Azure Classic v5.43.0, May 6 23

azure.keyvault.getEncryptedValue

Explore with Pulumi AI

Encrypts or Decrypts a value using a Key Vault Key.

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var exampleKeyVault = Azure.KeyVault.GetKeyVault.Invoke(new()
    {
        Name = "mykeyvault",
        ResourceGroupName = "some-resource-group",
    });

    var exampleKey = Azure.KeyVault.GetKey.Invoke(new()
    {
        Name = "some-key",
        KeyVaultId = exampleKeyVault.Apply(getKeyVaultResult => getKeyVaultResult.Id),
    });

    var encrypted = Azure.KeyVault.GetEncryptedValue.Invoke(new()
    {
        KeyVaultKeyId = azurerm_key_vault_key.Test.Id,
        Algorithm = "RSA1_5",
        PlainTextValue = "some-encrypted-value",
    });

    return new Dictionary<string, object?>
    {
        ["id"] = data.Azurerm_key_vault_encrypted_value.Example.Encrypted_data,
    };
});

package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/keyvault"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleKeyVault, err := keyvault.LookupKeyVault(ctx, &keyvault.LookupKeyVaultArgs{
			Name:              "mykeyvault",
			ResourceGroupName: "some-resource-group",
		}, nil)
		if err != nil {
			return err
		}
		_, err = keyvault.LookupKey(ctx, &keyvault.LookupKeyArgs{
			Name:       "some-key",
			KeyVaultId: exampleKeyVault.Id,
		}, nil)
		if err != nil {
			return err
		}
		_, err = keyvault.GetEncryptedValue(ctx, &keyvault.GetEncryptedValueArgs{
			KeyVaultKeyId:  azurerm_key_vault_key.Test.Id,
			Algorithm:      "RSA1_5",
			PlainTextValue: pulumi.StringRef("some-encrypted-value"),
		}, nil)
		if err != nil {
			return err
		}
		ctx.Export("id", data.Azurerm_key_vault_encrypted_value.Example.Encrypted_data)
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.keyvault.KeyvaultFunctions;
import com.pulumi.azure.keyvault.inputs.GetKeyVaultArgs;
import com.pulumi.azure.keyvault.inputs.GetKeyArgs;
import com.pulumi.azure.keyvault.inputs.GetEncryptedValueArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var exampleKeyVault = KeyvaultFunctions.getKeyVault(GetKeyVaultArgs.builder()
            .name("mykeyvault")
            .resourceGroupName("some-resource-group")
            .build());

        final var exampleKey = KeyvaultFunctions.getKey(GetKeyArgs.builder()
            .name("some-key")
            .keyVaultId(exampleKeyVault.applyValue(getKeyVaultResult -> getKeyVaultResult.id()))
            .build());

        final var encrypted = KeyvaultFunctions.getEncryptedValue(GetEncryptedValueArgs.builder()
            .keyVaultKeyId(azurerm_key_vault_key.test().id())
            .algorithm("RSA1_5")
            .plainTextValue("some-encrypted-value")
            .build());

        ctx.export("id", data.azurerm_key_vault_encrypted_value().example().encrypted_data());
    }
}

import pulumi
import pulumi_azure as azure

example_key_vault = azure.keyvault.get_key_vault(name="mykeyvault",
    resource_group_name="some-resource-group")
example_key = azure.keyvault.get_key(name="some-key",
    key_vault_id=example_key_vault.id)
encrypted = azure.keyvault.get_encrypted_value(key_vault_key_id=azurerm_key_vault_key["test"]["id"],
    algorithm="RSA1_5",
    plain_text_value="some-encrypted-value")
pulumi.export("id", data["azurerm_key_vault_encrypted_value"]["example"]["encrypted_data"])

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const exampleKeyVault = azure.keyvault.getKeyVault({
    name: "mykeyvault",
    resourceGroupName: "some-resource-group",
});
const exampleKey = exampleKeyVault.then(exampleKeyVault => azure.keyvault.getKey({
    name: "some-key",
    keyVaultId: exampleKeyVault.id,
}));
const encrypted = azure.keyvault.getEncryptedValue({
    keyVaultKeyId: azurerm_key_vault_key.test.id,
    algorithm: "RSA1_5",
    plainTextValue: "some-encrypted-value",
});
export const id = data.azurerm_key_vault_encrypted_value.example.encrypted_data;

variables:
  exampleKeyVault:
    fn::invoke:
      Function: azure:keyvault:getKeyVault
      Arguments:
        name: mykeyvault
        resourceGroupName: some-resource-group
  exampleKey:
    fn::invoke:
      Function: azure:keyvault:getKey
      Arguments:
        name: some-key
        keyVaultId: ${exampleKeyVault.id}
  encrypted:
    fn::invoke:
      Function: azure:keyvault:getEncryptedValue
      Arguments:
        keyVaultKeyId: ${azurerm_key_vault_key.test.id}
        algorithm: RSA1_5
        plainTextValue: some-encrypted-value
outputs:
  id: ${data.azurerm_key_vault_encrypted_value.example.encrypted_data}

