AWS Native is in preview. AWS Classic is fully supported.
aws-native.paymentcryptography.getKey
Explore with Pulumi AI
AWS Native is in preview. AWS Classic is fully supported.
Definition of AWS::PaymentCryptography::Key Resource Type
Using getKey
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getKey(args: GetKeyArgs, opts?: InvokeOptions): Promise<GetKeyResult>
function getKeyOutput(args: GetKeyOutputArgs, opts?: InvokeOptions): Output<GetKeyResult>
def get_key(key_identifier: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetKeyResult
def get_key_output(key_identifier: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetKeyResult]
func LookupKey(ctx *Context, args *LookupKeyArgs, opts ...InvokeOption) (*LookupKeyResult, error)
func LookupKeyOutput(ctx *Context, args *LookupKeyOutputArgs, opts ...InvokeOption) LookupKeyResultOutput
> Note: This function is named LookupKey
in the Go SDK.
public static class GetKey
{
public static Task<GetKeyResult> InvokeAsync(GetKeyArgs args, InvokeOptions? opts = null)
public static Output<GetKeyResult> Invoke(GetKeyInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetKeyResult> getKey(GetKeyArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: aws-native:paymentcryptography:getKey
arguments:
# arguments dictionary
The following arguments are supported:
- Key
Identifier string
- Key
Identifier string
- key
Identifier String
- key
Identifier string
- key_
identifier str
- key
Identifier String
getKey Result
The following output properties are available:
- Enabled bool
- Specifies whether the key is enabled.
- Exportable bool
- Specifies whether the key is exportable. This data is immutable after the key is created.
- Key
Attributes Pulumi.Aws Native. Payment Cryptography. Outputs. Key Attributes - The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
- Key
Check Pulumi.Value Algorithm Aws Native. Payment Cryptography. Key Check Value Algorithm The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.
For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
- Key
Identifier string - Key
Origin Pulumi.Aws Native. Payment Cryptography. Key Origin - The source of the key material. For keys created within AWS Payment Cryptography, the value is
AWS_PAYMENT_CRYPTOGRAPHY
. For keys imported into AWS Payment Cryptography, the value isEXTERNAL
. - Key
State Pulumi.Aws Native. Payment Cryptography. Key State - The state of key that is being created or deleted.
- List<Pulumi.
Aws Native. Outputs. Tag>
- Enabled bool
- Specifies whether the key is enabled.
- Exportable bool
- Specifies whether the key is exportable. This data is immutable after the key is created.
- Key
Attributes KeyAttributes - The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
- Key
Check KeyValue Algorithm Check Value Algorithm The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.
For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
- Key
Identifier string - Key
Origin KeyOrigin - The source of the key material. For keys created within AWS Payment Cryptography, the value is
AWS_PAYMENT_CRYPTOGRAPHY
. For keys imported into AWS Payment Cryptography, the value isEXTERNAL
. - Key
State KeyState Enum - The state of key that is being created or deleted.
- Tag
- enabled Boolean
- Specifies whether the key is enabled.
- exportable Boolean
- Specifies whether the key is exportable. This data is immutable after the key is created.
- key
Attributes KeyAttributes - The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
- key
Check KeyValue Algorithm Check Value Algorithm The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.
For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
- key
Identifier String - key
Origin KeyOrigin - The source of the key material. For keys created within AWS Payment Cryptography, the value is
AWS_PAYMENT_CRYPTOGRAPHY
. For keys imported into AWS Payment Cryptography, the value isEXTERNAL
. - key
State KeyState - The state of key that is being created or deleted.
- List<Tag>
- enabled boolean
- Specifies whether the key is enabled.
- exportable boolean
- Specifies whether the key is exportable. This data is immutable after the key is created.
- key
Attributes KeyAttributes - The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
- key
Check KeyValue Algorithm Check Value Algorithm The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.
For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
- key
Identifier string - key
Origin KeyOrigin - The source of the key material. For keys created within AWS Payment Cryptography, the value is
AWS_PAYMENT_CRYPTOGRAPHY
. For keys imported into AWS Payment Cryptography, the value isEXTERNAL
. - key
State KeyState - The state of key that is being created or deleted.
- Tag[]
- enabled bool
- Specifies whether the key is enabled.
- exportable bool
- Specifies whether the key is exportable. This data is immutable after the key is created.
- key_
attributes KeyAttributes - The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
- key_
check_ Keyvalue_ algorithm Check Value Algorithm The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.
For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
- key_
identifier str - key_
origin KeyOrigin - The source of the key material. For keys created within AWS Payment Cryptography, the value is
AWS_PAYMENT_CRYPTOGRAPHY
. For keys imported into AWS Payment Cryptography, the value isEXTERNAL
. - key_
state KeyState - The state of key that is being created or deleted.
- Sequence[root_Tag]
- enabled Boolean
- Specifies whether the key is enabled.
- exportable Boolean
- Specifies whether the key is exportable. This data is immutable after the key is created.
- key
Attributes Property Map - The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
- key
Check "CMAC" | "ANSI_X9_24"Value Algorithm The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.
For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.
- key
Identifier String - key
Origin "EXTERNAL" | "AWS_PAYMENT_CRYPTOGRAPHY" - The source of the key material. For keys created within AWS Payment Cryptography, the value is
AWS_PAYMENT_CRYPTOGRAPHY
. For keys imported into AWS Payment Cryptography, the value isEXTERNAL
. - key
State "CREATE_IN_PROGRESS" | "CREATE_COMPLETE" | "DELETE_PENDING" | "DELETE_COMPLETE" - The state of key that is being created or deleted.
- List<Property Map>
Supporting Types
KeyAlgorithm
KeyAttributes
- Key
Algorithm Pulumi.Aws Native. Payment Cryptography. Key Algorithm The key algorithm to be use during creation of an AWS Payment Cryptography key.
For symmetric keys, AWS Payment Cryptography supports
AES
andTDES
algorithms. For asymmetric keys, AWS Payment Cryptography supportsRSA
andECC_NIST
algorithms.- Key
Class Pulumi.Aws Native. Payment Cryptography. Key Class - The type of AWS Payment Cryptography key to create, which determines the classification of the cryptographic method and whether AWS Payment Cryptography key contains a symmetric key or an asymmetric key pair.
- Key
Modes Pulumi.Of Use Aws Native. Payment Cryptography. Inputs. Key Modes Of Use - The list of cryptographic operations that you can perform using the key.
- Key
Usage Pulumi.Aws Native. Payment Cryptography. Key Usage - The cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
- Key
Algorithm KeyAlgorithm The key algorithm to be use during creation of an AWS Payment Cryptography key.
For symmetric keys, AWS Payment Cryptography supports
AES
andTDES
algorithms. For asymmetric keys, AWS Payment Cryptography supportsRSA
andECC_NIST
algorithms.- Key
Class KeyClass - The type of AWS Payment Cryptography key to create, which determines the classification of the cryptographic method and whether AWS Payment Cryptography key contains a symmetric key or an asymmetric key pair.
- Key
Modes KeyOf Use Modes Of Use - The list of cryptographic operations that you can perform using the key.
- Key
Usage KeyUsage - The cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
- key
Algorithm KeyAlgorithm The key algorithm to be use during creation of an AWS Payment Cryptography key.
For symmetric keys, AWS Payment Cryptography supports
AES
andTDES
algorithms. For asymmetric keys, AWS Payment Cryptography supportsRSA
andECC_NIST
algorithms.- key
Class KeyClass - The type of AWS Payment Cryptography key to create, which determines the classification of the cryptographic method and whether AWS Payment Cryptography key contains a symmetric key or an asymmetric key pair.
- key
Modes KeyOf Use Modes Of Use - The list of cryptographic operations that you can perform using the key.
- key
Usage KeyUsage - The cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
- key
Algorithm KeyAlgorithm The key algorithm to be use during creation of an AWS Payment Cryptography key.
For symmetric keys, AWS Payment Cryptography supports
AES
andTDES
algorithms. For asymmetric keys, AWS Payment Cryptography supportsRSA
andECC_NIST
algorithms.- key
Class KeyClass - The type of AWS Payment Cryptography key to create, which determines the classification of the cryptographic method and whether AWS Payment Cryptography key contains a symmetric key or an asymmetric key pair.
- key
Modes KeyOf Use Modes Of Use - The list of cryptographic operations that you can perform using the key.
- key
Usage KeyUsage - The cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
- key_
algorithm KeyAlgorithm The key algorithm to be use during creation of an AWS Payment Cryptography key.
For symmetric keys, AWS Payment Cryptography supports
AES
andTDES
algorithms. For asymmetric keys, AWS Payment Cryptography supportsRSA
andECC_NIST
algorithms.- key_
class KeyClass - The type of AWS Payment Cryptography key to create, which determines the classification of the cryptographic method and whether AWS Payment Cryptography key contains a symmetric key or an asymmetric key pair.
- key_
modes_ Keyof_ use Modes Of Use - The list of cryptographic operations that you can perform using the key.
- key_
usage KeyUsage - The cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
- key
Algorithm "TDES_2KEY" | "TDES_3KEY" | "AES_128" | "AES_192" | "AES_256" | "RSA_2048" | "RSA_3072" | "RSA_4096" The key algorithm to be use during creation of an AWS Payment Cryptography key.
For symmetric keys, AWS Payment Cryptography supports
AES
andTDES
algorithms. For asymmetric keys, AWS Payment Cryptography supportsRSA
andECC_NIST
algorithms.- key
Class "SYMMETRIC_KEY" | "ASYMMETRIC_KEY_PAIR" | "PRIVATE_KEY" | "PUBLIC_KEY" - The type of AWS Payment Cryptography key to create, which determines the classification of the cryptographic method and whether AWS Payment Cryptography key contains a symmetric key or an asymmetric key pair.
- key
Modes Property MapOf Use - The list of cryptographic operations that you can perform using the key.
- key
Usage "TR31_B0_BASE_DERIVATION_KEY" | "TR31_C0_CARD_VERIFICATION_KEY" | "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY" | "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION" | "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS" | "TR31_E1_EMV_MKEY_CONFIDENTIALITY" | "TR31_E2_EMV_MKEY_INTEGRITY" | "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS" | "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION" | "TR31_E6_EMV_MKEY_OTHER" | "TR31_K0_KEY_ENCRYPTION_KEY" | "TR31_K1_KEY_BLOCK_PROTECTION_KEY" | "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT" | "TR31_M3_ISO_9797_3_MAC_KEY" | "TR31_M1_ISO_9797_1_MAC_KEY" | "TR31_M6_ISO_9797_5_CMAC_KEY" | "TR31_M7_HMAC_KEY" | "TR31_P0_PIN_ENCRYPTION_KEY" | "TR31_P1_PIN_GENERATION_KEY" | "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE" | "TR31_V1_IBM3624_PIN_VERIFICATION_KEY" | "TR31_V2_VISA_PIN_VERIFICATION_KEY" | "TR31_K2_TR34_ASYMMETRIC_KEY" - The cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
KeyCheckValueAlgorithm
KeyClass
KeyModesOfUse
- Decrypt bool
- Specifies whether an AWS Payment Cryptography key can be used to decrypt data.
- Derive
Key bool - Specifies whether an AWS Payment Cryptography key can be used to derive new keys.
- Encrypt bool
- Specifies whether an AWS Payment Cryptography key can be used to encrypt data.
- Generate bool
- Specifies whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
- No
Restrictions bool - Specifies whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by
KeyUsage
. - Sign bool
- Specifies whether an AWS Payment Cryptography key can be used for signing.
- Unwrap bool
- Verify bool
- Specifies whether an AWS Payment Cryptography key can be used to verify signatures.
- Wrap bool
- Specifies whether an AWS Payment Cryptography key can be used to wrap other keys.
- Decrypt bool
- Specifies whether an AWS Payment Cryptography key can be used to decrypt data.
- Derive
Key bool - Specifies whether an AWS Payment Cryptography key can be used to derive new keys.
- Encrypt bool
- Specifies whether an AWS Payment Cryptography key can be used to encrypt data.
- Generate bool
- Specifies whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
- No
Restrictions bool - Specifies whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by
KeyUsage
. - Sign bool
- Specifies whether an AWS Payment Cryptography key can be used for signing.
- Unwrap bool
- Verify bool
- Specifies whether an AWS Payment Cryptography key can be used to verify signatures.
- Wrap bool
- Specifies whether an AWS Payment Cryptography key can be used to wrap other keys.
- decrypt Boolean
- Specifies whether an AWS Payment Cryptography key can be used to decrypt data.
- derive
Key Boolean - Specifies whether an AWS Payment Cryptography key can be used to derive new keys.
- encrypt Boolean
- Specifies whether an AWS Payment Cryptography key can be used to encrypt data.
- generate Boolean
- Specifies whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
- no
Restrictions Boolean - Specifies whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by
KeyUsage
. - sign Boolean
- Specifies whether an AWS Payment Cryptography key can be used for signing.
- unwrap Boolean
- verify Boolean
- Specifies whether an AWS Payment Cryptography key can be used to verify signatures.
- wrap Boolean
- Specifies whether an AWS Payment Cryptography key can be used to wrap other keys.
- decrypt boolean
- Specifies whether an AWS Payment Cryptography key can be used to decrypt data.
- derive
Key boolean - Specifies whether an AWS Payment Cryptography key can be used to derive new keys.
- encrypt boolean
- Specifies whether an AWS Payment Cryptography key can be used to encrypt data.
- generate boolean
- Specifies whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
- no
Restrictions boolean - Specifies whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by
KeyUsage
. - sign boolean
- Specifies whether an AWS Payment Cryptography key can be used for signing.
- unwrap boolean
- verify boolean
- Specifies whether an AWS Payment Cryptography key can be used to verify signatures.
- wrap boolean
- Specifies whether an AWS Payment Cryptography key can be used to wrap other keys.
- decrypt bool
- Specifies whether an AWS Payment Cryptography key can be used to decrypt data.
- derive_
key bool - Specifies whether an AWS Payment Cryptography key can be used to derive new keys.
- encrypt bool
- Specifies whether an AWS Payment Cryptography key can be used to encrypt data.
- generate bool
- Specifies whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
- no_
restrictions bool - Specifies whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by
KeyUsage
. - sign bool
- Specifies whether an AWS Payment Cryptography key can be used for signing.
- unwrap bool
- verify bool
- Specifies whether an AWS Payment Cryptography key can be used to verify signatures.
- wrap bool
- Specifies whether an AWS Payment Cryptography key can be used to wrap other keys.
- decrypt Boolean
- Specifies whether an AWS Payment Cryptography key can be used to decrypt data.
- derive
Key Boolean - Specifies whether an AWS Payment Cryptography key can be used to derive new keys.
- encrypt Boolean
- Specifies whether an AWS Payment Cryptography key can be used to encrypt data.
- generate Boolean
- Specifies whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
- no
Restrictions Boolean - Specifies whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by
KeyUsage
. - sign Boolean
- Specifies whether an AWS Payment Cryptography key can be used for signing.
- unwrap Boolean
- verify Boolean
- Specifies whether an AWS Payment Cryptography key can be used to verify signatures.
- wrap Boolean
- Specifies whether an AWS Payment Cryptography key can be used to wrap other keys.
KeyOrigin
KeyState
KeyUsage
Tag
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
AWS Native is in preview. AWS Classic is fully supported.