1. Packages
  2. AWS
  3. API Docs
  4. kms
  5. getPublicKey
AWS v6.54.2 published on Wednesday, Oct 2, 2024 by Pulumi

aws.kms.getPublicKey

Explore with Pulumi AI

aws logo
AWS v6.54.2 published on Wednesday, Oct 2, 2024 by Pulumi

    Use this data source to get the public key about the specified KMS Key with flexible key id input. This can be useful to reference key alias without having to hard code the ARN as input.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const byAlias = aws.kms.getPublicKey({
        keyId: "alias/my-key",
    });
    const byId = aws.kms.getPublicKey({
        keyId: "1234abcd-12ab-34cd-56ef-1234567890ab",
    });
    const byAliasArn = aws.kms.getPublicKey({
        keyId: "arn:aws:kms:us-east-1:111122223333:alias/my-key",
    });
    const byKeyArn = aws.kms.getPublicKey({
        keyId: "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
    });
    
    import pulumi
    import pulumi_aws as aws
    
    by_alias = aws.kms.get_public_key(key_id="alias/my-key")
    by_id = aws.kms.get_public_key(key_id="1234abcd-12ab-34cd-56ef-1234567890ab")
    by_alias_arn = aws.kms.get_public_key(key_id="arn:aws:kms:us-east-1:111122223333:alias/my-key")
    by_key_arn = aws.kms.get_public_key(key_id="arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := kms.GetPublicKey(ctx, &kms.GetPublicKeyArgs{
    			KeyId: "alias/my-key",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = kms.GetPublicKey(ctx, &kms.GetPublicKeyArgs{
    			KeyId: "1234abcd-12ab-34cd-56ef-1234567890ab",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = kms.GetPublicKey(ctx, &kms.GetPublicKeyArgs{
    			KeyId: "arn:aws:kms:us-east-1:111122223333:alias/my-key",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = kms.GetPublicKey(ctx, &kms.GetPublicKeyArgs{
    			KeyId: "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var byAlias = Aws.Kms.GetPublicKey.Invoke(new()
        {
            KeyId = "alias/my-key",
        });
    
        var byId = Aws.Kms.GetPublicKey.Invoke(new()
        {
            KeyId = "1234abcd-12ab-34cd-56ef-1234567890ab",
        });
    
        var byAliasArn = Aws.Kms.GetPublicKey.Invoke(new()
        {
            KeyId = "arn:aws:kms:us-east-1:111122223333:alias/my-key",
        });
    
        var byKeyArn = Aws.Kms.GetPublicKey.Invoke(new()
        {
            KeyId = "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.kms.KmsFunctions;
    import com.pulumi.aws.kms.inputs.GetPublicKeyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var byAlias = KmsFunctions.getPublicKey(GetPublicKeyArgs.builder()
                .keyId("alias/my-key")
                .build());
    
            final var byId = KmsFunctions.getPublicKey(GetPublicKeyArgs.builder()
                .keyId("1234abcd-12ab-34cd-56ef-1234567890ab")
                .build());
    
            final var byAliasArn = KmsFunctions.getPublicKey(GetPublicKeyArgs.builder()
                .keyId("arn:aws:kms:us-east-1:111122223333:alias/my-key")
                .build());
    
            final var byKeyArn = KmsFunctions.getPublicKey(GetPublicKeyArgs.builder()
                .keyId("arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab")
                .build());
    
        }
    }
    
    variables:
      byAlias:
        fn::invoke:
          Function: aws:kms:getPublicKey
          Arguments:
            keyId: alias/my-key
      byId:
        fn::invoke:
          Function: aws:kms:getPublicKey
          Arguments:
            keyId: 1234abcd-12ab-34cd-56ef-1234567890ab
      byAliasArn:
        fn::invoke:
          Function: aws:kms:getPublicKey
          Arguments:
            keyId: arn:aws:kms:us-east-1:111122223333:alias/my-key
      byKeyArn:
        fn::invoke:
          Function: aws:kms:getPublicKey
          Arguments:
            keyId: arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
    

    Using getPublicKey

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getPublicKey(args: GetPublicKeyArgs, opts?: InvokeOptions): Promise<GetPublicKeyResult>
    function getPublicKeyOutput(args: GetPublicKeyOutputArgs, opts?: InvokeOptions): Output<GetPublicKeyResult>
    def get_public_key(grant_tokens: Optional[Sequence[str]] = None,
                       key_id: Optional[str] = None,
                       opts: Optional[InvokeOptions] = None) -> GetPublicKeyResult
    def get_public_key_output(grant_tokens: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                       key_id: Optional[pulumi.Input[str]] = None,
                       opts: Optional[InvokeOptions] = None) -> Output[GetPublicKeyResult]
    func GetPublicKey(ctx *Context, args *GetPublicKeyArgs, opts ...InvokeOption) (*GetPublicKeyResult, error)
    func GetPublicKeyOutput(ctx *Context, args *GetPublicKeyOutputArgs, opts ...InvokeOption) GetPublicKeyResultOutput

    > Note: This function is named GetPublicKey in the Go SDK.

    public static class GetPublicKey 
    {
        public static Task<GetPublicKeyResult> InvokeAsync(GetPublicKeyArgs args, InvokeOptions? opts = null)
        public static Output<GetPublicKeyResult> Invoke(GetPublicKeyInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetPublicKeyResult> getPublicKey(GetPublicKeyArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: aws:kms/getPublicKey:getPublicKey
      arguments:
        # arguments dictionary

    The following arguments are supported:

    KeyId string
    Key identifier which can be one of the following format:

    • Key ID. E.g - 1234abcd-12ab-34cd-56ef-1234567890ab
    • Key ARN. E.g. - arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
    • Alias name. E.g. - alias/my-key
    • Alias ARN - E.g. - arn:aws:kms:us-east-1:111122223333:alias/my-key
    GrantTokens List<string>
    List of grant tokens
    KeyId string
    Key identifier which can be one of the following format:

    • Key ID. E.g - 1234abcd-12ab-34cd-56ef-1234567890ab
    • Key ARN. E.g. - arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
    • Alias name. E.g. - alias/my-key
    • Alias ARN - E.g. - arn:aws:kms:us-east-1:111122223333:alias/my-key
    GrantTokens []string
    List of grant tokens
    keyId String
    Key identifier which can be one of the following format:

    • Key ID. E.g - 1234abcd-12ab-34cd-56ef-1234567890ab
    • Key ARN. E.g. - arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
    • Alias name. E.g. - alias/my-key
    • Alias ARN - E.g. - arn:aws:kms:us-east-1:111122223333:alias/my-key
    grantTokens List<String>
    List of grant tokens
    keyId string
    Key identifier which can be one of the following format:

    • Key ID. E.g - 1234abcd-12ab-34cd-56ef-1234567890ab
    • Key ARN. E.g. - arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
    • Alias name. E.g. - alias/my-key
    • Alias ARN - E.g. - arn:aws:kms:us-east-1:111122223333:alias/my-key
    grantTokens string[]
    List of grant tokens
    key_id str
    Key identifier which can be one of the following format:

    • Key ID. E.g - 1234abcd-12ab-34cd-56ef-1234567890ab
    • Key ARN. E.g. - arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
    • Alias name. E.g. - alias/my-key
    • Alias ARN - E.g. - arn:aws:kms:us-east-1:111122223333:alias/my-key
    grant_tokens Sequence[str]
    List of grant tokens
    keyId String
    Key identifier which can be one of the following format:

    • Key ID. E.g - 1234abcd-12ab-34cd-56ef-1234567890ab
    • Key ARN. E.g. - arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
    • Alias name. E.g. - alias/my-key
    • Alias ARN - E.g. - arn:aws:kms:us-east-1:111122223333:alias/my-key
    grantTokens List<String>
    List of grant tokens

    getPublicKey Result

    The following output properties are available:

    Arn string
    Key ARN of the asymmetric CMK from which the public key was downloaded.
    CustomerMasterKeySpec string
    Type of the public key that was downloaded.
    EncryptionAlgorithms List<string>
    Encryption algorithms that AWS KMS supports for this key. Only set when the key_usage of the public key is ENCRYPT_DECRYPT.
    Id string
    The provider-assigned unique ID for this managed resource.
    KeyId string
    KeyUsage string
    Permitted use of the public key. Valid values are ENCRYPT_DECRYPT or SIGN_VERIFY
    PublicKey string
    Exported public key. The value is a DER-encoded X.509 public key, also known as SubjectPublicKeyInfo (SPKI), as defined in RFC 5280. The value is Base64-encoded.
    PublicKeyPem string
    Exported public key. The value is Privacy Enhanced Mail (PEM) encoded.
    SigningAlgorithms List<string>
    Signing algorithms that AWS KMS supports for this key. Only set when the key_usage of the public key is SIGN_VERIFY.
    GrantTokens List<string>
    Arn string
    Key ARN of the asymmetric CMK from which the public key was downloaded.
    CustomerMasterKeySpec string
    Type of the public key that was downloaded.
    EncryptionAlgorithms []string
    Encryption algorithms that AWS KMS supports for this key. Only set when the key_usage of the public key is ENCRYPT_DECRYPT.
    Id string
    The provider-assigned unique ID for this managed resource.
    KeyId string
    KeyUsage string
    Permitted use of the public key. Valid values are ENCRYPT_DECRYPT or SIGN_VERIFY
    PublicKey string
    Exported public key. The value is a DER-encoded X.509 public key, also known as SubjectPublicKeyInfo (SPKI), as defined in RFC 5280. The value is Base64-encoded.
    PublicKeyPem string
    Exported public key. The value is Privacy Enhanced Mail (PEM) encoded.
    SigningAlgorithms []string
    Signing algorithms that AWS KMS supports for this key. Only set when the key_usage of the public key is SIGN_VERIFY.
    GrantTokens []string
    arn String
    Key ARN of the asymmetric CMK from which the public key was downloaded.
    customerMasterKeySpec String
    Type of the public key that was downloaded.
    encryptionAlgorithms List<String>
    Encryption algorithms that AWS KMS supports for this key. Only set when the key_usage of the public key is ENCRYPT_DECRYPT.
    id String
    The provider-assigned unique ID for this managed resource.
    keyId String
    keyUsage String
    Permitted use of the public key. Valid values are ENCRYPT_DECRYPT or SIGN_VERIFY
    publicKey String
    Exported public key. The value is a DER-encoded X.509 public key, also known as SubjectPublicKeyInfo (SPKI), as defined in RFC 5280. The value is Base64-encoded.
    publicKeyPem String
    Exported public key. The value is Privacy Enhanced Mail (PEM) encoded.
    signingAlgorithms List<String>
    Signing algorithms that AWS KMS supports for this key. Only set when the key_usage of the public key is SIGN_VERIFY.
    grantTokens List<String>
    arn string
    Key ARN of the asymmetric CMK from which the public key was downloaded.
    customerMasterKeySpec string
    Type of the public key that was downloaded.
    encryptionAlgorithms string[]
    Encryption algorithms that AWS KMS supports for this key. Only set when the key_usage of the public key is ENCRYPT_DECRYPT.
    id string
    The provider-assigned unique ID for this managed resource.
    keyId string
    keyUsage string
    Permitted use of the public key. Valid values are ENCRYPT_DECRYPT or SIGN_VERIFY
    publicKey string
    Exported public key. The value is a DER-encoded X.509 public key, also known as SubjectPublicKeyInfo (SPKI), as defined in RFC 5280. The value is Base64-encoded.
    publicKeyPem string
    Exported public key. The value is Privacy Enhanced Mail (PEM) encoded.
    signingAlgorithms string[]
    Signing algorithms that AWS KMS supports for this key. Only set when the key_usage of the public key is SIGN_VERIFY.
    grantTokens string[]
    arn str
    Key ARN of the asymmetric CMK from which the public key was downloaded.
    customer_master_key_spec str
    Type of the public key that was downloaded.
    encryption_algorithms Sequence[str]
    Encryption algorithms that AWS KMS supports for this key. Only set when the key_usage of the public key is ENCRYPT_DECRYPT.
    id str
    The provider-assigned unique ID for this managed resource.
    key_id str
    key_usage str
    Permitted use of the public key. Valid values are ENCRYPT_DECRYPT or SIGN_VERIFY
    public_key str
    Exported public key. The value is a DER-encoded X.509 public key, also known as SubjectPublicKeyInfo (SPKI), as defined in RFC 5280. The value is Base64-encoded.
    public_key_pem str
    Exported public key. The value is Privacy Enhanced Mail (PEM) encoded.
    signing_algorithms Sequence[str]
    Signing algorithms that AWS KMS supports for this key. Only set when the key_usage of the public key is SIGN_VERIFY.
    grant_tokens Sequence[str]
    arn String
    Key ARN of the asymmetric CMK from which the public key was downloaded.
    customerMasterKeySpec String
    Type of the public key that was downloaded.
    encryptionAlgorithms List<String>
    Encryption algorithms that AWS KMS supports for this key. Only set when the key_usage of the public key is ENCRYPT_DECRYPT.
    id String
    The provider-assigned unique ID for this managed resource.
    keyId String
    keyUsage String
    Permitted use of the public key. Valid values are ENCRYPT_DECRYPT or SIGN_VERIFY
    publicKey String
    Exported public key. The value is a DER-encoded X.509 public key, also known as SubjectPublicKeyInfo (SPKI), as defined in RFC 5280. The value is Base64-encoded.
    publicKeyPem String
    Exported public key. The value is Privacy Enhanced Mail (PEM) encoded.
    signingAlgorithms List<String>
    Signing algorithms that AWS KMS supports for this key. Only set when the key_usage of the public key is SIGN_VERIFY.
    grantTokens List<String>

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo
    AWS v6.54.2 published on Wednesday, Oct 2, 2024 by Pulumi