Secret
data class SecretCiphertextArgs(val additionalAuthenticatedData: Output<String>? = null, val cryptoKey: Output<String>? = null, val plaintext: Output<String>? = null) : ConvertibleToJava<SecretCiphertextArgs>
Encrypts secret data with Google Cloud KMS and provides access to the ciphertext.
NOTE: Using this resource will allow you to conceal secret data within your resource definitions, but it does not take care of protecting that data in the logging output, plan output, or state output. Please take care to secure your secret data outside of resource definitions. To get more information about SecretCiphertext, see:
Warning: All arguments including
plaintextandadditional_authenticated_datawill be stored in the raw state as plain-text.
Example Usage
Kms Secret Ciphertext Basic
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.kms.KeyRing;
import com.pulumi.gcp.kms.KeyRingArgs;
import com.pulumi.gcp.kms.CryptoKey;
import com.pulumi.gcp.kms.CryptoKeyArgs;
import com.pulumi.gcp.kms.SecretCiphertext;
import com.pulumi.gcp.kms.SecretCiphertextArgs;
import com.pulumi.gcp.compute.Instance;
import com.pulumi.gcp.compute.InstanceArgs;
import com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;
import com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;
import com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var keyring = new KeyRing("keyring", KeyRingArgs.builder()
.location("global")
.build());
var cryptokey = new CryptoKey("cryptokey", CryptoKeyArgs.builder()
.keyRing(keyring.id())
.rotationPeriod("100000s")
.build());
var myPassword = new SecretCiphertext("myPassword", SecretCiphertextArgs.builder()
.cryptoKey(cryptokey.id())
.plaintext("my-secret-password")
.build());
var instance = new Instance("instance", InstanceArgs.builder()
.machineType("e2-medium")
.zone("us-central1-a")
.bootDisk(InstanceBootDiskArgs.builder()
.initializeParams(InstanceBootDiskInitializeParamsArgs.builder()
.image("debian-cloud/debian-11")
.build())
.build())
.networkInterfaces(InstanceNetworkInterfaceArgs.builder()
.network("default")
.accessConfigs()
.build())
.metadata(Map.of("password", myPassword.ciphertext()))
.build());
}
}Content copied to clipboard
Import
This resource does not support import.