AWSKey Type

An Amazon KMS customer master key (CMK).

Remarks

This type represents an Amazon KMS customer master key (CMK).

Fields

AccountId
String

The Id of the AWS account that owns the CMK.

This field reflects the Id of the AWS account that owns the CMK.

Algorithms
String

A comma-separated list of algorithms that the CMK supports.

This field reflects a comma-separated list of algorithms that the CMK supports.

If ForSigning is false, possible values are:

  • SYMMETRIC_DEFAULT
  • RSAES_OAEP_SHA_1
  • RSAES_OAEP_SHA_256

If ForSigning is true, possible values are:

  • RSASSA_PSS_SHA_256
  • RSASSA_PSS_SHA_384
  • RSASSA_PSS_SHA_512
  • RSASSA_PKCS1_V1_5_SHA_256
  • RSASSA_PKCS1_V1_5_SHA_384
  • RSASSA_PKCS1_V1_5_SHA_512
  • ECDSA_SHA_256
  • ECDSA_SHA_384
  • ECDSA_SHA_512

ARN
String

The Amazon resource name (ARN) of the CMK.

This field reflects the Amazon resource name (ARN) of the CMK.

AWSManaged
Boolean

Whether the CMK is AWS-managed.

This field reflects whether the CMK is AWS-managed (true) or customer-managed (false).

CloudHSMClusterId
String

The Id of the CloudHSM cluster the CMK's key material resides in, if applicable.

If the CMK resides in a custom key store, this field reflects the Id of the CloudHSM that the CMK's key material resides in.

CreationDate
String

The creation date of the CMK.

This field reflects the creation date of the CMK, in seconds since the Unix epoch (including fractional seconds).

CustomKeyStoreId
String

The Id of the custom key store that the CMK resides in, if applicable.

If the CMK resides in a custom key store, this field reflects the Id of said custom key store.

DeletionDate
String

The date at which the CMK will be deleted, if applicable.

If the CMK's State is aksPendingDeletion (2), this field will reflect the deletion date, in seconds since the Unix epoch (including fractional seconds).

Description
String

The CMK's description.

This field reflects the CMK's description. To change a CMK's description, use the UpdateKeyDescription method.

Enabled
Boolean

Whether the CMK is enabled.

This field reflects whether the CMK is currently enabled.

ExpirationDate
String

The date at which the CMK's key material will expire, if applicable.

If the CMK's key material Origin is akoExternal (1), and the external key material has an expiration date, this field will reflect said date, in seconds since the Unix epoch (including fractional seconds).

ForSigning
Boolean

Whether the CMK is for signing or encryption.

This field reflects whether the CMK's usage is signing/verification (true) or encryption/decryption (false).

A CMK's usage determines which cryptographic operations it can be used for. For example, a CMK with signing/verification usage can be used for Sign and Verify operations, but not for Encrypt, Decrypt or ReEncrypt operations.

Id
String

The Id of the CMK.

This field reflects the Id of the CMK.

KeySpec
String

The key spec of the CMK.

This field reflects the key spec of the CMK. For symmetric CMKs, the only possible value is SYMMETRIC_DEFAULT which, according to the Amazon KMS documentation, is based on AES-256-GCM. For asymmetric CMKs, possible values are:

  • RSA_2048
  • RSA_3072
  • RSA_4096
  • ECC_NIST_P256 (secp256r1)
  • ECC_NIST_P384 (secp384r1)
  • ECC_NIST_P521 (secp521r1)
  • ECC_SECG_P256K1 (secp256k1)

Origin
AWSKeyOrigins

The origin of the CMK's key material.

This field reflects the origin of the CMK's key material. Possible values are:

  • akoKMS (0): Key material from Amazon KMS. (Also the default value used when ListKeys is called.)
  • akoExternal (1): External key material imported into Amazon KMS.
  • akoCloudHSM (2): Key material from an Amazon CloudHSM cluster.

State
AWSKeyStates

The CMK's state.

This field reflects the CMK's state. Possible values are:

  • aksEnabled (0): The CMK is enabled and ready for use. (Also the default value used when ListKeys is called.)
  • aksDisabled (1): The CMK is disabled and cannot be used until it is enabled again.
  • aksPendingDeletion (2): The CMK is pending deletion and cannot be used unless the deletion is canceled.
  • aksPendingImport (3): The CMK has been created, but external key material has not yet been imported into it, so it cannot be used.
  • aksUnavailable (4): The CMK is currently unavailable because the CloudHSM cluster that contains its key material has been disconnected from Amazon KMS.

Copyright (c) 2022 /n software inc. - All rights reserved.
Cloud Keys 2020 .NET Edition - Version 20.0 [Build 8157]