getKey

This data source provides details about a specific Key resource in Oracle Cloud Infrastructure Kms service.

Gets information about the specified master encryption key.

As a management operation, this call is subject to a Key Management limit that applies to the total number of requests across all management read operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of management read operations exceeds 10 requests per second for a given tenancy.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Oci = Pulumi.Oci;

return await Deployment.RunAsync(() => 
{
    var testKey = Oci.Kms.GetKey.Invoke(new()
    {
        KeyId = oci_kms_key.Test_key.Id,
        ManagementEndpoint = @var.Key_management_endpoint,
    });

});
package main

import (
	"github.com/pulumi/pulumi-oci/sdk/go/oci/Kms"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := Kms.GetKey(ctx, &kms.GetKeyArgs{
			KeyId:              oci_kms_key.Test_key.Id,
			ManagementEndpoint: _var.Key_management_endpoint,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.Kms.KmsFunctions;
import com.pulumi.oci.Kms.inputs.GetKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var testKey = KmsFunctions.getKey(GetKeyArgs.builder()
            .keyId(oci_kms_key.test_key().id())
            .managementEndpoint(var_.key_management_endpoint())
            .build());

    }
}
import pulumi
import pulumi_oci as oci

test_key = oci.Kms.get_key(key_id=oci_kms_key["test_key"]["id"],
    management_endpoint=var["key_management_endpoint"])
import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";

const testKey = oci.Kms.getKey({
    keyId: oci_kms_key.test_key.id,
    managementEndpoint: _var.key_management_endpoint,
});
variables:
  testKey:
    Fn::Invoke:
      Function: oci:Kms:getKey
      Arguments:
        keyId: ${oci_kms_key.test_key.id}
        managementEndpoint: ${var.key_management_endpoint}

Using getKey

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getKey(args: GetKeyArgs, opts?: InvokeOptions): Promise<GetKeyResult>
function getKeyOutput(args: GetKeyOutputArgs, opts?: InvokeOptions): Output<GetKeyResult>
def get_key(key_id: Optional[str] = None,
            management_endpoint: Optional[str] = None,
            opts: Optional[InvokeOptions] = None) -> GetKeyResult
def get_key_output(key_id: Optional[pulumi.Input[str]] = None,
            management_endpoint: Optional[pulumi.Input[str]] = None,
            opts: Optional[InvokeOptions] = None) -> Output[GetKeyResult]
func GetKey(ctx *Context, args *GetKeyArgs, opts ...InvokeOption) (*GetKeyResult, error)
func GetKeyOutput(ctx *Context, args *GetKeyOutputArgs, opts ...InvokeOption) GetKeyResultOutput

> Note: This function is named GetKey in the Go SDK.

public static class GetKey 
{
    public static Task<GetKeyResult> InvokeAsync(GetKeyArgs args, InvokeOptions? opts = null)
    public static Output<GetKeyResult> Invoke(GetKeyInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetKeyResult> getKey(GetKeyArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
  function: oci:Kms/getKey:getKey
  arguments:
    # arguments dictionary

The following arguments are supported:

KeyId string

The OCID of the key.

ManagementEndpoint string

The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.

KeyId string

The OCID of the key.

ManagementEndpoint string

The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.

keyId String

The OCID of the key.

managementEndpoint String

The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.

keyId string

The OCID of the key.

managementEndpoint string

The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.

key_id str

The OCID of the key.

management_endpoint str

The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.

keyId String

The OCID of the key.

managementEndpoint String

The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.

getKey Result

The following output properties are available:

CompartmentId string

The OCID of the compartment that contains this master encryption key.

CurrentKeyVersion string

The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.

DefinedTags Dictionary<string, object>

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}

DesiredState string
DisplayName string

A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.

FreeformTags Dictionary<string, object>

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}

Id string

The OCID of the key.

IsPrimary bool

A boolean that will be true when key is primary, and will be false when key is a replica from a primary key.

KeyId string
KeyShapes List<GetKeyKeyShape>

The cryptographic properties of a key.

ManagementEndpoint string
ProtectionMode string

The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. By default, a key's protection mode is set to HSM. You can't change a key's protection mode after the key is created or imported.

ReplicaDetails List<GetKeyReplicaDetail>

Key replica details

RestoreFromFiles List<GetKeyRestoreFromFile>

Details where key was backed up.

RestoreFromObjectStores List<GetKeyRestoreFromObjectStore>

Details where key was backed up

RestoreTrigger bool

When flipped, triggers restore if restore options are provided. Values of 0 or 1 are supported.

RestoredFromKeyId string

The OCID of the key from which this key was restored.

State string

The key's current lifecycle state. Example: ENABLED

TimeCreated string

The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z

TimeOfDeletion string

An optional property indicating when to delete the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

VaultId string

The OCID of the vault that contains this key.

CompartmentId string

The OCID of the compartment that contains this master encryption key.

CurrentKeyVersion string

The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.

DefinedTags map[string]interface{}

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}

DesiredState string
DisplayName string

A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.

FreeformTags map[string]interface{}

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}

Id string

The OCID of the key.

IsPrimary bool

A boolean that will be true when key is primary, and will be false when key is a replica from a primary key.

KeyId string
KeyShapes []GetKeyKeyShape

The cryptographic properties of a key.

ManagementEndpoint string
ProtectionMode string

The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. By default, a key's protection mode is set to HSM. You can't change a key's protection mode after the key is created or imported.

ReplicaDetails []GetKeyReplicaDetail

Key replica details

RestoreFromFiles []GetKeyRestoreFromFile

Details where key was backed up.

RestoreFromObjectStores []GetKeyRestoreFromObjectStore

Details where key was backed up

RestoreTrigger bool

When flipped, triggers restore if restore options are provided. Values of 0 or 1 are supported.

RestoredFromKeyId string

The OCID of the key from which this key was restored.

State string

The key's current lifecycle state. Example: ENABLED

TimeCreated string

The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z

TimeOfDeletion string

An optional property indicating when to delete the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

VaultId string

The OCID of the vault that contains this key.

compartmentId String

The OCID of the compartment that contains this master encryption key.

currentKeyVersion String

The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.

definedTags Map<String,Object>

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}

desiredState String
displayName String

A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.

freeformTags Map<String,Object>

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}

id String

The OCID of the key.

isPrimary Boolean

A boolean that will be true when key is primary, and will be false when key is a replica from a primary key.

keyId String
keyShapes List<GetKeyKeyShape>

The cryptographic properties of a key.

managementEndpoint String
protectionMode String

The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. By default, a key's protection mode is set to HSM. You can't change a key's protection mode after the key is created or imported.

replicaDetails List<GetKeyReplicaDetail>

Key replica details

restoreFromFiles List<GetKeyRestoreFromFile>

Details where key was backed up.

restoreFromObjectStores List<GetKeyRestoreFromObjectStore>

Details where key was backed up

restoreTrigger Boolean

When flipped, triggers restore if restore options are provided. Values of 0 or 1 are supported.

restoredFromKeyId String

The OCID of the key from which this key was restored.

state String

The key's current lifecycle state. Example: ENABLED

timeCreated String

The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z

timeOfDeletion String

An optional property indicating when to delete the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

vaultId String

The OCID of the vault that contains this key.

compartmentId string

The OCID of the compartment that contains this master encryption key.

currentKeyVersion string

The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.

definedTags {[key: string]: any}

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}

desiredState string
displayName string

A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.

freeformTags {[key: string]: any}

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}

id string

The OCID of the key.

isPrimary boolean

A boolean that will be true when key is primary, and will be false when key is a replica from a primary key.

keyId string
keyShapes GetKeyKeyShape[]

The cryptographic properties of a key.

managementEndpoint string
protectionMode string

The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. By default, a key's protection mode is set to HSM. You can't change a key's protection mode after the key is created or imported.

replicaDetails GetKeyReplicaDetail[]

Key replica details

restoreFromFiles GetKeyRestoreFromFile[]

Details where key was backed up.

restoreFromObjectStores GetKeyRestoreFromObjectStore[]

