KeyList Event

Fires once for each CMK when listing CMKs.

Syntax

public class DefaultAmazonkmsEventListener implements AmazonkmsEventListener {
  ...
  public void keyList(AmazonkmsKeyListEvent e) {}
  ...
}

public class AmazonkmsKeyListEvent {
  public String ARN;
  public String id;
  public String accountId;
  public String description;
  public boolean enabled;
  public boolean AWSManaged;
  public boolean forSigning;
  public String keySpec;
  public String algorithms;
  public int state;
  public String creationDate;
  public String deletionDate;
}

Remarks

This event fires once for each CMK returned when ListKeys or GetKeyInfo is called. However, note that only ARN and Id are populated when ListKeys is called (unless the IncludeKeyDetails property is enabled; refer to its documentation for more information).

ARN reflects the Amazon resource name of the CMK.

Id reflects the Id of the CMK.

AccountId reflects the Id of the AWS account that owns the CMK.

Description reflects the CMK's description.

Enabled reflects whether the CMK is currently enabled.

AWSManaged reflects whether the CMK is AWS-managed (true) or customer-managed (false).

ForSigning reflects whether the CMK's usage is signing/verification (true) or encryption/decryption (false).

KeySpec reflects the key spec of the CMK. For symmetric CMKs, the only possible value is SYMMETRIC_DEFAULT which, according to the Amazon KMS documentation, is based on AES-256-GCM. For asymmetric CMKs, possible values are:

  • RSA_2048
  • RSA_3072
  • RSA_4096
  • ECC_NIST_P256 (secp256r1)
  • ECC_NIST_P384 (secp384r1)
  • ECC_NIST_P521 (secp521r1)
  • ECC_SECG_P256K1 (secp256k1)

Algorithms reflects a comma-separated list of algorithms that the CMK supports. If ForSigning is false, possible values are:

  • SYMMETRIC_DEFAULT
  • RSAES_OAEP_SHA_1
  • RSAES_OAEP_SHA_256

If ForSigning is true, possible values are:

  • RSASSA_PSS_SHA_256
  • RSASSA_PSS_SHA_384
  • RSASSA_PSS_SHA_512
  • RSASSA_PKCS1_V1_5_SHA_256
  • RSASSA_PKCS1_V1_5_SHA_384
  • RSASSA_PKCS1_V1_5_SHA_512
  • ECDSA_SHA_256
  • ECDSA_SHA_384
  • ECDSA_SHA_512

State reflects the CMK's state. Possible values are:

  • aksEnabled (0): The CMK is enabled and ready for use. (Also the default value used when ListKeys is called.)
  • aksDisabled (1): The CMK is disabled and cannot be used until it is enabled again.
  • aksPendingDeletion (2): The CMK is pending deletion and cannot be used unless the deletion is canceled.
  • aksPendingImport (3): The CMK has been created, but external key material has not yet been imported into it, so it cannot be used.
  • aksUnavailable (4): The CMK is currently unavailable because the CloudHSM cluster that contains its key material has been disconnected from Amazon KMS.

CreationDate reflects the creation date of the CMK, in seconds since the Unix epoch (including fractional seconds).

If the CMK's state is aksPendingDeletion (2), DeletionDate reflects the deletion date, in seconds since the Unix epoch (including fractional seconds)

Copyright (c) 2022 /n software inc. - All rights reserved.
Cloud Keys 2020 Java Edition - Version 20.0 [Build 8157]