mirror of
https://github.com/google/nomulus.git
synced 2025-04-30 12:07:51 +02:00
de02996f00
Generated with perl -pi -e 's/\"\$\{([a-zA-Z0-9._-]*)\}\"/$1/g' $(find ./ -name '*.tf')
Copied from cl/282012376.
20 lines
633 B
HCL
20 lines
633 B
HCL
resource "google_kms_key_ring" "proxy_key_ring" {
|
|
name = var.proxy_key_ring
|
|
location = "global"
|
|
}
|
|
|
|
resource "google_kms_crypto_key" "proxy_key" {
|
|
name = var.proxy_key
|
|
key_ring = google_kms_key_ring.proxy_key_ring.self_link
|
|
|
|
lifecycle {
|
|
# If a crypto key gets destroyed, all data encrypted with it is lost.
|
|
prevent_destroy = true
|
|
}
|
|
}
|
|
|
|
resource "google_kms_crypto_key_iam_member" "ssl_key_decrypter" {
|
|
crypto_key_id = google_kms_crypto_key.proxy_key.self_link
|
|
role = "roles/cloudkms.cryptoKeyDecrypter"
|
|
member = "serviceAccount:${google_service_account.proxy_service_account.email}"
|
|
}
|