1. Packages
  2. AWS Native
  3. API Docs
  4. paymentcryptography
  5. getKey

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.109.0 published on Wednesday, Jun 26, 2024 by Pulumi

aws-native.paymentcryptography.getKey

Explore with Pulumi AI

aws-native logo

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.109.0 published on Wednesday, Jun 26, 2024 by Pulumi

    Definition of AWS::PaymentCryptography::Key Resource Type

    Using getKey

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getKey(args: GetKeyArgs, opts?: InvokeOptions): Promise<GetKeyResult>
    function getKeyOutput(args: GetKeyOutputArgs, opts?: InvokeOptions): Output<GetKeyResult>
    def get_key(key_identifier: Optional[str] = None,
                opts: Optional[InvokeOptions] = None) -> GetKeyResult
    def get_key_output(key_identifier: Optional[pulumi.Input[str]] = None,
                opts: Optional[InvokeOptions] = None) -> Output[GetKeyResult]
    func LookupKey(ctx *Context, args *LookupKeyArgs, opts ...InvokeOption) (*LookupKeyResult, error)
    func LookupKeyOutput(ctx *Context, args *LookupKeyOutputArgs, opts ...InvokeOption) LookupKeyResultOutput

    > Note: This function is named LookupKey in the Go SDK.

    public static class GetKey 
    {
        public static Task<GetKeyResult> InvokeAsync(GetKeyArgs args, InvokeOptions? opts = null)
        public static Output<GetKeyResult> Invoke(GetKeyInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetKeyResult> getKey(GetKeyArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: aws-native:paymentcryptography:getKey
      arguments:
        # arguments dictionary

    The following arguments are supported:

    getKey Result

    The following output properties are available:

    Enabled bool
    Specifies whether the key is enabled.
    Exportable bool
    Specifies whether the key is exportable. This data is immutable after the key is created.
    KeyAttributes Pulumi.AwsNative.PaymentCryptography.Outputs.KeyAttributes
    The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
    KeyCheckValueAlgorithm Pulumi.AwsNative.PaymentCryptography.KeyCheckValueAlgorithm

    The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.

    For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.

    KeyIdentifier string
    KeyOrigin Pulumi.AwsNative.PaymentCryptography.KeyOrigin
    The source of the key material. For keys created within AWS Payment Cryptography, the value is AWS_PAYMENT_CRYPTOGRAPHY . For keys imported into AWS Payment Cryptography, the value is EXTERNAL .
    KeyState Pulumi.AwsNative.PaymentCryptography.KeyState
    The state of key that is being created or deleted.
    Tags List<Pulumi.AwsNative.Outputs.Tag>
    Enabled bool
    Specifies whether the key is enabled.
    Exportable bool
    Specifies whether the key is exportable. This data is immutable after the key is created.
    KeyAttributes KeyAttributes
    The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
    KeyCheckValueAlgorithm KeyCheckValueAlgorithm

    The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.

    For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.

    KeyIdentifier string
    KeyOrigin KeyOrigin
    The source of the key material. For keys created within AWS Payment Cryptography, the value is AWS_PAYMENT_CRYPTOGRAPHY . For keys imported into AWS Payment Cryptography, the value is EXTERNAL .
    KeyState KeyStateEnum
    The state of key that is being created or deleted.
    Tags Tag
    enabled Boolean
    Specifies whether the key is enabled.
    exportable Boolean
    Specifies whether the key is exportable. This data is immutable after the key is created.
    keyAttributes KeyAttributes
    The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
    keyCheckValueAlgorithm KeyCheckValueAlgorithm

    The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.

    For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.

    keyIdentifier String
    keyOrigin KeyOrigin
    The source of the key material. For keys created within AWS Payment Cryptography, the value is AWS_PAYMENT_CRYPTOGRAPHY . For keys imported into AWS Payment Cryptography, the value is EXTERNAL .
    keyState KeyState
    The state of key that is being created or deleted.
    tags List<Tag>
    enabled boolean
    Specifies whether the key is enabled.
    exportable boolean
    Specifies whether the key is exportable. This data is immutable after the key is created.
    keyAttributes KeyAttributes
    The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
    keyCheckValueAlgorithm KeyCheckValueAlgorithm

    The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.

    For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.

    keyIdentifier string
    keyOrigin KeyOrigin
    The source of the key material. For keys created within AWS Payment Cryptography, the value is AWS_PAYMENT_CRYPTOGRAPHY . For keys imported into AWS Payment Cryptography, the value is EXTERNAL .
    keyState KeyState
    The state of key that is being created or deleted.
    tags Tag[]
    enabled bool
    Specifies whether the key is enabled.
    exportable bool
    Specifies whether the key is exportable. This data is immutable after the key is created.
    key_attributes KeyAttributes
    The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
    key_check_value_algorithm KeyCheckValueAlgorithm

    The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.

    For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.

    key_identifier str
    key_origin KeyOrigin
    The source of the key material. For keys created within AWS Payment Cryptography, the value is AWS_PAYMENT_CRYPTOGRAPHY . For keys imported into AWS Payment Cryptography, the value is EXTERNAL .
    key_state KeyState
    The state of key that is being created or deleted.
    tags Sequence[root_Tag]
    enabled Boolean
    Specifies whether the key is enabled.
    exportable Boolean
    Specifies whether the key is exportable. This data is immutable after the key is created.
    keyAttributes Property Map
    The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created.
    keyCheckValueAlgorithm "CMAC" | "ANSI_X9_24"

    The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity.

    For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result.

    keyIdentifier String
    keyOrigin "EXTERNAL" | "AWS_PAYMENT_CRYPTOGRAPHY"
    The source of the key material. For keys created within AWS Payment Cryptography, the value is AWS_PAYMENT_CRYPTOGRAPHY . For keys imported into AWS Payment Cryptography, the value is EXTERNAL .
    keyState "CREATE_IN_PROGRESS" | "CREATE_COMPLETE" | "DELETE_PENDING" | "DELETE_COMPLETE"
    The state of key that is being created or deleted.
    tags List<Property Map>

    Supporting Types

    KeyAlgorithm

    KeyAttributes

    KeyAlgorithm Pulumi.AwsNative.PaymentCryptography.KeyAlgorithm

    The key algorithm to be use during creation of an AWS Payment Cryptography key.

    For symmetric keys, AWS Payment Cryptography supports AES and TDES algorithms. For asymmetric keys, AWS Payment Cryptography supports RSA and ECC_NIST algorithms.

    KeyClass Pulumi.AwsNative.PaymentCryptography.KeyClass
    The type of AWS Payment Cryptography key to create, which determines the classification of the cryptographic method and whether AWS Payment Cryptography key contains a symmetric key or an asymmetric key pair.
    KeyModesOfUse Pulumi.AwsNative.PaymentCryptography.Inputs.KeyModesOfUse
    The list of cryptographic operations that you can perform using the key.
    KeyUsage Pulumi.AwsNative.PaymentCryptography.KeyUsage
    The cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
    KeyAlgorithm KeyAlgorithm

    The key algorithm to be use during creation of an AWS Payment Cryptography key.

    For symmetric keys, AWS Payment Cryptography supports AES and TDES algorithms. For asymmetric keys, AWS Payment Cryptography supports RSA and ECC_NIST algorithms.

    KeyClass KeyClass
    The type of AWS Payment Cryptography key to create, which determines the classification of the cryptographic method and whether AWS Payment Cryptography key contains a symmetric key or an asymmetric key pair.
    KeyModesOfUse KeyModesOfUse
    The list of cryptographic operations that you can perform using the key.
    KeyUsage KeyUsage
    The cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
    keyAlgorithm KeyAlgorithm

    The key algorithm to be use during creation of an AWS Payment Cryptography key.

    For symmetric keys, AWS Payment Cryptography supports AES and TDES algorithms. For asymmetric keys, AWS Payment Cryptography supports RSA and ECC_NIST algorithms.

    keyClass KeyClass
    The type of AWS Payment Cryptography key to create, which determines the classification of the cryptographic method and whether AWS Payment Cryptography key contains a symmetric key or an asymmetric key pair.
    keyModesOfUse KeyModesOfUse
    The list of cryptographic operations that you can perform using the key.
    keyUsage KeyUsage
    The cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
    keyAlgorithm KeyAlgorithm

    The key algorithm to be use during creation of an AWS Payment Cryptography key.

    For symmetric keys, AWS Payment Cryptography supports AES and TDES algorithms. For asymmetric keys, AWS Payment Cryptography supports RSA and ECC_NIST algorithms.

    keyClass KeyClass
    The type of AWS Payment Cryptography key to create, which determines the classification of the cryptographic method and whether AWS Payment Cryptography key contains a symmetric key or an asymmetric key pair.
    keyModesOfUse KeyModesOfUse
    The list of cryptographic operations that you can perform using the key.
    keyUsage KeyUsage
    The cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
    key_algorithm KeyAlgorithm

    The key algorithm to be use during creation of an AWS Payment Cryptography key.

    For symmetric keys, AWS Payment Cryptography supports AES and TDES algorithms. For asymmetric keys, AWS Payment Cryptography supports RSA and ECC_NIST algorithms.

    key_class KeyClass
    The type of AWS Payment Cryptography key to create, which determines the classification of the cryptographic method and whether AWS Payment Cryptography key contains a symmetric key or an asymmetric key pair.
    key_modes_of_use KeyModesOfUse
    The list of cryptographic operations that you can perform using the key.
    key_usage KeyUsage
    The cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.
    keyAlgorithm "TDES_2KEY" | "TDES_3KEY" | "AES_128" | "AES_192" | "AES_256" | "RSA_2048" | "RSA_3072" | "RSA_4096"

    The key algorithm to be use during creation of an AWS Payment Cryptography key.

    For symmetric keys, AWS Payment Cryptography supports AES and TDES algorithms. For asymmetric keys, AWS Payment Cryptography supports RSA and ECC_NIST algorithms.

    keyClass "SYMMETRIC_KEY" | "ASYMMETRIC_KEY_PAIR" | "PRIVATE_KEY" | "PUBLIC_KEY"
    The type of AWS Payment Cryptography key to create, which determines the classification of the cryptographic method and whether AWS Payment Cryptography key contains a symmetric key or an asymmetric key pair.
    keyModesOfUse Property Map
    The list of cryptographic operations that you can perform using the key.
    keyUsage "TR31_B0_BASE_DERIVATION_KEY" | "TR31_C0_CARD_VERIFICATION_KEY" | "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY" | "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION" | "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS" | "TR31_E1_EMV_MKEY_CONFIDENTIALITY" | "TR31_E2_EMV_MKEY_INTEGRITY" | "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS" | "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION" | "TR31_E6_EMV_MKEY_OTHER" | "TR31_K0_KEY_ENCRYPTION_KEY" | "TR31_K1_KEY_BLOCK_PROTECTION_KEY" | "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT" | "TR31_M3_ISO_9797_3_MAC_KEY" | "TR31_M1_ISO_9797_1_MAC_KEY" | "TR31_M6_ISO_9797_5_CMAC_KEY" | "TR31_M7_HMAC_KEY" | "TR31_P0_PIN_ENCRYPTION_KEY" | "TR31_P1_PIN_GENERATION_KEY" | "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE" | "TR31_V1_IBM3624_PIN_VERIFICATION_KEY" | "TR31_V2_VISA_PIN_VERIFICATION_KEY" | "TR31_K2_TR34_ASYMMETRIC_KEY"
    The cryptographic usage of an AWS Payment Cryptography key as defined in section A.5.2 of the TR-31 spec.

    KeyCheckValueAlgorithm

    KeyClass

    KeyModesOfUse

    Decrypt bool
    Specifies whether an AWS Payment Cryptography key can be used to decrypt data.
    DeriveKey bool
    Specifies whether an AWS Payment Cryptography key can be used to derive new keys.
    Encrypt bool
    Specifies whether an AWS Payment Cryptography key can be used to encrypt data.
    Generate bool
    Specifies whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
    NoRestrictions bool
    Specifies whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by KeyUsage .
    Sign bool
    Specifies whether an AWS Payment Cryptography key can be used for signing.
    Unwrap bool
    Verify bool
    Specifies whether an AWS Payment Cryptography key can be used to verify signatures.
    Wrap bool
    Specifies whether an AWS Payment Cryptography key can be used to wrap other keys.
    Decrypt bool
    Specifies whether an AWS Payment Cryptography key can be used to decrypt data.
    DeriveKey bool
    Specifies whether an AWS Payment Cryptography key can be used to derive new keys.
    Encrypt bool
    Specifies whether an AWS Payment Cryptography key can be used to encrypt data.
    Generate bool
    Specifies whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
    NoRestrictions bool
    Specifies whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by KeyUsage .
    Sign bool
    Specifies whether an AWS Payment Cryptography key can be used for signing.
    Unwrap bool
    Verify bool
    Specifies whether an AWS Payment Cryptography key can be used to verify signatures.
    Wrap bool
    Specifies whether an AWS Payment Cryptography key can be used to wrap other keys.
    decrypt Boolean
    Specifies whether an AWS Payment Cryptography key can be used to decrypt data.
    deriveKey Boolean
    Specifies whether an AWS Payment Cryptography key can be used to derive new keys.
    encrypt Boolean
    Specifies whether an AWS Payment Cryptography key can be used to encrypt data.
    generate Boolean
    Specifies whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
    noRestrictions Boolean
    Specifies whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by KeyUsage .
    sign Boolean
    Specifies whether an AWS Payment Cryptography key can be used for signing.
    unwrap Boolean
    verify Boolean
    Specifies whether an AWS Payment Cryptography key can be used to verify signatures.
    wrap Boolean
    Specifies whether an AWS Payment Cryptography key can be used to wrap other keys.
    decrypt boolean
    Specifies whether an AWS Payment Cryptography key can be used to decrypt data.
    deriveKey boolean
    Specifies whether an AWS Payment Cryptography key can be used to derive new keys.
    encrypt boolean
    Specifies whether an AWS Payment Cryptography key can be used to encrypt data.
    generate boolean
    Specifies whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
    noRestrictions boolean
    Specifies whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by KeyUsage .
    sign boolean
    Specifies whether an AWS Payment Cryptography key can be used for signing.
    unwrap boolean
    verify boolean
    Specifies whether an AWS Payment Cryptography key can be used to verify signatures.
    wrap boolean
    Specifies whether an AWS Payment Cryptography key can be used to wrap other keys.
    decrypt bool
    Specifies whether an AWS Payment Cryptography key can be used to decrypt data.
    derive_key bool
    Specifies whether an AWS Payment Cryptography key can be used to derive new keys.
    encrypt bool
    Specifies whether an AWS Payment Cryptography key can be used to encrypt data.
    generate bool
    Specifies whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
    no_restrictions bool
    Specifies whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by KeyUsage .
    sign bool
    Specifies whether an AWS Payment Cryptography key can be used for signing.
    unwrap bool
    verify bool
    Specifies whether an AWS Payment Cryptography key can be used to verify signatures.
    wrap bool
    Specifies whether an AWS Payment Cryptography key can be used to wrap other keys.
    decrypt Boolean
    Specifies whether an AWS Payment Cryptography key can be used to decrypt data.
    deriveKey Boolean
    Specifies whether an AWS Payment Cryptography key can be used to derive new keys.
    encrypt Boolean
    Specifies whether an AWS Payment Cryptography key can be used to encrypt data.
    generate Boolean
    Specifies whether an AWS Payment Cryptography key can be used to generate and verify other card and PIN verification keys.
    noRestrictions Boolean
    Specifies whether an AWS Payment Cryptography key has no special restrictions other than the restrictions implied by KeyUsage .
    sign Boolean
    Specifies whether an AWS Payment Cryptography key can be used for signing.
    unwrap Boolean
    verify Boolean
    Specifies whether an AWS Payment Cryptography key can be used to verify signatures.
    wrap Boolean
    Specifies whether an AWS Payment Cryptography key can be used to wrap other keys.

    KeyOrigin

    KeyState

    KeyUsage

    Tag

    Key string
    The key name of the tag
    Value string
    The value of the tag
    Key string
    The key name of the tag
    Value string
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag
    key string
    The key name of the tag
    value string
    The value of the tag
    key str
    The key name of the tag
    value str
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    AWS Native is in preview. AWS Classic is fully supported.

    AWS Native v0.109.0 published on Wednesday, Jun 26, 2024 by Pulumi