Class KeyMetadata
- All Implemented Interfaces:
Serializable
,SdkPojo
,ToCopyableBuilder<KeyMetadata.Builder,
KeyMetadata>
Contains metadata about a KMS key.
This data type is used as a response element for the CreateKey, DescribeKey, and ReplicateKey operations.
- See Also:
-
Nested Class Summary
-
Method Summary
Modifier and TypeMethodDescriptionfinal String
arn()
The Amazon Resource Name (ARN) of the KMS key.final String
The twelve-digit account ID of the Amazon Web Services account that owns the KMS key.static KeyMetadata.Builder
builder()
final String
The cluster ID of the CloudHSM cluster that contains the key material for the KMS key.final Instant
The date and time when the KMS key was created.final CustomerMasterKeySpec
Deprecated.This field has been deprecated.final String
Deprecated.This field has been deprecated.final String
A unique identifier for the custom key store that contains the KMS key.final Instant
The date and time after which KMS deletes this KMS key.final String
The description of the KMS key.final Boolean
enabled()
Specifies whether the KMS key is enabled.final List
<EncryptionAlgorithmSpec> The encryption algorithms that the KMS key supports.The encryption algorithms that the KMS key supports.final boolean
final boolean
equalsBySdkFields
(Object obj) Indicates whether some other object is "equal to" this one by SDK fields.final ExpirationModelType
Specifies whether the KMS key's key material expires.final String
Specifies whether the KMS key's key material expires.final <T> Optional
<T> getValueForField
(String fieldName, Class<T> clazz) final boolean
For responses, this returns true if the service returned a value for the EncryptionAlgorithms property.final int
hashCode()
final boolean
For responses, this returns true if the service returned a value for the MacAlgorithms property.final boolean
For responses, this returns true if the service returned a value for the SigningAlgorithms property.final String
keyId()
The globally unique identifier for the KMS key.final KeyManagerType
The manager of the KMS key.final String
The manager of the KMS key.final KeySpec
keySpec()
Describes the type of key material in the KMS key.final String
Describes the type of key material in the KMS key.final KeyState
keyState()
The current status of the KMS key.final String
The current status of the KMS key.final KeyUsageType
keyUsage()
The cryptographic operations for which you can use the KMS key.final String
The cryptographic operations for which you can use the KMS key.final List
<MacAlgorithmSpec> The message authentication code (MAC) algorithm that the HMAC KMS key supports.The message authentication code (MAC) algorithm that the HMAC KMS key supports.final Boolean
Indicates whether the KMS key is a multi-Region (True
) or regional (False
) key.final MultiRegionConfiguration
Lists the primary and replica keys in same multi-Region key.final OriginType
origin()
The source of the key material for the KMS key.final String
The source of the key material for the KMS key.final Integer
The waiting period before the primary key in a multi-Region key is deleted.static Class
<? extends KeyMetadata.Builder> final List
<SigningAlgorithmSpec> The signing algorithms that the KMS key supports.The signing algorithms that the KMS key supports.Take this object and create a builder that contains all of the current property values of this object.final String
toString()
Returns a string representation of this object.final Instant
validTo()
The time at which the imported key material expires.final XksKeyConfigurationType
Information about the external key that is associated with a KMS key in an external key store.Methods inherited from interface software.amazon.awssdk.utils.builder.ToCopyableBuilder
copy
-
Method Details
-
awsAccountId
The twelve-digit account ID of the Amazon Web Services account that owns the KMS key.
- Returns:
- The twelve-digit account ID of the Amazon Web Services account that owns the KMS key.
-
keyId
The globally unique identifier for the KMS key.
- Returns:
- The globally unique identifier for the KMS key.
-
arn
The Amazon Resource Name (ARN) of the KMS key. For examples, see Key Management Service (KMS) in the Example ARNs section of the Amazon Web Services General Reference.
- Returns:
- The Amazon Resource Name (ARN) of the KMS key. For examples, see Key Management Service (KMS) in the Example ARNs section of the Amazon Web Services General Reference.
-
creationDate
The date and time when the KMS key was created.
- Returns:
- The date and time when the KMS key was created.
-
enabled
Specifies whether the KMS key is enabled. When
KeyState
isEnabled
this value is true, otherwise it is false.- Returns:
- Specifies whether the KMS key is enabled. When
KeyState
isEnabled
this value is true, otherwise it is false.
