AWS Classic

Pulumi Official
Package maintained by Pulumi
v5.4.0 published on Wednesday, May 4, 2022 by Pulumi

getKey

Use this data source to get detailed information about the specified KMS Key with flexible key id input. This can be useful to reference key alias without having to hard code the ARN as input.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var byAlias = Output.Create(Aws.Kms.GetKey.InvokeAsync(new Aws.Kms.GetKeyArgs
        {
            KeyId = "alias/my-key",
        }));
        var byId = Output.Create(Aws.Kms.GetKey.InvokeAsync(new Aws.Kms.GetKeyArgs
        {
            KeyId = "1234abcd-12ab-34cd-56ef-1234567890ab",
        }));
        var byAliasArn = Output.Create(Aws.Kms.GetKey.InvokeAsync(new Aws.Kms.GetKeyArgs
        {
            KeyId = "arn:aws:kms:us-east-1:111122223333:alias/my-key",
        }));
        var byKeyArn = Output.Create(Aws.Kms.GetKey.InvokeAsync(new Aws.Kms.GetKeyArgs
        {
            KeyId = "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
        }));
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/kms"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.LookupKey(ctx, &kms.LookupKeyArgs{
			KeyId: "alias/my-key",
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.LookupKey(ctx, &kms.LookupKeyArgs{
			KeyId: "1234abcd-12ab-34cd-56ef-1234567890ab",
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.LookupKey(ctx, &kms.LookupKeyArgs{
			KeyId: "arn:aws:kms:us-east-1:111122223333:alias/my-key",
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.LookupKey(ctx, &kms.LookupKeyArgs{
			KeyId: "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var byAlias = Output.of(KmsFunctions.getKey(GetKeyArgs.builder()
            .keyId("alias/my-key")
            .build()));

        final var byId = Output.of(KmsFunctions.getKey(GetKeyArgs.builder()
            .keyId("1234abcd-12ab-34cd-56ef-1234567890ab")
            .build()));

        final var byAliasArn = Output.of(KmsFunctions.getKey(GetKeyArgs.builder()
            .keyId("arn:aws:kms:us-east-1:111122223333:alias/my-key")
            .build()));

        final var byKeyArn = Output.of(KmsFunctions.getKey(GetKeyArgs.builder()
            .keyId("arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab")
            .build()));

        }
}
import pulumi
import pulumi_aws as aws

by_alias = aws.kms.get_key(key_id="alias/my-key")
by_id = aws.kms.get_key(key_id="1234abcd-12ab-34cd-56ef-1234567890ab")
by_alias_arn = aws.kms.get_key(key_id="arn:aws:kms:us-east-1:111122223333:alias/my-key")
by_key_arn = aws.kms.get_key(key_id="arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab")
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const byAlias = pulumi.output(aws.kms.getKey({
    keyId: "alias/my-key",
}));
const byId = pulumi.output(aws.kms.getKey({
    keyId: "1234abcd-12ab-34cd-56ef-1234567890ab",
}));
const byAliasArn = pulumi.output(aws.kms.getKey({
    keyId: "arn:aws:kms:us-east-1:111122223333:alias/my-key",
}));
const byKeyArn = pulumi.output(aws.kms.getKey({
    keyId: "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
}));
variables:
  byAlias:
    Fn::Invoke:
      Function: aws:kms:getKey
      Arguments:
        keyId: alias/my-key
  byId:
    Fn::Invoke:
      Function: aws:kms:getKey
      Arguments:
        keyId: 1234abcd-12ab-34cd-56ef-1234567890ab
  byAliasArn:
    Fn::Invoke:
      Function: aws:kms:getKey
      Arguments:
        keyId: arn:aws:kms:us-east-1:111122223333:alias/my-key
  byKeyArn:
    Fn::Invoke:
      Function: aws:kms:getKey
      Arguments:
        keyId: arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

Using getKey

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getKey(args: GetKeyArgs, opts?: InvokeOptions): Promise<GetKeyResult>
function getKeyOutput(args: GetKeyOutputArgs, opts?: InvokeOptions): Output<GetKeyResult>
def get_key(grant_tokens: Optional[Sequence[str]] = None,
            key_id: Optional[str] = None,
            opts: Optional[InvokeOptions] = None) -> GetKeyResult
def get_key_output(grant_tokens: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
            key_id: Optional[pulumi.Input[str]] = None,
            opts: Optional[InvokeOptions] = None) -> Output[GetKeyResult]
func LookupKey(ctx *Context, args *LookupKeyArgs, opts ...InvokeOption) (*LookupKeyResult, error)
func LookupKeyOutput(ctx *Context, args *LookupKeyOutputArgs, opts ...InvokeOption) LookupKeyResultOutput

> Note: This function is named LookupKey in the Go SDK.

public static class GetKey 
{
    public static Task<GetKeyResult> InvokeAsync(GetKeyArgs args, InvokeOptions? opts = null)
    public static Output<GetKeyResult> Invoke(GetKeyInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetKeyResult> getKey(GetKeyArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
Fn::Invoke:
  Function: aws:kms/getKey:getKey
  Arguments:
    # Arguments dictionary

The following arguments are supported:

KeyId string

Key identifier which can be one of the following format:

  • Key ID. E.g: 1234abcd-12ab-34cd-56ef-1234567890ab
  • Key ARN. E.g.: arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
  • Alias name. E.g.: alias/my-key
  • Alias ARN: E.g.: arn:aws:kms:us-east-1:111122223333:alias/my-key
GrantTokens List<string>

List of grant tokens

KeyId string

Key identifier which can be one of the following format:

  • Key ID. E.g: 1234abcd-12ab-34cd-56ef-1234567890ab
  • Key ARN. E.g.: arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
  • Alias name. E.g.: alias/my-key
  • Alias ARN: E.g.: arn:aws:kms:us-east-1:111122223333:alias/my-key
GrantTokens []string

List of grant tokens

keyId String

Key identifier which can be one of the following format:

  • Key ID. E.g: 1234abcd-12ab-34cd-56ef-1234567890ab
  • Key ARN. E.g.: arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
  • Alias name. E.g.: alias/my-key
  • Alias ARN: E.g.: arn:aws:kms:us-east-1:111122223333:alias/my-key
grantTokens List

List of grant tokens

keyId string

Key identifier which can be one of the following format:

  • Key ID. E.g: 1234abcd-12ab-34cd-56ef-1234567890ab
  • Key ARN. E.g.: arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
  • Alias name. E.g.: alias/my-key
  • Alias ARN: E.g.: arn:aws:kms:us-east-1:111122223333:alias/my-key
grantTokens string[]

List of grant tokens

key_id str

Key identifier which can be one of the following format:

  • Key ID. E.g: 1234abcd-12ab-34cd-56ef-1234567890ab
  • Key ARN. E.g.: arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
  • Alias name. E.g.: alias/my-key
  • Alias ARN: E.g.: arn:aws:kms:us-east-1:111122223333:alias/my-key
grant_tokens Sequence[str]

List of grant tokens

keyId String

Key identifier which can be one of the following format:

  • Key ID. E.g: 1234abcd-12ab-34cd-56ef-1234567890ab
  • Key ARN. E.g.: arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
  • Alias name. E.g.: alias/my-key
  • Alias ARN: E.g.: arn:aws:kms:us-east-1:111122223333:alias/my-key
grantTokens List

List of grant tokens

getKey Result

The following output properties are available:

Arn string
AwsAccountId string
CreationDate string
CustomerMasterKeySpec string
DeletionDate string
Description string
Enabled bool
ExpirationModel string
Id string

The provider-assigned unique ID for this managed resource.

KeyId string
KeyManager string
KeyState string
KeyUsage string
MultiRegion bool
MultiRegionConfigurations List<GetKeyMultiRegionConfiguration>
Origin string
ValidTo string
GrantTokens List<string>
Arn string
AwsAccountId string
CreationDate string
CustomerMasterKeySpec string
DeletionDate string
Description string
Enabled bool
ExpirationModel string
Id string

The provider-assigned unique ID for this managed resource.

KeyId string
KeyManager string
KeyState string
KeyUsage string
MultiRegion bool
MultiRegionConfigurations []GetKeyMultiRegionConfiguration
Origin string
ValidTo string
GrantTokens []string
arn String
awsAccountId String
creationDate String
customerMasterKeySpec String
deletionDate String
description String
enabled Boolean
expirationModel String
id String

The provider-assigned unique ID for this managed resource.

keyId String
keyManager String
keyState String
keyUsage String
multiRegion Boolean
multiRegionConfigurations ListKeyMultiRegionConfiguration>
origin String
validTo String
grantTokens List
arn string
awsAccountId string
creationDate string
customerMasterKeySpec string
deletionDate string
description string
enabled boolean
expirationModel string
id string

The provider-assigned unique ID for this managed resource.

keyId string
keyManager string
keyState string
keyUsage string
multiRegion boolean
multiRegionConfigurations GetKeyMultiRegionConfiguration[]
origin string
validTo string
grantTokens string[]
arn String
awsAccountId String
creationDate String
customerMasterKeySpec String
deletionDate String
description String
enabled Boolean
expirationModel String
id String

The provider-assigned unique ID for this managed resource.

keyId String
keyManager String
keyState String
keyUsage String
multiRegion Boolean
multiRegionConfigurations List
origin String
validTo String
grantTokens List

Supporting Types

GetKeyMultiRegionConfiguration

GetKeyMultiRegionConfigurationPrimaryKey

Arn string
Region string
Arn string
Region string
arn String
region String
arn string
region string
arn str
region str
arn String
region String

GetKeyMultiRegionConfigurationReplicaKey

Arn string
Region string
Arn string
Region string
arn String
region String
arn string
region string
arn str
region str
arn String
region String

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.