Viewing docs for TLS v4.11.4 (Older version)
published on Tuesday, Apr 14, 2026 by Pulumi
published on Tuesday, Apr 14, 2026 by Pulumi
Viewing docs for TLS v4.11.4 (Older version)
published on Tuesday, Apr 14, 2026 by Pulumi
published on Tuesday, Apr 14, 2026 by Pulumi
Get a public key from a PEM-encoded private key.
Use this data source to get the public key from a PEM (RFC 1421) or OpenSSH PEM (RFC 4716) formatted private key, for use in other resources.
Example Usage
using System.Collections.Generic;
using System.IO;
using System.Linq;
using Pulumi;
using Tls = Pulumi.Tls;
return await Deployment.RunAsync(() =>
{
var ed25519_example = new Tls.PrivateKey("ed25519-example", new()
{
Algorithm = "ED25519",
});
var privateKeyPem_example = Tls.GetPublicKey.Invoke(new()
{
PrivateKeyPem = ed25519_example.PrivateKeyPem,
});
var privateKeyOpenssh_example = Tls.GetPublicKey.Invoke(new()
{
PrivateKeyOpenssh = File.ReadAllText("~/.ssh/id_rsa_rfc4716"),
});
});
package main
import (
"os"
"github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func readFileOrPanic(path string) pulumi.StringPtrInput {
data, err := os.ReadFile(path)
if err != nil {
panic(err.Error())
}
return pulumi.String(string(data))
}
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := tls.NewPrivateKey(ctx, "ed25519-example", &tls.PrivateKeyArgs{
Algorithm: pulumi.String("ED25519"),
})
if err != nil {
return err
}
_ = tls.GetPublicKeyOutput(ctx, tls.GetPublicKeyOutputArgs{
PrivateKeyPem: ed25519_example.PrivateKeyPem,
}, nil)
_, err = tls.GetPublicKey(ctx, &tls.GetPublicKeyArgs{
PrivateKeyOpenssh: pulumi.StringRef(readFileOrPanic("~/.ssh/id_rsa_rfc4716")),
}, nil)
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tls.PrivateKey;
import com.pulumi.tls.PrivateKeyArgs;
import com.pulumi.tls.TlsFunctions;
import com.pulumi.tls.inputs.GetPublicKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var ed25519_example = new PrivateKey("ed25519-example", PrivateKeyArgs.builder()
.algorithm("ED25519")
.build());
final var privateKeyPem-example = TlsFunctions.getPublicKey(GetPublicKeyArgs.builder()
.privateKeyPem(ed25519_example.privateKeyPem())
.build());
final var privateKeyOpenssh-example = TlsFunctions.getPublicKey(GetPublicKeyArgs.builder()
.privateKeyOpenssh(Files.readString(Paths.get("~/.ssh/id_rsa_rfc4716")))
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as fs from "fs";
import * as tls from "@pulumi/tls";
const ed25519_example = new tls.PrivateKey("ed25519-example", {algorithm: "ED25519"});
const privateKeyPem-example = tls.getPublicKeyOutput({
privateKeyPem: ed25519_example.privateKeyPem,
});
const privateKeyOpenssh-example = tls.getPublicKey({
privateKeyOpenssh: fs.readFileSync("~/.ssh/id_rsa_rfc4716"),
});
import pulumi
import pulumi_tls as tls
ed25519_example = tls.PrivateKey("ed25519-example", algorithm="ED25519")
private_key_pem_example = tls.get_public_key_output(private_key_pem=ed25519_example.private_key_pem)
private_key_openssh_example = tls.get_public_key(private_key_openssh=(lambda path: open(path).read())("~/.ssh/id_rsa_rfc4716"))
resources:
ed25519-example:
type: tls:PrivateKey
properties:
algorithm: ED25519
variables:
privateKeyPem-example:
fn::invoke:
Function: tls:getPublicKey
Arguments:
privateKeyPem: ${["ed25519-example"].privateKeyPem}
privateKeyOpenssh-example:
fn::invoke:
Function: tls:getPublicKey
Arguments:
privateKeyOpenssh:
fn::readFile: ~/.ssh/id_rsa_rfc4716
Using getPublicKey
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getPublicKey(args: GetPublicKeyArgs, opts?: InvokeOptions): Promise<GetPublicKeyResult>
function getPublicKeyOutput(args: GetPublicKeyOutputArgs, opts?: InvokeOptions): Output<GetPublicKeyResult>def get_public_key(private_key_openssh: Optional[str] = None,
private_key_pem: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetPublicKeyResult
def get_public_key_output(private_key_openssh: Optional[pulumi.Input[str]] = None,
private_key_pem: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetPublicKeyResult]func GetPublicKey(ctx *Context, args *GetPublicKeyArgs, opts ...InvokeOption) (*GetPublicKeyResult, error)
func GetPublicKeyOutput(ctx *Context, args *GetPublicKeyOutputArgs, opts ...InvokeOption) GetPublicKeyResultOutput> Note: This function is named GetPublicKey in the Go SDK.
public static class GetPublicKey
{
public static Task<GetPublicKeyResult> InvokeAsync(GetPublicKeyArgs args, InvokeOptions? opts = null)
public static Output<GetPublicKeyResult> Invoke(GetPublicKeyInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetPublicKeyResult> getPublicKey(GetPublicKeyArgs args, InvokeOptions options)
public static Output<GetPublicKeyResult> getPublicKey(GetPublicKeyArgs args, InvokeOptions options)
fn::invoke:
function: tls:index/getPublicKey:getPublicKey
arguments:
# arguments dictionaryThe following arguments are supported:
- Private
Key stringOpenssh - The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. Currently-supported algorithms for keys are
RSA,ECDSAandED25519. This is mutually exclusive withprivate_key_pem. - Private
Key stringPem - The private key (in PEM (RFC 1421) format) to extract the public key from. Currently-supported algorithms for keys are
RSA,ECDSAandED25519. This is mutually exclusive withprivate_key_openssh.
- Private
Key stringOpenssh - The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. Currently-supported algorithms for keys are
RSA,ECDSAandED25519. This is mutually exclusive withprivate_key_pem. - Private
Key stringPem - The private key (in PEM (RFC 1421) format) to extract the public key from. Currently-supported algorithms for keys are
RSA,ECDSAandED25519. This is mutually exclusive withprivate_key_openssh.
- private
Key StringOpenssh - The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. Currently-supported algorithms for keys are
RSA,ECDSAandED25519. This is mutually exclusive withprivate_key_pem. - private
Key StringPem - The private key (in PEM (RFC 1421) format) to extract the public key from. Currently-supported algorithms for keys are
RSA,ECDSAandED25519. This is mutually exclusive withprivate_key_openssh.
- private
Key stringOpenssh - The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. Currently-supported algorithms for keys are
RSA,ECDSAandED25519. This is mutually exclusive withprivate_key_pem. - private
Key stringPem - The private key (in PEM (RFC 1421) format) to extract the public key from. Currently-supported algorithms for keys are
RSA,ECDSAandED25519. This is mutually exclusive withprivate_key_openssh.
- private_
key_ stropenssh - The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. Currently-supported algorithms for keys are
RSA,ECDSAandED25519. This is mutually exclusive withprivate_key_pem. - private_
key_ strpem - The private key (in PEM (RFC 1421) format) to extract the public key from. Currently-supported algorithms for keys are
RSA,ECDSAandED25519. This is mutually exclusive withprivate_key_openssh.
- private
Key StringOpenssh - The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. Currently-supported algorithms for keys are
RSA,ECDSAandED25519. This is mutually exclusive withprivate_key_pem. - private
Key StringPem - The private key (in PEM (RFC 1421) format) to extract the public key from. Currently-supported algorithms for keys are
RSA,ECDSAandED25519. This is mutually exclusive withprivate_key_openssh.
getPublicKey Result
The following output properties are available:
- Algorithm string
- The name of the algorithm used by the given private key. Possible values are:
RSA,ECDSAandED25519. - Id string
- Unique identifier for this data source: hexadecimal representation of the SHA1 checksum of the data source.
- Public
Key stringFingerprint Md5 - The fingerprint of the public key data in OpenSSH MD5 hash format, e.g.
aa:bb:cc:.... Only available if the selected private key format is compatible, as per the rules forpublic_key_opensshand ECDSA P224 limitations. - Public
Key stringFingerprint Sha256 - The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g.
SHA256:.... Only available if the selected private key format is compatible, as per the rules forpublic_key_opensshand ECDSA P224 limitations. - Public
Key stringOpenssh - The public key, in OpenSSH PEM (RFC 4716).
- Public
Key stringPem - The public key, in PEM (RFC 1421).
- Private
Key stringOpenssh - The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. Currently-supported algorithms for keys are
RSA,ECDSAandED25519. This is mutually exclusive withprivate_key_pem. - Private
Key stringPem - The private key (in PEM (RFC 1421) format) to extract the public key from. Currently-supported algorithms for keys are
RSA,ECDSAandED25519. This is mutually exclusive withprivate_key_openssh.
- Algorithm string
- The name of the algorithm used by the given private key. Possible values are:
RSA,ECDSAandED25519. - Id string
- Unique identifier for this data source: hexadecimal representation of the SHA1 checksum of the data source.
- Public
Key stringFingerprint Md5 - The fingerprint of the public key data in OpenSSH MD5 hash format, e.g.
aa:bb:cc:.... Only available if the selected private key format is compatible, as per the rules forpublic_key_opensshand ECDSA P224 limitations. - Public
Key stringFingerprint Sha256 - The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g.
SHA256:.... Only available if the selected private key format is compatible, as per the rules forpublic_key_opensshand ECDSA P224 limitations. - Public
Key stringOpenssh - The public key, in OpenSSH PEM (RFC 4716).
- Public
Key stringPem - The public key, in PEM (RFC 1421).
- Private
Key stringOpenssh - The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. Currently-supported algorithms for keys are
RSA,ECDSAandED25519. This is mutually exclusive withprivate_key_pem. - Private
Key stringPem - The private key (in PEM (RFC 1421) format) to extract the public key from. Currently-supported algorithms for keys are
RSA,ECDSAandED25519. This is mutually exclusive withprivate_key_openssh.
- algorithm String
- The name of the algorithm used by the given private key. Possible values are:
RSA,ECDSAandED25519. - id String
- Unique identifier for this data source: hexadecimal representation of the SHA1 checksum of the data source.
- public
Key StringFingerprint Md5 - The fingerprint of the public key data in OpenSSH MD5 hash format, e.g.
aa:bb:cc:.... Only available if the selected private key format is compatible, as per the rules forpublic_key_opensshand ECDSA P224 limitations. - public
Key StringFingerprint Sha256 - The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g.
SHA256:.... Only available if the selected private key format is compatible, as per the rules forpublic_key_opensshand ECDSA P224 limitations. - public
Key StringOpenssh - The public key, in OpenSSH PEM (RFC 4716).
- public
Key StringPem - The public key, in PEM (RFC 1421).
- private
Key StringOpenssh - The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. Currently-supported algorithms for keys are
RSA,ECDSAandED25519. This is mutually exclusive withprivate_key_pem. - private
Key StringPem - The private key (in PEM (RFC 1421) format) to extract the public key from. Currently-supported algorithms for keys are
RSA,ECDSAandED25519. This is mutually exclusive withprivate_key_openssh.
- algorithm string
- The name of the algorithm used by the given private key. Possible values are:
RSA,ECDSAandED25519. - id string
- Unique identifier for this data source: hexadecimal representation of the SHA1 checksum of the data source.
- public
Key stringFingerprint Md5 - The fingerprint of the public key data in OpenSSH MD5 hash format, e.g.
aa:bb:cc:.... Only available if the selected private key format is compatible, as per the rules forpublic_key_opensshand ECDSA P224 limitations. - public
Key stringFingerprint Sha256 - The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g.
SHA256:.... Only available if the selected private key format is compatible, as per the rules forpublic_key_opensshand ECDSA P224 limitations. - public
Key stringOpenssh - The public key, in OpenSSH PEM (RFC 4716).
- public
Key stringPem - The public key, in PEM (RFC 1421).
- private
Key stringOpenssh - The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. Currently-supported algorithms for keys are
RSA,ECDSAandED25519. This is mutually exclusive withprivate_key_pem. - private
Key stringPem - The private key (in PEM (RFC 1421) format) to extract the public key from. Currently-supported algorithms for keys are
RSA,ECDSAandED25519. This is mutually exclusive withprivate_key_openssh.
- algorithm str
- The name of the algorithm used by the given private key. Possible values are:
RSA,ECDSAandED25519. - id str
- Unique identifier for this data source: hexadecimal representation of the SHA1 checksum of the data source.
- public_
key_ strfingerprint_ md5 - The fingerprint of the public key data in OpenSSH MD5 hash format, e.g.
aa:bb:cc:.... Only available if the selected private key format is compatible, as per the rules forpublic_key_opensshand ECDSA P224 limitations. - public_
key_ strfingerprint_ sha256 - The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g.
SHA256:.... Only available if the selected private key format is compatible, as per the rules forpublic_key_opensshand ECDSA P224 limitations. - public_
key_ stropenssh - The public key, in OpenSSH PEM (RFC 4716).
- public_
key_ strpem - The public key, in PEM (RFC 1421).
- private_
key_ stropenssh - The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. Currently-supported algorithms for keys are
RSA,ECDSAandED25519. This is mutually exclusive withprivate_key_pem. - private_
key_ strpem - The private key (in PEM (RFC 1421) format) to extract the public key from. Currently-supported algorithms for keys are
RSA,ECDSAandED25519. This is mutually exclusive withprivate_key_openssh.
- algorithm String
- The name of the algorithm used by the given private key. Possible values are:
RSA,ECDSAandED25519. - id String
- Unique identifier for this data source: hexadecimal representation of the SHA1 checksum of the data source.
- public
Key StringFingerprint Md5 - The fingerprint of the public key data in OpenSSH MD5 hash format, e.g.
aa:bb:cc:.... Only available if the selected private key format is compatible, as per the rules forpublic_key_opensshand ECDSA P224 limitations. - public
Key StringFingerprint Sha256 - The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g.
SHA256:.... Only available if the selected private key format is compatible, as per the rules forpublic_key_opensshand ECDSA P224 limitations. - public
Key StringOpenssh - The public key, in OpenSSH PEM (RFC 4716).
- public
Key StringPem - The public key, in PEM (RFC 1421).
- private
Key StringOpenssh - The private key (in OpenSSH PEM (RFC 4716) format) to extract the public key from. Currently-supported algorithms for keys are
RSA,ECDSAandED25519. This is mutually exclusive withprivate_key_pem. - private
Key StringPem - The private key (in PEM (RFC 1421) format) to extract the public key from. Currently-supported algorithms for keys are
RSA,ECDSAandED25519. This is mutually exclusive withprivate_key_openssh.
Package Details
- Repository
- TLS pulumi/pulumi-tls
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
tlsTerraform Provider.
Viewing docs for TLS v4.11.4 (Older version)
published on Tuesday, Apr 14, 2026 by Pulumi
published on Tuesday, Apr 14, 2026 by Pulumi
