AWS Native

v0.43.0 published on Thursday, Dec 1, 2022 by Pulumi

getKey

The AWS::KMS::Key resource specifies an AWS KMS key in AWS Key Management Service (AWS KMS). Authorized users can use the AWS KMS key to encrypt and decrypt small amounts of data (up to 4096 bytes), but they are more commonly used to generate data keys. You can also use AWS KMS keys to encrypt data stored in AWS services that are integrated with AWS KMS or within their applications.

Using getKey

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getKey(args: GetKeyArgs, opts?: InvokeOptions): Promise<GetKeyResult>
function getKeyOutput(args: GetKeyOutputArgs, opts?: InvokeOptions): Output<GetKeyResult>
def get_key(key_id: Optional[str] = None,
            opts: Optional[InvokeOptions] = None) -> GetKeyResult
def get_key_output(key_id: Optional[pulumi.Input[str]] = None,
            opts: Optional[InvokeOptions] = None) -> Output[GetKeyResult]
func LookupKey(ctx *Context, args *LookupKeyArgs, opts ...InvokeOption) (*LookupKeyResult, error)
func LookupKeyOutput(ctx *Context, args *LookupKeyOutputArgs, opts ...InvokeOption) LookupKeyResultOutput

> Note: This function is named LookupKey in the Go SDK.

public static class GetKey 
{
    public static Task<GetKeyResult> InvokeAsync(GetKeyArgs args, InvokeOptions? opts = null)
    public static Output<GetKeyResult> Invoke(GetKeyInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetKeyResult> getKey(GetKeyArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
  function: aws-native:kms:getKey
  arguments:
    # arguments dictionary

The following arguments are supported:

KeyId string
KeyId string
keyId String
keyId string
key_id str
keyId String

getKey Result

The following output properties are available:

Arn string
Description string

A description of the AWS KMS key. Use a description that helps you to distinguish this AWS KMS key from others in the account, such as its intended use.

EnableKeyRotation bool

Enables automatic rotation of the key material for the specified AWS KMS key. By default, automation key rotation is not enabled.

Enabled bool

Specifies whether the AWS KMS key is enabled. Disabled AWS KMS keys cannot be used in cryptographic operations.

KeyId string
KeyPolicy object

The key policy that authorizes use of the AWS KMS key. The key policy must observe the following rules.

KeySpec Pulumi.AwsNative.KMS.KeySpec

Specifies the type of AWS KMS key to create. The default value is SYMMETRIC_DEFAULT. This property is required only for asymmetric AWS KMS keys. You can't change the KeySpec value after the AWS KMS key is created.

KeyUsage Pulumi.AwsNative.KMS.KeyUsage

Determines the cryptographic operations for which you can use the AWS KMS key. The default value is ENCRYPT_DECRYPT. This property is required only for asymmetric AWS KMS keys. You can't change the KeyUsage value after the AWS KMS key is created.

MultiRegion bool

Specifies whether the AWS KMS key should be Multi-Region. You can't change the MultiRegion value after the AWS KMS key is created.

Tags List<Pulumi.AwsNative.KMS.Outputs.KeyTag>

An array of key-value pairs to apply to this resource.

Arn string
Description string

A description of the AWS KMS key. Use a description that helps you to distinguish this AWS KMS key from others in the account, such as its intended use.

EnableKeyRotation bool

Enables automatic rotation of the key material for the specified AWS KMS key. By default, automation key rotation is not enabled.

Enabled bool

Specifies whether the AWS KMS key is enabled. Disabled AWS KMS keys cannot be used in cryptographic operations.

KeyId string
KeyPolicy interface{}

The key policy that authorizes use of the AWS KMS key. The key policy must observe the following rules.

KeySpec KeySpec

Specifies the type of AWS KMS key to create. The default value is SYMMETRIC_DEFAULT. This property is required only for asymmetric AWS KMS keys. You can't change the KeySpec value after the AWS KMS key is created.

KeyUsage KeyUsage

Determines the cryptographic operations for which you can use the AWS KMS key. The default value is ENCRYPT_DECRYPT. This property is required only for asymmetric AWS KMS keys. You can't change the KeyUsage value after the AWS KMS key is created.

MultiRegion bool

Specifies whether the AWS KMS key should be Multi-Region. You can't change the MultiRegion value after the AWS KMS key is created.

Tags []KeyTag

An array of key-value pairs to apply to this resource.

arn String
description String

A description of the AWS KMS key. Use a description that helps you to distinguish this AWS KMS key from others in the account, such as its intended use.

enableKeyRotation Boolean

Enables automatic rotation of the key material for the specified AWS KMS key. By default, automation key rotation is not enabled.

enabled Boolean

Specifies whether the AWS KMS key is enabled. Disabled AWS KMS keys cannot be used in cryptographic operations.

keyId String
keyPolicy Object

The key policy that authorizes use of the AWS KMS key. The key policy must observe the following rules.

keySpec KeySpec

Specifies the type of AWS KMS key to create. The default value is SYMMETRIC_DEFAULT. This property is required only for asymmetric AWS KMS keys. You can't change the KeySpec value after the AWS KMS key is created.

keyUsage KeyUsage

Determines the cryptographic operations for which you can use the AWS KMS key. The default value is ENCRYPT_DECRYPT. This property is required only for asymmetric AWS KMS keys. You can't change the KeyUsage value after the AWS KMS key is created.

multiRegion Boolean

Specifies whether the AWS KMS key should be Multi-Region. You can't change the MultiRegion value after the AWS KMS key is created.

tags List<KeyTag>

An array of key-value pairs to apply to this resource.

arn string
description string

A description of the AWS KMS key. Use a description that helps you to distinguish this AWS KMS key from others in the account, such as its intended use.

enableKeyRotation boolean

Enables automatic rotation of the key material for the specified AWS KMS key. By default, automation key rotation is not enabled.

enabled boolean

Specifies whether the AWS KMS key is enabled. Disabled AWS KMS keys cannot be used in cryptographic operations.

keyId string
keyPolicy any

The key policy that authorizes use of the AWS KMS key. The key policy must observe the following rules.

keySpec KeySpec

Specifies the type of AWS KMS key to create. The default value is SYMMETRIC_DEFAULT. This property is required only for asymmetric AWS KMS keys. You can't change the KeySpec value after the AWS KMS key is created.

keyUsage KeyUsage

Determines the cryptographic operations for which you can use the AWS KMS key. The default value is ENCRYPT_DECRYPT. This property is required only for asymmetric AWS KMS keys. You can't change the KeyUsage value after the AWS KMS key is created.

multiRegion boolean

Specifies whether the AWS KMS key should be Multi-Region. You can't change the MultiRegion value after the AWS KMS key is created.

tags KeyTag[]

An array of key-value pairs to apply to this resource.

arn str
description str

A description of the AWS KMS key. Use a description that helps you to distinguish this AWS KMS key from others in the account, such as its intended use.

enable_key_rotation bool

Enables automatic rotation of the key material for the specified AWS KMS key. By default, automation key rotation is not enabled.

enabled bool

Specifies whether the AWS KMS key is enabled. Disabled AWS KMS keys cannot be used in cryptographic operations.

key_id str
key_policy Any

The key policy that authorizes use of the AWS KMS key. The key policy must observe the following rules.

key_spec KeySpec

Specifies the type of AWS KMS key to create. The default value is SYMMETRIC_DEFAULT. This property is required only for asymmetric AWS KMS keys. You can't change the KeySpec value after the AWS KMS key is created.

key_usage KeyUsage

Determines the cryptographic operations for which you can use the AWS KMS key. The default value is ENCRYPT_DECRYPT. This property is required only for asymmetric AWS KMS keys. You can't change the KeyUsage value after the AWS KMS key is created.

multi_region bool

Specifies whether the AWS KMS key should be Multi-Region. You can't change the MultiRegion value after the AWS KMS key is created.

tags Sequence[KeyTag]

An array of key-value pairs to apply to this resource.

arn String
description String

A description of the AWS KMS key. Use a description that helps you to distinguish this AWS KMS key from others in the account, such as its intended use.

enableKeyRotation Boolean

Enables automatic rotation of the key material for the specified AWS KMS key. By default, automation key rotation is not enabled.

enabled Boolean

Specifies whether the AWS KMS key is enabled. Disabled AWS KMS keys cannot be used in cryptographic operations.

keyId String
keyPolicy Any

The key policy that authorizes use of the AWS KMS key. The key policy must observe the following rules.

keySpec "SYMMETRIC_DEFAULT" | "RSA_2048" | "RSA_3072" | "RSA_4096" | "ECC_NIST_P256" | "ECC_NIST_P384" | "ECC_NIST_P521" | "ECC_SECG_P256K1" | "HMAC_224" | "HMAC_256" | "HMAC_384" | "HMAC_512" | "SM2"

Specifies the type of AWS KMS key to create. The default value is SYMMETRIC_DEFAULT. This property is required only for asymmetric AWS KMS keys. You can't change the KeySpec value after the AWS KMS key is created.

keyUsage "ENCRYPT_DECRYPT" | "SIGN_VERIFY" | "GENERATE_VERIFY_MAC"

Determines the cryptographic operations for which you can use the AWS KMS key. The default value is ENCRYPT_DECRYPT. This property is required only for asymmetric AWS KMS keys. You can't change the KeyUsage value after the AWS KMS key is created.

multiRegion Boolean

Specifies whether the AWS KMS key should be Multi-Region. You can't change the MultiRegion value after the AWS KMS key is created.

tags List<Property Map>

An array of key-value pairs to apply to this resource.

Supporting Types

KeySpec

KeyTag

Key string

The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

Value string

The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

Key string

The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

Value string

The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

key String

The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

value String

The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

key string

The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

value string

The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

key str

The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

value str

The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

key String

The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

value String

The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

KeyUsage

Package Details

Repository
https://github.com/pulumi/pulumi-aws-native
License
Apache-2.0