDays number

enabled boolean

Whether to enable the key.

exportable boolean

Whether the key is exportable from the service.

keyAttributes KeyKeyAttributes

Role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.

The following arguments are optional:

keyCheckValue string

Key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.

keyCheckValueAlgorithm string

Algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).

keyOrigin string

Source of the key material.

keyState string

State of key that is being created or deleted.

tags {[key: string]: string}

tagsAll {[key: string]: string}

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

timeouts KeyTimeouts

arn str

ARN of the key.

deletion_window_in_days int

enabled bool

Whether to enable the key.

exportable bool

Whether the key is exportable from the service.

key_attributes KeyKeyAttributesArgs

Role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.

The following arguments are optional:

key_check_value str

Key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.

key_check_value_algorithm str

Algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).

key_origin str

Source of the key material.

key_state str

State of key that is being created or deleted.

tags Mapping[str, str]

tags_all Mapping[str, str]

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

timeouts KeyTimeoutsArgs

arn String

ARN of the key.

deletionWindowInDays Number

enabled Boolean

Whether to enable the key.

exportable Boolean

Whether the key is exportable from the service.

keyAttributes Property Map

Role of the key, the algorithm it supports, and the cryptographic operations allowed with the key.

The following arguments are optional:

keyCheckValue String

Key check value (KCV) is used to check if all parties holding a given key have the same key or to detect that a key has changed.

keyCheckValueAlgorithm String

Algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV).

keyOrigin String

Source of the key material.

keyState String

State of key that is being created or deleted.

tags Map<String>

tagsAll Map<String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

timeouts Property Map

Supporting Types

KeyKeyAttributes, KeyKeyAttributesArgs

KeyAlgorithm string: Key algorithm to be use during creation of an AWS Payment Cryptography key.
KeyClass string: Type of AWS Payment Cryptography key to create.
KeyUsage string: Cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
KeyModesOfUse KeyKeyAttributesKeyModesOfUse: List of cryptographic operations that you can perform using the key.

KeyAlgorithm string: Key algorithm to be use during creation of an AWS Payment Cryptography key.
KeyClass string: Type of AWS Payment Cryptography key to create.
KeyUsage string: Cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
KeyModesOfUse KeyKeyAttributesKeyModesOfUse: List of cryptographic operations that you can perform using the key.

keyAlgorithm String: Key algorithm to be use during creation of an AWS Payment Cryptography key.
keyClass String: Type of AWS Payment Cryptography key to create.
keyUsage String: Cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
keyModesOfUse KeyKeyAttributesKeyModesOfUse: List of cryptographic operations that you can perform using the key.

keyAlgorithm string: Key algorithm to be use during creation of an AWS Payment Cryptography key.
keyClass string: Type of AWS Payment Cryptography key to create.
keyUsage string: Cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
keyModesOfUse KeyKeyAttributesKeyModesOfUse: List of cryptographic operations that you can perform using the key.

key_algorithm str: Key algorithm to be use during creation of an AWS Payment Cryptography key.
key_class str: Type of AWS Payment Cryptography key to create.
key_usage str: Cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
key_modes_of_use KeyKeyAttributesKeyModesOfUse: List of cryptographic operations that you can perform using the key.

keyAlgorithm String: Key algorithm to be use during creation of an AWS Payment Cryptography key.
keyClass String: Type of AWS Payment Cryptography key to create.
keyUsage String: Cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
keyModesOfUse Property Map: List of cryptographic operations that you can perform using the key.

KeyKeyAttributesKeyModesOfUse, KeyKeyAttributesKeyModesOfUseArgs

Decrypt bool: Whether an AWS Payment Cryptography key can be used to decrypt data.
DeriveKey bool: Whether an AWS Payment Cryptography key can be used to derive new keys.
Encrypt bool: Whether an AWS Payment Cryptography key can be used to encrypt data.
Generate bool: Whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
NoRestrictions bool: Whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by KeyUsage.
Sign bool: Whether an AWS Payment Cryptography key can be used for signing.
Unwrap bool: Whether an AWS Payment Cryptography key can be used to unwrap other keys.
Verify bool: Whether an AWS Payment Cryptography key can be used to verify signatures.
Wrap bool: Whether an AWS Payment Cryptography key can be used to wrap other keys.

Decrypt bool: Whether an AWS Payment Cryptography key can be used to decrypt data.
DeriveKey bool: Whether an AWS Payment Cryptography key can be used to derive new keys.
Encrypt bool: Whether an AWS Payment Cryptography key can be used to encrypt data.
Generate bool: Whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
NoRestrictions bool: Whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by KeyUsage.
Sign bool: Whether an AWS Payment Cryptography key can be used for signing.
Unwrap bool: Whether an AWS Payment Cryptography key can be used to unwrap other keys.
Verify bool: Whether an AWS Payment Cryptography key can be used to verify signatures.
Wrap bool: Whether an AWS Payment Cryptography key can be used to wrap other keys.

decrypt Boolean: Whether an AWS Payment Cryptography key can be used to decrypt data.
deriveKey Boolean: Whether an AWS Payment Cryptography key can be used to derive new keys.
encrypt Boolean: Whether an AWS Payment Cryptography key can be used to encrypt data.
generate Boolean: Whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
noRestrictions Boolean: Whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by KeyUsage.
sign Boolean: Whether an AWS Payment Cryptography key can be used for signing.
unwrap Boolean: Whether an AWS Payment Cryptography key can be used to unwrap other keys.
verify Boolean: Whether an AWS Payment Cryptography key can be used to verify signatures.
wrap Boolean: Whether an AWS Payment Cryptography key can be used to wrap other keys.

decrypt boolean: Whether an AWS Payment Cryptography key can be used to decrypt data.
deriveKey boolean: Whether an AWS Payment Cryptography key can be used to derive new keys.
encrypt boolean: Whether an AWS Payment Cryptography key can be used to encrypt data.
generate boolean: Whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
noRestrictions boolean: Whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by KeyUsage.
sign boolean: Whether an AWS Payment Cryptography key can be used for signing.
unwrap boolean: Whether an AWS Payment Cryptography key can be used to unwrap other keys.
verify boolean: Whether an AWS Payment Cryptography key can be used to verify signatures.
wrap boolean: Whether an AWS Payment Cryptography key can be used to wrap other keys.

decrypt bool: Whether an AWS Payment Cryptography key can be used to decrypt data.
derive_key bool: Whether an AWS Payment Cryptography key can be used to derive new keys.
encrypt bool: Whether an AWS Payment Cryptography key can be used to encrypt data.
generate bool: Whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
no_restrictions bool: Whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by KeyUsage.
sign bool: Whether an AWS Payment Cryptography key can be used for signing.
unwrap bool: Whether an AWS Payment Cryptography key can be used to unwrap other keys.
verify bool: Whether an AWS Payment Cryptography key can be used to verify signatures.
wrap bool: Whether an AWS Payment Cryptography key can be used to wrap other keys.

decrypt Boolean: Whether an AWS Payment Cryptography key can be used to decrypt data.
deriveKey Boolean: Whether an AWS Payment Cryptography key can be used to derive new keys.
encrypt Boolean: Whether an AWS Payment Cryptography key can be used to encrypt data.
generate Boolean: Whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
noRestrictions Boolean: Whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by KeyUsage.
sign Boolean: Whether an AWS Payment Cryptography key can be used for signing.
unwrap Boolean: Whether an AWS Payment Cryptography key can be used to unwrap other keys.
verify Boolean: Whether an AWS Payment Cryptography key can be used to verify signatures.
wrap Boolean: Whether an AWS Payment Cryptography key can be used to wrap other keys.

KeyTimeouts, KeyTimeoutsArgs

Create string: A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
Delete string: A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
Update string: A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).

Create string: A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
Delete string: A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
Update string: A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).

create String: A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
delete String: A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
update String: A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).

create string: A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
delete string: A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
update string: A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).

create str: A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
delete str: A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
update str: A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).

create String: A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
delete String: A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
update String: A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).

Import

Using pulumi import, import Payment Cryptography Control Plane Key using the arn:aws:payment-cryptography:us-east-1:123456789012:key/qtbojf64yshyvyzf. For example:

$ pulumi import aws:paymentcryptography/key:Key example arn:aws:payment-cryptography:us-east-1:123456789012:key/qtbojf64yshyvyzf

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

AWS v6.71.0 published on Friday, Mar 7, 2025 by Pulumi

pulumi/pulumi-aws

aws.paymentcryptography.Key

On this page

On this page

Example Usage

Basic Usage

Create Key Resource

Constructor syntax

Parameters

Constructor example

Key Resource Properties

Inputs

Outputs

Look up Existing Key Resource

Supporting Types

KeyKeyAttributes, KeyKeyAttributesArgs

KeyKeyAttributesKeyModesOfUse, KeyKeyAttributesKeyModesOfUseArgs

KeyTimeouts, KeyTimeoutsArgs

Import

Package Details

On this page

On this page