This resource provides the Encrypted Data resource in Oracle Cloud Infrastructure Kms service.
Encrypts data using the given EncryptDataDetails resource. Plaintext included in the example request is a base64-encoded value of a UTF-8 string.
resource "oci_kms_encrypted_data" "test_encrypted_data" {
#Required
crypto_endpoint = var.encrypted_data_crypto_endpoint
key_id = oci_kms_key.test_key.id
plaintext = var.encrypted_data_plaintext
#Optional
associated_data = var.encrypted_data_associated_data
encryption_algorithm = var.encrypted_data_encryption_algorithm
key_version_id = oci_kms_key_version.test_key_version.id
logging_context = var.encrypted_data_logging_context
}
The following arguments are supported:
associated_data
- (Optional) Information that can be used to provide an encryption context for the encrypted data. The length of the string representation of the associated data must be fewer than 4096 characters. crypto_endpoint
- (Required) The service endpoint to perform cryptographic operations against. Cryptographic operations include 'Encrypt,' 'Decrypt,' and 'GenerateDataEncryptionKey' operations. see Vault Crypto endpoint.encryption_algorithm
- (Optional) The encryption algorithm to use to encrypt and decrypt data with a customer-managed key. AES_256_GCM
indicates that the key is a symmetric key that uses the Advanced Encryption Standard (AES) algorithm and that the mode of encryption is the Galois/Counter Mode (GCM). RSA_OAEP_SHA_1
indicates that the key is an asymmetric key that uses the RSA encryption algorithm and uses Optimal Asymmetric Encryption Padding (OAEP). RSA_OAEP_SHA_256
indicates that the key is an asymmetric key that uses the RSA encryption algorithm with a SHA-256 hash and uses OAEP. key_id
- (Required) The OCID of the key to encrypt with.key_version_id
- (Optional) The OCID of the key version used to encrypt the ciphertext.logging_context
- (Optional) Information that provides context for audit logging. You can provide this additional data as key-value pairs to include in the audit logs when audit logging is enabled. plaintext
- (Required) The plaintext data to encrypt.* IMPORTANT * Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
The following attributes are exported:
ciphertext
- The encrypted data.encryption_algorithm
- The encryption algorithm to use to encrypt and decrypt data with a customer-managed key. AES_256_GCM
indicates that the key is a symmetric key that uses the Advanced Encryption Standard (AES) algorithm and that the mode of encryption is the Galois/Counter Mode (GCM). RSA_OAEP_SHA_1
indicates that the key is an asymmetric key that uses the RSA encryption algorithm and uses Optimal Asymmetric Encryption Padding (OAEP). RSA_OAEP_SHA_256
indicates that the key is an asymmetric key that uses the RSA encryption algorithm with a SHA-256 hash and uses OAEP. key_id
- The OCID of the key used to encrypt the ciphertext.key_version_id
- The OCID of the key version used to encrypt the ciphertext.The timeouts
block allows you to specify timeouts for certain operations:
* create
- (Defaults to 20 minutes), when creating the Encrypted Data
* update
- (Defaults to 20 minutes), when updating the Encrypted Data
* delete
- (Defaults to 20 minutes), when destroying the Encrypted Data
Import is not supported for this resource.