Skip to content

Data Source: azurermKeyVaultEncryptedValue

Encrypts or Decrypts a value using a Key Vault Key.

Example Usage

import * as cdktf from "cdktf";
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
new cdktf.TerraformOutput(this, "id", {
  value: "${data.azurerm_key_vault_encrypted_value.example.encrypted_data}",
});
const dataAzurermKeyVaultExample =
  new azurerm.dataAzurermKeyVault.DataAzurermKeyVault(this, "example", {
    name: "mykeyvault",
    resource_group_name: "some-resource-group",
  });
new azurerm.dataAzurermKeyVaultEncryptedValue.DataAzurermKeyVaultEncryptedValue(
  this,
  "encrypted",
  {
    algorithm: "RSA1_5",
    key_vault_key_id: "${azurerm_key_vault_key.test.id}",
    plain_text_value: "some-encrypted-value",
  }
);
const dataAzurermKeyVaultKeyExample =
  new azurerm.dataAzurermKeyVaultKey.DataAzurermKeyVaultKey(this, "example_3", {
    key_vault_id: dataAzurermKeyVaultExample.id,
    name: "some-key",
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAzurermKeyVaultKeyExample.overrideLogicalId("example");

Arguments Reference

The following arguments are supported:

  • algorithm - (Required) The Algorithm which should be used to Decrypt/Encrypt this Value. Possible values are rsa15, rsaOaep and rsaOaep256.

  • keyVaultKeyId - (Required) The ID of the Key Vault Key which should be used to Decrypt/Encrypt this Value.

  • encryptedData - (Optional) The Base64 URL Encoded Encrypted Data which should be decrypted into plainTextValue.

  • plainTextValue - (Optional) The plain-text value which should be Encrypted into encryptedData.

-> Note: One of either encryptedData or plainTextValue must be specified and is used to populate the encrypted/decrypted value for the other field.

Attributes Reference

The following attributes are exported:

  • id - The ID of this Encrypted Value

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • read - (Defaults to 5 minutes) Used when encrypting/decrypting this value.