diff --git a/website/docs/configuration/functions/base64sha256.html.md b/website/docs/configuration/functions/base64sha256.html.md new file mode 100644 index 000000000..6d05e3791 --- /dev/null +++ b/website/docs/configuration/functions/base64sha256.html.md @@ -0,0 +1,30 @@ +--- +layout: "functions" +page_title: "base64sha256 function" +sidebar_current: "docs-funcs-crypto-base64sha256" +description: |- + The base64sha256 function computes the SHA256 hash of a given string and + encodes it with Base64. +--- + +# `base64sha256` Function + +`base64sha256` computes the SHA256 hash of a given string and encodes it with +Base64. + +The given string is first encoded as UTF-8 and then the SHA256 algorithm is applied +as defined in [RFC 4634](https://tools.ietf.org/html/rfc4634). The raw hash is +then encoded with Base64 before returning. Terraform uses the "standard" Base64 +alphabet as defined in [RFC 4648 section 4](https://tools.ietf.org/html/rfc4648#section-4). + +## Examples + +``` +> base64sha256("hello world") +uU0nuZNNPgilLlLX2n2r+sSE7+N6U4DukIj3rOLvzek= +``` + +## Related Functions + +* [`sha256`](./sha256.html) calculates the same hash but returns the result + in a more-verbose hexadecimal encoding. diff --git a/website/docs/configuration/functions/base64sha512.html.md b/website/docs/configuration/functions/base64sha512.html.md new file mode 100644 index 000000000..befcc94ad --- /dev/null +++ b/website/docs/configuration/functions/base64sha512.html.md @@ -0,0 +1,30 @@ +--- +layout: "functions" +page_title: "base64sha512 function" +sidebar_current: "docs-funcs-crypto-base64sha512" +description: |- + The base64sha512 function computes the SHA512 hash of a given string and + encodes it with Base64. +--- + +# `base64sha512` Function + +`base64sha512` computes the SHA512 hash of a given string and encodes it with +Base64. + +The given string is first encoded as UTF-8 and then the SHA512 algorithm is applied +as defined in [RFC 4634](https://tools.ietf.org/html/rfc4634). The raw hash is +then encoded with Base64 before returning. Terraform uses the "standard" Base64 +alphabet as defined in [RFC 4648 section 4](https://tools.ietf.org/html/rfc4648#section-4). + +## Examples + +``` +> base64sha512("hello world") +MJ7MSJwS1utMxA9QyQLytNDtd+5RGnx6m808qG1M2G+YndNbxf9JlnDaNCVbRbDP2DDoH2Bdz33FVC6TrpzXbw== +``` + +## Related Functions + +* [`sha512`](./sha512.html) calculates the same hash but returns the result + in a more-verbose hexadecimal encoding. diff --git a/website/docs/configuration/functions/bcrypt.html.md b/website/docs/configuration/functions/bcrypt.html.md new file mode 100644 index 000000000..5cc89ee31 --- /dev/null +++ b/website/docs/configuration/functions/bcrypt.html.md @@ -0,0 +1,38 @@ +--- +layout: "functions" +page_title: "bcrypt function" +sidebar_current: "docs-funcs-crypto-bcrypt" +description: |- + The bcrypt function computes a hash of the given string using the Blowfish + cipher. +--- + +# `bcrypt` Function + +`bcrypt` computes a hash of the given string using the Blowfish cipher, +returning a string in +[the _Modular Crypt Format_](https://passlib.readthedocs.io/en/stable/modular_crypt_format.html) +usually expected in the shadow password file on many Unix systems. + +```hcl +bcrypt(string, cost) +``` + +The `cost` argument is optional and will default to 10 if unspecified. + +Since a bcrypt hash value includes a randomly selected salt, each call to this +function will return a different value, even if the given string and cost are +the same. Using this function directly with resource arguments will therefore +cause spurious diffs. We recommend using this function only in `provisioner` +blocks, or in data resources whose results are only used in `provisioner` +blocks. + +The