Docs Home
We recommend new projects start with resources from the AWS provider.
AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi
aws-native.paymentcryptography.Key
Explore with Pulumi AI
We recommend new projects start with resources from the AWS provider.
AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi
Definition of AWS::PaymentCryptography::Key Resource Type
Create Key Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Key(name: string, args: KeyArgs, opts?: CustomResourceOptions);@overload
def Key(resource_name: str,
args: KeyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Key(resource_name: str,
opts: Optional[ResourceOptions] = None,
exportable: Optional[bool] = None,
key_attributes: Optional[KeyAttributesArgs] = None,
enabled: Optional[bool] = None,
key_check_value_algorithm: Optional[KeyCheckValueAlgorithm] = None,
tags: Optional[Sequence[_root_inputs.TagArgs]] = None)func NewKey(ctx *Context, name string, args KeyArgs, opts ...ResourceOption) (*Key, error)public Key(string name, KeyArgs args, CustomResourceOptions? opts = null)type: aws-native:paymentcryptography:Key
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args KeyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Key Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Key resource accepts the following input properties:
- Exportable bool
- Specifies whether the key is exportable. This data is immutable after the key is created.
- Key
Attributes Pulumi.Aws Native. Payment Cryptography. Inputs. Key Attributes - The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
- Enabled bool
- Specifies whether the key is enabled.
- Key
Check Pulumi.Value Algorithm Aws Native. Payment Cryptography. Key Check Value Algorithm The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.
For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
-
List<Pulumi.
Aws Native. Inputs. Tag>
- Exportable bool
- Specifies whether the key is exportable. This data is immutable after the key is created.
- Key
Attributes KeyAttributes Args - The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
- Enabled bool
- Specifies whether the key is enabled.
- Key
Check KeyValue Algorithm Check Value Algorithm The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.
For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
-
Tag
Args
- exportable Boolean
- Specifies whether the key is exportable. This data is immutable after the key is created.
- key
Attributes KeyAttributes - The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
- enabled Boolean
- Specifies whether the key is enabled.
- key
Check KeyValue Algorithm Check Value Algorithm The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.
For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
- List<Tag>
- exportable boolean
- Specifies whether the key is exportable. This data is immutable after the key is created.
- key
Attributes KeyAttributes - The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
- enabled boolean
- Specifies whether the key is enabled.
- key
Check KeyValue Algorithm Check Value Algorithm The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.
For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
- Tag[]
- exportable bool
- Specifies whether the key is exportable. This data is immutable after the key is created.
- key_
attributes KeyAttributes Args - The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
- enabled bool
- Specifies whether the key is enabled.
- key_
check_ Keyvalue_ algorithm Check Value Algorithm The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.
For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
-
Sequence[Tag
Args]
- exportable Boolean
- Specifies whether the key is exportable. This data is immutable after the key is created.
- key
Attributes Property Map - The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
- enabled Boolean
- Specifies whether the key is enabled.
- key
Check "CMAC" | "ANSI_X9_24"Value Algorithm The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.
For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
- List<Property Map>
Outputs
All input properties are implicitly available as output properties. Additionally, the Key resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Identifier string - Key
Origin Pulumi.Aws Native. Payment Cryptography. Key Origin - The source of the key material. For keys created within AWS Payment Cryptography, the value is
AWS_PAYMENT_CRYPTOGRAPHY. For keys imported into AWS Payment Cryptography, the value isEXTERNAL. - Key
State Pulumi.Aws Native. Payment Cryptography. Key State - The state of key that is being created or deleted.
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Identifier string - Key
Origin KeyOrigin - The source of the key material. For keys created within AWS Payment Cryptography, the value is
AWS_PAYMENT_CRYPTOGRAPHY. For keys imported into AWS Payment Cryptography, the value isEXTERNAL. - Key
State KeyState Enum - The state of key that is being created or deleted.
- id String
- The provider-assigned unique ID for this managed resource.
- key
Identifier String - key
Origin KeyOrigin - The source of the key material. For keys created within AWS Payment Cryptography, the value is
AWS_PAYMENT_CRYPTOGRAPHY. For keys imported into AWS Payment Cryptography, the value isEXTERNAL. - key
State KeyState - The state of key that is being created or deleted.
- id string
- The provider-assigned unique ID for this managed resource.
- key
Identifier string - key
Origin KeyOrigin - The source of the key material. For keys created within AWS Payment Cryptography, the value is
AWS_PAYMENT_CRYPTOGRAPHY. For keys imported into AWS Payment Cryptography, the value isEXTERNAL. - key
State KeyState - The state of key that is being created or deleted.
- id str
- The provider-assigned unique ID for this managed resource.
