website: Docs for all of the hash/crypto functions
This commit is contained in:
parent
46f8208727
commit
7cb1de9f30
|
@ -0,0 +1,30 @@
|
||||||
|
---
|
||||||
|
layout: "functions"
|
||||||
|
page_title: "base64sha256 function"
|
||||||
|
sidebar_current: "docs-funcs-crypto-base64sha256"
|
||||||
|
description: |-
|
||||||
|
The base64sha256 function computes the SHA256 hash of a given string and
|
||||||
|
encodes it with Base64.
|
||||||
|
---
|
||||||
|
|
||||||
|
# `base64sha256` Function
|
||||||
|
|
||||||
|
`base64sha256` computes the SHA256 hash of a given string and encodes it with
|
||||||
|
Base64.
|
||||||
|
|
||||||
|
The given string is first encoded as UTF-8 and then the SHA256 algorithm is applied
|
||||||
|
as defined in [RFC 4634](https://tools.ietf.org/html/rfc4634). The raw hash is
|
||||||
|
then encoded with Base64 before returning. Terraform uses the "standard" Base64
|
||||||
|
alphabet as defined in [RFC 4648 section 4](https://tools.ietf.org/html/rfc4648#section-4).
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
```
|
||||||
|
> base64sha256("hello world")
|
||||||
|
uU0nuZNNPgilLlLX2n2r+sSE7+N6U4DukIj3rOLvzek=
|
||||||
|
```
|
||||||
|
|
||||||
|
## Related Functions
|
||||||
|
|
||||||
|
* [`sha256`](./sha256.html) calculates the same hash but returns the result
|
||||||
|
in a more-verbose hexadecimal encoding.
|
|
@ -0,0 +1,30 @@
|
||||||
|
---
|
||||||
|
layout: "functions"
|
||||||
|
page_title: "base64sha512 function"
|
||||||
|
sidebar_current: "docs-funcs-crypto-base64sha512"
|
||||||
|
description: |-
|
||||||
|
The base64sha512 function computes the SHA512 hash of a given string and
|
||||||
|
encodes it with Base64.
|
||||||
|
---
|
||||||
|
|
||||||
|
# `base64sha512` Function
|
||||||
|
|
||||||
|
`base64sha512` computes the SHA512 hash of a given string and encodes it with
|
||||||
|
Base64.
|
||||||
|
|
||||||
|
The given string is first encoded as UTF-8 and then the SHA512 algorithm is applied
|
||||||
|
as defined in [RFC 4634](https://tools.ietf.org/html/rfc4634). The raw hash is
|
||||||
|
then encoded with Base64 before returning. Terraform uses the "standard" Base64
|
||||||
|
alphabet as defined in [RFC 4648 section 4](https://tools.ietf.org/html/rfc4648#section-4).
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
```
|
||||||
|
> base64sha512("hello world")
|
||||||
|
MJ7MSJwS1utMxA9QyQLytNDtd+5RGnx6m808qG1M2G+YndNbxf9JlnDaNCVbRbDP2DDoH2Bdz33FVC6TrpzXbw==
|
||||||
|
```
|
||||||
|
|
||||||
|
## Related Functions
|
||||||
|
|
||||||
|
* [`sha512`](./sha512.html) calculates the same hash but returns the result
|
||||||
|
in a more-verbose hexadecimal encoding.
|
|
@ -0,0 +1,38 @@
|
||||||
|
---
|
||||||
|
layout: "functions"
|
||||||
|
page_title: "bcrypt function"
|
||||||
|
sidebar_current: "docs-funcs-crypto-bcrypt"
|
||||||
|
description: |-
|
||||||
|
The bcrypt function computes a hash of the given string using the Blowfish
|
||||||
|
cipher.
|
||||||
|
---
|
||||||
|
|
||||||
|
# `bcrypt` Function
|
||||||
|
|
||||||
|
`bcrypt` computes a hash of the given string using the Blowfish cipher,
|
||||||
|
returning a string in
|
||||||
|
[the _Modular Crypt Format_](https://passlib.readthedocs.io/en/stable/modular_crypt_format.html)
|
||||||
|
usually expected in the shadow password file on many Unix systems.
