kms/aws.sdk.kotlin.services.kms.model/CreateKeyRequest/Builder/keyUsage

keyUsage

var keyUsage: KeyUsageType?

Determines the cryptographic operations for which you can use the KMS key. The default value is ENCRYPT_DECRYPT. This parameter is optional when you are creating a symmetric encryption KMS key; otherwise, it is required. You can't change the KeyUsage value after the KMS key is created.

Select only one valid value.

  • For symmetric encryption KMS keys, omit the parameter or specify ENCRYPT_DECRYPT.

  • For HMAC KMS keys (symmetric), specify GENERATE_VERIFY_MAC.

  • For asymmetric KMS keys with RSA key pairs, specify ENCRYPT_DECRYPT or SIGN_VERIFY.

  • For asymmetric KMS keys with NIST-recommended elliptic curve key pairs, specify SIGN_VERIFY or KEY_AGREEMENT.

  • For asymmetric KMS keys with ECC_SECG_P256K1 key pairs, specify SIGN_VERIFY.

  • For asymmetric KMS keys with ML-DSA key pairs, specify SIGN_VERIFY.

  • For asymmetric KMS keys with SM2 key pairs (China Regions only), specify ENCRYPT_DECRYPT, SIGN_VERIFY, or KEY_AGREEMENT.

© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved. Generated by dokka