Docs Home
hsdp 0.67.0 published on Friday, May 16, 2025 by philips-software
hsdp.TenantKey
Explore with Pulumi AI
hsdp 0.67.0 published on Friday, May 16, 2025 by philips-software
The hsdp.TenantKey resource provides a way to generate and manage API keys for accessing HSDP tenant services. These keys are generated with specific scopes, expiration times, and are tied to a specific project and organization.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as hsdp from "@pulumi/hsdp";
const example = new hsdp.TenantKey("example", {
environment: "prod",
expiration: "2025-12-31T23:59:59Z",
organization: "my-organization",
project: "my-project",
region: "us-east",
salt: "static-salt-value",
scopes: [
"scope1",
"scope2",
],
signingKey: "your-secure-signing-key",
});
// Examples of other valid time formats
const shortLived = new hsdp.TenantKey("shortLived", {
expiration: "2023-06-30T12:00:00Z",
organization: "my-organization",
project: "my-project",
salt: "salt-1",
signingKey: "temporary-key",
});
const longLived = new hsdp.TenantKey("longLived", {
expiration: "2030-01-01T00:00:00Z",
organization: "my-organization",
project: "my-project",
salt: "salt-2",
signingKey: "permanent-key",
});
import pulumi
import pulumi_hsdp as hsdp
example = hsdp.TenantKey("example",
environment="prod",
expiration="2025-12-31T23:59:59Z",
organization="my-organization",
project="my-project",
region="us-east",
salt="static-salt-value",
scopes=[
"scope1",
"scope2",
],
signing_key="your-secure-signing-key")
# Examples of other valid time formats
short_lived = hsdp.TenantKey("shortLived",
expiration="2023-06-30T12:00:00Z",
organization="my-organization",
project="my-project",
salt="salt-1",
signing_key="temporary-key")
long_lived = hsdp.TenantKey("longLived",
expiration="2030-01-01T00:00:00Z",
organization="my-organization",
project="my-project",
salt="salt-2",
signing_key="permanent-key")
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/hsdp/hsdp"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := hsdp.NewTenantKey(ctx, "example", &hsdp.TenantKeyArgs{
Environment: pulumi.String("prod"),
Expiration: pulumi.String("2025-12-31T23:59:59Z"),
Organization: pulumi.String("my-organization"),
Project: pulumi.String("my-project"),
Region: pulumi.String("us-east"),
Salt: pulumi.String("static-salt-value"),
Scopes: pulumi.StringArray{
pulumi.String("scope1"),
pulumi.String("scope2"),
},
SigningKey: pulumi.String("your-secure-signing-key"),
})
if err != nil {
return err
}
// Examples of other valid time formats
_, err = hsdp.NewTenantKey(ctx, "shortLived", &hsdp.TenantKeyArgs{
Expiration: pulumi.String("2023-06-30T12:00:00Z"),
Organization: pulumi.String("my-organization"),
Project: pulumi.String("my-project"),
Salt: pulumi.String("salt-1"),
SigningKey: pulumi.String("temporary-key"),
})
if err != nil {
return err
}
_, err = hsdp.NewTenantKey(ctx, "longLived", &hsdp.TenantKeyArgs{
Expiration: pulumi.String("2030-01-01T00:00:00Z"),
Organization: pulumi.String("my-organization"),
Project: pulumi.String("my-project"),
Salt: pulumi.String("salt-2"),
SigningKey: pulumi.String("permanent-key"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Hsdp = Pulumi.Hsdp;
return await Deployment.RunAsync(() =>
{
var example = new Hsdp.TenantKey("example", new()
{
Environment = "prod",
Expiration = "2025-12-31T23:59:59Z",
Organization = "my-organization",
Project = "my-project",
Region = "us-east",
Salt = "static-salt-value",
Scopes = new[]
{
"scope1",
"scope2",
},
SigningKey = "your-secure-signing-key",
});
// Examples of other valid time formats
var shortLived = new Hsdp.TenantKey("shortLived", new()
{
Expiration = "2023-06-30T12:00:00Z",
Organization = "my-organization",
Project = "my-project",
Salt = "salt-1",
SigningKey = "temporary-key",
});
var longLived = new Hsdp.TenantKey("longLived", new()
{
Expiration = "2030-01-01T00:00:00Z",
Organization = "my-organization",
Project = "my-project",
Salt = "salt-2",
SigningKey = "permanent-key",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.hsdp.TenantKey;
import com.pulumi.hsdp.TenantKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new TenantKey("example", TenantKeyArgs.builder()
.environment("prod")
.expiration("2025-12-31T23:59:59Z")
