» alicloud_kms_plaintext

Decrypt a given ciphertext with KMS to use the resulting plaintext in resources.

» Example Usage

resource "alicloud_kms_key" "key" {
  description             = "example key"
  is_enabled              = true

# Encrypt plaintext 'example'
resource "alicloud_kms_ciphertext" "encrypted" {
  key_id    = alicloud_kms_key.key.id
  plaintext = "example"

# Decrypt encrypted ciphertext
data "alicloud_kms_plaintext" "plaintext" {
  ciphertext_blob = alicloud_kms_ciphertext.encrypted.ciphertext_blob

# Output 'example' should match the plaintext encrypted in the beginning
output "decrypted" {
  value = data.alicloud_kms_plaintext.plaintext.plaintext

» Argument Reference

The following arguments are supported:

  • encryption_context - (Optional) The Encryption context. If you specify this parameter in the Encrypt or GenerateDataKey API operation, it is also required when you call the Decrypt API operation. For more information, see Encryption Context.
  • ciphertext_blob - The ciphertext to be decrypted.

» Attributes Reference

The following attributes are exported in addition to the arguments listed above:

  • plaintext - The decrypted plaintext.
  • key_id - The globally unique ID of the CMK. It is the ID of the CMK used to decrypt ciphertext.