stackitcloud · rubenhoenle · Mar 31, 2026 · Mar 30, 2026 · Mar 31, 2026
@@ -18,7 +18,7 @@ require (
 	github.com/stackitcloud/stackit-sdk-go/services/edge v0.7.0
 	github.com/stackitcloud/stackit-sdk-go/services/git v0.11.0
 	github.com/stackitcloud/stackit-sdk-go/services/iaas v1.3.5
-	github.com/stackitcloud/stackit-sdk-go/services/kms v1.3.2
+	github.com/stackitcloud/stackit-sdk-go/services/kms v1.6.0
 	github.com/stackitcloud/stackit-sdk-go/services/loadbalancer v1.8.0
 	github.com/stackitcloud/stackit-sdk-go/services/logme v0.27.1
 	github.com/stackitcloud/stackit-sdk-go/services/logs v0.7.1

@@ -167,8 +167,8 @@ github.com/stackitcloud/stackit-sdk-go/services/git v0.11.0 h1:siKBCYl7BwR5S25Y4
 github.com/stackitcloud/stackit-sdk-go/services/git v0.11.0/go.mod h1:QKy74hhLVZKXItw3y+elF8s9QezFqpEsAUmaqvNDzYs=
 github.com/stackitcloud/stackit-sdk-go/services/iaas v1.3.5 h1:W57+XRa8wTLsi5CV9Tqa7mGgt/PvlRM//RurXSmvII8=
 github.com/stackitcloud/stackit-sdk-go/services/iaas v1.3.5/go.mod h1:lTWjW57eAq1bwfM6nsNinhoBr3MHFW/GaFasdAsYfDM=
-github.com/stackitcloud/stackit-sdk-go/services/kms v1.3.2 h1:2ulSL2IkIAKND59eAjbEhVkOoBMyvm48ojwz1a3t0U0=
-github.com/stackitcloud/stackit-sdk-go/services/kms v1.3.2/go.mod h1:cuIaMMiHeHQsbvy7BOFMutoV3QtN+ZBx7Tg3GmYUw7s=
+github.com/stackitcloud/stackit-sdk-go/services/kms v1.6.0 h1:WWU2LpqmazsPDgoRAVrhLzo2MiNU9dNim81z793DbBU=
+github.com/stackitcloud/stackit-sdk-go/services/kms v1.6.0/go.mod h1:FuyCm3s/Ihw+tkpVLGMXwgTtlhrijd31cUCUBWpn1p8=
 github.com/stackitcloud/stackit-sdk-go/services/loadbalancer v1.8.0 h1:DxrN85V738CRLynu6MULQHO+OXyYnkhVPgoZKULfFIs=
 github.com/stackitcloud/stackit-sdk-go/services/loadbalancer v1.8.0/go.mod h1:ClPE4TOM1FeaJiwTXvApq4gWaSgTLq6nU3PPHAIQDN4=
 github.com/stackitcloud/stackit-sdk-go/services/logme v0.27.1 h1:6AaWxQNtOEvIvbtyySi5KIrNzxGbKgOayUnA3fpuqns=

@@ -11,7 +11,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
 	"github.com/hashicorp/terraform-plugin-log/tflog"
 	sdkUtils "github.com/stackitcloud/stackit-sdk-go/core/utils"
-	"github.com/stackitcloud/stackit-sdk-go/services/kms"
+	kms "github.com/stackitcloud/stackit-sdk-go/services/kms/v1api"
 	"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/conversion"
 	"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/core"
 	kmsUtils "github.com/stackitcloud/terraform-provider-stackit/stackit/internal/services/kms/utils"
@@ -159,7 +159,7 @@ func (k *keyDataSource) Read(ctx context.Context, req datasource.ReadRequest, re
 	ctx = tflog.SetField(ctx, "region", region)
 	ctx = tflog.SetField(ctx, "key_id", keyId)
 
-	keyResponse, err := k.client.GetKey(ctx, projectId, region, keyRingId, keyId).Execute()
+	keyResponse, err := k.client.DefaultAPI.GetKey(ctx, projectId, region, keyRingId, keyId).Execute()
 	if err != nil {
 		utils.LogError(
 			ctx,

@@ -8,7 +8,7 @@ import (
 	"strings"
 
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringdefault"
-	"github.com/stackitcloud/stackit-sdk-go/services/kms/wait"
+	"github.com/stackitcloud/stackit-sdk-go/services/kms/v1api/wait"
 
 	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
 	"github.com/hashicorp/terraform-plugin-framework/resource"
@@ -20,7 +20,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-log/tflog"
 	"github.com/stackitcloud/stackit-sdk-go/core/oapierror"
 	sdkUtils "github.com/stackitcloud/stackit-sdk-go/core/utils"
-	"github.com/stackitcloud/stackit-sdk-go/services/kms"
+	kms "github.com/stackitcloud/stackit-sdk-go/services/kms/v1api"
 	"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/conversion"
 	"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/core"
 	kmsUtils "github.com/stackitcloud/terraform-provider-stackit/stackit/internal/services/kms/utils"
@@ -259,29 +259,28 @@ func (r *keyResource) Create(ctx context.Context, req resource.CreateRequest, re
 		return
 	}
 
-	createResponse, err := r.client.CreateKey(ctx, projectId, region, keyRingId).CreateKeyPayload(*payload).Execute()
+	createResponse, err := r.client.DefaultAPI.CreateKey(ctx, projectId, region, keyRingId).CreateKeyPayload(*payload).Execute()
 	if err != nil {
 		core.LogAndAddError(ctx, &resp.Diagnostics, "Error creating key", fmt.Sprintf("Calling API: %v", err))
 		return
 	}
 
 	ctx = core.LogResponse(ctx)
 
-	if createResponse == nil || createResponse.Id == nil {
+	if createResponse == nil {
 		core.LogAndAddError(ctx, &resp.Diagnostics, "Error creating key", "API returned empty response")
 		return
 	}
 
-	keyId := *createResponse.Id
 	// Write id attributes to state before polling via the wait handler - just in case anything goes wrong during the wait handler
 	ctx = utils.SetAndLogStateFields(ctx, &resp.Diagnostics, &resp.State, map[string]any{
 		"project_id": projectId,
 		"region":     region,
 		"keyring_id": keyRingId,
-		"key_id":     keyId,
+		"key_id":     createResponse.Id,
 	})
 
-	waitHandlerResp, err := wait.CreateOrUpdateKeyWaitHandler(ctx, r.client, projectId, region, keyRingId, keyId).WaitWithContext(ctx)
+	waitHandlerResp, err := wait.CreateOrUpdateKeyWaitHandler(ctx, r.client.DefaultAPI, projectId, region, keyRingId, createResponse.Id).WaitWithContext(ctx)
 	if err != nil {
 		core.LogAndAddError(ctx, &resp.Diagnostics, "Error waiting for key creation", fmt.Sprintf("Calling API: %v", err))
 		return
@@ -321,7 +320,7 @@ func (r *keyResource) Read(ctx context.Context, req resource.ReadRequest, resp *
 	ctx = tflog.SetField(ctx, "region", region)
 	ctx = tflog.SetField(ctx, "key_id", keyId)
 
-	keyResponse, err := r.client.GetKey(ctx, projectId, region, keyRingId, keyId).Execute()
+	keyResponse, err := r.client.DefaultAPI.GetKey(ctx, projectId, region, keyRingId, keyId).Execute()
 	if err != nil {
 		var oapiErr *oapierror.GenericOpenAPIError
 		ok := errors.As(err, &oapiErr)
@@ -368,7 +367,7 @@ func (r *keyResource) Delete(ctx context.Context, req resource.DeleteRequest, re
 	region := r.providerData.GetRegionWithOverride(model.Region)
 	keyId := model.KeyId.ValueString()
 
-	err := r.client.DeleteKey(ctx, projectId, region, keyRingId, keyId).Execute()
+	err := r.client.DefaultAPI.DeleteKey(ctx, projectId, region, keyRingId, keyId).Execute()
 	if err != nil {
 		core.LogAndAddError(ctx, &resp.Diagnostics, "Error deleting key", fmt.Sprintf("Calling API: %v", err))
 	}
@@ -413,28 +412,20 @@ func mapFields(key *kms.Key, model *Model, region string) error {
 	var keyId string
 	if model.KeyId.ValueString() != "" {
 		keyId = model.KeyId.ValueString()
-	} else if key.Id != nil {
-		keyId = *key.Id
 	} else {
-		return fmt.Errorf("key id not present")
+		keyId = key.Id
 	}
 
 	model.Id = utils.BuildInternalTerraformId(model.ProjectId.ValueString(), region, model.KeyRingId.ValueString(), keyId)
 	model.KeyId = types.StringValue(keyId)
-	model.DisplayName = types.StringPointerValue(key.DisplayName)
+	model.DisplayName = types.StringValue(key.DisplayName)
 	model.Region = types.StringValue(region)
-	model.ImportOnly = types.BoolPointerValue(key.ImportOnly)
+	model.ImportOnly = types.BoolValue(key.ImportOnly)
 	model.AccessScope = types.StringValue(string(key.GetAccessScope()))
 	model.Algorithm = types.StringValue(string(key.GetAlgorithm()))
 	model.Purpose = types.StringValue(string(key.GetPurpose()))
 	model.Protection = types.StringValue(string(key.GetProtection()))
-
-	// TODO: workaround - remove once STACKITKMS-377 is resolved (just write the return value from the API to the state then)
-	if !(model.Description.IsNull() && key.Description != nil && *key.Description == "") {
-		model.Description = types.StringPointerValue(key.Description)
-	} else {
-		model.Description = types.StringNull()
-	}
+	model.Description = types.StringPointerValue(key.Description)
 
 	return nil
 }
@@ -443,13 +434,19 @@ func toCreatePayload(model *Model) (*kms.CreateKeyPayload, error) {
 	if model == nil {
 		return nil, fmt.Errorf("nil model")
 	}
+
+	var accessScope *kms.AccessScope
+	if !utils.IsUndefined(model.AccessScope) {
+		accessScope = new(kms.AccessScope(model.AccessScope.ValueString()))
+	}
+
 	return &kms.CreateKeyPayload{
-		AccessScope: kms.CreateKeyPayloadGetAccessScopeAttributeType(conversion.StringValueToPointer(model.AccessScope)),
-		Algorithm:   kms.CreateKeyPayloadGetAlgorithmAttributeType(conversion.StringValueToPointer(model.Algorithm)),
-		Protection:  kms.CreateKeyPayloadGetProtectionAttributeType(conversion.StringValueToPointer(model.Protection)),
+		AccessScope: accessScope,
+		Algorithm:   kms.Algorithm(model.Algorithm.ValueString()),
+		Protection:  kms.Protection(model.Protection.ValueString()),
 		Description: conversion.StringValueToPointer(model.Description),
-		DisplayName: conversion.StringValueToPointer(model.DisplayName),
+		DisplayName: model.DisplayName.ValueString(),
 		ImportOnly:  conversion.BoolValueToPointer(model.ImportOnly),
-		Purpose:     kms.CreateKeyPayloadGetPurposeAttributeType(conversion.StringValueToPointer(model.Purpose)),
+		Purpose:     kms.Purpose(model.Purpose.ValueString()),
 	}, nil
 }
@@ -8,8 +8,7 @@ import (
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/hashicorp/terraform-plugin-framework/types"
-	"github.com/stackitcloud/stackit-sdk-go/core/utils"
-	"github.com/stackitcloud/stackit-sdk-go/services/kms"
+	kms "github.com/stackitcloud/stackit-sdk-go/services/kms/v1api"
 )
 
 var (
@@ -39,17 +38,19 @@ func TestMapFields(t *testing.T) {
 					ProjectId: types.StringValue(projectId),
 				},
 				input: &kms.Key{
-					Id:          new(keyId),
-					Protection:  utils.Ptr(kms.PROTECTION_SOFTWARE),
-					Algorithm:   utils.Ptr(kms.ALGORITHM_ECDSA_P256_SHA256),
-					Purpose:     utils.Ptr(kms.PURPOSE_ASYMMETRIC_SIGN_VERIFY),
-					AccessScope: utils.Ptr(kms.ACCESSSCOPE_PUBLIC),
+					Id:          keyId,
+					DisplayName: "display-name",
+					Protection:  kms.PROTECTION_SOFTWARE,
+					Algorithm:   kms.ALGORITHM_ECDSA_P256_SHA256,
+					Purpose:     kms.PURPOSE_ASYMMETRIC_SIGN_VERIFY,
+					AccessScope: kms.ACCESSSCOPE_PUBLIC,
+					ImportOnly:  true,
 				},
 				region: "eu01",
 			},
 			expected: Model{
 				Description: types.StringNull(),
-				DisplayName: types.StringNull(),
+				DisplayName: types.StringValue("display-name"),
 				KeyRingId:   types.StringValue(keyRingId),
 				KeyId:       types.StringValue(keyId),
 				Id:          types.StringValue(fmt.Sprintf("%s,eu01,%s,%s", projectId, keyRingId, keyId)),
@@ -59,6 +60,7 @@ func TestMapFields(t *testing.T) {
 				Algorithm:   types.StringValue(string(kms.ALGORITHM_ECDSA_P256_SHA256)),
 				Purpose:     types.StringValue(string(kms.PURPOSE_ASYMMETRIC_SIGN_VERIFY)),
 				AccessScope: types.StringValue(string(kms.ACCESSSCOPE_PUBLIC)),
+				ImportOnly:  types.BoolValue(true),
 			},
 			isValid: true,
 		},
@@ -71,14 +73,14 @@ func TestMapFields(t *testing.T) {
 					ProjectId: types.StringValue(projectId),
 				},
 				input: &kms.Key{
-					Id:          new(keyId),
+					Id:          keyId,
 					Description: new("descr"),
-					DisplayName: new("name"),
-					ImportOnly:  new(true),
-					Protection:  utils.Ptr(kms.PROTECTION_SOFTWARE),
-					Algorithm:   utils.Ptr(kms.ALGORITHM_AES_256_GCM),
-					Purpose:     utils.Ptr(kms.PURPOSE_MESSAGE_AUTHENTICATION_CODE),
-					AccessScope: utils.Ptr(kms.ACCESSSCOPE_SNA),
+					DisplayName: "name",
+					ImportOnly:  true,
+					Protection:  kms.PROTECTION_SOFTWARE,
+					Algorithm:   kms.ALGORITHM_AES_256_GCM,
+					Purpose:     kms.PURPOSE_MESSAGE_AUTHENTICATION_CODE,
+					AccessScope: kms.ACCESSSCOPE_SNA,
 				},
 				region: "eu01",
 			},
@@ -98,17 +100,6 @@ func TestMapFields(t *testing.T) {
 			},
 			isValid: true,
 		},
-		{
-			description: "nil_response_field",
-			args: args{
-				state: Model{},
-				input: &kms.Key{
-					Id: nil,
-				},
-			},
-			expected: Model{},
-			isValid:  false,
-		},
 		{
 			description: "nil_response",
 			args: args{
@@ -118,18 +109,6 @@ func TestMapFields(t *testing.T) {
 			expected: Model{},
 			isValid:  false,
 		},
-		{
-			description: "no_resource_id",
-			args: args{
-				state: Model{
-					Region:    types.StringValue("eu01"),
-					ProjectId: types.StringValue(projectId),
-				},
-				input: &kms.Key{},
-			},
-			expected: Model{},
-			isValid:  false,
-		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.description, func(t *testing.T) {
@@ -173,7 +152,7 @@ func TestToCreatePayload(t *testing.T) {
 				DisplayName: types.StringValue("name"),
 			},
 			expected: &kms.CreateKeyPayload{
-				DisplayName: new("name"),
+				DisplayName: "name",
 			},
 			isValid: true,
 		},
@@ -184,7 +163,7 @@ func TestToCreatePayload(t *testing.T) {
 				Description: types.StringValue(""),
 			},
 			expected: &kms.CreateKeyPayload{
-				DisplayName: new(""),
+				DisplayName: "",
 				Description: new(""),
 			},
 			isValid: true,

@@ -9,7 +9,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
 	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
 	"github.com/hashicorp/terraform-plugin-log/tflog"
-	"github.com/stackitcloud/stackit-sdk-go/services/kms"
+	kms "github.com/stackitcloud/stackit-sdk-go/services/kms/v1api"
 	"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/conversion"
 	"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/core"
 	kmsUtils "github.com/stackitcloud/terraform-provider-stackit/stackit/internal/services/kms/utils"
@@ -111,7 +111,7 @@ func (k *keyRingDataSource) Read(ctx context.Context, request datasource.ReadReq
 	ctx = tflog.SetField(ctx, "project_id", projectId)
 	ctx = tflog.SetField(ctx, "region", region)
 
-	keyRingResponse, err := k.client.GetKeyRing(ctx, projectId, region, keyRingId).Execute()
+	keyRingResponse, err := k.client.DefaultAPI.GetKeyRing(ctx, projectId, region, keyRingId).Execute()
 	if err != nil {
 		utils.LogError(
 			ctx,

@@ -17,8 +17,8 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/types"
 	"github.com/hashicorp/terraform-plugin-log/tflog"
 	"github.com/stackitcloud/stackit-sdk-go/core/oapierror"
-	"github.com/stackitcloud/stackit-sdk-go/services/kms"
-	"github.com/stackitcloud/stackit-sdk-go/services/kms/wait"
+	kms "github.com/stackitcloud/stackit-sdk-go/services/kms/v1api"
+	"github.com/stackitcloud/stackit-sdk-go/services/kms/v1api/wait"
 	"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/conversion"
 	"github.com/stackitcloud/terraform-provider-stackit/stackit/internal/core"
 	kmsUtils "github.com/stackitcloud/terraform-provider-stackit/stackit/internal/services/kms/utils"
@@ -191,28 +191,28 @@ func (r *keyRingResource) Create(ctx context.Context, req resource.CreateRequest
 		core.LogAndAddError(ctx, &resp.Diagnostics, "Error creating keyring", fmt.Sprintf("Creating API payload: %v", err))
 		return
 	}
-	createResponse, err := r.client.CreateKeyRing(ctx, projectId, region).CreateKeyRingPayload(*payload).Execute()
+	createResponse, err := r.client.DefaultAPI.CreateKeyRing(ctx, projectId, region).CreateKeyRingPayload(*payload).Execute()
 	if err != nil {
 		core.LogAndAddError(ctx, &resp.Diagnostics, "Error creating keyring", fmt.Sprintf("Calling API: %v", err))
 		return
 	}
 
 	ctx = core.LogResponse(ctx)
 
-	if createResponse == nil || createResponse.Id == nil {
+	if createResponse == nil {
 		core.LogAndAddError(ctx, &resp.Diagnostics, "Error creating keyring", "API returned empty response")
 		return
 	}
 
-	keyRingId := *createResponse.Id
+	keyRingId := createResponse.Id
 	// Write id attributes to state before polling via the wait handler - just in case anything goes wrong during the wait handler
 	ctx = utils.SetAndLogStateFields(ctx, &resp.Diagnostics, &resp.State, map[string]any{
 		"project_id": projectId,
 		"region":     region,
 		"keyring_id": keyRingId,
 	})
 
-	waitResp, err := wait.CreateKeyRingWaitHandler(ctx, r.client, projectId, region, keyRingId).SetSleepBeforeWait(5 * time.Second).WaitWithContext(ctx)
+	waitResp, err := wait.CreateKeyRingWaitHandler(ctx, r.client.DefaultAPI, projectId, region, keyRingId).SetSleepBeforeWait(5 * time.Second).WaitWithContext(ctx)
 	if err != nil {
 		core.LogAndAddError(ctx, &resp.Diagnostics, "Error creating keyring", fmt.Sprintf("Key Ring creation waiting: %v", err))
 		return
@@ -250,7 +250,7 @@ func (r *keyRingResource) Read(ctx context.Context, req resource.ReadRequest, re
 	ctx = tflog.SetField(ctx, "project_id", projectId)
 	ctx = tflog.SetField(ctx, "region", region)
 
-	keyRingResponse, err := r.client.GetKeyRing(ctx, projectId, region, keyRingId).Execute()
+	keyRingResponse, err := r.client.DefaultAPI.GetKeyRing(ctx, projectId, region, keyRingId).Execute()
 	if err != nil {
 		var oapiErr *oapierror.GenericOpenAPIError
 		ok := errors.As(err, &oapiErr)
@@ -328,23 +328,15 @@ func mapFields(keyRing *kms.KeyRing, model *Model, region string) error {
 	var keyRingId string
 	if model.KeyRingId.ValueString() != "" {
 		keyRingId = model.KeyRingId.ValueString()
-	} else if keyRing.Id != nil {
-		keyRingId = *keyRing.Id
 	} else {
-		return fmt.Errorf("keyring id not present")
+		keyRingId = keyRing.Id
 	}
 
 	model.Id = utils.BuildInternalTerraformId(model.ProjectId.ValueString(), region, keyRingId)
 	model.KeyRingId = types.StringValue(keyRingId)
-	model.DisplayName = types.StringPointerValue(keyRing.DisplayName)
+	model.DisplayName = types.StringValue(keyRing.DisplayName)
 	model.Region = types.StringValue(region)
-
-	// TODO: workaround - remove once STACKITKMS-377 is resolved (just write the return value from the API to the state then)
-	if !(model.Description.IsNull() && keyRing.Description != nil && *keyRing.Description == "") {
-		model.Description = types.StringPointerValue(keyRing.Description)
-	} else {
-		model.Description = types.StringNull()
-	}
+	model.Description = types.StringPointerValue(keyRing.Description)
 
 	return nil
 }
@@ -356,6 +348,6 @@ func toCreatePayload(model *Model) (*kms.CreateKeyRingPayload, error) {
 
 	return &kms.CreateKeyRingPayload{
 		Description: conversion.StringValueToPointer(model.Description),
-		DisplayName: conversion.StringValueToPointer(model.DisplayName),
+		DisplayName: model.DisplayName.ValueString(),
 	}, nil
 }