Docs
Packagesgcp.kms.getKMSSecret
Explore with Pulumi AI
This data source allows you to use data encrypted with Google Cloud KMS within your resource definitions.
For more information see the official documentation.
NOTE: Using this data provider will allow you to conceal secret data within your resource definitions, but it does not take care of protecting that data in the logging output, plan output, or state output. Please take care to secure your secret data outside of resource definitions.
Using getKMSSecret
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getKMSSecret(args: GetKMSSecretArgs, opts?: InvokeOptions): Promise<GetKMSSecretResult>
function getKMSSecretOutput(args: GetKMSSecretOutputArgs, opts?: InvokeOptions): Output<GetKMSSecretResult>def get_kms_secret(additional_authenticated_data: Optional[str] = None,
ciphertext: Optional[str] = None,
crypto_key: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetKMSSecretResult
def get_kms_secret_output(additional_authenticated_data: Optional[pulumi.Input[str]] = None,
ciphertext: Optional[pulumi.Input[str]] = None,
crypto_key: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetKMSSecretResult]func GetKMSSecret(ctx *Context, args *GetKMSSecretArgs, opts ...InvokeOption) (*GetKMSSecretResult, error)
func GetKMSSecretOutput(ctx *Context, args *GetKMSSecretOutputArgs, opts ...InvokeOption) GetKMSSecretResultOutput> Note: This function is named GetKMSSecret in the Go SDK.
public static class GetKMSSecret
{
public static Task<GetKMSSecretResult> InvokeAsync(GetKMSSecretArgs args, InvokeOptions? opts = null)
public static Output<GetKMSSecretResult> Invoke(GetKMSSecretInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetKMSSecretResult> getKMSSecret(GetKMSSecretArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: gcp:kms/getKMSSecret:getKMSSecret
arguments:
# arguments dictionaryThe following arguments are supported:
- Ciphertext string
The ciphertext to be decrypted, encoded in base64
- Crypto
Key string The id of the CryptoKey that will be used to decrypt the provided ciphertext. This is represented by the format
{projectId}/{location}/{keyRingName}/{cryptoKeyName}.- Additional
Authenticated stringData The additional authenticated data used for integrity checks during encryption and decryption.
- Ciphertext string
The ciphertext to be decrypted, encoded in base64
- Crypto
Key string The id of the CryptoKey that will be used to decrypt the provided ciphertext. This is represented by the format
{projectId}/{location}/{keyRingName}/{cryptoKeyName}.- Additional
Authenticated stringData The additional authenticated data used for integrity checks during encryption and decryption.
- ciphertext String
The ciphertext to be decrypted, encoded in base64
- crypto
Key String The id of the CryptoKey that will be used to decrypt the provided ciphertext. This is represented by the format
{projectId}/{location}/{keyRingName}/{cryptoKeyName}.- additional
Authenticated StringData The additional authenticated data used for integrity checks during encryption and decryption.
- ciphertext string
The ciphertext to be decrypted, encoded in base64
- crypto
Key string The id of the CryptoKey that will be used to decrypt the provided ciphertext. This is represented by the format
{projectId}/{location}/{keyRingName}/{cryptoKeyName}.- additional
Authenticated stringData The additional authenticated data used for integrity checks during encryption and decryption.
- ciphertext str
The ciphertext to be decrypted, encoded in base64
- crypto_
key str The id of the CryptoKey that will be used to decrypt the provided ciphertext. This is represented by the format
{projectId}/{location}/{keyRingName}/{cryptoKeyName}.- additional_
authenticated_ strdata The additional authenticated data used for integrity checks during encryption and decryption.
- ciphertext String
The ciphertext to be decrypted, encoded in base64
- crypto
Key String The id of the CryptoKey that will be used to decrypt the provided ciphertext. This is represented by the format
{projectId}/{location}/{keyRingName}/{cryptoKeyName}.- additional
Authenticated StringData The additional authenticated data used for integrity checks during encryption and decryption.
getKMSSecret Result
The following output properties are available:
- Ciphertext string
- Crypto
Key string - Id string
The provider-assigned unique ID for this managed resource.
- Plaintext string
Contains the result of decrypting the provided ciphertext.
- Additional
Authenticated stringData
- Ciphertext string
- Crypto
Key string - Id string
The provider-assigned unique ID for this managed resource.
- Plaintext string
Contains the result of decrypting the provided ciphertext.
- Additional
Authenticated stringData
- ciphertext String
- crypto
Key String - id String
The provider-assigned unique ID for this managed resource.
- plaintext String
Contains the result of decrypting the provided ciphertext.
- additional
Authenticated StringData
- ciphertext string
- crypto
Key string - id string
The provider-assigned unique ID for this managed resource.
- plaintext string
Contains the result of decrypting the provided ciphertext.
- additional
Authenticated stringData
- ciphertext str
- crypto_
key str - id str
The provider-assigned unique ID for this managed resource.
- plaintext str
Contains the result of decrypting the provided ciphertext.
- additional_
authenticated_ strdata
- ciphertext String
- crypto
Key String - id String
The provider-assigned unique ID for this managed resource.
- plaintext String
Contains the result of decrypting the provided ciphertext.
- additional
Authenticated StringData
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
google-betaTerraform Provider.