Docs Home
Google Cloud v8.41.0 published on Friday, Aug 22, 2025 by Pulumi
gcp.kms.getKeyHandles
Explore with Pulumi AI
Provides access to Google Cloud Platform KMS KeyHandle. A key handle is a Cloud KMS resource that helps you safely span the separation of duties to create new Cloud KMS keys for CMEK using Autokey.
For more information see the official documentation and API.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const myKeyHandles = gcp.kms.getKeyHandles({
project: "resource-project-id",
location: "us-central1",
resourceTypeSelector: "storage.googleapis.com/Bucket",
});
import pulumi
import pulumi_gcp as gcp
my_key_handles = gcp.kms.get_key_handles(project="resource-project-id",
location="us-central1",
resource_type_selector="storage.googleapis.com/Bucket")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := kms.GetKeyHandles(ctx, &kms.GetKeyHandlesArgs{
Project: pulumi.StringRef("resource-project-id"),
Location: "us-central1",
ResourceTypeSelector: "storage.googleapis.com/Bucket",
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var myKeyHandles = Gcp.Kms.GetKeyHandles.Invoke(new()
{
Project = "resource-project-id",
Location = "us-central1",
ResourceTypeSelector = "storage.googleapis.com/Bucket",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.kms.KmsFunctions;
import com.pulumi.gcp.kms.inputs.GetKeyHandlesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var myKeyHandles = KmsFunctions.getKeyHandles(GetKeyHandlesArgs.builder()
.project("resource-project-id")
.location("us-central1")
.resourceTypeSelector("storage.googleapis.com/Bucket")
.build());
}
}
variables:
myKeyHandles:
fn::invoke:
function: gcp:kms:getKeyHandles
arguments:
project: resource-project-id
location: us-central1
resourceTypeSelector: storage.googleapis.com/Bucket
Using getKeyHandles
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getKeyHandles(args: GetKeyHandlesArgs, opts?: InvokeOptions): Promise<GetKeyHandlesResult>
function getKeyHandlesOutput(args: GetKeyHandlesOutputArgs, opts?: InvokeOptions): Output<GetKeyHandlesResult>def get_key_handles(location: Optional[str] = None,
project: Optional[str] = None,
resource_type_selector: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetKeyHandlesResult
def get_key_handles_output(location: Optional[pulumi.Input[str]] = None,
project: Optional[pulumi.Input[str]] = None,
resource_type_selector: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetKeyHandlesResult]func GetKeyHandles(ctx *Context, args *GetKeyHandlesArgs, opts ...InvokeOption) (*GetKeyHandlesResult, error)
func GetKeyHandlesOutput(ctx *Context, args *GetKeyHandlesOutputArgs, opts ...InvokeOption) GetKeyHandlesResultOutput> Note: This function is named GetKeyHandles in the Go SDK.
public static class GetKeyHandles
{
public static Task<GetKeyHandlesResult> InvokeAsync(GetKeyHandlesArgs args, InvokeOptions? opts = null)
public static Output<GetKeyHandlesResult> Invoke(GetKeyHandlesInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetKeyHandlesResult> getKeyHandles(GetKeyHandlesArgs args, InvokeOptions options)
public static Output<GetKeyHandlesResult> getKeyHandles(GetKeyHandlesArgs args, InvokeOptions options)
fn::invoke:
function: gcp:kms/getKeyHandles:getKeyHandles
arguments:
# arguments dictionaryThe following arguments are supported:
- Location string
- The Google Cloud Platform location for the KeyHandle.
A full list of valid locations can be found by running
gcloud kms locations list. - Resource
Type stringSelector - The resource type by which to filter KeyHandle e.g. {SERVICE}.googleapis.com/{TYPE}. See documentation for supported resource types.
- Project string
- The project in which the resource belongs. If it is not provided, the provider project is used.
- Location string
- The Google Cloud Platform location for the KeyHandle.
A full list of valid locations can be found by running
gcloud kms locations list. - Resource
Type stringSelector - The resource type by which to filter KeyHandle e.g. {SERVICE}.googleapis.com/{TYPE}. See documentation for supported resource types.
- Project string
- The project in which the resource belongs. If it is not provided, the provider project is used.
- location String
- The Google Cloud Platform location for the KeyHandle.
A full list of valid locations can be found by running
gcloud kms locations list. - resource
Type StringSelector - The resource type by which to filter KeyHandle e.g. {SERVICE}.googleapis.com/{TYPE}. See documentation for supported resource types.
- project String
- The project in which the resource belongs. If it is not provided, the provider project is used.
- location string
- The Google Cloud Platform location for the KeyHandle.
A full list of valid locations can be found by running
gcloud kms locations list. - resource
Type stringSelector - The resource type by which to filter KeyHandle e.g. {SERVICE}.googleapis.com/{TYPE}. See documentation for supported resource types.
- project string
- The project in which the resource belongs. If it is not provided, the provider project is used.
- location str
- The Google Cloud Platform location for the KeyHandle.
A full list of valid locations can be found by running
gcloud kms locations list. - resource_
type_ strselector - The resource type by which to filter KeyHandle e.g. {SERVICE}.googleapis.com/{TYPE}. See documentation for supported resource types.
- project str
- The project in which the resource belongs. If it is not provided, the provider project is used.
- location String
- The Google Cloud Platform location for the KeyHandle.
A full list of valid locations can be found by running
gcloud kms locations list. - resource
Type StringSelector - The resource type by which to filter KeyHandle e.g. {SERVICE}.googleapis.com/{TYPE}. See documentation for supported resource types.
- project String
- The project in which the resource belongs. If it is not provided, the provider project is used.
getKeyHandles Result
The following output properties are available:
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Handles List<GetKey Handles Key Handle> - Location string
- The location of the KMS Key and KeyHandle.
- Resource
Type stringSelector - Indicates the resource type that the resulting CryptoKey is meant to protect, e.g. {SERVICE}.googleapis.com/{TYPE}. See documentation for supported resource types.
- Project string
- The identifier of the project where KMS KeyHandle is created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Handles []GetKey Handles Key Handle - Location string
- The location of the KMS Key and KeyHandle.
- Resource
Type stringSelector - Indicates the resource type that the resulting CryptoKey is meant to protect, e.g. {SERVICE}.googleapis.com/{TYPE}. See documentation for supported resource types.
- Project string
- The identifier of the project where KMS KeyHandle is created.
- id String
- The provider-assigned unique ID for this managed resource.
- key
Handles List<GetKey Handles Key Handle> - location String
- The location of the KMS Key and KeyHandle.
- resource
Type StringSelector - Indicates the resource type that the resulting CryptoKey is meant to protect, e.g. {SERVICE}.googleapis.com/{TYPE}. See documentation for supported resource types.
- project String
- The identifier of the project where KMS KeyHandle is created.
- id string
- The provider-assigned unique ID for this managed resource.
- key
Handles GetKey Handles Key Handle[] - location string
- The location of the KMS Key and KeyHandle.
- resource
Type stringSelector - Indicates the resource type that the resulting CryptoKey is meant to protect, e.g. {SERVICE}.googleapis.com/{TYPE}. See documentation for supported resource types.
- project string
- The identifier of the project where KMS KeyHandle is created.
- id str
- The provider-assigned unique ID for this managed resource.
- key_
handles Sequence[GetKey Handles Key Handle] - location str
- The location of the KMS Key and KeyHandle.
- resource_
type_ strselector - Indicates the resource type that the resulting CryptoKey is meant to protect, e.g. {SERVICE}.googleapis.com/{TYPE}. See documentation for supported resource types.
- project str
- The identifier of the project where KMS KeyHandle is created.
- id String
- The provider-assigned unique ID for this managed resource.
- key
Handles List<Property Map> - location String
- The location of the KMS Key and KeyHandle.
- resource
Type StringSelector - Indicates the resource type that the resulting CryptoKey is meant to protect, e.g. {SERVICE}.googleapis.com/{TYPE}. See documentation for supported resource types.
- project String
- The identifier of the project where KMS KeyHandle is created.
Supporting Types
GetKeyHandlesKeyHandle
- Kms
Key string - The identifier of the KMS Key created for the KeyHandle. Its format is
projects/{projectId}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{cryptoKeyName}. - Name string
- The name of the KeyHandle. Its format is
projects/{projectId}/locations/{location}/keyHandles/{keyHandleName}. - Resource
Type stringSelector - The resource type by which to filter KeyHandle e.g. {SERVICE}.googleapis.com/{TYPE}. See documentation for supported resource types.
- Kms
Key string - The identifier of the KMS Key created for the KeyHandle. Its format is
projects/{projectId}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{cryptoKeyName}. - Name string
- The name of the KeyHandle. Its format is
projects/{projectId}/locations/{location}/keyHandles/{keyHandleName}. - Resource
Type stringSelector - The resource type by which to filter KeyHandle e.g. {SERVICE}.googleapis.com/{TYPE}. See documentation for supported resource types.
- kms
Key String - The identifier of the KMS Key created for the KeyHandle. Its format is
projects/{projectId}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{cryptoKeyName}. - name String
- The name of the KeyHandle. Its format is
projects/{projectId}/locations/{location}/keyHandles/{keyHandleName}. - resource
Type StringSelector - The resource type by which to filter KeyHandle e.g. {SERVICE}.googleapis.com/{TYPE}. See documentation for supported resource types.
- kms
Key string - The identifier of the KMS Key created for the KeyHandle. Its format is
projects/{projectId}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{cryptoKeyName}. - name string
- The name of the KeyHandle. Its format is
projects/{projectId}/locations/{location}/keyHandles/{keyHandleName}. - resource
Type stringSelector - The resource type by which to filter KeyHandle e.g. {SERVICE}.googleapis.com/{TYPE}. See documentation for supported resource types.
- kms_
key str - The identifier of the KMS Key created for the KeyHandle. Its format is
projects/{projectId}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{cryptoKeyName}. - name str
- The name of the KeyHandle. Its format is
projects/{projectId}/locations/{location}/keyHandles/{keyHandleName}. - resource_
type_ strselector - The resource type by which to filter KeyHandle e.g. {SERVICE}.googleapis.com/{TYPE}. See documentation for supported resource types.
- kms
Key String - The identifier of the KMS Key created for the KeyHandle. Its format is
projects/{projectId}/locations/{location}/keyRings/{keyRingName}/cryptoKeys/{cryptoKeyName}. - name String
- The name of the KeyHandle. Its format is
projects/{projectId}/locations/{location}/keyHandles/{keyHandleName}. - resource
Type StringSelector - The resource type by which to filter KeyHandle e.g. {SERVICE}.googleapis.com/{TYPE}. See documentation for supported resource types.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.