Oracle Cloud Infrastructure v2.31.0, Apr 17 25

Oracle Cloud Infrastructure v2.31.0 published on Thursday, Apr 17, 2025 by Pulumi

oci.Kms.getKeys

Explore with Pulumi AI

Oracle Cloud Infrastructure v2.31.0 published on Thursday, Apr 17, 2025 by Pulumi

As a management operation, this call is subject to a Key Management limit that applies to the total number of requests across all management read operations. Key Management might throttle this call to reject an otherwise valid request when the total rate of management read operations exceeds 10 requests per second for a given tenancy.

import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";

const testKeys = oci.Kms.getKeys({
    compartmentId: compartmentId,
    managementEndpoint: keyManagementEndpoint,
    algorithm: keyAlgorithm,
    length: keyLength,
    curveId: testCurve.id,
    protectionMode: keyProtectionMode,
});

import pulumi
import pulumi_oci as oci

test_keys = oci.Kms.get_keys(compartment_id=compartment_id,
    management_endpoint=key_management_endpoint,
    algorithm=key_algorithm,
    length=key_length,
    curve_id=test_curve["id"],
    protection_mode=key_protection_mode)

package main

import (
	"github.com/pulumi/pulumi-oci/sdk/v2/go/oci/kms"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.GetKeys(ctx, &kms.GetKeysArgs{
			CompartmentId:      compartmentId,
			ManagementEndpoint: keyManagementEndpoint,
			Algorithm:          pulumi.StringRef(keyAlgorithm),
			Length:             pulumi.IntRef(keyLength),
			CurveId:            pulumi.StringRef(testCurve.Id),
			ProtectionMode:     pulumi.StringRef(keyProtectionMode),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;

return await Deployment.RunAsync(() => 
{
    var testKeys = Oci.Kms.GetKeys.Invoke(new()
    {
        CompartmentId = compartmentId,
        ManagementEndpoint = keyManagementEndpoint,
        Algorithm = keyAlgorithm,
        Length = keyLength,
        CurveId = testCurve.Id,
        ProtectionMode = keyProtectionMode,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.Kms.KmsFunctions;
import com.pulumi.oci.Kms.inputs.GetKeysArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var testKeys = KmsFunctions.getKeys(GetKeysArgs.builder()
            .compartmentId(compartmentId)
            .managementEndpoint(keyManagementEndpoint)
            .algorithm(keyAlgorithm)
            .length(keyLength)
            .curveId(testCurve.id())
            .protectionMode(keyProtectionMode)
            .build());

    }
}

variables:
  testKeys:
    fn::invoke:
      function: oci:Kms:getKeys
      arguments:
        compartmentId: ${compartmentId}
        managementEndpoint: ${keyManagementEndpoint}
        algorithm: ${keyAlgorithm}
        length: ${keyLength}
        curveId: ${testCurve.id}
        protectionMode: ${keyProtectionMode}

Using getKeys

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

TypeScript
Python
Go
C#
Java
YAML

function getKeys(args: GetKeysArgs, opts?: InvokeOptions): Promise<GetKeysResult>
function getKeysOutput(args: GetKeysOutputArgs, opts?: InvokeOptions): Output<GetKeysResult>

def get_keys(algorithm: Optional[str] = None,
             compartment_id: Optional[str] = None,
             curve_id: Optional[str] = None,
             filters: Optional[Sequence[_kms.GetKeysFilter]] = None,
             length: Optional[int] = None,
             management_endpoint: Optional[str] = None,
             protection_mode: Optional[str] = None,
             opts: Optional[InvokeOptions] = None) -> GetKeysResult
def get_keys_output(algorithm: Optional[pulumi.Input[str]] = None,
             compartment_id: Optional[pulumi.Input[str]] = None,
             curve_id: Optional[pulumi.Input[str]] = None,
             filters: Optional[pulumi.Input[Sequence[pulumi.Input[_kms.GetKeysFilterArgs]]]] = None,
             length: Optional[pulumi.Input[int]] = None,
             management_endpoint: Optional[pulumi.Input[str]] = None,
             protection_mode: Optional[pulumi.Input[str]] = None,
             opts: Optional[InvokeOptions] = None) -> Output[GetKeysResult]

func GetKeys(ctx *Context, args *GetKeysArgs, opts ...InvokeOption) (*GetKeysResult, error)
func GetKeysOutput(ctx *Context, args *GetKeysOutputArgs, opts ...InvokeOption) GetKeysResultOutput

> Note: This function is named GetKeys in the Go SDK.

public static class GetKeys 
{
    public static Task<GetKeysResult> InvokeAsync(GetKeysArgs args, InvokeOptions? opts = null)
    public static Output<GetKeysResult> Invoke(GetKeysInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetKeysResult> getKeys(GetKeysArgs args, InvokeOptions options)
public static Output<GetKeysResult> getKeys(GetKeysArgs args, InvokeOptions options)

fn::invoke:
  function: oci:Kms/getKeys:getKeys
  arguments:
    # arguments dictionary

The following arguments are supported:

CompartmentId string: The OCID of the compartment.
ManagementEndpoint string: The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
Algorithm string: The algorithm used by a key's key versions to encrypt or decrypt data. Currently, support includes AES, RSA, and ECDSA algorithms.
CurveId string: The curve ID of the keys. (This pertains only to ECDSA keys.)
Filters List<GetKeysFilter>
Length int: The length of the key in bytes, expressed as an integer. Supported values include 16, 24, or 32.
ProtectionMode string: A key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. A protection mode of EXTERNAL mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of EXTERNAL are performed by external key manager.

CompartmentId string: The OCID of the compartment.
ManagementEndpoint string: The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
Algorithm string: The algorithm used by a key's key versions to encrypt or decrypt data. Currently, support includes AES, RSA, and ECDSA algorithms.
CurveId string: The curve ID of the keys. (This pertains only to ECDSA keys.)
Filters []GetKeysFilter
Length int: The length of the key in bytes, expressed as an integer. Supported values include 16, 24, or 32.
ProtectionMode string: A key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. A protection mode of EXTERNAL mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of EXTERNAL are performed by external key manager.

compartmentId String: The OCID of the compartment.
managementEndpoint String: The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
algorithm String: The algorithm used by a key's key versions to encrypt or decrypt data. Currently, support includes AES, RSA, and ECDSA algorithms.
curveId String: The curve ID of the keys. (This pertains only to ECDSA keys.)
filters List<GetKeysFilter>
length Integer: The length of the key in bytes, expressed as an integer. Supported values include 16, 24, or 32.
protectionMode String: A key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. A protection mode of EXTERNAL mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of EXTERNAL are performed by external key manager.

compartmentId string: The OCID of the compartment.
managementEndpoint string: The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
algorithm string: The algorithm used by a key's key versions to encrypt or decrypt data. Currently, support includes AES, RSA, and ECDSA algorithms.
curveId string: The curve ID of the keys. (This pertains only to ECDSA keys.)
filters GetKeysFilter[]
length number: The length of the key in bytes, expressed as an integer. Supported values include 16, 24, or 32.
protectionMode string: A key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. A protection mode of EXTERNAL mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of EXTERNAL are performed by external key manager.

compartment_id str: The OCID of the compartment.
management_endpoint str: The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
algorithm str: The algorithm used by a key's key versions to encrypt or decrypt data. Currently, support includes AES, RSA, and ECDSA algorithms.
curve_id str: The curve ID of the keys. (This pertains only to ECDSA keys.)
filters Sequence[kms.GetKeysFilter]
length int: The length of the key in bytes, expressed as an integer. Supported values include 16, 24, or 32.
protection_mode str: A key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. A protection mode of EXTERNAL mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of EXTERNAL are performed by external key manager.

compartmentId String: The OCID of the compartment.
managementEndpoint String: The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
algorithm String: The algorithm used by a key's key versions to encrypt or decrypt data. Currently, support includes AES, RSA, and ECDSA algorithms.
curveId String: The curve ID of the keys. (This pertains only to ECDSA keys.)
filters List<Property Map>
length Number: The length of the key in bytes, expressed as an integer. Supported values include 16, 24, or 32.
protectionMode String: A key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. A protection mode of EXTERNAL mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of EXTERNAL are performed by external key manager.

getKeys Result

The following output properties are available:

CompartmentId string

The OCID of the compartment that contains this master encryption key.

