inspec · sathish-progress · Sep 30, 2021 · Aug 27, 2021 · Sep 16, 2021 · Sep 17, 2021
@@ -56,6 +56,7 @@ See also the [AWS documentation on KS Keys](https://docs.aws.amazon.com/kms/late
 |description       | The description of the key. |
 |deletion\_time     | Specifies the date and time after which AWS KMS deletes the key. This value is present only when KeyState is PendingDeletion, otherwise this value is nil. |
 |invalidation\_time | Provides the date and time until the key is not valid.  Once the key is not valid, AWS KMS deletes the key and it becomes unusable.  This value will be null unless the keys Origin is EXTERNAL and its matcher have\_key\_expiration is set to true. |
+|tags          | A hash with each key-value pair corresponding to a tag associated with the entity. |
 
 ## Examples
 

@@ -39,6 +39,22 @@ def exists?
     !@key.empty?
   end
 
+  def kms_tags(tag_list)
+    return {} if tag_list.nil? || tag_list.empty?
+    tags = {}
+    tag_list.each do |tag|
+      tags[tag[:tag_key]] = tag[:tag_value]
+    end
+    tags
+  end
+
+  def tags
+    catch_aws_errors do
+      tag_list = @aws.kms_client.list_resource_tags(key_id: @display_name).tags
+      kms_tags(tag_list)
+    end
+  end
+
   def created_days_ago
     ((Time.now - @key[:creation_date]) / (24 * 60 * 60)).to_i unless @key[:creation_date].nil?
   end