Data Source: azurermKeyVaultEncryptedValue
Encrypts or Decrypts a value using a Key Vault Key.
Example Usage
import * as cdktf from "cdktf";
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
new cdktf.TerraformOutput(this, "id", {
value: "${data.azurerm_key_vault_encrypted_value.example.encrypted_data}",
});
const dataAzurermKeyVaultExample =
new azurerm.dataAzurermKeyVault.DataAzurermKeyVault(this, "example", {
name: "mykeyvault",
resource_group_name: "some-resource-group",
});
new azurerm.dataAzurermKeyVaultEncryptedValue.DataAzurermKeyVaultEncryptedValue(
this,
"encrypted",
{
algorithm: "RSA1_5",
key_vault_key_id: "${azurerm_key_vault_key.test.id}",
plain_text_value: "some-encrypted-value",
}
);
const dataAzurermKeyVaultKeyExample =
new azurerm.dataAzurermKeyVaultKey.DataAzurermKeyVaultKey(this, "example_3", {
key_vault_id: dataAzurermKeyVaultExample.id,
name: "some-key",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAzurermKeyVaultKeyExample.overrideLogicalId("example");
Arguments Reference
The following arguments are supported:
-
algorithm
- (Required) The Algorithm which should be used to Decrypt/Encrypt this Value. Possible values arersa15
,rsaOaep
andrsaOaep256
. -
keyVaultKeyId
- (Required) The ID of the Key Vault Key which should be used to Decrypt/Encrypt this Value.
-
encryptedData
- (Optional) The Base64 URL Encoded Encrypted Data which should be decrypted intoplainTextValue
. -
plainTextValue
- (Optional) The plain-text value which should be Encrypted intoencryptedData
.
-> Note: One of either encryptedData
or plainTextValue
must be specified and is used to populate the encrypted/decrypted value for the other field.
Attributes Reference
The following attributes are exported:
id
- The ID of this Encrypted Value
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
read
- (Defaults to 5 minutes) Used when encrypting/decrypting this value.