Id string

The provider-assigned unique ID for this managed resource.

Keys List<GetKeysKey>

The list of keys.

ManagementEndpoint string

Algorithm string

The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for External keys.

CurveId string

Supported curve IDs for ECDSA keys.

Filters List<GetKeysFilter>

Length int

The length of the key in bytes, expressed as an integer. Supported values include the following:

AES: 16, 24, or 32
RSA: 256, 384, or 512
ECDSA: 32, 48, or 66

ProtectionMode string

The key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. By default, a key's protection mode is set to HSM. You can't change a key's protection mode after the key is created or imported. A protection mode of EXTERNAL mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of EXTERNAL are performed by external key manager.

CompartmentId string

The OCID of the compartment that contains this master encryption key.

Id string

The provider-assigned unique ID for this managed resource.

Keys []GetKeysKey

The list of keys.

ManagementEndpoint string

Algorithm string

The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for External keys.

CurveId string

Supported curve IDs for ECDSA keys.

Filters []GetKeysFilter

Length int

The length of the key in bytes, expressed as an integer. Supported values include the following:

AES: 16, 24, or 32
RSA: 256, 384, or 512
ECDSA: 32, 48, or 66

ProtectionMode string

compartmentId String

The OCID of the compartment that contains this master encryption key.

id String

The provider-assigned unique ID for this managed resource.

keys List<GetKeysKey>

The list of keys.

managementEndpoint String

algorithm String

The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for External keys.

curveId String

Supported curve IDs for ECDSA keys.

filters List<GetKeysFilter>

length Integer

The length of the key in bytes, expressed as an integer. Supported values include the following:

AES: 16, 24, or 32
RSA: 256, 384, or 512
ECDSA: 32, 48, or 66

protectionMode String

compartmentId string

The OCID of the compartment that contains this master encryption key.

id string

The provider-assigned unique ID for this managed resource.

keys GetKeysKey[]

The list of keys.

managementEndpoint string

algorithm string

The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for External keys.

curveId string

Supported curve IDs for ECDSA keys.

filters GetKeysFilter[]

length number

The length of the key in bytes, expressed as an integer. Supported values include the following:

AES: 16, 24, or 32
RSA: 256, 384, or 512
ECDSA: 32, 48, or 66

protectionMode string

compartment_id str

The OCID of the compartment that contains this master encryption key.

id str

The provider-assigned unique ID for this managed resource.

keys Sequence[kms.GetKeysKey]

The list of keys.

management_endpoint str

algorithm str

The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for External keys.

curve_id str

Supported curve IDs for ECDSA keys.

filters Sequence[kms.GetKeysFilter]

length int

The length of the key in bytes, expressed as an integer. Supported values include the following:

AES: 16, 24, or 32
RSA: 256, 384, or 512
ECDSA: 32, 48, or 66

protection_mode str

compartmentId String

The OCID of the compartment that contains this master encryption key.

id String

The provider-assigned unique ID for this managed resource.

keys List<Property Map>

The list of keys.

managementEndpoint String

algorithm String

The algorithm used by a key's key versions to encrypt or decrypt. Only AES algorithm is supported for External keys.

curveId String

Supported curve IDs for ECDSA keys.

filters List<Property Map>

length Number

The length of the key in bytes, expressed as an integer. Supported values include the following:

AES: 16, 24, or 32
RSA: 256, 384, or 512
ECDSA: 32, 48, or 66

protectionMode String

Supporting Types

GetKeysFilter

Name string
Values List<string>
Regex bool

Name string
Values []string
Regex bool

name String
values List<String>
regex Boolean

name string
values string[]
regex boolean

name str
values Sequence[str]
regex bool

name String
values List<String>
regex Boolean

GetKeysKey

AutoKeyRotationDetails List<GetKeysKeyAutoKeyRotationDetail>: The details of auto rotation schedule for the Key being create updated or imported.
CompartmentId string: The OCID of the compartment.
CurrentKeyVersion string: The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.
DefinedTags Dictionary<string, string>: Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
DesiredState string
DisplayName string: A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
ExternalKeyReferenceDetails List<GetKeysKeyExternalKeyReferenceDetail>: Key reference data to be returned to the customer as a response.
ExternalKeyReferences List<GetKeysKeyExternalKeyReference>
FreeformTags Dictionary<string, string>: Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
Id string: The OCID of the key.
IsAutoRotationEnabled bool: A parameter specifying whether the auto key rotation is enabled or not.
IsPrimary bool: A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
KeyShapes List<GetKeysKeyKeyShape>: The cryptographic properties of a key.
ManagementEndpoint string: The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
ProtectionMode string: A key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. A protection mode of EXTERNAL mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of EXTERNAL are performed by external key manager.
ReplicaDetails List<GetKeysKeyReplicaDetail>: Key replica details
RestoreFromFiles List<GetKeysKeyRestoreFromFile>
RestoreFromObjectStores List<GetKeysKeyRestoreFromObjectStore>
RestoreTrigger bool
RestoredFromKeyId string
State string: The key's current lifecycle state. Example: ENABLED
TimeCreated string: The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z
TimeOfDeletion string: An optional property indicating when to delete the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
VaultId string: The OCID of the vault that contains this key.

AutoKeyRotationDetails []GetKeysKeyAutoKeyRotationDetail: The details of auto rotation schedule for the Key being create updated or imported.
CompartmentId string: The OCID of the compartment.
CurrentKeyVersion string: The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.
DefinedTags map[string]string: Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
DesiredState string
DisplayName string: A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
ExternalKeyReferenceDetails []GetKeysKeyExternalKeyReferenceDetail: Key reference data to be returned to the customer as a response.
ExternalKeyReferences []GetKeysKeyExternalKeyReference
FreeformTags map[string]string: Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
Id string: The OCID of the key.
IsAutoRotationEnabled bool: A parameter specifying whether the auto key rotation is enabled or not.
IsPrimary bool: A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
KeyShapes []GetKeysKeyKeyShape: The cryptographic properties of a key.
ManagementEndpoint string: The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
ProtectionMode string: A key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. A protection mode of EXTERNAL mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of EXTERNAL are performed by external key manager.
ReplicaDetails []GetKeysKeyReplicaDetail: Key replica details
RestoreFromFiles []GetKeysKeyRestoreFromFile
RestoreFromObjectStores []GetKeysKeyRestoreFromObjectStore
RestoreTrigger bool
RestoredFromKeyId string
State string: The key's current lifecycle state. Example: ENABLED
TimeCreated string: The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z
TimeOfDeletion string: An optional property indicating when to delete the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
VaultId string: The OCID of the vault that contains this key.

autoKeyRotationDetails List<GetKeysKeyAutoKeyRotationDetail>: The details of auto rotation schedule for the Key being create updated or imported.
compartmentId String: The OCID of the compartment.
currentKeyVersion String: The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.
definedTags Map<String,String>: Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
desiredState String
displayName String: A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
externalKeyReferenceDetails List<GetKeysKeyExternalKeyReferenceDetail>: Key reference data to be returned to the customer as a response.
externalKeyReferences List<GetKeysKeyExternalKeyReference>
freeformTags Map<String,String>: Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
id String: The OCID of the key.
isAutoRotationEnabled Boolean: A parameter specifying whether the auto key rotation is enabled or not.
isPrimary Boolean: A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
keyShapes List<GetKeysKeyKeyShape>: The cryptographic properties of a key.
managementEndpoint String: The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
protectionMode String: A key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. A protection mode of EXTERNAL mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of EXTERNAL are performed by external key manager.
replicaDetails List<GetKeysKeyReplicaDetail>: Key replica details
restoreFromFiles List<GetKeysKeyRestoreFromFile>
restoreFromObjectStores List<GetKeysKeyRestoreFromObjectStore>
restoreTrigger Boolean
restoredFromKeyId String
state String: The key's current lifecycle state. Example: ENABLED
timeCreated String: The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z
timeOfDeletion String: An optional property indicating when to delete the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
vaultId String: The OCID of the vault that contains this key.

autoKeyRotationDetails GetKeysKeyAutoKeyRotationDetail[]: The details of auto rotation schedule for the Key being create updated or imported.
compartmentId string: The OCID of the compartment.
currentKeyVersion string: The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.
definedTags {[key: string]: string}: Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
desiredState string
displayName string: A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
externalKeyReferenceDetails GetKeysKeyExternalKeyReferenceDetail[]: Key reference data to be returned to the customer as a response.
externalKeyReferences GetKeysKeyExternalKeyReference[]
freeformTags {[key: string]: string}: Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
id string: The OCID of the key.
isAutoRotationEnabled boolean: A parameter specifying whether the auto key rotation is enabled or not.
isPrimary boolean: A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
keyShapes GetKeysKeyKeyShape[]: The cryptographic properties of a key.
managementEndpoint string: The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
protectionMode string: A key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. A protection mode of EXTERNAL mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of EXTERNAL are performed by external key manager.
replicaDetails GetKeysKeyReplicaDetail[]: Key replica details
restoreFromFiles GetKeysKeyRestoreFromFile[]
restoreFromObjectStores GetKeysKeyRestoreFromObjectStore[]
restoreTrigger boolean
restoredFromKeyId string
state string: The key's current lifecycle state. Example: ENABLED
timeCreated string: The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z
timeOfDeletion string: An optional property indicating when to delete the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
vaultId string: The OCID of the vault that contains this key.

auto_key_rotation_details Sequence[kms.GetKeysKeyAutoKeyRotationDetail]: The details of auto rotation schedule for the Key being create updated or imported.
compartment_id str: The OCID of the compartment.
current_key_version str: The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.
defined_tags Mapping[str, str]: Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
desired_state str
display_name str: A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
external_key_reference_details Sequence[kms.GetKeysKeyExternalKeyReferenceDetail]: Key reference data to be returned to the customer as a response.
external_key_references Sequence[kms.GetKeysKeyExternalKeyReference]
freeform_tags Mapping[str, str]: Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
id str: The OCID of the key.
is_auto_rotation_enabled bool: A parameter specifying whether the auto key rotation is enabled or not.
is_primary bool: A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
key_shapes Sequence[kms.GetKeysKeyKeyShape]: The cryptographic properties of a key.
management_endpoint str: The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
protection_mode str: A key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. A protection mode of EXTERNAL mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of EXTERNAL are performed by external key manager.
replica_details Sequence[kms.GetKeysKeyReplicaDetail]: Key replica details
restore_from_files Sequence[kms.GetKeysKeyRestoreFromFile]
restore_from_object_stores Sequence[kms.GetKeysKeyRestoreFromObjectStore]
restore_trigger bool
restored_from_key_id str
state str: The key's current lifecycle state. Example: ENABLED
time_created str: The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z
time_of_deletion str: An optional property indicating when to delete the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
vault_id str: The OCID of the vault that contains this key.

autoKeyRotationDetails List<Property Map>: The details of auto rotation schedule for the Key being create updated or imported.
compartmentId String: The OCID of the compartment.
currentKeyVersion String: The OCID of the key version used in cryptographic operations. During key rotation, the service might be in a transitional state where this or a newer key version are used intermittently. The currentKeyVersion property is updated when the service is guaranteed to use the new key version for all subsequent encryption operations.
definedTags Map<String>: Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example: {"Operations.CostCenter": "42"}
desiredState String
displayName String: A user-friendly name for the key. It does not have to be unique, and it is changeable. Avoid entering confidential information.
externalKeyReferenceDetails List<Property Map>: Key reference data to be returned to the customer as a response.
externalKeyReferences List<Property Map>
freeformTags Map<String>: Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example: {"Department": "Finance"}
id String: The OCID of the key.
isAutoRotationEnabled Boolean: A parameter specifying whether the auto key rotation is enabled or not.
isPrimary Boolean: A Boolean value that indicates whether the Key belongs to primary Vault or replica vault.
keyShapes List<Property Map>: The cryptographic properties of a key.
managementEndpoint String: The service endpoint to perform management operations against. Management operations include 'Create,' 'Update,' 'List,' 'Get,' and 'Delete' operations. See Vault Management endpoint.
protectionMode String: A key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed. A protection mode of HSM means that the key persists on a hardware security module (HSM) and all cryptographic operations are performed inside the HSM. A protection mode of SOFTWARE means that the key persists on the server, protected by the vault's RSA wrapping key which persists on the HSM. All cryptographic operations that use a key with a protection mode of SOFTWARE are performed on the server. A protection mode of EXTERNAL mean that the key persists on the customer's external key manager which is hosted externally outside of oracle. Oracle only hold a reference to that key. All cryptographic operations that use a key with a protection mode of EXTERNAL are performed by external key manager.
replicaDetails List<Property Map>: Key replica details
restoreFromFiles List<Property Map>
restoreFromObjectStores List<Property Map>
restoreTrigger Boolean
restoredFromKeyId String
state String: The key's current lifecycle state. Example: ENABLED
timeCreated String: The date and time the key was created, expressed in RFC 3339 timestamp format. Example: 2018-04-03T21:10:29.600Z
timeOfDeletion String: An optional property indicating when to delete the key, expressed in RFC 3339 timestamp format. Example: 2019-04-03T21:10:29.600Z
vaultId String: The OCID of the vault that contains this key.

GetKeysKeyAutoKeyRotationDetail

LastRotationMessage string: The last execution status message of auto key rotation.
LastRotationStatus string: The status of last execution of auto key rotation.
RotationIntervalInDays int: The interval of auto key rotation. For auto key rotation the interval should between 60 day and 365 days (1 year). Note: User must specify this parameter when creating a new schedule.
TimeOfLastRotation string: A property indicating Last rotation Date. Example: 2023-04-04T00:00:00Z.
TimeOfNextRotation string: A property indicating Next estimated scheduled Time, as per the interval, expressed as date YYYY-MM-DD String. Example: 2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z.
TimeOfScheduleStart string: A property indicating scheduled start date expressed as date YYYY-MM-DD String. Example: `2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z . Note : Today’s date will be used if not specified by customer.

LastRotationMessage string: The last execution status message of auto key rotation.
LastRotationStatus string: The status of last execution of auto key rotation.
RotationIntervalInDays int: The interval of auto key rotation. For auto key rotation the interval should between 60 day and 365 days (1 year). Note: User must specify this parameter when creating a new schedule.
TimeOfLastRotation string: A property indicating Last rotation Date. Example: 2023-04-04T00:00:00Z.
TimeOfNextRotation string: A property indicating Next estimated scheduled Time, as per the interval, expressed as date YYYY-MM-DD String. Example: 2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z.
TimeOfScheduleStart string: A property indicating scheduled start date expressed as date YYYY-MM-DD String. Example: `2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z . Note : Today’s date will be used if not specified by customer.

lastRotationMessage String: The last execution status message of auto key rotation.
lastRotationStatus String: The status of last execution of auto key rotation.
rotationIntervalInDays Integer: The interval of auto key rotation. For auto key rotation the interval should between 60 day and 365 days (1 year). Note: User must specify this parameter when creating a new schedule.
timeOfLastRotation String: A property indicating Last rotation Date. Example: 2023-04-04T00:00:00Z.
timeOfNextRotation String: A property indicating Next estimated scheduled Time, as per the interval, expressed as date YYYY-MM-DD String. Example: 2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z.
timeOfScheduleStart String: A property indicating scheduled start date expressed as date YYYY-MM-DD String. Example: `2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z . Note : Today’s date will be used if not specified by customer.

lastRotationMessage string: The last execution status message of auto key rotation.
lastRotationStatus string: The status of last execution of auto key rotation.
rotationIntervalInDays number: The interval of auto key rotation. For auto key rotation the interval should between 60 day and 365 days (1 year). Note: User must specify this parameter when creating a new schedule.
timeOfLastRotation string: A property indicating Last rotation Date. Example: 2023-04-04T00:00:00Z.
timeOfNextRotation string: A property indicating Next estimated scheduled Time, as per the interval, expressed as date YYYY-MM-DD String. Example: 2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z.
timeOfScheduleStart string: A property indicating scheduled start date expressed as date YYYY-MM-DD String. Example: `2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z . Note : Today’s date will be used if not specified by customer.

last_rotation_message str: The last execution status message of auto key rotation.
last_rotation_status str: The status of last execution of auto key rotation.
rotation_interval_in_days int: The interval of auto key rotation. For auto key rotation the interval should between 60 day and 365 days (1 year). Note: User must specify this parameter when creating a new schedule.
time_of_last_rotation str: A property indicating Last rotation Date. Example: 2023-04-04T00:00:00Z.
time_of_next_rotation str: A property indicating Next estimated scheduled Time, as per the interval, expressed as date YYYY-MM-DD String. Example: 2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z.
time_of_schedule_start str: A property indicating scheduled start date expressed as date YYYY-MM-DD String. Example: `2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z . Note : Today’s date will be used if not specified by customer.

lastRotationMessage String: The last execution status message of auto key rotation.
lastRotationStatus String: The status of last execution of auto key rotation.
rotationIntervalInDays Number: The interval of auto key rotation. For auto key rotation the interval should between 60 day and 365 days (1 year). Note: User must specify this parameter when creating a new schedule.
timeOfLastRotation String: A property indicating Last rotation Date. Example: 2023-04-04T00:00:00Z.
timeOfNextRotation String: A property indicating Next estimated scheduled Time, as per the interval, expressed as date YYYY-MM-DD String. Example: 2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z.
timeOfScheduleStart String: A property indicating scheduled start date expressed as date YYYY-MM-DD String. Example: `2023-04-04T00:00:00Z. The time has no significance when scheduling an auto key rotation as this can be done anytime approximately the scheduled day, KMS ignores the time and replaces it with 00:00, for example 2023-04-04T15:14:13Z will be used as 2023-04-04T00:00:00Z . Note : Today’s date will be used if not specified by customer.

GetKeysKeyExternalKeyReference

ExternalKeyId string: ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM.

ExternalKeyId string: ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM.

externalKeyId String: ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM.

externalKeyId string: ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM.

external_key_id str: ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM.

externalKeyId String: ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM.

GetKeysKeyExternalKeyReferenceDetail

ExternalKeyId string: ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM.
ExternalKeyVersionId string: Key version ID associated with the external key.

ExternalKeyId string: ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM.
ExternalKeyVersionId string: Key version ID associated with the external key.

externalKeyId String: ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM.
externalKeyVersionId String: Key version ID associated with the external key.

externalKeyId string: ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM.
externalKeyVersionId string: Key version ID associated with the external key.

external_key_id str: ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM.
external_key_version_id str: Key version ID associated with the external key.

externalKeyId String: ExternalKeyId refers to the globally unique key Id associated with the key created in external vault in CTM.
externalKeyVersionId String: Key version ID associated with the external key.

GetKeysKeyKeyShape

Algorithm string: The algorithm used by a key's key versions to encrypt or decrypt data. Currently, support includes AES, RSA, and ECDSA algorithms.
CurveId string: The curve ID of the keys. (This pertains only to ECDSA keys.)
Length int: The length of the key in bytes, expressed as an integer. Supported values include 16, 24, or 32.

Algorithm string: The algorithm used by a key's key versions to encrypt or decrypt data. Currently, support includes AES, RSA, and ECDSA algorithms.
CurveId string: The curve ID of the keys. (This pertains only to ECDSA keys.)
Length int: The length of the key in bytes, expressed as an integer. Supported values include 16, 24, or 32.

algorithm String: The algorithm used by a key's key versions to encrypt or decrypt data. Currently, support includes AES, RSA, and ECDSA algorithms.
curveId String: The curve ID of the keys. (This pertains only to ECDSA keys.)
length Integer: The length of the key in bytes, expressed as an integer. Supported values include 16, 24, or 32.

algorithm string: The algorithm used by a key's key versions to encrypt or decrypt data. Currently, support includes AES, RSA, and ECDSA algorithms.
curveId string: The curve ID of the keys. (This pertains only to ECDSA keys.)
length number: The length of the key in bytes, expressed as an integer. Supported values include 16, 24, or 32.

algorithm str: The algorithm used by a key's key versions to encrypt or decrypt data. Currently, support includes AES, RSA, and ECDSA algorithms.
curve_id str: The curve ID of the keys. (This pertains only to ECDSA keys.)
length int: The length of the key in bytes, expressed as an integer. Supported values include 16, 24, or 32.

algorithm String: The algorithm used by a key's key versions to encrypt or decrypt data. Currently, support includes AES, RSA, and ECDSA algorithms.
curveId String: The curve ID of the keys. (This pertains only to ECDSA keys.)
length Number: The length of the key in bytes, expressed as an integer. Supported values include 16, 24, or 32.