getServerKeys

Okta v6.2.0, Dec 11 25

Okta v6.2.0 published on Thursday, Dec 11, 2025 by Pulumi

Schema (JSON)

pulumi/pulumi-okta

Okta v6.2.0 published on Thursday, Dec 11, 2025 by Pulumi

Schema (JSON)

pulumi/pulumi-okta

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = okta.auth.getServerKeys({
    authServerId: "aus123456789abcdefgh",
    keyId: "abcdefghijk0123456789",
});

import pulumi
import pulumi_okta as okta

example = okta.auth.get_server_keys(auth_server_id="aus123456789abcdefgh",
    key_id="abcdefghijk0123456789")

package main

import (
	"github.com/pulumi/pulumi-okta/sdk/v6/go/okta/auth"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth.GetServerKeys(ctx, &auth.GetServerKeysArgs{
			AuthServerId: "aus123456789abcdefgh",
			KeyId:        "abcdefghijk0123456789",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;

return await Deployment.RunAsync(() => 
{
    var example = Okta.Auth.GetServerKeys.Invoke(new()
    {
        AuthServerId = "aus123456789abcdefgh",
        KeyId = "abcdefghijk0123456789",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.auth.AuthFunctions;
import com.pulumi.okta.auth.inputs.GetServerKeysArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = AuthFunctions.getServerKeys(GetServerKeysArgs.builder()
            .authServerId("aus123456789abcdefgh")
            .keyId("abcdefghijk0123456789")
            .build());

    }
}

variables:
  example:
    fn::invoke:
      function: okta:auth:getServerKeys
      arguments:
        authServerId: aus123456789abcdefgh
        keyId: abcdefghijk0123456789

Notes

To find available key IDs for an authorization server, you can use the Okta Admin Console or make a direct API call to /api/v1/authorizationServers/{authServerId}/credentials/keys
The key ID (kid) is automatically generated by Okta and is unique within the authorization server
This data source is useful for retrieving key information for verification purposes or to reference in other configurations

Using getServerKeys

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getServerKeys(args: GetServerKeysArgs, opts?: InvokeOptions): Promise<GetServerKeysResult>
function getServerKeysOutput(args: GetServerKeysOutputArgs, opts?: InvokeOptions): Output<GetServerKeysResult>

def get_server_keys(auth_server_id: Optional[str] = None,
                    key_id: Optional[str] = None,
                    opts: Optional[InvokeOptions] = None) -> GetServerKeysResult
def get_server_keys_output(auth_server_id: Optional[pulumi.Input[str]] = None,
                    key_id: Optional[pulumi.Input[str]] = None,
                    opts: Optional[InvokeOptions] = None) -> Output[GetServerKeysResult]

func GetServerKeys(ctx *Context, args *GetServerKeysArgs, opts ...InvokeOption) (*GetServerKeysResult, error)
func GetServerKeysOutput(ctx *Context, args *GetServerKeysOutputArgs, opts ...InvokeOption) GetServerKeysResultOutput

> Note: This function is named GetServerKeys in the Go SDK.

public static class GetServerKeys 
{
    public static Task<GetServerKeysResult> InvokeAsync(GetServerKeysArgs args, InvokeOptions? opts = null)
    public static Output<GetServerKeysResult> Invoke(GetServerKeysInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetServerKeysResult> getServerKeys(GetServerKeysArgs args, InvokeOptions options)
public static Output<GetServerKeysResult> getServerKeys(GetServerKeysArgs args, InvokeOptions options)

fn::invoke:
  function: okta:auth/getServerKeys:getServerKeys
  arguments:
    # arguments dictionary

The following arguments are supported:

AuthServerId string: The ID of the authorization server.
KeyId string: The ID of the certificate key.

AuthServerId string: The ID of the authorization server.
KeyId string: The ID of the certificate key.

authServerId String: The ID of the authorization server.
keyId String: The ID of the certificate key.

authServerId string: The ID of the authorization server.
keyId string: The ID of the certificate key.

auth_server_id str: The ID of the authorization server.
key_id str: The ID of the certificate key.

authServerId String: The ID of the authorization server.
keyId String: The ID of the certificate key.

getServerKeys Result

The following output properties are available:

Alg string: The algorithm used with the Key. Typically "RS256" for RSA keys.
AuthServerId string: The ID of the authorization server.
E string: RSA key value (public exponent) for Key binding. Typically "AQAB".
Id string
KeyId string: The ID of the certificate key.
Kid string: Unique identifier for the key (Key ID).
N string: RSA modulus value that is used by both the public and private keys and provides a link between them.
Status string: The status of the key. An ACTIVE key is used to sign tokens issued by the authorization server. Supported values: ACTIVE, NEXT, or EXPIRED. A NEXT key is the next key that the authorization server uses to sign tokens when keys are rotated. The NEXT key might not be listed if it hasn't been generated. An EXPIRED key is the previous key that the authorization server used to sign tokens. The EXPIRED key might not be listed if no key has expired or the expired key was deleted.
Use string: Acceptable use of the key. Typically "sig" for signature operations.

Alg string: The algorithm used with the Key. Typically "RS256" for RSA keys.
AuthServerId string: The ID of the authorization server.
E string: RSA key value (public exponent) for Key binding. Typically "AQAB".
Id string
KeyId string: The ID of the certificate key.
Kid string: Unique identifier for the key (Key ID).
N string: RSA modulus value that is used by both the public and private keys and provides a link between them.
Status string: The status of the key. An ACTIVE key is used to sign tokens issued by the authorization server. Supported values: ACTIVE, NEXT, or EXPIRED. A NEXT key is the next key that the authorization server uses to sign tokens when keys are rotated. The NEXT key might not be listed if it hasn't been generated. An EXPIRED key is the previous key that the authorization server used to sign tokens. The EXPIRED key might not be listed if no key has expired or the expired key was deleted.
Use string: Acceptable use of the key. Typically "sig" for signature operations.

alg String: The algorithm used with the Key. Typically "RS256" for RSA keys.
authServerId String: The ID of the authorization server.
e String: RSA key value (public exponent) for Key binding. Typically "AQAB".
id String
keyId String: The ID of the certificate key.
kid String: Unique identifier for the key (Key ID).
n String: RSA modulus value that is used by both the public and private keys and provides a link between them.
status String: The status of the key. An ACTIVE key is used to sign tokens issued by the authorization server. Supported values: ACTIVE, NEXT, or EXPIRED. A NEXT key is the next key that the authorization server uses to sign tokens when keys are rotated. The NEXT key might not be listed if it hasn't been generated. An EXPIRED key is the previous key that the authorization server used to sign tokens. The EXPIRED key might not be listed if no key has expired or the expired key was deleted.
use String: Acceptable use of the key. Typically "sig" for signature operations.

alg string: The algorithm used with the Key. Typically "RS256" for RSA keys.
authServerId string: The ID of the authorization server.
e string: RSA key value (public exponent) for Key binding. Typically "AQAB".
id string
keyId string: The ID of the certificate key.
kid string: Unique identifier for the key (Key ID).
n string: RSA modulus value that is used by both the public and private keys and provides a link between them.
status string: The status of the key. An ACTIVE key is used to sign tokens issued by the authorization server. Supported values: ACTIVE, NEXT, or EXPIRED. A NEXT key is the next key that the authorization server uses to sign tokens when keys are rotated. The NEXT key might not be listed if it hasn't been generated. An EXPIRED key is the previous key that the authorization server used to sign tokens. The EXPIRED key might not be listed if no key has expired or the expired key was deleted.
use string: Acceptable use of the key. Typically "sig" for signature operations.

alg str: The algorithm used with the Key. Typically "RS256" for RSA keys.
auth_server_id str: The ID of the authorization server.
e str: RSA key value (public exponent) for Key binding. Typically "AQAB".
id str
key_id str: The ID of the certificate key.
kid str: Unique identifier for the key (Key ID).
n str: RSA modulus value that is used by both the public and private keys and provides a link between them.
status str: The status of the key. An ACTIVE key is used to sign tokens issued by the authorization server. Supported values: ACTIVE, NEXT, or EXPIRED. A NEXT key is the next key that the authorization server uses to sign tokens when keys are rotated. The NEXT key might not be listed if it hasn't been generated. An EXPIRED key is the previous key that the authorization server used to sign tokens. The EXPIRED key might not be listed if no key has expired or the expired key was deleted.
use str: Acceptable use of the key. Typically "sig" for signature operations.

alg String: The algorithm used with the Key. Typically "RS256" for RSA keys.
authServerId String: The ID of the authorization server.
e String: RSA key value (public exponent) for Key binding. Typically "AQAB".
id String
keyId String: The ID of the certificate key.
kid String: Unique identifier for the key (Key ID).
n String: RSA modulus value that is used by both the public and private keys and provides a link between them.
status String: The status of the key. An ACTIVE key is used to sign tokens issued by the authorization server. Supported values: ACTIVE, NEXT, or EXPIRED. A NEXT key is the next key that the authorization server uses to sign tokens when keys are rotated. The NEXT key might not be listed if it hasn't been generated. An EXPIRED key is the previous key that the authorization server used to sign tokens. The EXPIRED key might not be listed if no key has expired or the expired key was deleted.
use String: Acceptable use of the key. Typically "sig" for signature operations.