1. Packages
  2. MongoDB Atlas
  3. API Docs
  4. EncryptionAtRest
MongoDB Atlas v3.16.2 published on Friday, Jun 21, 2024 by Pulumi

mongodbatlas.EncryptionAtRest

Explore with Pulumi AI

mongodbatlas logo
MongoDB Atlas v3.16.2 published on Friday, Jun 21, 2024 by Pulumi

    Import

    Encryption at Rest Settings can be imported using project ID, in the format project_id, e.g.

    $ pulumi import mongodbatlas:index/encryptionAtRest:EncryptionAtRest example 1112222b3bf99403840e8934
    

    For more information see: MongoDB Atlas API Reference for Encryption at Rest using Customer Key Management.

    Create EncryptionAtRest Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new EncryptionAtRest(name: string, args: EncryptionAtRestArgs, opts?: CustomResourceOptions);
    @overload
    def EncryptionAtRest(resource_name: str,
                         args: EncryptionAtRestArgs,
                         opts: Optional[ResourceOptions] = None)
    
    @overload
    def EncryptionAtRest(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         project_id: Optional[str] = None,
                         aws_kms_config: Optional[EncryptionAtRestAwsKmsConfigArgs] = None,
                         azure_key_vault_config: Optional[EncryptionAtRestAzureKeyVaultConfigArgs] = None,
                         google_cloud_kms_config: Optional[EncryptionAtRestGoogleCloudKmsConfigArgs] = None)
    func NewEncryptionAtRest(ctx *Context, name string, args EncryptionAtRestArgs, opts ...ResourceOption) (*EncryptionAtRest, error)
    public EncryptionAtRest(string name, EncryptionAtRestArgs args, CustomResourceOptions? opts = null)
    public EncryptionAtRest(String name, EncryptionAtRestArgs args)
    public EncryptionAtRest(String name, EncryptionAtRestArgs args, CustomResourceOptions options)
    
    type: mongodbatlas:EncryptionAtRest
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args EncryptionAtRestArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args EncryptionAtRestArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args EncryptionAtRestArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args EncryptionAtRestArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args EncryptionAtRestArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var encryptionAtRestResource = new Mongodbatlas.EncryptionAtRest("encryptionAtRestResource", new()
    {
        ProjectId = "string",
        AwsKmsConfig = new Mongodbatlas.Inputs.EncryptionAtRestAwsKmsConfigArgs
        {
            AccessKeyId = "string",
            CustomerMasterKeyId = "string",
            Enabled = false,
            Region = "string",
            RoleId = "string",
            SecretAccessKey = "string",
        },
        AzureKeyVaultConfig = new Mongodbatlas.Inputs.EncryptionAtRestAzureKeyVaultConfigArgs
        {
            AzureEnvironment = "string",
            ClientId = "string",
            Enabled = false,
            KeyIdentifier = "string",
            KeyVaultName = "string",
            ResourceGroupName = "string",
            Secret = "string",
            SubscriptionId = "string",
            TenantId = "string",
        },
        GoogleCloudKmsConfig = new Mongodbatlas.Inputs.EncryptionAtRestGoogleCloudKmsConfigArgs
        {
            Enabled = false,
            KeyVersionResourceId = "string",
            ServiceAccountKey = "string",
        },
    });
    
    example, err := mongodbatlas.NewEncryptionAtRest(ctx, "encryptionAtRestResource", &mongodbatlas.EncryptionAtRestArgs{
    	ProjectId: pulumi.String("string"),
    	AwsKmsConfig: &mongodbatlas.EncryptionAtRestAwsKmsConfigArgs{
    		AccessKeyId:         pulumi.String("string"),
    		CustomerMasterKeyId: pulumi.String("string"),
    		Enabled:             pulumi.Bool(false),
    		Region:              pulumi.String("string"),
    		RoleId:              pulumi.String("string"),
    		SecretAccessKey:     pulumi.String("string"),
    	},
    	AzureKeyVaultConfig: &mongodbatlas.EncryptionAtRestAzureKeyVaultConfigArgs{
    		AzureEnvironment:  pulumi.String("string"),
    		ClientId:          pulumi.String("string"),
    		Enabled:           pulumi.Bool(false),
    		KeyIdentifier:     pulumi.String("string"),
    		KeyVaultName:      pulumi.String("string"),
    		ResourceGroupName: pulumi.String("string"),
    		Secret:            pulumi.String("string"),
    		SubscriptionId:    pulumi.String("string"),
    		TenantId:          pulumi.String("string"),
    	},
    	GoogleCloudKmsConfig: &mongodbatlas.EncryptionAtRestGoogleCloudKmsConfigArgs{
    		Enabled:              pulumi.Bool(false),
    		KeyVersionResourceId: pulumi.String("string"),
    		ServiceAccountKey:    pulumi.String("string"),
    	},
    })
    
    var encryptionAtRestResource = new EncryptionAtRest("encryptionAtRestResource", EncryptionAtRestArgs.builder()
        .projectId("string")
        .awsKmsConfig(EncryptionAtRestAwsKmsConfigArgs.builder()
            .accessKeyId("string")
            .customerMasterKeyId("string")
            .enabled(false)
            .region("string")
            .roleId("string")
            .secretAccessKey("string")
            .build())
        .azureKeyVaultConfig(EncryptionAtRestAzureKeyVaultConfigArgs.builder()
            .azureEnvironment("string")
            .clientId("string")
            .enabled(false)
            .keyIdentifier("string")
            .keyVaultName("string")
            .resourceGroupName("string")
            .secret("string")
            .subscriptionId("string")
            .tenantId("string")
            .build())
        .googleCloudKmsConfig(EncryptionAtRestGoogleCloudKmsConfigArgs.builder()
            .enabled(false)
            .keyVersionResourceId("string")
            .serviceAccountKey("string")
            .build())
        .build());
    
    encryption_at_rest_resource = mongodbatlas.EncryptionAtRest("encryptionAtRestResource",
        project_id="string",
        aws_kms_config=mongodbatlas.EncryptionAtRestAwsKmsConfigArgs(
            access_key_id="string",
            customer_master_key_id="string",
            enabled=False,
            region="string",
            role_id="string",
            secret_access_key="string",
        ),
        azure_key_vault_config=mongodbatlas.EncryptionAtRestAzureKeyVaultConfigArgs(
            azure_environment="string",
            client_id="string",
            enabled=False,
            key_identifier="string",
            key_vault_name="string",
            resource_group_name="string",
            secret="string",
            subscription_id="string",
            tenant_id="string",
        ),
        google_cloud_kms_config=mongodbatlas.EncryptionAtRestGoogleCloudKmsConfigArgs(
            enabled=False,
            key_version_resource_id="string",
            service_account_key="string",
        ))
    
    const encryptionAtRestResource = new mongodbatlas.EncryptionAtRest("encryptionAtRestResource", {
        projectId: "string",
        awsKmsConfig: {
            accessKeyId: "string",
            customerMasterKeyId: "string",
            enabled: false,
            region: "string",
            roleId: "string",
            secretAccessKey: "string",
        },
        azureKeyVaultConfig: {
            azureEnvironment: "string",
            clientId: "string",
            enabled: false,
            keyIdentifier: "string",
            keyVaultName: "string",
            resourceGroupName: "string",
            secret: "string",
            subscriptionId: "string",
            tenantId: "string",
        },
        googleCloudKmsConfig: {
            enabled: false,
            keyVersionResourceId: "string",
            serviceAccountKey: "string",
        },
    });
    
    type: mongodbatlas:EncryptionAtRest
    properties:
        awsKmsConfig:
            accessKeyId: string
            customerMasterKeyId: string
            enabled: false
            region: string
            roleId: string
            secretAccessKey: string
        azureKeyVaultConfig:
            azureEnvironment: string
            clientId: string
            enabled: false
            keyIdentifier: string
            keyVaultName: string
            resourceGroupName: string
            secret: string
            subscriptionId: string
            tenantId: string
        googleCloudKmsConfig:
            enabled: false
            keyVersionResourceId: string
            serviceAccountKey: string
        projectId: string
    

    EncryptionAtRest Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The EncryptionAtRest resource accepts the following input properties:

    Outputs

    All input properties are implicitly available as output properties. Additionally, the EncryptionAtRest resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing EncryptionAtRest Resource

    Get an existing EncryptionAtRest resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: EncryptionAtRestState, opts?: CustomResourceOptions): EncryptionAtRest
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            aws_kms_config: Optional[EncryptionAtRestAwsKmsConfigArgs] = None,
            azure_key_vault_config: Optional[EncryptionAtRestAzureKeyVaultConfigArgs] = None,
            google_cloud_kms_config: Optional[EncryptionAtRestGoogleCloudKmsConfigArgs] = None,
            project_id: Optional[str] = None) -> EncryptionAtRest
    func GetEncryptionAtRest(ctx *Context, name string, id IDInput, state *EncryptionAtRestState, opts ...ResourceOption) (*EncryptionAtRest, error)
    public static EncryptionAtRest Get(string name, Input<string> id, EncryptionAtRestState? state, CustomResourceOptions? opts = null)
    public static EncryptionAtRest get(String name, Output<String> id, EncryptionAtRestState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:

    Supporting Types

    EncryptionAtRestAwsKmsConfig, EncryptionAtRestAwsKmsConfigArgs

    AccessKeyId string
    CustomerMasterKeyId string
    The AWS customer master key used to encrypt and decrypt the MongoDB master keys.
    Enabled bool
    Specifies whether Encryption at Rest is enabled for an Atlas project, To disable Encryption at Rest, pass only this parameter with a value of false, When you disable Encryption at Rest, Atlas also removes the configuration details.
    Region string
    The AWS region in which the AWS customer master key exists: CA_CENTRAL_1, US_EAST_1, US_EAST_2, US_WEST_1, US_WEST_2, SA_EAST_1
    RoleId string
    ID of an AWS IAM role authorized to manage an AWS customer master key. To find the ID for an existing IAM role check the role_id attribute of the mongodbatlas_cloud_provider_access resource.
    SecretAccessKey string
    AccessKeyId string
    CustomerMasterKeyId string
    The AWS customer master key used to encrypt and decrypt the MongoDB master keys.
    Enabled bool
    Specifies whether Encryption at Rest is enabled for an Atlas project, To disable Encryption at Rest, pass only this parameter with a value of false, When you disable Encryption at Rest, Atlas also removes the configuration details.
    Region string
    The AWS region in which the AWS customer master key exists: CA_CENTRAL_1, US_EAST_1, US_EAST_2, US_WEST_1, US_WEST_2, SA_EAST_1
    RoleId string
    ID of an AWS IAM role authorized to manage an AWS customer master key. To find the ID for an existing IAM role check the role_id attribute of the mongodbatlas_cloud_provider_access resource.
    SecretAccessKey string
    accessKeyId String
    customerMasterKeyId String
    The AWS customer master key used to encrypt and decrypt the MongoDB master keys.
    enabled Boolean
    Specifies whether Encryption at Rest is enabled for an Atlas project, To disable Encryption at Rest, pass only this parameter with a value of false, When you disable Encryption at Rest, Atlas also removes the configuration details.
    region String
    The AWS region in which the AWS customer master key exists: CA_CENTRAL_1, US_EAST_1, US_EAST_2, US_WEST_1, US_WEST_2, SA_EAST_1
    roleId String
    ID of an AWS IAM role authorized to manage an AWS customer master key. To find the ID for an existing IAM role check the role_id attribute of the mongodbatlas_cloud_provider_access resource.
    secretAccessKey String
    accessKeyId string
    customerMasterKeyId string
    The AWS customer master key used to encrypt and decrypt the MongoDB master keys.
    enabled boolean
    Specifies whether Encryption at Rest is enabled for an Atlas project, To disable Encryption at Rest, pass only this parameter with a value of false, When you disable Encryption at Rest, Atlas also removes the configuration details.
    region string
    The AWS region in which the AWS customer master key exists: CA_CENTRAL_1, US_EAST_1, US_EAST_2, US_WEST_1, US_WEST_2, SA_EAST_1
    roleId string
    ID of an AWS IAM role authorized to manage an AWS customer master key. To find the ID for an existing IAM role check the role_id attribute of the mongodbatlas_cloud_provider_access resource.
    secretAccessKey string
    access_key_id str
    customer_master_key_id str
    The AWS customer master key used to encrypt and decrypt the MongoDB master keys.
    enabled bool
    Specifies whether Encryption at Rest is enabled for an Atlas project, To disable Encryption at Rest, pass only this parameter with a value of false, When you disable Encryption at Rest, Atlas also removes the configuration details.
    region str
    The AWS region in which the AWS customer master key exists: CA_CENTRAL_1, US_EAST_1, US_EAST_2, US_WEST_1, US_WEST_2, SA_EAST_1
    role_id str
    ID of an AWS IAM role authorized to manage an AWS customer master key. To find the ID for an existing IAM role check the role_id attribute of the mongodbatlas_cloud_provider_access resource.
    secret_access_key str
    accessKeyId String
    customerMasterKeyId String
    The AWS customer master key used to encrypt and decrypt the MongoDB master keys.
    enabled Boolean
    Specifies whether Encryption at Rest is enabled for an Atlas project, To disable Encryption at Rest, pass only this parameter with a value of false, When you disable Encryption at Rest, Atlas also removes the configuration details.
    region String
    The AWS region in which the AWS customer master key exists: CA_CENTRAL_1, US_EAST_1, US_EAST_2, US_WEST_1, US_WEST_2, SA_EAST_1
    roleId String
    ID of an AWS IAM role authorized to manage an AWS customer master key. To find the ID for an existing IAM role check the role_id attribute of the mongodbatlas_cloud_provider_access resource.
    secretAccessKey String

    EncryptionAtRestAzureKeyVaultConfig, EncryptionAtRestAzureKeyVaultConfigArgs

    AzureEnvironment string
    The Azure environment where the Azure account credentials reside. Valid values are the following: AZURE, AZURE_CHINA, AZURE_GERMANY
    ClientId string
    The client ID, also known as the application ID, for an Azure application associated with the Azure AD tenant.
    Enabled bool
    Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details.
    KeyIdentifier string
    The unique identifier of a key in an Azure Key Vault.
    KeyVaultName string
    The name of an Azure Key Vault containing your key.
    ResourceGroupName string
    The name of the Azure Resource group that contains an Azure Key Vault.
    Secret string
    The secret associated with the Azure Key Vault specified by azureKeyVault.tenantID.
    SubscriptionId string
    The unique identifier associated with an Azure subscription.
    TenantId string
    The unique identifier for an Azure AD tenant within an Azure subscription.
    AzureEnvironment string
    The Azure environment where the Azure account credentials reside. Valid values are the following: AZURE, AZURE_CHINA, AZURE_GERMANY
    ClientId string
    The client ID, also known as the application ID, for an Azure application associated with the Azure AD tenant.
    Enabled bool
    Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details.
    KeyIdentifier string
    The unique identifier of a key in an Azure Key Vault.
    KeyVaultName string
    The name of an Azure Key Vault containing your key.
    ResourceGroupName string
    The name of the Azure Resource group that contains an Azure Key Vault.
    Secret string
    The secret associated with the Azure Key Vault specified by azureKeyVault.tenantID.
    SubscriptionId string
    The unique identifier associated with an Azure subscription.
    TenantId string
    The unique identifier for an Azure AD tenant within an Azure subscription.
    azureEnvironment String
    The Azure environment where the Azure account credentials reside. Valid values are the following: AZURE, AZURE_CHINA, AZURE_GERMANY
    clientId String
    The client ID, also known as the application ID, for an Azure application associated with the Azure AD tenant.
    enabled Boolean
    Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details.
    keyIdentifier String
    The unique identifier of a key in an Azure Key Vault.
    keyVaultName String
    The name of an Azure Key Vault containing your key.
    resourceGroupName String
    The name of the Azure Resource group that contains an Azure Key Vault.
    secret String
    The secret associated with the Azure Key Vault specified by azureKeyVault.tenantID.
    subscriptionId String
    The unique identifier associated with an Azure subscription.
    tenantId String
    The unique identifier for an Azure AD tenant within an Azure subscription.
    azureEnvironment string
    The Azure environment where the Azure account credentials reside. Valid values are the following: AZURE, AZURE_CHINA, AZURE_GERMANY
    clientId string
    The client ID, also known as the application ID, for an Azure application associated with the Azure AD tenant.
    enabled boolean
    Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details.
    keyIdentifier string
    The unique identifier of a key in an Azure Key Vault.
    keyVaultName string
    The name of an Azure Key Vault containing your key.
    resourceGroupName string
    The name of the Azure Resource group that contains an Azure Key Vault.
    secret string
    The secret associated with the Azure Key Vault specified by azureKeyVault.tenantID.
    subscriptionId string
    The unique identifier associated with an Azure subscription.
    tenantId string
    The unique identifier for an Azure AD tenant within an Azure subscription.
    azure_environment str
    The Azure environment where the Azure account credentials reside. Valid values are the following: AZURE, AZURE_CHINA, AZURE_GERMANY
    client_id str
    The client ID, also known as the application ID, for an Azure application associated with the Azure AD tenant.
    enabled bool
    Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details.
    key_identifier str
    The unique identifier of a key in an Azure Key Vault.
    key_vault_name str
    The name of an Azure Key Vault containing your key.
    resource_group_name str
    The name of the Azure Resource group that contains an Azure Key Vault.
    secret str
    The secret associated with the Azure Key Vault specified by azureKeyVault.tenantID.
    subscription_id str
    The unique identifier associated with an Azure subscription.
    tenant_id str
    The unique identifier for an Azure AD tenant within an Azure subscription.
    azureEnvironment String
    The Azure environment where the Azure account credentials reside. Valid values are the following: AZURE, AZURE_CHINA, AZURE_GERMANY
    clientId String
    The client ID, also known as the application ID, for an Azure application associated with the Azure AD tenant.
    enabled Boolean
    Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details.
    keyIdentifier String
    The unique identifier of a key in an Azure Key Vault.
    keyVaultName String
    The name of an Azure Key Vault containing your key.
    resourceGroupName String
    The name of the Azure Resource group that contains an Azure Key Vault.
    secret String
    The secret associated with the Azure Key Vault specified by azureKeyVault.tenantID.
    subscriptionId String
    The unique identifier associated with an Azure subscription.
    tenantId String
    The unique identifier for an Azure AD tenant within an Azure subscription.

    EncryptionAtRestGoogleCloudKmsConfig, EncryptionAtRestGoogleCloudKmsConfigArgs

    Enabled bool
    Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details.
    KeyVersionResourceId string
    The Key Version Resource ID from your GCP account.
    ServiceAccountKey string
    String-formatted JSON object containing GCP KMS credentials from your GCP account.
    Enabled bool
    Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details.
    KeyVersionResourceId string
    The Key Version Resource ID from your GCP account.
    ServiceAccountKey string
    String-formatted JSON object containing GCP KMS credentials from your GCP account.
    enabled Boolean
    Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details.
    keyVersionResourceId String
    The Key Version Resource ID from your GCP account.
    serviceAccountKey String
    String-formatted JSON object containing GCP KMS credentials from your GCP account.
    enabled boolean
    Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details.
    keyVersionResourceId string
    The Key Version Resource ID from your GCP account.
    serviceAccountKey string
    String-formatted JSON object containing GCP KMS credentials from your GCP account.
    enabled bool
    Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details.
    key_version_resource_id str
    The Key Version Resource ID from your GCP account.
    service_account_key str
    String-formatted JSON object containing GCP KMS credentials from your GCP account.
    enabled Boolean
    Specifies whether Encryption at Rest is enabled for an Atlas project. To disable Encryption at Rest, pass only this parameter with a value of false. When you disable Encryption at Rest, Atlas also removes the configuration details.
    keyVersionResourceId String
    The Key Version Resource ID from your GCP account.
    serviceAccountKey String
    String-formatted JSON object containing GCP KMS credentials from your GCP account.

    Package Details

    Repository
    MongoDB Atlas pulumi/pulumi-mongodbatlas
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the mongodbatlas Terraform Provider.
    mongodbatlas logo
    MongoDB Atlas v3.16.2 published on Friday, Jun 21, 2024 by Pulumi