.organization("my-organization")
.project("my-project")
.region("us-east")
.salt("static-salt-value")
.scopes(
"scope1",
"scope2")
.signingKey("your-secure-signing-key")
.build());
// Examples of other valid time formats
var shortLived = new TenantKey("shortLived", TenantKeyArgs.builder()
.expiration("2023-06-30T12:00:00Z")
.organization("my-organization")
.project("my-project")
.salt("salt-1")
.signingKey("temporary-key")
.build());
var longLived = new TenantKey("longLived", TenantKeyArgs.builder()
.expiration("2030-01-01T00:00:00Z")
.organization("my-organization")
.project("my-project")
.salt("salt-2")
.signingKey("permanent-key")
.build());
}
}
resources:
example:
type: hsdp:TenantKey
properties:
environment: prod
expiration: 2025-12-31T23:59:59Z
# Key valid until the end of 2025
organization: my-organization
project: my-project
region: us-east
salt: static-salt-value
# Optional salt for deterministic key generation
scopes:
- scope1
- scope2
signingKey: your-secure-signing-key
# Examples of other valid time formats
shortLived:
type: hsdp:TenantKey
properties:
expiration: 2023-06-30T12:00:00Z
# Mid-year expiration
organization: my-organization
project: my-project
salt: salt-1
signingKey: temporary-key
longLived:
type: hsdp:TenantKey
properties:
expiration: 2030-01-01T00:00:00Z
# Valid until 2030
organization: my-organization
project: my-project
salt: salt-2
signingKey: permanent-key
Notes
- All fields are marked as ForceNew, meaning any changes to these fields will create a new resource (and destroy the old one).
- The API key is generated deterministically when a
saltvalue is provided. Using the same inputs (project, organization, salt, etc.) will always generate the same key. - The API key generation is no longer time-dependent as it uses a specific expiration time rather than a relative duration.
- Both the API key and signature are computed values based on your configuration.
- The
signatureattribute is provided both as the resource ID and as a separate output field, making it easier to reference in other resources or outputs
Create TenantKey Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new TenantKey(name: string, args: TenantKeyArgs, opts?: CustomResourceOptions);@overload
def TenantKey(resource_name: str,
args: TenantKeyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def TenantKey(resource_name: str,
opts: Optional[ResourceOptions] = None,
organization: Optional[str] = None,
project: Optional[str] = None,
signing_key: Optional[str] = None,
environment: Optional[str] = None,
expiration: Optional[str] = None,
region: Optional[str] = None,
salt: Optional[str] = None,
scopes: Optional[Sequence[str]] = None,
tenant_key_id: Optional[str] = None)func NewTenantKey(ctx *Context, name string, args TenantKeyArgs, opts ...ResourceOption) (*TenantKey, error)public TenantKey(string name, TenantKeyArgs args, CustomResourceOptions? opts = null)
public TenantKey(String name, TenantKeyArgs args)
public TenantKey(String name, TenantKeyArgs args, CustomResourceOptions options)
type: hsdp:TenantKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args TenantKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args TenantKeyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args TenantKeyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args TenantKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args TenantKeyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var tenantKeyResource = new Hsdp.TenantKey("tenantKeyResource", new()
{
Organization = "string",
Project = "string",
SigningKey = "string",
Environment = "string",
Expiration = "string",
Region = "string",
Salt = "string",
Scopes = new[]
{
"string",
},
TenantKeyId = "string",
});
example, err := hsdp.NewTenantKey(ctx, "tenantKeyResource", &hsdp.TenantKeyArgs{
Organization: pulumi.String("string"),
Project: pulumi.String("string"),
SigningKey: pulumi.String("string"),
Environment: pulumi.String("string"),
Expiration: pulumi.String("string"),
Region: pulumi.String("string"),
Salt: pulumi.String("string"),
Scopes: pulumi.StringArray{
pulumi.String("string"),
},
TenantKeyId: pulumi.String("string"),
})
var tenantKeyResource = new TenantKey("tenantKeyResource", TenantKeyArgs.builder()
.organization("string")
.project("string")
.signingKey("string")
.environment("string")
.expiration("string")
.region("string")
.salt("string")
.scopes("string")
.tenantKeyId("string")
.build());
tenant_key_resource = hsdp.TenantKey("tenantKeyResource",
organization="string",
project="string",
signing_key="string",
environment="string",
expiration="string",
region="string",
salt="string",
scopes=["string"],
tenant_key_id="string")
const tenantKeyResource = new hsdp.TenantKey("tenantKeyResource", {
organization: "string",
project: "string",
signingKey: "string",
environment: "string",
expiration: "string",
region: "string",
salt: "string",
scopes: ["string"],
tenantKeyId: "string",
});
type: hsdp:TenantKey
properties:
environment: string
expiration: string
organization: string
project: string
region: string
salt: string
scopes:
- string
signingKey: string
tenantKeyId: string
TenantKey Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The TenantKey resource accepts the following input properties:
- Organization string
- The organization identifier the key is associated with.
- Project string
- The project identifier the key is associated with.
- Signing
Key string - The signing key used to generate the API key. This is sensitive information.
- Environment string
- The environment for the key. Default is "prod".
- Expiration string
- The expiration time for the key in RFC3339 format (e.g., "2025-12-31T23:59:59Z"). Default is one year from the current date.
- Region string
- The region for the key. Default is "us-east".
- Salt string
- A salt value used to generate deterministic API keys. Using the same salt value with the same inputs will always generate the same key.
- Scopes List<string>
- A list of scopes to associate with the key. These define the permissions granted to the key.
- Tenant
Key stringId - The signature of the generated API key, used to identify this resource.
- Organization string
- The organization identifier the key is associated with.
- Project string
- The project identifier the key is associated with.
- Signing
Key string - The signing key used to generate the API key. This is sensitive information.
- Environment string
- The environment for the key. Default is "prod".
- Expiration string
- The expiration time for the key in RFC3339 format (e.g., "2025-12-31T23:59:59Z"). Default is one year from the current date.
- Region string
- The region for the key. Default is "us-east".
- Salt string
- A salt value used to generate deterministic API keys. Using the same salt value with the same inputs will always generate the same key.
- Scopes []string
- A list of scopes to associate with the key. These define the permissions granted to the key.
- Tenant
Key stringId - The signature of the generated API key, used to identify this resource.
- organization String
- The organization identifier the key is associated with.
- project String
- The project identifier the key is associated with.
- signing
Key String - The signing key used to generate the API key. This is sensitive information.
- environment String
- The environment for the key. Default is "prod".
- expiration String
- The expiration time for the key in RFC3339 format (e.g., "2025-12-31T23:59:59Z"). Default is one year from the current date.
- region String
- The region for the key. Default is "us-east".
- salt String
- A salt value used to generate deterministic API keys. Using the same salt value with the same inputs will always generate the same key.
- scopes List<String>
- A list of scopes to associate with the key. These define the permissions granted to the key.
- tenant
Key StringId - The signature of the generated API key, used to identify this resource.
- organization string
- The organization identifier the key is associated with.
- project string
- The project identifier the key is associated with.
- signing
Key string - The signing key used to generate the API key. This is sensitive information.
- environment string
- The environment for the key. Default is "prod".
- expiration string
- The expiration time for the key in RFC3339 format (e.g., "2025-12-31T23:59:59Z"). Default is one year from the current date.
- region string
- The region for the key. Default is "us-east".
- salt string
- A salt value used to generate deterministic API keys. Using the same salt value with the same inputs will always generate the same key.
- scopes string[]
- A list of scopes to associate with the key. These define the permissions granted to the key.
- tenant
Key stringId - The signature of the generated API key, used to identify this resource.
- organization str
- The organization identifier the key is associated with.
- project str
- The project identifier the key is associated with.
- signing_
key str - The signing key used to generate the API key. This is sensitive information.
- environment str
- The environment for the key. Default is "prod".
- expiration str
- The expiration time for the key in RFC3339 format (e.g., "2025-12-31T23:59:59Z"). Default is one year from the current date.
- region str
- The region for the key. Default is "us-east".
- salt str
- A salt value used to generate deterministic API keys. Using the same salt value with the same inputs will always generate the same key.
- scopes Sequence[str]
- A list of scopes to associate with the key. These define the permissions granted to the key.
- tenant_
key_ strid - The signature of the generated API key, used to identify this resource.
- organization String
- The organization identifier the key is associated with.
- project String
- The project identifier the key is associated with.
- signing
Key String - The signing key used to generate the API key. This is sensitive information.
- environment String
- The environment for the key. Default is "prod".
- expiration String
- The expiration time for the key in RFC3339 format (e.g., "2025-12-31T23:59:59Z"). Default is one year from the current date.
- region String
- The region for the key. Default is "us-east".
- salt String
- A salt value used to generate deterministic API keys. Using the same salt value with the same inputs will always generate the same key.
- scopes List<String>
- A list of scopes to associate with the key. These define the permissions granted to the key.
- tenant
Key StringId - The signature of the generated API key, used to identify this resource.
Outputs
All input properties are implicitly available as output properties. Additionally, the TenantKey resource produces the following output properties:
Look up Existing TenantKey Resource
Get an existing TenantKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: TenantKeyState, opts?: CustomResourceOptions): TenantKey@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
environment: Optional[str] = None,
expiration: Optional[str] = None,
organization: Optional[str] = None,
project: Optional[str] = None,
region: Optional[str] = None,
result: Optional[str] = None,
salt: Optional[str] = None,
scopes: Optional[Sequence[str]] = None,
signature: Optional[str] = None,
signing_key: Optional[str] = None,
tenant_key_id: Optional[str] = None) -> TenantKeyfunc GetTenantKey(ctx *Context, name string, id IDInput, state *TenantKeyState, opts ...ResourceOption) (*TenantKey, error)public static TenantKey Get(string name, Input<string> id, TenantKeyState? state, CustomResourceOptions? opts = null)public static TenantKey get(String name, Output<String> id, TenantKeyState state, CustomResourceOptions options)resources: _: type: hsdp:TenantKey get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Environment string
- The environment for the key. Default is "prod".
- Expiration string
- The expiration time for the key in RFC3339 format (e.g., "2025-12-31T23:59:59Z"). Default is one year from the current date.
- Organization string
- The organization identifier the key is associated with.
- Project string
- The project identifier the key is associated with.
- Region string
- The region for the key. Default is "us-east".
- Result string
- The generated API key (sensitive value).
- Salt string
- A salt value used to generate deterministic API keys. Using the same salt value with the same inputs will always generate the same key.
- Scopes List<string>
- A list of scopes to associate with the key. These define the permissions granted to the key.
- Signature string
- The signature of the generated API key (same as id, for consistency with other resources).
- Signing
Key string - The signing key used to generate the API key. This is sensitive information.
- Tenant
Key stringId - The signature of the generated API key, used to identify this resource.
- Environment string
- The environment for the key. Default is "prod".
- Expiration string
- The expiration time for the key in RFC3339 format (e.g., "2025-12-31T23:59:59Z"). Default is one year from the current date.
- Organization string
- The organization identifier the key is associated with.
- Project string
- The project identifier the key is associated with.
- Region string
- The region for the key. Default is "us-east".
- Result string
- The generated API key (sensitive value).
- Salt string
- A salt value used to generate deterministic API keys. Using the same salt value with the same inputs will always generate the same key.
- Scopes []string
- A list of scopes to associate with the key. These define the permissions granted to the key.
- Signature string
- The signature of the generated API key (same as id, for consistency with other resources).
- Signing
Key string - The signing key used to generate the API key. This is sensitive information.
- Tenant
Key stringId - The signature of the generated API key, used to identify this resource.
- environment String
- The environment for the key. Default is "prod".
- expiration String
- The expiration time for the key in RFC3339 format (e.g., "2025-12-31T23:59:59Z"). Default is one year from the current date.
- organization String
- The organization identifier the key is associated with.
- project String
- The project identifier the key is associated with.
- region String
- The region for the key. Default is "us-east".
- result String
- The generated API key (sensitive value).
- salt String
- A salt value used to generate deterministic API keys. Using the same salt value with the same inputs will always generate the same key.
- scopes List<String>
- A list of scopes to associate with the key. These define the permissions granted to the key.
- signature String
- The signature of the generated API key (same as id, for consistency with other resources).
- signing
Key String - The signing key used to generate the API key. This is sensitive information.
- tenant
Key StringId - The signature of the generated API key, used to identify this resource.
- environment string
- The environment for the key. Default is "prod".
- expiration string
- The expiration time for the key in RFC3339 format (e.g., "2025-12-31T23:59:59Z"). Default is one year from the current date.
- organization string
- The organization identifier the key is associated with.
- project string
- The project identifier the key is associated with.
- region string
- The region for the key. Default is "us-east".
- result string
- The generated API key (sensitive value).
- salt string
- A salt value used to generate deterministic API keys. Using the same salt value with the same inputs will always generate the same key.
- scopes string[]
- A list of scopes to associate with the key. These define the permissions granted to the key.
- signature string
- The signature of the generated API key (same as id, for consistency with other resources).
- signing
Key string - The signing key used to generate the API key. This is sensitive information.
- tenant
Key stringId - The signature of the generated API key, used to identify this resource.
- environment str
- The environment for the key. Default is "prod".
- expiration str
- The expiration time for the key in RFC3339 format (e.g., "2025-12-31T23:59:59Z"). Default is one year from the current date.
- organization str
- The organization identifier the key is associated with.
- project str
- The project identifier the key is associated with.
- region str
- The region for the key. Default is "us-east".
- result str
- The generated API key (sensitive value).
- salt str
- A salt value used to generate deterministic API keys. Using the same salt value with the same inputs will always generate the same key.
- scopes Sequence[str]
- A list of scopes to associate with the key. These define the permissions granted to the key.
- signature str
- The signature of the generated API key (same as id, for consistency with other resources).
- signing_
key str - The signing key used to generate the API key. This is sensitive information.
- tenant_
key_ strid - The signature of the generated API key, used to identify this resource.
- environment String
- The environment for the key. Default is "prod".
- expiration String
- The expiration time for the key in RFC3339 format (e.g., "2025-12-31T23:59:59Z"). Default is one year from the current date.
- organization String
- The organization identifier the key is associated with.
- project String
- The project identifier the key is associated with.
- region String
- The region for the key. Default is "us-east".
- result String
- The generated API key (sensitive value).
- salt String
- A salt value used to generate deterministic API keys. Using the same salt value with the same inputs will always generate the same key.
- scopes List<String>
- A list of scopes to associate with the key. These define the permissions granted to the key.
- signature String
- The signature of the generated API key (same as id, for consistency with other resources).
- signing
Key String - The signing key used to generate the API key. This is sensitive information.
- tenant
Key StringId - The signature of the generated API key, used to identify this resource.
Import
Tenant keys can be imported using the signature, e.g.,
$ pulumi import hsdp:index/tenantKey:TenantKey example [signature]
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- hsdp philips-software/terraform-provider-hsdp
- License
- Notes
- This Pulumi package is based on the
hsdpTerraform Provider.
hsdp 0.67.0 published on Friday, May 16, 2025 by philips-software