casKMSSetup.tf

#create a keyring
resource "google_kms_key_ring" "keyring" {
  name     = var.kmsKeyRingName
  location = var.region
}
#create a key
resource "google_kms_crypto_key" "key" {
  name     = var.kmsKeyName
  key_ring = google_kms_key_ring.keyring.id
  purpose  = var.kmsKeyPurpose

  version_template {
    algorithm        = var.kmsKeyAlgo
    protection_level = "HSM"
  }

  lifecycle {
    prevent_destroy = false
  }
}
#KMS Data block for CAS key version input
data "google_kms_crypto_key_version" "keyVersion" {
  crypto_key = google_kms_crypto_key.key.id
}