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
bcrypt(string, cost)
|
||||||
|
```
|
||||||
|
|
||||||
|
The `cost` argument is optional and will default to 10 if unspecified.
|
||||||
|
|
||||||
|
Since a bcrypt hash value includes a randomly selected salt, each call to this
|
||||||
|
function will return a different value, even if the given string and cost are
|
||||||
|
the same. Using this function directly with resource arguments will therefore
|
||||||
|
cause spurious diffs. We recommend using this function only in `provisioner`
|
||||||
|
blocks, or in data resources whose results are only used in `provisioner`
|
||||||
|
blocks.
|
||||||
|
|
||||||
|
The version prefix on the generated string (e.g. `$2a$`) may change in future
|
||||||
|
versions of Terraform.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
```
|
||||||
|
> bcrypt("hello world")
|
||||||
|
$2a$10$D5grTTzcsqyvAeIAnY/mYOIqliCoG7eAMX0/oFcuD.iErkksEbcAa
|
||||||
|
```
|
|
@ -0,0 +1,28 @@
|
||||||
|
---
|
||||||
|
layout: "functions"
|
||||||
|
page_title: "md5 function"
|
||||||
|
sidebar_current: "docs-funcs-crypto-md5"
|
||||||
|
description: |-
|
||||||
|
The md5 function computes the MD5 hash of a given string and encodes it
|
||||||
|
with hexadecimal digits.
|
||||||
|
---
|
||||||
|
|
||||||
|
# `md5` Function
|
||||||
|
|
||||||
|
`md5` computes the MD5 hash of a given string and encodes it with
|
||||||
|
hexadecimal digits.
|
||||||
|
|
||||||
|
The given string is first encoded as UTF-8 and then the MD5 algorithm is applied
|
||||||
|
as defined in [RFC 1321](https://tools.ietf.org/html/rfc1321). The raw hash is
|
||||||
|
then encoded to lowercase hexadecimal digits before returning.
|
||||||
|
|
||||||
|
Before using this function for anything security-sensitive, refer to
|
||||||
|
[RFC 6151](https://tools.ietf.org/html/rfc6151) for updated security
|
||||||
|
considerations applying to the MD5 algorithm.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
```
|
||||||
|
> md5("hello world")
|
||||||
|
5eb63bbbe01eeed093cb22bb8f5acdc3
|
||||||
|
```
|
|
@ -0,0 +1,34 @@
|
||||||
|
---
|
||||||
|
layout: "functions"
|
||||||
|
page_title: "rsadecrypt function"
|
||||||
|
sidebar_current: "docs-funcs-crypto-rsadecrypt"
|
||||||
|
description: |-
|
||||||
|
The rsadecrypt function decrypts an RSA-encrypted message.
|
||||||
|
---
|
||||||
|
|
||||||
|
# `rsadecrypt` Function
|
||||||
|
|
||||||
|
`rsadecrypt` decrypts an RSA-encrypted ciphertext, returning the corresponding
|
||||||
|
cleartext.
|
||||||
|
|
||||||
|
```hcl
|
||||||
|
rsadecrypt(ciphertext, privatekey)
|
||||||
|
```
|
||||||
|
|
||||||
|
`ciphertext` must be a base64-encoded representation of the ciphertext, using
|
||||||
|
the PKCS #1 v1.5 padding scheme. Terraform uses the "standard" Base64 alphabet
|
||||||
|
as defined in [RFC 4648 section 4](https://tools.ietf.org/html/rfc4648#section-4).
|
||||||
|
|
||||||
|
`privatekey` must be a PEM-encoded RSA private key that is not itself
|
||||||
|
encrypted.
|
||||||
|
|
||||||
|
Terraform has no corresponding function for _encrypting_ a message. Use this
|
||||||
|
function to decrypt ciphertexts returned by remote services using a keypair
|
||||||
|
negotiated out-of-band.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
```
|
||||||
|
> rsadecrypt(filebase64("${path.module}/ciphertext"), file("privatekey.pem"))
|
||||||
|
Hello, world!
|
||||||
|
```
|
|
@ -0,0 +1,28 @@
|
||||||
|
---
|
||||||
|
layout: "functions"
|
||||||
|
page_title: "sha1 function"
|
||||||
|
sidebar_current: "docs-funcs-crypto-sha1"
|
||||||
|
description: |-
|
||||||
|
The sha1 function computes the SHA1 hash of a given string and encodes it
|
||||||
|
with hexadecimal digits.
|
||||||
|
---
|
||||||
|
|
||||||
|
# `sha1` Function
|
||||||
|
|
||||||
|
`sha1` computes the SHA1 hash of a given string and encodes it with
|
||||||
|
hexadecimal digits.
|
||||||
|
|
||||||
|
The given string is first encoded as UTF-8 and then the SHA1 algorithm is applied
|
||||||
|
as defined in [RFC 3174](https://tools.ietf.org/html/rfc3174). The raw hash is
|
||||||
|
then encoded to lowercase hexadecimal digits before returning.
|
||||||
|
|
||||||
|
Collision attacks have been successfully performed against this hashing
|
||||||
|
function. Before using this function for anything security-sensitive, review
|
||||||
|
relevant literature to understand the security implications.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
```
|
||||||
|
> sha1("hello world")
|
||||||
|
2aae6c35c94fcfb415dbe95f408b9ce91ee846ed
|
||||||
|
```
|
|
@ -0,0 +1,29 @@
|
||||||
|
---
|
||||||
|
layout: "functions"
|
||||||
|
page_title: "sha256 function"
|
||||||
|
sidebar_current: "docs-funcs-crypto-sha256"
|
||||||
|
description: |-
|
||||||
|
The sha256 function computes the SHA256 hash of a given string and encodes it
|
||||||
|
with hexadecimal digits.
