com.amazonaws.services.kms.AWSKMSAsync Maven / Gradle / Ivy
/*
* Copyright 2014-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.kms;
import javax.annotation.Generated;
import com.amazonaws.services.kms.model.*;
/**
* Interface for accessing KMS asynchronously. Each asynchronous method will return a Java Future object representing
* the asynchronous operation; overloads which accept an {@code AsyncHandler} can be used to receive notification when
* an asynchronous operation completes.
*
* Note: Do not directly implement this interface, new methods are added to it regularly. Extend from
* {@link com.amazonaws.services.kms.AbstractAWSKMSAsync} instead.
*
*
* AWS Key Management Service
*
* AWS Key Management Service (AWS KMS) is an encryption and key management web service. This guide describes the AWS
* KMS operations that you can call programmatically. For general information about AWS KMS, see the AWS Key Management Service Developer Guide .
*
*
*
* AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java,
* Ruby, .Net, macOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to AWS KMS and
* other AWS services. For example, the SDKs take care of tasks such as signing requests (see below), managing errors,
* and retrying requests automatically. For more information about the AWS SDKs, including how to download and install
* them, see Tools for Amazon Web Services.
*
*
*
* We recommend that you use the AWS SDKs to make programmatic API calls to AWS KMS.
*
*
* Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS 1.2. Clients must also support cipher
* suites with Perfect Forward Secrecy (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral
* Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support these modes.
*
*
* Signing Requests
*
*
* Requests must be signed by using an access key ID and a secret access key. We strongly recommend that you do
* not use your AWS account (root) access key ID and secret key for everyday work with AWS KMS. Instead, use the
* access key ID and secret access key for an IAM user, or you can use the AWS Security Token Service to generate
* temporary security credentials that you can use to sign requests.
*
*
* All AWS KMS operations require Signature Version 4.
*
*
* Logging API Requests
*
*
* AWS KMS supports AWS CloudTrail, a service that logs AWS API calls and related events for your AWS account and
* delivers them to an Amazon S3 bucket that you specify. By using the information collected by CloudTrail, you can
* determine what requests were made to AWS KMS, who made the request, when it was made, and so on. To learn more about
* CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User Guide.
*
*
* Additional Resources
*
*
* For more information about credentials and request signing, see the following:
*
*
* -
*
* AWS Security Credentials -
* This topic provides general information about the of credentials used for accessing AWS.
*
*
* -
*
* Temporary Security Credentials
* - This section of the IAM User Guide describes how to create and use temporary security credentials.
*
*
* -
*
* Signature Version 4 Signing
* Process - This set of topics walks you through the process of signing a request using an access key ID and a
* secret access key.
*
*
*
*
* Commonly Used APIs
*
*
* Of the APIs discussed in this guide, the following will prove the most useful for most applications. You will likely
* perform actions other than these, such as creating keys and assigning policies, by using the console.
*
*
* -
*
* Encrypt
*
*
* -
*
* Decrypt
*
*
* -
*
* GenerateDataKey
*
*
* -
*
*
*
*/
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public interface AWSKMSAsync extends AWSKMS {
/**
*
* Cancels the deletion of a customer master key (CMK). When this operation is successful, the CMK is set to the
* Disabled state. To enable a CMK, use EnableKey. You cannot perform this operation on a CMK in
* a different AWS account.
*
*
* For more information about scheduling and canceling deletion of a CMK, see Deleting Customer Master Keys
* in the AWS Key Management Service Developer Guide.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param cancelKeyDeletionRequest
* @return A Java Future containing the result of the CancelKeyDeletion operation returned by the service.
* @sample AWSKMSAsync.CancelKeyDeletion
* @see AWS API
* Documentation
*/
java.util.concurrent.Future cancelKeyDeletionAsync(CancelKeyDeletionRequest cancelKeyDeletionRequest);
/**
*
* Cancels the deletion of a customer master key (CMK). When this operation is successful, the CMK is set to the
* Disabled state. To enable a CMK, use EnableKey. You cannot perform this operation on a CMK in
* a different AWS account.
*
*
* For more information about scheduling and canceling deletion of a CMK, see Deleting Customer Master Keys
* in the AWS Key Management Service Developer Guide.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param cancelKeyDeletionRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the CancelKeyDeletion operation returned by the service.
* @sample AWSKMSAsyncHandler.CancelKeyDeletion
* @see AWS API
* Documentation
*/
java.util.concurrent.Future cancelKeyDeletionAsync(CancelKeyDeletionRequest cancelKeyDeletionRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Connects or reconnects a custom key store to its
* associated AWS CloudHSM cluster.
*
*
* The custom key store must be connected before you can create customer master keys (CMKs) in the key store or use
* the CMKs it contains. You can disconnect and reconnect a custom key store at any time.
*
*
* To connect a custom key store, its associated AWS CloudHSM cluster must have at least one active HSM. To get the
* number of active HSMs in a cluster, use the DescribeClusters
* operation. To add HSMs to the cluster, use the CreateHsm operation.
*
*
* The connection process can take an extended amount of time to complete; up to 20 minutes. This operation starts
* the connection process, but it does not wait for it to complete. When it succeeds, this operation quickly returns
* an HTTP 200 response and a JSON object with no properties. However, this response does not indicate that the
* custom key store is connected. To get the connection state of the custom key store, use the
* DescribeCustomKeyStores operation.
*
*
* During the connection process, AWS KMS finds the AWS CloudHSM cluster that is associated with the custom key
* store, creates the connection infrastructure, connects to the cluster, logs into the AWS CloudHSM client as the
*
* kmsuser crypto user (CU), and rotates its password.
*
*
* The ConnectCustomKeyStore operation might fail for various reasons. To find the reason, use the
* DescribeCustomKeyStores operation and see the ConnectionErrorCode in the response. For help
* interpreting the ConnectionErrorCode, see CustomKeyStoresListEntry.
*
*
* To fix the failure, use the DisconnectCustomKeyStore operation to disconnect the custom key store, correct
* the error, use the UpdateCustomKeyStore operation if necessary, and then use
* ConnectCustomKeyStore again.
*
*
* If you are having trouble connecting or disconnecting a custom key store, see Troubleshooting a Custom Key
* Store in the AWS Key Management Service Developer Guide.
*
*
* @param connectCustomKeyStoreRequest
* @return A Java Future containing the result of the ConnectCustomKeyStore operation returned by the service.
* @sample AWSKMSAsync.ConnectCustomKeyStore
* @see AWS API
* Documentation
*/
java.util.concurrent.Future connectCustomKeyStoreAsync(ConnectCustomKeyStoreRequest connectCustomKeyStoreRequest);
/**
*
* Connects or reconnects a custom key store to its
* associated AWS CloudHSM cluster.
*
*
* The custom key store must be connected before you can create customer master keys (CMKs) in the key store or use
* the CMKs it contains. You can disconnect and reconnect a custom key store at any time.
*
*
* To connect a custom key store, its associated AWS CloudHSM cluster must have at least one active HSM. To get the
* number of active HSMs in a cluster, use the DescribeClusters
* operation. To add HSMs to the cluster, use the CreateHsm operation.
*
*
* The connection process can take an extended amount of time to complete; up to 20 minutes. This operation starts
* the connection process, but it does not wait for it to complete. When it succeeds, this operation quickly returns
* an HTTP 200 response and a JSON object with no properties. However, this response does not indicate that the
* custom key store is connected. To get the connection state of the custom key store, use the
* DescribeCustomKeyStores operation.
*
*
* During the connection process, AWS KMS finds the AWS CloudHSM cluster that is associated with the custom key
* store, creates the connection infrastructure, connects to the cluster, logs into the AWS CloudHSM client as the
*
* kmsuser crypto user (CU), and rotates its password.
*
*
* The ConnectCustomKeyStore operation might fail for various reasons. To find the reason, use the
* DescribeCustomKeyStores operation and see the ConnectionErrorCode in the response. For help
* interpreting the ConnectionErrorCode, see CustomKeyStoresListEntry.
*
*
* To fix the failure, use the DisconnectCustomKeyStore operation to disconnect the custom key store, correct
* the error, use the UpdateCustomKeyStore operation if necessary, and then use
* ConnectCustomKeyStore again.
*
*
* If you are having trouble connecting or disconnecting a custom key store, see Troubleshooting a Custom Key
* Store in the AWS Key Management Service Developer Guide.
*
*
* @param connectCustomKeyStoreRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the ConnectCustomKeyStore operation returned by the service.
* @sample AWSKMSAsyncHandler.ConnectCustomKeyStore
* @see AWS API
* Documentation
*/
java.util.concurrent.Future connectCustomKeyStoreAsync(ConnectCustomKeyStoreRequest connectCustomKeyStoreRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Creates a display name for a customer master key (CMK). You can use an alias to identify a CMK in selected
* operations, such as Encrypt and GenerateDataKey.
*
*
* Each CMK can have multiple aliases, but each alias points to only one CMK. The alias name must be unique in the
* AWS account and region. To simplify code that runs in multiple regions, use the same alias name, but point it to
* a different CMK in each region.
*
*
* Because an alias is not a property of a CMK, you can delete and change the aliases of a CMK without affecting the
* CMK. Also, aliases do not appear in the response from the DescribeKey operation. To get the aliases of all
* CMKs, use the ListAliases operation.
*
*
* An alias must start with the word alias followed by a forward slash (alias/). The alias
* name can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). Alias names
* cannot begin with aws; that alias name prefix is reserved by Amazon Web Services (AWS).
*
*
* The alias and the CMK it is mapped to must be in the same AWS account and the same region. You cannot perform
* this operation on an alias in a different AWS account.
*
*
* To map an existing alias to a different CMK, call UpdateAlias.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param createAliasRequest
* @return A Java Future containing the result of the CreateAlias operation returned by the service.
* @sample AWSKMSAsync.CreateAlias
* @see AWS API
* Documentation
*/
java.util.concurrent.Future createAliasAsync(CreateAliasRequest createAliasRequest);
/**
*
* Creates a display name for a customer master key (CMK). You can use an alias to identify a CMK in selected
* operations, such as Encrypt and GenerateDataKey.
*
*
* Each CMK can have multiple aliases, but each alias points to only one CMK. The alias name must be unique in the
* AWS account and region. To simplify code that runs in multiple regions, use the same alias name, but point it to
* a different CMK in each region.
*
*
* Because an alias is not a property of a CMK, you can delete and change the aliases of a CMK without affecting the
* CMK. Also, aliases do not appear in the response from the DescribeKey operation. To get the aliases of all
* CMKs, use the ListAliases operation.
*
*
* An alias must start with the word alias followed by a forward slash (alias/). The alias
* name can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). Alias names
* cannot begin with aws; that alias name prefix is reserved by Amazon Web Services (AWS).
*
*
* The alias and the CMK it is mapped to must be in the same AWS account and the same region. You cannot perform
* this operation on an alias in a different AWS account.
*
*
* To map an existing alias to a different CMK, call UpdateAlias.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param createAliasRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the CreateAlias operation returned by the service.
* @sample AWSKMSAsyncHandler.CreateAlias
* @see AWS API
* Documentation
*/
java.util.concurrent.Future createAliasAsync(CreateAliasRequest createAliasRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Creates a custom key
* store that is associated with an AWS CloudHSM cluster that you own
* and manage.
*
*
* This operation is part of the Custom Key Store
* feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the
* isolation and control of a single-tenant key store.
*
*
* When the operation completes successfully, it returns the ID of the new custom key store. Before you can use your
* new custom key store, you need to use the ConnectCustomKeyStore operation to connect the new key store to
* its AWS CloudHSM cluster.
*
*
* The CreateCustomKeyStore operation requires the following elements.
*
*
* -
*
* You must specify an active AWS CloudHSM cluster in the same account and AWS Region as the custom key store. You
* can use an existing cluster or create and activate a new AWS
* CloudHSM cluster for the key store. AWS KMS does not require exclusive use of the cluster.
*
*
* -
*
* You must include the content of the trust anchor certificate for the cluster. You created this
* certificate, and saved it in the customerCA.crt file, when you initialized the
* cluster.
*
*
* -
*
* You must provide the password of the dedicated
* kmsuser crypto user (CU) account in the cluster.
*
*
* Before you create the custom key store, use the createUser
* command in cloudhsm_mgmt_util to create a crypto user
* (CU) named kmsuser in specified AWS CloudHSM cluster. AWS KMS uses the kmsuser CU
* account to create and manage key material on your behalf. For instructions, see Create the
* kmsuser Crypto User in the AWS Key Management Service Developer Guide.
*
*
*
*
* The AWS CloudHSM cluster that you specify must meet the following requirements.
*
*
* -
*
* The cluster must be active and be in the same AWS account and Region as the custom key store.
*
*
* -
*
* Each custom key store must be associated with a different AWS CloudHSM cluster. The cluster cannot be associated
* with another custom key store or have the same cluster certificate as a cluster that is associated with another
* custom key store. To view the cluster certificate, use the AWS CloudHSM DescribeClusters
* operation. Clusters that share a backup history have the same cluster certificate.
*
*
* -
*
* The cluster must be configured with subnets in at least two different Availability Zones in the Region. Because
* AWS CloudHSM is not supported in all Availability Zones, we recommend that the cluster have subnets in all
* Availability Zones in the Region.
*
*
* -
*
* The cluster must contain at least two active HSMs, each in a different Availability Zone.
*
*
*
*
* New custom key stores are not automatically connected. After you create your custom key store, use the
* ConnectCustomKeyStore operation to connect the custom key store to its associated AWS CloudHSM cluster.
* Even if you are not going to use your custom key store immediately, you might want to connect it to verify that
* all settings are correct and then disconnect it until you are ready to use it.
*
*
* If this operation succeeds, it returns the ID of the new custom key store. For help with failures, see Troubleshoot a Custom Key Store
* in the AWS KMS Developer Guide.
*
*
* @param createCustomKeyStoreRequest
* @return A Java Future containing the result of the CreateCustomKeyStore operation returned by the service.
* @sample AWSKMSAsync.CreateCustomKeyStore
* @see AWS API
* Documentation
*/
java.util.concurrent.Future createCustomKeyStoreAsync(CreateCustomKeyStoreRequest createCustomKeyStoreRequest);
/**
*
* Creates a custom key
* store that is associated with an AWS CloudHSM cluster that you own
* and manage.
*
*
* This operation is part of the Custom Key Store
* feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the
* isolation and control of a single-tenant key store.
*
*
* When the operation completes successfully, it returns the ID of the new custom key store. Before you can use your
* new custom key store, you need to use the ConnectCustomKeyStore operation to connect the new key store to
* its AWS CloudHSM cluster.
*
*
* The CreateCustomKeyStore operation requires the following elements.
*
*
* -
*
* You must specify an active AWS CloudHSM cluster in the same account and AWS Region as the custom key store. You
* can use an existing cluster or create and activate a new AWS
* CloudHSM cluster for the key store. AWS KMS does not require exclusive use of the cluster.
*
*
* -
*
* You must include the content of the trust anchor certificate for the cluster. You created this
* certificate, and saved it in the customerCA.crt file, when you initialized the
* cluster.
*
*
* -
*
* You must provide the password of the dedicated
* kmsuser crypto user (CU) account in the cluster.
*
*
* Before you create the custom key store, use the createUser
* command in cloudhsm_mgmt_util to create a crypto user
* (CU) named kmsuser in specified AWS CloudHSM cluster. AWS KMS uses the kmsuser CU
* account to create and manage key material on your behalf. For instructions, see Create the
* kmsuser Crypto User in the AWS Key Management Service Developer Guide.
*
*
*
*
* The AWS CloudHSM cluster that you specify must meet the following requirements.
*
*
* -
*
* The cluster must be active and be in the same AWS account and Region as the custom key store.
*
*
* -
*
* Each custom key store must be associated with a different AWS CloudHSM cluster. The cluster cannot be associated
* with another custom key store or have the same cluster certificate as a cluster that is associated with another
* custom key store. To view the cluster certificate, use the AWS CloudHSM DescribeClusters
* operation. Clusters that share a backup history have the same cluster certificate.
*
*
* -
*
* The cluster must be configured with subnets in at least two different Availability Zones in the Region. Because
* AWS CloudHSM is not supported in all Availability Zones, we recommend that the cluster have subnets in all
* Availability Zones in the Region.
*
*
* -
*
* The cluster must contain at least two active HSMs, each in a different Availability Zone.
*
*
*
*
* New custom key stores are not automatically connected. After you create your custom key store, use the
* ConnectCustomKeyStore operation to connect the custom key store to its associated AWS CloudHSM cluster.
* Even if you are not going to use your custom key store immediately, you might want to connect it to verify that
* all settings are correct and then disconnect it until you are ready to use it.
*
*
* If this operation succeeds, it returns the ID of the new custom key store. For help with failures, see Troubleshoot a Custom Key Store
* in the AWS KMS Developer Guide.
*
*
* @param createCustomKeyStoreRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the CreateCustomKeyStore operation returned by the service.
* @sample AWSKMSAsyncHandler.CreateCustomKeyStore
* @see AWS API
* Documentation
*/
java.util.concurrent.Future createCustomKeyStoreAsync(CreateCustomKeyStoreRequest createCustomKeyStoreRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Adds a grant to a customer master key (CMK). The grant specifies who can use the CMK and under what conditions.
* When setting permissions, grants are an alternative to key policies.
*
*
* To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the
* KeyId parameter. For more information about grants, see Grants in the AWS Key Management
* Service Developer Guide.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param createGrantRequest
* @return A Java Future containing the result of the CreateGrant operation returned by the service.
* @sample AWSKMSAsync.CreateGrant
* @see AWS API
* Documentation
*/
java.util.concurrent.Future createGrantAsync(CreateGrantRequest createGrantRequest);
/**
*
* Adds a grant to a customer master key (CMK). The grant specifies who can use the CMK and under what conditions.
* When setting permissions, grants are an alternative to key policies.
*
*
* To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the
* KeyId parameter. For more information about grants, see Grants in the AWS Key Management
* Service Developer Guide.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param createGrantRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the CreateGrant operation returned by the service.
* @sample AWSKMSAsyncHandler.CreateGrant
* @see AWS API
* Documentation
*/
java.util.concurrent.Future createGrantAsync(CreateGrantRequest createGrantRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Creates a customer master key (CMK) in the caller's AWS account.
*
*
* You can use a CMK to encrypt small amounts of data (4 KiB or less) directly, but CMKs are more commonly used to
* encrypt data keys, which are used to encrypt raw data. For more information about data keys and the difference
* between CMKs and data keys, see the following:
*
*
* -
*
* The GenerateDataKey operation
*
*
* -
*
* AWS Key Management Service
* Concepts in the AWS Key Management Service Developer Guide
*
*
*
*
* If you plan to import key
* material, use the Origin parameter with a value of EXTERNAL to create a CMK with no
* key material.
*
*
* To create a CMK in a custom key store, use
* CustomKeyStoreId parameter to specify the custom key store. You must also use the
* Origin parameter with a value of AWS_CLOUDHSM. The AWS CloudHSM cluster that is
* associated with the custom key store must have at least two active HSMs, each in a different Availability Zone in
* the Region.
*
*
* You cannot use this operation to create a CMK in a different AWS account.
*
*
* @param createKeyRequest
* @return A Java Future containing the result of the CreateKey operation returned by the service.
* @sample AWSKMSAsync.CreateKey
* @see AWS API
* Documentation
*/
java.util.concurrent.Future createKeyAsync(CreateKeyRequest createKeyRequest);
/**
*
* Creates a customer master key (CMK) in the caller's AWS account.
*
*
* You can use a CMK to encrypt small amounts of data (4 KiB or less) directly, but CMKs are more commonly used to
* encrypt data keys, which are used to encrypt raw data. For more information about data keys and the difference
* between CMKs and data keys, see the following:
*
*
* -
*
* The GenerateDataKey operation
*
*
* -
*
* AWS Key Management Service
* Concepts in the AWS Key Management Service Developer Guide
*
*
*
*
* If you plan to import key
* material, use the Origin parameter with a value of EXTERNAL to create a CMK with no
* key material.
*
*
* To create a CMK in a custom key store, use
* CustomKeyStoreId parameter to specify the custom key store. You must also use the
* Origin parameter with a value of AWS_CLOUDHSM. The AWS CloudHSM cluster that is
* associated with the custom key store must have at least two active HSMs, each in a different Availability Zone in
* the Region.
*
*
* You cannot use this operation to create a CMK in a different AWS account.
*
*
* @param createKeyRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the CreateKey operation returned by the service.
* @sample AWSKMSAsyncHandler.CreateKey
* @see AWS API
* Documentation
*/
java.util.concurrent.Future createKeyAsync(CreateKeyRequest createKeyRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
* Simplified method form for invoking the CreateKey operation.
*
* @see #createKeyAsync(CreateKeyRequest)
*/
java.util.concurrent.Future createKeyAsync();
/**
* Simplified method form for invoking the CreateKey operation with an AsyncHandler.
*
* @see #createKeyAsync(CreateKeyRequest, com.amazonaws.handlers.AsyncHandler)
*/
java.util.concurrent.Future createKeyAsync(com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Decrypts ciphertext. Ciphertext is plaintext that has been previously encrypted by using any of the following
* operations:
*
*
* -
*
* GenerateDataKey
*
*
* -
*
*
* -
*
* Encrypt
*
*
*
*
* Note that if a caller has been granted access permissions to all keys (through, for example, IAM user policies
* that grant Decrypt permission on all resources), then ciphertext encrypted by using keys in other
* accounts where the key grants access to the caller can be decrypted. To remedy this, we recommend that you do not
* grant Decrypt access in an IAM user policy. Instead grant Decrypt access only in key
* policies. If you must grant Decrypt access in an IAM user policy, you should scope the resource to
* specific keys or to specific trusted accounts.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param decryptRequest
* @return A Java Future containing the result of the Decrypt operation returned by the service.
* @sample AWSKMSAsync.Decrypt
* @see AWS API
* Documentation
*/
java.util.concurrent.Future decryptAsync(DecryptRequest decryptRequest);
/**
*
* Decrypts ciphertext. Ciphertext is plaintext that has been previously encrypted by using any of the following
* operations:
*
*
* -
*
* GenerateDataKey
*
*
* -
*
*
* -
*
* Encrypt
*
*
*
*
* Note that if a caller has been granted access permissions to all keys (through, for example, IAM user policies
* that grant Decrypt permission on all resources), then ciphertext encrypted by using keys in other
* accounts where the key grants access to the caller can be decrypted. To remedy this, we recommend that you do not
* grant Decrypt access in an IAM user policy. Instead grant Decrypt access only in key
* policies. If you must grant Decrypt access in an IAM user policy, you should scope the resource to
* specific keys or to specific trusted accounts.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param decryptRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the Decrypt operation returned by the service.
* @sample AWSKMSAsyncHandler.Decrypt
* @see AWS API
* Documentation
*/
java.util.concurrent.Future decryptAsync(DecryptRequest decryptRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Deletes the specified alias. You cannot perform this operation on an alias in a different AWS account.
*
*
* Because an alias is not a property of a CMK, you can delete and change the aliases of a CMK without affecting the
* CMK. Also, aliases do not appear in the response from the DescribeKey operation. To get the aliases of all
* CMKs, use the ListAliases operation.
*
*
* Each CMK can have multiple aliases. To change the alias of a CMK, use DeleteAlias to delete the current
* alias and CreateAlias to create a new alias. To associate an existing alias with a different customer
* master key (CMK), call UpdateAlias.
*
*
* @param deleteAliasRequest
* @return A Java Future containing the result of the DeleteAlias operation returned by the service.
* @sample AWSKMSAsync.DeleteAlias
* @see AWS API
* Documentation
*/
java.util.concurrent.Future deleteAliasAsync(DeleteAliasRequest deleteAliasRequest);
/**
*
* Deletes the specified alias. You cannot perform this operation on an alias in a different AWS account.
*
*
* Because an alias is not a property of a CMK, you can delete and change the aliases of a CMK without affecting the
* CMK. Also, aliases do not appear in the response from the DescribeKey operation. To get the aliases of all
* CMKs, use the ListAliases operation.
*
*
* Each CMK can have multiple aliases. To change the alias of a CMK, use DeleteAlias to delete the current
* alias and CreateAlias to create a new alias. To associate an existing alias with a different customer
* master key (CMK), call UpdateAlias.
*
*
* @param deleteAliasRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the DeleteAlias operation returned by the service.
* @sample AWSKMSAsyncHandler.DeleteAlias
* @see AWS API
* Documentation
*/
java.util.concurrent.Future deleteAliasAsync(DeleteAliasRequest deleteAliasRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Deletes a custom key
* store. This operation does not delete the AWS CloudHSM cluster that is associated with the custom key store,
* or affect any users or keys in the cluster.
*
*
* The custom key store that you delete cannot contain any AWS KMS customer master keys
* (CMKs). Before deleting the key store, verify that you will never need to use any of the CMKs in the key
* store for any cryptographic operations. Then, use ScheduleKeyDeletion to delete the AWS KMS customer
* master keys (CMKs) from the key store. When the scheduled waiting period expires, the
* ScheduleKeyDeletion operation deletes the CMKs. Then it makes a best effort to delete the key
* material from the associated cluster. However, you might need to manually delete
* the orphaned key material from the cluster and its backups.
*
*
* After all CMKs are deleted from AWS KMS, use DisconnectCustomKeyStore to disconnect the key store from AWS
* KMS. Then, you can delete the custom key store.
*
*
* Instead of deleting the custom key store, consider using DisconnectCustomKeyStore to disconnect it from
* AWS KMS. While the key store is disconnected, you cannot create or use the CMKs in the key store. But, you do not
* need to delete CMKs and you can reconnect a disconnected custom key store at any time.
*
*
* If the operation succeeds, it returns a JSON object with no properties.
*
*
* This operation is part of the Custom Key Store
* feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the
* isolation and control of a single-tenant key store.
*
*
* @param deleteCustomKeyStoreRequest
* @return A Java Future containing the result of the DeleteCustomKeyStore operation returned by the service.
* @sample AWSKMSAsync.DeleteCustomKeyStore
* @see AWS API
* Documentation
*/
java.util.concurrent.Future deleteCustomKeyStoreAsync(DeleteCustomKeyStoreRequest deleteCustomKeyStoreRequest);
/**
*
* Deletes a custom key
* store. This operation does not delete the AWS CloudHSM cluster that is associated with the custom key store,
* or affect any users or keys in the cluster.
*
*
* The custom key store that you delete cannot contain any AWS KMS customer master keys
* (CMKs). Before deleting the key store, verify that you will never need to use any of the CMKs in the key
* store for any cryptographic operations. Then, use ScheduleKeyDeletion to delete the AWS KMS customer
* master keys (CMKs) from the key store. When the scheduled waiting period expires, the
* ScheduleKeyDeletion operation deletes the CMKs. Then it makes a best effort to delete the key
* material from the associated cluster. However, you might need to manually delete
* the orphaned key material from the cluster and its backups.
*
*
* After all CMKs are deleted from AWS KMS, use DisconnectCustomKeyStore to disconnect the key store from AWS
* KMS. Then, you can delete the custom key store.
*
*
* Instead of deleting the custom key store, consider using DisconnectCustomKeyStore to disconnect it from
* AWS KMS. While the key store is disconnected, you cannot create or use the CMKs in the key store. But, you do not
* need to delete CMKs and you can reconnect a disconnected custom key store at any time.
*
*
* If the operation succeeds, it returns a JSON object with no properties.
*
*
* This operation is part of the Custom Key Store
* feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the
* isolation and control of a single-tenant key store.
*
*
* @param deleteCustomKeyStoreRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the DeleteCustomKeyStore operation returned by the service.
* @sample AWSKMSAsyncHandler.DeleteCustomKeyStore
* @see AWS API
* Documentation
*/
java.util.concurrent.Future deleteCustomKeyStoreAsync(DeleteCustomKeyStoreRequest deleteCustomKeyStoreRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Deletes key material that you previously imported. This operation makes the specified customer master key (CMK)
* unusable. For more information about importing key material into AWS KMS, see Importing Key Material in the
* AWS Key Management Service Developer Guide. You cannot perform this operation on a CMK in a different AWS
* account.
*
*
* When the specified CMK is in the PendingDeletion state, this operation does not change the CMK's
* state. Otherwise, it changes the CMK's state to PendingImport.
*
*
* After you delete key material, you can use ImportKeyMaterial to reimport the same key material into the
* CMK.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param deleteImportedKeyMaterialRequest
* @return A Java Future containing the result of the DeleteImportedKeyMaterial operation returned by the service.
* @sample AWSKMSAsync.DeleteImportedKeyMaterial
* @see AWS
* API Documentation
*/
java.util.concurrent.Future deleteImportedKeyMaterialAsync(
DeleteImportedKeyMaterialRequest deleteImportedKeyMaterialRequest);
/**
*
* Deletes key material that you previously imported. This operation makes the specified customer master key (CMK)
* unusable. For more information about importing key material into AWS KMS, see Importing Key Material in the
* AWS Key Management Service Developer Guide. You cannot perform this operation on a CMK in a different AWS
* account.
*
*
* When the specified CMK is in the PendingDeletion state, this operation does not change the CMK's
* state. Otherwise, it changes the CMK's state to PendingImport.
*
*
* After you delete key material, you can use ImportKeyMaterial to reimport the same key material into the
* CMK.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param deleteImportedKeyMaterialRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the DeleteImportedKeyMaterial operation returned by the service.
* @sample AWSKMSAsyncHandler.DeleteImportedKeyMaterial
* @see AWS
* API Documentation
*/
java.util.concurrent.Future deleteImportedKeyMaterialAsync(
DeleteImportedKeyMaterialRequest deleteImportedKeyMaterialRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Gets information about custom key stores in the
* account and region.
*
*
* This operation is part of the Custom Key Store
* feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the
* isolation and control of a single-tenant key store.
*
*
* By default, this operation returns information about all custom key stores in the account and region. To get only
* information about a particular custom key store, use either the CustomKeyStoreName or
* CustomKeyStoreId parameter (but not both).
*
*
* To determine whether the custom key store is connected to its AWS CloudHSM cluster, use the
* ConnectionState element in the response. If an attempt to connect the custom key store failed, the
* ConnectionState value is FAILED and the ConnectionErrorCode element in the
* response indicates the cause of the failure. For help interpreting the ConnectionErrorCode, see
* CustomKeyStoresListEntry.
*
*
* Custom key stores have a DISCONNECTED connection state if the key store has never been connected or
* you use the DisconnectCustomKeyStore operation to disconnect it. If your custom key store state is
* CONNECTED but you are having trouble using it, make sure that its associated AWS CloudHSM cluster is
* active and contains the minimum number of HSMs required for the operation, if any.
*
*
* For help repairing your custom key store, see the Troubleshooting Custom Key
* Stores topic in the AWS Key Management Service Developer Guide.
*
*
* @param describeCustomKeyStoresRequest
* @return A Java Future containing the result of the DescribeCustomKeyStores operation returned by the service.
* @sample AWSKMSAsync.DescribeCustomKeyStores
* @see AWS
* API Documentation
*/
java.util.concurrent.Future describeCustomKeyStoresAsync(DescribeCustomKeyStoresRequest describeCustomKeyStoresRequest);
/**
*
* Gets information about custom key stores in the
* account and region.
*
*
* This operation is part of the Custom Key Store
* feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the
* isolation and control of a single-tenant key store.
*
*
* By default, this operation returns information about all custom key stores in the account and region. To get only
* information about a particular custom key store, use either the CustomKeyStoreName or
* CustomKeyStoreId parameter (but not both).
*
*
* To determine whether the custom key store is connected to its AWS CloudHSM cluster, use the
* ConnectionState element in the response. If an attempt to connect the custom key store failed, the
* ConnectionState value is FAILED and the ConnectionErrorCode element in the
* response indicates the cause of the failure. For help interpreting the ConnectionErrorCode, see
* CustomKeyStoresListEntry.
*
*
* Custom key stores have a DISCONNECTED connection state if the key store has never been connected or
* you use the DisconnectCustomKeyStore operation to disconnect it. If your custom key store state is
* CONNECTED but you are having trouble using it, make sure that its associated AWS CloudHSM cluster is
* active and contains the minimum number of HSMs required for the operation, if any.
*
*
* For help repairing your custom key store, see the Troubleshooting Custom Key
* Stores topic in the AWS Key Management Service Developer Guide.
*
*
* @param describeCustomKeyStoresRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the DescribeCustomKeyStores operation returned by the service.
* @sample AWSKMSAsyncHandler.DescribeCustomKeyStores
* @see AWS
* API Documentation
*/
java.util.concurrent.Future describeCustomKeyStoresAsync(DescribeCustomKeyStoresRequest describeCustomKeyStoresRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Provides detailed information about the specified customer master key (CMK).
*
*
* If you use DescribeKey on a predefined AWS alias, that is, an AWS alias with no key ID, AWS KMS
* associates the alias with an AWS managed CMK and
* returns its KeyId and Arn in the response.
*
*
* To perform this operation on a CMK in a different AWS account, specify the key ARN or alias ARN in the value of
* the KeyId parameter.
*
*
* @param describeKeyRequest
* @return A Java Future containing the result of the DescribeKey operation returned by the service.
* @sample AWSKMSAsync.DescribeKey
* @see AWS API
* Documentation
*/
java.util.concurrent.Future describeKeyAsync(DescribeKeyRequest describeKeyRequest);
/**
*
* Provides detailed information about the specified customer master key (CMK).
*
*
* If you use DescribeKey on a predefined AWS alias, that is, an AWS alias with no key ID, AWS KMS
* associates the alias with an AWS managed CMK and
* returns its KeyId and Arn in the response.
*
*
* To perform this operation on a CMK in a different AWS account, specify the key ARN or alias ARN in the value of
* the KeyId parameter.
*
*
* @param describeKeyRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the DescribeKey operation returned by the service.
* @sample AWSKMSAsyncHandler.DescribeKey
* @see AWS API
* Documentation
*/
java.util.concurrent.Future describeKeyAsync(DescribeKeyRequest describeKeyRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Sets the state of a customer master key (CMK) to disabled, thereby preventing its use for cryptographic
* operations. You cannot perform this operation on a CMK in a different AWS account.
*
*
* For more information about how key state affects the use of a CMK, see How Key State Affects the Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param disableKeyRequest
* @return A Java Future containing the result of the DisableKey operation returned by the service.
* @sample AWSKMSAsync.DisableKey
* @see AWS API
* Documentation
*/
java.util.concurrent.Future disableKeyAsync(DisableKeyRequest disableKeyRequest);
/**
*
* Sets the state of a customer master key (CMK) to disabled, thereby preventing its use for cryptographic
* operations. You cannot perform this operation on a CMK in a different AWS account.
*
*
* For more information about how key state affects the use of a CMK, see How Key State Affects the Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param disableKeyRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the DisableKey operation returned by the service.
* @sample AWSKMSAsyncHandler.DisableKey
* @see AWS API
* Documentation
*/
java.util.concurrent.Future disableKeyAsync(DisableKeyRequest disableKeyRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Disables automatic rotation of
* the key material for the specified customer master key (CMK). You cannot perform this operation on a CMK in a
* different AWS account.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param disableKeyRotationRequest
* @return A Java Future containing the result of the DisableKeyRotation operation returned by the service.
* @sample AWSKMSAsync.DisableKeyRotation
* @see AWS API
* Documentation
*/
java.util.concurrent.Future disableKeyRotationAsync(DisableKeyRotationRequest disableKeyRotationRequest);
/**
*
* Disables automatic rotation of
* the key material for the specified customer master key (CMK). You cannot perform this operation on a CMK in a
* different AWS account.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param disableKeyRotationRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the DisableKeyRotation operation returned by the service.
* @sample AWSKMSAsyncHandler.DisableKeyRotation
* @see AWS API
* Documentation
*/
java.util.concurrent.Future disableKeyRotationAsync(DisableKeyRotationRequest disableKeyRotationRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Disconnects the custom key
* store from its associated AWS CloudHSM cluster. While a custom key store is disconnected, you can manage the
* custom key store and its customer master keys (CMKs), but you cannot create or use CMKs in the custom key store.
* You can reconnect the custom key store at any time.
*
*
*
* While a custom key store is disconnected, all attempts to create customer master keys (CMKs) in the custom key
* store or to use existing CMKs in cryptographic operations will fail. This action can prevent users from storing
* and accessing sensitive data.
*
*
*
*
* To find the connection state of a custom key store, use the DescribeCustomKeyStores operation. To
* reconnect a custom key store, use the ConnectCustomKeyStore operation.
*
*
* If the operation succeeds, it returns a JSON object with no properties.
*
*
* This operation is part of the Custom Key Store
* feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the
* isolation and control of a single-tenant key store.
*
*
* @param disconnectCustomKeyStoreRequest
* @return A Java Future containing the result of the DisconnectCustomKeyStore operation returned by the service.
* @sample AWSKMSAsync.DisconnectCustomKeyStore
* @see AWS
* API Documentation
*/
java.util.concurrent.Future disconnectCustomKeyStoreAsync(DisconnectCustomKeyStoreRequest disconnectCustomKeyStoreRequest);
/**
*
* Disconnects the custom key
* store from its associated AWS CloudHSM cluster. While a custom key store is disconnected, you can manage the
* custom key store and its customer master keys (CMKs), but you cannot create or use CMKs in the custom key store.
* You can reconnect the custom key store at any time.
*
*
*
* While a custom key store is disconnected, all attempts to create customer master keys (CMKs) in the custom key
* store or to use existing CMKs in cryptographic operations will fail. This action can prevent users from storing
* and accessing sensitive data.
*
*
*
*
* To find the connection state of a custom key store, use the DescribeCustomKeyStores operation. To
* reconnect a custom key store, use the ConnectCustomKeyStore operation.
*
*
* If the operation succeeds, it returns a JSON object with no properties.
*
*
* This operation is part of the Custom Key Store
* feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the
* isolation and control of a single-tenant key store.
*
*
* @param disconnectCustomKeyStoreRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the DisconnectCustomKeyStore operation returned by the service.
* @sample AWSKMSAsyncHandler.DisconnectCustomKeyStore
* @see AWS
* API Documentation
*/
java.util.concurrent.Future disconnectCustomKeyStoreAsync(DisconnectCustomKeyStoreRequest disconnectCustomKeyStoreRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Sets the key state of a customer master key (CMK) to enabled. This allows you to use the CMK for cryptographic
* operations. You cannot perform this operation on a CMK in a different AWS account.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param enableKeyRequest
* @return A Java Future containing the result of the EnableKey operation returned by the service.
* @sample AWSKMSAsync.EnableKey
* @see AWS API
* Documentation
*/
java.util.concurrent.Future enableKeyAsync(EnableKeyRequest enableKeyRequest);
/**
*
* Sets the key state of a customer master key (CMK) to enabled. This allows you to use the CMK for cryptographic
* operations. You cannot perform this operation on a CMK in a different AWS account.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param enableKeyRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the EnableKey operation returned by the service.
* @sample AWSKMSAsyncHandler.EnableKey
* @see AWS API
* Documentation
*/
java.util.concurrent.Future enableKeyAsync(EnableKeyRequest enableKeyRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Enables automatic rotation of the
* key material for the specified customer master key (CMK). You cannot perform this operation on a CMK in a
* different AWS account.
*
*
* You cannot enable automatic rotation of CMKs with imported key material or CMKs in a custom key store.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param enableKeyRotationRequest
* @return A Java Future containing the result of the EnableKeyRotation operation returned by the service.
* @sample AWSKMSAsync.EnableKeyRotation
* @see AWS API
* Documentation
*/
java.util.concurrent.Future enableKeyRotationAsync(EnableKeyRotationRequest enableKeyRotationRequest);
/**
*
* Enables automatic rotation of the
* key material for the specified customer master key (CMK). You cannot perform this operation on a CMK in a
* different AWS account.
*
*
* You cannot enable automatic rotation of CMKs with imported key material or CMKs in a custom key store.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param enableKeyRotationRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the EnableKeyRotation operation returned by the service.
* @sample AWSKMSAsyncHandler.EnableKeyRotation
* @see AWS API
* Documentation
*/
java.util.concurrent.Future enableKeyRotationAsync(EnableKeyRotationRequest enableKeyRotationRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Encrypts plaintext into ciphertext by using a customer master key (CMK). The Encrypt operation has
* two primary use cases:
*
*
* -
*
* You can encrypt up to 4 kilobytes (4096 bytes) of arbitrary data such as an RSA key, a database password, or
* other sensitive information.
*
*
* -
*
* To move encrypted data from one AWS region to another, you can use this operation to encrypt in the new region
* the plaintext data key that was used to encrypt the data in the original region. This provides you with an
* encrypted copy of the data key that can be decrypted in the new region and used there to decrypt the encrypted
* data.
*
*
*
*
* To perform this operation on a CMK in a different AWS account, specify the key ARN or alias ARN in the value of
* the KeyId parameter.
*
*
* Unless you are moving encrypted data from one region to another, you don't use this operation to encrypt a
* generated data key within a region. To get data keys that are already encrypted, call the GenerateDataKey
* or GenerateDataKeyWithoutPlaintext operation. Data keys don't need to be encrypted again by calling
* Encrypt.
*
*
* To encrypt data locally in your application, use the GenerateDataKey operation to return a plaintext data
* encryption key and a copy of the key encrypted under the CMK of your choosing.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param encryptRequest
* @return A Java Future containing the result of the Encrypt operation returned by the service.
* @sample AWSKMSAsync.Encrypt
* @see AWS API
* Documentation
*/
java.util.concurrent.Future encryptAsync(EncryptRequest encryptRequest);
/**
*
* Encrypts plaintext into ciphertext by using a customer master key (CMK). The Encrypt operation has
* two primary use cases:
*
*
* -
*
* You can encrypt up to 4 kilobytes (4096 bytes) of arbitrary data such as an RSA key, a database password, or
* other sensitive information.
*
*
* -
*
* To move encrypted data from one AWS region to another, you can use this operation to encrypt in the new region
* the plaintext data key that was used to encrypt the data in the original region. This provides you with an
* encrypted copy of the data key that can be decrypted in the new region and used there to decrypt the encrypted
* data.
*
*
*
*
* To perform this operation on a CMK in a different AWS account, specify the key ARN or alias ARN in the value of
* the KeyId parameter.
*
*
* Unless you are moving encrypted data from one region to another, you don't use this operation to encrypt a
* generated data key within a region. To get data keys that are already encrypted, call the GenerateDataKey
* or GenerateDataKeyWithoutPlaintext operation. Data keys don't need to be encrypted again by calling
* Encrypt.
*
*
* To encrypt data locally in your application, use the GenerateDataKey operation to return a plaintext data
* encryption key and a copy of the key encrypted under the CMK of your choosing.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param encryptRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the Encrypt operation returned by the service.
* @sample AWSKMSAsyncHandler.Encrypt
* @see AWS API
* Documentation
*/
java.util.concurrent.Future encryptAsync(EncryptRequest encryptRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Returns a data encryption key that you can use in your application to encrypt data locally.
*
*
* You must specify the customer master key (CMK) under which to generate the data key. You must also specify the
* length of the data key using either the KeySpec or NumberOfBytes field. You must
* specify one field or the other, but not both. For common key lengths (128-bit and 256-bit symmetric keys), we
* recommend that you use KeySpec. To perform this operation on a CMK in a different AWS account,
* specify the key ARN or alias ARN in the value of the KeyId parameter.
*
*
* This operation returns a plaintext copy of the data key in the Plaintext field of the response, and
* an encrypted copy of the data key in the CiphertextBlob field. The data key is encrypted under the
* CMK specified in the KeyId field of the request.
*
*
* We recommend that you use the following pattern to encrypt data locally in your application:
*
*
* -
*
* Use this operation (GenerateDataKey) to get a data encryption key.
*
*
* -
*
* Use the plaintext data encryption key (returned in the Plaintext field of the response) to encrypt
* data locally, then erase the plaintext data key from memory.
*
*
* -
*
* Store the encrypted data key (returned in the CiphertextBlob field of the response) alongside the
* locally encrypted data.
*
*
*
*
* To decrypt data locally:
*
*
* -
*
* Use the Decrypt operation to decrypt the encrypted data key into a plaintext copy of the data key.
*
*
* -
*
* Use the plaintext data key to decrypt data locally, then erase the plaintext data key from memory.
*
*
*
*
* To return only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext. To return a random
* byte string that is cryptographically secure, use GenerateRandom.
*
*
* If you use the optional EncryptionContext field, you must store at least enough information to be
* able to reconstruct the full encryption context when you later send the ciphertext to the Decrypt
* operation. It is a good practice to choose an encryption context that you can reconstruct on the fly to better
* secure the ciphertext. For more information, see Encryption Context in the
* AWS Key Management Service Developer Guide.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param generateDataKeyRequest
* @return A Java Future containing the result of the GenerateDataKey operation returned by the service.
* @sample AWSKMSAsync.GenerateDataKey
* @see AWS API
* Documentation
*/
java.util.concurrent.Future generateDataKeyAsync(GenerateDataKeyRequest generateDataKeyRequest);
/**
*
* Returns a data encryption key that you can use in your application to encrypt data locally.
*
*
* You must specify the customer master key (CMK) under which to generate the data key. You must also specify the
* length of the data key using either the KeySpec or NumberOfBytes field. You must
* specify one field or the other, but not both. For common key lengths (128-bit and 256-bit symmetric keys), we
* recommend that you use KeySpec. To perform this operation on a CMK in a different AWS account,
* specify the key ARN or alias ARN in the value of the KeyId parameter.
*
*
* This operation returns a plaintext copy of the data key in the Plaintext field of the response, and
* an encrypted copy of the data key in the CiphertextBlob field. The data key is encrypted under the
* CMK specified in the KeyId field of the request.
*
*
* We recommend that you use the following pattern to encrypt data locally in your application:
*
*
* -
*
* Use this operation (GenerateDataKey) to get a data encryption key.
*
*
* -
*
* Use the plaintext data encryption key (returned in the Plaintext field of the response) to encrypt
* data locally, then erase the plaintext data key from memory.
*
*
* -
*
* Store the encrypted data key (returned in the CiphertextBlob field of the response) alongside the
* locally encrypted data.
*
*
*
*
* To decrypt data locally:
*
*
* -
*
* Use the Decrypt operation to decrypt the encrypted data key into a plaintext copy of the data key.
*
*
* -
*
* Use the plaintext data key to decrypt data locally, then erase the plaintext data key from memory.
*
*
*
*
* To return only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext. To return a random
* byte string that is cryptographically secure, use GenerateRandom.
*
*
* If you use the optional EncryptionContext field, you must store at least enough information to be
* able to reconstruct the full encryption context when you later send the ciphertext to the Decrypt
* operation. It is a good practice to choose an encryption context that you can reconstruct on the fly to better
* secure the ciphertext. For more information, see Encryption Context in the
* AWS Key Management Service Developer Guide.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param generateDataKeyRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the GenerateDataKey operation returned by the service.
* @sample AWSKMSAsyncHandler.GenerateDataKey
* @see AWS API
* Documentation
*/
java.util.concurrent.Future generateDataKeyAsync(GenerateDataKeyRequest generateDataKeyRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Returns a data encryption key encrypted under a customer master key (CMK). This operation is identical to
* GenerateDataKey but returns only the encrypted copy of the data key.
*
*
* To perform this operation on a CMK in a different AWS account, specify the key ARN or alias ARN in the value of
* the KeyId parameter.
*
*
* This operation is useful in a system that has multiple components with different degrees of trust. For example,
* consider a system that stores encrypted data in containers. Each container stores the encrypted data and an
* encrypted copy of the data key. One component of the system, called the control plane, creates new
* containers. When it creates a new container, it uses this operation (GenerateDataKeyWithoutPlaintext
* ) to get an encrypted data key and then stores it in the container. Later, a different component of the system,
* called the data plane, puts encrypted data into the containers. To do this, it passes the encrypted data
* key to the Decrypt operation, then uses the returned plaintext data key to encrypt data, and finally
* stores the encrypted data in the container. In this system, the control plane never sees the plaintext data key.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param generateDataKeyWithoutPlaintextRequest
* @return A Java Future containing the result of the GenerateDataKeyWithoutPlaintext operation returned by the
* service.
* @sample AWSKMSAsync.GenerateDataKeyWithoutPlaintext
* @see AWS API Documentation
*/
java.util.concurrent.Future generateDataKeyWithoutPlaintextAsync(
GenerateDataKeyWithoutPlaintextRequest generateDataKeyWithoutPlaintextRequest);
/**
*
* Returns a data encryption key encrypted under a customer master key (CMK). This operation is identical to
* GenerateDataKey but returns only the encrypted copy of the data key.
*
*
* To perform this operation on a CMK in a different AWS account, specify the key ARN or alias ARN in the value of
* the KeyId parameter.
*
*
* This operation is useful in a system that has multiple components with different degrees of trust. For example,
* consider a system that stores encrypted data in containers. Each container stores the encrypted data and an
* encrypted copy of the data key. One component of the system, called the control plane, creates new
* containers. When it creates a new container, it uses this operation (GenerateDataKeyWithoutPlaintext
* ) to get an encrypted data key and then stores it in the container. Later, a different component of the system,
* called the data plane, puts encrypted data into the containers. To do this, it passes the encrypted data
* key to the Decrypt operation, then uses the returned plaintext data key to encrypt data, and finally
* stores the encrypted data in the container. In this system, the control plane never sees the plaintext data key.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param generateDataKeyWithoutPlaintextRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the GenerateDataKeyWithoutPlaintext operation returned by the
* service.
* @sample AWSKMSAsyncHandler.GenerateDataKeyWithoutPlaintext
* @see AWS API Documentation
*/
java.util.concurrent.Future generateDataKeyWithoutPlaintextAsync(
GenerateDataKeyWithoutPlaintextRequest generateDataKeyWithoutPlaintextRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Returns a random byte string that is cryptographically secure.
*
*
* By default, the random byte string is generated in AWS KMS. To generate the byte string in the AWS CloudHSM
* cluster that is associated with a custom key store, specify
* the custom key store ID.
*
*
* For more information about entropy and random number generation, see the AWS Key Management Service
* Cryptographic Details whitepaper.
*
*
* @param generateRandomRequest
* @return A Java Future containing the result of the GenerateRandom operation returned by the service.
* @sample AWSKMSAsync.GenerateRandom
* @see AWS API
* Documentation
*/
java.util.concurrent.Future generateRandomAsync(GenerateRandomRequest generateRandomRequest);
/**
*
* Returns a random byte string that is cryptographically secure.
*
*
* By default, the random byte string is generated in AWS KMS. To generate the byte string in the AWS CloudHSM
* cluster that is associated with a custom key store, specify
* the custom key store ID.
*
*
* For more information about entropy and random number generation, see the AWS Key Management Service
* Cryptographic Details whitepaper.
*
*
* @param generateRandomRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the GenerateRandom operation returned by the service.
* @sample AWSKMSAsyncHandler.GenerateRandom
* @see AWS API
* Documentation
*/
java.util.concurrent.Future generateRandomAsync(GenerateRandomRequest generateRandomRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
* Simplified method form for invoking the GenerateRandom operation.
*
* @see #generateRandomAsync(GenerateRandomRequest)
*/
java.util.concurrent.Future generateRandomAsync();
/**
* Simplified method form for invoking the GenerateRandom operation with an AsyncHandler.
*
* @see #generateRandomAsync(GenerateRandomRequest, com.amazonaws.handlers.AsyncHandler)
*/
java.util.concurrent.Future generateRandomAsync(
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Gets a key policy attached to the specified customer master key (CMK). You cannot perform this operation on a CMK
* in a different AWS account.
*
*
* @param getKeyPolicyRequest
* @return A Java Future containing the result of the GetKeyPolicy operation returned by the service.
* @sample AWSKMSAsync.GetKeyPolicy
* @see AWS API
* Documentation
*/
java.util.concurrent.Future getKeyPolicyAsync(GetKeyPolicyRequest getKeyPolicyRequest);
/**
*
* Gets a key policy attached to the specified customer master key (CMK). You cannot perform this operation on a CMK
* in a different AWS account.
*
*
* @param getKeyPolicyRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the GetKeyPolicy operation returned by the service.
* @sample AWSKMSAsyncHandler.GetKeyPolicy
* @see AWS API
* Documentation
*/
java.util.concurrent.Future getKeyPolicyAsync(GetKeyPolicyRequest getKeyPolicyRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Gets a Boolean value that indicates whether automatic rotation of the key
* material is enabled for the specified customer master key (CMK).
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* -
*
* Disabled: The key rotation status does not change when you disable a CMK. However, while the CMK is disabled, AWS
* KMS does not rotate the backing key.
*
*
* -
*
* Pending deletion: While a CMK is pending deletion, its key rotation status is false and AWS KMS does
* not rotate the backing key. If you cancel the deletion, the original key rotation status is restored.
*
*
*
*
* To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the
* KeyId parameter.
*
*
* @param getKeyRotationStatusRequest
* @return A Java Future containing the result of the GetKeyRotationStatus operation returned by the service.
* @sample AWSKMSAsync.GetKeyRotationStatus
* @see AWS API
* Documentation
*/
java.util.concurrent.Future getKeyRotationStatusAsync(GetKeyRotationStatusRequest getKeyRotationStatusRequest);
/**
*
* Gets a Boolean value that indicates whether automatic rotation of the key
* material is enabled for the specified customer master key (CMK).
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* -
*
* Disabled: The key rotation status does not change when you disable a CMK. However, while the CMK is disabled, AWS
* KMS does not rotate the backing key.
*
*
* -
*
* Pending deletion: While a CMK is pending deletion, its key rotation status is false and AWS KMS does
* not rotate the backing key. If you cancel the deletion, the original key rotation status is restored.
*
*
*
*
* To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the
* KeyId parameter.
*
*
* @param getKeyRotationStatusRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the GetKeyRotationStatus operation returned by the service.
* @sample AWSKMSAsyncHandler.GetKeyRotationStatus
* @see AWS API
* Documentation
*/
java.util.concurrent.Future getKeyRotationStatusAsync(GetKeyRotationStatusRequest getKeyRotationStatusRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Returns the items you need in order to import key material into AWS KMS from your existing key management
* infrastructure. For more information about importing key material into AWS KMS, see Importing Key Material in the
* AWS Key Management Service Developer Guide.
*
*
* You must specify the key ID of the customer master key (CMK) into which you will import key material. This CMK's
* Origin must be EXTERNAL. You must also specify the wrapping algorithm and type of
* wrapping key (public key) that you will use to encrypt the key material. You cannot perform this operation on a
* CMK in a different AWS account.
*
*
* This operation returns a public key and an import token. Use the public key to encrypt the key material. Store
* the import token to send with a subsequent ImportKeyMaterial request. The public key and import token from
* the same response must be used together. These items are valid for 24 hours. When they expire, they cannot be
* used for a subsequent ImportKeyMaterial request. To get new ones, send another
* GetParametersForImport request.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param getParametersForImportRequest
* @return A Java Future containing the result of the GetParametersForImport operation returned by the service.
* @sample AWSKMSAsync.GetParametersForImport
* @see AWS API
* Documentation
*/
java.util.concurrent.Future getParametersForImportAsync(GetParametersForImportRequest getParametersForImportRequest);
/**
*
* Returns the items you need in order to import key material into AWS KMS from your existing key management
* infrastructure. For more information about importing key material into AWS KMS, see Importing Key Material in the
* AWS Key Management Service Developer Guide.
*
*
* You must specify the key ID of the customer master key (CMK) into which you will import key material. This CMK's
* Origin must be EXTERNAL. You must also specify the wrapping algorithm and type of
* wrapping key (public key) that you will use to encrypt the key material. You cannot perform this operation on a
* CMK in a different AWS account.
*
*
* This operation returns a public key and an import token. Use the public key to encrypt the key material. Store
* the import token to send with a subsequent ImportKeyMaterial request. The public key and import token from
* the same response must be used together. These items are valid for 24 hours. When they expire, they cannot be
* used for a subsequent ImportKeyMaterial request. To get new ones, send another
* GetParametersForImport request.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param getParametersForImportRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the GetParametersForImport operation returned by the service.
* @sample AWSKMSAsyncHandler.GetParametersForImport
* @see AWS API
* Documentation
*/
java.util.concurrent.Future getParametersForImportAsync(GetParametersForImportRequest getParametersForImportRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Imports key material into an existing AWS KMS customer master key (CMK) that was created without key material.
* You cannot perform this operation on a CMK in a different AWS account. For more information about creating CMKs
* with no key material and then importing key material, see Importing Key Material in the
* AWS Key Management Service Developer Guide.
*
*
* Before using this operation, call GetParametersForImport. Its response includes a public key and an import
* token. Use the public key to encrypt the key material. Then, submit the import token from the same
* GetParametersForImport response.
*
*
* When calling this operation, you must specify the following values:
*
*
* -
*
* The key ID or key ARN of a CMK with no key material. Its Origin must be EXTERNAL.
*
*
* To create a CMK with no key material, call CreateKey and set the value of its Origin
* parameter to EXTERNAL. To get the Origin of a CMK, call DescribeKey.)
*
*
* -
*
* The encrypted key material. To get the public key to encrypt the key material, call
* GetParametersForImport.
*
*
* -
*
* The import token that GetParametersForImport returned. This token and the public key used to encrypt the
* key material must have come from the same response.
*
*
* -
*
* Whether the key material expires and if so, when. If you set an expiration date, you can change it only by
* reimporting the same key material and specifying a new expiration date. If the key material expires, AWS KMS
* deletes the key material and the CMK becomes unusable. To use the CMK again, you must reimport the same key
* material.
*
*
*
*
* When this operation is successful, the key state of the CMK changes from PendingImport to
* Enabled, and you can use the CMK. After you successfully import key material into a CMK, you can
* reimport the same key material into that CMK, but you cannot import different key material.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param importKeyMaterialRequest
* @return A Java Future containing the result of the ImportKeyMaterial operation returned by the service.
* @sample AWSKMSAsync.ImportKeyMaterial
* @see AWS API
* Documentation
*/
java.util.concurrent.Future importKeyMaterialAsync(ImportKeyMaterialRequest importKeyMaterialRequest);
/**
*
* Imports key material into an existing AWS KMS customer master key (CMK) that was created without key material.
* You cannot perform this operation on a CMK in a different AWS account. For more information about creating CMKs
* with no key material and then importing key material, see Importing Key Material in the
* AWS Key Management Service Developer Guide.
*
*
* Before using this operation, call GetParametersForImport. Its response includes a public key and an import
* token. Use the public key to encrypt the key material. Then, submit the import token from the same
* GetParametersForImport response.
*
*
* When calling this operation, you must specify the following values:
*
*
* -
*
* The key ID or key ARN of a CMK with no key material. Its Origin must be EXTERNAL.
*
*
* To create a CMK with no key material, call CreateKey and set the value of its Origin
* parameter to EXTERNAL. To get the Origin of a CMK, call DescribeKey.)
*
*
* -
*
* The encrypted key material. To get the public key to encrypt the key material, call
* GetParametersForImport.
*
*
* -
*
* The import token that GetParametersForImport returned. This token and the public key used to encrypt the
* key material must have come from the same response.
*
*
* -
*
* Whether the key material expires and if so, when. If you set an expiration date, you can change it only by
* reimporting the same key material and specifying a new expiration date. If the key material expires, AWS KMS
* deletes the key material and the CMK becomes unusable. To use the CMK again, you must reimport the same key
* material.
*
*
*
*
* When this operation is successful, the key state of the CMK changes from PendingImport to
* Enabled, and you can use the CMK. After you successfully import key material into a CMK, you can
* reimport the same key material into that CMK, but you cannot import different key material.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param importKeyMaterialRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the ImportKeyMaterial operation returned by the service.
* @sample AWSKMSAsyncHandler.ImportKeyMaterial
* @see AWS API
* Documentation
*/
java.util.concurrent.Future importKeyMaterialAsync(ImportKeyMaterialRequest importKeyMaterialRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Gets a list of all aliases in the caller's AWS account and region. You cannot list aliases in other accounts. For
* more information about aliases, see CreateAlias.
*
*
* By default, the ListAliases command returns all aliases in the account and region. To get only the
* aliases that point to a particular customer master key (CMK), use the KeyId parameter.
*
*
* The ListAliases response might include several aliases have no TargetKeyId field. These
* are predefined aliases that AWS has created but has not yet associated with a CMK. Aliases that AWS creates in
* your account, including predefined aliases, do not count against your AWS KMS aliases limit.
*
*
* @param listAliasesRequest
* @return A Java Future containing the result of the ListAliases operation returned by the service.
* @sample AWSKMSAsync.ListAliases
* @see AWS API
* Documentation
*/
java.util.concurrent.Future listAliasesAsync(ListAliasesRequest listAliasesRequest);
/**
*
* Gets a list of all aliases in the caller's AWS account and region. You cannot list aliases in other accounts. For
* more information about aliases, see CreateAlias.
*
*
* By default, the ListAliases command returns all aliases in the account and region. To get only the
* aliases that point to a particular customer master key (CMK), use the KeyId parameter.
*
*
* The ListAliases response might include several aliases have no TargetKeyId field. These
* are predefined aliases that AWS has created but has not yet associated with a CMK. Aliases that AWS creates in
* your account, including predefined aliases, do not count against your AWS KMS aliases limit.
*
*
* @param listAliasesRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the ListAliases operation returned by the service.
* @sample AWSKMSAsyncHandler.ListAliases
* @see AWS API
* Documentation
*/
java.util.concurrent.Future listAliasesAsync(ListAliasesRequest listAliasesRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
* Simplified method form for invoking the ListAliases operation.
*
* @see #listAliasesAsync(ListAliasesRequest)
*/
java.util.concurrent.Future listAliasesAsync();
/**
* Simplified method form for invoking the ListAliases operation with an AsyncHandler.
*
* @see #listAliasesAsync(ListAliasesRequest, com.amazonaws.handlers.AsyncHandler)
*/
java.util.concurrent.Future listAliasesAsync(com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Gets a list of all grants for the specified customer master key (CMK).
*
*
* To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the
* KeyId parameter.
*
*
* @param listGrantsRequest
* @return A Java Future containing the result of the ListGrants operation returned by the service.
* @sample AWSKMSAsync.ListGrants
* @see AWS API
* Documentation
*/
java.util.concurrent.Future listGrantsAsync(ListGrantsRequest listGrantsRequest);
/**
*
* Gets a list of all grants for the specified customer master key (CMK).
*
*
* To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the
* KeyId parameter.
*
*
* @param listGrantsRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the ListGrants operation returned by the service.
* @sample AWSKMSAsyncHandler.ListGrants
* @see AWS API
* Documentation
*/
java.util.concurrent.Future listGrantsAsync(ListGrantsRequest listGrantsRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Gets the names of the key policies that are attached to a customer master key (CMK). This operation is designed
* to get policy names that you can use in a GetKeyPolicy operation. However, the only valid policy name is
* default. You cannot perform this operation on a CMK in a different AWS account.
*
*
* @param listKeyPoliciesRequest
* @return A Java Future containing the result of the ListKeyPolicies operation returned by the service.
* @sample AWSKMSAsync.ListKeyPolicies
* @see AWS API
* Documentation
*/
java.util.concurrent.Future listKeyPoliciesAsync(ListKeyPoliciesRequest listKeyPoliciesRequest);
/**
*
* Gets the names of the key policies that are attached to a customer master key (CMK). This operation is designed
* to get policy names that you can use in a GetKeyPolicy operation. However, the only valid policy name is
* default. You cannot perform this operation on a CMK in a different AWS account.
*
*
* @param listKeyPoliciesRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the ListKeyPolicies operation returned by the service.
* @sample AWSKMSAsyncHandler.ListKeyPolicies
* @see AWS API
* Documentation
*/
java.util.concurrent.Future listKeyPoliciesAsync(ListKeyPoliciesRequest listKeyPoliciesRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Gets a list of all customer master keys (CMKs) in the caller's AWS account and region.
*
*
* @param listKeysRequest
* @return A Java Future containing the result of the ListKeys operation returned by the service.
* @sample AWSKMSAsync.ListKeys
* @see AWS API
* Documentation
*/
java.util.concurrent.Future listKeysAsync(ListKeysRequest listKeysRequest);
/**
*
* Gets a list of all customer master keys (CMKs) in the caller's AWS account and region.
*
*
* @param listKeysRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the ListKeys operation returned by the service.
* @sample AWSKMSAsyncHandler.ListKeys
* @see AWS API
* Documentation
*/
java.util.concurrent.Future listKeysAsync(ListKeysRequest listKeysRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
* Simplified method form for invoking the ListKeys operation.
*
* @see #listKeysAsync(ListKeysRequest)
*/
java.util.concurrent.Future listKeysAsync();
/**
* Simplified method form for invoking the ListKeys operation with an AsyncHandler.
*
* @see #listKeysAsync(ListKeysRequest, com.amazonaws.handlers.AsyncHandler)
*/
java.util.concurrent.Future listKeysAsync(com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Returns a list of all tags for the specified customer master key (CMK).
*
*
* You cannot perform this operation on a CMK in a different AWS account.
*
*
* @param listResourceTagsRequest
* @return A Java Future containing the result of the ListResourceTags operation returned by the service.
* @sample AWSKMSAsync.ListResourceTags
* @see AWS API
* Documentation
*/
java.util.concurrent.Future listResourceTagsAsync(ListResourceTagsRequest listResourceTagsRequest);
/**
*
* Returns a list of all tags for the specified customer master key (CMK).
*
*
* You cannot perform this operation on a CMK in a different AWS account.
*
*
* @param listResourceTagsRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the ListResourceTags operation returned by the service.
* @sample AWSKMSAsyncHandler.ListResourceTags
* @see AWS API
* Documentation
*/
java.util.concurrent.Future listResourceTagsAsync(ListResourceTagsRequest listResourceTagsRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Returns a list of all grants for which the grant's RetiringPrincipal matches the one specified.
*
*
* A typical use is to list all grants that you are able to retire. To retire a grant, use RetireGrant.
*
*
* @param listRetirableGrantsRequest
* @return A Java Future containing the result of the ListRetirableGrants operation returned by the service.
* @sample AWSKMSAsync.ListRetirableGrants
* @see AWS API
* Documentation
*/
java.util.concurrent.Future listRetirableGrantsAsync(ListRetirableGrantsRequest listRetirableGrantsRequest);
/**
*
* Returns a list of all grants for which the grant's RetiringPrincipal matches the one specified.
*
*
* A typical use is to list all grants that you are able to retire. To retire a grant, use RetireGrant.
*
*
* @param listRetirableGrantsRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the ListRetirableGrants operation returned by the service.
* @sample AWSKMSAsyncHandler.ListRetirableGrants
* @see AWS API
* Documentation
*/
java.util.concurrent.Future listRetirableGrantsAsync(ListRetirableGrantsRequest listRetirableGrantsRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Attaches a key policy to the specified customer master key (CMK). You cannot perform this operation on a CMK in a
* different AWS account.
*
*
* For more information about key policies, see Key Policies in the AWS Key
* Management Service Developer Guide.
*
*
* @param putKeyPolicyRequest
* @return A Java Future containing the result of the PutKeyPolicy operation returned by the service.
* @sample AWSKMSAsync.PutKeyPolicy
* @see AWS API
* Documentation
*/
java.util.concurrent.Future putKeyPolicyAsync(PutKeyPolicyRequest putKeyPolicyRequest);
/**
*
* Attaches a key policy to the specified customer master key (CMK). You cannot perform this operation on a CMK in a
* different AWS account.
*
*
* For more information about key policies, see Key Policies in the AWS Key
* Management Service Developer Guide.
*
*
* @param putKeyPolicyRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the PutKeyPolicy operation returned by the service.
* @sample AWSKMSAsyncHandler.PutKeyPolicy
* @see AWS API
* Documentation
*/
java.util.concurrent.Future putKeyPolicyAsync(PutKeyPolicyRequest putKeyPolicyRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Encrypts data on the server side with a new customer master key (CMK) without exposing the plaintext of the data
* on the client side. The data is first decrypted and then reencrypted. You can also use this operation to change
* the encryption context of a ciphertext.
*
*
* You can reencrypt data using CMKs in different AWS accounts.
*
*
* Unlike other operations, ReEncrypt is authorized twice, once as ReEncryptFrom on the
* source CMK and once as ReEncryptTo on the destination CMK. We recommend that you include the
* "kms:ReEncrypt*" permission in your key policies to permit
* reencryption from or to the CMK. This permission is automatically included in the key policy when you create a
* CMK through the console, but you must include it manually when you create a CMK programmatically or when you set
* a key policy with the PutKeyPolicy operation.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param reEncryptRequest
* @return A Java Future containing the result of the ReEncrypt operation returned by the service.
* @sample AWSKMSAsync.ReEncrypt
* @see AWS API
* Documentation
*/
java.util.concurrent.Future reEncryptAsync(ReEncryptRequest reEncryptRequest);
/**
*
* Encrypts data on the server side with a new customer master key (CMK) without exposing the plaintext of the data
* on the client side. The data is first decrypted and then reencrypted. You can also use this operation to change
* the encryption context of a ciphertext.
*
*
* You can reencrypt data using CMKs in different AWS accounts.
*
*
* Unlike other operations, ReEncrypt is authorized twice, once as ReEncryptFrom on the
* source CMK and once as ReEncryptTo on the destination CMK. We recommend that you include the
* "kms:ReEncrypt*" permission in your key policies to permit
* reencryption from or to the CMK. This permission is automatically included in the key policy when you create a
* CMK through the console, but you must include it manually when you create a CMK programmatically or when you set
* a key policy with the PutKeyPolicy operation.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param reEncryptRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the ReEncrypt operation returned by the service.
* @sample AWSKMSAsyncHandler.ReEncrypt
* @see AWS API
* Documentation
*/
java.util.concurrent.Future reEncryptAsync(ReEncryptRequest reEncryptRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Retires a grant. To clean up, you can retire a grant when you're done using it. You should revoke a grant when
* you intend to actively deny operations that depend on it. The following are permitted to call this API:
*
*
* -
*
* The AWS account (root user) under which the grant was created
*
*
* -
*
* The RetiringPrincipal, if present in the grant
*
*
* -
*
* The GranteePrincipal, if RetireGrant is an operation specified in the grant
*
*
*
*
* You must identify the grant to retire by its grant token or by a combination of the grant ID and the Amazon
* Resource Name (ARN) of the customer master key (CMK). A grant token is a unique variable-length base64-encoded
* string. A grant ID is a 64 character unique identifier of a grant. The CreateGrant operation returns both.
*
*
* @param retireGrantRequest
* @return A Java Future containing the result of the RetireGrant operation returned by the service.
* @sample AWSKMSAsync.RetireGrant
* @see AWS API
* Documentation
*/
java.util.concurrent.Future retireGrantAsync(RetireGrantRequest retireGrantRequest);
/**
*
* Retires a grant. To clean up, you can retire a grant when you're done using it. You should revoke a grant when
* you intend to actively deny operations that depend on it. The following are permitted to call this API:
*
*
* -
*
* The AWS account (root user) under which the grant was created
*
*
* -
*
* The RetiringPrincipal, if present in the grant
*
*
* -
*
* The GranteePrincipal, if RetireGrant is an operation specified in the grant
*
*
*
*
* You must identify the grant to retire by its grant token or by a combination of the grant ID and the Amazon
* Resource Name (ARN) of the customer master key (CMK). A grant token is a unique variable-length base64-encoded
* string. A grant ID is a 64 character unique identifier of a grant. The CreateGrant operation returns both.
*
*
* @param retireGrantRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the RetireGrant operation returned by the service.
* @sample AWSKMSAsyncHandler.RetireGrant
* @see AWS API
* Documentation
*/
java.util.concurrent.Future retireGrantAsync(RetireGrantRequest retireGrantRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
* Simplified method form for invoking the RetireGrant operation.
*
* @see #retireGrantAsync(RetireGrantRequest)
*/
java.util.concurrent.Future retireGrantAsync();
/**
* Simplified method form for invoking the RetireGrant operation with an AsyncHandler.
*
* @see #retireGrantAsync(RetireGrantRequest, com.amazonaws.handlers.AsyncHandler)
*/
java.util.concurrent.Future retireGrantAsync(com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Revokes the specified grant for the specified customer master key (CMK). You can revoke a grant to actively deny
* operations that depend on it.
*
*
* To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the
* KeyId parameter.
*
*
* @param revokeGrantRequest
* @return A Java Future containing the result of the RevokeGrant operation returned by the service.
* @sample AWSKMSAsync.RevokeGrant
* @see AWS API
* Documentation
*/
java.util.concurrent.Future revokeGrantAsync(RevokeGrantRequest revokeGrantRequest);
/**
*
* Revokes the specified grant for the specified customer master key (CMK). You can revoke a grant to actively deny
* operations that depend on it.
*
*
* To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the
* KeyId parameter.
*
*
* @param revokeGrantRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the RevokeGrant operation returned by the service.
* @sample AWSKMSAsyncHandler.RevokeGrant
* @see AWS API
* Documentation
*/
java.util.concurrent.Future revokeGrantAsync(RevokeGrantRequest revokeGrantRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Schedules the deletion of a customer master key (CMK). You may provide a waiting period, specified in days,
* before deletion occurs. If you do not provide a waiting period, the default period of 30 days is used. When this
* operation is successful, the key state of the CMK changes to PendingDeletion. Before the waiting
* period ends, you can use CancelKeyDeletion to cancel the deletion of the CMK. After the waiting period
* ends, AWS KMS deletes the CMK and all AWS KMS data associated with it, including all aliases that refer to it.
*
*
*
* Deleting a CMK is a destructive and potentially dangerous operation. When a CMK is deleted, all data that was
* encrypted under the CMK is unrecoverable. To prevent the use of a CMK without deleting it, use DisableKey.
*
*
*
* If you schedule deletion of a CMK from a custom key store, when
* the waiting period expires, ScheduleKeyDeletion deletes the CMK from AWS KMS. Then AWS KMS makes a
* best effort to delete the key material from the associated AWS CloudHSM cluster. However, you might need to
* manually delete
* the orphaned key material from the cluster and its backups.
*
*
* You cannot perform this operation on a CMK in a different AWS account.
*
*
* For more information about scheduling a CMK for deletion, see Deleting Customer Master Keys
* in the AWS Key Management Service Developer Guide.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param scheduleKeyDeletionRequest
* @return A Java Future containing the result of the ScheduleKeyDeletion operation returned by the service.
* @sample AWSKMSAsync.ScheduleKeyDeletion
* @see AWS API
* Documentation
*/
java.util.concurrent.Future scheduleKeyDeletionAsync(ScheduleKeyDeletionRequest scheduleKeyDeletionRequest);
/**
*
* Schedules the deletion of a customer master key (CMK). You may provide a waiting period, specified in days,
* before deletion occurs. If you do not provide a waiting period, the default period of 30 days is used. When this
* operation is successful, the key state of the CMK changes to PendingDeletion. Before the waiting
* period ends, you can use CancelKeyDeletion to cancel the deletion of the CMK. After the waiting period
* ends, AWS KMS deletes the CMK and all AWS KMS data associated with it, including all aliases that refer to it.
*
*
*
* Deleting a CMK is a destructive and potentially dangerous operation. When a CMK is deleted, all data that was
* encrypted under the CMK is unrecoverable. To prevent the use of a CMK without deleting it, use DisableKey.
*
*
*
* If you schedule deletion of a CMK from a custom key store, when
* the waiting period expires, ScheduleKeyDeletion deletes the CMK from AWS KMS. Then AWS KMS makes a
* best effort to delete the key material from the associated AWS CloudHSM cluster. However, you might need to
* manually delete
* the orphaned key material from the cluster and its backups.
*
*
* You cannot perform this operation on a CMK in a different AWS account.
*
*
* For more information about scheduling a CMK for deletion, see Deleting Customer Master Keys
* in the AWS Key Management Service Developer Guide.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param scheduleKeyDeletionRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the ScheduleKeyDeletion operation returned by the service.
* @sample AWSKMSAsyncHandler.ScheduleKeyDeletion
* @see AWS API
* Documentation
*/
java.util.concurrent.Future scheduleKeyDeletionAsync(ScheduleKeyDeletionRequest scheduleKeyDeletionRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Adds or edits tags for a customer master key (CMK). You cannot perform this operation on a CMK in a different AWS
* account.
*
*
* Each tag consists of a tag key and a tag value. Tag keys and tag values are both required, but tag values can be
* empty (null) strings.
*
*
* You can only use a tag key once for each CMK. If you use the tag key again, AWS KMS replaces the current tag
* value with the specified value.
*
*
* For information about the rules that apply to tag keys and tag values, see User-Defined
* Tag Restrictions in the AWS Billing and Cost Management User Guide.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param tagResourceRequest
* @return A Java Future containing the result of the TagResource operation returned by the service.
* @sample AWSKMSAsync.TagResource
* @see AWS API
* Documentation
*/
java.util.concurrent.Future tagResourceAsync(TagResourceRequest tagResourceRequest);
/**
*
* Adds or edits tags for a customer master key (CMK). You cannot perform this operation on a CMK in a different AWS
* account.
*
*
* Each tag consists of a tag key and a tag value. Tag keys and tag values are both required, but tag values can be
* empty (null) strings.
*
*
* You can only use a tag key once for each CMK. If you use the tag key again, AWS KMS replaces the current tag
* value with the specified value.
*
*
* For information about the rules that apply to tag keys and tag values, see User-Defined
* Tag Restrictions in the AWS Billing and Cost Management User Guide.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param tagResourceRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the TagResource operation returned by the service.
* @sample AWSKMSAsyncHandler.TagResource
* @see AWS API
* Documentation
*/
java.util.concurrent.Future tagResourceAsync(TagResourceRequest tagResourceRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Removes the specified tags from the specified customer master key (CMK). You cannot perform this operation on a
* CMK in a different AWS account.
*
*
* To remove a tag, specify the tag key. To change the tag value of an existing tag key, use TagResource.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param untagResourceRequest
* @return A Java Future containing the result of the UntagResource operation returned by the service.
* @sample AWSKMSAsync.UntagResource
* @see AWS API
* Documentation
*/
java.util.concurrent.Future untagResourceAsync(UntagResourceRequest untagResourceRequest);
/**
*
* Removes the specified tags from the specified customer master key (CMK). You cannot perform this operation on a
* CMK in a different AWS account.
*
*
* To remove a tag, specify the tag key. To change the tag value of an existing tag key, use TagResource.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param untagResourceRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the UntagResource operation returned by the service.
* @sample AWSKMSAsyncHandler.UntagResource
* @see AWS API
* Documentation
*/
java.util.concurrent.Future untagResourceAsync(UntagResourceRequest untagResourceRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Associates an existing alias with a different customer master key (CMK). Each CMK can have multiple aliases, but
* the aliases must be unique within the account and region. You cannot perform this operation on an alias in a
* different AWS account.
*
*
* This operation works only on existing aliases. To change the alias of a CMK to a new value, use
* CreateAlias to create a new alias and DeleteAlias to delete the old alias.
*
*
* Because an alias is not a property of a CMK, you can create, update, and delete the aliases of a CMK without
* affecting the CMK. Also, aliases do not appear in the response from the DescribeKey operation. To get the
* aliases of all CMKs in the account, use the ListAliases operation.
*
*
* An alias name can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). An
* alias must start with the word alias followed by a forward slash (alias/). The alias
* name can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). Alias names
* cannot begin with aws; that alias name prefix is reserved by Amazon Web Services (AWS).
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param updateAliasRequest
* @return A Java Future containing the result of the UpdateAlias operation returned by the service.
* @sample AWSKMSAsync.UpdateAlias
* @see AWS API
* Documentation
*/
java.util.concurrent.Future updateAliasAsync(UpdateAliasRequest updateAliasRequest);
/**
*
* Associates an existing alias with a different customer master key (CMK). Each CMK can have multiple aliases, but
* the aliases must be unique within the account and region. You cannot perform this operation on an alias in a
* different AWS account.
*
*
* This operation works only on existing aliases. To change the alias of a CMK to a new value, use
* CreateAlias to create a new alias and DeleteAlias to delete the old alias.
*
*
* Because an alias is not a property of a CMK, you can create, update, and delete the aliases of a CMK without
* affecting the CMK. Also, aliases do not appear in the response from the DescribeKey operation. To get the
* aliases of all CMKs in the account, use the ListAliases operation.
*
*
* An alias name can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). An
* alias must start with the word alias followed by a forward slash (alias/). The alias
* name can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). Alias names
* cannot begin with aws; that alias name prefix is reserved by Amazon Web Services (AWS).
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param updateAliasRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the UpdateAlias operation returned by the service.
* @sample AWSKMSAsyncHandler.UpdateAlias
* @see AWS API
* Documentation
*/
java.util.concurrent.Future updateAliasAsync(UpdateAliasRequest updateAliasRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Changes the properties of a custom key store. Use the CustomKeyStoreId parameter to identify the
* custom key store you want to edit. Use the remaining parameters to change the properties of the custom key store.
*
*
* You can only update a custom key store that is disconnected. To disconnect the custom key store, use
* DisconnectCustomKeyStore. To reconnect the custom key store after the update completes, use
* ConnectCustomKeyStore. To find the connection state of a custom key store, use the
* DescribeCustomKeyStores operation.
*
*
* Use the NewCustomKeyStoreName parameter to change the friendly name of the custom key store to the
* value that you specify.
*
*
* Use the KeyStorePassword parameter tell AWS KMS the current password of the
* kmsuser crypto user (CU) in the associated AWS CloudHSM cluster. You can use this parameter to
* fix connection failures that occur when AWS KMS cannot log into the associated cluster because the
* kmsuser password has changed. This value does not change the password in the AWS CloudHSM cluster.
*
*
* Use the CloudHsmClusterId parameter to associate the custom key store with a related AWS CloudHSM
* cluster, that is, a cluster that shares a backup history with the original cluster. You can use this parameter to
* repair a custom key store if its AWS CloudHSM cluster becomes corrupted or is deleted, or when you need to create
* or restore a cluster from a backup.
*
*
* The cluster ID must identify a AWS CloudHSM cluster with the following requirements.
*
*
* -
*
* The cluster must be active and be in the same AWS account and Region as the custom key store.
*
*
* -
*
* The cluster must have the same cluster certificate as the original cluster. You cannot use this parameter to
* associate the custom key store with an unrelated cluster. To view the cluster certificate, use the AWS CloudHSM
* DescribeClusters
* operation. Clusters that share a backup history have the same cluster certificate.
*
*
* -
*
* The cluster must be configured with subnets in at least two different Availability Zones in the Region. Because
* AWS CloudHSM is not supported in all Availability Zones, we recommend that the cluster have subnets in all
* Availability Zones in the Region.
*
*
* -
*
* The cluster must contain at least two active HSMs, each in a different Availability Zone.
*
*
*
*
* If the operation succeeds, it returns a JSON object with no properties.
*
*
* This operation is part of the Custom Key Store
* feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the
* isolation and control of a single-tenant key store.
*
*
* @param updateCustomKeyStoreRequest
* @return A Java Future containing the result of the UpdateCustomKeyStore operation returned by the service.
* @sample AWSKMSAsync.UpdateCustomKeyStore
* @see AWS API
* Documentation
*/
java.util.concurrent.Future updateCustomKeyStoreAsync(UpdateCustomKeyStoreRequest updateCustomKeyStoreRequest);
/**
*
* Changes the properties of a custom key store. Use the CustomKeyStoreId parameter to identify the
* custom key store you want to edit. Use the remaining parameters to change the properties of the custom key store.
*
*
* You can only update a custom key store that is disconnected. To disconnect the custom key store, use
* DisconnectCustomKeyStore. To reconnect the custom key store after the update completes, use
* ConnectCustomKeyStore. To find the connection state of a custom key store, use the
* DescribeCustomKeyStores operation.
*
*
* Use the NewCustomKeyStoreName parameter to change the friendly name of the custom key store to the
* value that you specify.
*
*
* Use the KeyStorePassword parameter tell AWS KMS the current password of the
* kmsuser crypto user (CU) in the associated AWS CloudHSM cluster. You can use this parameter to
* fix connection failures that occur when AWS KMS cannot log into the associated cluster because the
* kmsuser password has changed. This value does not change the password in the AWS CloudHSM cluster.
*
*
* Use the CloudHsmClusterId parameter to associate the custom key store with a related AWS CloudHSM
* cluster, that is, a cluster that shares a backup history with the original cluster. You can use this parameter to
* repair a custom key store if its AWS CloudHSM cluster becomes corrupted or is deleted, or when you need to create
* or restore a cluster from a backup.
*
*
* The cluster ID must identify a AWS CloudHSM cluster with the following requirements.
*
*
* -
*
* The cluster must be active and be in the same AWS account and Region as the custom key store.
*
*
* -
*
* The cluster must have the same cluster certificate as the original cluster. You cannot use this parameter to
* associate the custom key store with an unrelated cluster. To view the cluster certificate, use the AWS CloudHSM
* DescribeClusters
* operation. Clusters that share a backup history have the same cluster certificate.
*
*
* -
*
* The cluster must be configured with subnets in at least two different Availability Zones in the Region. Because
* AWS CloudHSM is not supported in all Availability Zones, we recommend that the cluster have subnets in all
* Availability Zones in the Region.
*
*
* -
*
* The cluster must contain at least two active HSMs, each in a different Availability Zone.
*
*
*
*
* If the operation succeeds, it returns a JSON object with no properties.
*
*
* This operation is part of the Custom Key Store
* feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the
* isolation and control of a single-tenant key store.
*
*
* @param updateCustomKeyStoreRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the UpdateCustomKeyStore operation returned by the service.
* @sample AWSKMSAsyncHandler.UpdateCustomKeyStore
* @see AWS API
* Documentation
*/
java.util.concurrent.Future updateCustomKeyStoreAsync(UpdateCustomKeyStoreRequest updateCustomKeyStoreRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
/**
*
* Updates the description of a customer master key (CMK). To see the decription of a CMK, use DescribeKey.
*
*
* You cannot perform this operation on a CMK in a different AWS account.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param updateKeyDescriptionRequest
* @return A Java Future containing the result of the UpdateKeyDescription operation returned by the service.
* @sample AWSKMSAsync.UpdateKeyDescription
* @see AWS API
* Documentation
*/
java.util.concurrent.Future updateKeyDescriptionAsync(UpdateKeyDescriptionRequest updateKeyDescriptionRequest);
/**
*
* Updates the description of a customer master key (CMK). To see the decription of a CMK, use DescribeKey.
*
*
* You cannot perform this operation on a CMK in a different AWS account.
*
*
* The result of this operation varies with the key state of the CMK. For details, see How Key State Affects Use of a
* Customer Master Key in the AWS Key Management Service Developer Guide.
*
*
* @param updateKeyDescriptionRequest
* @param asyncHandler
* Asynchronous callback handler for events in the lifecycle of the request. Users can provide an
* implementation of the callback methods in this interface to receive notification of successful or
* unsuccessful completion of the operation.
* @return A Java Future containing the result of the UpdateKeyDescription operation returned by the service.
* @sample AWSKMSAsyncHandler.UpdateKeyDescription
* @see AWS API
* Documentation
*/
java.util.concurrent.Future updateKeyDescriptionAsync(UpdateKeyDescriptionRequest updateKeyDescriptionRequest,
com.amazonaws.handlers.AsyncHandler asyncHandler);
}