AWSKey Type
An Amazon KMS customer master key (CMK).
Remarks
This type represents an Amazon KMS customer master key (CMK).
Fields
AccountId String |
The Id of the AWS account that owns the CMK. This field reflects the Id of the AWS account that owns the CMK. |
Algorithms String |
A comma-separated list of algorithms that the CMK supports. This field reflects a comma-separated list of algorithms that the CMK supports. If ForSigning is false, possible values are:
If ForSigning is true, possible values are:
|
ARN String |
The Amazon resource name (ARN) of the CMK. This field reflects the Amazon resource name (ARN) of the CMK. |
AWSManaged Boolean |
Whether the CMK is AWS-managed. This field reflects whether the CMK is AWS-managed (true) or customer-managed (false). |
CloudHSMClusterId String |
The Id of the CloudHSM cluster the CMK's key material resides in, if applicable. If the CMK resides in a custom key store, this field reflects the Id of the CloudHSM that the CMK's key material resides in. |
CreationDate String |
The creation date of the CMK. This field reflects the creation date of the CMK, in seconds since the Unix epoch (including fractional seconds). |
CustomKeyStoreId String |
The Id of the custom key store that the CMK resides in, if applicable. If the CMK resides in a custom key store, this field reflects the Id of said custom key store. |
DeletionDate String |
The date at which the CMK will be deleted, if applicable. If the CMK's State is aksPendingDeletion (2), this field will reflect the deletion date, in seconds since the Unix epoch (including fractional seconds). |
Description String |
The CMK's description. This field reflects the CMK's description. To change a CMK's description, use the UpdateKeyDescription method. |
Enabled Boolean |
Whether the CMK is enabled. This field reflects whether the CMK is currently enabled. |
ExpirationDate String |
The date at which the CMK's key material will expire, if applicable. If the CMK's key material Origin is akoExternal (1), and the external key material has an expiration date, this field will reflect said date, in seconds since the Unix epoch (including fractional seconds). |
ForSigning Boolean |
Whether the CMK is for signing or encryption. This field reflects whether the CMK's usage is signing/verification (true) or encryption/decryption (false). A CMK's usage determines which cryptographic operations it can be used for. For example, a CMK with signing/verification usage can be used for Sign and Verify operations, but not for Encrypt, Decrypt or ReEncrypt operations. |
Id String |
The Id of the CMK. This field reflects the Id of the CMK. |
KeySpec String |
The key spec of the CMK. This field reflects the key spec of the CMK. For symmetric CMKs, the only possible value is SYMMETRIC_DEFAULT which, according to the Amazon KMS documentation, is based on AES-256-GCM. For asymmetric CMKs, possible values are:
|
Origin AWSKeyOrigins |
The origin of the CMK's key material. This field reflects the origin of the CMK's key material. Possible values are:
|
State AWSKeyStates |
The CMK's state. This field reflects the CMK's state. Possible values are:
|