import * as pulumi from "@pulumi/pulumi";
/**
 * !> **Warning:** This data source is deprecated. Use the `gcp.kms.SecretCiphertext` **resource** instead.
 *
 * This data source allows you to encrypt data with Google Cloud KMS and use the
 * ciphertext within your resource definitions.
 *
 * For more information see
 * [the official documentation](https://cloud.google.com/kms/docs/encrypt-decrypt).
 *
 * > **NOTE:** Using this data source will allow you to conceal secret data within your
 * resource definitions, but it does not take care of protecting that data in the
 * logging output, plan output, or state output.  Please take care to secure your secret
 * data outside of resource definitions.
 *
 * ## Example Usage
 *
 * First, create a KMS KeyRing and CryptoKey using the resource definitions:
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 *
 * const myKeyRing = new gcp.kms.KeyRing("my_key_ring", {
 *     project: "my-project",
 *     name: "my-key-ring",
 *     location: "us-central1",
 * });
 * const myCryptoKey = new gcp.kms.CryptoKey("my_crypto_key", {
 *     name: "my-crypto-key",
 *     keyRing: myKeyRing.id,
 * });
 * ```
 *
 * Next, encrypt some sensitive information and use the encrypted data in your resource definitions:
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 *
 * const myPassword = gcp.kms.getKMSSecretCiphertext({
 *     cryptoKey: myCryptoKey.id,
 *     plaintext: "my-secret-password",
 * });
 * const instance = new gcp.compute.Instance("instance", {
 *     networkInterfaces: [{
 *         accessConfigs: [{}],
 *         network: "default",
 *     }],
 *     name: "test",
 *     machineType: "e2-medium",
 *     zone: "us-central1-a",
 *     bootDisk: {
 *         initializeParams: {
 *             image: "debian-cloud/debian-11",
 *         },
 *     },
 *     metadata: {
 *         password: myPassword.then(myPassword => myPassword.ciphertext),
 *     },
 * });
 * ```
 *
 * The resulting instance can then access the encrypted password from its metadata
 * and decrypt it, e.g. using the [Cloud SDK](https://cloud.google.com/sdk/gcloud/reference/kms/decrypt)):
 */
export declare function getKMSSecretCiphertext(args: GetKMSSecretCiphertextArgs, opts?: pulumi.InvokeOptions): Promise<GetKMSSecretCiphertextResult>;
/**
 * A collection of arguments for invoking getKMSSecretCiphertext.
 */
export interface GetKMSSecretCiphertextArgs {
    /**
     * The id of the CryptoKey that will be used to
     * encrypt the provided plaintext. This is represented by the format
     * `{projectId}/{location}/{keyRingName}/{cryptoKeyName}`.
     */
    cryptoKey: string;
    /**
     * The plaintext to be encrypted
     */
    plaintext: string;
}
/**
 * A collection of values returned by getKMSSecretCiphertext.
 */
export interface GetKMSSecretCiphertextResult {
    /**
     * Contains the result of encrypting the provided plaintext, encoded in base64.
     */
    readonly ciphertext: string;
    readonly cryptoKey: string;
    /**
     * The provider-assigned unique ID for this managed resource.
     */
    readonly id: string;
    readonly plaintext: string;
}
/**
 * !> **Warning:** This data source is deprecated. Use the `gcp.kms.SecretCiphertext` **resource** instead.
 *
 * This data source allows you to encrypt data with Google Cloud KMS and use the
 * ciphertext within your resource definitions.
 *
 * For more information see
 * [the official documentation](https://cloud.google.com/kms/docs/encrypt-decrypt).
 *
 * > **NOTE:** Using this data source will allow you to conceal secret data within your
 * resource definitions, but it does not take care of protecting that data in the
 * logging output, plan output, or state output.  Please take care to secure your secret
 * data outside of resource definitions.
 *
 * ## Example Usage
 *
 * First, create a KMS KeyRing and CryptoKey using the resource definitions:
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 *
 * const myKeyRing = new gcp.kms.KeyRing("my_key_ring", {
 *     project: "my-project",
 *     name: "my-key-ring",
 *     location: "us-central1",
 * });
 * const myCryptoKey = new gcp.kms.CryptoKey("my_crypto_key", {
 *     name: "my-crypto-key",
 *     keyRing: myKeyRing.id,
 * });
 * ```
 *
 * Next, encrypt some sensitive information and use the encrypted data in your resource definitions:
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 *
 * const myPassword = gcp.kms.getKMSSecretCiphertext({
 *     cryptoKey: myCryptoKey.id,
 *     plaintext: "my-secret-password",
 * });
 * const instance = new gcp.compute.Instance("instance", {
 *     networkInterfaces: [{
 *         accessConfigs: [{}],
 *         network: "default",
 *     }],
 *     name: "test",
 *     machineType: "e2-medium",
 *     zone: "us-central1-a",
 *     bootDisk: {
 *         initializeParams: {
 *             image: "debian-cloud/debian-11",
 *         },
 *     },
 *     metadata: {
 *         password: myPassword.then(myPassword => myPassword.ciphertext),
 *     },
 * });
 * ```
 *
 * The resulting instance can then access the encrypted password from its metadata
 * and decrypt it, e.g. using the [Cloud SDK](https://cloud.google.com/sdk/gcloud/reference/kms/decrypt)):
 */
export declare function getKMSSecretCiphertextOutput(args: GetKMSSecretCiphertextOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<GetKMSSecretCiphertextResult>;
/**
 * A collection of arguments for invoking getKMSSecretCiphertext.
 */
export interface GetKMSSecretCiphertextOutputArgs {
    /**
     * The id of the CryptoKey that will be used to
     * encrypt the provided plaintext. This is represented by the format
     * `{projectId}/{location}/{keyRingName}/{cryptoKeyName}`.
     */
    cryptoKey: pulumi.Input<string>;
    /**
     * The plaintext to be encrypted
     */
    plaintext: pulumi.Input<string>;
}