1. Packages
  2. AWS Classic
  3. API Docs
  4. kms
  5. getCipherText

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.40.0 published on Wednesday, Jun 12, 2024 by Pulumi

aws.kms.getCipherText

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.40.0 published on Wednesday, Jun 12, 2024 by Pulumi

    The KMS ciphertext data source allows you to encrypt plaintext into ciphertext by using an AWS KMS customer master key. The value returned by this data source changes every apply. For a stable ciphertext value, see the aws.kms.Ciphertext resource.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const oauthConfig = new aws.kms.Key("oauth_config", {
        description: "oauth config",
        isEnabled: true,
    });
    const oauth = aws.kms.getCipherTextOutput({
        keyId: oauthConfig.keyId,
        plaintext: `{
      "client_id": "e587dbae22222f55da22",
      "client_secret": "8289575d00000ace55e1815ec13673955721b8a5"
    }
    `,
    });
    
    import pulumi
    import pulumi_aws as aws
    
    oauth_config = aws.kms.Key("oauth_config",
        description="oauth config",
        is_enabled=True)
    oauth = aws.kms.get_cipher_text_output(key_id=oauth_config.key_id,
        plaintext="""{
      "client_id": "e587dbae22222f55da22",
      "client_secret": "8289575d00000ace55e1815ec13673955721b8a5"
    }
    """)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		oauthConfig, err := kms.NewKey(ctx, "oauth_config", &kms.KeyArgs{
    			Description: pulumi.String("oauth config"),
    			IsEnabled:   pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		_ = kms.GetCipherTextOutput(ctx, kms.GetCipherTextOutputArgs{
    			KeyId:     oauthConfig.KeyId,
    			Plaintext: pulumi.String("{\n  \"client_id\": \"e587dbae22222f55da22\",\n  \"client_secret\": \"8289575d00000ace55e1815ec13673955721b8a5\"\n}\n"),
    		}, nil)
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var oauthConfig = new Aws.Kms.Key("oauth_config", new()
        {
            Description = "oauth config",
            IsEnabled = true,
        });
    
        var oauth = Aws.Kms.GetCipherText.Invoke(new()
        {
            KeyId = oauthConfig.KeyId,
            Plaintext = @"{
      ""client_id"": ""e587dbae22222f55da22"",
      ""client_secret"": ""8289575d00000ace55e1815ec13673955721b8a5""
    }
    ",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.kms.Key;
    import com.pulumi.aws.kms.KeyArgs;
    import com.pulumi.aws.kms.KmsFunctions;
    import com.pulumi.aws.kms.inputs.GetCipherTextArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var oauthConfig = new Key("oauthConfig", KeyArgs.builder()
                .description("oauth config")
                .isEnabled(true)
                .build());
    
            final var oauth = KmsFunctions.getCipherText(GetCipherTextArgs.builder()
                .keyId(oauthConfig.keyId())
                .plaintext("""
    {
      "client_id": "e587dbae22222f55da22",
      "client_secret": "8289575d00000ace55e1815ec13673955721b8a5"
    }
                """)
                .build());
    
        }
    }
    
    resources:
      oauthConfig:
        type: aws:kms:Key
        name: oauth_config
        properties:
          description: oauth config
          isEnabled: true
    variables:
      oauth:
        fn::invoke:
          Function: aws:kms:getCipherText
          Arguments:
            keyId: ${oauthConfig.keyId}
            plaintext: |
              {
                "client_id": "e587dbae22222f55da22",
                "client_secret": "8289575d00000ace55e1815ec13673955721b8a5"
              }          
    

    Using getCipherText

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getCipherText(args: GetCipherTextArgs, opts?: InvokeOptions): Promise<GetCipherTextResult>
    function getCipherTextOutput(args: GetCipherTextOutputArgs, opts?: InvokeOptions): Output<GetCipherTextResult>
    def get_cipher_text(context: Optional[Mapping[str, str]] = None,
                        key_id: Optional[str] = None,
                        plaintext: Optional[str] = None,
                        opts: Optional[InvokeOptions] = None) -> GetCipherTextResult
    def get_cipher_text_output(context: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                        key_id: Optional[pulumi.Input[str]] = None,
                        plaintext: Optional[pulumi.Input[str]] = None,
                        opts: Optional[InvokeOptions] = None) -> Output[GetCipherTextResult]
    func GetCipherText(ctx *Context, args *GetCipherTextArgs, opts ...InvokeOption) (*GetCipherTextResult, error)
    func GetCipherTextOutput(ctx *Context, args *GetCipherTextOutputArgs, opts ...InvokeOption) GetCipherTextResultOutput

    > Note: This function is named GetCipherText in the Go SDK.

    public static class GetCipherText 
    {
        public static Task<GetCipherTextResult> InvokeAsync(GetCipherTextArgs args, InvokeOptions? opts = null)
        public static Output<GetCipherTextResult> Invoke(GetCipherTextInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetCipherTextResult> getCipherText(GetCipherTextArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: aws:kms/getCipherText:getCipherText
      arguments:
        # arguments dictionary

    The following arguments are supported:

    KeyId string
    Globally unique key ID for the customer master key.
    Plaintext string
    Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.
    Context Dictionary<string, string>
    An optional mapping that makes up the encryption context.
    KeyId string
    Globally unique key ID for the customer master key.
    Plaintext string
    Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.
    Context map[string]string
    An optional mapping that makes up the encryption context.
    keyId String
    Globally unique key ID for the customer master key.
    plaintext String
    Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.
    context Map<String,String>
    An optional mapping that makes up the encryption context.
    keyId string
    Globally unique key ID for the customer master key.
    plaintext string
    Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.
    context {[key: string]: string}
    An optional mapping that makes up the encryption context.
    key_id str
    Globally unique key ID for the customer master key.
    plaintext str
    Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.
    context Mapping[str, str]
    An optional mapping that makes up the encryption context.
    keyId String
    Globally unique key ID for the customer master key.
    plaintext String
    Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.
    context Map<String>
    An optional mapping that makes up the encryption context.

    getCipherText Result

    The following output properties are available:

    CiphertextBlob string
    Base64 encoded ciphertext
    Id string
    The provider-assigned unique ID for this managed resource.
    KeyId string
    Plaintext string
    Context Dictionary<string, string>
    CiphertextBlob string
    Base64 encoded ciphertext
    Id string
    The provider-assigned unique ID for this managed resource.
    KeyId string
    Plaintext string
    Context map[string]string
    ciphertextBlob String
    Base64 encoded ciphertext
    id String
    The provider-assigned unique ID for this managed resource.
    keyId String
    plaintext String
    context Map<String,String>
    ciphertextBlob string
    Base64 encoded ciphertext
    id string
    The provider-assigned unique ID for this managed resource.
    keyId string
    plaintext string
    context {[key: string]: string}
    ciphertext_blob str
    Base64 encoded ciphertext
    id str
    The provider-assigned unique ID for this managed resource.
    key_id str
    plaintext str
    context Mapping[str, str]
    ciphertextBlob String
    Base64 encoded ciphertext
    id String
    The provider-assigned unique ID for this managed resource.
    keyId String
    plaintext String
    context Map<String>

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.40.0 published on Wednesday, Jun 12, 2024 by Pulumi