Google Cloud (GCP) Classic

Pulumi Official
Package maintained by Pulumi
v6.32.0 published on Wednesday, Jul 20, 2022 by Pulumi

getKMSSecretAsymmetric

get the public key to encrypt the secret with

$ gcloud kms keys versions get-public-key 1
–project my-project
–location us-central1
–keyring my-key-ring
–key my-crypto-key
–output-file public-key.pem

encrypt secret with the public key

$ echo -n my-secret-password |
openssl pkeyutl -in -
-encrypt
-pubin
-inkey public-key.pem
-pkeyopt rsa_padding_mode:oaep
-pkeyopt rsa_oaep_md:sha256
-pkeyopt rsa_mgf1_md:sha256 >
my-secret-password.enc

base64 encode the ciphertext

$ openssl base64 -in my-secret-password.enc M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75 4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1 J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9 A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=

Using getKMSSecretAsymmetric

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getKMSSecretAsymmetric(args: GetKMSSecretAsymmetricArgs, opts?: InvokeOptions): Promise<GetKMSSecretAsymmetricResult>
function getKMSSecretAsymmetricOutput(args: GetKMSSecretAsymmetricOutputArgs, opts?: InvokeOptions): Output<GetKMSSecretAsymmetricResult>
def get_kms_secret_asymmetric(ciphertext: Optional[str] = None,
                              crc32: Optional[str] = None,
                              crypto_key_version: Optional[str] = None,
                              opts: Optional[InvokeOptions] = None) -> GetKMSSecretAsymmetricResult
def get_kms_secret_asymmetric_output(ciphertext: Optional[pulumi.Input[str]] = None,
                              crc32: Optional[pulumi.Input[str]] = None,
                              crypto_key_version: Optional[pulumi.Input[str]] = None,
                              opts: Optional[InvokeOptions] = None) -> Output[GetKMSSecretAsymmetricResult]
func GetKMSSecretAsymmetric(ctx *Context, args *GetKMSSecretAsymmetricArgs, opts ...InvokeOption) (*GetKMSSecretAsymmetricResult, error)
func GetKMSSecretAsymmetricOutput(ctx *Context, args *GetKMSSecretAsymmetricOutputArgs, opts ...InvokeOption) GetKMSSecretAsymmetricResultOutput

> Note: This function is named GetKMSSecretAsymmetric in the Go SDK.

public static class GetKMSSecretAsymmetric 
{
    public static Task<GetKMSSecretAsymmetricResult> InvokeAsync(GetKMSSecretAsymmetricArgs args, InvokeOptions? opts = null)
    public static Output<GetKMSSecretAsymmetricResult> Invoke(GetKMSSecretAsymmetricInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetKMSSecretAsymmetricResult> getKMSSecretAsymmetric(GetKMSSecretAsymmetricArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
Fn::Invoke:
  Function: gcp:kms/getKMSSecretAsymmetric:getKMSSecretAsymmetric
  Arguments:
    # Arguments dictionary

The following arguments are supported:

Ciphertext string

The ciphertext to be decrypted, encoded in base64

CryptoKeyVersion string

The id of the CryptoKey version that will be used to decrypt the provided ciphertext. This is represented by the format projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}/cryptoKeyVersions/{version}.

Crc32 string

The crc32 checksum of the ciphertext in hexadecimal notation. If not specified, it will be computed.

Ciphertext string

The ciphertext to be decrypted, encoded in base64

CryptoKeyVersion string

The id of the CryptoKey version that will be used to decrypt the provided ciphertext. This is represented by the format projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}/cryptoKeyVersions/{version}.

Crc32 string

The crc32 checksum of the ciphertext in hexadecimal notation. If not specified, it will be computed.

ciphertext String

The ciphertext to be decrypted, encoded in base64

cryptoKeyVersion String

The id of the CryptoKey version that will be used to decrypt the provided ciphertext. This is represented by the format projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}/cryptoKeyVersions/{version}.

crc32 String

The crc32 checksum of the ciphertext in hexadecimal notation. If not specified, it will be computed.

ciphertext string

The ciphertext to be decrypted, encoded in base64

cryptoKeyVersion string

The id of the CryptoKey version that will be used to decrypt the provided ciphertext. This is represented by the format projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}/cryptoKeyVersions/{version}.

crc32 string

The crc32 checksum of the ciphertext in hexadecimal notation. If not specified, it will be computed.

ciphertext str

The ciphertext to be decrypted, encoded in base64

crypto_key_version str

The id of the CryptoKey version that will be used to decrypt the provided ciphertext. This is represented by the format projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}/cryptoKeyVersions/{version}.

crc32 str

The crc32 checksum of the ciphertext in hexadecimal notation. If not specified, it will be computed.

ciphertext String

The ciphertext to be decrypted, encoded in base64

cryptoKeyVersion String

The id of the CryptoKey version that will be used to decrypt the provided ciphertext. This is represented by the format projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}/cryptoKeyVersions/{version}.

crc32 String

The crc32 checksum of the ciphertext in hexadecimal notation. If not specified, it will be computed.

getKMSSecretAsymmetric Result

The following output properties are available:

Ciphertext string
CryptoKeyVersion string
Id string

The provider-assigned unique ID for this managed resource.

Plaintext string

Contains the result of decrypting the provided ciphertext.

Crc32 string

Contains the crc32 checksum of the provided ciphertext.

Ciphertext string
CryptoKeyVersion string
Id string

The provider-assigned unique ID for this managed resource.

Plaintext string

Contains the result of decrypting the provided ciphertext.

Crc32 string

Contains the crc32 checksum of the provided ciphertext.

ciphertext String
cryptoKeyVersion String
id String

The provider-assigned unique ID for this managed resource.

plaintext String

Contains the result of decrypting the provided ciphertext.

crc32 String

Contains the crc32 checksum of the provided ciphertext.

ciphertext string
cryptoKeyVersion string
id string

The provider-assigned unique ID for this managed resource.

plaintext string

Contains the result of decrypting the provided ciphertext.

crc32 string

Contains the crc32 checksum of the provided ciphertext.

ciphertext str
crypto_key_version str
id str

The provider-assigned unique ID for this managed resource.

plaintext str

Contains the result of decrypting the provided ciphertext.

crc32 str

Contains the crc32 checksum of the provided ciphertext.

ciphertext String
cryptoKeyVersion String
id String

The provider-assigned unique ID for this managed resource.

plaintext String

Contains the result of decrypting the provided ciphertext.

crc32 String

Contains the crc32 checksum of the provided ciphertext.

Package Details

Repository
https://github.com/pulumi/pulumi-gcp
License
Apache-2.0
Notes

This Pulumi package is based on the google-beta Terraform Provider.