• array keys — Required. A list of keys.
• string type — Required. The type of the key.
  Valid values: KSK, ZSK.
• string algorithm — Required.
  Valid values:
  RSA/SHA-1
  RSA/SHA-256
  RSA/SHA-512
  DSA
  ECDSAP256SHA256
  ECDSAP384SHA384
• string bits — Required. Length of key.
  Valid values include:
  256
  384
  1024
  2048
  4096

NOTE: The valid bits vary by algorithm.

• string start_ts — An epoch time when key is to be valid. Default = current time.
• string lifetime — Lifetime of the key expressed in seconds.
  ZSK Default = 30 days.
  KSK Default = 1 year.
• string overlap — Time before key expiration when a replacement key is prepared, expressed in seconds.
  Default = 7 days.
• string expire_ts — An epoch time when this key is to expire.
  Default = start_ts + lifetime.
• string contact_nickname — Required. Name of contact to receive notifications.
• string notify_events — Comma-separated list of events that trigger notifications.
  Valid values:
  create – a new version of a key was created.
  expire – a key was automatically expired.
  warning – early warnings (2 weeks, 1 week, 1 day) of events.

NOTE: At least one key of each type and with algorithm RSA/SHA-1 must be specified.

• string active — Identifies the state of the service.
  Valid values:
  Y = service is active.
  N = service is inactive.
• string zone — Name of the zone where the service exists.
• string contact_nickname — Name of contact to receive notifications.
• string notify_events — Comma-separated list of events which trigger notifications.
  Valid values: create, expire, warning.
• array keys
• string dnssec_key_id — A numeric ID for this key.
• string type — The type of the key.
  Valid values:
  KSK
  ZSK
• string algorithm — Algorithm assigned to the key.
  Valid values:
  RSA/SHA-1
  RSA/SHA-256
  RSA/SHA-512
  DSA
  ECDSAP256SHA256
  ECDSAP384SHA384
• string bits — Length of key in bits.
• string start_ts — An epoch time when key is valid.
• string expire_ts — An epoch time specifying when this key will expire.
• string lifetime — Lifetime of the key, expressed in seconds.
• string overlap — Time before expiration when a replacement key is prepared, specified in seconds.
• hash dnskey — A DNSKEY record containing this key.
• string algorithm
• string flags
• string protocol
• string public_key
• hash ds — A DS record containing the signature of this key.
• string algorithm
• string digest
• string digtype
• string keytag
• array all_ds — The full list of all DS records created for the KSK. This field will contain an empty list if inspected on a ZSK resource.
• string algorithm
• string digest
• string digtype
• string keytag

• array keys — Required. A list of keys.
• string type — Required. The type of the key.
  Valid values: KSK, ZSK.
• string algorithm — Required.
  Valid values:
  RSA/SHA-1
  RSA/SHA-256
  RSA/SHA-512
  DSA
  ECDSAP256SHA256
  ECDSAP384SHA384
• string bits — Required. Length of key.
  Valid values include:
  256
  384
  1024
  2048
  4096
• string start_ts — An epoch time when key is to be valid. Default = current time.
• string lifetime — Lifetime of the key expressed in seconds.
  ZSK Default = 30 days.
  KSK Default = 1 year.
• string overlap — Time before key expiration when a replacement key is prepared, expressed in seconds.
  Default = 7 days.
• string expire_ts — An epoch time when this key is to expire.
  Default = start_ts + lifetime.
• string contact_nickname — Required. Name of contact to receive notifications.
• string notify_events — Comma-separated list of events which trigger notifications.
  Valid values:
  create – a new version of a key was created.
  expire – a key was automatically expired.
  warning – early warnings (2 weeks, 1 week, 1 day) of events.
• string token — Required. The session identifier.
• string zone — Required. Name of the zone where the service will exist.

NOTE: At least one key of each type and with algorithm RSA/SHA-1 must be specified.

• hash data
• string active — Identifies the state of the service.
  Valid values:
  Y = service is active.
  N = service is inactive.
• string zone — Name of the zone where the service exists.
• string contact_nickname — Name of contact to receive notifications.
• string notify_events — Comma-separated list of events which trigger notifications.
  Valid values: create, expire, warning.
• array keys
• string dnssec_key_id — A numeric ID for this key.
• string type — The type of the key.
  Valid values:
  KSK
  ZSK
• string algorithm — Algorithm assigned to the key.
  Valid values:
  RSA/SHA-1
  RSA/SHA-256
  RSA/SHA-512
  DSA
  ECDSAP256SHA256
  ECDSAP384SHA384
• string bits — Length of key in bits.
• string start_ts — An epoch time when key is valid.
• string expire_ts — An epoch time specifying when this key will expire.
• string lifetime — Lifetime of the key, expressed in seconds.
• string overlap — Time before expiration when a replacement key is prepared, specified in seconds.
• hash dnskey — A DNSKEY record containing this key.
• string algorithm
• string flags
• string protocol
• string public_key
• hash ds — A DS record containing the signature of this key.
• string algorithm
• string digest
• string digtype
• string keytag
• array all_ds — The full list of all DS records created for the KSK. This field will contain an empty list if inspected on a ZSK resource.
• string algorithm
• string digest
• string digtype
• string keytag

{
	'contact_nickname' => 'owner',
	'keys' => [{
		'algorithm' => 'RSA/SHA-1',
		'bits' => 1024,
		'type' => 'KSK',
	}, {
		'algorithm' => 'RSA/SHA-1',
		'bits' => 1024,
		'type' => 'ZSK',
	}],
	'token' => 'asdlkfjasl23j4879afa',
	'zone' => 'example.com',
}