SecretCiphertext

Encrypts secret data with Google Cloud KMS and provides access to the ciphertext.

NOTE: Using this resource will allow you to conceal secret data within your resource definitions, but it does not take care of protecting that data in the logging output, plan output, or state output. Please take care to secure your secret data outside of resource definitions.

To get more information about SecretCiphertext, see:

API documentation
How-to Guides
- Encrypting and decrypting data with a symmetric key

Warning: All arguments including plaintext and additional_authenticated_data will be stored in the raw state as plain-text. Read more about secrets in state.

Create a SecretCiphertext Resource

new SecretCiphertext(name: string, args: SecretCiphertextArgs, opts?: CustomResourceOptions);

def SecretCiphertext(resource_name, opts=None, additional_authenticated_data=None, crypto_key=None, plaintext=None, __props__=None);

func NewSecretCiphertext(ctx *Context, name string, args SecretCiphertextArgs, opts ...ResourceOption) (*SecretCiphertext, error)

public SecretCiphertext(string name, SecretCiphertextArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args SecretCiphertextArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SecretCiphertextArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SecretCiphertextArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

SecretCiphertext Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The SecretCiphertext resource accepts the following input properties:

CryptoKey string: The full name of the CryptoKey that will be used to encrypt the provided plaintext. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}'
Plaintext string: The plaintext to be encrypted. Note: This property is sensitive and will not be displayed in the plan.
AdditionalAuthenticatedData string: The additional authenticated data used for integrity checks during encryption and decryption. Note: This property is sensitive and will not be displayed in the plan.

CryptoKey string: The full name of the CryptoKey that will be used to encrypt the provided plaintext. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}'
Plaintext string: The plaintext to be encrypted. Note: This property is sensitive and will not be displayed in the plan.
AdditionalAuthenticatedData string: The additional authenticated data used for integrity checks during encryption and decryption. Note: This property is sensitive and will not be displayed in the plan.

cryptoKey string: The full name of the CryptoKey that will be used to encrypt the provided plaintext. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}'
plaintext string: The plaintext to be encrypted. Note: This property is sensitive and will not be displayed in the plan.
additionalAuthenticatedData string: The additional authenticated data used for integrity checks during encryption and decryption. Note: This property is sensitive and will not be displayed in the plan.

crypto_key str: The full name of the CryptoKey that will be used to encrypt the provided plaintext. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}'
plaintext str: The plaintext to be encrypted. Note: This property is sensitive and will not be displayed in the plan.
additional_authenticated_data str: The additional authenticated data used for integrity checks during encryption and decryption. Note: This property is sensitive and will not be displayed in the plan.

Outputs

All input properties are implicitly available as output properties. Additionally, the SecretCiphertext resource produces the following output properties:

Ciphertext string: Contains the result of encrypting the provided plaintext, encoded in base64.
Id string: The provider-assigned unique ID for this managed resource.

Ciphertext string: Contains the result of encrypting the provided plaintext, encoded in base64.
Id string: The provider-assigned unique ID for this managed resource.

ciphertext string: Contains the result of encrypting the provided plaintext, encoded in base64.
id string: The provider-assigned unique ID for this managed resource.

ciphertext str: Contains the result of encrypting the provided plaintext, encoded in base64.
id str: The provider-assigned unique ID for this managed resource.

Look up an Existing SecretCiphertext Resource

Get an existing SecretCiphertext resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SecretCiphertextState, opts?: CustomResourceOptions): SecretCiphertext

static get(resource_name, id, opts=None, additional_authenticated_data=None, ciphertext=None, crypto_key=None, plaintext=None, __props__=None);

func GetSecretCiphertext(ctx *Context, name string, id IDInput, state *SecretCiphertextState, opts ...ResourceOption) (*SecretCiphertext, error)

public static SecretCiphertext Get(string name, Input<string> id, SecretCiphertextState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AdditionalAuthenticatedData string: The additional authenticated data used for integrity checks during encryption and decryption. Note: This property is sensitive and will not be displayed in the plan.
Ciphertext string: Contains the result of encrypting the provided plaintext, encoded in base64.
CryptoKey string: The full name of the CryptoKey that will be used to encrypt the provided plaintext. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}'
Plaintext string: The plaintext to be encrypted. Note: This property is sensitive and will not be displayed in the plan.

AdditionalAuthenticatedData string: The additional authenticated data used for integrity checks during encryption and decryption. Note: This property is sensitive and will not be displayed in the plan.
Ciphertext string: Contains the result of encrypting the provided plaintext, encoded in base64.
CryptoKey string: The full name of the CryptoKey that will be used to encrypt the provided plaintext. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}'
Plaintext string: The plaintext to be encrypted. Note: This property is sensitive and will not be displayed in the plan.

additionalAuthenticatedData string: The additional authenticated data used for integrity checks during encryption and decryption. Note: This property is sensitive and will not be displayed in the plan.
ciphertext string: Contains the result of encrypting the provided plaintext, encoded in base64.
cryptoKey string: The full name of the CryptoKey that will be used to encrypt the provided plaintext. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}'
plaintext string: The plaintext to be encrypted. Note: This property is sensitive and will not be displayed in the plan.

additional_authenticated_data str: The additional authenticated data used for integrity checks during encryption and decryption. Note: This property is sensitive and will not be displayed in the plan.
ciphertext str: Contains the result of encrypting the provided plaintext, encoded in base64.
crypto_key str: The full name of the CryptoKey that will be used to encrypt the provided plaintext. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}'
plaintext str: The plaintext to be encrypted. Note: This property is sensitive and will not be displayed in the plan.

Package Details

Repository: https://github.com/pulumi/pulumi-gcp
License: Apache-2.0
Notes: This Pulumi package is based on the google-beta Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud