KeyList Event

Fires once for each CMK when listing CMKs.

Syntax

public event OnKeyListHandler OnKeyList;

public delegate void OnKeyListHandler(object sender, AmazonkmsKeyListEventArgs e);

public class AmazonkmsKeyListEventArgs : EventArgs {
  public string ARN { get; }
  public string Id { get; }
  public string AccountId { get; }
  public string Description { get; }
  public bool Enabled { get; }
  public bool AWSManaged { get; }
  public bool ForSigning { get; }
  public string KeySpec { get; }
  public string Algorithms { get; }
  public int State { get; }
  public string CreationDate { get; }
  public string DeletionDate { get; }
}
Public Event OnKeyList As OnKeyListHandler

Public Delegate Sub OnKeyListHandler(sender As Object, e As AmazonkmsKeyListEventArgs)

Public Class AmazonkmsKeyListEventArgs Inherits EventArgs
  Public ReadOnly Property ARN As String
  Public ReadOnly Property Id As String
  Public ReadOnly Property AccountId As String
  Public ReadOnly Property Description As String
  Public ReadOnly Property Enabled As Boolean
  Public ReadOnly Property AWSManaged As Boolean
  Public ReadOnly Property ForSigning As Boolean
  Public ReadOnly Property KeySpec As String
  Public ReadOnly Property Algorithms As String
  Public ReadOnly Property State As Integer
  Public ReadOnly Property CreationDate As String
  Public ReadOnly Property DeletionDate As String
End Class

Remarks

This event fires once for each CMK returned when ListKeys or GetKeyInfo is called. However, note that only ARN and Id are populated when ListKeys is called (unless the IncludeKeyDetails property is enabled; refer to its documentation for more information).

ARN reflects the Amazon resource name of the CMK.

Id reflects the Id of the CMK.

AccountId reflects the Id of the AWS account that owns the CMK.

Description reflects the CMK's description.

Enabled reflects whether the CMK is currently enabled.

AWSManaged reflects whether the CMK is AWS-managed (true) or customer-managed (false).

ForSigning reflects whether the CMK's usage is signing/verification (true) or encryption/decryption (false).

KeySpec reflects the key spec of the CMK. For symmetric CMKs, the only possible value is SYMMETRIC_DEFAULT which, according to the Amazon KMS documentation, is based on AES-256-GCM. For asymmetric CMKs, possible values are:

  • RSA_2048
  • RSA_3072
  • RSA_4096
  • ECC_NIST_P256 (secp256r1)
  • ECC_NIST_P384 (secp384r1)
  • ECC_NIST_P521 (secp521r1)
  • ECC_SECG_P256K1 (secp256k1)

Algorithms reflects a comma-separated list of algorithms that the CMK supports. If ForSigning is false, possible values are:

  • SYMMETRIC_DEFAULT
  • RSAES_OAEP_SHA_1
  • RSAES_OAEP_SHA_256

If ForSigning is true, possible values are:

  • RSASSA_PSS_SHA_256
  • RSASSA_PSS_SHA_384
  • RSASSA_PSS_SHA_512
  • RSASSA_PKCS1_V1_5_SHA_256
  • RSASSA_PKCS1_V1_5_SHA_384
  • RSASSA_PKCS1_V1_5_SHA_512
  • ECDSA_SHA_256
  • ECDSA_SHA_384
  • ECDSA_SHA_512

State reflects the CMK's state. Possible values are:

  • aksEnabled (0): The CMK is enabled and ready for use. (Also the default value used when ListKeys is called.)
  • aksDisabled (1): The CMK is disabled and cannot be used until it is enabled again.
  • aksPendingDeletion (2): The CMK is pending deletion and cannot be used unless the deletion is canceled.
  • aksPendingImport (3): The CMK has been created, but external key material has not yet been imported into it, so it cannot be used.
  • aksUnavailable (4): The CMK is currently unavailable because the CloudHSM cluster that contains its key material has been disconnected from Amazon KMS.

CreationDate reflects the creation date of the CMK, in seconds since the Unix epoch (including fractional seconds).

If the CMK's state is aksPendingDeletion (2), DeletionDate reflects the deletion date, in seconds since the Unix epoch (including fractional seconds)

Copyright (c) 2022 /n software inc. - All rights reserved.
Cloud Keys 2020 .NET Edition - Version 20.0 [Build 8157]