google_kms_secret_ciphertext

Encrypts secret data with Google Cloud KMS and provides access to the ciphertext.

To get more information about SecretCiphertext, see:

Example Usage - Kms Secret Ciphertext Basic

resource "google_kms_key_ring" "keyring" {
  name     = "keyring-example"
  location = "global"
}

resource "google_kms_crypto_key" "cryptokey" {
  name            = "crypto-key-example"
  key_ring        = google_kms_key_ring.keyring.id
  rotation_period = "7776000s"

  lifecycle {
    prevent_destroy = true
  }
}

resource "google_kms_secret_ciphertext" "my_password" {
  crypto_key = google_kms_crypto_key.cryptokey.id
  plaintext  = "my-secret-password"
}

resource "google_compute_instance" "instance" {
  name         = "my-instance"
  machine_type = "e2-medium"
  zone         = "us-central1-a"

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-11"
    }
  }

  network_interface {
    network = "default"

    access_config {
    }
  }

  metadata = {
    password = google_kms_secret_ciphertext.my_password.ciphertext
  }
}

Argument Reference

The following arguments are supported:


Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

This resource does not support import.

User Project Overrides

This resource supports User Project Overrides.