Details where key was backed up

restoreTrigger boolean

When flipped, triggers restore if restore options are provided. Values of 0 or 1 are supported.

restoredFromKeyId string

The OCID of the key from which this key was restored.

state string

The key's current lifecycle state. Example: ENABLED

timeCreated string

The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z

timeOfDeletion string

An optional property indicating when to delete the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

vaultId string

The OCID of the vault that contains this key.

compartment_id str

The OCID of the compartment that contains this master encryption key.

current_key_version str

The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.

defined_tags Mapping[str, Any]

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}

desired_state str
display_name str

A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.

freeform_tags Mapping[str, Any]

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}

id str

The OCID of the key.

is_primary bool

A boolean that will be true when key is primary, and will be false when key is a replica from a primary key.

key_id str
key_shapes GetKeyKeyShape]

The cryptographic properties of a key.

management_endpoint str
protection_mode str

The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. By default, a key's protection mode is set to HSM. You can't change a key's protection mode after the key is created or imported.

replica_details GetKeyReplicaDetail]

Key replica details

restore_from_files GetKeyRestoreFromFile]

Details where key was backed up.

restore_from_object_stores GetKeyRestoreFromObjectStore]

Details where key was backed up

restore_trigger bool

When flipped, triggers restore if restore options are provided. Values of 0 or 1 are supported.

restored_from_key_id str

The OCID of the key from which this key was restored.

state str

The key's current lifecycle state. Example: ENABLED

time_created str

The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z

time_of_deletion str

An optional property indicating when to delete the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

vault_id str

The OCID of the vault that contains this key.

compartmentId String

The OCID of the compartment that contains this master encryption key.

currentKeyVersion String

The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.

definedTags Map<Any>

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}

desiredState String
displayName String

A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.

freeformTags Map<Any>

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}

id String

The OCID of the key.

isPrimary Boolean

A boolean that will be true when key is primary, and will be false when key is a replica from a primary key.

keyId String
keyShapes List<Property Map>

The cryptographic properties of a key.

managementEndpoint String
protectionMode String

The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. By default, a key's protection mode is set to HSM. You can't change a key's protection mode after the key is created or imported.

replicaDetails List<Property Map>

Key replica details

restoreFromFiles List<Property Map>

Details where key was backed up.

restoreFromObjectStores List<Property Map>

Details where key was backed up

restoreTrigger Boolean

When flipped, triggers restore if restore options are provided. Values of 0 or 1 are supported.

restoredFromKeyId String

The OCID of the key from which this key was restored.

state String

The key's current lifecycle state. Example: ENABLED

timeCreated String

The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z

timeOfDeletion String

An optional property indicating when to delete the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z

vaultId String

The OCID of the vault that contains this key.

Supporting Types

GetKeyKeyShape

Algorithm string

The algorithm used by a key's key versions to encrypt or decrypt.

CurveId string

Supported curve IDs for ECDSA keys.

Length int

The length of the key in bytes, expressed as an integer. Supported values include the following:

  • AES: 16, 24, or 32
  • RSA: 256, 384, or 512
  • ECDSA: 32, 48, or 66
Algorithm string

The algorithm used by a key's key versions to encrypt or decrypt.

CurveId string

Supported curve IDs for ECDSA keys.

Length int

The length of the key in bytes, expressed as an integer. Supported values include the following:

  • AES: 16, 24, or 32
  • RSA: 256, 384, or 512
  • ECDSA: 32, 48, or 66
algorithm String

The algorithm used by a key's key versions to encrypt or decrypt.

curveId String

Supported curve IDs for ECDSA keys.

length Integer

The length of the key in bytes, expressed as an integer. Supported values include the following:

  • AES: 16, 24, or 32
  • RSA: 256, 384, or 512
  • ECDSA: 32, 48, or 66
algorithm string

The algorithm used by a key's key versions to encrypt or decrypt.

curveId string

Supported curve IDs for ECDSA keys.

length number

The length of the key in bytes, expressed as an integer. Supported values include the following:

  • AES: 16, 24, or 32
  • RSA: 256, 384, or 512
  • ECDSA: 32, 48, or 66
algorithm str

The algorithm used by a key's key versions to encrypt or decrypt.

curve_id str

Supported curve IDs for ECDSA keys.

length int

The length of the key in bytes, expressed as an integer. Supported values include the following:

  • AES: 16, 24, or 32
  • RSA: 256, 384, or 512
  • ECDSA: 32, 48, or 66
algorithm String

The algorithm used by a key's key versions to encrypt or decrypt.

curveId String

Supported curve IDs for ECDSA keys.

length Number

The length of the key in bytes, expressed as an integer. Supported values include the following:

  • AES: 16, 24, or 32
  • RSA: 256, 384, or 512
  • ECDSA: 32, 48, or 66

GetKeyReplicaDetail

ReplicationId string

ReplicationId associated with a key operation

ReplicationId string

ReplicationId associated with a key operation

replicationId String

ReplicationId associated with a key operation

replicationId string

ReplicationId associated with a key operation

replication_id str

ReplicationId associated with a key operation

replicationId String

ReplicationId associated with a key operation

GetKeyRestoreFromFile

ContentLength string

content length of key's backup binary file

ContentMd5 string

content md5 hashed value of key's backup file

RestoreKeyFromFileDetails string

Key backup file content

ContentLength string

content length of key's backup binary file

ContentMd5 string

content md5 hashed value of key's backup file

RestoreKeyFromFileDetails string

Key backup file content

contentLength String

content length of key's backup binary file

contentMd5 String

content md5 hashed value of key's backup file

restoreKeyFromFileDetails String

Key backup file content

contentLength string

content length of key's backup binary file

contentMd5 string

content md5 hashed value of key's backup file

restoreKeyFromFileDetails string

Key backup file content

content_length str

content length of key's backup binary file

content_md5 str

content md5 hashed value of key's backup file

restore_key_from_file_details str

Key backup file content

contentLength String

content length of key's backup binary file

contentMd5 String

content md5 hashed value of key's backup file

restoreKeyFromFileDetails String

Key backup file content

GetKeyRestoreFromObjectStore

Bucket string

Name of the bucket where key was backed up

Destination string

Type of backup to restore from. Values of "BUCKET", "PRE_AUTHENTICATED_REQUEST_URI" are supported

Namespace string

Namespace of the bucket where key was backed up

Object string

Object containing the backup

Uri string

Pre-authenticated-request-uri of the backup

Bucket string

Name of the bucket where key was backed up

Destination string

Type of backup to restore from. Values of "BUCKET", "PRE_AUTHENTICATED_REQUEST_URI" are supported

Namespace string

Namespace of the bucket where key was backed up

Object string

Object containing the backup

Uri string

Pre-authenticated-request-uri of the backup

bucket String

Name of the bucket where key was backed up

destination String

Type of backup to restore from. Values of "BUCKET", "PRE_AUTHENTICATED_REQUEST_URI" are supported

namespace String

Namespace of the bucket where key was backed up

object String

Object containing the backup

uri String

Pre-authenticated-request-uri of the backup

bucket string

Name of the bucket where key was backed up

destination string

Type of backup to restore from. Values of "BUCKET", "PRE_AUTHENTICATED_REQUEST_URI" are supported

namespace string

Namespace of the bucket where key was backed up

object string

Object containing the backup

uri string

Pre-authenticated-request-uri of the backup

bucket str

Name of the bucket where key was backed up

destination str

Type of backup to restore from. Values of "BUCKET", "PRE_AUTHENTICATED_REQUEST_URI" are supported

namespace str

Namespace of the bucket where key was backed up

object str

Object containing the backup

uri str

Pre-authenticated-request-uri of the backup

bucket String

Name of the bucket where key was backed up

destination String

Type of backup to restore from. Values of "BUCKET", "PRE_AUTHENTICATED_REQUEST_URI" are supported

namespace String

Namespace of the bucket where key was backed up

object String

Object containing the backup

uri String

Pre-authenticated-request-uri of the backup

Package Details

Repository
https://github.com/pulumi/pulumi-oci
License
Apache-2.0
Notes

This Pulumi package is based on the oci Terraform Provider.