com.pulumi.gcp.kms.kotlin.KmsFunctions.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.kms.kotlin
import com.pulumi.gcp.kms.KmsFunctions.getCryptoKeyIamPolicyPlain
import com.pulumi.gcp.kms.KmsFunctions.getKMSCryptoKeyPlain
import com.pulumi.gcp.kms.KmsFunctions.getKMSCryptoKeyVersionPlain
import com.pulumi.gcp.kms.KmsFunctions.getKMSKeyRingPlain
import com.pulumi.gcp.kms.KmsFunctions.getKMSSecretAsymmetricPlain
import com.pulumi.gcp.kms.KmsFunctions.getKMSSecretCiphertextPlain
import com.pulumi.gcp.kms.KmsFunctions.getKMSSecretPlain
import com.pulumi.gcp.kms.KmsFunctions.getKeyRingIamPolicyPlain
import com.pulumi.gcp.kms.kotlin.inputs.GetCryptoKeyIamPolicyPlainArgs
import com.pulumi.gcp.kms.kotlin.inputs.GetCryptoKeyIamPolicyPlainArgsBuilder
import com.pulumi.gcp.kms.kotlin.inputs.GetKMSCryptoKeyPlainArgs
import com.pulumi.gcp.kms.kotlin.inputs.GetKMSCryptoKeyPlainArgsBuilder
import com.pulumi.gcp.kms.kotlin.inputs.GetKMSCryptoKeyVersionPlainArgs
import com.pulumi.gcp.kms.kotlin.inputs.GetKMSCryptoKeyVersionPlainArgsBuilder
import com.pulumi.gcp.kms.kotlin.inputs.GetKMSKeyRingPlainArgs
import com.pulumi.gcp.kms.kotlin.inputs.GetKMSKeyRingPlainArgsBuilder
import com.pulumi.gcp.kms.kotlin.inputs.GetKMSSecretAsymmetricPlainArgs
import com.pulumi.gcp.kms.kotlin.inputs.GetKMSSecretAsymmetricPlainArgsBuilder
import com.pulumi.gcp.kms.kotlin.inputs.GetKMSSecretCiphertextPlainArgs
import com.pulumi.gcp.kms.kotlin.inputs.GetKMSSecretCiphertextPlainArgsBuilder
import com.pulumi.gcp.kms.kotlin.inputs.GetKMSSecretPlainArgs
import com.pulumi.gcp.kms.kotlin.inputs.GetKMSSecretPlainArgsBuilder
import com.pulumi.gcp.kms.kotlin.inputs.GetKeyRingIamPolicyPlainArgs
import com.pulumi.gcp.kms.kotlin.inputs.GetKeyRingIamPolicyPlainArgsBuilder
import com.pulumi.gcp.kms.kotlin.outputs.GetCryptoKeyIamPolicyResult
import com.pulumi.gcp.kms.kotlin.outputs.GetKMSCryptoKeyResult
import com.pulumi.gcp.kms.kotlin.outputs.GetKMSCryptoKeyVersionResult
import com.pulumi.gcp.kms.kotlin.outputs.GetKMSKeyRingResult
import com.pulumi.gcp.kms.kotlin.outputs.GetKMSSecretAsymmetricResult
import com.pulumi.gcp.kms.kotlin.outputs.GetKMSSecretCiphertextResult
import com.pulumi.gcp.kms.kotlin.outputs.GetKMSSecretResult
import com.pulumi.gcp.kms.kotlin.outputs.GetKeyRingIamPolicyResult
import kotlinx.coroutines.future.await
import kotlin.Int
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import com.pulumi.gcp.kms.kotlin.outputs.GetCryptoKeyIamPolicyResult.Companion.toKotlin as getCryptoKeyIamPolicyResultToKotlin
import com.pulumi.gcp.kms.kotlin.outputs.GetKMSCryptoKeyResult.Companion.toKotlin as getKMSCryptoKeyResultToKotlin
import com.pulumi.gcp.kms.kotlin.outputs.GetKMSCryptoKeyVersionResult.Companion.toKotlin as getKMSCryptoKeyVersionResultToKotlin
import com.pulumi.gcp.kms.kotlin.outputs.GetKMSKeyRingResult.Companion.toKotlin as getKMSKeyRingResultToKotlin
import com.pulumi.gcp.kms.kotlin.outputs.GetKMSSecretAsymmetricResult.Companion.toKotlin as getKMSSecretAsymmetricResultToKotlin
import com.pulumi.gcp.kms.kotlin.outputs.GetKMSSecretCiphertextResult.Companion.toKotlin as getKMSSecretCiphertextResultToKotlin
import com.pulumi.gcp.kms.kotlin.outputs.GetKMSSecretResult.Companion.toKotlin as getKMSSecretResultToKotlin
import com.pulumi.gcp.kms.kotlin.outputs.GetKeyRingIamPolicyResult.Companion.toKotlin as getKeyRingIamPolicyResultToKotlin
public object KmsFunctions {
/**
* Retrieves the current IAM policy data for a Google Cloud KMS crypto key.
* ## example
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const foo = gcp.kms.getCryptoKeyIamPolicy({
* cryptoKeyId: cryptoKey.id,
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* foo = gcp.kms.get_crypto_key_iam_policy(crypto_key_id=crypto_key["id"])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var foo = Gcp.Kms.GetCryptoKeyIamPolicy.Invoke(new()
* {
* CryptoKeyId = cryptoKey.Id,
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := kms.GetCryptoKeyIamPolicy(ctx, &kms.GetCryptoKeyIamPolicyArgs{
* CryptoKeyId: cryptoKey.Id,
* }, nil)
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.kms.KmsFunctions;
* import com.pulumi.gcp.kms.inputs.GetCryptoKeyIamPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var foo = KmsFunctions.getCryptoKeyIamPolicy(GetCryptoKeyIamPolicyArgs.builder()
* .cryptoKeyId(cryptoKey.id())
* .build());
* }
* }
* ```
* ```yaml
* variables:
* foo:
* fn::invoke:
* Function: gcp:kms:getCryptoKeyIamPolicy
* Arguments:
* cryptoKeyId: ${cryptoKey.id}
* ```
*
* @param argument A collection of arguments for invoking getCryptoKeyIamPolicy.
* @return A collection of values returned by getCryptoKeyIamPolicy.
*/
public suspend fun getCryptoKeyIamPolicy(argument: GetCryptoKeyIamPolicyPlainArgs): GetCryptoKeyIamPolicyResult =
getCryptoKeyIamPolicyResultToKotlin(getCryptoKeyIamPolicyPlain(argument.toJava()).await())
/**
* @see [getCryptoKeyIamPolicy].
* @param cryptoKeyId The crypto key ID, in the form
* @return A collection of values returned by getCryptoKeyIamPolicy.
*/
public suspend fun getCryptoKeyIamPolicy(cryptoKeyId: String): GetCryptoKeyIamPolicyResult {
val argument = GetCryptoKeyIamPolicyPlainArgs(
cryptoKeyId = cryptoKeyId,
)
return getCryptoKeyIamPolicyResultToKotlin(getCryptoKeyIamPolicyPlain(argument.toJava()).await())
}
/**
* @see [getCryptoKeyIamPolicy].
* @param argument Builder for [com.pulumi.gcp.kms.kotlin.inputs.GetCryptoKeyIamPolicyPlainArgs].
* @return A collection of values returned by getCryptoKeyIamPolicy.
*/
public suspend fun getCryptoKeyIamPolicy(argument: suspend GetCryptoKeyIamPolicyPlainArgsBuilder.() -> Unit): GetCryptoKeyIamPolicyResult {
val builder = GetCryptoKeyIamPolicyPlainArgsBuilder()
builder.argument()
val builtArgument = builder.build()
return getCryptoKeyIamPolicyResultToKotlin(getCryptoKeyIamPolicyPlain(builtArgument.toJava()).await())
}
/**
* Provides access to a Google Cloud Platform KMS CryptoKey. For more information see
* [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key)
* and
* [API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys).
* A CryptoKey is an interface to key material which can be used to encrypt and decrypt data. A CryptoKey belongs to a
* Google Cloud KMS KeyRing.
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const myKeyRing = gcp.kms.getKMSKeyRing({
* name: "my-key-ring",
* location: "us-central1",
* });
* const myCryptoKey = myKeyRing.then(myKeyRing => gcp.kms.getKMSCryptoKey({
* name: "my-crypto-key",
* keyRing: myKeyRing.id,
* }));
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* my_key_ring = gcp.kms.get_kms_key_ring(name="my-key-ring",
* location="us-central1")
* my_crypto_key = gcp.kms.get_kms_crypto_key(name="my-crypto-key",
* key_ring=my_key_ring.id)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var myKeyRing = Gcp.Kms.GetKMSKeyRing.Invoke(new()
* {
* Name = "my-key-ring",
* Location = "us-central1",
* });
* var myCryptoKey = Gcp.Kms.GetKMSCryptoKey.Invoke(new()
* {
* Name = "my-crypto-key",
* KeyRing = myKeyRing.Apply(getKMSKeyRingResult => getKMSKeyRingResult.Id),
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* myKeyRing, err := kms.GetKMSKeyRing(ctx, &kms.GetKMSKeyRingArgs{
* Name: "my-key-ring",
* Location: "us-central1",
* }, nil)
* if err != nil {
* return err
* }
* _, err = kms.GetKMSCryptoKey(ctx, &kms.GetKMSCryptoKeyArgs{
* Name: "my-crypto-key",
* KeyRing: myKeyRing.Id,
* }, nil)
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.kms.KmsFunctions;
* import com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;
* import com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var myKeyRing = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()
* .name("my-key-ring")
* .location("us-central1")
* .build());
* final var myCryptoKey = KmsFunctions.getKMSCryptoKey(GetKMSCryptoKeyArgs.builder()
* .name("my-crypto-key")
* .keyRing(myKeyRing.applyValue(getKMSKeyRingResult -> getKMSKeyRingResult.id()))
* .build());
* }
* }
* ```
* ```yaml
* variables:
* myKeyRing:
* fn::invoke:
* Function: gcp:kms:getKMSKeyRing
* Arguments:
* name: my-key-ring
* location: us-central1
* myCryptoKey:
* fn::invoke:
* Function: gcp:kms:getKMSCryptoKey
* Arguments:
* name: my-crypto-key
* keyRing: ${myKeyRing.id}
* ```
*
* @param argument A collection of arguments for invoking getKMSCryptoKey.
* @return A collection of values returned by getKMSCryptoKey.
*/
public suspend fun getKMSCryptoKey(argument: GetKMSCryptoKeyPlainArgs): GetKMSCryptoKeyResult =
getKMSCryptoKeyResultToKotlin(getKMSCryptoKeyPlain(argument.toJava()).await())
/**
* @see [getKMSCryptoKey].
* @param keyRing The `id` of the Google Cloud Platform KeyRing to which the key belongs.
* @param name The CryptoKey's name.
* A CryptoKey’s name belonging to the specified Google Cloud Platform KeyRing and match the regular expression `[a-zA-Z0-9_-]{1,63}`
* @return A collection of values returned by getKMSCryptoKey.
*/
public suspend fun getKMSCryptoKey(keyRing: String, name: String): GetKMSCryptoKeyResult {
val argument = GetKMSCryptoKeyPlainArgs(
keyRing = keyRing,
name = name,
)
return getKMSCryptoKeyResultToKotlin(getKMSCryptoKeyPlain(argument.toJava()).await())
}
/**
* @see [getKMSCryptoKey].
* @param argument Builder for [com.pulumi.gcp.kms.kotlin.inputs.GetKMSCryptoKeyPlainArgs].
* @return A collection of values returned by getKMSCryptoKey.
*/
public suspend fun getKMSCryptoKey(argument: suspend GetKMSCryptoKeyPlainArgsBuilder.() -> Unit): GetKMSCryptoKeyResult {
val builder = GetKMSCryptoKeyPlainArgsBuilder()
builder.argument()
val builtArgument = builder.build()
return getKMSCryptoKeyResultToKotlin(getKMSCryptoKeyPlain(builtArgument.toJava()).await())
}
/**
* Provides access to a Google Cloud Platform KMS CryptoKeyVersion. For more information see
* [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_version)
* and
* [API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys.cryptoKeyVersions).
* A CryptoKeyVersion represents an individual cryptographic key, and the associated key material.
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const myKeyRing = gcp.kms.getKMSKeyRing({
* name: "my-key-ring",
* location: "us-central1",
* });
* const myCryptoKey = myKeyRing.then(myKeyRing => gcp.kms.getKMSCryptoKey({
* name: "my-crypto-key",
* keyRing: myKeyRing.id,
* }));
* const myCryptoKeyVersion = gcp.kms.getKMSCryptoKeyVersion({
* cryptoKey: myKey.id,
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* my_key_ring = gcp.kms.get_kms_key_ring(name="my-key-ring",
* location="us-central1")
* my_crypto_key = gcp.kms.get_kms_crypto_key(name="my-crypto-key",
* key_ring=my_key_ring.id)
* my_crypto_key_version = gcp.kms.get_kms_crypto_key_version(crypto_key=my_key["id"])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var myKeyRing = Gcp.Kms.GetKMSKeyRing.Invoke(new()
* {
* Name = "my-key-ring",
* Location = "us-central1",
* });
* var myCryptoKey = Gcp.Kms.GetKMSCryptoKey.Invoke(new()
* {
* Name = "my-crypto-key",
* KeyRing = myKeyRing.Apply(getKMSKeyRingResult => getKMSKeyRingResult.Id),
* });
* var myCryptoKeyVersion = Gcp.Kms.GetKMSCryptoKeyVersion.Invoke(new()
* {
* CryptoKey = myKey.Id,
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* myKeyRing, err := kms.GetKMSKeyRing(ctx, &kms.GetKMSKeyRingArgs{
* Name: "my-key-ring",
* Location: "us-central1",
* }, nil)
* if err != nil {
* return err
* }
* _, err = kms.GetKMSCryptoKey(ctx, &kms.GetKMSCryptoKeyArgs{
* Name: "my-crypto-key",
* KeyRing: myKeyRing.Id,
* }, nil)
* if err != nil {
* return err
* }
* _, err = kms.GetKMSCryptoKeyVersion(ctx, &kms.GetKMSCryptoKeyVersionArgs{
* CryptoKey: myKey.Id,
* }, nil)
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.kms.KmsFunctions;
* import com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;
* import com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyArgs;
* import com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyVersionArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var myKeyRing = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()
* .name("my-key-ring")
* .location("us-central1")
* .build());
* final var myCryptoKey = KmsFunctions.getKMSCryptoKey(GetKMSCryptoKeyArgs.builder()
* .name("my-crypto-key")
* .keyRing(myKeyRing.applyValue(getKMSKeyRingResult -> getKMSKeyRingResult.id()))
* .build());
* final var myCryptoKeyVersion = KmsFunctions.getKMSCryptoKeyVersion(GetKMSCryptoKeyVersionArgs.builder()
* .cryptoKey(myKey.id())
* .build());
* }
* }
* ```
* ```yaml
* variables:
* myKeyRing:
* fn::invoke:
* Function: gcp:kms:getKMSKeyRing
* Arguments:
* name: my-key-ring
* location: us-central1
* myCryptoKey:
* fn::invoke:
* Function: gcp:kms:getKMSCryptoKey
* Arguments:
* name: my-crypto-key
* keyRing: ${myKeyRing.id}
* myCryptoKeyVersion:
* fn::invoke:
* Function: gcp:kms:getKMSCryptoKeyVersion
* Arguments:
* cryptoKey: ${myKey.id}
* ```
*
* @param argument A collection of arguments for invoking getKMSCryptoKeyVersion.
* @return A collection of values returned by getKMSCryptoKeyVersion.
*/
public suspend fun getKMSCryptoKeyVersion(argument: GetKMSCryptoKeyVersionPlainArgs): GetKMSCryptoKeyVersionResult =
getKMSCryptoKeyVersionResultToKotlin(getKMSCryptoKeyVersionPlain(argument.toJava()).await())
/**
* @see [getKMSCryptoKeyVersion].
