Docs Home
TLS v5.1.1 published on Saturday, Mar 15, 2025 by Pulumi
tls.getPublicKey
Explore with Pulumi AI
Get a public key from a PEM-encoded private key.
Use this data source to get the public key from a PEM (RFC 1421) or OpenSSH PEM (RFC 4716) formatted private key, for use in other resources.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as std from "@pulumi/std";
import * as tls from "@pulumi/tls";
const ed25519_example = new tls.PrivateKey("ed25519-example", {algorithm: "ED25519"});
// Public key loaded from a terraform-generated private key, using the PEM (RFC 1421) format
const privateKeyPem_example = tls.getPublicKeyOutput({
privateKeyPem: ed25519_example.privateKeyPem,
});
// Public key loaded from filesystem, using the Open SSH (RFC 4716) format
const privateKeyOpenssh_example = std.file({
input: "~/.ssh/id_rsa_rfc4716",
}).then(invoke => tls.getPublicKey({
privateKeyOpenssh: invoke.result,
}));
import pulumi
import pulumi_std as std
import pulumi_tls as tls
ed25519_example = tls.PrivateKey("ed25519-example", algorithm="ED25519")
# Public key loaded from a terraform-generated private key, using the PEM (RFC 1421) format
private_key_pem_example = tls.get_public_key_output(private_key_pem=ed25519_example.private_key_pem)
# Public key loaded from filesystem, using the Open SSH (RFC 4716) format
private_key_openssh_example = tls.get_public_key(private_key_openssh=std.file(input="~/.ssh/id_rsa_rfc4716").result)
package main
import (
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi-tls/sdk/v5/go/tls"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
ed25519_example, err := tls.NewPrivateKey(ctx, "ed25519-example", &tls.PrivateKeyArgs{
Algorithm: pulumi.String("ED25519"),
})
if err != nil {
return err
}
// Public key loaded from a terraform-generated private key, using the PEM (RFC 1421) format
_ = tls.GetPublicKeyOutput(ctx, tls.GetPublicKeyOutputArgs{
PrivateKeyPem: ed25519_example.PrivateKeyPem,
}, nil)
// Public key loaded from filesystem, using the Open SSH (RFC 4716) format
_, err = tls.GetPublicKey(ctx, &tls.GetPublicKeyArgs{
PrivateKeyOpenssh: pulumi.StringRef(std.File(ctx, &std.FileArgs{
Input: "~/.ssh/id_rsa_rfc4716",
}, nil).Result),
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Std = Pulumi.Std;
using Tls = Pulumi.Tls;
return await Deployment.RunAsync(() =>
{
var ed25519_example = new Tls.PrivateKey("ed25519-example", new()
{
Algorithm = "ED25519",
});
// Public key loaded from a terraform-generated private key, using the PEM (RFC 1421) format
var privateKeyPem_example = Tls.GetPublicKey.Invoke(new()
{
PrivateKeyPem = ed25519_example.PrivateKeyPem,
});
// Public key loaded from filesystem, using the Open SSH (RFC 4716) format
var privateKeyOpenssh_example = Tls.GetPublicKey.Invoke(new()
{
PrivateKeyOpenssh = Std.File.Invoke(new()
{
Input = "~/.ssh/id_rsa_rfc4716",
}).Result,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tls.PrivateKey;
import com.pulumi.tls.PrivateKeyArgs;
import com.pulumi.tls.TlsFunctions;
import com.pulumi.tls.inputs.GetPublicKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var ed25519_example = new PrivateKey("ed25519-example", PrivateKeyArgs.builder()
.algorithm("ED25519")
.build());
// Public key loaded from a terraform-generated private key, using the PEM (RFC 1421) format
final var privateKeyPem-example = TlsFunctions.getPublicKey(GetPublicKeyArgs.builder()
.privateKeyPem(ed25519_example.privateKeyPem())
.build());
// Public key loaded from filesystem, using the Open SSH (RFC 4716) format
final var privateKeyOpenssh-example = TlsFunctions.getPublicKey(GetPublicKeyArgs.builder()
.privateKeyOpenssh(StdFunctions.file(FileArgs.builder()
.input("~/.ssh/id_rsa_rfc4716")
.build()).result())
.build());
}
}
resources:
ed25519-example:
type: tls:PrivateKey
properties:
algorithm: ED25519
variables:
# Public key loaded from a terraform-generated private key, using the PEM (RFC 1421) format
privateKeyPem-example:
fn::invoke:
function: tls:getPublicKey
arguments:
privateKeyPem: ${["ed25519-example"].privateKeyPem}
# Public key loaded from filesystem, using the Open SSH (RFC 4716) format
privateKeyOpenssh-example:
fn::invoke:
function: tls:getPublicKey
arguments:
privateKeyOpenssh:
fn::invoke:
function: std:file
arguments:
input: ~/.ssh/id_rsa_rfc4716
return: result
Using getPublicKey
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getPublicKey(args: GetPublicKeyArgs, opts?: InvokeOptions): Promise<GetPublicKeyResult>
function getPublicKeyOutput(args: GetPublicKeyOutputArgs, opts?: InvokeOptions): Output<GetPublicKeyResult>def get_public_key(private_key_openssh: Optional[str] = None,
private_key_pem: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetPublicKeyResult
def get_public_key_output(private_key_openssh: Optional[pulumi.Input[str]] = None,
private_key_pem: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetPublicKeyResult]func GetPublicKey(ctx *Context, args *GetPublicKeyArgs, opts ...InvokeOption) (*GetPublicKeyResult, error)
func GetPublicKeyOutput(ctx *Context, args *GetPublicKeyOutputArgs, opts ...InvokeOption) GetPublicKeyResultOutput> Note: This function is named GetPublicKey in the Go SDK.
public static class GetPublicKey
{
public static Task<GetPublicKeyResult> InvokeAsync(GetPublicKeyArgs args, InvokeOptions? opts = null)
public static Output<GetPublicKeyResult> Invoke(GetPublicKeyInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetPublicKeyResult> getPublicKey(GetPublicKeyArgs args, InvokeOptions options)
public static Output<GetPublicKeyResult> getPublicKey(GetPublicKeyArgs args, InvokeOptions options)
fn::invoke:
function: tls:index/getPublicKey:getPublicKey
arguments:
# arguments dictionaryThe following arguments are supported:
- Private
Key stringOpenssh - The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. This is mutually exclusive with
private_key_pem. Currently-supported algorithms for keys are:RSA,ECDSA,ED25519. - Private
Key stringPem - The private key (in PEM (RFC 1421) format) to extract the public key from. This is mutually exclusive with
private_key_openssh. Currently-supported algorithms for keys are:RSA,ECDSA,ED25519.
- Private
Key stringOpenssh - The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. This is mutually exclusive with
private_key_pem. Currently-supported algorithms for keys are:RSA,ECDSA,ED25519. - Private
Key stringPem - The private key (in PEM (RFC 1421) format) to extract the public key from. This is mutually exclusive with
private_key_openssh. Currently-supported algorithms for keys are:RSA,ECDSA,ED25519.
- private
Key StringOpenssh - The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. This is mutually exclusive with
private_key_pem. Currently-supported algorithms for keys are:RSA,ECDSA,ED25519. - private
Key StringPem - The private key (in PEM (RFC 1421) format) to extract the public key from. This is mutually exclusive with
private_key_openssh. Currently-supported algorithms for keys are:RSA,ECDSA,ED25519.
- private
Key stringOpenssh - The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. This is mutually exclusive with
private_key_pem. Currently-supported algorithms for keys are:RSA,ECDSA,ED25519. - private
Key stringPem - The private key (in PEM (RFC 1421) format) to extract the public key from. This is mutually exclusive with
private_key_openssh. Currently-supported algorithms for keys are:RSA,ECDSA,ED25519.
- private_
key_ stropenssh - The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. This is mutually exclusive with
private_key_pem. Currently-supported algorithms for keys are:RSA,ECDSA,ED25519. - private_
key_ strpem - The private key (in PEM (RFC 1421) format) to extract the public key from. This is mutually exclusive with
private_key_openssh. Currently-supported algorithms for keys are:RSA,ECDSA,ED25519.
- private
Key StringOpenssh - The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. This is mutually exclusive with
private_key_pem. Currently-supported algorithms for keys are:RSA,ECDSA,ED25519. - private
Key StringPem - The private key (in PEM (RFC 1421) format) to extract the public key from. This is mutually exclusive with
private_key_openssh. Currently-supported algorithms for keys are:RSA,ECDSA,ED25519.
getPublicKey Result
The following output properties are available:
- Algorithm string
- The name of the algorithm used by the given private key. Possible values are:
RSA,ECDSA,ED25519. - Id string
- Unique identifier for this data source: hexadecimal representation of the SHA1 checksum of the data source.
- Public
Key stringFingerprint Md5 - The fingerprint of the public key data in OpenSSH MD5 hash format, e.g.
aa:bb:cc:.... Only available if the selected private key format is compatible, as per the rules forpublic_key_opensshand ECDSA P224 limitations. - Public
Key stringFingerprint Sha256 - The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g.
SHA256:.... Only available if the selected private key format is compatible, as per the rules forpublic_key_opensshand ECDSA P224 limitations. - Public
Key stringOpenssh - The public key, in OpenSSH PEM (RFC 4716) format. This is also known as 'Authorized Keys' format. This is not populated for
ECDSAwith curveP224, as it is not supported. NOTE: the underlying libraries that generate this value append a\nat the end of the PEM. In case this disrupts your use case, we recommend usingtrimspace(). - Public
Key stringPem - The public key, in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a
\nat the end of the PEM. In case this disrupts your use case, we recommend usingtrimspace(). - Private
Key stringOpenssh - The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. This is mutually exclusive with
private_key_pem. Currently-supported algorithms for keys are:RSA,ECDSA,ED25519. - Private
Key stringPem - The private key (in PEM (RFC 1421) format) to extract the public key from. This is mutually exclusive with
private_key_openssh. Currently-supported algorithms for keys are:RSA,ECDSA,ED25519.
- Algorithm string
- The name of the algorithm used by the given private key. Possible values are:
RSA,ECDSA,ED25519. - Id string
- Unique identifier for this data source: hexadecimal representation of the SHA1 checksum of the data source.
- Public
Key stringFingerprint Md5 - The fingerprint of the public key data in OpenSSH MD5 hash format, e.g.
aa:bb:cc:.... Only available if the selected private key format is compatible, as per the rules forpublic_key_opensshand ECDSA P224 limitations. - Public
Key stringFingerprint Sha256 - The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g.
SHA256:.... Only available if the selected private key format is compatible, as per the rules forpublic_key_opensshand ECDSA P224 limitations. - Public
Key stringOpenssh - The public key, in OpenSSH PEM (RFC 4716) format. This is also known as 'Authorized Keys' format. This is not populated for
ECDSAwith curveP224, as it is not supported. NOTE: the underlying libraries that generate this value append a\nat the end of the PEM. In case this disrupts your use case, we recommend usingtrimspace(). - Public
Key stringPem - The public key, in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a
\nat the end of the PEM. In case this disrupts your use case, we recommend usingtrimspace(). - Private
Key stringOpenssh - The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. This is mutually exclusive with
private_key_pem. Currently-supported algorithms for keys are:RSA,ECDSA,ED25519. - Private
Key stringPem - The private key (in PEM (RFC 1421) format) to extract the public key from. This is mutually exclusive with
private_key_openssh. Currently-supported algorithms for keys are:RSA,ECDSA,ED25519.
- algorithm String
- The name of the algorithm used by the given private key. Possible values are:
RSA,ECDSA,ED25519. - id String
- Unique identifier for this data source: hexadecimal representation of the SHA1 checksum of the data source.
- public
Key StringFingerprint Md5 - The fingerprint of the public key data in OpenSSH MD5 hash format, e.g.
aa:bb:cc:.... Only available if the selected private key format is compatible, as per the rules forpublic_key_opensshand ECDSA P224 limitations. - public
Key StringFingerprint Sha256 - The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g.
SHA256:.... Only available if the selected private key format is compatible, as per the rules forpublic_key_opensshand ECDSA P224 limitations. - public
Key StringOpenssh - The public key, in OpenSSH PEM (RFC 4716) format. This is also known as 'Authorized Keys' format. This is not populated for
ECDSAwith curveP224, as it is not supported. NOTE: the underlying libraries that generate this value append a\nat the end of the PEM. In case this disrupts your use case, we recommend usingtrimspace(). - public
Key StringPem - The public key, in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a
\nat the end of the PEM. In case this disrupts your use case, we recommend usingtrimspace(). - private
Key StringOpenssh - The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. This is mutually exclusive with
private_key_pem. Currently-supported algorithms for keys are:RSA,ECDSA,ED25519. - private
Key StringPem - The private key (in PEM (RFC 1421) format) to extract the public key from. This is mutually exclusive with
private_key_openssh. Currently-supported algorithms for keys are:RSA,ECDSA,ED25519.
- algorithm string
- The name of the algorithm used by the given private key. Possible values are:
RSA,ECDSA,ED25519. - id string
- Unique identifier for this data source: hexadecimal representation of the SHA1 checksum of the data source.
