Docs Home
AWS v6.77.1 published on Friday, Apr 18, 2025 by Pulumi
aws.kms.getCipherText
Explore with Pulumi AI
The KMS ciphertext data source allows you to encrypt plaintext into ciphertext
by using an AWS KMS customer master key. The value returned by this data source
changes every apply. For a stable ciphertext value, see the aws.kms.Ciphertext
resource.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const oauthConfig = new aws.kms.Key("oauth_config", {
description: "oauth config",
isEnabled: true,
});
const oauth = aws.kms.getCipherTextOutput({
keyId: oauthConfig.keyId,
plaintext: `{
"client_id": "e587dbae22222f55da22",
"client_secret": "8289575d00000ace55e1815ec13673955721b8a5"
}
`,
});
import pulumi
import pulumi_aws as aws
oauth_config = aws.kms.Key("oauth_config",
description="oauth config",
is_enabled=True)
oauth = aws.kms.get_cipher_text_output(key_id=oauth_config.key_id,
plaintext="""{
"client_id": "e587dbae22222f55da22",
"client_secret": "8289575d00000ace55e1815ec13673955721b8a5"
}
""")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
oauthConfig, err := kms.NewKey(ctx, "oauth_config", &kms.KeyArgs{
Description: pulumi.String("oauth config"),
IsEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
_ = kms.GetCipherTextOutput(ctx, kms.GetCipherTextOutputArgs{
KeyId: oauthConfig.KeyId,
Plaintext: pulumi.String("{\n \"client_id\": \"e587dbae22222f55da22\",\n \"client_secret\": \"8289575d00000ace55e1815ec13673955721b8a5\"\n}\n"),
}, nil)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var oauthConfig = new Aws.Kms.Key("oauth_config", new()
{
Description = "oauth config",
IsEnabled = true,
});
var oauth = Aws.Kms.GetCipherText.Invoke(new()
{
KeyId = oauthConfig.KeyId,
Plaintext = @"{
""client_id"": ""e587dbae22222f55da22"",
""client_secret"": ""8289575d00000ace55e1815ec13673955721b8a5""
}
",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.kms.Key;
import com.pulumi.aws.kms.KeyArgs;
import com.pulumi.aws.kms.KmsFunctions;
import com.pulumi.aws.kms.inputs.GetCipherTextArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var oauthConfig = new Key("oauthConfig", KeyArgs.builder()
.description("oauth config")
.isEnabled(true)
.build());
final var oauth = KmsFunctions.getCipherText(GetCipherTextArgs.builder()
.keyId(oauthConfig.keyId())
.plaintext("""
{
"client_id": "e587dbae22222f55da22",
"client_secret": "8289575d00000ace55e1815ec13673955721b8a5"
}
""")
.build());
}
}
resources:
oauthConfig:
type: aws:kms:Key
name: oauth_config
properties:
description: oauth config
isEnabled: true
variables:
oauth:
fn::invoke:
function: aws:kms:getCipherText
arguments:
keyId: ${oauthConfig.keyId}
plaintext: |
{
"client_id": "e587dbae22222f55da22",
"client_secret": "8289575d00000ace55e1815ec13673955721b8a5"
}
Using getCipherText
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getCipherText(args: GetCipherTextArgs, opts?: InvokeOptions): Promise<GetCipherTextResult>
function getCipherTextOutput(args: GetCipherTextOutputArgs, opts?: InvokeOptions): Output<GetCipherTextResult>def get_cipher_text(context: Optional[Mapping[str, str]] = None,
key_id: Optional[str] = None,
plaintext: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetCipherTextResult
def get_cipher_text_output(context: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
key_id: Optional[pulumi.Input[str]] = None,
plaintext: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetCipherTextResult]func GetCipherText(ctx *Context, args *GetCipherTextArgs, opts ...InvokeOption) (*GetCipherTextResult, error)
func GetCipherTextOutput(ctx *Context, args *GetCipherTextOutputArgs, opts ...InvokeOption) GetCipherTextResultOutput> Note: This function is named GetCipherText in the Go SDK.
public static class GetCipherText
{
public static Task<GetCipherTextResult> InvokeAsync(GetCipherTextArgs args, InvokeOptions? opts = null)
public static Output<GetCipherTextResult> Invoke(GetCipherTextInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetCipherTextResult> getCipherText(GetCipherTextArgs args, InvokeOptions options)
public static Output<GetCipherTextResult> getCipherText(GetCipherTextArgs args, InvokeOptions options)
fn::invoke:
function: aws:kms/getCipherText:getCipherText
arguments:
# arguments dictionaryThe following arguments are supported:
getCipherText Result
The following output properties are available:
- Ciphertext
Blob string - Base64 encoded ciphertext
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Id string - Plaintext string
- Context Dictionary<string, string>
- Ciphertext
Blob string - Base64 encoded ciphertext
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Id string - Plaintext string
- Context map[string]string
- ciphertext
Blob String - Base64 encoded ciphertext
- id String
- The provider-assigned unique ID for this managed resource.
- key
Id String - plaintext String
- context Map<String,String>
- ciphertext
Blob string - Base64 encoded ciphertext
- id string
- The provider-assigned unique ID for this managed resource.
- key
Id string - plaintext string
- context {[key: string]: string}
- ciphertext_
blob str - Base64 encoded ciphertext
- id str
- The provider-assigned unique ID for this managed resource.
- key_
id str - plaintext str
- context Mapping[str, str]
- ciphertext
Blob String - Base64 encoded ciphertext
- id String
- The provider-assigned unique ID for this managed resource.
- key
Id String - plaintext String
- context Map<String>
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.