version prefix on the generated string (e.g. `$2a$`) may change in future +versions of Terraform. + +## Examples + +``` +> bcrypt("hello world") +$2a$10$D5grTTzcsqyvAeIAnY/mYOIqliCoG7eAMX0/oFcuD.iErkksEbcAa +``` diff --git a/website/docs/configuration/functions/md5.html.md b/website/docs/configuration/functions/md5.html.md new file mode 100644 index 000000000..c63e68ea6 --- /dev/null +++ b/website/docs/configuration/functions/md5.html.md @@ -0,0 +1,28 @@ +--- +layout: "functions" +page_title: "md5 function" +sidebar_current: "docs-funcs-crypto-md5" +description: |- + The md5 function computes the MD5 hash of a given string and encodes it + with hexadecimal digits. +--- + +# `md5` Function + +`md5` computes the MD5 hash of a given string and encodes it with +hexadecimal digits. + +The given string is first encoded as UTF-8 and then the MD5 algorithm is applied +as defined in [RFC 1321](https://tools.ietf.org/html/rfc1321). The raw hash is +then encoded to lowercase hexadecimal digits before returning. + +Before using this function for anything security-sensitive, refer to +[RFC 6151](https://tools.ietf.org/html/rfc6151) for updated security +considerations applying to the MD5 algorithm. + +## Examples + +``` +> md5("hello world") +5eb63bbbe01eeed093cb22bb8f5acdc3 +``` diff --git a/website/docs/configuration/functions/rsadecrypt.html.md b/website/docs/configuration/functions/rsadecrypt.html.md new file mode 100644 index 000000000..46045f536 --- /dev/null +++ b/website/docs/configuration/functions/rsadecrypt.html.md @@ -0,0 +1,34 @@ +--- +layout: "functions" +page_title: "rsadecrypt function" +sidebar_current: "docs-funcs-crypto-rsadecrypt" +description: |- + The rsadecrypt function decrypts an RSA-encrypted message. +--- + +# `rsadecrypt` Function + +`rsadecrypt` decrypts an RSA-encrypted ciphertext, returning the corresponding +cleartext. + +```hcl +rsadecrypt(ciphertext, privatekey) +``` + +`ciphertext` must be a base64-encoded representation of the ciphertext, using +the PKCS #1 v1.5 padding scheme. Terraform uses the "standard" Base64 alphabet +as defined in [RFC 4648 section 4](https://tools.ietf.org/html/rfc4648#section-4). + +`privatekey` must be a PEM-encoded RSA private key that is not itself +encrypted. + +Terraform has no corresponding function for _encrypting_ a message. Use this +function to decrypt ciphertexts returned by remote services using a keypair +negotiated out-of-band. + +## Examples + +``` +> rsadecrypt(filebase64("${path.module}/ciphertext"), file("privatekey.pem")) +Hello, world! +``` diff --git a/website/docs/configuration/functions/sha1.html.md b/website/docs/configuration/functions/sha1.html.md new file mode 100644 index 000000000..382b4579a --- /dev/null +++ b/website/docs/configuration/functions/sha1.html.md @@ -0,0 +1,28 @@ +--- +layout: "functions" +page_title: "sha1 function" +sidebar_current: "docs-funcs-crypto-sha1" +description: |- + The sha1 function computes the SHA1 hash of a given string and encodes it + with hexadecimal digits. +--- + +# `sha1` Function + +`sha1` computes the SHA1 hash of a given string and encodes it with +hexadecimal digits. + +The given string is first encoded as UTF-8 and then the SHA1 algorithm is applied +as defined in [RFC 3174](https://tools.ietf.org/html/rfc3174). The raw hash is +then encoded to lowercase hexadecimal digits before returning. + +Collision attacks have been successfully performed against this hashing +function. Before using this function for anything security-sensitive, review +relevant literature to understand the security implications. + +## Examples + +``` +> sha1("hello world") +2aae6c35c94fcfb415dbe95f408b9ce91ee846ed +``` diff --git a/website/docs/configuration/functions/sha256.html.md