* @param cryptoKey The `id` of the Google Cloud Platform CryptoKey to which the key version belongs. This is also the `id` field of the
* `gcp.kms.CryptoKey` resource/datasource.
* @param version The version number for this CryptoKeyVersion. Defaults to `1`.
* @return A collection of values returned by getKMSCryptoKeyVersion.
*/
public suspend fun getKMSCryptoKeyVersion(cryptoKey: String, version: Int? = null): GetKMSCryptoKeyVersionResult {
val argument = GetKMSCryptoKeyVersionPlainArgs(
cryptoKey = cryptoKey,
version = version,
)
return getKMSCryptoKeyVersionResultToKotlin(getKMSCryptoKeyVersionPlain(argument.toJava()).await())
}
/**
* @see [getKMSCryptoKeyVersion].
* @param argument Builder for [com.pulumi.gcp.kms.kotlin.inputs.GetKMSCryptoKeyVersionPlainArgs].
* @return A collection of values returned by getKMSCryptoKeyVersion.
*/
public suspend fun getKMSCryptoKeyVersion(argument: suspend GetKMSCryptoKeyVersionPlainArgsBuilder.() -> Unit): GetKMSCryptoKeyVersionResult {
val builder = GetKMSCryptoKeyVersionPlainArgsBuilder()
builder.argument()
val builtArgument = builder.build()
return getKMSCryptoKeyVersionResultToKotlin(getKMSCryptoKeyVersionPlain(builtArgument.toJava()).await())
}
/**
* Provides access to Google Cloud Platform KMS KeyRing. For more information see
* [the official documentation](https://cloud.google.com/kms/docs/object-hierarchy#key_ring)
* and
* [API](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings).
* A KeyRing is a grouping of CryptoKeys for organizational purposes. A KeyRing belongs to a Google Cloud Platform Project
* and resides in a specific location.
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const myKeyRing = gcp.kms.getKMSKeyRing({
* name: "my-key-ring",
* location: "us-central1",
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* my_key_ring = gcp.kms.get_kms_key_ring(name="my-key-ring",
* location="us-central1")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var myKeyRing = Gcp.Kms.GetKMSKeyRing.Invoke(new()
* {
* Name = "my-key-ring",
* Location = "us-central1",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := kms.GetKMSKeyRing(ctx, &kms.GetKMSKeyRingArgs{
* Name: "my-key-ring",
* Location: "us-central1",
* }, nil)
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.kms.KmsFunctions;
* import com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var myKeyRing = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()
* .name("my-key-ring")
* .location("us-central1")
* .build());
* }
* }
* ```
* ```yaml
* variables:
* myKeyRing:
* fn::invoke:
* Function: gcp:kms:getKMSKeyRing
* Arguments:
* name: my-key-ring
* location: us-central1
* ```
*
* @param argument A collection of arguments for invoking getKMSKeyRing.
* @return A collection of values returned by getKMSKeyRing.
*/
public suspend fun getKMSKeyRing(argument: GetKMSKeyRingPlainArgs): GetKMSKeyRingResult =
getKMSKeyRingResultToKotlin(getKMSKeyRingPlain(argument.toJava()).await())
/**
* @see [getKMSKeyRing].
* @param location The Google Cloud Platform location for the KeyRing.
* A full list of valid locations can be found by running `gcloud kms locations list`.
* - - -
* @param name The KeyRing's name.
* A KeyRing name must exist within the provided location and match the regular expression `[a-zA-Z0-9_-]{1,63}`
* @param project The project in which the resource belongs. If it
* is not provided, the provider project is used.
* @return A collection of values returned by getKMSKeyRing.
*/
public suspend fun getKMSKeyRing(
location: String,
name: String,
project: String? = null,
): GetKMSKeyRingResult {
val argument = GetKMSKeyRingPlainArgs(
location = location,
name = name,
project = project,
)
return getKMSKeyRingResultToKotlin(getKMSKeyRingPlain(argument.toJava()).await())
}
/**
* @see [getKMSKeyRing].
* @param argument Builder for [com.pulumi.gcp.kms.kotlin.inputs.GetKMSKeyRingPlainArgs].
* @return A collection of values returned by getKMSKeyRing.
*/
public suspend fun getKMSKeyRing(argument: suspend GetKMSKeyRingPlainArgsBuilder.() -> Unit): GetKMSKeyRingResult {
val builder = GetKMSKeyRingPlainArgsBuilder()
builder.argument()
val builtArgument = builder.build()
return getKMSKeyRingResultToKotlin(getKMSKeyRingPlain(builtArgument.toJava()).await())
}
/**
* This data source allows you to use data encrypted with Google Cloud KMS
* within your resource definitions.
* For more information see
* [the official documentation](https://cloud.google.com/kms/docs/encrypt-decrypt).
* > **NOTE:** Using this data provider will allow you to conceal secret data within your
* resource definitions, but it does not take care of protecting that data in the
* logging output, plan output, or state output. Please take care to secure your secret
* data outside of resource definitions.
* ## Example Usage
* First, create a KMS KeyRing and CryptoKey using the resource definitions:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const myKeyRing = new gcp.kms.KeyRing("my_key_ring", {
* project: "my-project",
* name: "my-key-ring",
* location: "us-central1",
* });
* const myCryptoKey = new gcp.kms.CryptoKey("my_crypto_key", {
* name: "my-crypto-key",
* keyRing: myKeyRing.id,
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* my_key_ring = gcp.kms.KeyRing("my_key_ring",
* project="my-project",
* name="my-key-ring",
* location="us-central1")
* my_crypto_key = gcp.kms.CryptoKey("my_crypto_key",
* name="my-crypto-key",
* key_ring=my_key_ring.id)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var myKeyRing = new Gcp.Kms.KeyRing("my_key_ring", new()
* {
* Project = "my-project",
* Name = "my-key-ring",
* Location = "us-central1",
* });
* var myCryptoKey = new Gcp.Kms.CryptoKey("my_crypto_key", new()
* {
* Name = "my-crypto-key",
* KeyRing = myKeyRing.Id,
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* myKeyRing, err := kms.NewKeyRing(ctx, "my_key_ring", &kms.KeyRingArgs{
* Project: pulumi.String("my-project"),
* Name: pulumi.String("my-key-ring"),
* Location: pulumi.String("us-central1"),
* })
* if err != nil {
* return err
* }
* _, err = kms.NewCryptoKey(ctx, "my_crypto_key", &kms.CryptoKeyArgs{
* Name: pulumi.String("my-crypto-key"),
* KeyRing: myKeyRing.ID(),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.kms.KeyRing;
* import com.pulumi.gcp.kms.KeyRingArgs;
* import com.pulumi.gcp.kms.CryptoKey;
* import com.pulumi.gcp.kms.CryptoKeyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var myKeyRing = new KeyRing("myKeyRing", KeyRingArgs.builder()
* .project("my-project")
* .name("my-key-ring")
* .location("us-central1")
* .build());
* var myCryptoKey = new CryptoKey("myCryptoKey", CryptoKeyArgs.builder()
* .name("my-crypto-key")
* .keyRing(myKeyRing.id())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* myKeyRing:
* type: gcp:kms:KeyRing
* name: my_key_ring
* properties:
* project: my-project
* name: my-key-ring
