Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

yandex_kms_secret_ciphertext (Resource)

Written by
Updated at September 11, 2025

Encrypts given plaintext with the specified Yandex KMS key and provides access to the CipherText.

Warning

Using this resource will allow you to conceal secret data within your resource definitions, but it does not take care of protecting that data in the logging output, plan output, or state output. Please take care to secure your secret data outside of resource definitions.

For more information, see the official documentation.

Example usage

//
// Create a new KMS Symmetric Encryption Key and Cipher Secret for it.
//
resource "yandex_kms_symmetric_key" "example" {
  name        = "example-symetric-key"
  description = "description for key"
}

resource "yandex_kms_secret_ciphertext" "password" {
  key_id      = yandex_kms_symmetric_key.example.id
  aad_context = "additional authenticated data"
  plaintext   = "strong password"
}

Schema

Required

  • key_id (String) ID of the symmetric KMS key to use for encryption.
  • plaintext (String, Sensitive) Plaintext to be encrypted.

Optional

  • aad_context (String) Additional authenticated data (AAD context), optional. If specified, this data will be required for decryption with the SymmetricDecryptRequest.
  • timeouts (Block, Optional) (see below for nested schema)

Read-Only

  • ciphertext (String) Resulting CipherText, encoded with standard base64 alphabet as defined in RFC 4648 section 4.
  • id (String) The ID of this resource.

Nested Schema for timeouts

Optional:

  • create (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
  • delete (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
  • read (String) A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.

Import

Warning

Import for this resource is not implemented yet.

Previous
kms_asymmetric_signature_key_iam_member
Next
kms_symmetric_key