Skip to main content

keys

Creates, updates, deletes, gets or lists a keys resource.

Overview

Namekeys
TypeResource
Idconfluent.encryption_keys.keys

Fields

The following fields are returned by SELECT queries:

Key.

NameDatatypeDescription
idstringID is the "natural identifier" for an object within its scope/namespace; it is normally unique across time but not space. That is, you can assume that the ID will not be reclaimed and reused after an object is deleted ("time"); however, it may collide with IDs for other object kinds or objects of the same kind within a different scope/namespace ("space"). (example: dlz-f3a90de)
display_namestringThe human-readable name of the key object. (example: Key for billing cluster)
api_versionstringAPIVersion defines the schema version of this representation of a resource. (byok/v1)
keyobjectThe cloud-specific key details. For AWS, provide the corresponding key_arn. For Azure, provide the corresponding key_id. For GCP, provide the corresponding key_id.
kindstringKind defines the object this REST resource represents. (Key)
metadataobjectObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
providerstringThe cloud provider of the Key. (example: AWS)
statestringThe state of the key: AVAILABLE: key can be used for a Kafka cluster provisioning. IN_USE: key is already in use by a Kafka cluster provisioning. (example: IN_USE)
validationobjectThe validation details of the key.

Methods

The following methods are available for this resource:

NameAccessible byRequired ParamsOptional ParamsDescription
get_byok_v1_keyselectidMake a request to read a key.
list_byok_v1_keysselectdisplay_name, provider, state, validation_phase, validation_region, key, page_size, page_tokenRetrieve a sorted, filtered, paginated list of all keys.
create_byok_v1_keyinsertkeyMake a request to create a key.
update_byok_v1_keyupdateidMake a request to update a key.

delete_byok_v1_keydeleteidMake a request to delete a key.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

NameDatatypeDescription
idstringThe unique identifier for the key.
display_namestringFilter the results by a partial search of display_name. (example: Key for billing cluster)
keystringFilters results by a partial match on the key identifier: key_arn for AWS, key_id for Azure and GCP. (example: vault-name)
page_sizeintegerA pagination size for collection requests.
page_tokenstringAn opaque pagination token for collection requests.
providerstringFilter the results by exact match for provider. (example: AWS)
statestringFilter the results by exact match for state. (example: IN_USE)
validation_phasestringFilter the results by exact match for validation_phase.
validation_regionstringFilter keys by the cloud region where they are deployed. (example: us-west-2)

SELECT examples

Make a request to read a key.

SELECT
id,
display_name,
api_version,
key,
kind,
metadata,
provider,
state,
validation
FROM confluent.encryption_keys.keys
WHERE id = '{{ id }}' -- required
;

INSERT examples

Make a request to create a key.

INSERT INTO confluent.encryption_keys.keys (
key,
display_name
)
SELECT 
'{{ key }}' /* required */,
'{{ display_name }}'
RETURNING
id,
display_name,
api_version,
key,
kind,
metadata,
provider,
state,
validation
;

UPDATE examples

Make a request to update a key.

UPDATE confluent.encryption_keys.keys
SET 
key = '{{ key }}',
display_name = '{{ display_name }}'
WHERE 
id = '{{ id }}' --required
RETURNING
id,
display_name,
api_version,
key,
kind,
metadata,
provider,
state,
validation;

DELETE examples

Make a request to delete a key.

DELETE FROM confluent.encryption_keys.keys
WHERE id = '{{ id }}' --required
;