* location: us-central1
* myCryptoKey:
* type: gcp:kms:CryptoKey
* name: my_crypto_key
* properties:
* name: my-crypto-key
* keyRing: ${myKeyRing.id}
* ```
*
* Next, use the [Cloud SDK](https://cloud.google.com/sdk/gcloud/reference/kms/encrypt) to encrypt some
* sensitive information:
* ```bash
* $ echo -n my-secret-password | gcloud kms encrypt \
* > --project my-project \
* > --location us-central1 \
* > --keyring my-key-ring \
* > --key my-crypto-key \
* > --plaintext-file - \
* > --ciphertext-file - \
* > | base64
* CiQAqD+xX4SXOSziF4a8JYvq4spfAuWhhYSNul33H85HnVtNQW4SOgDu2UZ46dQCRFl5MF6ekabviN8xq+F+2035ZJ85B+xTYXqNf4mZs0RJitnWWuXlYQh6axnnJYu3kDU=
* ```
* Finally, reference the encrypted ciphertext in your resource definitions:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* import * as random from "@pulumi/random";
* const sqlUserPassword = gcp.kms.getKMSSecret({
* cryptoKey: myCryptoKey.id,
* ciphertext: "CiQAqD+xX4SXOSziF4a8JYvq4spfAuWhhYSNul33H85HnVtNQW4SOgDu2UZ46dQCRFl5MF6ekabviN8xq+F+2035ZJ85B+xTYXqNf4mZs0RJitnWWuXlYQh6axnnJYu3kDU=",
* });
* const dbNameSuffix = new random.RandomId("db_name_suffix", {byteLength: 4});
* const main = new gcp.sql.DatabaseInstance("main", {
* name: pulumi.interpolate`main-instance-${dbNameSuffix.hex}`,
* databaseVersion: "MYSQL_5_7",
* settings: {
* tier: "db-f1-micro",
* },
* });
* const users = new gcp.sql.User("users", {
* name: "me",
* instance: main.name,
* host: "me.com",
* password: sqlUserPassword.then(sqlUserPassword => sqlUserPassword.plaintext),
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* import pulumi_random as random
* sql_user_password = gcp.kms.get_kms_secret(crypto_key=my_crypto_key["id"],
* ciphertext="CiQAqD+xX4SXOSziF4a8JYvq4spfAuWhhYSNul33H85HnVtNQW4SOgDu2UZ46dQCRFl5MF6ekabviN8xq+F+2035ZJ85B+xTYXqNf4mZs0RJitnWWuXlYQh6axnnJYu3kDU=")
* db_name_suffix = random.RandomId("db_name_suffix", byte_length=4)
* main = gcp.sql.DatabaseInstance("main",
* name=db_name_suffix.hex.apply(lambda hex: f"main-instance-{hex}"),
* database_version="MYSQL_5_7",
* settings=gcp.sql.DatabaseInstanceSettingsArgs(
* tier="db-f1-micro",
* ))
* users = gcp.sql.User("users",
* name="me",
* instance=main.name,
* host="me.com",
* password=sql_user_password.plaintext)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* using Random = Pulumi.Random;
* return await Deployment.RunAsync(() =>
* {
* var sqlUserPassword = Gcp.Kms.GetKMSSecret.Invoke(new()
* {
* CryptoKey = myCryptoKey.Id,
* Ciphertext = "CiQAqD+xX4SXOSziF4a8JYvq4spfAuWhhYSNul33H85HnVtNQW4SOgDu2UZ46dQCRFl5MF6ekabviN8xq+F+2035ZJ85B+xTYXqNf4mZs0RJitnWWuXlYQh6axnnJYu3kDU=",
* });
* var dbNameSuffix = new Random.RandomId("db_name_suffix", new()
* {
* ByteLength = 4,
* });
* var main = new Gcp.Sql.DatabaseInstance("main", new()
* {
* Name = dbNameSuffix.Hex.Apply(hex => $"main-instance-{hex}"),
* DatabaseVersion = "MYSQL_5_7",
* Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs
* {
* Tier = "db-f1-micro",
* },
* });
* var users = new Gcp.Sql.User("users", new()
* {
* Name = "me",
* Instance = main.Name,
* Host = "me.com",
* Password = sqlUserPassword.Apply(getKMSSecretResult => getKMSSecretResult.Plaintext),
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/sql"
* "github.com/pulumi/pulumi-random/sdk/v4/go/random"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* sqlUserPassword, err := kms.GetKMSSecret(ctx, &kms.GetKMSSecretArgs{
* CryptoKey: myCryptoKey.Id,
* Ciphertext: "CiQAqD+xX4SXOSziF4a8JYvq4spfAuWhhYSNul33H85HnVtNQW4SOgDu2UZ46dQCRFl5MF6ekabviN8xq+F+2035ZJ85B+xTYXqNf4mZs0RJitnWWuXlYQh6axnnJYu3kDU=",
* }, nil)
* if err != nil {
* return err
* }
* dbNameSuffix, err := random.NewRandomId(ctx, "db_name_suffix", &random.RandomIdArgs{
* ByteLength: pulumi.Int(4),
* })
* if err != nil {
* return err
* }
* main, err := sql.NewDatabaseInstance(ctx, "main", &sql.DatabaseInstanceArgs{
* Name: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) {
* return fmt.Sprintf("main-instance-%v", hex), nil
* }).(pulumi.StringOutput),
* DatabaseVersion: pulumi.String("MYSQL_5_7"),
* Settings: &sql.DatabaseInstanceSettingsArgs{
* Tier: pulumi.String("db-f1-micro"),
* },
* })
* if err != nil {
* return err
* }
* _, err = sql.NewUser(ctx, "users", &sql.UserArgs{
* Name: pulumi.String("me"),
* Instance: main.Name,
* Host: pulumi.String("me.com"),
* Password: pulumi.String(sqlUserPassword.Plaintext),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.kms.KmsFunctions;
* import com.pulumi.gcp.kms.inputs.GetKMSSecretArgs;
* import com.pulumi.random.RandomId;
* import com.pulumi.random.RandomIdArgs;
* import com.pulumi.gcp.sql.DatabaseInstance;
* import com.pulumi.gcp.sql.DatabaseInstanceArgs;
* import com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;
* import com.pulumi.gcp.sql.User;
* import com.pulumi.gcp.sql.UserArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var sqlUserPassword = KmsFunctions.getKMSSecret(GetKMSSecretArgs.builder()
* .cryptoKey(myCryptoKey.id())
* .ciphertext("CiQAqD+xX4SXOSziF4a8JYvq4spfAuWhhYSNul33H85HnVtNQW4SOgDu2UZ46dQCRFl5MF6ekabviN8xq+F+2035ZJ85B+xTYXqNf4mZs0RJitnWWuXlYQh6axnnJYu3kDU=")
* .build());
* var dbNameSuffix = new RandomId("dbNameSuffix", RandomIdArgs.builder()
* .byteLength(4)
* .build());
* var main = new DatabaseInstance("main", DatabaseInstanceArgs.builder()
* .name(dbNameSuffix.hex().applyValue(hex -> String.format("main-instance-%s", hex)))
* .databaseVersion("MYSQL_5_7")
* .settings(DatabaseInstanceSettingsArgs.builder()
* .tier("db-f1-micro")
* .build())
* .build());
* var users = new User("users", UserArgs.builder()
* .name("me")
* .instance(main.name())
* .host("me.com")
* .password(sqlUserPassword.applyValue(getKMSSecretResult -> getKMSSecretResult.plaintext()))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* dbNameSuffix:
* type: random:RandomId
* name: db_name_suffix
* properties:
* byteLength: 4
* main:
* type: gcp:sql:DatabaseInstance
* properties:
* name: main-instance-${dbNameSuffix.hex}
* databaseVersion: MYSQL_5_7
* settings:
* tier: db-f1-micro
* users:
* type: gcp:sql:User
* properties:
* name: me
* instance: ${main.name}
* host: me.com
* password: ${sqlUserPassword.plaintext}
* variables:
* sqlUserPassword:
* fn::invoke:
* Function: gcp:kms:getKMSSecret
* Arguments:
* cryptoKey: ${myCryptoKey.id}
* ciphertext: CiQAqD+xX4SXOSziF4a8JYvq4spfAuWhhYSNul33H85HnVtNQW4SOgDu2UZ46dQCRFl5MF6ekabviN8xq+F+2035ZJ85B+xTYXqNf4mZs0RJitnWWuXlYQh6axnnJYu3kDU=
* ```
*
* This will result in a Cloud SQL user being created with password `my-secret-password`.
* @param argument A collection of arguments for invoking getKMSSecret.
* @return A collection of values returned by getKMSSecret.
*/
public suspend fun getKMSSecret(argument: GetKMSSecretPlainArgs): GetKMSSecretResult =
getKMSSecretResultToKotlin(getKMSSecretPlain(argument.toJava()).await())
/**
* @see [getKMSSecret].
