GetKMSSecret

This data source allows you to use data encrypted with Google Cloud KMS within your resource definitions.

For more information see the official documentation.

NOTE: Using this data provider will allow you to conceal secret data within your resource definitions, but it does not take care of protecting that data in the logging output, plan output, or state output. Please take care to secure your secret data outside of resource definitions.

Using GetKMSSecret

function getKMSSecret(args: GetKMSSecretArgs, opts?: InvokeOptions): Promise<GetKMSSecretResult>

function  get_kms_secret(additional_authenticated_data=None, ciphertext=None, crypto_key=None, opts=None)

func GetKMSSecret(ctx *Context, args *GetKMSSecretArgs, opts ...InvokeOption) (*GetKMSSecretResult, error)

public static class GetKMSSecret {
    public static Task<GetKMSSecretResult> InvokeAsync(GetKMSSecretArgs args, InvokeOptions? opts = null)
}

The following arguments are supported:

Ciphertext string: The ciphertext to be decrypted, encoded in base64
CryptoKey string: The id of the CryptoKey that will be used to decrypt the provided ciphertext. This is represented by the format {projectId}/{location}/{keyRingName}/{cryptoKeyName}.
AdditionalAuthenticatedData string: The additional authenticated data used for integrity checks during encryption and decryption.

Ciphertext string: The ciphertext to be decrypted, encoded in base64
CryptoKey string: The id of the CryptoKey that will be used to decrypt the provided ciphertext. This is represented by the format {projectId}/{location}/{keyRingName}/{cryptoKeyName}.
AdditionalAuthenticatedData string: The additional authenticated data used for integrity checks during encryption and decryption.

ciphertext string: The ciphertext to be decrypted, encoded in base64
cryptoKey string: The id of the CryptoKey that will be used to decrypt the provided ciphertext. This is represented by the format {projectId}/{location}/{keyRingName}/{cryptoKeyName}.
additionalAuthenticatedData string: The additional authenticated data used for integrity checks during encryption and decryption.

ciphertext str: The ciphertext to be decrypted, encoded in base64
crypto_key str: The id of the CryptoKey that will be used to decrypt the provided ciphertext. This is represented by the format {projectId}/{location}/{keyRingName}/{cryptoKeyName}.
additional_authenticated_data str: The additional authenticated data used for integrity checks during encryption and decryption.

GetKMSSecret Result

The following output properties are available:

Ciphertext string
CryptoKey string
Id string: The provider-assigned unique ID for this managed resource.
Plaintext string: Contains the result of decrypting the provided ciphertext.
AdditionalAuthenticatedData string

Ciphertext string
CryptoKey string
Id string: The provider-assigned unique ID for this managed resource.
Plaintext string: Contains the result of decrypting the provided ciphertext.
AdditionalAuthenticatedData string

ciphertext string
cryptoKey string
id string: The provider-assigned unique ID for this managed resource.
plaintext string: Contains the result of decrypting the provided ciphertext.
additionalAuthenticatedData string

ciphertext str
crypto_key str
id str: The provider-assigned unique ID for this managed resource.
plaintext str: Contains the result of decrypting the provided ciphertext.
additional_authenticated_data str

Package Details

Repository: https://github.com/pulumi/pulumi-gcp
License: Apache-2.0
Notes: This Pulumi package is based on the google-beta Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

GetKMSSecret

Using GetKMSSecret

GetKMSSecret Result

Package Details

On This Page