# Reference for the teleport\_session\_recording\_config Terraform resource This page describes the supported values of the teleport\_session\_recording\_config resource of the Teleport Terraform provider. ## Example Usage ``` # Teleport session recording config resource "teleport_session_recording_config" "example" { version = "v2" metadata = { description = "Session recording config" labels = { "example" = "yes" "teleport.dev/origin" = "dynamic" // This label is added on Teleport side by default } } spec = { proxy_checks_host_keys = true } } ``` ## Schema ### Required - `version` (String) Version is the resource version. It must be specified. Supported values are:`v2`. ### Optional - `metadata` (Attributes) Metadata is resource metadata (see [below for nested schema](#nested-schema-for-metadata)) - `spec` (Attributes) Spec is a SessionRecordingConfig specification (see [below for nested schema](#nested-schema-for-spec)) - `status` (Attributes) Status is the SessionRecordingConfig status containing active encryption keys (see [below for nested schema](#nested-schema-for-status)) - `sub_kind` (String) SubKind is an optional resource sub kind, used in some resources ### Nested Schema for `metadata` Optional: - `description` (String) Description is object description - `expires` (String) Expires is a global expiry time header can be set on any resource in the system. - `labels` (Map of String) Labels is a set of labels ### Nested Schema for `spec` Optional: - `encryption` (Attributes) Encryption configures if and how session recordings should be encrypted. (see [below for nested schema](#nested-schema-for-specencryption)) - `mode` (String) Mode controls where (or if) the session is recorded. - `proxy_checks_host_keys` (Boolean) ProxyChecksHostKeys is used to control if the proxy will check host keys when in recording mode. ### Nested Schema for `spec.encryption` Optional: - `enabled` (Boolean) Enabled controls whether or not session recordings should be encrypted. - `manual_key_management` (Attributes) ManualKeyManagement defines whether or not recording encryption keys should be managed externally and how to query those keys. (see [below for nested schema](#nested-schema-for-specencryptionmanual_key_management)) ### Nested Schema for `spec.encryption.manual_key_management` Optional: - `active_keys` (Attributes List) ActiveKeys describe which keys should be queried for active recording encryption and replay. (see [below for nested schema](#nested-schema-for-specencryptionmanual_key_managementactive_keys)) - `enabled` (Boolean) Enabled controls whether or recording encryption keys should be managed externally. - `rotated_keys` (Attributes List) RotatedKeys describe which keys should be queried for historical replay. (see [below for nested schema](#nested-schema-for-specencryptionmanual_key_managementrotated_keys)) ### Nested Schema for `spec.encryption.manual_key_management.active_keys` Optional: - `label` (String) Label is a value that can be used with the related keystore in order to find relevant keys. - `type` (String) Type represents which keystore should be searched when looking up keys by label. ### Nested Schema for `spec.encryption.manual_key_management.rotated_keys` Optional: - `label` (String) Label is a value that can be used with the related keystore in order to find relevant keys. - `type` (String) Type represents which keystore should be searched when looking up keys by label. ### Nested Schema for `status` Optional: - `encryption_keys` (Attributes List) EncryptionKeys contain the currently active age encryption keys used for encrypted session recording. (see [below for nested schema](#nested-schema-for-statusencryption_keys)) ### Nested Schema for `status.encryption_keys` Optional: - `public_key` (String) A PKIX ASN.1 DER encoded public key used for key wrapping during age encryption. Expected to be RSA 4096.