gcp.kms.getKMSSecretAsymmetric
Explore with Pulumi AI
get the public key to encrypt the secret with
$ gcloud kms keys versions get-public-key 1
–project my-project
–location us-central1
–keyring my-key-ring
–key my-crypto-key
–output-file public-key.pem
encrypt secret with the public key
$ echo -n my-secret-password |
openssl pkeyutl -in -
-encrypt
-pubin
-inkey public-key.pem
-pkeyopt rsa_padding_mode:oaep
-pkeyopt rsa_oaep_md:sha256
-pkeyopt rsa_mgf1_md:sha256 >
my-secret-password.enc
base64 encode the ciphertext
$ openssl base64 -in my-secret-password.enc M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75 4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1 J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9 A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=
Using getKMSSecretAsymmetric
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getKMSSecretAsymmetric(args: GetKMSSecretAsymmetricArgs, opts?: InvokeOptions): Promise<GetKMSSecretAsymmetricResult>
function getKMSSecretAsymmetricOutput(args: GetKMSSecretAsymmetricOutputArgs, opts?: InvokeOptions): Output<GetKMSSecretAsymmetricResult>
def get_kms_secret_asymmetric(ciphertext: Optional[str] = None,
crc32: Optional[str] = None,
crypto_key_version: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetKMSSecretAsymmetricResult
def get_kms_secret_asymmetric_output(ciphertext: Optional[pulumi.Input[str]] = None,
crc32: Optional[pulumi.Input[str]] = None,
crypto_key_version: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetKMSSecretAsymmetricResult]
func GetKMSSecretAsymmetric(ctx *Context, args *GetKMSSecretAsymmetricArgs, opts ...InvokeOption) (*GetKMSSecretAsymmetricResult, error)
func GetKMSSecretAsymmetricOutput(ctx *Context, args *GetKMSSecretAsymmetricOutputArgs, opts ...InvokeOption) GetKMSSecretAsymmetricResultOutput
> Note: This function is named GetKMSSecretAsymmetric
in the Go SDK.
public static class GetKMSSecretAsymmetric
{
public static Task<GetKMSSecretAsymmetricResult> InvokeAsync(GetKMSSecretAsymmetricArgs args, InvokeOptions? opts = null)
public static Output<GetKMSSecretAsymmetricResult> Invoke(GetKMSSecretAsymmetricInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetKMSSecretAsymmetricResult> getKMSSecretAsymmetric(GetKMSSecretAsymmetricArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: gcp:kms/getKMSSecretAsymmetric:getKMSSecretAsymmetric
arguments:
# arguments dictionary
The following arguments are supported:
- Ciphertext string
The ciphertext to be decrypted, encoded in base64
- Crypto
Key stringVersion The id of the CryptoKey version that will be used to decrypt the provided ciphertext. This is represented by the format
projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}/cryptoKeyVersions/{version}
.- Crc32 string
The crc32 checksum of the
ciphertext
in hexadecimal notation. If not specified, it will be computed.
- Ciphertext string
The ciphertext to be decrypted, encoded in base64
- Crypto
Key stringVersion The id of the CryptoKey version that will be used to decrypt the provided ciphertext. This is represented by the format
projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}/cryptoKeyVersions/{version}
.- Crc32 string
The crc32 checksum of the
ciphertext
in hexadecimal notation. If not specified, it will be computed.
- ciphertext String
The ciphertext to be decrypted, encoded in base64
- crypto
Key StringVersion The id of the CryptoKey version that will be used to decrypt the provided ciphertext. This is represented by the format
projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}/cryptoKeyVersions/{version}
.- crc32 String
The crc32 checksum of the
ciphertext
in hexadecimal notation. If not specified, it will be computed.
- ciphertext string
The ciphertext to be decrypted, encoded in base64
- crypto
Key stringVersion The id of the CryptoKey version that will be used to decrypt the provided ciphertext. This is represented by the format
projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}/cryptoKeyVersions/{version}
.- crc32 string
The crc32 checksum of the
ciphertext
in hexadecimal notation. If not specified, it will be computed.
- ciphertext str
The ciphertext to be decrypted, encoded in base64
- crypto_
key_ strversion The id of the CryptoKey version that will be used to decrypt the provided ciphertext. This is represented by the format
projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}/cryptoKeyVersions/{version}
.- crc32 str
The crc32 checksum of the
ciphertext
in hexadecimal notation. If not specified, it will be computed.
- ciphertext String
The ciphertext to be decrypted, encoded in base64
- crypto
Key StringVersion The id of the CryptoKey version that will be used to decrypt the provided ciphertext. This is represented by the format
projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}/cryptoKeyVersions/{version}
.- crc32 String
The crc32 checksum of the
ciphertext
in hexadecimal notation. If not specified, it will be computed.
getKMSSecretAsymmetric Result
The following output properties are available:
- Ciphertext string
- Crypto
Key stringVersion - Id string
The provider-assigned unique ID for this managed resource.
- Plaintext string
Contains the result of decrypting the provided ciphertext.
- Crc32 string
Contains the crc32 checksum of the provided ciphertext.
- Ciphertext string
- Crypto
Key stringVersion - Id string
The provider-assigned unique ID for this managed resource.
- Plaintext string
Contains the result of decrypting the provided ciphertext.
- Crc32 string
Contains the crc32 checksum of the provided ciphertext.
- ciphertext String
- crypto
Key StringVersion - id String
The provider-assigned unique ID for this managed resource.
- plaintext String
Contains the result of decrypting the provided ciphertext.
- crc32 String
Contains the crc32 checksum of the provided ciphertext.
- ciphertext string
- crypto
Key stringVersion - id string
The provider-assigned unique ID for this managed resource.
- plaintext string
Contains the result of decrypting the provided ciphertext.
- crc32 string
Contains the crc32 checksum of the provided ciphertext.
- ciphertext str
- crypto_
key_ strversion - id str
The provider-assigned unique ID for this managed resource.
- plaintext str
Contains the result of decrypting the provided ciphertext.
- crc32 str
Contains the crc32 checksum of the provided ciphertext.
- ciphertext String
- crypto
Key StringVersion - id String
The provider-assigned unique ID for this managed resource.
- plaintext String
Contains the result of decrypting the provided ciphertext.
- crc32 String
Contains the crc32 checksum of the provided ciphertext.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
google-beta
Terraform Provider.