Amazon Web Services (AWS) - Describe Key Management Service (KMS) key using AWS CLI

by
Jeremy Canfield |
Updated: March 07 2024
| Amazon Web Services (AWS) articles
This assumes you have already configured the aws command line tool. If not, check out my article on Getting Started with the AWS CLI.
Key Management Service (KMS) is an Amazon Web Services (AWS) service that is used to manage public/private SSL key pairs, for encryption and decryption.
The aws kms list-keys command can be used to list your KMS keys. This will return both:
- AWS managed keys
- Customer managed keys
~]$ aws kms list-keys
{
"Keys": [
{
"KeyId": "2b32ca5b-ccaf-493b-b95f-d780d8e65eda",
"KeyArn": "arn:aws:kms:us-east-1:123456789012:key/2b32ca5b-ccaf-493b-b95f-d780d8e65eda"
},
{
"KeyId": "6ad1f21e-efa1-4884-bba2-fa3fbd1110ec",
"KeyArn": "arn:aws:kms:us-east-1:123456789012:key/6ad1f21e-efa1-4884-bba2-fa3fbd1110ec"
},
{
"KeyId": "a8cd1fa6-a162-47ef-8cf9-a5cc95bc8cd7",
"KeyArn": "arn:aws:kms:us-east-1:123456789012:key/a8cd1fa6-a162-47ef-8cf9-a5cc95bc8cd7"
},
{
"KeyId": "cb5302aa-e14b-4ad1-9d4b-4794a64f0b65",
"KeyArn": "arn:aws:kms:us-east-1:123456789012:key/cb5302aa-e14b-4ad1-9d4b-4794a64f0b65"
},
{
"KeyId": "f0c9f7f5-1956-4b8d-bb2f-e0f9aa951309",
"KeyArn": "arn:aws:kms:us-east-1:123456789012:key/f0c9f7f5-1956-4b8d-bb2f-e0f9aa951309"
}
]
}
Then the aws kms describe-key command can be used to show more details about a specific key.
~]$ aws kms describe-key --key-id e35ad552-7cad-4db1-ab55-2c4b932ac2c4
{
"KeyMetadata": {
"AWSAccountId": "123456789012",
"KeyId": "e35ad552-7cad-4db1-ab55-2c4b932ac2c4",
"Arn": "arn:aws:kms:us-east-1:123456789012:key/e35ad552-7cad-4db1-ab55-2c4b932ac2c4",
"CreationDate": "2024-03-06T02:56:19.107000+00:00",
"Enabled": true,
"Description": "",
"KeyUsage": "ENCRYPT_DECRYPT",
"KeyState": "Enabled",
"Origin": "AWS_KMS",
"KeyManager": "CUSTOMER",
"CustomerMasterKeySpec": "RSA_2048",
"KeySpec": "RSA_2048",
"EncryptionAlgorithms": [
"RSAES_OAEP_SHA_1",
"RSAES_OAEP_SHA_256"
],
"MultiRegion": false
}
}
Did you find this article helpful?
If so, consider buying me a coffee over at