» alicloud_kms_ciphertext

Encrypt a given plaintext with KMS. The plaintext gets re-encrypted on each apply, resulting in a changed ciphertext. If a stable ciphertext is needed use the alicloud_kms_ciphertext resource.

» Example Usage

resource "alicloud_kms_key" "key" {
  description             = "example key"
  is_enabled              = true

data "alicloud_kms_ciphertext" "encrypted" {
  key_id    = alicloud_kms_key.key.id
  plaintext = "example"

» Argument Reference

The following arguments are supported:

  • plaintext - The plaintext to be encrypted which must be encoded in Base64.
  • key_id - The globally unique ID of the CMK.
  • encryption_context - (Optional) The Encryption context. If you specify this parameter here, it is also required when you call the Decrypt API operation. For more information, see Encryption Context.

» Attributes Reference

The following attributes are exported in addition to the arguments listed above:

  • ciphertext_blob - The ciphertext of the data key encrypted with the primary CMK version.