Skip to main content

Navigation Guide
You are on a Command (operation) page with structural examples. Use the navigation breadcrumb if you would like to return to the Client landing page.

ListKeysCommand

Suggest an Edit

Gets a list of all KMS keys in the caller's Amazon Web Services account and Region.

Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

Required permissions: kms:ListKeys (IAM policy)

Related operations:

CreateKey
DescribeKey
ListAliases
ListResourceTags

Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency .

Example Syntax

Use a bare-bones client and the command you need to make an API call.

import { KMSClient, ListKeysCommand } from "@aws-sdk/client-kms"; // ES Modules import
// const { KMSClient, ListKeysCommand } = require("@aws-sdk/client-kms"); // CommonJS import
const client = new KMSClient(config);
const input = { // ListKeysRequest
  Limit: Number("int"),
  Marker: "STRING_VALUE",
};
const command = new ListKeysCommand(input);
const response = await client.send(command);
// { // ListKeysResponse
//   Keys: [ // KeyList
//     { // KeyListEntry
//       KeyId: "STRING_VALUE",
//       KeyArn: "STRING_VALUE",
//     },
//   ],
//   NextMarker: "STRING_VALUE",
//   Truncated: true || false,
// };

Example Usage

Loading code editorLoading code editor

ListKeysCommand Input

See ListKeysCommandInput for more details

Parameter	Type	Description
`Limit`	`number \| undefined`	Use this parameter to specify the maximum number of items to return. When this value is present, KMS does not return more than the specified number of items, but it might return fewer. This value is optional. If you include a value, it must be between 1 and 1000, inclusive. If you do not include a value, it defaults to 100.
`Marker`	`string \| undefined`	Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of `NextMarker` from the truncated response you just received.

ListKeysCommand Output

See ListKeysCommandOutput for details

Parameter	Type	Description
`$metadata` Required	`ResponseMetadata`	Metadata pertaining to this request.
`Keys`	`KeyListEntry[] \| undefined`	A list of KMS keys.
`NextMarker`	`string \| undefined`	When `Truncated` is true, this element is present and contains the value to use for the `Marker` parameter in a subsequent request.
`Truncated`	`boolean \| undefined`	A flag that indicates whether there are more items in the list. When this value is true, the list in this response is truncated. To get more items, pass the value of the `NextMarker` element in this response to the `Marker` parameter in a subsequent request.

Throws

Name	Fault	Details
DependencyTimeoutException	server	The system timed out while trying to fulfill the request. You can retry the request.
InvalidMarkerException	client	The request was rejected because the marker that specifies where pagination should next begin is not valid.
KMSInternalException	server	The request was rejected because an internal exception occurred. The request can be retried.
KMSServiceException		Base exception class for all service exceptions from KMS service.