- public
Key stringFingerprint Md5 - The fingerprint of the public key data in OpenSSH MD5 hash format, e.g.
aa:bb:cc:.... Only available if the selected private key format is compatible, as per the rules forpublic_key_opensshand ECDSA P224 limitations. - public
Key stringFingerprint Sha256 - The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g.
SHA256:.... Only available if the selected private key format is compatible, as per the rules forpublic_key_opensshand ECDSA P224 limitations. - public
Key stringOpenssh - The public key, in OpenSSH PEM (RFC 4716) format. This is also known as 'Authorized Keys' format. This is not populated for
ECDSAwith curveP224, as it is not supported. NOTE: the underlying libraries that generate this value append a\nat the end of the PEM. In case this disrupts your use case, we recommend usingtrimspace(). - public
Key stringPem - The public key, in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a
\nat the end of the PEM. In case this disrupts your use case, we recommend usingtrimspace(). - private
Key stringOpenssh - The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. This is mutually exclusive with
private_key_pem. Currently-supported algorithms for keys are:RSA,ECDSA,ED25519. - private
Key stringPem - The private key (in PEM (RFC 1421) format) to extract the public key from. This is mutually exclusive with
private_key_openssh. Currently-supported algorithms for keys are:RSA,ECDSA,ED25519.
- algorithm str
- The name of the algorithm used by the given private key. Possible values are:
RSA,ECDSA,ED25519. - id str
- Unique identifier for this data source: hexadecimal representation of the SHA1 checksum of the data source.
- public_
key_ strfingerprint_ md5 - The fingerprint of the public key data in OpenSSH MD5 hash format, e.g.
aa:bb:cc:.... Only available if the selected private key format is compatible, as per the rules forpublic_key_opensshand ECDSA P224 limitations. - public_
key_ strfingerprint_ sha256 - The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g.
SHA256:.... Only available if the selected private key format is compatible, as per the rules forpublic_key_opensshand ECDSA P224 limitations. - public_
key_ stropenssh - The public key, in OpenSSH PEM (RFC 4716) format. This is also known as 'Authorized Keys' format. This is not populated for
ECDSAwith curveP224, as it is not supported. NOTE: the underlying libraries that generate this value append a\nat the end of the PEM. In case this disrupts your use case, we recommend usingtrimspace(). - public_
key_ strpem - The public key, in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a
\nat the end of the PEM. In case this disrupts your use case, we recommend usingtrimspace(). - private_
key_ stropenssh - The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. This is mutually exclusive with
private_key_pem. Currently-supported algorithms for keys are:RSA,ECDSA,ED25519. - private_
key_ strpem - The private key (in PEM (RFC 1421) format) to extract the public key from. This is mutually exclusive with
private_key_openssh. Currently-supported algorithms for keys are:RSA,ECDSA,ED25519.
- algorithm String
- The name of the algorithm used by the given private key. Possible values are:
RSA,ECDSA,ED25519. - id String
- Unique identifier for this data source: hexadecimal representation of the SHA1 checksum of the data source.
- public
Key StringFingerprint Md5 - The fingerprint of the public key data in OpenSSH MD5 hash format, e.g.
aa:bb:cc:.... Only available if the selected private key format is compatible, as per the rules forpublic_key_opensshand ECDSA P224 limitations. - public
Key StringFingerprint Sha256 - The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g.
SHA256:.... Only available if the selected private key format is compatible, as per the rules forpublic_key_opensshand ECDSA P224 limitations. - public
Key StringOpenssh - The public key, in OpenSSH PEM (RFC 4716) format. This is also known as 'Authorized Keys' format. This is not populated for
ECDSAwith curveP224, as it is not supported. NOTE: the underlying libraries that generate this value append a\nat the end of the PEM. In case this disrupts your use case, we recommend usingtrimspace(). - public
Key StringPem - The public key, in PEM (RFC 1421) format. NOTE: the underlying libraries that generate this value append a
\nat the end of the PEM. In case this disrupts your use case, we recommend usingtrimspace(). - private
Key StringOpenssh - The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. This is mutually exclusive with
private_key_pem. Currently-supported algorithms for keys are:RSA,ECDSA,ED25519. - private
Key StringPem - The private key (in PEM (RFC 1421) format) to extract the public key from. This is mutually exclusive with
private_key_openssh. Currently-supported algorithms for keys are:RSA,ECDSA,ED25519.
Package Details
- Repository
- TLS pulumi/pulumi-tls
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
tlsTerraform Provider.