-
description
The description of the KMS key.
- Returns:
- The description of the KMS key.
-
keyUsage
The cryptographic operations for which you can use the KMS key.
If the service returns an enum value that is not available in the current SDK version,
keyUsage
will returnKeyUsageType.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromkeyUsageAsString()
.- Returns:
- The cryptographic operations for which you can use the KMS key.
- See Also:
-
keyUsageAsString
The cryptographic operations for which you can use the KMS key.
If the service returns an enum value that is not available in the current SDK version,
keyUsage
will returnKeyUsageType.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromkeyUsageAsString()
.- Returns:
- The cryptographic operations for which you can use the KMS key.
- See Also:
-
keyState
The current status of the KMS key.
For more information about how key state affects the use of a KMS key, see Key states of KMS keys in the Key Management Service Developer Guide.
If the service returns an enum value that is not available in the current SDK version,
keyState
will returnKeyState.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromkeyStateAsString()
.- Returns:
- The current status of the KMS key.
For more information about how key state affects the use of a KMS key, see Key states of KMS keys in the Key Management Service Developer Guide.
- See Also:
-
keyStateAsString
The current status of the KMS key.
For more information about how key state affects the use of a KMS key, see Key states of KMS keys in the Key Management Service Developer Guide.
If the service returns an enum value that is not available in the current SDK version,
keyState
will returnKeyState.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromkeyStateAsString()
.- Returns:
- The current status of the KMS key.
For more information about how key state affects the use of a KMS key, see Key states of KMS keys in the Key Management Service Developer Guide.
- See Also:
-
deletionDate
The date and time after which KMS deletes this KMS key. This value is present only when the KMS key is scheduled for deletion, that is, when its
KeyState
isPendingDeletion
.When the primary key in a multi-Region key is scheduled for deletion but still has replica keys, its key state is
PendingReplicaDeletion
and the length of its waiting period is displayed in thePendingDeletionWindowInDays
field.- Returns:
- The date and time after which KMS deletes this KMS key. This value is present only when the KMS key is
scheduled for deletion, that is, when its
KeyState
isPendingDeletion
.When the primary key in a multi-Region key is scheduled for deletion but still has replica keys, its key state is
PendingReplicaDeletion
and the length of its waiting period is displayed in thePendingDeletionWindowInDays
field.
-
validTo
The time at which the imported key material expires. When the key material expires, KMS deletes the key material and the KMS key becomes unusable. This value is present only for KMS keys whose
Origin
isEXTERNAL
and whoseExpirationModel
isKEY_MATERIAL_EXPIRES
, otherwise this value is omitted.- Returns:
- The time at which the imported key material expires. When the key material expires, KMS deletes the key
material and the KMS key becomes unusable. This value is present only for KMS keys whose
Origin
isEXTERNAL
and whoseExpirationModel
isKEY_MATERIAL_EXPIRES
, otherwise this value is omitted.
-
origin
The source of the key material for the KMS key. When this value is
AWS_KMS
, KMS created the key material. When this value isEXTERNAL
, the key material was imported or the KMS key doesn't have any key material. When this value isAWS_CLOUDHSM
, the key material was created in the CloudHSM cluster associated with a custom key store.If the service returns an enum value that is not available in the current SDK version,
origin
will returnOriginType.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromoriginAsString()
.- Returns:
- The source of the key material for the KMS key. When this value is
AWS_KMS
, KMS created the key material. When this value isEXTERNAL
, the key material was imported or the KMS key doesn't have any key material. When this value isAWS_CLOUDHSM
, the key material was created in the CloudHSM cluster associated with a custom key store. - See Also:
-
originAsString
The source of the key material for the KMS key. When this value is
AWS_KMS
, KMS created the key material. When this value isEXTERNAL
, the key material was imported or the KMS key doesn't have any key material. When this value isAWS_CLOUDHSM
, the key material was created in the CloudHSM cluster associated with a custom key store.If the service returns an enum value that is not available in the current SDK version,
origin
will returnOriginType.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromoriginAsString()
.- Returns:
- The source of the key material for the KMS key. When this value is
AWS_KMS
, KMS created the key material. When this value isEXTERNAL
, the key material was imported or the KMS key doesn't have any key material. When this value isAWS_CLOUDHSM
, the key material was created in the CloudHSM cluster associated with a custom key store. - See Also:
-
customKeyStoreId
A unique identifier for the custom key store that contains the KMS key. This field is present only when the KMS key is created in a custom key store.
- Returns:
- A unique identifier for the custom key store that contains the KMS key. This field is present only when the KMS key is created in a custom key store.
-
cloudHsmClusterId
The cluster ID of the CloudHSM cluster that contains the key material for the KMS key. When you create a KMS key in an CloudHSM custom key store, KMS creates the key material for the KMS key in the associated CloudHSM cluster. This field is present only when the KMS key is created in an CloudHSM key store.
- Returns:
- The cluster ID of the CloudHSM cluster that contains the key material for the KMS key. When you create a KMS key in an CloudHSM custom key store, KMS creates the key material for the KMS key in the associated CloudHSM cluster. This field is present only when the KMS key is created in an CloudHSM key store.
-
expirationModel
Specifies whether the KMS key's key material expires. This value is present only when
Origin
isEXTERNAL
, otherwise this value is omitted.If the service returns an enum value that is not available in the current SDK version,
expirationModel
will returnExpirationModelType.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromexpirationModelAsString()
.- Returns:
- Specifies whether the KMS key's key material expires. This value is present only when
Origin
isEXTERNAL
, otherwise this value is omitted. - See Also:
-
expirationModelAsString
Specifies whether the KMS key's key material expires. This value is present only when
Origin
isEXTERNAL
, otherwise this value is omitted.If the service returns an enum value that is not available in the current SDK version,
expirationModel
will returnExpirationModelType.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromexpirationModelAsString()
.- Returns:
- Specifies whether the KMS key's key material expires. This value is present only when
Origin
isEXTERNAL
, otherwise this value is omitted. - See Also:
-
keyManager
The manager of the KMS key. KMS keys in your Amazon Web Services account are either customer managed or Amazon Web Services managed. For more information about the difference, see KMS keys in the Key Management Service Developer Guide.
If the service returns an enum value that is not available in the current SDK version,
keyManager
will returnKeyManagerType.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromkeyManagerAsString()
.- Returns:
- The manager of the KMS key. KMS keys in your Amazon Web Services account are either customer managed or Amazon Web Services managed. For more information about the difference, see KMS keys in the Key Management Service Developer Guide.
- See Also:
-
keyManagerAsString
The manager of the KMS key. KMS keys in your Amazon Web Services account are either customer managed or Amazon Web Services managed. For more information about the difference, see KMS keys in the Key Management Service Developer Guide.
If the service returns an enum value that is not available in the current SDK version,
keyManager
will returnKeyManagerType.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromkeyManagerAsString()
.- Returns:
- The manager of the KMS key. KMS keys in your Amazon Web Services account are either customer managed or Amazon Web Services managed. For more information about the difference, see KMS keys in the Key Management Service Developer Guide.
- See Also:
-
customerMasterKeySpec
Deprecated.This field has been deprecated. Instead, use the KeySpec field.Instead, use the
KeySpec
field.The
KeySpec
andCustomerMasterKeySpec
fields have the same value. We recommend that you use theKeySpec
field in your code. However, to avoid breaking changes, KMS supports both fields.If the service returns an enum value that is not available in the current SDK version,
customerMasterKeySpec
will returnCustomerMasterKeySpec.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromcustomerMasterKeySpecAsString()
.- Returns:
- Instead, use the
KeySpec
field.The
KeySpec
andCustomerMasterKeySpec
fields have the same value. We recommend that you use theKeySpec
field in your code. However, to avoid breaking changes, KMS supports both fields. - See Also:
-
customerMasterKeySpecAsString
Deprecated.This field has been deprecated. Instead, use the KeySpec field.Instead, use the
KeySpec
field.The
KeySpec
andCustomerMasterKeySpec
fields have the same value. We recommend that you use theKeySpec
field in your code. However, to avoid breaking changes, KMS supports both fields.If the service returns an enum value that is not available in the current SDK version,
customerMasterKeySpec
will returnCustomerMasterKeySpec.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromcustomerMasterKeySpecAsString()
.- Returns:
- Instead, use the
KeySpec
field.The
KeySpec
andCustomerMasterKeySpec
fields have the same value. We recommend that you use theKeySpec
field in your code. However, to avoid breaking changes, KMS supports both fields. - See Also:
-
keySpec
Describes the type of key material in the KMS key.
If the service returns an enum value that is not available in the current SDK version,
keySpec
will returnKeySpec.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromkeySpecAsString()
.- Returns:
- Describes the type of key material in the KMS key.
- See Also:
-
keySpecAsString
Describes the type of key material in the KMS key.
If the service returns an enum value that is not available in the current SDK version,
keySpec
will returnKeySpec.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromkeySpecAsString()
.- Returns:
- Describes the type of key material in the KMS key.
- See Also:
-
encryptionAlgorithms
The encryption algorithms that the KMS key supports. You cannot use the KMS key with other encryption algorithms within KMS.
This value is present only when the
KeyUsage
of the KMS key isENCRYPT_DECRYPT
.Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the
hasEncryptionAlgorithms()
method.- Returns:
- The encryption algorithms that the KMS key supports. You cannot use the KMS key with other encryption
algorithms within KMS.
This value is present only when the
KeyUsage
of the KMS key isENCRYPT_DECRYPT
.
-
hasEncryptionAlgorithms
public final boolean hasEncryptionAlgorithms()For responses, this returns true if the service returned a value for the EncryptionAlgorithms property. This DOES NOT check that the value is non-empty (for which, you should check theisEmpty()
method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified. -
encryptionAlgorithmsAsStrings
The encryption algorithms that the KMS key supports. You cannot use the KMS key with other encryption algorithms within KMS.
This value is present only when the
KeyUsage
of the KMS key isENCRYPT_DECRYPT
.Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the
hasEncryptionAlgorithms()
method.- Returns:
- The encryption algorithms that the KMS key supports. You cannot use the KMS key with other encryption
algorithms within KMS.
This value is present only when the
KeyUsage
of the KMS key isENCRYPT_DECRYPT
.
-
signingAlgorithms
The signing algorithms that the KMS key supports. You cannot use the KMS key with other signing algorithms within KMS.
This field appears only when the
KeyUsage
of the KMS key isSIGN_VERIFY
.Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the
hasSigningAlgorithms()
method.- Returns:
- The signing algorithms that the KMS key supports. You cannot use the KMS key with other signing
algorithms within KMS.
This field appears only when the
KeyUsage
of the KMS key isSIGN_VERIFY
.
-
hasSigningAlgorithms
public final boolean hasSigningAlgorithms()For responses, this returns true if the service returned a value for the SigningAlgorithms property. This DOES NOT check that the value is non-empty (for which, you should check theisEmpty()
method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified. -
signingAlgorithmsAsStrings
The signing algorithms that the KMS key supports. You cannot use the KMS key with other signing algorithms within KMS.
This field appears only when the
KeyUsage
of the KMS key isSIGN_VERIFY
.Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the
hasSigningAlgorithms()
method.- Returns:
- The signing algorithms that the KMS key supports. You cannot use the KMS key with other signing
algorithms within KMS.
This field appears only when the
KeyUsage
of the KMS key isSIGN_VERIFY
.
-
multiRegion
Indicates whether the KMS key is a multi-Region (
True
) or regional (False
) key. This value isTrue
for multi-Region primary and replica keys andFalse
for regional KMS keys.For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.
- Returns:
- Indicates whether the KMS key is a multi-Region (
True
) or regional (False
) key. This value isTrue
for multi-Region primary and replica keys andFalse
for regional KMS keys.For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.
-
multiRegionConfiguration
Lists the primary and replica keys in same multi-Region key. This field is present only when the value of the
MultiRegion
field isTrue
.For more information about any listed KMS key, use the DescribeKey operation.
-
MultiRegionKeyType
indicates whether the KMS key is aPRIMARY
orREPLICA
key. -
PrimaryKey
displays the key ARN and Region of the primary key. This field displays the current KMS key if it is the primary key. -
ReplicaKeys
displays the key ARNs and Regions of all replica keys. This field includes the current KMS key if it is a replica key.
- Returns:
- Lists the primary and replica keys in same multi-Region key. This field is present only when the value of
the
MultiRegion
field isTrue
.For more information about any listed KMS key, use the DescribeKey operation.
-
MultiRegionKeyType
indicates whether the KMS key is aPRIMARY
orREPLICA
key. -
PrimaryKey
displays the key ARN and Region of the primary key. This field displays the current KMS key if it is the primary key. -
ReplicaKeys
displays the key ARNs and Regions of all replica keys. This field includes the current KMS key if it is a replica key.
-
-
-
pendingDeletionWindowInDays
The waiting period before the primary key in a multi-Region key is deleted. This waiting period begins when the last of its replica keys is deleted. This value is present only when the
KeyState
of the KMS key isPendingReplicaDeletion
. That indicates that the KMS key is the primary key in a multi-Region key, it is scheduled for deletion, and it still has existing replica keys.When a single-Region KMS key or a multi-Region replica key is scheduled for deletion, its deletion date is displayed in the
DeletionDate
field. However, when the primary key in a multi-Region key is scheduled for deletion, its waiting period doesn't begin until all of its replica keys are deleted. This value displays that waiting period. When the last replica key in the multi-Region key is deleted, theKeyState
of the scheduled primary key changes fromPendingReplicaDeletion
toPendingDeletion
and the deletion date appears in theDeletionDate
field.- Returns:
- The waiting period before the primary key in a multi-Region key is deleted. This waiting period begins
when the last of its replica keys is deleted. This value is present only when the
KeyState
of the KMS key isPendingReplicaDeletion
. That indicates that the KMS key is the primary key in a multi-Region key, it is scheduled for deletion, and it still has existing replica keys.When a single-Region KMS key or a multi-Region replica key is scheduled for deletion, its deletion date is displayed in the
DeletionDate
field. However, when the primary key in a multi-Region key is scheduled for deletion, its waiting period doesn't begin until all of its replica keys are deleted. This value displays that waiting period. When the last replica key in the multi-Region key is deleted, theKeyState
of the scheduled primary key changes fromPendingReplicaDeletion
toPendingDeletion
and the deletion date appears in theDeletionDate
field.
-
macAlgorithms
The message authentication code (MAC) algorithm that the HMAC KMS key supports.
This value is present only when the
KeyUsage
of the KMS key isGENERATE_VERIFY_MAC
.Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the
hasMacAlgorithms()
method.- Returns:
- The message authentication code (MAC) algorithm that the HMAC KMS key supports.
This value is present only when the
KeyUsage
of the KMS key isGENERATE_VERIFY_MAC
.
-
hasMacAlgorithms
public final boolean hasMacAlgorithms()For responses, this returns true if the service returned a value for the MacAlgorithms property. This DOES NOT check that the value is non-empty (for which, you should check theisEmpty()
method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified. -
macAlgorithmsAsStrings
The message authentication code (MAC) algorithm that the HMAC KMS key supports.
This value is present only when the
KeyUsage
of the KMS key isGENERATE_VERIFY_MAC
.Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the
hasMacAlgorithms()
method.- Returns:
- The message authentication code (MAC) algorithm that the HMAC KMS key supports.
This value is present only when the
KeyUsage
of the KMS key isGENERATE_VERIFY_MAC
.
-
xksKeyConfiguration
Information about the external key that is associated with a KMS key in an external key store.
For more information, see External key in the Key Management Service Developer Guide.
- Returns:
- Information about the external key that is associated with a KMS key in an external key store.
For more information, see External key in the Key Management Service Developer Guide.
-
toBuilder
Description copied from interface:ToCopyableBuilder
Take this object and create a builder that contains all of the current property values of this object.- Specified by:
toBuilder
in interfaceToCopyableBuilder<KeyMetadata.Builder,
KeyMetadata> - Returns:
- a builder for type T
-
builder
-
serializableBuilderClass
-
hashCode
public final int hashCode() -
equals
-
equalsBySdkFields
Description copied from interface:SdkPojo
Indicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in anSdkPojo
class, and is generated based on a service model.If an
SdkPojo
class does not have any inherited fields,equalsBySdkFields
andequals
are essentially the same.- Specified by:
equalsBySdkFields
in interfaceSdkPojo
- Parameters:
obj
- the object to be compared with- Returns:
- true if the other object equals to this object by sdk fields, false otherwise.
-
toString
Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value. -
getValueForField
-
sdkFields
-