yandex_kms_secret_ciphertext (Resource)
Статья создана
Обновлена 9 февраля 2026 г.
Encrypts given plaintext with the specified Yandex KMS key and provides access to the CipherText.
Важно
Using this resource will allow you to conceal secret data within your resource definitions, but it does not take care of protecting that data in the logging output, plan output, or state output. Please take care to secure your secret data outside of resource definitions.
For more information, see the official documentation.
Example usage
//
// Create a new KMS Symmetric Encryption Key and Cipher Secret for it.
//
resource "yandex_kms_symmetric_key" "example" {
name = "example-symetric-key"
description = "description for key"
}
resource "yandex_kms_secret_ciphertext" "password" {
key_id = yandex_kms_symmetric_key.example.id
aad_context = "additional authenticated data"
plaintext = "strong password"
}
Arguments & Attributes Reference
aad_context(String). Additional authenticated data (AAD context), optional. If specified, this data will be required for decryption with theSymmetricDecryptRequest.ciphertext(Read-Only) (String). Resulting CipherText, encoded withstandardbase64 alphabet as defined in RFC 4648 section 4.id(String).key_id(Required)(String). ID of the symmetric KMS key to use for encryption.plaintext(Required)(String). Plaintext to be encrypted.