Docs Home
Google Cloud v9.1.0 published on Saturday, Sep 27, 2025 by Pulumi
gcp.kms.getKMSSecretAsymmetric
Explore with Pulumi AI
This data source allows you to use data encrypted with a Google Cloud KMS asymmetric key within your resource definitions.
For more information see the official documentation.
NOTE: Using this data provider will allow you to conceal secret data within your resource definitions, but it does not take care of protecting that data in the logging output, plan output, or state output. Please take care to secure your secret data outside of resource definitions.
Example Usage
First, create a KMS KeyRing and CryptoKey using the resource definitions:
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const myKeyRing = new gcp.kms.KeyRing("my_key_ring", {
project: "my-project",
name: "my-key-ring",
location: "us-central1",
});
const myCryptoKeyCryptoKey = new gcp.kms.CryptoKey("my_crypto_key", {
name: "my-crypto-key",
keyRing: myKeyRing.id,
purpose: "ASYMMETRIC_DECRYPT",
versionTemplate: {
algorithm: "RSA_DECRYPT_OAEP_4096_SHA256",
},
});
const myCryptoKey = gcp.kms.getKMSCryptoKeyVersionOutput({
cryptoKey: myCryptoKeyCryptoKey.id,
});
import pulumi
import pulumi_gcp as gcp
my_key_ring = gcp.kms.KeyRing("my_key_ring",
project="my-project",
name="my-key-ring",
location="us-central1")
my_crypto_key_crypto_key = gcp.kms.CryptoKey("my_crypto_key",
name="my-crypto-key",
key_ring=my_key_ring.id,
purpose="ASYMMETRIC_DECRYPT",
version_template={
"algorithm": "RSA_DECRYPT_OAEP_4096_SHA256",
})
my_crypto_key = gcp.kms.get_kms_crypto_key_version_output(crypto_key=my_crypto_key_crypto_key.id)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
myKeyRing, err := kms.NewKeyRing(ctx, "my_key_ring", &kms.KeyRingArgs{
Project: pulumi.String("my-project"),
Name: pulumi.String("my-key-ring"),
Location: pulumi.String("us-central1"),
})
if err != nil {
return err
}
myCryptoKeyCryptoKey, err := kms.NewCryptoKey(ctx, "my_crypto_key", &kms.CryptoKeyArgs{
Name: pulumi.String("my-crypto-key"),
KeyRing: myKeyRing.ID(),
Purpose: pulumi.String("ASYMMETRIC_DECRYPT"),
VersionTemplate: &kms.CryptoKeyVersionTemplateArgs{
Algorithm: pulumi.String("RSA_DECRYPT_OAEP_4096_SHA256"),
},
})
if err != nil {
return err
}
_ = kms.GetKMSCryptoKeyVersionOutput(ctx, kms.GetKMSCryptoKeyVersionOutputArgs{
CryptoKey: myCryptoKeyCryptoKey.ID(),
}, nil)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var myKeyRing = new Gcp.Kms.KeyRing("my_key_ring", new()
{
Project = "my-project",
Name = "my-key-ring",
Location = "us-central1",
});
var myCryptoKeyCryptoKey = new Gcp.Kms.CryptoKey("my_crypto_key", new()
{
Name = "my-crypto-key",
KeyRing = myKeyRing.Id,
Purpose = "ASYMMETRIC_DECRYPT",
VersionTemplate = new Gcp.Kms.Inputs.CryptoKeyVersionTemplateArgs
{
Algorithm = "RSA_DECRYPT_OAEP_4096_SHA256",
},
});
var myCryptoKey = Gcp.Kms.GetKMSCryptoKeyVersion.Invoke(new()
{
CryptoKey = myCryptoKeyCryptoKey.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.kms.KeyRing;
import com.pulumi.gcp.kms.KeyRingArgs;
import com.pulumi.gcp.kms.CryptoKey;
import com.pulumi.gcp.kms.CryptoKeyArgs;
import com.pulumi.gcp.kms.inputs.CryptoKeyVersionTemplateArgs;
import com.pulumi.gcp.kms.KmsFunctions;
import com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyVersionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myKeyRing = new KeyRing("myKeyRing", KeyRingArgs.builder()
.project("my-project")
.name("my-key-ring")
.location("us-central1")
.build());
var myCryptoKeyCryptoKey = new CryptoKey("myCryptoKeyCryptoKey", CryptoKeyArgs.builder()
.name("my-crypto-key")
.keyRing(myKeyRing.id())
.purpose("ASYMMETRIC_DECRYPT")
.versionTemplate(CryptoKeyVersionTemplateArgs.builder()
.algorithm("RSA_DECRYPT_OAEP_4096_SHA256")
.build())
.build());
final var myCryptoKey = KmsFunctions.getKMSCryptoKeyVersion(GetKMSCryptoKeyVersionArgs.builder()
.cryptoKey(myCryptoKeyCryptoKey.id())
.build());
}
}
resources:
myKeyRing:
type: gcp:kms:KeyRing
name: my_key_ring
properties:
project: my-project
name: my-key-ring
location: us-central1
myCryptoKeyCryptoKey:
type: gcp:kms:CryptoKey
name: my_crypto_key
properties:
name: my-crypto-key
keyRing: ${myKeyRing.id}
purpose: ASYMMETRIC_DECRYPT
versionTemplate:
algorithm: RSA_DECRYPT_OAEP_4096_SHA256
variables:
myCryptoKey:
fn::invoke:
function: gcp:kms:getKMSCryptoKeyVersion
arguments:
cryptoKey: ${myCryptoKeyCryptoKey.id}
Next, use the Cloud SDK to encrypt some sensitive information:
## get the public key to encrypt the secret with
$ gcloud kms keys versions get-public-key 1 \
--project my-project \
--location us-central1 \
--keyring my-key-ring \
--key my-crypto-key \
--output-file public-key.pem
## encrypt secret with the public key
$ echo -n my-secret-password | \
openssl pkeyutl -in - \
-encrypt \
-pubin \
-inkey public-key.pem \
-pkeyopt rsa_padding_mode:oaep \
-pkeyopt rsa_oaep_md:sha256 \
-pkeyopt rsa_mgf1_md:sha256 > \
my-secret-password.enc
## base64 encode the ciphertext
$ openssl base64 -in my-secret-password.enc
M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq
ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75
4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx
eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs
wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr
LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc
yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1
J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL
IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z
mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9
A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=
## optionally calculate the CRC32 of the ciphertext
$ go get github.com/binxio/crc32
$ $GOPATH/bin/crc32 -polynomial castagnoli < my-secret-password.enc
12c59e54
Finally, reference the encrypted ciphertext in your resource definitions:
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as random from "@pulumi/random";
const sqlUserPassword = gcp.kms.getKMSSecretAsymmetric({
cryptoKeyVersion: myCryptoKey.id,
crc32: "12c59e54",
ciphertext: ` M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq
ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75
4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx
eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs
wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr
LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc
yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1
J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL
IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z
mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9
A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=
`,
});
const dbNameSuffix = new random.RandomId("db_name_suffix", {byteLength: 4});
const main = new gcp.sql.DatabaseInstance("main", {
name: pulumi.interpolate`main-instance-${dbNameSuffix.hex}`,
databaseVersion: "MYSQL_5_7",
settings: {
tier: "db-f1-micro",
},
});
const users = new gcp.sql.User("users", {
name: "me",
instance: main.name,
host: "me.com",
password: sqlUserPasswordGoogleKmsSecret.plaintext,
});
import pulumi
import pulumi_gcp as gcp
import pulumi_random as random
sql_user_password = gcp.kms.get_kms_secret_asymmetric(crypto_key_version=my_crypto_key["id"],
crc32="12c59e54",
ciphertext=""" M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq
ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75
4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx
eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs
wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr
LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc
yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1
J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL
IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z
mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9
A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=
""")
db_name_suffix = random.RandomId("db_name_suffix", byte_length=4)
main = gcp.sql.DatabaseInstance("main",
name=db_name_suffix.hex.apply(lambda hex: f"main-instance-{hex}"),
database_version="MYSQL_5_7",
settings={
"tier": "db-f1-micro",
})
users = gcp.sql.User("users",
name="me",
instance=main.name,
host="me.com",
password=sql_user_password_google_kms_secret["plaintext"])
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/kms"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/sql"
"github.com/pulumi/pulumi-random/sdk/v4/go/random"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := kms.GetKMSSecretAsymmetric(ctx, &kms.GetKMSSecretAsymmetricArgs{
CryptoKeyVersion: myCryptoKey.Id,
Crc32: pulumi.StringRef("12c59e54"),
Ciphertext: ` M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq
ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75
4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx
eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs
wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr
LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc
yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1
J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL
IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z
mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9
A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=
`,
}, nil)
if err != nil {
return err
}
dbNameSuffix, err := random.NewRandomId(ctx, "db_name_suffix", &random.RandomIdArgs{
ByteLength: pulumi.Int(4),
})
if err != nil {
return err
}
main, err := sql.NewDatabaseInstance(ctx, "main", &sql.DatabaseInstanceArgs{
Name: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) {
return fmt.Sprintf("main-instance-%v", hex), nil
}).(pulumi.StringOutput),
DatabaseVersion: pulumi.String("MYSQL_5_7"),
Settings: &sql.DatabaseInstanceSettingsArgs{
Tier: pulumi.String("db-f1-micro"),
},
})
if err != nil {
return err
}
_, err = sql.NewUser(ctx, "users", &sql.UserArgs{
Name: pulumi.String("me"),
Instance: main.Name,
Host: pulumi.String("me.com"),
Password: pulumi.Any(sqlUserPasswordGoogleKmsSecret.Plaintext),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Random = Pulumi.Random;
return await Deployment.RunAsync(() =>
{
var sqlUserPassword = Gcp.Kms.GetKMSSecretAsymmetric.Invoke(new()
{
CryptoKeyVersion = myCryptoKey.Id,
Crc32 = "12c59e54",
Ciphertext = @" M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq
ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75
4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx
eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs
wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr
LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc
yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1
J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL
IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z
mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9
A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=
",
});
var dbNameSuffix = new Random.RandomId("db_name_suffix", new()
{
ByteLength = 4,
});
var main = new Gcp.Sql.DatabaseInstance("main", new()
{
Name = dbNameSuffix.Hex.Apply(hex => $"main-instance-{hex}"),
DatabaseVersion = "MYSQL_5_7",
Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs
{
Tier = "db-f1-micro",
},
});
var users = new Gcp.Sql.User("users", new()
{
Name = "me",
Instance = main.Name,
Host = "me.com",
Password = sqlUserPasswordGoogleKmsSecret.Plaintext,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.kms.KmsFunctions;
import com.pulumi.gcp.kms.inputs.GetKMSSecretAsymmetricArgs;
import com.pulumi.random.RandomId;
import com.pulumi.random.RandomIdArgs;
import com.pulumi.gcp.sql.DatabaseInstance;
import com.pulumi.gcp.sql.DatabaseInstanceArgs;
import com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;
import com.pulumi.gcp.sql.User;
import com.pulumi.gcp.sql.UserArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var sqlUserPassword = KmsFunctions.getKMSSecretAsymmetric(GetKMSSecretAsymmetricArgs.builder()
.cryptoKeyVersion(myCryptoKey.id())
.crc32("12c59e54")
.ciphertext("""
M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq
ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75
4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx
eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs
wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr
LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc
yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1
J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL
IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z
mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9
A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=
""")
.build());
var dbNameSuffix = new RandomId("dbNameSuffix", RandomIdArgs.builder()
.byteLength(4)
.build());
var main = new DatabaseInstance("main", DatabaseInstanceArgs.builder()
.name(dbNameSuffix.hex().applyValue(_hex -> String.format("main-instance-%s", _hex)))
.databaseVersion("MYSQL_5_7")
.settings(DatabaseInstanceSettingsArgs.builder()
.tier("db-f1-micro")
.build())
.build());
var users = new User("users", UserArgs.builder()
.name("me")
.instance(main.name())
.host("me.com")
.password(sqlUserPasswordGoogleKmsSecret.plaintext())
.build());
}
}
resources:
dbNameSuffix:
type: random:RandomId
name: db_name_suffix
properties:
byteLength: 4
main:
type: gcp:sql:DatabaseInstance
properties:
name: main-instance-${dbNameSuffix.hex}
databaseVersion: MYSQL_5_7
settings:
tier: db-f1-micro
users:
type: gcp:sql:User
properties:
name: me
instance: ${main.name}
host: me.com
password: ${sqlUserPasswordGoogleKmsSecret.plaintext}
variables:
sqlUserPassword:
fn::invoke:
function: gcp:kms:getKMSSecretAsymmetric
arguments:
cryptoKeyVersion: ${myCryptoKey.id}
crc32: 12c59e54
ciphertext: |2
M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq
ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75
4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx
eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs
wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr
LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc
yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1
J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL
IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z
mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9
A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=
This will result in a Cloud SQL user being created with password my-secret-password.
Using getKMSSecretAsymmetric
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getKMSSecretAsymmetric(args: GetKMSSecretAsymmetricArgs, opts?: InvokeOptions): Promise<GetKMSSecretAsymmetricResult>
function getKMSSecretAsymmetricOutput(args: GetKMSSecretAsymmetricOutputArgs, opts?: InvokeOptions): Output<GetKMSSecretAsymmetricResult>def get_kms_secret_asymmetric(ciphertext: Optional[str] = None,
crc32: Optional[str] = None,
crypto_key_version: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetKMSSecretAsymmetricResult
def get_kms_secret_asymmetric_output(ciphertext: Optional[pulumi.Input[str]] = None,
crc32: Optional[pulumi.Input[str]] = None,
crypto_key_version: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetKMSSecretAsymmetricResult]func GetKMSSecretAsymmetric(ctx *Context, args *GetKMSSecretAsymmetricArgs, opts ...InvokeOption) (*GetKMSSecretAsymmetricResult, error)
func GetKMSSecretAsymmetricOutput(ctx *Context, args *GetKMSSecretAsymmetricOutputArgs, opts ...InvokeOption) GetKMSSecretAsymmetricResultOutput> Note: This function is named GetKMSSecretAsymmetric in the Go SDK.
