tls logo
TLS v4.10.0, Feb 15 23

tls.getPublicKey

Get a public key from a PEM-encoded private key.

Use this data source to get the public key from a PEM (RFC 1421) or OpenSSH PEM (RFC 4716) formatted private key, for use in other resources.

Example Usage

using System.Collections.Generic;
using System.IO;
using Pulumi;
using Tls = Pulumi.Tls;

return await Deployment.RunAsync(() => 
{
    var ed25519_example = new Tls.PrivateKey("ed25519-example", new()
    {
        Algorithm = "ED25519",
    });

    var privateKeyPem_example = Tls.GetPublicKey.Invoke(new()
    {
        PrivateKeyPem = ed25519_example.PrivateKeyPem,
    });

    var privateKeyOpenssh_example = Tls.GetPublicKey.Invoke(new()
    {
        PrivateKeyOpenssh = File.ReadAllText("~/.ssh/id_rsa_rfc4716"),
    });

});
package main

import (
	"io/ioutil"

	"github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func readFileOrPanic(path string) pulumi.StringPtrInput {
	data, err := ioutil.ReadFile(path)
	if err != nil {
		panic(err.Error())
	}
	return pulumi.String(string(data))
}

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := tls.NewPrivateKey(ctx, "ed25519-example", &tls.PrivateKeyArgs{
			Algorithm: pulumi.String("ED25519"),
		})
		if err != nil {
			return err
		}
		_ = tls.GetPublicKeyOutput(ctx, tls.GetPublicKeyOutputArgs{
			PrivateKeyPem: ed25519_example.PrivateKeyPem,
		}, nil)
		_, err = tls.GetPublicKey(ctx, &tls.GetPublicKeyArgs{
			PrivateKeyOpenssh: pulumi.StringRef(readFileOrPanic("~/.ssh/id_rsa_rfc4716")),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tls.PrivateKey;
import com.pulumi.tls.PrivateKeyArgs;
import com.pulumi.tls.TlsFunctions;
import com.pulumi.tls.inputs.GetPublicKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var ed25519_example = new PrivateKey("ed25519-example", PrivateKeyArgs.builder()        
            .algorithm("ED25519")
            .build());

        final var privateKeyPem-example = TlsFunctions.getPublicKey(GetPublicKeyArgs.builder()
            .privateKeyPem(ed25519_example.privateKeyPem())
            .build());

        final var privateKeyOpenssh-example = TlsFunctions.getPublicKey(GetPublicKeyArgs.builder()
            .privateKeyOpenssh(Files.readString(Paths.get("~/.ssh/id_rsa_rfc4716")))
            .build());

    }
}
import pulumi
import pulumi_tls as tls

ed25519_example = tls.PrivateKey("ed25519-example", algorithm="ED25519")
private_key_pem_example = tls.get_public_key_output(private_key_pem=ed25519_example.private_key_pem)
private_key_openssh_example = tls.get_public_key(private_key_openssh=(lambda path: open(path).read())("~/.ssh/id_rsa_rfc4716"))
import * as pulumi from "@pulumi/pulumi";
import * as fs from "fs";
import * as tls from "@pulumi/tls";

const ed25519_example = new tls.PrivateKey("ed25519-example", {algorithm: "ED25519"});
const privateKeyPem-example = tls.getPublicKeyOutput({
    privateKeyPem: ed25519_example.privateKeyPem,
});
const privateKeyOpenssh-example = tls.getPublicKey({
    privateKeyOpenssh: fs.readFileSync("~/.ssh/id_rsa_rfc4716"),
});
resources:
  ed25519-example:
    type: tls:PrivateKey
    properties:
      algorithm: ED25519
variables:
  privateKeyPem-example:
    fn::invoke:
      Function: tls:getPublicKey
      Arguments:
        privateKeyPem: ${["ed25519-example"].privateKeyPem}
  privateKeyOpenssh-example:
    fn::invoke:
      Function: tls:getPublicKey
      Arguments:
        privateKeyOpenssh:
          fn::readFile: ~/.ssh/id_rsa_rfc4716

Using getPublicKey

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getPublicKey(args: GetPublicKeyArgs, opts?: InvokeOptions): Promise<GetPublicKeyResult>
function getPublicKeyOutput(args: GetPublicKeyOutputArgs, opts?: InvokeOptions): Output<GetPublicKeyResult>
def get_public_key(private_key_openssh: Optional[str] = None,
                   private_key_pem: Optional[str] = None,
                   opts: Optional[InvokeOptions] = None) -> GetPublicKeyResult
def get_public_key_output(private_key_openssh: Optional[pulumi.Input[str]] = None,
                   private_key_pem: Optional[pulumi.Input[str]] = None,
                   opts: Optional[InvokeOptions] = None) -> Output[GetPublicKeyResult]
func GetPublicKey(ctx *Context, args *GetPublicKeyArgs, opts ...InvokeOption) (*GetPublicKeyResult, error)
func GetPublicKeyOutput(ctx *Context, args *GetPublicKeyOutputArgs, opts ...InvokeOption) GetPublicKeyResultOutput

> Note: This function is named GetPublicKey in the Go SDK.

public static class GetPublicKey 
{
    public static Task<GetPublicKeyResult> InvokeAsync(GetPublicKeyArgs args, InvokeOptions? opts = null)
    public static Output<GetPublicKeyResult> Invoke(GetPublicKeyInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetPublicKeyResult> getPublicKey(GetPublicKeyArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
  function: tls:index/getPublicKey:getPublicKey
  arguments:
    # arguments dictionary

The following arguments are supported:

PrivateKeyOpenssh string

The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. Currently-supported algorithms for keys are RSA, ECDSA and ED25519. This is mutually exclusive with private_key_pem.

PrivateKeyPem string

The private key (in PEM (RFC 1421) format) to extract the public key from. Currently-supported algorithms for keys are RSA, ECDSA and ED25519. This is mutually exclusive with private_key_openssh.

PrivateKeyOpenssh string

The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. Currently-supported algorithms for keys are RSA, ECDSA and ED25519. This is mutually exclusive with private_key_pem.

PrivateKeyPem string

The private key (in PEM (RFC 1421) format) to extract the public key from. Currently-supported algorithms for keys are RSA, ECDSA and ED25519. This is mutually exclusive with private_key_openssh.

privateKeyOpenssh String

The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. Currently-supported algorithms for keys are RSA, ECDSA and ED25519. This is mutually exclusive with private_key_pem.

privateKeyPem String

The private key (in PEM (RFC 1421) format) to extract the public key from. Currently-supported algorithms for keys are RSA, ECDSA and ED25519. This is mutually exclusive with private_key_openssh.

privateKeyOpenssh string

The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. Currently-supported algorithms for keys are RSA, ECDSA and ED25519. This is mutually exclusive with private_key_pem.

privateKeyPem string

The private key (in PEM (RFC 1421) format) to extract the public key from. Currently-supported algorithms for keys are RSA, ECDSA and ED25519. This is mutually exclusive with private_key_openssh.

private_key_openssh str

The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. Currently-supported algorithms for keys are RSA, ECDSA and ED25519. This is mutually exclusive with private_key_pem.

private_key_pem str

The private key (in PEM (RFC 1421) format) to extract the public key from. Currently-supported algorithms for keys are RSA, ECDSA and ED25519. This is mutually exclusive with private_key_openssh.

privateKeyOpenssh String

The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. Currently-supported algorithms for keys are RSA, ECDSA and ED25519. This is mutually exclusive with private_key_pem.

privateKeyPem String

The private key (in PEM (RFC 1421) format) to extract the public key from. Currently-supported algorithms for keys are RSA, ECDSA and ED25519. This is mutually exclusive with private_key_openssh.

getPublicKey Result

The following output properties are available:

Algorithm string

The name of the algorithm used by the given private key. Possible values are: RSA, ECDSA and ED25519.

Id string

Unique identifier for this data source: hexadecimal representation of the SHA1 checksum of the data source.

PublicKeyFingerprintMd5 string

The fingerprint of the public key data in OpenSSH MD5 hash format, e.g. aa:bb:cc:.... Only available if the selected private key format is compatible, as per the rules for public_key_openssh and ECDSA P224 limitations.

PublicKeyFingerprintSha256 string

The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g. SHA256:.... Only available if the selected private key format is compatible, as per the rules for public_key_openssh and ECDSA P224 limitations.

PublicKeyOpenssh string
PublicKeyPem string
PrivateKeyOpenssh string

The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. Currently-supported algorithms for keys are RSA, ECDSA and ED25519. This is mutually exclusive with private_key_pem.

PrivateKeyPem string

The private key (in PEM (RFC 1421) format) to extract the public key from. Currently-supported algorithms for keys are RSA, ECDSA and ED25519. This is mutually exclusive with private_key_openssh.

Algorithm string

The name of the algorithm used by the given private key. Possible values are: RSA, ECDSA and ED25519.

Id string

Unique identifier for this data source: hexadecimal representation of the SHA1 checksum of the data source.

PublicKeyFingerprintMd5 string

The fingerprint of the public key data in OpenSSH MD5 hash format, e.g. aa:bb:cc:.... Only available if the selected private key format is compatible, as per the rules for public_key_openssh and ECDSA P224 limitations.

PublicKeyFingerprintSha256 string

The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g. SHA256:.... Only available if the selected private key format is compatible, as per the rules for public_key_openssh and ECDSA P224 limitations.