|
||||||
|
---
|
||||||
|
|
||||||
|
# `sha256` Function
|
||||||
|
|
||||||
|
`sha256` computes the SHA256 hash of a given string and encodes it with
|
||||||
|
hexadecimal digits.
|
||||||
|
|
||||||
|
The given string is first encoded as UTF-8 and then the SHA256 algorithm is applied
|
||||||
|
as defined in [RFC 4634](https://tools.ietf.org/html/rfc4634). The raw hash is
|
||||||
|
then encoded to lowercase hexadecimal digits before returning.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
```
|
||||||
|
> sha256("hello world")
|
||||||
|
b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9
|
||||||
|
```
|
||||||
|
|
||||||
|
## Related Functions
|
||||||
|
|
||||||
|
* [`base64sha256`](./base64sha256.html) calculates the same hash but returns
|
||||||
|
the result in a more-compact Base64 encoding.
|
|
@ -0,0 +1,29 @@
|
||||||
|
---
|
||||||
|
layout: "functions"
|
||||||
|
page_title: "sha512 function"
|
||||||
|
sidebar_current: "docs-funcs-crypto-sha512"
|
||||||
|
description: |-
|
||||||
|
The sha512 function computes the SHA512 hash of a given string and encodes it
|
||||||
|
with hexadecimal digits.
|
||||||
|
---
|
||||||
|
|
||||||
|
# `sha512` Function
|
||||||
|
|
||||||
|
`sha512` computes the SHA512 hash of a given string and encodes it with
|
||||||
|
hexadecimal digits.
|
||||||
|
|
||||||
|
The given string is first encoded as UTF-8 and then the SHA512 algorithm is applied
|
||||||
|
as defined in [RFC 4634](https://tools.ietf.org/html/rfc4634). The raw hash is
|
||||||
|
then encoded to lowercase hexadecimal digits before returning.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
```
|
||||||
|
> sha512("hello world")
|
||||||
|
309ecc489c12d6eb4cc40f50c902f2b4d0ed77ee511a7c7a9bcd3ca86d4cd86f989dd35bc5ff499670da34255b45b0cfd830e81f605dcf7dc5542e93ae9cd76f
|
||||||
|
```
|
||||||
|
|
||||||
|
## Related Functions
|
||||||
|
|
||||||
|
* [`base64sha512`](./base64sha512.html) calculates the same hash but returns
|
||||||
|
the result in a more-compact Base64 encoding.
|
|
@ -0,0 +1,36 @@
|
||||||
|
---
|
||||||
|
layout: "functions"
|
||||||
|
page_title: "uuid function"
|
||||||
|
sidebar_current: "docs-funcs-crypto-uuid"
|
||||||
|
description: |-
|
||||||
|
The uuid function generates a unique id.
|
||||||
|
---
|
||||||
|
|
||||||
|
# `uuid` Function
|
||||||
|
|
||||||
|
`uuid` generates a unique identifier string.
|
||||||
|
|
||||||
|
The id is a generated and formatted as required by
|
||||||
|
[RFC 4122 section 4.4](https://tools.ietf.org/html/rfc4122#section-4.4),
|
||||||
|
producing a Version 4 UUID. The result is a UUID generated only from
|
||||||
|
pseudo-random numbers.
|
||||||
|
|
||||||
|
This function produces a new value each time it is called, and so using it
|
||||||
|
directly in resource arguments will result in spurious diffs. We do not
|
||||||
|
recommend using the `uuid` function in resource configurations, but it can
|
||||||
|
be used with care in conjunction with
|
||||||
|
[the `ignore_changes` lifecycle meta-argument](/docs/configuration/resources.html#ignore_changes).
|
||||||
|
|
||||||
|
In most cases we recommend using [the `random` provider](/docs/providers/random/index.html)
|
||||||
|
instead, since it allows the one-time generation of random values that are
|
||||||
|
then retained in the Terraform [state](/docs/state/index.html) for use by
|
||||||
|
future operations. In particular,
|
||||||
|
[`random_id`](/docs/providers/random/r/id.html) can generate results with
|
||||||
|
equivalent randomness to the `uuid` function.
|
||||||
|
|
||||||
|
## Examples
|
||||||
|
|
||||||
|
```
|
||||||
|
> uuid()
|
||||||
|
b5ee72a3-54dd-c4b8-551c-4bdc0204cedb
|
||||||
|
```
|
Loading…
Reference in New Issue