public static class GetKMSSecretAsymmetric
{
public static Task<GetKMSSecretAsymmetricResult> InvokeAsync(GetKMSSecretAsymmetricArgs args, InvokeOptions? opts = null)
public static Output<GetKMSSecretAsymmetricResult> Invoke(GetKMSSecretAsymmetricInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetKMSSecretAsymmetricResult> getKMSSecretAsymmetric(GetKMSSecretAsymmetricArgs args, InvokeOptions options)
public static Output<GetKMSSecretAsymmetricResult> getKMSSecretAsymmetric(GetKMSSecretAsymmetricArgs args, InvokeOptions options)
fn::invoke:
function: gcp:kms/getKMSSecretAsymmetric:getKMSSecretAsymmetric
arguments:
# arguments dictionaryThe following arguments are supported:
- Ciphertext string
- The ciphertext to be decrypted, encoded in base64
- Crypto
Key stringVersion - The id of the CryptoKey version that will be used to
decrypt the provided ciphertext. This is represented by the format
projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}/cryptoKeyVersions/{version}. - Crc32 string
- The crc32 checksum of the
ciphertextin hexadecimal notation. If not specified, it will be computed.
- Ciphertext string
- The ciphertext to be decrypted, encoded in base64
- Crypto
Key stringVersion - The id of the CryptoKey version that will be used to
decrypt the provided ciphertext. This is represented by the format
projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}/cryptoKeyVersions/{version}. - Crc32 string
- The crc32 checksum of the
ciphertextin hexadecimal notation. If not specified, it will be computed.
- ciphertext String
- The ciphertext to be decrypted, encoded in base64
- crypto
Key StringVersion - The id of the CryptoKey version that will be used to
decrypt the provided ciphertext. This is represented by the format
projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}/cryptoKeyVersions/{version}. - crc32 String
- The crc32 checksum of the
ciphertextin hexadecimal notation. If not specified, it will be computed.
- ciphertext string
- The ciphertext to be decrypted, encoded in base64
- crypto
Key stringVersion - The id of the CryptoKey version that will be used to
decrypt the provided ciphertext. This is represented by the format
projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}/cryptoKeyVersions/{version}. - crc32 string
- The crc32 checksum of the
ciphertextin hexadecimal notation. If not specified, it will be computed.
- ciphertext str
- The ciphertext to be decrypted, encoded in base64
- crypto_
key_ strversion - The id of the CryptoKey version that will be used to
decrypt the provided ciphertext. This is represented by the format
projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}/cryptoKeyVersions/{version}. - crc32 str
- The crc32 checksum of the
ciphertextin hexadecimal notation. If not specified, it will be computed.
- ciphertext String
- The ciphertext to be decrypted, encoded in base64
- crypto
Key StringVersion - The id of the CryptoKey version that will be used to
decrypt the provided ciphertext. This is represented by the format
projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}/cryptoKeyVersions/{version}. - crc32 String
- The crc32 checksum of the
ciphertextin hexadecimal notation. If not specified, it will be computed.
getKMSSecretAsymmetric Result
The following output properties are available:
- Ciphertext string
- Crypto
Key stringVersion - Id string
- The provider-assigned unique ID for this managed resource.
- Plaintext string
- Contains the result of decrypting the provided ciphertext.
- Crc32 string
- Contains the crc32 checksum of the provided ciphertext.
- Ciphertext string
- Crypto
Key stringVersion - Id string
- The provider-assigned unique ID for this managed resource.
- Plaintext string
- Contains the result of decrypting the provided ciphertext.
- Crc32 string
- Contains the crc32 checksum of the provided ciphertext.
- ciphertext String
- crypto
Key StringVersion - id String
- The provider-assigned unique ID for this managed resource.
- plaintext String
- Contains the result of decrypting the provided ciphertext.
- crc32 String
- Contains the crc32 checksum of the provided ciphertext.
- ciphertext string
- crypto
Key stringVersion - id string
- The provider-assigned unique ID for this managed resource.
- plaintext string
- Contains the result of decrypting the provided ciphertext.
- crc32 string
- Contains the crc32 checksum of the provided ciphertext.
- ciphertext str
- crypto_
key_ strversion - id str
- The provider-assigned unique ID for this managed resource.
- plaintext str
- Contains the result of decrypting the provided ciphertext.
- crc32 str
- Contains the crc32 checksum of the provided ciphertext.
- ciphertext String
- crypto
Key StringVersion - id String
- The provider-assigned unique ID for this managed resource.
- plaintext String
- Contains the result of decrypting the provided ciphertext.
- crc32 String
- Contains the crc32 checksum of the provided ciphertext.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.