2 Answers
- Newest
- Most votes
- Most comments
1
Hi,
you can try using https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/kms/client/describe_key.html which contains an Origin field containing information about a key being external: 'Origin': 'AWS_KMS'|'EXTERNAL'|'AWS_CLOUDHSM'|'EXTERNAL_KEY_STORE'.
See below example:
import boto3
kms_client = boto3.client('kms')
keyList = kms_client.list_keys()
for key in keyList['Keys']:
key_id = key['KeyId']
info = kms_client.describe_key(KeyId=key_id)
if info['KeyMetadata']['Origin'] == 'EXTERNAL':
print('Do your magic’)
Hope it helps.
0
To double down on what Alatech said , u can use this as a sample code(I quickly typed in my editor so please take this as your starting point )
import boto3
# create an instance of the boto3 KMS client
kms_client = boto3.client('kms')
# call the list_keys() method to fetch all the external keys
response = kms_client.list_keys()
# extract the external key ids from the response
key_ids = [key['KeyId'] for key in response['Keys'] if not key['Origin'] == 'AWS_KMS']
# print the external key ids
print(key_ids)
Relevant content
AWS OFFICIALUpdated 3 years ago- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 8 months ago
Thanks guys, this will help
I tried running your piece of code, but there is no "Origin" field am getting.
Ala tech here. It is because you have to call the describe key method as I mentioned in my below answer . Above code just list the keys, of course it won’t work ;)
Ala is correct, the code is just a starting point and you need to include additional(or replace what I provided) calls from the documentation he added. I will try to find time to incorporate them for you over the weekend
Added example below