com.pulumi.gcp.kms.kotlin.SecretCiphertextArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-gcp-kotlin Show documentation
Show all versions of pulumi-gcp-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.kms.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.kms.SecretCiphertextArgs.builder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import kotlin.String
import kotlin.Suppress
import kotlin.jvm.JvmName
/**
* Encrypts secret data with Google Cloud KMS and provides access to the ciphertext.
* > **NOTE:** Using this resource will allow you to conceal secret data within your
* resource definitions, but it does not take care of protecting that data in the
* logging output, plan output, or state output. Please take care to secure your secret
* data outside of resource definitions.
* To get more information about SecretCiphertext, see:
* * [API documentation](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys/encrypt)
* * How-to Guides
* * [Encrypting and decrypting data with a symmetric key](https://cloud.google.com/kms/docs/encrypt-decrypt)
* ## Example Usage
* ### Kms Secret Ciphertext Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const keyring = new gcp.kms.KeyRing("keyring", {
* name: "keyring-example",
* location: "global",
* });
* const cryptokey = new gcp.kms.CryptoKey("cryptokey", {
* name: "crypto-key-example",
* keyRing: keyring.id,
* rotationPeriod: "7776000s",
* });
* const myPassword = new gcp.kms.SecretCiphertext("my_password", {
* cryptoKey: cryptokey.id,
* plaintext: "my-secret-password",
* });
* const instance = new gcp.compute.Instance("instance", {
* networkInterfaces: [{
* accessConfigs: [{}],
* network: "default",
* }],
* name: "my-instance",
* machineType: "e2-medium",
* zone: "us-central1-a",
* bootDisk: {
* initializeParams: {
* image: "debian-cloud/debian-11",
* },
* },
* metadata: {
* password: myPassword.ciphertext,
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* keyring = gcp.kms.KeyRing("keyring",
* name="keyring-example",
* location="global")
* cryptokey = gcp.kms.CryptoKey("cryptokey",
* name="crypto-key-example",
* key_ring=keyring.id,
* rotation_period="7776000s")
* my_password = gcp.kms.SecretCiphertext("my_password",
* crypto_key=cryptokey.id,
* plaintext="my-secret-password")
* instance = gcp.compute.Instance("instance",
* network_interfaces=[gcp.compute.InstanceNetworkInterfaceArgs(
* access_configs=[gcp.compute.InstanceNetworkInterfaceAccessConfigArgs()],
* network="default",
* )],
* name="my-instance",
* machine_type="e2-medium",
* zone="us-central1-a",
* boot_disk=gcp.compute.InstanceBootDiskArgs(
* initialize_params=gcp.compute.InstanceBootDiskInitializeParamsArgs(
* image="debian-cloud/debian-11",
* ),
* ),
* metadata={
* "password": my_password.ciphertext,
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var keyring = new Gcp.Kms.KeyRing("keyring", new()
* {
* Name = "keyring-example",
* Location = "global",
* });
* var cryptokey = new Gcp.Kms.CryptoKey("cryptokey", new()
* {
* Name = "crypto-key-example",
* KeyRing = keyring.Id,
* RotationPeriod = "7776000s",
* });
* var myPassword = new Gcp.Kms.SecretCiphertext("my_password", new()
* {
* CryptoKey = cryptokey.Id,
* Plaintext = "my-secret-password",
* });
* var instance = new Gcp.Compute.Instance("instance", new()
* {
* NetworkInterfaces = new[]
* {
* new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs
* {
* AccessConfigs = new[]
* {
* null,
* },
* Network = "default",
* },
* },
* Name = "my-instance",
* MachineType = "e2-medium",
* Zone = "us-central1-a",
* BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs
* {
* InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs
* {
* Image = "debian-cloud/debian-11",
* },
* },
* Metadata =
* {
* { "password", myPassword.Ciphertext },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{
* Name: pulumi.String("keyring-example"),
* Location: pulumi.String("global"),
* })
* if err != nil {
* return err
* }
* cryptokey, err := kms.NewCryptoKey(ctx, "cryptokey", &kms.CryptoKeyArgs{
* Name: pulumi.String("crypto-key-example"),
* KeyRing: keyring.ID(),
* RotationPeriod: pulumi.String("7776000s"),
* })
* if err != nil {
* return err
* }
* myPassword, err := kms.NewSecretCiphertext(ctx, "my_password", &kms.SecretCiphertextArgs{
* CryptoKey: cryptokey.ID(),
* Plaintext: pulumi.String("my-secret-password"),
* })
* if err != nil {
* return err
* }
* _, err = compute.NewInstance(ctx, "instance", &compute.InstanceArgs{
* NetworkInterfaces: compute.InstanceNetworkInterfaceArray{
* &compute.InstanceNetworkInterfaceArgs{
* AccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{
* nil,
* },
* Network: pulumi.String("default"),
* },
* },
* Name: pulumi.String("my-instance"),
* MachineType: pulumi.String("e2-medium"),
* Zone: pulumi.String("us-central1-a"),
* BootDisk: &compute.InstanceBootDiskArgs{
* InitializeParams: &compute.InstanceBootDiskInitializeParamsArgs{
* Image: pulumi.String("debian-cloud/debian-11"),
* },
* },
* Metadata: pulumi.StringMap{
* "password": myPassword.Ciphertext,
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.kms.KeyRing;
* import com.pulumi.gcp.kms.KeyRingArgs;
* import com.pulumi.gcp.kms.CryptoKey;
* import com.pulumi.gcp.kms.CryptoKeyArgs;
* import com.pulumi.gcp.kms.SecretCiphertext;
* import com.pulumi.gcp.kms.SecretCiphertextArgs;
* import com.pulumi.gcp.compute.Instance;
* import com.pulumi.gcp.compute.InstanceArgs;
* import com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;
* import com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;
* import com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var keyring = new KeyRing("keyring", KeyRingArgs.builder()
* .name("keyring-example")
* .location("global")
* .build());
* var cryptokey = new CryptoKey("cryptokey", CryptoKeyArgs.builder()
* .name("crypto-key-example")
* .keyRing(keyring.id())
* .rotationPeriod("7776000s")
* .build());
* var myPassword = new SecretCiphertext("myPassword", SecretCiphertextArgs.builder()
* .cryptoKey(cryptokey.id())
* .plaintext("my-secret-password")
* .build());
* var instance = new Instance("instance", InstanceArgs.builder()
* .networkInterfaces(InstanceNetworkInterfaceArgs.builder()
* .accessConfigs()
* .network("default")
* .build())
* .name("my-instance")
* .machineType("e2-medium")
* .zone("us-central1-a")
* .bootDisk(InstanceBootDiskArgs.builder()
* .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()
* .image("debian-cloud/debian-11")
* .build())
* .build())
* .metadata(Map.of("password", myPassword.ciphertext()))
* .build());
* }
* }
* ```
* ```yaml
* resources:
* keyring:
* type: gcp:kms:KeyRing
* properties:
* name: keyring-example
* location: global
* cryptokey:
* type: gcp:kms:CryptoKey
* properties:
* name: crypto-key-example
* keyRing: ${keyring.id}
* rotationPeriod: 7776000s
* myPassword:
* type: gcp:kms:SecretCiphertext
* name: my_password
* properties:
* cryptoKey: ${cryptokey.id}
* plaintext: my-secret-password
* instance:
* type: gcp:compute:Instance
* properties:
* networkInterfaces:
* - accessConfigs:
* - {}
* network: default
* name: my-instance
* machineType: e2-medium
* zone: us-central1-a
* bootDisk:
* initializeParams:
* image: debian-cloud/debian-11
* metadata:
* password: ${myPassword.ciphertext}
* ```
*
* ## Import
* This resource does not support import.
* @property additionalAuthenticatedData The additional authenticated data used for integrity checks during encryption and decryption.
* **Note**: This property is sensitive and will not be displayed in the plan.
* @property cryptoKey The full name of the CryptoKey that will be used to encrypt the provided plaintext.
* Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}'`
* - - -
* @property plaintext The plaintext to be encrypted.
* **Note**: This property is sensitive and will not be displayed in the plan.
*/
public data class SecretCiphertextArgs(
public val additionalAuthenticatedData: Output? = null,
public val cryptoKey: Output? = null,
public val plaintext: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.gcp.kms.SecretCiphertextArgs =
com.pulumi.gcp.kms.SecretCiphertextArgs.builder()
.additionalAuthenticatedData(additionalAuthenticatedData?.applyValue({ args0 -> args0 }))
.cryptoKey(cryptoKey?.applyValue({ args0 -> args0 }))
.plaintext(plaintext?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [SecretCiphertextArgs].
*/
@PulumiTagMarker
public class SecretCiphertextArgsBuilder internal constructor() {
private var additionalAuthenticatedData: Output? = null
private var cryptoKey: Output? = null
private var plaintext: Output? = null
/**
* @param value The additional authenticated data used for integrity checks during encryption and decryption.
* **Note**: This property is sensitive and will not be displayed in the plan.
*/
@JvmName("byqfvufrkdrwhbjd")
public suspend fun additionalAuthenticatedData(`value`: Output) {
this.additionalAuthenticatedData = value
}
/**
* @param value The full name of the CryptoKey that will be used to encrypt the provided plaintext.
* Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}'`
* - - -
*/
@JvmName("hhlrngcdrtpqsbjd")
public suspend fun cryptoKey(`value`: Output) {
this.cryptoKey = value
}
/**
* @param value The plaintext to be encrypted.
* **Note**: This property is sensitive and will not be displayed in the plan.
*/
@JvmName("hylstiwystomnrtu")
public suspend fun plaintext(`value`: Output) {
this.plaintext = value
}
/**
* @param value The additional authenticated data used for integrity checks during encryption and decryption.
* **Note**: This property is sensitive and will not be displayed in the plan.
*/
@JvmName("hgedpdnyisymoacr")
public suspend fun additionalAuthenticatedData(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.additionalAuthenticatedData = mapped
}
/**
* @param value The full name of the CryptoKey that will be used to encrypt the provided plaintext.
* Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}'`
* - - -
*/
@JvmName("njpfsgobasvltkgn")
public suspend fun cryptoKey(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.cryptoKey = mapped
}
/**
* @param value The plaintext to be encrypted.
* **Note**: This property is sensitive and will not be displayed in the plan.
*/
@JvmName("odbbmjdqkoeueifq")
public suspend fun plaintext(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.plaintext = mapped
}
internal fun build(): SecretCiphertextArgs = SecretCiphertextArgs(
additionalAuthenticatedData = additionalAuthenticatedData,
cryptoKey = cryptoKey,
plaintext = plaintext,
)
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy