Encrypt a given plaintext with KMS. The plaintext gets re-encrypted on each apply, resulting in a changed ciphertext. If a stable ciphertext is needed use the alicloud_kms_ciphertext
resource.
Basic Usage
resource "alicloud_kms_key" "key" {
description = "example key"
is_enabled = true
}
data "alicloud_kms_ciphertext" "encrypted" {
key_id = alicloud_kms_key.key.id
plaintext = "example"
}
The following arguments are supported:
plaintext
- (Required) The plaintext to be encrypted which must be encoded in Base64.key_id
- (Required) The globally unique ID of the CMK.encryption_context
- (Optional) The Encryption context. If you specify this parameter here, it is also required when you call the Decrypt API operation. For more information, see Encryption Context.The following attributes are exported in addition to the arguments listed above:
ciphertext_blob
- The ciphertext of the data key encrypted with the primary CMK version.