How to get External KMS Keys using BOTO3?

0

I am writing a python script which will iterate through the AWS accounts and fetch all Encryption key details. In BOTO3 i can see only AWS_KMS key api. My question is how can I fetch information of the Imported Keys from external KMS using BOTO3?

2回答
1

Hi,

you can try using https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/kms/client/describe_key.html which contains an Origin field containing information about a key being external: 'Origin': 'AWS_KMS'|'EXTERNAL'|'AWS_CLOUDHSM'|'EXTERNAL_KEY_STORE'.

See below example:

import boto3
kms_client = boto3.client('kms')
keyList = kms_client.list_keys()

for key in keyList['Keys']:
    key_id = key['KeyId']
    info = kms_client.describe_key(KeyId=key_id)
    
    if info['KeyMetadata']['Origin'] == 'EXTERNAL':
        print('Do your magic’)

Hope it helps.

profile picture
エキスパート
回答済み 1年前
0
承認された回答

To double down on what Alatech said , u can use this as a sample code(I quickly typed in my editor so please take this as your starting point )

import boto3

# create an instance of the boto3 KMS client
kms_client = boto3.client('kms')

# call the list_keys() method to fetch all the external keys
response = kms_client.list_keys()

# extract the external key ids from the response
key_ids = [key['KeyId'] for key in response['Keys'] if not key['Origin'] == 'AWS_KMS']

# print the external key ids
print(key_ids)
profile pictureAWS
Niko
回答済み 1年前
  • Thanks guys, this will help

  • I tried running your piece of code, but there is no "Origin" field am getting.

  • Ala tech here. It is because you have to call the describe key method as I mentioned in my below answer . Above code just list the keys, of course it won’t work ;)

  • Ala is correct, the code is just a starting point and you need to include additional(or replace what I provided) calls from the documentation he added. I will try to find time to incorporate them for you over the weekend

  • Added example below

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