Docs Home
Keycloak v6.4.0 published on Wednesday, Apr 16, 2025 by Pulumi
keycloak.getRealmKeys
Explore with Pulumi AI
Use this data source to get the keys of a realm. Keys can be filtered by algorithm and status.
Remarks:
- A key must meet all filter criteria
- This data source may return more than one value.
- If no key matches the filter criteria, then an error will be returned.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const realmKeys = keycloak.getRealmKeysOutput({
realmId: realm.id,
algorithms: [
"AES",
"RS256",
],
statuses: [
"ACTIVE",
"PASSIVE",
],
});
export const certificate = realmKeys.apply(realmKeys => realmKeys.keys?.[0]?.certificate);
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
realm_keys = keycloak.get_realm_keys_output(realm_id=realm.id,
algorithms=[
"AES",
"RS256",
],
statuses=[
"ACTIVE",
"PASSIVE",
])
pulumi.export("certificate", realm_keys.keys[0].certificate)
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
realmKeys := keycloak.GetRealmKeysOutput(ctx, keycloak.GetRealmKeysOutputArgs{
RealmId: realm.ID(),
Algorithms: pulumi.StringArray{
pulumi.String("AES"),
pulumi.String("RS256"),
},
Statuses: pulumi.StringArray{
pulumi.String("ACTIVE"),
pulumi.String("PASSIVE"),
},
}, nil)
ctx.Export("certificate", realmKeys.ApplyT(func(realmKeys keycloak.GetRealmKeysResult) (*string, error) {
return &realmKeys.Keys[0].Certificate, nil
}).(pulumi.StringPtrOutput))
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var realmKeys = Keycloak.GetRealmKeys.Invoke(new()
{
RealmId = realm.Id,
Algorithms = new[]
{
"AES",
"RS256",
},
Statuses = new[]
{
"ACTIVE",
"PASSIVE",
},
});
return new Dictionary<string, object?>
{
["certificate"] = realmKeys.Apply(getRealmKeysResult => getRealmKeysResult.Keys[0]?.Certificate),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.KeycloakFunctions;
import com.pulumi.keycloak.inputs.GetRealmKeysArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
final var realmKeys = KeycloakFunctions.getRealmKeys(GetRealmKeysArgs.builder()
.realmId(realm.id())
.algorithms(
"AES",
"RS256")
.statuses(
"ACTIVE",
"PASSIVE")
.build());
ctx.export("certificate", realmKeys.applyValue(_realmKeys -> _realmKeys.keys()[0].certificate()));
}
}
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
variables:
realmKeys:
fn::invoke:
function: keycloak:getRealmKeys
arguments:
realmId: ${realm.id}
algorithms:
- AES
- RS256
statuses:
- ACTIVE
- PASSIVE
outputs:
# show certificate of first key:
certificate: ${realmKeys.keys[0].certificate}
Using getRealmKeys
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getRealmKeys(args: GetRealmKeysArgs, opts?: InvokeOptions): Promise<GetRealmKeysResult>
function getRealmKeysOutput(args: GetRealmKeysOutputArgs, opts?: InvokeOptions): Output<GetRealmKeysResult>def get_realm_keys(algorithms: Optional[Sequence[str]] = None,
realm_id: Optional[str] = None,
statuses: Optional[Sequence[str]] = None,
opts: Optional[InvokeOptions] = None) -> GetRealmKeysResult
def get_realm_keys_output(algorithms: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
realm_id: Optional[pulumi.Input[str]] = None,
statuses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetRealmKeysResult]func GetRealmKeys(ctx *Context, args *GetRealmKeysArgs, opts ...InvokeOption) (*GetRealmKeysResult, error)
func GetRealmKeysOutput(ctx *Context, args *GetRealmKeysOutputArgs, opts ...InvokeOption) GetRealmKeysResultOutput> Note: This function is named GetRealmKeys in the Go SDK.
public static class GetRealmKeys
{
public static Task<GetRealmKeysResult> InvokeAsync(GetRealmKeysArgs args, InvokeOptions? opts = null)
public static Output<GetRealmKeysResult> Invoke(GetRealmKeysInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetRealmKeysResult> getRealmKeys(GetRealmKeysArgs args, InvokeOptions options)
public static Output<GetRealmKeysResult> getRealmKeys(GetRealmKeysArgs args, InvokeOptions options)
fn::invoke:
function: keycloak:index/getRealmKeys:getRealmKeys
arguments:
# arguments dictionaryThe following arguments are supported:
- Realm
Id string - The realm from which the keys will be retrieved.
- Algorithms List<string>
- When specified, keys will be filtered by algorithm. The algorithms can be any of
HS256,RS256,AES, etc. - Statuses List<string>
- When specified, keys will be filtered by status. The statuses can be any of
ACTIVE,DISABLEDandPASSIVE.
- Realm
Id string - The realm from which the keys will be retrieved.
- Algorithms []string
- When specified, keys will be filtered by algorithm. The algorithms can be any of
HS256,RS256,AES, etc. - Statuses []string
- When specified, keys will be filtered by status. The statuses can be any of
ACTIVE,DISABLEDandPASSIVE.
- realm
Id String - The realm from which the keys will be retrieved.
- algorithms List<String>
- When specified, keys will be filtered by algorithm. The algorithms can be any of
HS256,RS256,AES, etc. - statuses List<String>
- When specified, keys will be filtered by status. The statuses can be any of
ACTIVE,DISABLEDandPASSIVE.
- realm
Id string - The realm from which the keys will be retrieved.
- algorithms string[]
- When specified, keys will be filtered by algorithm. The algorithms can be any of
HS256,RS256,AES, etc. - statuses string[]
- When specified, keys will be filtered by status. The statuses can be any of
ACTIVE,DISABLEDandPASSIVE.
- realm_
id str - The realm from which the keys will be retrieved.
- algorithms Sequence[str]
- When specified, keys will be filtered by algorithm. The algorithms can be any of
HS256,RS256,AES, etc. - statuses Sequence[str]
- When specified, keys will be filtered by status. The statuses can be any of
ACTIVE,DISABLEDandPASSIVE.
- realm
Id String - The realm from which the keys will be retrieved.
- algorithms List<String>
- When specified, keys will be filtered by algorithm. The algorithms can be any of
HS256,RS256,AES, etc. - statuses List<String>
- When specified, keys will be filtered by status. The statuses can be any of
ACTIVE,DISABLEDandPASSIVE.
getRealmKeys Result
The following output properties are available:
- Id string
- The provider-assigned unique ID for this managed resource.
- Keys
List<Get
Realm Keys Key> - (Computed) A list of keys that match the filter criteria. Each key has the following attributes:
- Realm
Id string - Algorithms List<string>
- Statuses List<string>
- Key status (string)
- Id string
- The provider-assigned unique ID for this managed resource.
- Keys
[]Get
Realm Keys Key - (Computed) A list of keys that match the filter criteria. Each key has the following attributes:
- Realm
Id string - Algorithms []string
- Statuses []string
- Key status (string)
- id String
- The provider-assigned unique ID for this managed resource.
- keys
List<Get
Realm Keys Key> - (Computed) A list of keys that match the filter criteria. Each key has the following attributes:
- realm
Id String - algorithms List<String>
- statuses List<String>
- Key status (string)
- id string
- The provider-assigned unique ID for this managed resource.
- keys
Get
Realm Keys Key[] - (Computed) A list of keys that match the filter criteria. Each key has the following attributes:
- realm
Id string - algorithms string[]
- statuses string[]
- Key status (string)
- id str
- The provider-assigned unique ID for this managed resource.
- keys
Sequence[Get
Realm Keys Key] - (Computed) A list of keys that match the filter criteria. Each key has the following attributes:
- realm_
id str - algorithms Sequence[str]
- statuses Sequence[str]
- Key status (string)
- id String
- The provider-assigned unique ID for this managed resource.
- keys List<Property Map>
- (Computed) A list of keys that match the filter criteria. Each key has the following attributes:
- realm
Id String - algorithms List<String>
- statuses List<String>
- Key status (string)
Supporting Types
GetRealmKeysKey
- Algorithm string
- Key algorithm (string)
- Certificate string
- Key certificate (string)
- Kid string
- Key ID (string)
- Provider
Id string - Key provider ID (string)
- Provider
Priority int - Key provider priority (int64)
- Public
Key string - Key public key (string)
- Status string
- When specified, keys will be filtered by status. The statuses can be any of
ACTIVE,DISABLEDandPASSIVE. - Type string
- Key type (string)
- Algorithm string
- Key algorithm (string)
- Certificate string
- Key certificate (string)
- Kid string
- Key ID (string)
- Provider
Id string - Key provider ID (string)
- Provider
Priority int - Key provider priority (int64)
- Public
Key string - Key public key (string)
- Status string
- When specified, keys will be filtered by status. The statuses can be any of
ACTIVE,DISABLEDandPASSIVE. - Type string
- Key type (string)
- algorithm String
- Key algorithm (string)
- certificate String
- Key certificate (string)
- kid String
- Key ID (string)
- provider
Id String - Key provider ID (string)
- provider
Priority Integer - Key provider priority (int64)
- public
Key String - Key public key (string)
- status String
- When specified, keys will be filtered by status. The statuses can be any of
ACTIVE,DISABLEDandPASSIVE. - type String
- Key type (string)
- algorithm string
- Key algorithm (string)
- certificate string
- Key certificate (string)
- kid string
- Key ID (string)
- provider
Id string - Key provider ID (string)
- provider
Priority number - Key provider priority (int64)
- public
Key string - Key public key (string)
- status string
- When specified, keys will be filtered by status. The statuses can be any of
ACTIVE,DISABLEDandPASSIVE. - type string
- Key type (string)
- algorithm str
- Key algorithm (string)
- certificate str
- Key certificate (string)
- kid str
- Key ID (string)
- provider_
id str - Key provider ID (string)
- provider_
priority int - Key provider priority (int64)
- public_
key str - Key public key (string)
- status str
- When specified, keys will be filtered by status. The statuses can be any of
ACTIVE,DISABLEDandPASSIVE. - type str
- Key type (string)
- algorithm String
- Key algorithm (string)
- certificate String
- Key certificate (string)
- kid String
- Key ID (string)
- provider
Id String - Key provider ID (string)
- provider
Priority Number - Key provider priority (int64)
- public
Key String - Key public key (string)
- status String
- When specified, keys will be filtered by status. The statuses can be any of
ACTIVE,DISABLEDandPASSIVE. - type String
- Key type (string)
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
keycloakTerraform Provider.