- key_
identifier str - key_
origin KeyOrigin - The source of the key material. For keys created within AWS Payment Cryptography, the value is
AWS_PAYMENT_CRYPTOGRAPHY. For keys imported into AWS Payment Cryptography, the value isEXTERNAL. - key_
state KeyState - The state of key that is being created or deleted.
- id String
- The provider-assigned unique ID for this managed resource.
- key
Identifier String - key
Origin "EXTERNAL" | "AWS_PAYMENT_CRYPTOGRAPHY" - The source of the key material. For keys created within AWS Payment Cryptography, the value is
AWS_PAYMENT_CRYPTOGRAPHY. For keys imported into AWS Payment Cryptography, the value isEXTERNAL. - key
State "CREATE_IN_PROGRESS" | "CREATE_COMPLETE" | "DELETE_PENDING" | "DELETE_COMPLETE" - The state of key that is being created or deleted.
Supporting Types
KeyAlgorithm, KeyAlgorithmArgs
- Tdes2key
- TDES_2KEY
- Tdes3key
- TDES_3KEY
- Aes128
- AES_128
- Aes192
- AES_192
- Aes256
- AES_256
- Rsa2048
- RSA_2048
- Rsa3072
- RSA_3072
- Rsa4096
- RSA_4096
- Ecc
Nist P256 - ECC_NIST_P256
- Ecc
Nist P384 - ECC_NIST_P384
- Key
Algorithm Tdes2key - TDES_2KEY
- Key
Algorithm Tdes3key - TDES_3KEY
- Key
Algorithm Aes128 - AES_128
- Key
Algorithm Aes192 - AES_192
- Key
Algorithm Aes256 - AES_256
- Key
Algorithm Rsa2048 - RSA_2048
- Key
Algorithm Rsa3072 - RSA_3072
- Key
Algorithm Rsa4096 - RSA_4096
- Key
Algorithm Ecc Nist P256 - ECC_NIST_P256
- Key
Algorithm Ecc Nist P384 - ECC_NIST_P384
- Tdes2key
- TDES_2KEY
- Tdes3key
- TDES_3KEY
- Aes128
- AES_128
- Aes192
- AES_192
- Aes256
- AES_256
- Rsa2048
- RSA_2048
- Rsa3072
- RSA_3072
- Rsa4096
- RSA_4096
- Ecc
Nist P256 - ECC_NIST_P256
- Ecc
Nist P384 - ECC_NIST_P384
- Tdes2key
- TDES_2KEY
- Tdes3key
- TDES_3KEY
- Aes128
- AES_128
- Aes192
- AES_192
- Aes256
- AES_256
- Rsa2048
- RSA_2048
- Rsa3072
- RSA_3072
- Rsa4096
- RSA_4096
- Ecc
Nist P256 - ECC_NIST_P256
- Ecc
Nist P384 - ECC_NIST_P384
- TDES2KEY
- TDES_2KEY
- TDES3KEY
- TDES_3KEY
- AES128
- AES_128
- AES192
- AES_192
- AES256
- AES_256
- RSA2048
- RSA_2048
- RSA3072
- RSA_3072
- RSA4096
- RSA_4096
- ECC_NIST_P256
- ECC_NIST_P256
- ECC_NIST_P384
- ECC_NIST_P384
- "TDES_2KEY"
- TDES_2KEY
- "TDES_3KEY"
- TDES_3KEY
- "AES_128"
- AES_128
- "AES_192"
- AES_192
- "AES_256"
- AES_256
- "RSA_2048"
- RSA_2048
- "RSA_3072"
- RSA_3072
- "RSA_4096"
- RSA_4096
- "ECC_NIST_P256"
- ECC_NIST_P256
- "ECC_NIST_P384"
- ECC_NIST_P384
KeyAttributes, KeyAttributesArgs
- Key
Algorithm Pulumi.Aws Native. Payment Cryptography. Key Algorithm The key algorithm to be use during creation of an AWS Payment Cryptography key.
For symmetric keys, AWS Payment Cryptography supports
AESandTDESalgorithms. For asymmetric keys, AWS Payment Cryptography supportsRSAandECC_NISTalgorithms.- Key
Class Pulumi.Aws Native. Payment Cryptography. Key Class - The type of AWS Payment Cryptography key to create, which determines the classification of the cryptographic method and whether AWS Payment Cryptography key contains a symmetric key or an asymmetric key pair.
- Key
Modes Pulumi.Of Use Aws Native. Payment Cryptography. Inputs. Key Modes Of Use - The list of cryptographic operations that you can perform using the key.
- Key
Usage Pulumi.Aws Native. Payment Cryptography. Key Usage - The cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
- Key
Algorithm KeyAlgorithm The key algorithm to be use during creation of an AWS Payment Cryptography key.
