The KMS ciphertext data source allows you to encrypt plaintext into ciphertext
by using an AWS KMS customer master key. The value returned by this data source
changes every apply. For a stable ciphertext value, see the aws_kms_ciphertext
resource.
resource "aws_kms_key" "oauth_config" {
description = "oauth config"
is_enabled = true
}
data "aws_kms_ciphertext" "oauth" {
key_id = aws_kms_key.oauth_config.key_id
plaintext = <<EOF
{
"client_id": "e587dbae22222f55da22",
"client_secret": "8289575d00000ace55e1815ec13673955721b8a5"
}
EOF
}
This data source supports the following arguments:
plaintext
- (Required) Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.key_id
- (Required) Globally unique key ID for the customer master key.context
- (Optional) An optional mapping that makes up the encryption context.All of the argument attributes are also exported as result attributes.
id
- Globally unique key ID for the customer master key.ciphertext_blob
- Base64 encoded ciphertext