import * as pulumi from "@pulumi/pulumi";
/**
 * Manages Synapse Workspace keys
 *
 * > **Note:** Keys that are actively protecting a workspace cannot be deleted. When the keys resource is deleted, if the key is inactive it will be deleted, if it is active it will not be deleted.
 *
 * ## Example Usage
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as azure from "@pulumi/azure";
 *
 * const example = new azure.core.ResourceGroup("example", {
 *     name: "example-resources",
 *     location: "West Europe",
 * });
 * const exampleAccount = new azure.storage.Account("example", {
 *     name: "examplestorageacc",
 *     resourceGroupName: example.name,
 *     location: example.location,
 *     accountTier: "Standard",
 *     accountReplicationType: "LRS",
 *     accountKind: "StorageV2",
 *     isHnsEnabled: true,
 * });
 * const exampleDataLakeGen2Filesystem = new azure.storage.DataLakeGen2Filesystem("example", {
 *     name: "example",
 *     storageAccountId: exampleAccount.id,
 * });
 * const current = azure.core.getClientConfig({});
 * const exampleKeyVault = new azure.keyvault.KeyVault("example", {
 *     name: "example",
 *     location: example.location,
 *     resourceGroupName: example.name,
 *     tenantId: current.then(current => current.tenantId),
 *     skuName: "standard",
 *     purgeProtectionEnabled: true,
 * });
 * const deployer = new azure.keyvault.AccessPolicy("deployer", {
 *     keyVaultId: exampleKeyVault.id,
 *     tenantId: current.then(current => current.tenantId),
 *     objectId: current.then(current => current.objectId),
 *     keyPermissions: [
 *         "Create",
 *         "Get",
 *         "Delete",
 *         "Purge",
 *         "GetRotationPolicy",
 *     ],
 * });
 * const exampleKey = new azure.keyvault.Key("example", {
 *     name: "workspaceEncryptionKey",
 *     keyVaultId: exampleKeyVault.id,
 *     keyType: "RSA",
 *     keySize: 2048,
 *     keyOpts: [
 *         "unwrapKey",
 *         "wrapKey",
 *     ],
 * }, {
 *     dependsOn: [deployer],
 * });
 * const exampleWorkspace = new azure.synapse.Workspace("example", {
 *     name: "example",
 *     resourceGroupName: example.name,
 *     location: example.location,
 *     storageDataLakeGen2FilesystemId: exampleDataLakeGen2Filesystem.id,
 *     sqlAdministratorLogin: "sqladminuser",
 *     sqlAdministratorLoginPassword: "H@Sh1CoR3!",
 *     customerManagedKey: {
 *         keyVersionlessId: exampleKey.versionlessId,
 *         keyName: "enckey",
 *     },
 *     identity: {
 *         type: "SystemAssigned",
 *     },
 *     tags: {
 *         Env: "production",
 *     },
 * });
 * const workspacePolicy = new azure.keyvault.AccessPolicy("workspace_policy", {
 *     keyVaultId: exampleKeyVault.id,
 *     tenantId: exampleWorkspace.identity.apply(identity => identity?.tenantId),
 *     objectId: exampleWorkspace.identity.apply(identity => identity?.principalId),
 *     keyPermissions: [
 *         "Get",
 *         "WrapKey",
 *         "UnwrapKey",
 *     ],
 * });
 * const exampleWorkspaceKey = new azure.synapse.WorkspaceKey("example", {
 *     customerManagedKeyVersionlessId: exampleKey.versionlessId,
 *     synapseWorkspaceId: exampleWorkspace.id,
 *     active: true,
 *     customerManagedKeyName: "enckey",
 * }, {
 *     dependsOn: [workspacePolicy],
 * });
 * ```
 *
 * ## Import
 *
 * Synapse Workspace Keys can be imported using the `resource id`, e.g.
 *
 * ```sh
 * $ pulumi import azure:synapse/workspaceKey:WorkspaceKey example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Synapse/workspaces/workspace1/keys/key1
 * ```
 */
export declare class WorkspaceKey extends pulumi.CustomResource {
    /**
     * Get an existing WorkspaceKey resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WorkspaceKeyState, opts?: pulumi.CustomResourceOptions): WorkspaceKey;
    /**
     * Returns true if the given object is an instance of WorkspaceKey.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is WorkspaceKey;
    /**
     * Specifies if the workspace should be encrypted with this key.
     *
     * > **Note:** Only one key can actively encrypt a workspace. When performing a key rotation, setting a new key as the active key will disable existing keys.
     */
    readonly active: pulumi.Output<boolean>;
    /**
     * Specifies the name of the workspace key. Should match the name of the key in the synapse workspace.
     */
    readonly customerManagedKeyName: pulumi.Output<string>;
    /**
     * The Azure Key Vault Key Versionless ID to be used as the Customer Managed Key (CMK) for double encryption
     */
    readonly customerManagedKeyVersionlessId: pulumi.Output<string | undefined>;
    /**
     * The ID of the Synapse Workspace where the encryption key should be configured.
     */
    readonly synapseWorkspaceId: pulumi.Output<string>;
    /**
     * Create a WorkspaceKey resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: WorkspaceKeyArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * Input properties used for looking up and filtering WorkspaceKey resources.
 */
export interface WorkspaceKeyState {
    /**
     * Specifies if the workspace should be encrypted with this key.
     *
     * > **Note:** Only one key can actively encrypt a workspace. When performing a key rotation, setting a new key as the active key will disable existing keys.
     */
    active?: pulumi.Input<boolean>;
    /**
     * Specifies the name of the workspace key. Should match the name of the key in the synapse workspace.
     */
    customerManagedKeyName?: pulumi.Input<string>;
    /**
     * The Azure Key Vault Key Versionless ID to be used as the Customer Managed Key (CMK) for double encryption
     */
    customerManagedKeyVersionlessId?: pulumi.Input<string>;
    /**
     * The ID of the Synapse Workspace where the encryption key should be configured.
     */
    synapseWorkspaceId?: pulumi.Input<string>;
}
/**
 * The set of arguments for constructing a WorkspaceKey resource.
 */
export interface WorkspaceKeyArgs {
    /**
     * Specifies if the workspace should be encrypted with this key.
     *
     * > **Note:** Only one key can actively encrypt a workspace. When performing a key rotation, setting a new key as the active key will disable existing keys.
     */
    active: pulumi.Input<boolean>;
    /**
     * Specifies the name of the workspace key. Should match the name of the key in the synapse workspace.
     */
    customerManagedKeyName: pulumi.Input<string>;
    /**
     * The Azure Key Vault Key Versionless ID to be used as the Customer Managed Key (CMK) for double encryption
     */
    customerManagedKeyVersionlessId?: pulumi.Input<string>;
    /**
     * The ID of the Synapse Workspace where the encryption key should be configured.
     */
    synapseWorkspaceId: pulumi.Input<string>;
}