For symmetric keys, AWS Payment Cryptography supports
AESandTDESalgorithms. For asymmetric keys, AWS Payment Cryptography supportsRSAandECC_NISTalgorithms.- Key
Class KeyClass - The type of AWS Payment Cryptography key to create, which determines the classification of the cryptographic method and whether AWS Payment Cryptography key contains a symmetric key or an asymmetric key pair.
- Key
Modes KeyOf Use Modes Of Use - The list of cryptographic operations that you can perform using the key.
- Key
Usage KeyUsage - The cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
- key
Algorithm KeyAlgorithm The key algorithm to be use during creation of an AWS Payment Cryptography key.
For symmetric keys, AWS Payment Cryptography supports
AESandTDESalgorithms. For asymmetric keys, AWS Payment Cryptography supportsRSAandECC_NISTalgorithms.- key
Class KeyClass - The type of AWS Payment Cryptography key to create, which determines the classification of the cryptographic method and whether AWS Payment Cryptography key contains a symmetric key or an asymmetric key pair.
- key
Modes KeyOf Use Modes Of Use - The list of cryptographic operations that you can perform using the key.
- key
Usage KeyUsage - The cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
- key
Algorithm KeyAlgorithm The key algorithm to be use during creation of an AWS Payment Cryptography key.
For symmetric keys, AWS Payment Cryptography supports
AESandTDESalgorithms. For asymmetric keys, AWS Payment Cryptography supportsRSAandECC_NISTalgorithms.- key
Class KeyClass - The type of AWS Payment Cryptography key to create, which determines the classification of the cryptographic method and whether AWS Payment Cryptography key contains a symmetric key or an asymmetric key pair.
- key
Modes KeyOf Use Modes Of Use - The list of cryptographic operations that you can perform using the key.
- key
Usage KeyUsage - The cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
- key_
algorithm KeyAlgorithm The key algorithm to be use during creation of an AWS Payment Cryptography key.
For symmetric keys, AWS Payment Cryptography supports
AESandTDESalgorithms. For asymmetric keys, AWS Payment Cryptography supportsRSAandECC_NISTalgorithms.- key_
class KeyClass - The type of AWS Payment Cryptography key to create, which determines the classification of the cryptographic method and whether AWS Payment Cryptography key contains a symmetric key or an asymmetric key pair.
- key_
modes_ Keyof_ use Modes Of Use - The list of cryptographic operations that you can perform using the key.
- key_
usage KeyUsage - The cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
- key
Algorithm "TDES_2KEY" | "TDES_3KEY" | "AES_128" | "AES_192" | "AES_256" | "RSA_2048" | "RSA_3072" | "RSA_4096" | "ECC_NIST_P256" | "ECC_NIST_P384" The key algorithm to be use during creation of an AWS Payment Cryptography key.
For symmetric keys, AWS Payment Cryptography supports
AESandTDESalgorithms. For asymmetric keys, AWS Payment Cryptography supportsRSAandECC_NISTalgorithms.- key
Class "SYMMETRIC_KEY" | "ASYMMETRIC_KEY_PAIR" | "PRIVATE_KEY" | "PUBLIC_KEY" - The type of AWS Payment Cryptography key to create, which determines the classification of the cryptographic method and whether AWS Payment Cryptography key contains a symmetric key or an asymmetric key pair.
- key
Modes Property MapOf Use - The list of cryptographic operations that you can perform using the key.
- key
Usage "TR31_B0_BASE_DERIVATION_KEY" | "TR31_C0_CARD_VERIFICATION_KEY" | "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY" | "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION" | "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS" | "TR31_E1_EMV_MKEY_CONFIDENTIALITY" | "TR31_E2_EMV_MKEY_INTEGRITY" | "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS" | "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION" | "TR31_E6_EMV_MKEY_OTHER" | "TR31_K0_KEY_ENCRYPTION_KEY" | "TR31_K1_KEY_BLOCK_PROTECTION_KEY" | "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT" | "TR31_M3_ISO_9797_3_MAC_KEY" | "TR31_M1_ISO_9797_1_MAC_KEY" | "TR31_M6_ISO_9797_5_CMAC_KEY" | "TR31_M7_HMAC_KEY" | "TR31_P0_PIN_ENCRYPTION_KEY" | "TR31_P1_PIN_GENERATION_KEY" | "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE" | "TR31_V1_IBM3624_PIN_VERIFICATION_KEY" | "TR31_V2_VISA_PIN_VERIFICATION_KEY" | "TR31_K2_TR34_ASYMMETRIC_KEY" - The cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
KeyCheckValueAlgorithm, KeyCheckValueAlgorithmArgs
- Cmac
- CMAC
- Ansi
X924 - ANSI_X9_24
- Key
Check Value Algorithm Cmac - CMAC
- Key
Check Value Algorithm Ansi X924 - ANSI_X9_24
- Cmac
- CMAC
- Ansi
X924 - ANSI_X9_24
- Cmac
- CMAC
- Ansi
X924 - ANSI_X9_24
- CMAC
- CMAC
- ANSI_X924
- ANSI_X9_24
- "CMAC"
- CMAC
- "ANSI_X9_24"
- ANSI_X9_24
KeyClass, KeyClassArgs
- Symmetric
Key - SYMMETRIC_KEY
- Asymmetric
Key Pair - ASYMMETRIC_KEY_PAIR
- Private
Key - PRIVATE_KEY
- Public
Key - PUBLIC_KEY
- Key
Class Symmetric Key - SYMMETRIC_KEY
- Key
Class Asymmetric Key Pair - ASYMMETRIC_KEY_PAIR
- Key
Class Private Key - PRIVATE_KEY
- Key
Class Public Key - PUBLIC_KEY
- Symmetric
Key - SYMMETRIC_KEY
- Asymmetric
Key Pair - ASYMMETRIC_KEY_PAIR
- Private
Key - PRIVATE_KEY
- Public
Key - PUBLIC_KEY
- Symmetric
Key - SYMMETRIC_KEY
- Asymmetric
Key Pair - ASYMMETRIC_KEY_PAIR
- Private
Key - PRIVATE_KEY
- Public
Key - PUBLIC_KEY
- SYMMETRIC_KEY
- SYMMETRIC_KEY
- ASYMMETRIC_KEY_PAIR
- ASYMMETRIC_KEY_PAIR
- PRIVATE_KEY
- PRIVATE_KEY
- PUBLIC_KEY
- PUBLIC_KEY
- "SYMMETRIC_KEY"
- SYMMETRIC_KEY
- "ASYMMETRIC_KEY_PAIR"
- ASYMMETRIC_KEY_PAIR
- "PRIVATE_KEY"
- PRIVATE_KEY
- "PUBLIC_KEY"
- PUBLIC_KEY
KeyModesOfUse, KeyModesOfUseArgs
- Decrypt bool
- Specifies whether an AWS Payment Cryptography key can be used to decrypt data.
- Derive
Key bool - Specifies whether an AWS Payment Cryptography key can be used to derive new keys.
- Encrypt bool
- Specifies whether an AWS Payment Cryptography key can be used to encrypt data.
- Generate bool
- Specifies whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
- No
Restrictions bool - Specifies whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by
KeyUsage. - Sign bool
- Specifies whether an AWS Payment Cryptography key can be used for signing.
- Unwrap bool
- Verify bool
- Specifies whether an AWS Payment Cryptography key can be used to verify signatures.
- Wrap bool
- Specifies whether an AWS Payment Cryptography key can be used to wrap other keys.
- Decrypt bool
- Specifies whether an AWS Payment Cryptography key can be used to decrypt data.
- Derive
Key bool - Specifies whether an AWS Payment Cryptography key can be used to derive new keys.
- Encrypt bool
- Specifies whether an AWS Payment Cryptography key can be used to encrypt data.
- Generate bool
- Specifies whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
- No
Restrictions bool - Specifies whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by
KeyUsage. - Sign bool
- Specifies whether an AWS Payment Cryptography key can be used for signing.
- Unwrap bool
- Verify bool
- Specifies whether an AWS Payment Cryptography key can be used to verify signatures.
- Wrap bool
- Specifies whether an AWS Payment Cryptography key can be used to wrap other keys.
- decrypt Boolean
- Specifies whether an AWS Payment Cryptography key can be used to decrypt data.
- derive
Key Boolean - Specifies whether an AWS Payment Cryptography key can be used to derive new keys.
- encrypt Boolean
- Specifies whether an AWS Payment Cryptography key can be used to encrypt data.
- generate Boolean
- Specifies whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
- no
Restrictions Boolean - Specifies whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by
KeyUsage. - sign Boolean
- Specifies whether an AWS Payment Cryptography key can be used for signing.
- unwrap Boolean
- verify Boolean
- Specifies whether an AWS Payment Cryptography key can be used to verify signatures.
- wrap Boolean
- Specifies whether an AWS Payment Cryptography key can be used to wrap other keys.
- decrypt boolean
- Specifies whether an AWS Payment Cryptography key can be used to decrypt data.
- derive
Key boolean - Specifies whether an AWS Payment Cryptography key can be used to derive new keys.