Using getEncryptedValue

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getEncryptedValue(args: GetEncryptedValueArgs, opts?: InvokeOptions): Promise<GetEncryptedValueResult>
function getEncryptedValueOutput(args: GetEncryptedValueOutputArgs, opts?: InvokeOptions): Output<GetEncryptedValueResult>

def get_encrypted_value(algorithm: Optional[str] = None,
                        encrypted_data: Optional[str] = None,
                        key_vault_key_id: Optional[str] = None,
                        plain_text_value: Optional[str] = None,
                        opts: Optional[InvokeOptions] = None) -> GetEncryptedValueResult
def get_encrypted_value_output(algorithm: Optional[pulumi.Input[str]] = None,
                        encrypted_data: Optional[pulumi.Input[str]] = None,
                        key_vault_key_id: Optional[pulumi.Input[str]] = None,
                        plain_text_value: Optional[pulumi.Input[str]] = None,
                        opts: Optional[InvokeOptions] = None) -> Output[GetEncryptedValueResult]

func GetEncryptedValue(ctx *Context, args *GetEncryptedValueArgs, opts ...InvokeOption) (*GetEncryptedValueResult, error)
func GetEncryptedValueOutput(ctx *Context, args *GetEncryptedValueOutputArgs, opts ...InvokeOption) GetEncryptedValueResultOutput

> Note: This function is named GetEncryptedValue in the Go SDK.

public static class GetEncryptedValue 
{
    public static Task<GetEncryptedValueResult> InvokeAsync(GetEncryptedValueArgs args, InvokeOptions? opts = null)
    public static Output<GetEncryptedValueResult> Invoke(GetEncryptedValueInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetEncryptedValueResult> getEncryptedValue(GetEncryptedValueArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

fn::invoke:
  function: azure:keyvault/getEncryptedValue:getEncryptedValue
  arguments:
    # arguments dictionary

The following arguments are supported:

Algorithm string: The Algorithm which should be used to Decrypt/Encrypt this Value. Possible values are RSA1_5, RSA-OAEP and RSA-OAEP-256.
KeyVaultKeyId string: The ID of the Key Vault Key which should be used to Decrypt/Encrypt this Value.
EncryptedData string: The Base64 URL Encoded Encrypted Data which should be decrypted into plain_text_value.
PlainTextValue string: The plain-text value which should be Encrypted into encrypted_data.

Algorithm string: The Algorithm which should be used to Decrypt/Encrypt this Value. Possible values are RSA1_5, RSA-OAEP and RSA-OAEP-256.
KeyVaultKeyId string: The ID of the Key Vault Key which should be used to Decrypt/Encrypt this Value.
EncryptedData string: The Base64 URL Encoded Encrypted Data which should be decrypted into plain_text_value.
PlainTextValue string: The plain-text value which should be Encrypted into encrypted_data.

algorithm String: The Algorithm which should be used to Decrypt/Encrypt this Value. Possible values are RSA1_5, RSA-OAEP and RSA-OAEP-256.
keyVaultKeyId String: The ID of the Key Vault Key which should be used to Decrypt/Encrypt this Value.
encryptedData String: The Base64 URL Encoded Encrypted Data which should be decrypted into plain_text_value.
plainTextValue String: The plain-text value which should be Encrypted into encrypted_data.

algorithm string: The Algorithm which should be used to Decrypt/Encrypt this Value. Possible values are RSA1_5, RSA-OAEP and RSA-OAEP-256.
keyVaultKeyId string: The ID of the Key Vault Key which should be used to Decrypt/Encrypt this Value.
encryptedData string: The Base64 URL Encoded Encrypted Data which should be decrypted into plain_text_value.
plainTextValue string: The plain-text value which should be Encrypted into encrypted_data.

algorithm str: The Algorithm which should be used to Decrypt/Encrypt this Value. Possible values are RSA1_5, RSA-OAEP and RSA-OAEP-256.
key_vault_key_id str: The ID of the Key Vault Key which should be used to Decrypt/Encrypt this Value.
encrypted_data str: The Base64 URL Encoded Encrypted Data which should be decrypted into plain_text_value.
plain_text_value str: The plain-text value which should be Encrypted into encrypted_data.

algorithm String: The Algorithm which should be used to Decrypt/Encrypt this Value. Possible values are RSA1_5, RSA-OAEP and RSA-OAEP-256.
keyVaultKeyId String: The ID of the Key Vault Key which should be used to Decrypt/Encrypt this Value.
encryptedData String: The Base64 URL Encoded Encrypted Data which should be decrypted into plain_text_value.
plainTextValue String: The plain-text value which should be Encrypted into encrypted_data.

getEncryptedValue Result

The following output properties are available:

Algorithm string
Id string: The provider-assigned unique ID for this managed resource.
KeyVaultKeyId string
EncryptedData string
PlainTextValue string

Algorithm string
Id string: The provider-assigned unique ID for this managed resource.
KeyVaultKeyId string
EncryptedData string
PlainTextValue string

algorithm String
id String: The provider-assigned unique ID for this managed resource.
keyVaultKeyId String
encryptedData String
plainTextValue String

algorithm string
id string: The provider-assigned unique ID for this managed resource.
keyVaultKeyId string
encryptedData string
plainTextValue string

algorithm str
id str: The provider-assigned unique ID for this managed resource.
key_vault_key_id str
encrypted_data str
plain_text_value str

algorithm String
id String: The provider-assigned unique ID for this managed resource.
keyVaultKeyId String
encryptedData String
plainTextValue String

Package Details

Repository: Azure Classic pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

azure.keyvault.getEncryptedValue

Example Usage

Using getEncryptedValue

getEncryptedValue Result

Package Details

On this page