Ciphertext
The KMS ciphertext resource allows you to encrypt plaintext into ciphertext
by using an AWS KMS customer master key. The value returned by this resource
is stable across every apply. For a changing ciphertext value each apply, see
the aws.kms.Ciphertext data source.
Note: All arguments including the plaintext be stored in the raw state as plain-text.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var oauthConfig = new Aws.Kms.Key("oauthConfig", new Aws.Kms.KeyArgs
{
Description = "oauth config",
IsEnabled = true,
});
var oauth = new Aws.Kms.Ciphertext("oauth", new Aws.Kms.CiphertextArgs
{
KeyId = oauthConfig.KeyId,
Plaintext = @"{
""client_id"": ""e587dbae22222f55da22"",
""client_secret"": ""8289575d00000ace55e1815ec13673955721b8a5""
}
",
});
}
}
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/kms"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
oauthConfig, err := kms.NewKey(ctx, "oauthConfig", &kms.KeyArgs{
Description: pulumi.String("oauth config"),
IsEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
_, err = kms.NewCiphertext(ctx, "oauth", &kms.CiphertextArgs{
KeyId: oauthConfig.KeyId,
Plaintext: pulumi.String(fmt.Sprintf("%v%v%v%v%v", "{\n", " \"client_id\": \"e587dbae22222f55da22\",\n", " \"client_secret\": \"8289575d00000ace55e1815ec13673955721b8a5\"\n", "}\n", "\n")),
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_aws as aws
oauth_config = aws.kms.Key("oauthConfig",
description="oauth config",
is_enabled=True)
oauth = aws.kms.Ciphertext("oauth",
key_id=oauth_config.key_id,
plaintext="""{
"client_id": "e587dbae22222f55da22",
"client_secret": "8289575d00000ace55e1815ec13673955721b8a5"
}
""")import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const oauthConfig = new aws.kms.Key("oauth_config", {
description: "oauth config",
isEnabled: true,
});
const oauth = new aws.kms.Ciphertext("oauth", {
keyId: oauthConfig.keyId,
plaintext: `{
"client_id": "e587dbae22222f55da22",
"client_secret": "8289575d00000ace55e1815ec13673955721b8a5"
}
`,
});Create a Ciphertext Resource
new Ciphertext(name: string, args: CiphertextArgs, opts?: CustomResourceOptions);def Ciphertext(resource_name, opts=None, context=None, key_id=None, plaintext=None, __props__=None);func NewCiphertext(ctx *Context, name string, args CiphertextArgs, opts ...ResourceOption) (*Ciphertext, error)public Ciphertext(string name, CiphertextArgs args, CustomResourceOptions? opts = null)- name string
- The unique name of the resource.
- args CiphertextArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- opts ResourceOptions
- A bag of options that control this resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CiphertextArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CiphertextArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
Ciphertext Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.
Inputs
The Ciphertext resource accepts the following input properties:
Outputs
All input properties are implicitly available as output properties. Additionally, the Ciphertext resource produces the following output properties:
- Ciphertext
Blob string Base64 encoded ciphertext
- Id string
- The provider-assigned unique ID for this managed resource.
- Ciphertext
Blob string Base64 encoded ciphertext
- Id string
- The provider-assigned unique ID for this managed resource.
- ciphertext
Blob string Base64 encoded ciphertext
- id string
- The provider-assigned unique ID for this managed resource.
- ciphertext_
blob str Base64 encoded ciphertext
- id str
- The provider-assigned unique ID for this managed resource.
Look up an Existing Ciphertext Resource
Get an existing Ciphertext resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CiphertextState, opts?: CustomResourceOptions): Ciphertextstatic get(resource_name, id, opts=None, ciphertext_blob=None, context=None, key_id=None, plaintext=None, __props__=None);func GetCiphertext(ctx *Context, name string, id IDInput, state *CiphertextState, opts ...ResourceOption) (*Ciphertext, error)public static Ciphertext Get(string name, Input<string> id, CiphertextState? state, CustomResourceOptions? opts = null)- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Ciphertext
Blob string Base64 encoded ciphertext
- Context Dictionary<string, string>
An optional mapping that makes up the encryption context.
- Key
Id string Globally unique key ID for the customer master key.
- Plaintext string
Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.
- Ciphertext
Blob string Base64 encoded ciphertext
- Context map[string]string
An optional mapping that makes up the encryption context.
- Key
Id string Globally unique key ID for the customer master key.
- Plaintext string
Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.
- ciphertext
Blob string Base64 encoded ciphertext
- context {[key: string]: string}
An optional mapping that makes up the encryption context.
- key
Id string Globally unique key ID for the customer master key.
- plaintext string
Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.
Package Details
- Repository
- https://github.com/pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.