software.amazon.awssdk.services.kms.model

Class KeyMetadata

java.lang.Object

software.amazon.awssdk.services.kms.model.KeyMetadata

All Implemented Interfaces:

Serializable, SdkPojo, ToCopyableBuilder<KeyMetadata.Builder,KeyMetadata>

@Generated(value="software.amazon.awssdk:codegen")
public final class KeyMetadata
extends Object
implements SdkPojo, Serializable, ToCopyableBuilder<KeyMetadata.Builder,KeyMetadata>

Contains metadata about a KMS key.

This data type is used as a response element for the CreateKey and DescribeKey operations.

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	KeyMetadata.Builder

Method Summary

Modifier and Type	Method and Description
String	arn() The Amazon Resource Name (ARN) of the KMS key.
String	awsAccountId() The twelve-digit account ID of the Amazon Web Services account that owns the KMS key.
static KeyMetadata.Builder	builder()
String	cloudHsmClusterId() The cluster ID of the CloudHSM cluster that contains the key material for the KMS key.
Instant	creationDate() The date and time when the KMS key was created.
CustomerMasterKeySpec	customerMasterKeySpec() Deprecated. This field has been deprecated. Instead, use the KeySpec field.
String	customerMasterKeySpecAsString() Deprecated. This field has been deprecated. Instead, use the KeySpec field.
String	customKeyStoreId() A unique identifier for the custom key store that contains the KMS key.
Instant	deletionDate() The date and time after which KMS deletes this KMS key.
String	description() The description of the KMS key.
Boolean	enabled() Specifies whether the KMS key is enabled.
List<EncryptionAlgorithmSpec>	encryptionAlgorithms() The encryption algorithms that the KMS key supports.
List<String>	encryptionAlgorithmsAsStrings() The encryption algorithms that the KMS key supports.
boolean	equals(Object obj)
boolean	equalsBySdkFields(Object obj) Indicates whether some other object is "equal to" this one by SDK fields.
ExpirationModelType	expirationModel() Specifies whether the KMS key's key material expires.
String	expirationModelAsString() Specifies whether the KMS key's key material expires.
<T> Optional<T>	getValueForField(String fieldName, Class<T> clazz)
boolean	hasEncryptionAlgorithms() For responses, this returns true if the service returned a value for the EncryptionAlgorithms property.
int	hashCode()
boolean	hasSigningAlgorithms() For responses, this returns true if the service returned a value for the SigningAlgorithms property.
String	keyId() The globally unique identifier for the KMS key.
KeyManagerType	keyManager() The manager of the KMS key.
String	keyManagerAsString() The manager of the KMS key.
KeySpec	keySpec() Describes the type of key material in the KMS key.
String	keySpecAsString() Describes the type of key material in the KMS key.
KeyState	keyState() The current status of the KMS key.
String	keyStateAsString() The current status of the KMS key.
KeyUsageType	keyUsage() The cryptographic operations for which you can use the KMS key.
String	keyUsageAsString() The cryptographic operations for which you can use the KMS key.
Boolean	multiRegion() Indicates whether the KMS key is a multi-Region (True) or regional (False) key.
MultiRegionConfiguration	multiRegionConfiguration() Lists the primary and replica keys in same multi-Region key.
OriginType	origin() The source of the key material for the KMS key.
String	originAsString() The source of the key material for the KMS key.
Integer	pendingDeletionWindowInDays() The waiting period before the primary key in a multi-Region key is deleted.
List<SdkField<?>>	sdkFields()
static Class<? extends KeyMetadata.Builder>	serializableBuilderClass()
List<SigningAlgorithmSpec>	signingAlgorithms() The signing algorithms that the KMS key supports.
List<String>	signingAlgorithmsAsStrings() The signing algorithms that the KMS key supports.
KeyMetadata.Builder	toBuilder() Take this object and create a builder that contains all of the current property values of this object.
String	toString() Returns a string representation of this object.
Instant	validTo() The time at which the imported key material expires.

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.awssdk.utils.builder.ToCopyableBuilder

copy

Method Detail

awsAccountId

public final String awsAccountId()

The twelve-digit account ID of the Amazon Web Services account that owns the KMS key.

Returns:

The twelve-digit account ID of the Amazon Web Services account that owns the KMS key.

keyId

public final String keyId()

The globally unique identifier for the KMS key.

Returns:

The globally unique identifier for the KMS key.

arn

public final String arn()

The Amazon Resource Name (ARN) of the KMS key. For examples, see Key Management Service (KMS) in the Example ARNs section of the Amazon Web Services General Reference.

Returns:

The Amazon Resource Name (ARN) of the KMS key. For examples, see Key Management Service (KMS) in the Example ARNs section of the Amazon Web Services General Reference.

creationDate

public final Instant creationDate()

The date and time when the KMS key was created.

Returns:

The date and time when the KMS key was created.

enabled

public final Boolean enabled()

Specifies whether the KMS key is enabled. When KeyState is Enabled this value is true, otherwise it is false.

Returns:

Specifies whether the KMS key is enabled. When KeyState is Enabled this value is true, otherwise it is false.

description

public final String description()

The description of the KMS key.

Returns:

The description of the KMS key.

keyUsage

public final KeyUsageType keyUsage()

The cryptographic operations for which you can use the KMS key.

If the service returns an enum value that is not available in the current SDK version, keyUsage will return KeyUsageType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyUsageAsString().

Returns:

The cryptographic operations for which you can use the KMS key.

See Also:

KeyUsageType

keyUsageAsString

public final String keyUsageAsString()

The cryptographic operations for which you can use the KMS key.

If the service returns an enum value that is not available in the current SDK version, keyUsage will return KeyUsageType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyUsageAsString().

Returns:

The cryptographic operations for which you can use the KMS key.

See Also:

KeyUsageType

keyState

public final KeyState keyState()

The current status of the KMS key.

For more information about how key state affects the use of a KMS key, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.

If the service returns an enum value that is not available in the current SDK version, keyState will return KeyState.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyStateAsString().

Returns:

The current status of the KMS key.

For more information about how key state affects the use of a KMS key, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.

See Also:

KeyState

keyStateAsString

public final String keyStateAsString()

The current status of the KMS key.

For more information about how key state affects the use of a KMS key, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.

If the service returns an enum value that is not available in the current SDK version, keyState will return KeyState.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyStateAsString().

Returns:

The current status of the KMS key.

For more information about how key state affects the use of a KMS key, see Key state: Effect on your KMS key in the Key Management Service Developer Guide.

See Also:

KeyState

deletionDate

public final Instant deletionDate()

The date and time after which KMS deletes this KMS key. This value is present only when the KMS key is scheduled for deletion, that is, when its KeyState is PendingDeletion.

When the primary key in a multi-Region key is scheduled for deletion but still has replica keys, its key state is PendingReplicaDeletion and the length of its waiting period is displayed in the PendingDeletionWindowInDays field.

Returns:

The date and time after which KMS deletes this KMS key. This value is present only when the KMS key is scheduled for deletion, that is, when its KeyState is PendingDeletion.

When the primary key in a multi-Region key is scheduled for deletion but still has replica keys, its key state is PendingReplicaDeletion and the length of its waiting period is displayed in the PendingDeletionWindowInDays field.

validTo

public final Instant validTo()

The time at which the imported key material expires. When the key material expires, KMS deletes the key material and the KMS key becomes unusable. This value is present only for KMS keys whose Origin is EXTERNAL and whose ExpirationModel is KEY_MATERIAL_EXPIRES, otherwise this value is omitted.

Returns:

The time at which the imported key material expires. When the key material expires, KMS deletes the key material and the KMS key becomes unusable. This value is present only for KMS keys whose Origin is EXTERNAL and whose ExpirationModel is KEY_MATERIAL_EXPIRES, otherwise this value is omitted.

origin

public final OriginType origin()

The source of the key material for the KMS key. When this value is AWS_KMS, KMS created the key material. When this value is EXTERNAL, the key material was imported or the KMS key doesn't have any key material. When this value is AWS_CLOUDHSM, the key material was created in the CloudHSM cluster associated with a custom key store.

If the service returns an enum value that is not available in the current SDK version, origin will return OriginType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from originAsString().

Returns:

The source of the key material for the KMS key. When this value is AWS_KMS, KMS created the key material. When this value is EXTERNAL, the key material was imported or the KMS key doesn't have any key material. When this value is AWS_CLOUDHSM, the key material was created in the CloudHSM cluster associated with a custom key store.

See Also:

OriginType

originAsString

public final String originAsString()

The source of the key material for the KMS key. When this value is AWS_KMS, KMS created the key material. When this value is EXTERNAL, the key material was imported or the KMS key doesn't have any key material. When this value is AWS_CLOUDHSM, the key material was created in the CloudHSM cluster associated with a custom key store.

If the service returns an enum value that is not available in the current SDK version, origin will return OriginType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from originAsString().

Returns:

The source of the key material for the KMS key. When this value is AWS_KMS, KMS created the key material. When this value is EXTERNAL, the key material was imported or the KMS key doesn't have any key material. When this value is AWS_CLOUDHSM, the key material was created in the CloudHSM cluster associated with a custom key store.

See Also:

OriginType

customKeyStoreId

public final String customKeyStoreId()

A unique identifier for the custom key store that contains the KMS key. This value is present only when the KMS key is created in a custom key store.

Returns:

A unique identifier for the custom key store that contains the KMS key. This value is present only when the KMS key is created in a custom key store.

cloudHsmClusterId

public final String cloudHsmClusterId()

The cluster ID of the CloudHSM cluster that contains the key material for the KMS key. When you create a KMS key in a custom key store, KMS creates the key material for the KMS key in the associated CloudHSM cluster. This value is present only when the KMS key is created in a custom key store.

Returns:

The cluster ID of the CloudHSM cluster that contains the key material for the KMS key. When you create a KMS key in a custom key store, KMS creates the key material for the KMS key in the associated CloudHSM cluster. This value is present only when the KMS key is created in a custom key store.

expirationModel

public final ExpirationModelType expirationModel()

Specifies whether the KMS key's key material expires. This value is present only when Origin is EXTERNAL, otherwise this value is omitted.

If the service returns an enum value that is not available in the current SDK version, expirationModel will return ExpirationModelType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from expirationModelAsString().

Returns:

Specifies whether the KMS key's key material expires. This value is present only when Origin is EXTERNAL, otherwise this value is omitted.

See Also:

ExpirationModelType

expirationModelAsString

public final String expirationModelAsString()

Specifies whether the KMS key's key material expires. This value is present only when Origin is EXTERNAL, otherwise this value is omitted.

If the service returns an enum value that is not available in the current SDK version, expirationModel will return ExpirationModelType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from expirationModelAsString().

Returns:

Specifies whether the KMS key's key material expires. This value is present only when Origin is EXTERNAL, otherwise this value is omitted.

See Also:

ExpirationModelType

keyManager

public final KeyManagerType keyManager()

The manager of the KMS key. KMS keys in your Amazon Web Services account are either customer managed or Amazon Web Services managed. For more information about the difference, see KMS keys in the Key Management Service Developer Guide.

If the service returns an enum value that is not available in the current SDK version, keyManager will return KeyManagerType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyManagerAsString().

Returns:

The manager of the KMS key. KMS keys in your Amazon Web Services account are either customer managed or Amazon Web Services managed. For more information about the difference, see KMS keys in the Key Management Service Developer Guide.

See Also:

KeyManagerType

keyManagerAsString

public final String keyManagerAsString()

The manager of the KMS key. KMS keys in your Amazon Web Services account are either customer managed or Amazon Web Services managed. For more information about the difference, see KMS keys in the Key Management Service Developer Guide.

If the service returns an enum value that is not available in the current SDK version, keyManager will return KeyManagerType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyManagerAsString().

Returns:

The manager of the KMS key. KMS keys in your Amazon Web Services account are either customer managed or Amazon Web Services managed. For more information about the difference, see KMS keys in the Key Management Service Developer Guide.

See Also:

KeyManagerType

customerMasterKeySpec

@Deprecated
public final CustomerMasterKeySpec customerMasterKeySpec()

Deprecated. This field has been deprecated. Instead, use the KeySpec field.

Instead, use the KeySpec field.

The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend that you use the KeySpec field in your code. However, to avoid breaking changes, KMS will support both fields.

If the service returns an enum value that is not available in the current SDK version, customerMasterKeySpec will return CustomerMasterKeySpec.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from customerMasterKeySpecAsString().

Returns:

Instead, use the KeySpec field.

The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend that you use the KeySpec field in your code. However, to avoid breaking changes, KMS will support both fields.

See Also:

CustomerMasterKeySpec

customerMasterKeySpecAsString

@Deprecated
public final String customerMasterKeySpecAsString()

Deprecated. This field has been deprecated. Instead, use the KeySpec field.

Instead, use the KeySpec field.

The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend that you use the KeySpec field in your code. However, to avoid breaking changes, KMS will support both fields.

If the service returns an enum value that is not available in the current SDK version, customerMasterKeySpec will return CustomerMasterKeySpec.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from customerMasterKeySpecAsString().

Returns:

Instead, use the KeySpec field.

The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend that you use the KeySpec field in your code. However, to avoid breaking changes, KMS will support both fields.

See Also:

CustomerMasterKeySpec

keySpec

public final KeySpec keySpec()

Describes the type of key material in the KMS key.

If the service returns an enum value that is not available in the current SDK version, keySpec will return KeySpec.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keySpecAsString().

Returns:

Describes the type of key material in the KMS key.

See Also:

KeySpec

keySpecAsString

public final String keySpecAsString()

Describes the type of key material in the KMS key.

If the service returns an enum value that is not available in the current SDK version, keySpec will return KeySpec.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keySpecAsString().

Returns:

Describes the type of key material in the KMS key.

See Also:

KeySpec

encryptionAlgorithms

public final List<EncryptionAlgorithmSpec> encryptionAlgorithms()

The encryption algorithms that the KMS key supports. You cannot use the KMS key with other encryption algorithms within KMS.

This value is present only when the KeyUsage of the KMS key is ENCRYPT_DECRYPT.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasEncryptionAlgorithms() method.

Returns:

The encryption algorithms that the KMS key supports. You cannot use the KMS key with other encryption algorithms within KMS.

This value is present only when the KeyUsage of the KMS key is ENCRYPT_DECRYPT.

hasEncryptionAlgorithms

public final boolean hasEncryptionAlgorithms()

For responses, this returns true if the service returned a value for the EncryptionAlgorithms property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

encryptionAlgorithmsAsStrings

public final List<String> encryptionAlgorithmsAsStrings()

The encryption algorithms that the KMS key supports. You cannot use the KMS key with other encryption algorithms within KMS.

This value is present only when the KeyUsage of the KMS key is ENCRYPT_DECRYPT.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasEncryptionAlgorithms() method.

Returns:

The encryption algorithms that the KMS key supports. You cannot use the KMS key with other encryption algorithms within KMS.

This value is present only when the KeyUsage of the KMS key is ENCRYPT_DECRYPT.

signingAlgorithms

public final List<SigningAlgorithmSpec> signingAlgorithms()

The signing algorithms that the KMS key supports. You cannot use the KMS key with other signing algorithms within KMS.

This field appears only when the KeyUsage of the KMS key is SIGN_VERIFY.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasSigningAlgorithms() method.

Returns:

The signing algorithms that the KMS key supports. You cannot use the KMS key with other signing algorithms within KMS.

This field appears only when the KeyUsage of the KMS key is SIGN_VERIFY.

hasSigningAlgorithms

public final boolean hasSigningAlgorithms()

For responses, this returns true if the service returned a value for the SigningAlgorithms property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

signingAlgorithmsAsStrings

public final List<String> signingAlgorithmsAsStrings()

The signing algorithms that the KMS key supports. You cannot use the KMS key with other signing algorithms within KMS.

This field appears only when the KeyUsage of the KMS key is SIGN_VERIFY.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasSigningAlgorithms() method.

Returns:

The signing algorithms that the KMS key supports. You cannot use the KMS key with other signing algorithms within KMS.

This field appears only when the KeyUsage of the KMS key is SIGN_VERIFY.

multiRegion

public final Boolean multiRegion()

Indicates whether the KMS key is a multi-Region (True) or regional (False) key. This value is True for multi-Region primary and replica keys and False for regional KMS keys.

For more information about multi-Region keys, see Using multi-Region keys in the Key Management Service Developer Guide.

Returns:

Indicates whether the KMS key is a multi-Region (True) or regional (False) key. This value is True for multi-Region primary and replica keys and False for regional KMS keys.

For more information about multi-Region keys, see Using multi-Region keys in the Key Management Service Developer Guide.

multiRegionConfiguration

public final MultiRegionConfiguration multiRegionConfiguration()

Lists the primary and replica keys in same multi-Region key. This field is present only when the value of the MultiRegion field is True.

For more information about any listed KMS key, use the DescribeKey operation.

• MultiRegionKeyType indicates whether the KMS key is a PRIMARY or REPLICA key.

• PrimaryKey displays the key ARN and Region of the primary key. This field displays the current KMS key if it is the primary key.

• ReplicaKeys displays the key ARNs and Regions of all replica keys. This field includes the current KMS key if it is a replica key.

Returns:

Lists the primary and replica keys in same multi-Region key. This field is present only when the value of the MultiRegion field is True.

For more information about any listed KMS key, use the DescribeKey operation.

• MultiRegionKeyType indicates whether the KMS key is a PRIMARY or REPLICA key.

• PrimaryKey displays the key ARN and Region of the primary key. This field displays the current KMS key if it is the primary key.

• ReplicaKeys displays the key ARNs and Regions of all replica keys. This field includes the current KMS key if it is a replica key.

pendingDeletionWindowInDays

public final Integer pendingDeletionWindowInDays()

The waiting period before the primary key in a multi-Region key is deleted. This waiting period begins when the last of its replica keys is deleted. This value is present only when the KeyState of the KMS key is PendingReplicaDeletion. That indicates that the KMS key is the primary key in a multi-Region key, it is scheduled for deletion, and it still has existing replica keys.

When a single-Region KMS key or a multi-Region replica key is scheduled for deletion, its deletion date is displayed in the DeletionDate field. However, when the primary key in a multi-Region key is scheduled for deletion, its waiting period doesn't begin until all of its replica keys are deleted. This value displays that waiting period. When the last replica key in the multi-Region key is deleted, the KeyState of the scheduled primary key changes from PendingReplicaDeletion to PendingDeletion and the deletion date appears in the DeletionDate field.

Returns:

The waiting period before the primary key in a multi-Region key is deleted. This waiting period begins when the last of its replica keys is deleted. This value is present only when the KeyState of the KMS key is PendingReplicaDeletion. That indicates that the KMS key is the primary key in a multi-Region key, it is scheduled for deletion, and it still has existing replica keys.

When a single-Region KMS key or a multi-Region replica key is scheduled for deletion, its deletion date is displayed in the DeletionDate field. However, when the primary key in a multi-Region key is scheduled for deletion, its waiting period doesn't begin until all of its replica keys are deleted. This value displays that waiting period. When the last replica key in the multi-Region key is deleted, the KeyState of the scheduled primary key changes from PendingReplicaDeletion to PendingDeletion and the deletion date appears in the DeletionDate field.

toBuilder

public KeyMetadata.Builder toBuilder()

Description copied from interface: ToCopyableBuilder

Take this object and create a builder that contains all of the current property values of this object.

Specified by:

toBuilder in interface ToCopyableBuilder<KeyMetadata.Builder,KeyMetadata>

Returns:

a builder for type T

builder

public static KeyMetadata.Builder builder()

serializableBuilderClass

public static Class<? extends KeyMetadata.Builder> serializableBuilderClass()

hashCode

public final int hashCode()

Overrides:

hashCode in class Object

equals

public final boolean equals(Object obj)

Overrides:

equals in class Object

equalsBySdkFields

public final boolean equalsBySdkFields(Object obj)

Description copied from interface: SdkPojo

Indicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in an SdkPojo class, and is generated based on a service model.

If an SdkPojo class does not have any inherited fields, equalsBySdkFields and equals are essentially the same.

Specified by:

equalsBySdkFields in interface SdkPojo

Parameters:

obj - the object to be compared with

Returns:

true if the other object equals to this object by sdk fields, false otherwise.

toString

public final String toString()

Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.

Overrides:

toString in class Object

getValueForField

public final <T> Optional<T> getValueForField(String fieldName,
                                              Class<T> clazz)

sdkFields

public final List<SdkField<?>> sdkFields()

Specified by:

sdkFields in interface SdkPojo

Returns:

List of SdkField in this POJO. May be empty list but should never be null.