b/website/docs/configuration/functions/sha256.html.md new file mode 100644 index 000000000..97f03f118 --- /dev/null +++ b/website/docs/configuration/functions/sha256.html.md @@ -0,0 +1,29 @@ +--- +layout: "functions" +page_title: "sha256 function" +sidebar_current: "docs-funcs-crypto-sha256" +description: |- + The sha256 function computes the SHA256 hash of a given string and encodes it + with hexadecimal digits. +--- + +# `sha256` Function + +`sha256` computes the SHA256 hash of a given string and encodes it with +hexadecimal digits. + +The given string is first encoded as UTF-8 and then the SHA256 algorithm is applied +as defined in [RFC 4634](https://tools.ietf.org/html/rfc4634). The raw hash is +then encoded to lowercase hexadecimal digits before returning. + +## Examples + +``` +> sha256("hello world") +b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9 +``` + +## Related Functions + +* [`base64sha256`](./base64sha256.html) calculates the same hash but returns + the result in a more-compact Base64 encoding. diff --git a/website/docs/configuration/functions/sha512.html.md b/website/docs/configuration/functions/sha512.html.md new file mode 100644 index 000000000..88eb38bff --- /dev/null +++ b/website/docs/configuration/functions/sha512.html.md @@ -0,0 +1,29 @@ +--- +layout: "functions" +page_title: "sha512 function" +sidebar_current: "docs-funcs-crypto-sha512" +description: |- + The sha512 function computes the SHA512 hash of a given string and encodes it + with hexadecimal digits. +--- + +# `sha512` Function + +`sha512` computes the SHA512 hash of a given string and encodes it with +hexadecimal digits. + +The given string is first encoded as UTF-8 and then the SHA512 algorithm is applied +as defined in [RFC 4634](https://tools.ietf.org/html/rfc4634). The raw hash is +then encoded to lowercase hexadecimal digits before returning. + +## Examples + +``` +> sha512("hello world") +309ecc489c12d6eb4cc40f50c902f2b4d0ed77ee511a7c7a9bcd3ca86d4cd86f989dd35bc5ff499670da34255b45b0cfd830e81f605dcf7dc5542e93ae9cd76f +``` + +## Related Functions + +* [`base64sha512`](./base64sha512.html) calculates the same hash but returns + the result in a more-compact Base64 encoding. diff --git a/website/docs/configuration/functions/uuid.html.md b/website/docs/configuration/functions/uuid.html.md new file mode 100644 index 000000000..146bc619f --- /dev/null +++ b/website/docs/configuration/functions/uuid.html.md @@ -0,0 +1,36 @@ +--- +layout: "functions" +page_title: "uuid function" +sidebar_current: "docs-funcs-crypto-uuid" +description: |- + The uuid function generates a unique id. +--- + +# `uuid` Function + +`uuid` generates a unique identifier string. + +The id is a generated and formatted as required by +[RFC 4122 section 4.4](https://tools.ietf.org/html/rfc4122#section-4.4), +producing a Version 4 UUID. The result is a UUID generated only from +pseudo-random numbers. + +This function produces a new value each time it is called, and so using it +directly in resource arguments will result in spurious diffs. We do not +recommend using the `uuid` function in resource configurations, but it can +be used with care in conjunction with +[the `ignore_changes` lifecycle meta-argument](/docs/configuration/resources.html#ignore_changes). + +In most cases we recommend using [the `random` provider](/docs/providers/random/index.html) +instead, since it allows the one-time generation of random values that are +then retained in the Terraform [state](/docs/state/index.html) for use by +future operations. In particular, +[`random_id`](/docs/providers/random/r/id.html) can generate results with +equivalent randomness to the `uuid` function. + +## Examples + +``` +> uuid() +b5ee72a3-54dd-c4b8-551c-4bdc0204cedb +```