- encrypt boolean
- Specifies whether an AWS Payment Cryptography key can be used to encrypt data.
- generate boolean
- Specifies whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
- no
Restrictions boolean - Specifies whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by
KeyUsage. - sign boolean
- Specifies whether an AWS Payment Cryptography key can be used for signing.
- unwrap boolean
- verify boolean
- Specifies whether an AWS Payment Cryptography key can be used to verify signatures.
- wrap boolean
- Specifies whether an AWS Payment Cryptography key can be used to wrap other keys.
- decrypt bool
- Specifies whether an AWS Payment Cryptography key can be used to decrypt data.
- derive_
key bool - Specifies whether an AWS Payment Cryptography key can be used to derive new keys.
- encrypt bool
- Specifies whether an AWS Payment Cryptography key can be used to encrypt data.
- generate bool
- Specifies whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
- no_
restrictions bool - Specifies whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by
KeyUsage. - sign bool
- Specifies whether an AWS Payment Cryptography key can be used for signing.
- unwrap bool
- verify bool
- Specifies whether an AWS Payment Cryptography key can be used to verify signatures.
- wrap bool
- Specifies whether an AWS Payment Cryptography key can be used to wrap other keys.
- decrypt Boolean
- Specifies whether an AWS Payment Cryptography key can be used to decrypt data.
- derive
Key Boolean - Specifies whether an AWS Payment Cryptography key can be used to derive new keys.
- encrypt Boolean
- Specifies whether an AWS Payment Cryptography key can be used to encrypt data.
- generate Boolean
- Specifies whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
- no
Restrictions Boolean - Specifies whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by
KeyUsage. - sign Boolean
- Specifies whether an AWS Payment Cryptography key can be used for signing.
- unwrap Boolean
- verify Boolean
- Specifies whether an AWS Payment Cryptography key can be used to verify signatures.
- wrap Boolean
- Specifies whether an AWS Payment Cryptography key can be used to wrap other keys.
KeyOrigin, KeyOriginArgs
- External
- EXTERNAL
- Aws
Payment Cryptography - AWS_PAYMENT_CRYPTOGRAPHY
- Key
Origin External - EXTERNAL
- Key
Origin Aws Payment Cryptography - AWS_PAYMENT_CRYPTOGRAPHY
- External
- EXTERNAL
- Aws
Payment Cryptography - AWS_PAYMENT_CRYPTOGRAPHY
- External
- EXTERNAL
- Aws
Payment Cryptography - AWS_PAYMENT_CRYPTOGRAPHY
- EXTERNAL
- EXTERNAL
- AWS_PAYMENT_CRYPTOGRAPHY
- AWS_PAYMENT_CRYPTOGRAPHY
- "EXTERNAL"
- EXTERNAL
- "AWS_PAYMENT_CRYPTOGRAPHY"
- AWS_PAYMENT_CRYPTOGRAPHY
KeyState, KeyStateArgs
- Create
In Progress - CREATE_IN_PROGRESS
- Create
Complete - CREATE_COMPLETE
- Delete
Pending - DELETE_PENDING
- Delete
Complete - DELETE_COMPLETE
- Key
State Create In Progress - CREATE_IN_PROGRESS
- Key
State Create Complete - CREATE_COMPLETE
- Key
State Delete Pending - DELETE_PENDING
- Key
State Delete Complete - DELETE_COMPLETE
- Create
In Progress - CREATE_IN_PROGRESS
- Create
Complete - CREATE_COMPLETE
- Delete
Pending - DELETE_PENDING
- Delete
Complete - DELETE_COMPLETE
- Create
In Progress - CREATE_IN_PROGRESS
- Create
Complete - CREATE_COMPLETE
- Delete
Pending - DELETE_PENDING
- Delete
Complete - DELETE_COMPLETE
- CREATE_IN_PROGRESS
- CREATE_IN_PROGRESS
- CREATE_COMPLETE
- CREATE_COMPLETE
- DELETE_PENDING
- DELETE_PENDING
