Azure Native v3.8.0, Sep 3 25

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.8.0 published on Wednesday, Sep 3, 2025 by Pulumi

pulumi/pulumi-azure-native

azure-native.keyvault.getKey

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.8.0 published on Wednesday, Sep 3, 2025 by Pulumi

pulumi/pulumi-azure-native

Using getKey

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getKey(args: GetKeyArgs, opts?: InvokeOptions): Promise<GetKeyResult>
function getKeyOutput(args: GetKeyOutputArgs, opts?: InvokeOptions): Output<GetKeyResult>

def get_key(key_name: Optional[str] = None,
            resource_group_name: Optional[str] = None,
            vault_name: Optional[str] = None,
            opts: Optional[InvokeOptions] = None) -> GetKeyResult
def get_key_output(key_name: Optional[pulumi.Input[str]] = None,
            resource_group_name: Optional[pulumi.Input[str]] = None,
            vault_name: Optional[pulumi.Input[str]] = None,
            opts: Optional[InvokeOptions] = None) -> Output[GetKeyResult]

func LookupKey(ctx *Context, args *LookupKeyArgs, opts ...InvokeOption) (*LookupKeyResult, error)
func LookupKeyOutput(ctx *Context, args *LookupKeyOutputArgs, opts ...InvokeOption) LookupKeyResultOutput

> Note: This function is named LookupKey in the Go SDK.

public static class GetKey 
{
    public static Task<GetKeyResult> InvokeAsync(GetKeyArgs args, InvokeOptions? opts = null)
    public static Output<GetKeyResult> Invoke(GetKeyInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetKeyResult> getKey(GetKeyArgs args, InvokeOptions options)
public static Output<GetKeyResult> getKey(GetKeyArgs args, InvokeOptions options)

fn::invoke:
  function: azure-native:keyvault:getKey
  arguments:
    # arguments dictionary

The following arguments are supported:

KeyName string: The name of the key to be retrieved.
ResourceGroupName string: The name of the resource group which contains the specified key vault.
VaultName string: The name of the vault which contains the key to be retrieved.

KeyName string: The name of the key to be retrieved.
ResourceGroupName string: The name of the resource group which contains the specified key vault.
VaultName string: The name of the vault which contains the key to be retrieved.

keyName String: The name of the key to be retrieved.
resourceGroupName String: The name of the resource group which contains the specified key vault.
vaultName String: The name of the vault which contains the key to be retrieved.

keyName string: The name of the key to be retrieved.
resourceGroupName string: The name of the resource group which contains the specified key vault.
vaultName string: The name of the vault which contains the key to be retrieved.

key_name str: The name of the key to be retrieved.
resource_group_name str: The name of the resource group which contains the specified key vault.
vault_name str: The name of the vault which contains the key to be retrieved.

keyName String: The name of the key to be retrieved.
resourceGroupName String: The name of the resource group which contains the specified key vault.
vaultName String: The name of the vault which contains the key to be retrieved.

getKey Result

The following output properties are available:

AzureApiVersion string: The Azure API version of the resource.
Id string: Fully qualified identifier of the key vault resource.
KeyUri string: The URI to retrieve the current version of the key.
KeyUriWithVersion string: The URI to retrieve the specific version of the key.
Location string: Azure location of the key vault resource.
Name string: Name of the key vault resource.
Tags Dictionary<string, string>: Tags assigned to the key vault resource.
Type string: Resource type of the key vault resource.
Attributes Pulumi.AzureNative.KeyVault.Outputs.KeyAttributesResponse: The attributes of the key.
CurveName string: The elliptic curve name. For valid values, see JsonWebKeyCurveName. Default for EC and EC-HSM keys is P-256
KeyOps List<string>
KeySize int: The key size in bits. For example: 2048, 3072, or 4096 for RSA. Default for RSA and RSA-HSM keys is 2048. Exception made for bring your own key (BYOK), key exchange keys default to 4096.
Kty string: The type of the key. For valid values, see JsonWebKeyType.
ReleasePolicy Pulumi.AzureNative.KeyVault.Outputs.KeyReleasePolicyResponse: Key release policy in response. It will be used for both output and input. Omitted if empty
RotationPolicy Pulumi.AzureNative.KeyVault.Outputs.RotationPolicyResponse: Key rotation policy in response. It will be used for both output and input. Omitted if empty

AzureApiVersion string: The Azure API version of the resource.
Id string: Fully qualified identifier of the key vault resource.
KeyUri string: The URI to retrieve the current version of the key.
KeyUriWithVersion string: The URI to retrieve the specific version of the key.
Location string: Azure location of the key vault resource.
Name string: Name of the key vault resource.
Tags map[string]string: Tags assigned to the key vault resource.
Type string: Resource type of the key vault resource.
Attributes KeyAttributesResponse: The attributes of the key.
CurveName string: The elliptic curve name. For valid values, see JsonWebKeyCurveName. Default for EC and EC-HSM keys is P-256
KeyOps []string
KeySize int: The key size in bits. For example: 2048, 3072, or 4096 for RSA. Default for RSA and RSA-HSM keys is 2048. Exception made for bring your own key (BYOK), key exchange keys default to 4096.
Kty string: The type of the key. For valid values, see JsonWebKeyType.
ReleasePolicy KeyReleasePolicyResponse: Key release policy in response. It will be used for both output and input. Omitted if empty
RotationPolicy RotationPolicyResponse: Key rotation policy in response. It will be used for both output and input. Omitted if empty

azureApiVersion String: The Azure API version of the resource.
id String: Fully qualified identifier of the key vault resource.
keyUri String: The URI to retrieve the current version of the key.
keyUriWithVersion String: The URI to retrieve the specific version of the key.
location String: Azure location of the key vault resource.
name String: Name of the key vault resource.
tags Map<String,String>: Tags assigned to the key vault resource.
type String: Resource type of the key vault resource.
attributes KeyAttributesResponse: The attributes of the key.
curveName String: The elliptic curve name. For valid values, see JsonWebKeyCurveName. Default for EC and EC-HSM keys is P-256
keyOps List<String>
keySize Integer: The key size in bits. For example: 2048, 3072, or 4096 for RSA. Default for RSA and RSA-HSM keys is 2048. Exception made for bring your own key (BYOK), key exchange keys default to 4096.
kty String: The type of the key. For valid values, see JsonWebKeyType.
releasePolicy KeyReleasePolicyResponse: Key release policy in response. It will be used for both output and input. Omitted if empty
rotationPolicy RotationPolicyResponse: Key rotation policy in response. It will be used for both output and input. Omitted if empty

azureApiVersion string: The Azure API version of the resource.
id string: Fully qualified identifier of the key vault resource.
keyUri string: The URI to retrieve the current version of the key.
keyUriWithVersion string: The URI to retrieve the specific version of the key.
location string: Azure location of the key vault resource.
name string: Name of the key vault resource.
tags {[key: string]: string}: Tags assigned to the key vault resource.
type string: Resource type of the key vault resource.
attributes KeyAttributesResponse: The attributes of the key.
curveName string: The elliptic curve name. For valid values, see JsonWebKeyCurveName. Default for EC and EC-HSM keys is P-256
keyOps string[]
keySize number: The key size in bits. For example: 2048, 3072, or 4096 for RSA. Default for RSA and RSA-HSM keys is 2048. Exception made for bring your own key (BYOK), key exchange keys default to 4096.
kty string: The type of the key. For valid values, see JsonWebKeyType.
releasePolicy KeyReleasePolicyResponse: Key release policy in response. It will be used for both output and input. Omitted if empty
rotationPolicy RotationPolicyResponse: Key rotation policy in response. It will be used for both output and input. Omitted if empty

azure_api_version str: The Azure API version of the resource.
id str: Fully qualified identifier of the key vault resource.
key_uri str: The URI to retrieve the current version of the key.
key_uri_with_version str: The URI to retrieve the specific version of the key.
location str: Azure location of the key vault resource.
name str: Name of the key vault resource.
tags Mapping[str, str]: Tags assigned to the key vault resource.
type str: Resource type of the key vault resource.
attributes KeyAttributesResponse: The attributes of the key.
curve_name str: The elliptic curve name. For valid values, see JsonWebKeyCurveName. Default for EC and EC-HSM keys is P-256
key_ops Sequence[str]
key_size int: The key size in bits. For example: 2048, 3072, or 4096 for RSA. Default for RSA and RSA-HSM keys is 2048. Exception made for bring your own key (BYOK), key exchange keys default to 4096.
kty str: The type of the key. For valid values, see JsonWebKeyType.
release_policy KeyReleasePolicyResponse: Key release policy in response. It will be used for both output and input. Omitted if empty
rotation_policy RotationPolicyResponse: Key rotation policy in response. It will be used for both output and input. Omitted if empty

azureApiVersion String: The Azure API version of the resource.
id String: Fully qualified identifier of the key vault resource.
keyUri String: The URI to retrieve the current version of the key.
keyUriWithVersion String: The URI to retrieve the specific version of the key.
location String: Azure location of the key vault resource.
name String: Name of the key vault resource.
tags Map<String>: Tags assigned to the key vault resource.
type String: Resource type of the key vault resource.
attributes Property Map: The attributes of the key.
curveName String: The elliptic curve name. For valid values, see JsonWebKeyCurveName. Default for EC and EC-HSM keys is P-256
keyOps List<String>
keySize Number: The key size in bits. For example: 2048, 3072, or 4096 for RSA. Default for RSA and RSA-HSM keys is 2048. Exception made for bring your own key (BYOK), key exchange keys default to 4096.
kty String: The type of the key. For valid values, see JsonWebKeyType.
releasePolicy Property Map: Key release policy in response. It will be used for both output and input. Omitted if empty
rotationPolicy Property Map: Key rotation policy in response. It will be used for both output and input. Omitted if empty

Supporting Types

ActionResponse

Type string: The type of action.

Type string: The type of action.

type String: The type of action.

type string: The type of action.

type str: The type of action.

type String: The type of action.

KeyAttributesResponse

Created double: Creation time in seconds since 1970-01-01T00:00:00Z.
RecoveryLevel string: The deletion recovery level currently in effect for the object. If it contains 'Purgeable', then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval.
Updated double: Last updated time in seconds since 1970-01-01T00:00:00Z.
Enabled bool: Determines whether or not the object is enabled.
Expires double: Expiry date in seconds since 1970-01-01T00:00:00Z.
Exportable bool: Indicates if the private key can be exported.
NotBefore double: Not before date in seconds since 1970-01-01T00:00:00Z.

Created float64: Creation time in seconds since 1970-01-01T00:00:00Z.
RecoveryLevel string: The deletion recovery level currently in effect for the object. If it contains 'Purgeable', then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval.
Updated float64: Last updated time in seconds since 1970-01-01T00:00:00Z.
Enabled bool: Determines whether or not the object is enabled.
Expires float64: Expiry date in seconds since 1970-01-01T00:00:00Z.
Exportable bool: Indicates if the private key can be exported.
NotBefore float64: Not before date in seconds since 1970-01-01T00:00:00Z.

created Double: Creation time in seconds since 1970-01-01T00:00:00Z.
recoveryLevel String: The deletion recovery level currently in effect for the object. If it contains 'Purgeable', then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval.
updated Double: Last updated time in seconds since 1970-01-01T00:00:00Z.
enabled Boolean: Determines whether or not the object is enabled.
expires Double: Expiry date in seconds since 1970-01-01T00:00:00Z.
exportable Boolean: Indicates if the private key can be exported.
notBefore Double: Not before date in seconds since 1970-01-01T00:00:00Z.

created number: Creation time in seconds since 1970-01-01T00:00:00Z.
recoveryLevel string: The deletion recovery level currently in effect for the object. If it contains 'Purgeable', then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval.
updated number: Last updated time in seconds since 1970-01-01T00:00:00Z.
enabled boolean: Determines whether or not the object is enabled.
expires number: Expiry date in seconds since 1970-01-01T00:00:00Z.
exportable boolean: Indicates if the private key can be exported.
notBefore number: Not before date in seconds since 1970-01-01T00:00:00Z.

created float: Creation time in seconds since 1970-01-01T00:00:00Z.
recovery_level str: The deletion recovery level currently in effect for the object. If it contains 'Purgeable', then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval.
updated float: Last updated time in seconds since 1970-01-01T00:00:00Z.
enabled bool: Determines whether or not the object is enabled.
expires float: Expiry date in seconds since 1970-01-01T00:00:00Z.
exportable bool: Indicates if the private key can be exported.
not_before float: Not before date in seconds since 1970-01-01T00:00:00Z.

created Number: Creation time in seconds since 1970-01-01T00:00:00Z.
recoveryLevel String: The deletion recovery level currently in effect for the object. If it contains 'Purgeable', then the object can be permanently deleted by a privileged user; otherwise, only the system can purge the object at the end of the retention interval.
updated Number: Last updated time in seconds since 1970-01-01T00:00:00Z.
enabled Boolean: Determines whether or not the object is enabled.
expires Number: Expiry date in seconds since 1970-01-01T00:00:00Z.
exportable Boolean: Indicates if the private key can be exported.
notBefore Number: Not before date in seconds since 1970-01-01T00:00:00Z.

KeyReleasePolicyResponse

ContentType string: Content type and version of key release policy
Data string: Blob encoding the policy rules under which the key can be released.

ContentType string: Content type and version of key release policy
Data string: Blob encoding the policy rules under which the key can be released.

contentType String: Content type and version of key release policy
data String: Blob encoding the policy rules under which the key can be released.

contentType string: Content type and version of key release policy
data string: Blob encoding the policy rules under which the key can be released.

content_type str: Content type and version of key release policy
data str: Blob encoding the policy rules under which the key can be released.

contentType String: Content type and version of key release policy
data String: Blob encoding the policy rules under which the key can be released.

KeyRotationPolicyAttributesResponse

Created double: Creation time in seconds since 1970-01-01T00:00:00Z.
Updated double: Last updated time in seconds since 1970-01-01T00:00:00Z.
ExpiryTime string: The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'.

Created float64: Creation time in seconds since 1970-01-01T00:00:00Z.
Updated float64: Last updated time in seconds since 1970-01-01T00:00:00Z.
ExpiryTime string: The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'.

created Double: Creation time in seconds since 1970-01-01T00:00:00Z.
updated Double: Last updated time in seconds since 1970-01-01T00:00:00Z.
expiryTime String: The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'.

created number: Creation time in seconds since 1970-01-01T00:00:00Z.
updated number: Last updated time in seconds since 1970-01-01T00:00:00Z.
expiryTime string: The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'.

created float: Creation time in seconds since 1970-01-01T00:00:00Z.
updated float: Last updated time in seconds since 1970-01-01T00:00:00Z.
expiry_time str: The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'.

created Number: Creation time in seconds since 1970-01-01T00:00:00Z.
updated Number: Last updated time in seconds since 1970-01-01T00:00:00Z.
expiryTime String: The expiration time for the new key version. It should be in ISO8601 format. Eg: 'P90D', 'P1Y'.

LifetimeActionResponse

Action Pulumi.AzureNative.KeyVault.Inputs.ActionResponse: The action of key rotation policy lifetimeAction.
Trigger Pulumi.AzureNative.KeyVault.Inputs.TriggerResponse: The trigger of key rotation policy lifetimeAction.

Action ActionResponse: The action of key rotation policy lifetimeAction.
Trigger TriggerResponse: The trigger of key rotation policy lifetimeAction.

action ActionResponse: The action of key rotation policy lifetimeAction.
trigger TriggerResponse: The trigger of key rotation policy lifetimeAction.

action ActionResponse: The action of key rotation policy lifetimeAction.
trigger TriggerResponse: The trigger of key rotation policy lifetimeAction.

action ActionResponse: The action of key rotation policy lifetimeAction.
trigger TriggerResponse: The trigger of key rotation policy lifetimeAction.

action Property Map: The action of key rotation policy lifetimeAction.
trigger Property Map: The trigger of key rotation policy lifetimeAction.

RotationPolicyResponse

Attributes Pulumi.AzureNative.KeyVault.Inputs.KeyRotationPolicyAttributesResponse: The attributes of key rotation policy.
LifetimeActions List<Pulumi.AzureNative.KeyVault.Inputs.LifetimeActionResponse>: The lifetimeActions for key rotation action.

Attributes KeyRotationPolicyAttributesResponse: The attributes of key rotation policy.
LifetimeActions []LifetimeActionResponse: The lifetimeActions for key rotation action.

attributes KeyRotationPolicyAttributesResponse: The attributes of key rotation policy.
lifetimeActions List<LifetimeActionResponse>: The lifetimeActions for key rotation action.

attributes KeyRotationPolicyAttributesResponse: The attributes of key rotation policy.
lifetimeActions LifetimeActionResponse[]: The lifetimeActions for key rotation action.

attributes KeyRotationPolicyAttributesResponse: The attributes of key rotation policy.
lifetime_actions Sequence[LifetimeActionResponse]: The lifetimeActions for key rotation action.

attributes Property Map: The attributes of key rotation policy.
lifetimeActions List<Property Map>: The lifetimeActions for key rotation action.

TriggerResponse

TimeAfterCreate string: The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
TimeBeforeExpiry string: The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.

TimeAfterCreate string: The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
TimeBeforeExpiry string: The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.

timeAfterCreate String: The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
timeBeforeExpiry String: The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.

timeAfterCreate string: The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
timeBeforeExpiry string: The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.

time_after_create str: The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
time_before_expiry str: The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.

timeAfterCreate String: The time duration after key creation to rotate the key. It only applies to rotate. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.
timeBeforeExpiry String: The time duration before key expiring to rotate or notify. It will be in ISO 8601 duration format. Eg: 'P90D', 'P1Y'.

Package Details

Repository: Azure Native pulumi/pulumi-azure-native
License: Apache-2.0

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.8.0 published on Wednesday, Sep 3, 2025 by Pulumi

pulumi/pulumi-azure-native

azure-native.keyvault.getKey

On this page

On this page

Using getKey

getKey Result

Supporting Types

ActionResponse

KeyAttributesResponse

KeyReleasePolicyResponse

KeyRotationPolicyAttributesResponse

LifetimeActionResponse

RotationPolicyResponse

TriggerResponse

Package Details

On this page

On this page