* @param additionalAuthenticatedData The [additional authenticated data](https://cloud.google.com/kms/docs/additional-authenticated-data) used for integrity checks during encryption and decryption.
* @param ciphertext The ciphertext to be decrypted, encoded in base64
* @param cryptoKey The id of the CryptoKey that will be used to
* decrypt the provided ciphertext. This is represented by the format
* `{projectId}/{location}/{keyRingName}/{cryptoKeyName}`.
* @return A collection of values returned by getKMSSecret.
*/
public suspend fun getKMSSecret(
additionalAuthenticatedData: String? = null,
ciphertext: String,
cryptoKey: String,
): GetKMSSecretResult {
val argument = GetKMSSecretPlainArgs(
additionalAuthenticatedData = additionalAuthenticatedData,
ciphertext = ciphertext,
cryptoKey = cryptoKey,
)
return getKMSSecretResultToKotlin(getKMSSecretPlain(argument.toJava()).await())
}
/**
* @see [getKMSSecret].
* @param argument Builder for [com.pulumi.gcp.kms.kotlin.inputs.GetKMSSecretPlainArgs].
* @return A collection of values returned by getKMSSecret.
*/
public suspend fun getKMSSecret(argument: suspend GetKMSSecretPlainArgsBuilder.() -> Unit): GetKMSSecretResult {
val builder = GetKMSSecretPlainArgsBuilder()
builder.argument()
val builtArgument = builder.build()
return getKMSSecretResultToKotlin(getKMSSecretPlain(builtArgument.toJava()).await())
}
/**
* ## Example Usage
* First, create a KMS KeyRing and CryptoKey using the resource definitions:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const myKeyRing = new gcp.kms.KeyRing("my_key_ring", {
* project: "my-project",
* name: "my-key-ring",
* location: "us-central1",
* });
* const myCryptoKeyCryptoKey = new gcp.kms.CryptoKey("my_crypto_key", {
* name: "my-crypto-key",
* keyRing: myKeyRing.id,
* purpose: "ASYMMETRIC_DECRYPT",
* versionTemplate: {
* algorithm: "RSA_DECRYPT_OAEP_4096_SHA256",
* },
* });
* const myCryptoKey = gcp.kms.getKMSCryptoKeyVersionOutput({
* cryptoKey: myCryptoKeyCryptoKey.id,
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* my_key_ring = gcp.kms.KeyRing("my_key_ring",
* project="my-project",
* name="my-key-ring",
* location="us-central1")
* my_crypto_key_crypto_key = gcp.kms.CryptoKey("my_crypto_key",
* name="my-crypto-key",
* key_ring=my_key_ring.id,
* purpose="ASYMMETRIC_DECRYPT",
* version_template=gcp.kms.CryptoKeyVersionTemplateArgs(
* algorithm="RSA_DECRYPT_OAEP_4096_SHA256",
* ))
* my_crypto_key = gcp.kms.get_kms_crypto_key_version_output(crypto_key=my_crypto_key_crypto_key.id)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var myKeyRing = new Gcp.Kms.KeyRing("my_key_ring", new()
* {
* Project = "my-project",
* Name = "my-key-ring",
* Location = "us-central1",
* });
* var myCryptoKeyCryptoKey = new Gcp.Kms.CryptoKey("my_crypto_key", new()
* {
* Name = "my-crypto-key",
* KeyRing = myKeyRing.Id,
* Purpose = "ASYMMETRIC_DECRYPT",
* VersionTemplate = new Gcp.Kms.Inputs.CryptoKeyVersionTemplateArgs
* {
* Algorithm = "RSA_DECRYPT_OAEP_4096_SHA256",
* },
* });
* var myCryptoKey = Gcp.Kms.GetKMSCryptoKeyVersion.Invoke(new()
* {
* CryptoKey = myCryptoKeyCryptoKey.Id,
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* myKeyRing, err := kms.NewKeyRing(ctx, "my_key_ring", &kms.KeyRingArgs{
* Project: pulumi.String("my-project"),
* Name: pulumi.String("my-key-ring"),
* Location: pulumi.String("us-central1"),
* })
* if err != nil {
* return err
* }
* myCryptoKeyCryptoKey, err := kms.NewCryptoKey(ctx, "my_crypto_key", &kms.CryptoKeyArgs{
* Name: pulumi.String("my-crypto-key"),
* KeyRing: myKeyRing.ID(),
* Purpose: pulumi.String("ASYMMETRIC_DECRYPT"),
* VersionTemplate: &kms.CryptoKeyVersionTemplateArgs{
* Algorithm: pulumi.String("RSA_DECRYPT_OAEP_4096_SHA256"),
* },
* })
* if err != nil {
* return err
* }
* _ = kms.GetKMSCryptoKeyVersionOutput(ctx, kms.GetKMSCryptoKeyVersionOutputArgs{
* CryptoKey: myCryptoKeyCryptoKey.ID(),
* }, nil)
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.kms.KeyRing;
* import com.pulumi.gcp.kms.KeyRingArgs;
* import com.pulumi.gcp.kms.CryptoKey;
* import com.pulumi.gcp.kms.CryptoKeyArgs;
* import com.pulumi.gcp.kms.inputs.CryptoKeyVersionTemplateArgs;
* import com.pulumi.gcp.kms.KmsFunctions;
* import com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyVersionArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var myKeyRing = new KeyRing("myKeyRing", KeyRingArgs.builder()
* .project("my-project")
* .name("my-key-ring")
* .location("us-central1")
* .build());
* var myCryptoKeyCryptoKey = new CryptoKey("myCryptoKeyCryptoKey", CryptoKeyArgs.builder()
* .name("my-crypto-key")
* .keyRing(myKeyRing.id())
* .purpose("ASYMMETRIC_DECRYPT")
* .versionTemplate(CryptoKeyVersionTemplateArgs.builder()
* .algorithm("RSA_DECRYPT_OAEP_4096_SHA256")
* .build())
* .build());
* final var myCryptoKey = KmsFunctions.getKMSCryptoKeyVersion(GetKMSCryptoKeyVersionArgs.builder()
* .cryptoKey(myCryptoKeyCryptoKey.id())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* myKeyRing:
* type: gcp:kms:KeyRing
* name: my_key_ring
* properties:
* project: my-project
* name: my-key-ring
* location: us-central1
* myCryptoKeyCryptoKey:
* type: gcp:kms:CryptoKey
* name: my_crypto_key
* properties:
* name: my-crypto-key
* keyRing: ${myKeyRing.id}
* purpose: ASYMMETRIC_DECRYPT
* versionTemplate:
* algorithm: RSA_DECRYPT_OAEP_4096_SHA256
* variables:
* myCryptoKey:
* fn::invoke:
* Function: gcp:kms:getKMSCryptoKeyVersion
* Arguments:
* cryptoKey: ${myCryptoKeyCryptoKey.id}
* ```
*
* Next, use the [Cloud SDK](https://cloud.google.com/kms/docs/encrypt-decrypt-rsa#kms-encrypt-asymmetric-cli) to encrypt
* some sensitive information:
* ```bash
* ## get the public key to encrypt the secret with
* $ gcloud kms keys versions get-public-key 1 \
* --project my-project \
* --location us-central1 \
* --keyring my-key-ring \
* --key my-crypto-key \
* --output-file public-key.pem
* ## encrypt secret with the public key
* $ echo -n my-secret-password | \
* openssl pkeyutl -in - \
* -encrypt \
* -pubin \
* -inkey public-key.pem \
* -pkeyopt rsa_padding_mode:oaep \
* -pkeyopt rsa_oaep_md:sha256 \
* -pkeyopt rsa_mgf1_md:sha256 > \
* my-secret-password.enc
* ## base64 encode the ciphertext
* $ openssl base64 -in my-secret-password.enc
* M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq
* ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75
* 4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx
* eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs
* wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr
* LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc
* yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1
* J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL
* IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z
* mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9
* A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=
* ## optionally calculate the CRC32 of the ciphertext
* $ go get github.com/binxio/crc32
* $ $GOPATH/bin/crc32 -polynomial castagnoli < my-secret-password.enc
* 12c59e54
* ```
* Finally, reference the encrypted ciphertext in your resource definitions:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* import * as random from "@pulumi/random";
* const sqlUserPassword = gcp.kms.getKMSSecretAsymmetric({
* cryptoKeyVersion: myCryptoKey.id,
* crc32: "12c59e54",
* ciphertext: ` M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq
* ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75
* 4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx
* eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs
* wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr
* LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc
* yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1
* J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL
* IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z
* mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9
* A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=
* `,
* });
* const dbNameSuffix = new random.RandomId("db_name_suffix", {byteLength: 4});
* const main = new gcp.sql.DatabaseInstance("main", {
* name: pulumi.interpolate`main-instance-${dbNameSuffix.hex}`,
* databaseVersion: "MYSQL_5_7",
* settings: {
* tier: "db-f1-micro",
* },
* });
* const users = new gcp.sql.User("users", {
* name: "me",
* instance: main.name,
* host: "me.com",
* password: sqlUserPasswordGoogleKmsSecret.plaintext,
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* import pulumi_random as random
* sql_user_password = gcp.kms.get_kms_secret_asymmetric(crypto_key_version=my_crypto_key["id"],
* crc32="12c59e54",
* ciphertext=""" M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq
* ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75
* 4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx
* eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs
* wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr
* LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc
* yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1
* J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL
* IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z
* mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9
* A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=
* """)
* db_name_suffix = random.RandomId("db_name_suffix", byte_length=4)
* main = gcp.sql.DatabaseInstance("main",
* name=db_name_suffix.hex.apply(lambda hex: f"main-instance-{hex}"),
* database_version="MYSQL_5_7",
* settings=gcp.sql.DatabaseInstanceSettingsArgs(
* tier="db-f1-micro",
* ))
* users = gcp.sql.User("users",
* name="me",
* instance=main.name,
* host="me.com",
* password=sql_user_password_google_kms_secret["plaintext"])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* using Random = Pulumi.Random;
* return await Deployment.RunAsync(() =>
* {
* var sqlUserPassword = Gcp.Kms.GetKMSSecretAsymmetric.Invoke(new()
* {
* CryptoKeyVersion = myCryptoKey.Id,
* Crc32 = "12c59e54",
* Ciphertext = @" M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq
* ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75
* 4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx
* eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs
* wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr
* LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc
* yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1
* J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL
* IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z
* mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9
* A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=
* ",
* });
* var dbNameSuffix = new Random.RandomId("db_name_suffix", new()
* {
* ByteLength = 4,
* });
* var main = new Gcp.Sql.DatabaseInstance("main", new()
* {
* Name = dbNameSuffix.Hex.Apply(hex => $"main-instance-{hex}"),
* DatabaseVersion = "MYSQL_5_7",
* Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs
* {
* Tier = "db-f1-micro",
* },
* });
* var users = new Gcp.Sql.User("users", new()
* {
* Name = "me",
* Instance = main.Name,
* Host = "me.com",
* Password = sqlUserPasswordGoogleKmsSecret.Plaintext,
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/sql"
* "github.com/pulumi/pulumi-random/sdk/v4/go/random"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := kms.GetKMSSecretAsymmetric(ctx, &kms.GetKMSSecretAsymmetricArgs{
* CryptoKeyVersion: myCryptoKey.Id,
* Crc32: pulumi.StringRef("12c59e54"),
* Ciphertext: ` M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq
* ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75
* 4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx
* eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs
* wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr
* LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc
* yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1
* J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL
* IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z
* mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9
* A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=
* `,
* }, nil)
* if err != nil {
* return err
* }
* dbNameSuffix, err := random.NewRandomId(ctx, "db_name_suffix", &random.RandomIdArgs{
* ByteLength: pulumi.Int(4),
* })
* if err != nil {
* return err
* }
* main, err := sql.NewDatabaseInstance(ctx, "main", &sql.DatabaseInstanceArgs{
* Name: dbNameSuffix.Hex.ApplyT(func(hex string) (string, error) {
* return fmt.Sprintf("main-instance-%v", hex), nil
* }).(pulumi.StringOutput),
* DatabaseVersion: pulumi.String("MYSQL_5_7"),
* Settings: &sql.DatabaseInstanceSettingsArgs{
* Tier: pulumi.String("db-f1-micro"),
* },
* })
* if err != nil {
* return err
* }
* _, err = sql.NewUser(ctx, "users", &sql.UserArgs{
* Name: pulumi.String("me"),
* Instance: main.Name,
* Host: pulumi.String("me.com"),
* Password: pulumi.Any(sqlUserPasswordGoogleKmsSecret.Plaintext),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.kms.KmsFunctions;
* import com.pulumi.gcp.kms.inputs.GetKMSSecretAsymmetricArgs;
* import com.pulumi.random.RandomId;
* import com.pulumi.random.RandomIdArgs;
* import com.pulumi.gcp.sql.DatabaseInstance;
* import com.pulumi.gcp.sql.DatabaseInstanceArgs;
* import com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;
* import com.pulumi.gcp.sql.User;
* import com.pulumi.gcp.sql.UserArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var sqlUserPassword = KmsFunctions.getKMSSecretAsymmetric(GetKMSSecretAsymmetricArgs.builder()
* .cryptoKeyVersion(myCryptoKey.id())
* .crc32("12c59e54")
* .ciphertext("""
* M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq
* ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75
* 4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx
* eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs
* wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr
* LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc
* yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1
* J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL
* IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z
* mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9
* A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=
* """)
* .build());
* var dbNameSuffix = new RandomId("dbNameSuffix", RandomIdArgs.builder()
* .byteLength(4)
* .build());
* var main = new DatabaseInstance("main", DatabaseInstanceArgs.builder()
* .name(dbNameSuffix.hex().applyValue(hex -> String.format("main-instance-%s", hex)))
* .databaseVersion("MYSQL_5_7")
* .settings(DatabaseInstanceSettingsArgs.builder()
* .tier("db-f1-micro")
* .build())
* .build());
* var users = new User("users", UserArgs.builder()
* .name("me")
* .instance(main.name())
* .host("me.com")
* .password(sqlUserPasswordGoogleKmsSecret.plaintext())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* dbNameSuffix:
* type: random:RandomId
* name: db_name_suffix
* properties:
* byteLength: 4
* main:
* type: gcp:sql:DatabaseInstance
* properties:
* name: main-instance-${dbNameSuffix.hex}
* databaseVersion: MYSQL_5_7
* settings:
* tier: db-f1-micro
* users:
* type: gcp:sql:User
* properties:
* name: me
* instance: ${main.name}
* host: me.com
* password: ${sqlUserPasswordGoogleKmsSecret.plaintext}
* variables:
* sqlUserPassword:
* fn::invoke:
* Function: gcp:kms:getKMSSecretAsymmetric
* Arguments:
* cryptoKeyVersion: ${myCryptoKey.id}
* crc32: 12c59e54
* ciphertext: |2
* M7nUoba9EGVTu2LjNjBKGdGVBYjyS/i/AY+4yQMQF0Qf/RfUfX31Jw6+VO9OuThq
* ylu/7ihX9XD4bM7yYdXnMv9p1OHQUlorSBSbb/J6n1W9UJhcp6um8Tw8/Isx4f75
* 4PskYS6f8Y2ItliGt1/A9iR5BTgGtJBwOxMlgoX2Ggq+Nh4E5SbdoaE5o6CO1nBx
* eIPsPEebQ6qC4JehQM3IGuV/lrm58+hZhaXAqNzX1cEYyAt5GYqJIVCiI585SUYs
* wRToGyTgaN+zthF0HP9IWlR4Am4LmJ/1OcePTnYw11CkU8wNRbDzVAzogwNH+rXr
* LTmf7hxVjBm6bBSVSNFcBKAXFlllubSfIeZ5hgzGqn54OmSf6odO12L5JxllddHc
* yAd54vWKs2kJtnsKV2V4ZdkI0w6y1TeI67baFZDNGo6qsCpFMPnvv7d46Pg2VOp1
* J6Ivner0NnNHE4MzNmpZRk8WXMwqq4P/gTiT7F/aCX6oFCUQ4AWPQhJYh2dkcOmL
* IP+47Veb10aFn61F1CJwpmOOiGNXKdDT1vK8CMnnwhm825K0q/q9Zqpzc1+1ae1z
* mSqol1zCoa88CuSN6nTLQlVnN/dzfrGbc0boJPaM0iGhHtSzHk4SWg84LhiJB1q9
* A9XFJmOVdkvRY9nnz/iVLAdd0Q3vFtLqCdUYsNN2yh4=
* ```
*
* This will result in a Cloud SQL user being created with password `my-secret-password`.
* @param argument A collection of arguments for invoking getKMSSecretAsymmetric.
* @return A collection of values returned by getKMSSecretAsymmetric.
*/
public suspend fun getKMSSecretAsymmetric(argument: GetKMSSecretAsymmetricPlainArgs): GetKMSSecretAsymmetricResult =
getKMSSecretAsymmetricResultToKotlin(getKMSSecretAsymmetricPlain(argument.toJava()).await())
/**
* @see [getKMSSecretAsymmetric].
* @param ciphertext The ciphertext to be decrypted, encoded in base64
* @param crc32 The crc32 checksum of the `ciphertext` in hexadecimal notation. If not specified, it will be computed.
* @param cryptoKeyVersion The id of the CryptoKey version that will be used to
* decrypt the provided ciphertext. This is represented by the format
* `projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}/cryptoKeyVersions/{version}`.
* @return A collection of values returned by getKMSSecretAsymmetric.
*/
public suspend fun getKMSSecretAsymmetric(
ciphertext: String,
crc32: String? = null,
cryptoKeyVersion: String,
): GetKMSSecretAsymmetricResult {
val argument = GetKMSSecretAsymmetricPlainArgs(
ciphertext = ciphertext,
crc32 = crc32,
cryptoKeyVersion = cryptoKeyVersion,
)
return getKMSSecretAsymmetricResultToKotlin(getKMSSecretAsymmetricPlain(argument.toJava()).await())
}
/**
* @see [getKMSSecretAsymmetric].
* @param argument Builder for [com.pulumi.gcp.kms.kotlin.inputs.GetKMSSecretAsymmetricPlainArgs].
* @return A collection of values returned by getKMSSecretAsymmetric.
*/
public suspend fun getKMSSecretAsymmetric(argument: suspend GetKMSSecretAsymmetricPlainArgsBuilder.() -> Unit): GetKMSSecretAsymmetricResult {
val builder = GetKMSSecretAsymmetricPlainArgsBuilder()
builder.argument()
val builtArgument = builder.build()
return getKMSSecretAsymmetricResultToKotlin(getKMSSecretAsymmetricPlain(builtArgument.toJava()).await())
}
/**
* !> **Warning:** This data source is deprecated. Use the `gcp.kms.SecretCiphertext` **resource** instead.
* This data source allows you to encrypt data with Google Cloud KMS and use the
* ciphertext within your resource definitions.
* For more information see
* [the official documentation](https://cloud.google.com/kms/docs/encrypt-decrypt).
* > **NOTE:** Using this data source will allow you to conceal secret data within your
* resource definitions, but it does not take care of protecting that data in the
* logging output, plan output, or state output. Please take care to secure your secret
* data outside of resource definitions.
* ## Example Usage
* First, create a KMS KeyRing and CryptoKey using the resource definitions:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const myKeyRing = new gcp.kms.KeyRing("my_key_ring", {
* project: "my-project",
* name: "my-key-ring",
* location: "us-central1",
* });
* const myCryptoKey = new gcp.kms.CryptoKey("my_crypto_key", {
* name: "my-crypto-key",
* keyRing: myKeyRing.id,
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* my_key_ring = gcp.kms.KeyRing("my_key_ring",
* project="my-project",
* name="my-key-ring",
* location="us-central1")
* my_crypto_key = gcp.kms.CryptoKey("my_crypto_key",
* name="my-crypto-key",
* key_ring=my_key_ring.id)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var myKeyRing = new Gcp.Kms.KeyRing("my_key_ring", new()
* {
* Project = "my-project",
* Name = "my-key-ring",
* Location = "us-central1",
* });
* var myCryptoKey = new Gcp.Kms.CryptoKey("my_crypto_key", new()
* {
* Name = "my-crypto-key",
* KeyRing = myKeyRing.Id,
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* myKeyRing, err := kms.NewKeyRing(ctx, "my_key_ring", &kms.KeyRingArgs{
* Project: pulumi.String("my-project"),
* Name: pulumi.String("my-key-ring"),
* Location: pulumi.String("us-central1"),
* })
* if err != nil {
* return err
* }
* _, err = kms.NewCryptoKey(ctx, "my_crypto_key", &kms.CryptoKeyArgs{
* Name: pulumi.String("my-crypto-key"),
* KeyRing: myKeyRing.ID(),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.kms.KeyRing;
* import com.pulumi.gcp.kms.KeyRingArgs;
* import com.pulumi.gcp.kms.CryptoKey;
* import com.pulumi.gcp.kms.CryptoKeyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var myKeyRing = new KeyRing("myKeyRing", KeyRingArgs.builder()
* .project("my-project")
* .name("my-key-ring")
* .location("us-central1")
* .build());
* var myCryptoKey = new CryptoKey("myCryptoKey", CryptoKeyArgs.builder()
* .name("my-crypto-key")
* .keyRing(myKeyRing.id())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* myKeyRing:
* type: gcp:kms:KeyRing
* name: my_key_ring
* properties:
* project: my-project
* name: my-key-ring
* location: us-central1
* myCryptoKey:
* type: gcp:kms:CryptoKey
* name: my_crypto_key
* properties:
* name: my-crypto-key
* keyRing: ${myKeyRing.id}
* ```
*
* Next, encrypt some sensitive information and use the encrypted data in your resource definitions:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const myPassword = gcp.kms.getKMSSecretCiphertext({
* cryptoKey: myCryptoKey.id,
* plaintext: "my-secret-password",
* });
* const instance = new gcp.compute.Instance("instance", {
* networkInterfaces: [{
* accessConfigs: [{}],
* network: "default",
* }],
* name: "test",
* machineType: "e2-medium",
* zone: "us-central1-a",
* bootDisk: {
* initializeParams: {
* image: "debian-cloud/debian-11",
* },
* },
* metadata: {
* password: myPassword.then(myPassword => myPassword.ciphertext),
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* my_password = gcp.kms.get_kms_secret_ciphertext(crypto_key=my_crypto_key["id"],
* plaintext="my-secret-password")
* instance = gcp.compute.Instance("instance",
* network_interfaces=[gcp.compute.InstanceNetworkInterfaceArgs(
* access_configs=[gcp.compute.InstanceNetworkInterfaceAccessConfigArgs()],
* network="default",
* )],
* name="test",
* machine_type="e2-medium",
* zone="us-central1-a",
* boot_disk=gcp.compute.InstanceBootDiskArgs(
* initialize_params=gcp.compute.InstanceBootDiskInitializeParamsArgs(
* image="debian-cloud/debian-11",
* ),
* ),
* metadata={
* "password": my_password.ciphertext,
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var myPassword = Gcp.Kms.GetKMSSecretCiphertext.Invoke(new()
* {
* CryptoKey = myCryptoKey.Id,
* Plaintext = "my-secret-password",
* });
* var instance = new Gcp.Compute.Instance("instance", new()
* {
* NetworkInterfaces = new[]
* {
* new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs
* {
* AccessConfigs = new[]
* {
* null,
* },
* Network = "default",
* },
* },
* Name = "test",
* MachineType = "e2-medium",
* Zone = "us-central1-a",
* BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs
* {
* InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs
* {
* Image = "debian-cloud/debian-11",
* },
* },
* Metadata =
* {
* { "password", myPassword.Apply(getKMSSecretCiphertextResult => getKMSSecretCiphertextResult.Ciphertext) },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* myPassword, err := kms.GetKMSSecretCiphertext(ctx, &kms.GetKMSSecretCiphertextArgs{
* CryptoKey: myCryptoKey.Id,
* Plaintext: "my-secret-password",
* }, nil)
* if err != nil {
* return err
* }
* _, err = compute.NewInstance(ctx, "instance", &compute.InstanceArgs{
* NetworkInterfaces: compute.InstanceNetworkInterfaceArray{
* &compute.InstanceNetworkInterfaceArgs{
* AccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{
* nil,
* },
* Network: pulumi.String("default"),
* },
* },
* Name: pulumi.String("test"),
* MachineType: pulumi.String("e2-medium"),
* Zone: pulumi.String("us-central1-a"),
* BootDisk: &compute.InstanceBootDiskArgs{
* InitializeParams: &compute.InstanceBootDiskInitializeParamsArgs{
* Image: pulumi.String("debian-cloud/debian-11"),
* },
* },
* Metadata: pulumi.StringMap{
* "password": pulumi.String(myPassword.Ciphertext),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.kms.KmsFunctions;
* import com.pulumi.gcp.kms.inputs.GetKMSSecretCiphertextArgs;
* import com.pulumi.gcp.compute.Instance;
* import com.pulumi.gcp.compute.InstanceArgs;
* import com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;
* import com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;
* import com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var myPassword = KmsFunctions.getKMSSecretCiphertext(GetKMSSecretCiphertextArgs.builder()
* .cryptoKey(myCryptoKey.id())
* .plaintext("my-secret-password")
* .build());
* var instance = new Instance("instance", InstanceArgs.builder()
* .networkInterfaces(InstanceNetworkInterfaceArgs.builder()
* .accessConfigs()
* .network("default")
* .build())
* .name("test")
* .machineType("e2-medium")
* .zone("us-central1-a")
* .bootDisk(InstanceBootDiskArgs.builder()
* .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()
* .image("debian-cloud/debian-11")
* .build())
* .build())
* .metadata(Map.of("password", myPassword.applyValue(getKMSSecretCiphertextResult -> getKMSSecretCiphertextResult.ciphertext())))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* instance:
* type: gcp:compute:Instance
* properties:
* networkInterfaces:
* - accessConfigs:
* - {}
* network: default
* name: test
* machineType: e2-medium
* zone: us-central1-a
* bootDisk:
* initializeParams:
* image: debian-cloud/debian-11
* metadata:
* password: ${myPassword.ciphertext}
* variables:
* myPassword:
* fn::invoke:
* Function: gcp:kms:getKMSSecretCiphertext
* Arguments:
* cryptoKey: ${myCryptoKey.id}
* plaintext: my-secret-password
* ```
*
* The resulting instance can then access the encrypted password from its metadata
* and decrypt it, e.g. using the [Cloud SDK](https://cloud.google.com/sdk/gcloud/reference/kms/decrypt)):
* ```bash
* $ curl -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/attributes/password \
* > | base64 -d | gcloud kms decrypt \
* > --project my-project \
* > --location us-central1 \
* > --keyring my-key-ring \
* > --key my-crypto-key \
* > --plaintext-file - \
* > --ciphertext-file - \
* my-secret-password
* ```
* @param argument A collection of arguments for invoking getKMSSecretCiphertext.
* @return A collection of values returned by getKMSSecretCiphertext.
*/
public suspend fun getKMSSecretCiphertext(argument: GetKMSSecretCiphertextPlainArgs): GetKMSSecretCiphertextResult =
getKMSSecretCiphertextResultToKotlin(getKMSSecretCiphertextPlain(argument.toJava()).await())
/**
* @see [getKMSSecretCiphertext].
* @param cryptoKey The id of the CryptoKey that will be used to
* encrypt the provided plaintext. This is represented by the format
* `{projectId}/{location}/{keyRingName}/{cryptoKeyName}`.
* @param plaintext The plaintext to be encrypted
* @return A collection of values returned by getKMSSecretCiphertext.
*/
public suspend fun getKMSSecretCiphertext(cryptoKey: String, plaintext: String): GetKMSSecretCiphertextResult {
val argument = GetKMSSecretCiphertextPlainArgs(
cryptoKey = cryptoKey,
plaintext = plaintext,
)
return getKMSSecretCiphertextResultToKotlin(getKMSSecretCiphertextPlain(argument.toJava()).await())
}
/**
* @see [getKMSSecretCiphertext].
* @param argument Builder for [com.pulumi.gcp.kms.kotlin.inputs.GetKMSSecretCiphertextPlainArgs].
* @return A collection of values returned by getKMSSecretCiphertext.
*/
public suspend fun getKMSSecretCiphertext(argument: suspend GetKMSSecretCiphertextPlainArgsBuilder.() -> Unit): GetKMSSecretCiphertextResult {
val builder = GetKMSSecretCiphertextPlainArgsBuilder()
builder.argument()
val builtArgument = builder.build()
return getKMSSecretCiphertextResultToKotlin(getKMSSecretCiphertextPlain(builtArgument.toJava()).await())
}
/**
* Retrieves the current IAM policy data for a Google Cloud KMS key ring.
* ## example
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const testKeyRingIamPolicy = gcp.kms.getKeyRingIamPolicy({
* keyRingId: "{project_id}/{location_name}/{key_ring_name}",
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* test_key_ring_iam_policy = gcp.kms.get_key_ring_iam_policy(key_ring_id="{project_id}/{location_name}/{key_ring_name}")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var testKeyRingIamPolicy = Gcp.Kms.GetKeyRingIamPolicy.Invoke(new()
* {
* KeyRingId = "{project_id}/{location_name}/{key_ring_name}",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := kms.GetKeyRingIamPolicy(ctx, &kms.GetKeyRingIamPolicyArgs{
* KeyRingId: "{project_id}/{location_name}/{key_ring_name}",
* }, nil)
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.kms.KmsFunctions;
* import com.pulumi.gcp.kms.inputs.GetKeyRingIamPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* final var testKeyRingIamPolicy = KmsFunctions.getKeyRingIamPolicy(GetKeyRingIamPolicyArgs.builder()
* .keyRingId("{project_id}/{location_name}/{key_ring_name}")
* .build());
* }
* }
* ```
* ```yaml
* variables:
* testKeyRingIamPolicy:
* fn::invoke:
* Function: gcp:kms:getKeyRingIamPolicy
* Arguments:
* keyRingId: '{project_id}/{location_name}/{key_ring_name}'
* ```
*
* @param argument A collection of arguments for invoking getKeyRingIamPolicy.
* @return A collection of values returned by getKeyRingIamPolicy.
*/
public suspend fun getKeyRingIamPolicy(argument: GetKeyRingIamPolicyPlainArgs): GetKeyRingIamPolicyResult =
getKeyRingIamPolicyResultToKotlin(getKeyRingIamPolicyPlain(argument.toJava()).await())
/**
* @see [getKeyRingIamPolicy].
* @param keyRingId The key ring ID, in the form
* `{project_id}/{location_name}/{key_ring_name}` or
* `{location_name}/{key_ring_name}`. In the second form, the provider's
* project setting will be used as a fallback.
* @return A collection of values returned by getKeyRingIamPolicy.
*/
public suspend fun getKeyRingIamPolicy(keyRingId: String): GetKeyRingIamPolicyResult {
val argument = GetKeyRingIamPolicyPlainArgs(
keyRingId = keyRingId,
)
return getKeyRingIamPolicyResultToKotlin(getKeyRingIamPolicyPlain(argument.toJava()).await())
}
/**
* @see [getKeyRingIamPolicy].
* @param argument Builder for [com.pulumi.gcp.kms.kotlin.inputs.GetKeyRingIamPolicyPlainArgs].
* @return A collection of values returned by getKeyRingIamPolicy.
*/
public suspend fun getKeyRingIamPolicy(argument: suspend GetKeyRingIamPolicyPlainArgsBuilder.() -> Unit): GetKeyRingIamPolicyResult {
val builder = GetKeyRingIamPolicyPlainArgsBuilder()
builder.argument()
val builtArgument = builder.build()
return getKeyRingIamPolicyResultToKotlin(getKeyRingIamPolicyPlain(builtArgument.toJava()).await())
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy