UNPKG

@pulumi/gcp

Version:

A Pulumi package for creating and managing Google Cloud Platform resources.

pulumi.io

pulumi/pulumi-gcp

121 lines 5.15 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
"use strict"; // *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.SecretCiphertext = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("../utilities"); /** * Encrypts secret data with Google Cloud KMS and provides access to the ciphertext. * * > **NOTE:** Using this resource will allow you to conceal secret data within your * resource definitions, but it does not take care of protecting that data in the * logging output, plan output, or state output. Please take care to secure your secret * data outside of resource definitions. * * To get more information about SecretCiphertext, see: * * * [API documentation](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys/encrypt) * * How-to Guides * * [Encrypting and decrypting data with a symmetric key](https://cloud.google.com/kms/docs/encrypt-decrypt) * * ## Example Usage * * ### Kms Secret Ciphertext Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const keyring = new gcp.kms.KeyRing("keyring", { * name: "keyring-example", * location: "global", * }); * const cryptokey = new gcp.kms.CryptoKey("cryptokey", { * name: "crypto-key-example", * keyRing: keyring.id, * rotationPeriod: "7776000s", * }); * const myPassword = new gcp.kms.SecretCiphertext("my_password", { * cryptoKey: cryptokey.id, * plaintext: "my-secret-password", * }); * const instance = new gcp.compute.Instance("instance", { * networkInterfaces: [{ * accessConfigs: [{}], * network: "default", * }], * name: "my-instance", * machineType: "e2-medium", * zone: "us-central1-a", * bootDisk: { * initializeParams: { * image: "debian-cloud/debian-11", * }, * }, * metadata: { * password: myPassword.ciphertext, * }, * }); * ``` * * ## Import * * This resource does not support import. */ class SecretCiphertext extends pulumi.CustomResource { /** * Get an existing SecretCiphertext resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name, id, state, opts) { return new SecretCiphertext(name, state, Object.assign(Object.assign({}, opts), { id: id })); } /** * Returns true if the given object is an instance of SecretCiphertext. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === SecretCiphertext.__pulumiType; } constructor(name, argsOrState, opts) { let resourceInputs = {}; opts = opts || {}; if (opts.id) { const state = argsOrState; resourceInputs["additionalAuthenticatedData"] = state ? state.additionalAuthenticatedData : undefined; resourceInputs["ciphertext"] = state ? state.ciphertext : undefined; resourceInputs["cryptoKey"] = state ? state.cryptoKey : undefined; resourceInputs["plaintext"] = state ? state.plaintext : undefined; } else { const args = argsOrState; if ((!args || args.cryptoKey === undefined) && !opts.urn) { throw new Error("Missing required property 'cryptoKey'"); } if ((!args || args.plaintext === undefined) && !opts.urn) { throw new Error("Missing required property 'plaintext'"); } resourceInputs["additionalAuthenticatedData"] = (args === null || args === void 0 ? void 0 : args.additionalAuthenticatedData) ? pulumi.secret(args.additionalAuthenticatedData) : undefined; resourceInputs["cryptoKey"] = args ? args.cryptoKey : undefined; resourceInputs["plaintext"] = (args === null || args === void 0 ? void 0 : args.plaintext) ? pulumi.secret(args.plaintext) : undefined; resourceInputs["ciphertext"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); const secretOpts = { additionalSecretOutputs: ["additionalAuthenticatedData", "plaintext"] }; opts = pulumi.mergeOptions(opts, secretOpts); super(SecretCiphertext.__pulumiType, name, resourceInputs, opts); } } exports.SecretCiphertext = SecretCiphertext; /** @internal */ SecretCiphertext.__pulumiType = 'gcp:kms/secretCiphertext:SecretCiphertext'; //# sourceMappingURL=secretCiphertext.js.map