- DELETE_COMPLETE
- DELETE_COMPLETE
- "CREATE_IN_PROGRESS"
- CREATE_IN_PROGRESS
- "CREATE_COMPLETE"
- CREATE_COMPLETE
- "DELETE_PENDING"
- DELETE_PENDING
- "DELETE_COMPLETE"
- DELETE_COMPLETE
KeyUsage, KeyUsageArgs
- Tr31b0Base
Derivation Key - TR31_B0_BASE_DERIVATION_KEY
- Tr31c0Card
Verification Key - TR31_C0_CARD_VERIFICATION_KEY
- Tr31d0Symmetric
Data Encryption Key - TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY
- Tr31d1Asymmetric
Key For Data Encryption - TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION
- Tr31e0Emv
Mkey App Cryptograms - TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS
- Tr31e1Emv
Mkey Confidentiality - TR31_E1_EMV_MKEY_CONFIDENTIALITY
- Tr31e2Emv
Mkey Integrity - TR31_E2_EMV_MKEY_INTEGRITY
- Tr31e4Emv
Mkey Dynamic Numbers - TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS
- Tr31e5Emv
Mkey Card Personalization - TR31_E5_EMV_MKEY_CARD_PERSONALIZATION
- Tr31e6Emv
Mkey Other - TR31_E6_EMV_MKEY_OTHER
- Tr31k0Key
Encryption Key - TR31_K0_KEY_ENCRYPTION_KEY
- Tr31k1Key
Block Protection Key - TR31_K1_KEY_BLOCK_PROTECTION_KEY
- Tr31k3Asymmetric
Key For Key Agreement - TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT
- Tr31m3Iso97973Mac
Key - TR31_M3_ISO_9797_3_MAC_KEY
- Tr31m1Iso97971Mac
Key - TR31_M1_ISO_9797_1_MAC_KEY
- Tr31m6Iso97975Cmac
Key - TR31_M6_ISO_9797_5_CMAC_KEY
- Tr31m7Hmac
Key - TR31_M7_HMAC_KEY
- Tr31p0Pin
Encryption Key - TR31_P0_PIN_ENCRYPTION_KEY
- Tr31p1Pin
Generation Key - TR31_P1_PIN_GENERATION_KEY
- Tr31s0Asymmetric
Key For Digital Signature - TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE
- Tr31v1Ibm3624Pin
Verification Key - TR31_V1_IBM3624_PIN_VERIFICATION_KEY
- Tr31v2Visa
Pin Verification Key - TR31_V2_VISA_PIN_VERIFICATION_KEY
- Tr31k2Tr34Asymmetric
Key - TR31_K2_TR34_ASYMMETRIC_KEY
- Key
Usage Tr31b0Base Derivation Key - TR31_B0_BASE_DERIVATION_KEY
- Key
Usage Tr31c0Card Verification Key - TR31_C0_CARD_VERIFICATION_KEY
- Key
Usage Tr31d0Symmetric Data Encryption Key - TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY
- Key
Usage Tr31d1Asymmetric Key For Data Encryption - TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION
- Key
Usage Tr31e0Emv Mkey App Cryptograms - TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS
- Key
Usage Tr31e1Emv Mkey Confidentiality - TR31_E1_EMV_MKEY_CONFIDENTIALITY
- Key
Usage Tr31e2Emv Mkey Integrity - TR31_E2_EMV_MKEY_INTEGRITY
- Key
Usage Tr31e4Emv Mkey Dynamic Numbers - TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS
- Key
Usage Tr31e5Emv Mkey Card Personalization - TR31_E5_EMV_MKEY_CARD_PERSONALIZATION
- Key
Usage Tr31e6Emv Mkey Other - TR31_E6_EMV_MKEY_OTHER
- Key
Usage Tr31k0Key Encryption Key - TR31_K0_KEY_ENCRYPTION_KEY
- Key
Usage Tr31k1Key Block Protection Key - TR31_K1_KEY_BLOCK_PROTECTION_KEY
- Key
Usage Tr31k3Asymmetric Key For Key Agreement - TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT
- Key
Usage Tr31m3Iso97973Mac Key - TR31_M3_ISO_9797_3_MAC_KEY
- Key
Usage Tr31m1Iso97971Mac Key - TR31_M1_ISO_9797_1_MAC_KEY
- Key
Usage Tr31m6Iso97975Cmac Key - TR31_M6_ISO_9797_5_CMAC_KEY
- Key
Usage Tr31m7Hmac Key - TR31_M7_HMAC_KEY
- Key
Usage Tr31p0Pin Encryption Key - TR31_P0_PIN_ENCRYPTION_KEY
- Key
Usage Tr31p1Pin Generation Key - TR31_P1_PIN_GENERATION_KEY
- Key
Usage Tr31s0Asymmetric Key For Digital Signature - TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE
- Key
Usage Tr31v1Ibm3624Pin Verification Key - TR31_V1_IBM3624_PIN_VERIFICATION_KEY
- Key
Usage Tr31v2Visa Pin Verification Key - TR31_V2_VISA_PIN_VERIFICATION_KEY
- Key
Usage Tr31k2Tr34Asymmetric Key - TR31_K2_TR34_ASYMMETRIC_KEY
- Tr31b0Base
Derivation Key - TR31_B0_BASE_DERIVATION_KEY
- Tr31c0Card
Verification Key - TR31_C0_CARD_VERIFICATION_KEY
- Tr31d0Symmetric
Data Encryption Key - TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY
- Tr31d1Asymmetric
Key For Data Encryption - TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION
- Tr31e0Emv
Mkey App Cryptograms - TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS
- Tr31e1Emv
Mkey Confidentiality - TR31_E1_EMV_MKEY_CONFIDENTIALITY
- Tr31e2Emv
Mkey Integrity - TR31_E2_EMV_MKEY_INTEGRITY
- Tr31e4Emv
Mkey Dynamic Numbers - TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS
- Tr31e5Emv
Mkey Card Personalization - TR31_E5_EMV_MKEY_CARD_PERSONALIZATION
- Tr31e6Emv
Mkey Other - TR31_E6_EMV_MKEY_OTHER
- Tr31k0Key
Encryption Key - TR31_K0_KEY_ENCRYPTION_KEY
- Tr31k1Key
Block Protection Key - TR31_K1_KEY_BLOCK_PROTECTION_KEY
- Tr31k3Asymmetric
Key For Key Agreement - TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT
- Tr31m3Iso97973Mac
Key - TR31_M3_ISO_9797_3_MAC_KEY
- Tr31m1Iso97971Mac
Key - TR31_M1_ISO_9797_1_MAC_KEY
- Tr31m6Iso97975Cmac
Key - TR31_M6_ISO_9797_5_CMAC_KEY
- Tr31m7Hmac
Key - TR31_M7_HMAC_KEY
- Tr31p0Pin
Encryption Key - TR31_P0_PIN_ENCRYPTION_KEY
- Tr31p1Pin
Generation Key - TR31_P1_PIN_GENERATION_KEY
- Tr31s0Asymmetric
Key For Digital Signature - TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE
- Tr31v1Ibm3624Pin
Verification Key - TR31_V1_IBM3624_PIN_VERIFICATION_KEY
- Tr31v2Visa
Pin Verification Key - TR31_V2_VISA_PIN_VERIFICATION_KEY
- Tr31k2Tr34Asymmetric
Key - TR31_K2_TR34_ASYMMETRIC_KEY
- Tr31b0Base
Derivation Key - TR31_B0_BASE_DERIVATION_KEY
- Tr31c0Card
Verification Key - TR31_C0_CARD_VERIFICATION_KEY
- Tr31d0Symmetric
Data Encryption Key - TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY
- Tr31d1Asymmetric
Key For Data Encryption - TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION
- Tr31e0Emv
Mkey App Cryptograms - TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS
- Tr31e1Emv
Mkey Confidentiality - TR31_E1_EMV_MKEY_CONFIDENTIALITY
- Tr31e2Emv
Mkey Integrity - TR31_E2_EMV_MKEY_INTEGRITY
- Tr31e4Emv
Mkey Dynamic Numbers - TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS
- Tr31e5Emv
Mkey Card Personalization - TR31_E5_EMV_MKEY_CARD_PERSONALIZATION
- Tr31e6Emv
Mkey Other - TR31_E6_EMV_MKEY_OTHER
- Tr31k0Key
Encryption Key - TR31_K0_KEY_ENCRYPTION_KEY
- Tr31k1Key
Block Protection Key - TR31_K1_KEY_BLOCK_PROTECTION_KEY
- Tr31k3Asymmetric
Key For Key Agreement - TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT
- Tr31m3Iso97973Mac
Key - TR31_M3_ISO_9797_3_MAC_KEY
- Tr31m1Iso97971Mac
Key - TR31_M1_ISO_9797_1_MAC_KEY
- Tr31m6Iso97975Cmac
Key - TR31_M6_ISO_9797_5_CMAC_KEY
- Tr31m7Hmac
Key - TR31_M7_HMAC_KEY
- Tr31p0Pin
Encryption Key - TR31_P0_PIN_ENCRYPTION_KEY
- Tr31p1Pin
Generation Key - TR31_P1_PIN_GENERATION_KEY
- Tr31s0Asymmetric
Key For Digital Signature - TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE
- Tr31v1Ibm3624Pin
Verification Key - TR31_V1_IBM3624_PIN_VERIFICATION_KEY
- Tr31v2Visa
Pin Verification Key - TR31_V2_VISA_PIN_VERIFICATION_KEY
- Tr31k2Tr34Asymmetric
Key - TR31_K2_TR34_ASYMMETRIC_KEY
- TR31B0_BASE_DERIVATION_KEY
- TR31_B0_BASE_DERIVATION_KEY
- TR31C0_CARD_VERIFICATION_KEY
- TR31_C0_CARD_VERIFICATION_KEY