PublicKeyOpenssh string
PublicKeyPem string
PrivateKeyOpenssh string

The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. Currently-supported algorithms for keys are RSA, ECDSA and ED25519. This is mutually exclusive with private_key_pem.

PrivateKeyPem string

The private key (in PEM (RFC 1421) format) to extract the public key from. Currently-supported algorithms for keys are RSA, ECDSA and ED25519. This is mutually exclusive with private_key_openssh.

algorithm String

The name of the algorithm used by the given private key. Possible values are: RSA, ECDSA and ED25519.

id String

Unique identifier for this data source: hexadecimal representation of the SHA1 checksum of the data source.

publicKeyFingerprintMd5 String

The fingerprint of the public key data in OpenSSH MD5 hash format, e.g. aa:bb:cc:.... Only available if the selected private key format is compatible, as per the rules for public_key_openssh and ECDSA P224 limitations.

publicKeyFingerprintSha256 String

The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g. SHA256:.... Only available if the selected private key format is compatible, as per the rules for public_key_openssh and ECDSA P224 limitations.

publicKeyOpenssh String
publicKeyPem String
privateKeyOpenssh String

The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. Currently-supported algorithms for keys are RSA, ECDSA and ED25519. This is mutually exclusive with private_key_pem.

privateKeyPem String

The private key (in PEM (RFC 1421) format) to extract the public key from. Currently-supported algorithms for keys are RSA, ECDSA and ED25519. This is mutually exclusive with private_key_openssh.

algorithm string

The name of the algorithm used by the given private key. Possible values are: RSA, ECDSA and ED25519.

id string

Unique identifier for this data source: hexadecimal representation of the SHA1 checksum of the data source.

publicKeyFingerprintMd5 string

The fingerprint of the public key data in OpenSSH MD5 hash format, e.g. aa:bb:cc:.... Only available if the selected private key format is compatible, as per the rules for public_key_openssh and ECDSA P224 limitations.

publicKeyFingerprintSha256 string

The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g. SHA256:.... Only available if the selected private key format is compatible, as per the rules for public_key_openssh and ECDSA P224 limitations.

publicKeyOpenssh string
publicKeyPem string
privateKeyOpenssh string

The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. Currently-supported algorithms for keys are RSA, ECDSA and ED25519. This is mutually exclusive with private_key_pem.

privateKeyPem string

The private key (in PEM (RFC 1421) format) to extract the public key from. Currently-supported algorithms for keys are RSA, ECDSA and ED25519. This is mutually exclusive with private_key_openssh.

algorithm str

The name of the algorithm used by the given private key. Possible values are: RSA, ECDSA and ED25519.

id str

Unique identifier for this data source: hexadecimal representation of the SHA1 checksum of the data source.

public_key_fingerprint_md5 str

The fingerprint of the public key data in OpenSSH MD5 hash format, e.g. aa:bb:cc:.... Only available if the selected private key format is compatible, as per the rules for public_key_openssh and ECDSA P224 limitations.

public_key_fingerprint_sha256 str

The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g. SHA256:.... Only available if the selected private key format is compatible, as per the rules for public_key_openssh and ECDSA P224 limitations.

public_key_openssh str
public_key_pem str
private_key_openssh str

The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. Currently-supported algorithms for keys are RSA, ECDSA and ED25519. This is mutually exclusive with private_key_pem.

private_key_pem str

The private key (in PEM (RFC 1421) format) to extract the public key from. Currently-supported algorithms for keys are RSA, ECDSA and ED25519. This is mutually exclusive with private_key_openssh.

algorithm String

The name of the algorithm used by the given private key. Possible values are: RSA, ECDSA and ED25519.

id String

Unique identifier for this data source: hexadecimal representation of the SHA1 checksum of the data source.

publicKeyFingerprintMd5 String

The fingerprint of the public key data in OpenSSH MD5 hash format, e.g. aa:bb:cc:.... Only available if the selected private key format is compatible, as per the rules for public_key_openssh and ECDSA P224 limitations.

publicKeyFingerprintSha256 String

The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g. SHA256:.... Only available if the selected private key format is compatible, as per the rules for public_key_openssh and ECDSA P224 limitations.

publicKeyOpenssh String
publicKeyPem String
privateKeyOpenssh String

The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. Currently-supported algorithms for keys are RSA, ECDSA and ED25519. This is mutually exclusive with private_key_pem.

privateKeyPem String

The private key (in PEM (RFC 1421) format) to extract the public key from. Currently-supported algorithms for keys are RSA, ECDSA and ED25519. This is mutually exclusive with private_key_openssh.

Package Details

Repository
TLS pulumi/pulumi-tls
License
Apache-2.0
Notes

This Pulumi package is based on the tls Terraform Provider.