Package software.amazon.awssdk.services.kms.model

Class KeyMetadata

java.lang.Object
software.amazon.awssdk.services.kms.model.KeyMetadata
All Implemented Interfaces:
Serializable, SdkPojo, ToCopyableBuilder<KeyMetadata.Builder,KeyMetadata>
@Generated("software.amazon.awssdk:codegen") public final class KeyMetadata extends Object implements SdkPojo, Serializable, ToCopyableBuilder<KeyMetadata.Builder,KeyMetadata>

Contains metadata about a KMS key.

This data type is used as a response element for the CreateKey, DescribeKey, and ReplicateKey operations.

See Also:

  • Method Details

    • awsAccountId

      public final String awsAccountId()

      The twelve-digit account ID of the Amazon Web Services account that owns the KMS key.

      Returns:
      The twelve-digit account ID of the Amazon Web Services account that owns the KMS key.

    • keyId

      public final String keyId()

      The globally unique identifier for the KMS key.

      Returns:
      The globally unique identifier for the KMS key.

    • arn

      public final String arn()

      The Amazon Resource Name (ARN) of the KMS key. For examples, see Key Management Service (KMS) in the Example ARNs section of the Amazon Web Services General Reference.

      Returns:
      The Amazon Resource Name (ARN) of the KMS key. For examples, see Key Management Service (KMS) in the Example ARNs section of the Amazon Web Services General Reference.

    • creationDate

      public final Instant creationDate()

      The date and time when the KMS key was created.

      Returns:
      The date and time when the KMS key was created.

    • enabled

      public final Boolean enabled()

      Specifies whether the KMS key is enabled. When KeyState is Enabled this value is true, otherwise it is false.

      Returns:
      Specifies whether the KMS key is enabled. When KeyState is Enabled this value is true, otherwise it is false.

    • description

      public final String description()

      The description of the KMS key.

      Returns:
      The description of the KMS key.

    • keyUsage

      public final KeyUsageType keyUsage()

      The cryptographic operations for which you can use the KMS key.

      If the service returns an enum value that is not available in the current SDK version, keyUsage will return KeyUsageType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyUsageAsString().

      Returns:
      The cryptographic operations for which you can use the KMS key.
      See Also:

    • keyUsageAsString

      public final String keyUsageAsString()

      The cryptographic operations for which you can use the KMS key.

      If the service returns an enum value that is not available in the current SDK version, keyUsage will return KeyUsageType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyUsageAsString().

      Returns:
      The cryptographic operations for which you can use the KMS key.
      See Also:

    • keyState

      public final KeyState keyState()

      The current status of the KMS key.

      For more information about how key state affects the use of a KMS key, see Key states of KMS keys in the Key Management Service Developer Guide.

      If the service returns an enum value that is not available in the current SDK version, keyState will return KeyState.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyStateAsString().

      Returns:
      The current status of the KMS key.

      For more information about how key state affects the use of a KMS key, see Key states of KMS keys in the Key Management Service Developer Guide.

      See Also:

    • keyStateAsString

      public final String keyStateAsString()

      The current status of the KMS key.

      For more information about how key state affects the use of a KMS key, see Key states of KMS keys in the Key Management Service Developer Guide.

      If the service returns an enum value that is not available in the current SDK version, keyState will return KeyState.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyStateAsString().

      Returns:
      The current status of the KMS key.

      For more information about how key state affects the use of a KMS key, see Key states of KMS keys in the Key Management Service Developer Guide.

      See Also:

    • deletionDate

      public final Instant deletionDate()

      The date and time after which KMS deletes this KMS key. This value is present only when the KMS key is scheduled for deletion, that is, when its KeyState is PendingDeletion.

      When the primary key in a multi-Region key is scheduled for deletion but still has replica keys, its key state is PendingReplicaDeletion and the length of its waiting period is displayed in the PendingDeletionWindowInDays field.

      Returns:
      The date and time after which KMS deletes this KMS key. This value is present only when the KMS key is scheduled for deletion, that is, when its KeyState is PendingDeletion.

      When the primary key in a multi-Region key is scheduled for deletion but still has replica keys, its key state is PendingReplicaDeletion and the length of its waiting period is displayed in the PendingDeletionWindowInDays field.

    • validTo

      public final Instant validTo()

      The time at which the imported key material expires. When the key material expires, KMS deletes the key material and the KMS key becomes unusable. This value is present only for KMS keys whose Origin is EXTERNAL and whose ExpirationModel is KEY_MATERIAL_EXPIRES, otherwise this value is omitted.

      Returns:
      The time at which the imported key material expires. When the key material expires, KMS deletes the key material and the KMS key becomes unusable. This value is present only for KMS keys whose Origin is EXTERNAL and whose ExpirationModel is KEY_MATERIAL_EXPIRES, otherwise this value is omitted.

    • origin

      public final OriginType origin()

      The source of the key material for the KMS key. When this value is AWS_KMS, KMS created the key material. When this value is EXTERNAL, the key material was imported or the KMS key doesn't have any key material. When this value is AWS_CLOUDHSM, the key material was created in the CloudHSM cluster associated with a custom key store.

      If the service returns an enum value that is not available in the current SDK version, origin will return OriginType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from originAsString().

      Returns:
      The source of the key material for the KMS key. When this value is AWS_KMS, KMS created the key material. When this value is EXTERNAL, the key material was imported or the KMS key doesn't have any key material. When this value is AWS_CLOUDHSM, the key material was created in the CloudHSM cluster associated with a custom key store.
      See Also:

    • originAsString

      public final String originAsString()

      The source of the key material for the KMS key. When this value is AWS_KMS, KMS created the key material. When this value is EXTERNAL, the key material was imported or the KMS key doesn't have any key material. When this value is AWS_CLOUDHSM, the key material was created in the CloudHSM cluster associated with a custom key store.

      If the service returns an enum value that is not available in the current SDK version, origin will return OriginType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from originAsString().

      Returns:
      The source of the key material for the KMS key. When this value is AWS_KMS, KMS created the key material. When this value is EXTERNAL, the key material was imported or the KMS key doesn't have any key material. When this value is AWS_CLOUDHSM, the key material was created in the CloudHSM cluster associated with a custom key store.
      See Also:

    • customKeyStoreId

      public final String customKeyStoreId()

      A unique identifier for the custom key store that contains the KMS key. This field is present only when the KMS key is created in a custom key store.

      Returns:
      A unique identifier for the custom key store that contains the KMS key. This field is present only when the KMS key is created in a custom key store.

    • cloudHsmClusterId

      public final String cloudHsmClusterId()

      The cluster ID of the CloudHSM cluster that contains the key material for the KMS key. When you create a KMS key in an CloudHSM custom key store, KMS creates the key material for the KMS key in the associated CloudHSM cluster. This field is present only when the KMS key is created in an CloudHSM key store.

      Returns:
      The cluster ID of the CloudHSM cluster that contains the key material for the KMS key. When you create a KMS key in an CloudHSM custom key store, KMS creates the key material for the KMS key in the associated CloudHSM cluster. This field is present only when the KMS key is created in an CloudHSM key store.

    • expirationModel

      public final ExpirationModelType expirationModel()

      Specifies whether the KMS key's key material expires. This value is present only when Origin is EXTERNAL, otherwise this value is omitted.

      If the service returns an enum value that is not available in the current SDK version, expirationModel will return ExpirationModelType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from expirationModelAsString().

      Returns:
      Specifies whether the KMS key's key material expires. This value is present only when Origin is EXTERNAL, otherwise this value is omitted.
      See Also:

    • expirationModelAsString

      public final String expirationModelAsString()

      Specifies whether the KMS key's key material expires. This value is present only when Origin is EXTERNAL, otherwise this value is omitted.

      If the service returns an enum value that is not available in the current SDK version, expirationModel will return ExpirationModelType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from expirationModelAsString().

      Returns:
      Specifies whether the KMS key's key material expires. This value is present only when Origin is EXTERNAL, otherwise this value is omitted.
      See Also:

    • keyManager

      public final KeyManagerType keyManager()

      The manager of the KMS key. KMS keys in your Amazon Web Services account are either customer managed or Amazon Web Services managed. For more information about the difference, see KMS keys in the Key Management Service Developer Guide.

      If the service returns an enum value that is not available in the current SDK version, keyManager will return KeyManagerType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyManagerAsString().

      Returns:
      The manager of the KMS key. KMS keys in your Amazon Web Services account are either customer managed or Amazon Web Services managed. For more information about the difference, see KMS keys in the Key Management Service Developer Guide.
      See Also:

    • keyManagerAsString

      public final String keyManagerAsString()

      The manager of the KMS key. KMS keys in your Amazon Web Services account are either customer managed or Amazon Web Services managed. For more information about the difference, see KMS keys in the Key Management Service Developer Guide.

      If the service returns an enum value that is not available in the current SDK version, keyManager will return KeyManagerType.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keyManagerAsString().

      Returns:
      The manager of the KMS key. KMS keys in your Amazon Web Services account are either customer managed or Amazon Web Services managed. For more information about the difference, see KMS keys in the Key Management Service Developer Guide.
      See Also:

    • customerMasterKeySpec

      @Deprecated public final CustomerMasterKeySpec customerMasterKeySpec()
      Deprecated.
      This field has been deprecated. Instead, use the KeySpec field.

      Instead, use the KeySpec field.

      The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend that you use the KeySpec field in your code. However, to avoid breaking changes, KMS supports both fields.

      If the service returns an enum value that is not available in the current SDK version, customerMasterKeySpec will return CustomerMasterKeySpec.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from customerMasterKeySpecAsString().

      Returns:
      Instead, use the KeySpec field.

      The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend that you use the KeySpec field in your code. However, to avoid breaking changes, KMS supports both fields.

      See Also:

    • customerMasterKeySpecAsString

      @Deprecated public final String customerMasterKeySpecAsString()
      Deprecated.
      This field has been deprecated. Instead, use the KeySpec field.

      Instead, use the KeySpec field.

      The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend that you use the KeySpec field in your code. However, to avoid breaking changes, KMS supports both fields.

      If the service returns an enum value that is not available in the current SDK version, customerMasterKeySpec will return CustomerMasterKeySpec.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from customerMasterKeySpecAsString().

      Returns:
      Instead, use the KeySpec field.

      The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend that you use the KeySpec field in your code. However, to avoid breaking changes, KMS supports both fields.

      See Also:

    • keySpec

      public final KeySpec keySpec()

      Describes the type of key material in the KMS key.

      If the service returns an enum value that is not available in the current SDK version, keySpec will return KeySpec.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keySpecAsString().

      Returns:
      Describes the type of key material in the KMS key.
      See Also:

    • keySpecAsString

      public final String keySpecAsString()

      Describes the type of key material in the KMS key.

      If the service returns an enum value that is not available in the current SDK version, keySpec will return KeySpec.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from keySpecAsString().

      Returns:
      Describes the type of key material in the KMS key.
      See Also:

    • encryptionAlgorithms

      public final List<EncryptionAlgorithmSpec> encryptionAlgorithms()

      The encryption algorithms that the KMS key supports. You cannot use the KMS key with other encryption algorithms within KMS.

      This value is present only when the KeyUsage of the KMS key is ENCRYPT_DECRYPT.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasEncryptionAlgorithms() method.

      Returns:
      The encryption algorithms that the KMS key supports. You cannot use the KMS key with other encryption algorithms within KMS.

      This value is present only when the KeyUsage of the KMS key is ENCRYPT_DECRYPT.

    • hasEncryptionAlgorithms

      public final boolean hasEncryptionAlgorithms()
      For responses, this returns true if the service returned a value for the EncryptionAlgorithms property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

    • encryptionAlgorithmsAsStrings

      public final List<String> encryptionAlgorithmsAsStrings()

      The encryption algorithms that the KMS key supports. You cannot use the KMS key with other encryption algorithms within KMS.

      This value is present only when the KeyUsage of the KMS key is ENCRYPT_DECRYPT.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasEncryptionAlgorithms() method.

      Returns:
      The encryption algorithms that the KMS key supports. You cannot use the KMS key with other encryption algorithms within KMS.

      This value is present only when the KeyUsage of the KMS key is ENCRYPT_DECRYPT.

    • signingAlgorithms

      public final List<SigningAlgorithmSpec> signingAlgorithms()

      The signing algorithms that the KMS key supports. You cannot use the KMS key with other signing algorithms within KMS.

      This field appears only when the KeyUsage of the KMS key is SIGN_VERIFY.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasSigningAlgorithms() method.

      Returns:
      The signing algorithms that the KMS key supports. You cannot use the KMS key with other signing algorithms within KMS.

      This field appears only when the KeyUsage of the KMS key is SIGN_VERIFY.

    • hasSigningAlgorithms

      public final boolean hasSigningAlgorithms()
      For responses, this returns true if the service returned a value for the SigningAlgorithms property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

    • signingAlgorithmsAsStrings

      public final List<String> signingAlgorithmsAsStrings()

      The signing algorithms that the KMS key supports. You cannot use the KMS key with other signing algorithms within KMS.

      This field appears only when the KeyUsage of the KMS key is SIGN_VERIFY.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasSigningAlgorithms() method.

      Returns:
      The signing algorithms that the KMS key supports. You cannot use the KMS key with other signing algorithms within KMS.

      This field appears only when the KeyUsage of the KMS key is SIGN_VERIFY.

    • multiRegion

      public final Boolean multiRegion()

      Indicates whether the KMS key is a multi-Region (True) or regional (False) key. This value is True for multi-Region primary and replica keys and False for regional KMS keys.

      For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.

      Returns:
      Indicates whether the KMS key is a multi-Region (True) or regional (False) key. This value is True for multi-Region primary and replica keys and False for regional KMS keys.

      For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.

    • multiRegionConfiguration

      public final MultiRegionConfiguration multiRegionConfiguration()

      Lists the primary and replica keys in same multi-Region key. This field is present only when the value of the MultiRegion field is True.

      For more information about any listed KMS key, use the DescribeKey operation.

      • MultiRegionKeyType indicates whether the KMS key is a PRIMARY or REPLICA key.

      • PrimaryKey displays the key ARN and Region of the primary key. This field displays the current KMS key if it is the primary key.

      • ReplicaKeys displays the key ARNs and Regions of all replica keys. This field includes the current KMS key if it is a replica key.

      Returns:
      Lists the primary and replica keys in same multi-Region key. This field is present only when the value of the MultiRegion field is True.

      For more information about any listed KMS key, use the DescribeKey operation.

      • MultiRegionKeyType indicates whether the KMS key is a PRIMARY or REPLICA key.

      • PrimaryKey displays the key ARN and Region of the primary key. This field displays the current KMS key if it is the primary key.

      • ReplicaKeys displays the key ARNs and Regions of all replica keys. This field includes the current KMS key if it is a replica key.

    • pendingDeletionWindowInDays

      public final Integer pendingDeletionWindowInDays()

      The waiting period before the primary key in a multi-Region key is deleted. This waiting period begins when the last of its replica keys is deleted. This value is present only when the KeyState of the KMS key is PendingReplicaDeletion. That indicates that the KMS key is the primary key in a multi-Region key, it is scheduled for deletion, and it still has existing replica keys.

      When a single-Region KMS key or a multi-Region replica key is scheduled for deletion, its deletion date is displayed in the DeletionDate field. However, when the primary key in a multi-Region key is scheduled for deletion, its waiting period doesn't begin until all of its replica keys are deleted. This value displays that waiting period. When the last replica key in the multi-Region key is deleted, the KeyState of the scheduled primary key changes from PendingReplicaDeletion to PendingDeletion and the deletion date appears in the DeletionDate field.

      Returns:
      The waiting period before the primary key in a multi-Region key is deleted. This waiting period begins when the last of its replica keys is deleted. This value is present only when the KeyState of the KMS key is PendingReplicaDeletion. That indicates that the KMS key is the primary key in a multi-Region key, it is scheduled for deletion, and it still has existing replica keys.

      When a single-Region KMS key or a multi-Region replica key is scheduled for deletion, its deletion date is displayed in the DeletionDate field. However, when the primary key in a multi-Region key is scheduled for deletion, its waiting period doesn't begin until all of its replica keys are deleted. This value displays that waiting period. When the last replica key in the multi-Region key is deleted, the KeyState of the scheduled primary key changes from PendingReplicaDeletion to PendingDeletion and the deletion date appears in the DeletionDate field.

    • macAlgorithms

      public final List<MacAlgorithmSpec> macAlgorithms()

      The message authentication code (MAC) algorithm that the HMAC KMS key supports.

      This value is present only when the KeyUsage of the KMS key is GENERATE_VERIFY_MAC.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasMacAlgorithms() method.

      Returns:
      The message authentication code (MAC) algorithm that the HMAC KMS key supports.

      This value is present only when the KeyUsage of the KMS key is GENERATE_VERIFY_MAC.

    • hasMacAlgorithms

      public final boolean hasMacAlgorithms()
      For responses, this returns true if the service returned a value for the MacAlgorithms property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

    • macAlgorithmsAsStrings

      public final List<String> macAlgorithmsAsStrings()

      The message authentication code (MAC) algorithm that the HMAC KMS key supports.

      This value is present only when the KeyUsage of the KMS key is GENERATE_VERIFY_MAC.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasMacAlgorithms() method.

      Returns:
      The message authentication code (MAC) algorithm that the HMAC KMS key supports.

      This value is present only when the KeyUsage of the KMS key is GENERATE_VERIFY_MAC.

    • xksKeyConfiguration

      public final XksKeyConfigurationType xksKeyConfiguration()

      Information about the external key that is associated with a KMS key in an external key store.

      For more information, see External key in the Key Management Service Developer Guide.

      Returns:
      Information about the external key that is associated with a KMS key in an external key store.

      For more information, see External key in the Key Management Service Developer Guide.

    • toBuilder

      public KeyMetadata.Builder toBuilder()
      Description copied from interface: ToCopyableBuilder
      Take this object and create a builder that contains all of the current property values of this object.
      Specified by:
      toBuilder in interface ToCopyableBuilder<KeyMetadata.Builder,KeyMetadata>
      Returns:
      a builder for type T

    • builder

      public static KeyMetadata.Builder builder()

    • serializableBuilderClass

      public static Class<? extends KeyMetadata.Builder> serializableBuilderClass()

    • hashCode

      public final int hashCode()
      Overrides:
      hashCode in class Object

    • equals

      public final boolean equals(Object obj)
      Overrides:
      equals in class Object

    • equalsBySdkFields

      public final boolean equalsBySdkFields(Object obj)
      Description copied from interface: SdkPojo
      Indicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in an SdkPojo class, and is generated based on a service model.

      If an SdkPojo class does not have any inherited fields, equalsBySdkFields and equals are essentially the same.

      Specified by:
      equalsBySdkFields in interface SdkPojo
      Parameters:
      obj - the object to be compared with
      Returns:
      true if the other object equals to this object by sdk fields, false otherwise.

    • toString

      public final String toString()
      Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.
      Overrides:
      toString in class Object

    • getValueForField

      public final <T> Optional<T> getValueForField(String fieldName, Class<T> clazz)

    • sdkFields

      public final List<SdkField<?>> sdkFields()
      Specified by:
      sdkFields in interface SdkPojo
      Returns:
      List of SdkField in this POJO. May be empty list but should never be null.