- TR31D0_SYMMETRIC_DATA_ENCRYPTION_KEY
- TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY
- TR31D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION
- TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION
- TR31E0_EMV_MKEY_APP_CRYPTOGRAMS
- TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS
- TR31E1_EMV_MKEY_CONFIDENTIALITY
- TR31_E1_EMV_MKEY_CONFIDENTIALITY
- TR31E2_EMV_MKEY_INTEGRITY
- TR31_E2_EMV_MKEY_INTEGRITY
- TR31E4_EMV_MKEY_DYNAMIC_NUMBERS
- TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS
- TR31E5_EMV_MKEY_CARD_PERSONALIZATION
- TR31_E5_EMV_MKEY_CARD_PERSONALIZATION
- TR31E6_EMV_MKEY_OTHER
- TR31_E6_EMV_MKEY_OTHER
- TR31K0_KEY_ENCRYPTION_KEY
- TR31_K0_KEY_ENCRYPTION_KEY
- TR31K1_KEY_BLOCK_PROTECTION_KEY
- TR31_K1_KEY_BLOCK_PROTECTION_KEY
- TR31K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT
- TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT
- TR31M3_ISO97973_MAC_KEY
- TR31_M3_ISO_9797_3_MAC_KEY
- TR31M1_ISO97971_MAC_KEY
- TR31_M1_ISO_9797_1_MAC_KEY
- TR31M6_ISO97975_CMAC_KEY
- TR31_M6_ISO_9797_5_CMAC_KEY
- TR31M7_HMAC_KEY
- TR31_M7_HMAC_KEY
- TR31P0_PIN_ENCRYPTION_KEY
- TR31_P0_PIN_ENCRYPTION_KEY
- TR31P1_PIN_GENERATION_KEY
- TR31_P1_PIN_GENERATION_KEY
- TR31S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE
- TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE
- TR31V1_IBM3624_PIN_VERIFICATION_KEY
- TR31_V1_IBM3624_PIN_VERIFICATION_KEY
- TR31V2_VISA_PIN_VERIFICATION_KEY
- TR31_V2_VISA_PIN_VERIFICATION_KEY
- TR31K2_TR34_ASYMMETRIC_KEY
- TR31_K2_TR34_ASYMMETRIC_KEY
- "TR31_B0_BASE_DERIVATION_KEY"
- TR31_B0_BASE_DERIVATION_KEY
- "TR31_C0_CARD_VERIFICATION_KEY"
- TR31_C0_CARD_VERIFICATION_KEY
- "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY"
- TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY
- "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION"
- TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION
- "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS"
- TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS
- "TR31_E1_EMV_MKEY_CONFIDENTIALITY"
- TR31_E1_EMV_MKEY_CONFIDENTIALITY
- "TR31_E2_EMV_MKEY_INTEGRITY"
- TR31_E2_EMV_MKEY_INTEGRITY
- "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS"
- TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS
- "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION"
- TR31_E5_EMV_MKEY_CARD_PERSONALIZATION
- "TR31_E6_EMV_MKEY_OTHER"
- TR31_E6_EMV_MKEY_OTHER
- "TR31_K0_KEY_ENCRYPTION_KEY"
- TR31_K0_KEY_ENCRYPTION_KEY
- "TR31_K1_KEY_BLOCK_PROTECTION_KEY"
- TR31_K1_KEY_BLOCK_PROTECTION_KEY
- "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT"
- TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT
- "TR31_M3_ISO_9797_3_MAC_KEY"
- TR31_M3_ISO_9797_3_MAC_KEY
- "TR31_M1_ISO_9797_1_MAC_KEY"
- TR31_M1_ISO_9797_1_MAC_KEY
- "TR31_M6_ISO_9797_5_CMAC_KEY"
- TR31_M6_ISO_9797_5_CMAC_KEY
- "TR31_M7_HMAC_KEY"
- TR31_M7_HMAC_KEY
- "TR31_P0_PIN_ENCRYPTION_KEY"
- TR31_P0_PIN_ENCRYPTION_KEY
- "TR31_P1_PIN_GENERATION_KEY"
- TR31_P1_PIN_GENERATION_KEY
- "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE"
- TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE
- "TR31_V1_IBM3624_PIN_VERIFICATION_KEY"
- TR31_V1_IBM3624_PIN_VERIFICATION_KEY
- "TR31_V2_VISA_PIN_VERIFICATION_KEY"
- TR31_V2_VISA_PIN_VERIFICATION_KEY
- "TR31_K2_TR34_ASYMMETRIC_KEY"
- TR31_K2_TR34_ASYMMETRIC_KEY
Tag, TagArgs
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.
AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi