All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.gcp.kms.kotlin.SecretCiphertextArgs.kt Maven / Gradle / Ivy

Go to download

Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.

There is a newer version: 8.10.0.0
Show newest version
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.gcp.kms.kotlin

import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.kms.SecretCiphertextArgs.builder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import kotlin.String
import kotlin.Suppress
import kotlin.jvm.JvmName

/**
 * Encrypts secret data with Google Cloud KMS and provides access to the ciphertext.
 * > **NOTE:** Using this resource will allow you to conceal secret data within your
 * resource definitions, but it does not take care of protecting that data in the
 * logging output, plan output, or state output.  Please take care to secure your secret
 * data outside of resource definitions.
 * To get more information about SecretCiphertext, see:
 * * [API documentation](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys/encrypt)
 * * How-to Guides
 *     * [Encrypting and decrypting data with a symmetric key](https://cloud.google.com/kms/docs/encrypt-decrypt)
 * ## Example Usage
 * ### Kms Secret Ciphertext Basic
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 * const keyring = new gcp.kms.KeyRing("keyring", {
 *     name: "keyring-example",
 *     location: "global",
 * });
 * const cryptokey = new gcp.kms.CryptoKey("cryptokey", {
 *     name: "crypto-key-example",
 *     keyRing: keyring.id,
 *     rotationPeriod: "7776000s",
 * });
 * const myPassword = new gcp.kms.SecretCiphertext("my_password", {
 *     cryptoKey: cryptokey.id,
 *     plaintext: "my-secret-password",
 * });
 * const instance = new gcp.compute.Instance("instance", {
 *     networkInterfaces: [{
 *         accessConfigs: [{}],
 *         network: "default",
 *     }],
 *     name: "my-instance",
 *     machineType: "e2-medium",
 *     zone: "us-central1-a",
 *     bootDisk: {
 *         initializeParams: {
 *             image: "debian-cloud/debian-11",
 *         },
 *     },
 *     metadata: {
 *         password: myPassword.ciphertext,
 *     },
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_gcp as gcp
 * keyring = gcp.kms.KeyRing("keyring",
 *     name="keyring-example",
 *     location="global")
 * cryptokey = gcp.kms.CryptoKey("cryptokey",
 *     name="crypto-key-example",
 *     key_ring=keyring.id,
 *     rotation_period="7776000s")
 * my_password = gcp.kms.SecretCiphertext("my_password",
 *     crypto_key=cryptokey.id,
 *     plaintext="my-secret-password")
 * instance = gcp.compute.Instance("instance",
 *     network_interfaces=[gcp.compute.InstanceNetworkInterfaceArgs(
 *         access_configs=[gcp.compute.InstanceNetworkInterfaceAccessConfigArgs()],
 *         network="default",
 *     )],
 *     name="my-instance",
 *     machine_type="e2-medium",
 *     zone="us-central1-a",
 *     boot_disk=gcp.compute.InstanceBootDiskArgs(
 *         initialize_params=gcp.compute.InstanceBootDiskInitializeParamsArgs(
 *             image="debian-cloud/debian-11",
 *         ),
 *     ),
 *     metadata={
 *         "password": my_password.ciphertext,
 *     })
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Gcp = Pulumi.Gcp;
 * return await Deployment.RunAsync(() =>
 * {
 *     var keyring = new Gcp.Kms.KeyRing("keyring", new()
 *     {
 *         Name = "keyring-example",
 *         Location = "global",
 *     });
 *     var cryptokey = new Gcp.Kms.CryptoKey("cryptokey", new()
 *     {
 *         Name = "crypto-key-example",
 *         KeyRing = keyring.Id,
 *         RotationPeriod = "7776000s",
 *     });
 *     var myPassword = new Gcp.Kms.SecretCiphertext("my_password", new()
 *     {
 *         CryptoKey = cryptokey.Id,
 *         Plaintext = "my-secret-password",
 *     });
 *     var instance = new Gcp.Compute.Instance("instance", new()
 *     {
 *         NetworkInterfaces = new[]
 *         {
 *             new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs
 *             {
 *                 AccessConfigs = new[]
 *                 {
 *                     null,
 *                 },
 *                 Network = "default",
 *             },
 *         },
 *         Name = "my-instance",
 *         MachineType = "e2-medium",
 *         Zone = "us-central1-a",
 *         BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs
 *         {
 *             InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs
 *             {
 *                 Image = "debian-cloud/debian-11",
 *             },
 *         },
 *         Metadata =
 *         {
 *             { "password", myPassword.Ciphertext },
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
 * 	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{
 * 			Name:     pulumi.String("keyring-example"),
 * 			Location: pulumi.String("global"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		cryptokey, err := kms.NewCryptoKey(ctx, "cryptokey", &kms.CryptoKeyArgs{
 * 			Name:           pulumi.String("crypto-key-example"),
 * 			KeyRing:        keyring.ID(),
 * 			RotationPeriod: pulumi.String("7776000s"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		myPassword, err := kms.NewSecretCiphertext(ctx, "my_password", &kms.SecretCiphertextArgs{
 * 			CryptoKey: cryptokey.ID(),
 * 			Plaintext: pulumi.String("my-secret-password"),
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		_, err = compute.NewInstance(ctx, "instance", &compute.InstanceArgs{
 * 			NetworkInterfaces: compute.InstanceNetworkInterfaceArray{
 * 				&compute.InstanceNetworkInterfaceArgs{
 * 					AccessConfigs: compute.InstanceNetworkInterfaceAccessConfigArray{
 * 						nil,
 * 					},
 * 					Network: pulumi.String("default"),
 * 				},
 * 			},
 * 			Name:        pulumi.String("my-instance"),
 * 			MachineType: pulumi.String("e2-medium"),
 * 			Zone:        pulumi.String("us-central1-a"),
 * 			BootDisk: &compute.InstanceBootDiskArgs{
 * 				InitializeParams: &compute.InstanceBootDiskInitializeParamsArgs{
 * 					Image: pulumi.String("debian-cloud/debian-11"),
 * 				},
 * 			},
 * 			Metadata: pulumi.StringMap{
 * 				"password": myPassword.Ciphertext,
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.gcp.kms.KeyRing;
 * import com.pulumi.gcp.kms.KeyRingArgs;
 * import com.pulumi.gcp.kms.CryptoKey;
 * import com.pulumi.gcp.kms.CryptoKeyArgs;
 * import com.pulumi.gcp.kms.SecretCiphertext;
 * import com.pulumi.gcp.kms.SecretCiphertextArgs;
 * import com.pulumi.gcp.compute.Instance;
 * import com.pulumi.gcp.compute.InstanceArgs;
 * import com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;
 * import com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;
 * import com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var keyring = new KeyRing("keyring", KeyRingArgs.builder()
 *             .name("keyring-example")
 *             .location("global")
 *             .build());
 *         var cryptokey = new CryptoKey("cryptokey", CryptoKeyArgs.builder()
 *             .name("crypto-key-example")
 *             .keyRing(keyring.id())
 *             .rotationPeriod("7776000s")
 *             .build());
 *         var myPassword = new SecretCiphertext("myPassword", SecretCiphertextArgs.builder()
 *             .cryptoKey(cryptokey.id())
 *             .plaintext("my-secret-password")
 *             .build());
 *         var instance = new Instance("instance", InstanceArgs.builder()
 *             .networkInterfaces(InstanceNetworkInterfaceArgs.builder()
 *                 .accessConfigs()
 *                 .network("default")
 *                 .build())
 *             .name("my-instance")
 *             .machineType("e2-medium")
 *             .zone("us-central1-a")
 *             .bootDisk(InstanceBootDiskArgs.builder()
 *                 .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()
 *                     .image("debian-cloud/debian-11")
 *                     .build())
 *                 .build())
 *             .metadata(Map.of("password", myPassword.ciphertext()))
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   keyring:
 *     type: gcp:kms:KeyRing
 *     properties:
 *       name: keyring-example
 *       location: global
 *   cryptokey:
 *     type: gcp:kms:CryptoKey
 *     properties:
 *       name: crypto-key-example
 *       keyRing: ${keyring.id}
 *       rotationPeriod: 7776000s
 *   myPassword:
 *     type: gcp:kms:SecretCiphertext
 *     name: my_password
 *     properties:
 *       cryptoKey: ${cryptokey.id}
 *       plaintext: my-secret-password
 *   instance:
 *     type: gcp:compute:Instance
 *     properties:
 *       networkInterfaces:
 *         - accessConfigs:
 *             - {}
 *           network: default
 *       name: my-instance
 *       machineType: e2-medium
 *       zone: us-central1-a
 *       bootDisk:
 *         initializeParams:
 *           image: debian-cloud/debian-11
 *       metadata:
 *         password: ${myPassword.ciphertext}
 * ```
 * 
 * ## Import
 * This resource does not support import.
 * @property additionalAuthenticatedData The additional authenticated data used for integrity checks during encryption and decryption.
 * **Note**: This property is sensitive and will not be displayed in the plan.
 * @property cryptoKey The full name of the CryptoKey that will be used to encrypt the provided plaintext.
 * Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}'`
 * - - -
 * @property plaintext The plaintext to be encrypted.
 * **Note**: This property is sensitive and will not be displayed in the plan.
 */
public data class SecretCiphertextArgs(
    public val additionalAuthenticatedData: Output? = null,
    public val cryptoKey: Output? = null,
    public val plaintext: Output? = null,
) : ConvertibleToJava {
    override fun toJava(): com.pulumi.gcp.kms.SecretCiphertextArgs =
        com.pulumi.gcp.kms.SecretCiphertextArgs.builder()
            .additionalAuthenticatedData(additionalAuthenticatedData?.applyValue({ args0 -> args0 }))
            .cryptoKey(cryptoKey?.applyValue({ args0 -> args0 }))
            .plaintext(plaintext?.applyValue({ args0 -> args0 })).build()
}

/**
 * Builder for [SecretCiphertextArgs].
 */
@PulumiTagMarker
public class SecretCiphertextArgsBuilder internal constructor() {
    private var additionalAuthenticatedData: Output? = null

    private var cryptoKey: Output? = null

    private var plaintext: Output? = null

    /**
     * @param value The additional authenticated data used for integrity checks during encryption and decryption.
     * **Note**: This property is sensitive and will not be displayed in the plan.
     */
    @JvmName("byqfvufrkdrwhbjd")
    public suspend fun additionalAuthenticatedData(`value`: Output) {
        this.additionalAuthenticatedData = value
    }

    /**
     * @param value The full name of the CryptoKey that will be used to encrypt the provided plaintext.
     * Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}'`
     * - - -
     */
    @JvmName("hhlrngcdrtpqsbjd")
    public suspend fun cryptoKey(`value`: Output) {
        this.cryptoKey = value
    }

    /**
     * @param value The plaintext to be encrypted.
     * **Note**: This property is sensitive and will not be displayed in the plan.
     */
    @JvmName("hylstiwystomnrtu")
    public suspend fun plaintext(`value`: Output) {
        this.plaintext = value
    }

    /**
     * @param value The additional authenticated data used for integrity checks during encryption and decryption.
     * **Note**: This property is sensitive and will not be displayed in the plan.
     */
    @JvmName("hgedpdnyisymoacr")
    public suspend fun additionalAuthenticatedData(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.additionalAuthenticatedData = mapped
    }

    /**
     * @param value The full name of the CryptoKey that will be used to encrypt the provided plaintext.
     * Format: `'projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}'`
     * - - -
     */
    @JvmName("njpfsgobasvltkgn")
    public suspend fun cryptoKey(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.cryptoKey = mapped
    }

    /**
     * @param value The plaintext to be encrypted.
     * **Note**: This property is sensitive and will not be displayed in the plan.
     */
    @JvmName("odbbmjdqkoeueifq")
    public suspend fun plaintext(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.plaintext = mapped
    }

    internal fun build(): SecretCiphertextArgs = SecretCiphertextArgs(
        additionalAuthenticatedData = additionalAuthenticatedData,
        cryptoKey = cryptoKey,
        plaintext = plaintext,
    )
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy