» alicloud_kms_ciphertext

Encrypt a given plaintext with KMS. The produced ciphertext stays stable across applies. If the plaintext should be re-encrypted on each apply use the alicloud_kms_ciphertext data source.

» Example Usage

resource "alicloud_kms_key" "key" {
  description             = "example key"
  is_enabled              = true

resource "alicloud_kms_ciphertext" "encrypted" {
  key_id    = alicloud_kms_key.key.id
  plaintext = "example"

» Argument Reference

The following arguments are supported:

  • plaintext - (ForceNew) The plaintext to be encrypted which must be encoded in Base64.
  • key_id - (ForceNew) The globally unique ID of the CMK.
  • encryption_context - (Optional, ForceNew) The Encryption context. If you specify this parameter here, it is also required when you call the Decrypt API operation. For more information, see Encryption Context.

» Attributes Reference

The following attributes are exported in addition to the arguments listed above:

  • ciphertext_blob - The ciphertext of the data key encrypted with the primary CMK version.