aws logo
AWS Classic v5.32.0, Mar 17 23

aws.kms.getCipherText

The KMS ciphertext data source allows you to encrypt plaintext into ciphertext by using an AWS KMS customer master key. The value returned by this data source changes every apply. For a stable ciphertext value, see the aws.kms.Ciphertext resource.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var oauthConfig = new Aws.Kms.Key("oauthConfig", new()
    {
        Description = "oauth config",
        IsEnabled = true,
    });

    var oauth = Aws.Kms.GetCipherText.Invoke(new()
    {
        KeyId = oauthConfig.KeyId,
        Plaintext = @"{
  ""client_id"": ""e587dbae22222f55da22"",
  ""client_secret"": ""8289575d00000ace55e1815ec13673955721b8a5""
}
",
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/kms"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		oauthConfig, err := kms.NewKey(ctx, "oauthConfig", &kms.KeyArgs{
			Description: pulumi.String("oauth config"),
			IsEnabled:   pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_ = kms.GetCipherTextOutput(ctx, kms.GetCipherTextOutputArgs{
			KeyId:     oauthConfig.KeyId,
			Plaintext: pulumi.String("{\n  \"client_id\": \"e587dbae22222f55da22\",\n  \"client_secret\": \"8289575d00000ace55e1815ec13673955721b8a5\"\n}\n"),
		}, nil)
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.kms.Key;
import com.pulumi.aws.kms.KeyArgs;
import com.pulumi.aws.kms.KmsFunctions;
import com.pulumi.aws.kms.inputs.GetCipherTextArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var oauthConfig = new Key("oauthConfig", KeyArgs.builder()        
            .description("oauth config")
            .isEnabled(true)
            .build());

        final var oauth = KmsFunctions.getCipherText(GetCipherTextArgs.builder()
            .keyId(oauthConfig.keyId())
            .plaintext("""
{
  "client_id": "e587dbae22222f55da22",
  "client_secret": "8289575d00000ace55e1815ec13673955721b8a5"
}
            """)
            .build());

    }
}
import pulumi
import pulumi_aws as aws

oauth_config = aws.kms.Key("oauthConfig",
    description="oauth config",
    is_enabled=True)
oauth = aws.kms.get_cipher_text_output(key_id=oauth_config.key_id,
    plaintext="""{
  "client_id": "e587dbae22222f55da22",
  "client_secret": "8289575d00000ace55e1815ec13673955721b8a5"
}
""")
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const oauthConfig = new aws.kms.Key("oauthConfig", {
    description: "oauth config",
    isEnabled: true,
});
const oauth = aws.kms.getCipherTextOutput({
    keyId: oauthConfig.keyId,
    plaintext: `{
  "client_id": "e587dbae22222f55da22",
  "client_secret": "8289575d00000ace55e1815ec13673955721b8a5"
}
`,
});
resources:
  oauthConfig:
    type: aws:kms:Key
    properties:
      description: oauth config
      isEnabled: true
variables:
  oauth:
    fn::invoke:
      Function: aws:kms:getCipherText
      Arguments:
        keyId: ${oauthConfig.keyId}
        plaintext: |
          {
            "client_id": "e587dbae22222f55da22",
            "client_secret": "8289575d00000ace55e1815ec13673955721b8a5"
          }          

Using getCipherText

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getCipherText(args: GetCipherTextArgs, opts?: InvokeOptions): Promise<GetCipherTextResult>
function getCipherTextOutput(args: GetCipherTextOutputArgs, opts?: InvokeOptions): Output<GetCipherTextResult>
def get_cipher_text(context: Optional[Mapping[str, str]] = None,
                    key_id: Optional[str] = None,
                    plaintext: Optional[str] = None,
                    opts: Optional[InvokeOptions] = None) -> GetCipherTextResult
def get_cipher_text_output(context: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                    key_id: Optional[pulumi.Input[str]] = None,
                    plaintext: Optional[pulumi.Input[str]] = None,
                    opts: Optional[InvokeOptions] = None) -> Output[GetCipherTextResult]
func GetCipherText(ctx *Context, args *GetCipherTextArgs, opts ...InvokeOption) (*GetCipherTextResult, error)
func GetCipherTextOutput(ctx *Context, args *GetCipherTextOutputArgs, opts ...InvokeOption) GetCipherTextResultOutput

> Note: This function is named GetCipherText in the Go SDK.

public static class GetCipherText 
{
    public static Task<GetCipherTextResult> InvokeAsync(GetCipherTextArgs args, InvokeOptions? opts = null)
    public static Output<GetCipherTextResult> Invoke(GetCipherTextInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetCipherTextResult> getCipherText(GetCipherTextArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
  function: aws:kms/getCipherText:getCipherText
  arguments:
    # arguments dictionary

The following arguments are supported:

KeyId string

Globally unique key ID for the customer master key.

Plaintext string

Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.

Context Dictionary<string, string>

An optional mapping that makes up the encryption context.

KeyId string

Globally unique key ID for the customer master key.

Plaintext string

Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.

Context map[string]string

An optional mapping that makes up the encryption context.

keyId String

Globally unique key ID for the customer master key.

plaintext String

Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.

context Map<String,String>

An optional mapping that makes up the encryption context.

keyId string

Globally unique key ID for the customer master key.

plaintext string

Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.

context {[key: string]: string}

An optional mapping that makes up the encryption context.

key_id str

Globally unique key ID for the customer master key.

plaintext str

Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.

context Mapping[str, str]

An optional mapping that makes up the encryption context.

keyId String

Globally unique key ID for the customer master key.

plaintext String

Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.

context Map<String>

An optional mapping that makes up the encryption context.

getCipherText Result

The following output properties are available:

CiphertextBlob string

Base64 encoded ciphertext

Id string

The provider-assigned unique ID for this managed resource.

KeyId string
Plaintext string
Context Dictionary<string, string>
CiphertextBlob string

Base64 encoded ciphertext

Id string

The provider-assigned unique ID for this managed resource.

KeyId string
Plaintext string
Context map[string]string
ciphertextBlob String

Base64 encoded ciphertext

id String

The provider-assigned unique ID for this managed resource.

keyId String
plaintext String
context Map<String,String>
ciphertextBlob string

Base64 encoded ciphertext

id string

The provider-assigned unique ID for this managed resource.

keyId string
plaintext string
context {[key: string]: string}
ciphertext_blob str

Base64 encoded ciphertext

id str

The provider-assigned unique ID for this managed resource.

key_id str
plaintext str
context Mapping[str, str]
ciphertextBlob String

Base64 encoded ciphertext

id String

The provider-assigned unique ID for this managed resource.

keyId String
plaintext String
context Map<String>

Package Details

Repository
AWS Classic pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.