@pulumi/yandex

Version:

A Pulumi package for creating and managing yandex cloud resources.

pulumi.io

pulumi/pulumi-yandex

107 lines (106 loc) • 4.21 kB

TypeScript

import * as pulumi from "@pulumi/pulumi"; /** * Encrypts given plaintext with the specified Yandex KMS key and provides access to the ciphertext. * * > **Note:** Using this resource will allow you to conceal secret data within your * resource definitions, but it does not take care of protecting that data in the * logging output, plan output, or state output. Please take care to secure your secret * data outside of resource definitions. * * For more information, see [the official documentation](https://cloud.yandex.com/docs/kms/concepts/). * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as yandex from "@pulumi/yandex"; * * const example = new yandex.KmsSymmetricKey("example", { * description: "description for key", * }); * const password = new yandex.KmsSecretCiphertext("password", { * aadContext: "additional authenticated data", * keyId: example.id, * plaintext: "strong password", * }); * ``` */ export declare class KmsSecretCiphertext extends pulumi.CustomResource { /** * Get an existing KmsSecretCiphertext resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: KmsSecretCiphertextState, opts?: pulumi.CustomResourceOptions): KmsSecretCiphertext; /** * Returns true if the given object is an instance of KmsSecretCiphertext. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is KmsSecretCiphertext; /** * Additional authenticated data (AAD context), optional. If specified, this data will be required for decryption with the `SymmetricDecryptRequest` */ readonly aadContext: pulumi.Output<string | undefined>; /** * Resulting ciphertext, encoded with "standard" base64 alphabet as defined in RFC 4648 section 4 */ readonly ciphertext: pulumi.Output<string>; /** * ID of the symmetric KMS key to use for encryption. */ readonly keyId: pulumi.Output<string>; /** * Plaintext to be encrypted. */ readonly plaintext: pulumi.Output<string>; /** * Create a KmsSecretCiphertext resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: KmsSecretCiphertextArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering KmsSecretCiphertext resources. */ export interface KmsSecretCiphertextState { /** * Additional authenticated data (AAD context), optional. If specified, this data will be required for decryption with the `SymmetricDecryptRequest` */ aadContext?: pulumi.Input<string>; /** * Resulting ciphertext, encoded with "standard" base64 alphabet as defined in RFC 4648 section 4 */ ciphertext?: pulumi.Input<string>; /** * ID of the symmetric KMS key to use for encryption. */ keyId?: pulumi.Input<string>; /** * Plaintext to be encrypted. */ plaintext?: pulumi.Input<string>; } /** * The set of arguments for constructing a KmsSecretCiphertext resource. */ export interface KmsSecretCiphertextArgs { /** * Additional authenticated data (AAD context), optional. If specified, this data will be required for decryption with the `SymmetricDecryptRequest` */ aadContext?: pulumi.Input<string>; /** * ID of the symmetric KMS key to use for encryption. */ keyId: pulumi.Input<string>; /** * Plaintext to be encrypted. */ plaintext: pulumi.Input<string>; }