add kms outputs, tweak kms var name

oci.compute.tf

@@ -35,7 +35,7 @@ resource "oci_core_instance" "compute" {
   source_details {
     source_type                     = "image"
     source_id                       = data.oci_core_images.selected[each.value.key].images[0].id
-    kms_key_id                      = var.use_vault.volume ? try(data.oci_kms_key.key["volume"].id, null) : null
+    kms_key_id                      = var.use_kms.volume ? try(data.oci_kms_key.key["volume"].id, null) : null
     boot_volume_size_in_gbs         = each.value.key == "flex" ? 100 : 50
     boot_volume_vpus_per_gb         = 120
     is_preserve_boot_volume_enabled = false

oci.data.tf

@@ -4,7 +4,7 @@ data "oci_identity_tenancy" "tenancy" {
 
 # use this instead of oci_kms_key.key to await supporting policy creation
 data "oci_kms_key" "key" {
-  for_each = var.create_vault ? var.use_vault : {}
+  for_each = var.create_vault ? var.use_kms : {}
 
   management_endpoint = oci_kms_vault.vault[0].management_endpoint
   key_id              = oci_kms_key.key[each.key].id

oci.vault.tf

@@ -8,7 +8,7 @@ resource "oci_kms_vault" "vault" {
 }
 
 resource "oci_kms_key" "key" {
-  for_each = var.create_vault ? var.use_vault : {}
+  for_each = var.create_vault ? var.use_kms : {}
 
   compartment_id      = oci_identity_compartment.compartment.id
   management_endpoint = oci_kms_vault.vault[0].management_endpoint
@@ -27,11 +27,11 @@ resource "oci_identity_policy" "kms_service_policy" {
   name           = "kms-service-policy"
   description    = "kms service policy"
   statements = [
-    !var.use_vault.volume ? "" :
+    !var.use_kms.volume ? "" :
     "allow service blockstorage to use keys in compartment '${oci_identity_compartment.compartment.name}' where target.key.id='${oci_kms_key.key["volume"].id}'",
-    !var.use_vault.object ? "" :
+    !var.use_kms.object ? "" :
     "allow service objectstorage-${var.oci_region} to use keys in compartment '${oci_identity_compartment.compartment.name}' where target.key.id='${oci_kms_key.key["object"].id}'",
-    !var.use_vault.database ? "" :
+    !var.use_kms.database ? "" :
     "allow service dbcs to use keys in compartment '${oci_identity_compartment.compartment.name}' where target.key.id='${oci_kms_key.key["database"].id}'",
   ]
   freeform_tags = local.freeform_tags

terraform.outputs.tf

@@ -112,3 +112,21 @@ output "instance_selected_images" {
   description = "The selected images for each instance shape"
   value       = { for k, v in data.oci_core_images.selected : k => v.images[0].display_name }
 }
+
+output "kms_vault_id" {
+  description = "The ID of the KMS vault"
+  value       = oci_kms_vault.vault[0].id
+}
+
+output "kms_vault_endpoints" {
+  description = "The KMS vault endpoints"
+  value = {
+    management = oci_kms_vault.vault[0].management_endpoint
+    encryption = oci_kms_vault.vault[0].crypto_endpoint
+  }
+}
+
+output "kms_key_ids" {
+  description = "The IDs of the KMS keys"
+  value       = { for k, v in oci_kms_key.key : k => v.id }
+}

terraform.variables.tf

@@ -67,7 +67,7 @@ variable "create_vault" {
   default     = true
 }
 
-variable "use_vault" {
+variable "use_kms" {
   description = "Use created vault for key creation and management"
   type = object({
     volume   = bool