com.amazonaws.services.kms.model.CreateKeyRequest Maven / Gradle / Ivy
/*
* Copyright 2015-2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.kms.model;
import java.io.Serializable;
import javax.annotation.Generated;
import com.amazonaws.AmazonWebServiceRequest;
/**
*
* @see AWS API
* Documentation
*/
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class CreateKeyRequest extends com.amazonaws.AmazonWebServiceRequest implements Serializable, Cloneable {
/**
*
* The key policy to attach to the CMK.
*
*
* If you provide a key policy, it must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy must allow the principal
* that is making the CreateKey request to make a subsequent PutKeyPolicy request on the CMK.
* This reduces the risk that the CMK becomes unmanageable. For more information, refer to the scenario in the Default Key Policy section of the AWS Key Management Service Developer Guide .
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy must exist
* and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or role), you might need
* to enforce a delay before including the new principal in a key policy because the new principal might not be
* immediately visible to AWS KMS. For more information, see Changes that I make are not always immediately visible in the AWS Identity and Access Management User
* Guide.
*
*
*
*
* If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK. For more information, see
* Default Key
* Policy in the AWS Key Management Service Developer Guide.
*
*
* The key policy size limit is 32 kilobytes (32768 bytes).
*
*/
private String policy;
/**
*
* A description of the CMK.
*
*
* Use a description that helps you decide whether the CMK is appropriate for a task.
*
*/
private String description;
/**
*
* Determines the cryptographic operations for which you can use the CMK. The default value is
* ENCRYPT_DECRYPT. This parameter is required only for asymmetric CMKs. You can't change the
* KeyUsage value after the CMK is created.
*
*
* Select only one valid value.
*
*
* -
*
* For symmetric CMKs, omit the parameter or specify ENCRYPT_DECRYPT.
*
*
* -
*
* For asymmetric CMKs with RSA key material, specify ENCRYPT_DECRYPT or SIGN_VERIFY.
*
*
* -
*
* For asymmetric CMKs with ECC key material, specify SIGN_VERIFY.
*
*
*
*/
private String keyUsage;
/**
*
* Specifies the type of CMK to create. The CustomerMasterKeySpec determines whether the CMK contains a
* symmetric key or an asymmetric key pair. It also determines the encryption algorithms or signing algorithms that
* the CMK supports. You can't change the CustomerMasterKeySpec after the CMK is created. To further
* restrict the algorithms that can be used with the CMK, use its key policy or IAM policy.
*
*
* For help with choosing a key spec for your CMK, see Selecting a
* Customer Master Key Spec in the AWS Key Management Service Developer Guide.
*
*
* The default value, SYMMETRIC_DEFAULT, creates a CMK with a 256-bit symmetric key.
*
*
* AWS KMS supports the following key specs for CMKs:
*
*
* -
*
* Symmetric key (default)
*
*
* -
*
* SYMMETRIC_DEFAULT (AES-256-GCM)
*
*
*
*
* -
*
* Asymmetric RSA key pairs
*
*
* -
*
* RSA_2048
*
*
* -
*
* RSA_3072
*
*
* -
*
* RSA_4096
*
*
*
*
* -
*
* Asymmetric NIST-recommended elliptic curve key pairs
*
*
* -
*
* ECC_NIST_P256 (secp256r1)
*
*
* -
*
* ECC_NIST_P384 (secp384r1)
*
*
* -
*
* ECC_NIST_P521 (secp521r1)
*
*
*
*
* -
*
* Other asymmetric elliptic curve key pairs
*
*
* -
*
* ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.
*
*
*
*
*
*/
private String customerMasterKeySpec;
/**
*
* The source of the key material for the CMK. You cannot change the origin after you create the CMK. The default is
* AWS_KMS, which means AWS KMS creates the key material.
*
*
* When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material so that you can
* import key material from your existing key management infrastructure. For more information about importing key
* material into AWS KMS, see Importing Key Material in
* the AWS Key Management Service Developer Guide. This value is valid only for symmetric CMKs.
*
*
* When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS KMS custom key store
* and creates its key material in the associated AWS CloudHSM cluster. You must also use the
* CustomKeyStoreId parameter to identify the custom key store. This value is valid only for symmetric
* CMKs.
*
*/
private String origin;
/**
*
* Creates the CMK in the specified custom key store
* and the key material in its associated AWS CloudHSM cluster. To create a CMK in a custom key store, you must also
* specify the Origin parameter with a value of AWS_CLOUDHSM. The AWS CloudHSM cluster
* that is associated with the custom key store must have at least two active HSMs, each in a different Availability
* Zone in the Region.
*
*
* This parameter is valid only for symmetric CMKs. You cannot create an asymmetric CMK in a custom key store.
*
*
* To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
*
*
* The response includes the custom key store ID and the ID of the AWS CloudHSM cluster.
*
*
* This operation is part of the Custom Key Store
* feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the
* isolation and control of a single-tenant key store.
*
*/
private String customKeyStoreId;
/**
*
* A flag to indicate whether to bypass the key policy lockout safety check.
*
*
*
* Setting this value to true increases the risk that the CMK becomes unmanageable. Do not set this value to true
* indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide .
*
*
*
* Use this parameter only when you include a policy in the request and you intend to prevent the principal that is
* making the request from making a subsequent PutKeyPolicy request on the CMK.
*
*
* The default value is false.
*
*/
private Boolean bypassPolicyLockoutSafetyCheck;
/**
*
* One or more tags. Each tag consists of a tag key and a tag value. Both the tag key and the tag value are
* required, but the tag value can be an empty (null) string.
*
*
* When you add tags to an AWS resource, AWS generates a cost allocation report with usage and costs aggregated by
* tags. For information about adding, changing, deleting and listing tags for CMKs, see Tagging Keys.
*
*
* Use this parameter to tag the CMK when it is created. To add tags to an existing CMK, use the TagResource
* operation.
*
*/
private com.amazonaws.internal.SdkInternalList tags;
/**
*
* The key policy to attach to the CMK.
*
*
* If you provide a key policy, it must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy must allow the principal
* that is making the CreateKey request to make a subsequent PutKeyPolicy request on the CMK.
* This reduces the risk that the CMK becomes unmanageable. For more information, refer to the scenario in the Default Key Policy section of the AWS Key Management Service Developer Guide .
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy must exist
* and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or role), you might need
* to enforce a delay before including the new principal in a key policy because the new principal might not be
* immediately visible to AWS KMS. For more information, see Changes that I make are not always immediately visible in the AWS Identity and Access Management User
* Guide.
*
*
*
*
* If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK. For more information, see
* Default Key
* Policy in the AWS Key Management Service Developer Guide.
*
*
* The key policy size limit is 32 kilobytes (32768 bytes).
*
*
* @param policy
* The key policy to attach to the CMK.
*
* If you provide a key policy, it must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy must allow the
* principal that is making the CreateKey request to make a subsequent PutKeyPolicy
* request on the CMK. This reduces the risk that the CMK becomes unmanageable. For more information, refer
* to the scenario in the Default Key Policy section of the AWS Key Management Service Developer Guide .
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy
* must exist and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or
* role), you might need to enforce a delay before including the new principal in a key policy because the
* new principal might not be immediately visible to AWS KMS. For more information, see Changes that I make are not always immediately visible in the AWS Identity and Access Management
* User Guide.
*
*
*
*
* If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK. For more
* information, see Default
* Key Policy in the AWS Key Management Service Developer Guide.
*
*
* The key policy size limit is 32 kilobytes (32768 bytes).
*/
public void setPolicy(String policy) {
this.policy = policy;
}
/**
*
* The key policy to attach to the CMK.
*
*
* If you provide a key policy, it must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy must allow the principal
* that is making the CreateKey request to make a subsequent PutKeyPolicy request on the CMK.
* This reduces the risk that the CMK becomes unmanageable. For more information, refer to the scenario in the Default Key Policy section of the AWS Key Management Service Developer Guide .
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy must exist
* and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or role), you might need
* to enforce a delay before including the new principal in a key policy because the new principal might not be
* immediately visible to AWS KMS. For more information, see Changes that I make are not always immediately visible in the AWS Identity and Access Management User
* Guide.
*
*
*
*
* If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK. For more information, see
* Default Key
* Policy in the AWS Key Management Service Developer Guide.
*
*
* The key policy size limit is 32 kilobytes (32768 bytes).
*
*
* @return The key policy to attach to the CMK.
*
* If you provide a key policy, it must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy must allow the
* principal that is making the CreateKey request to make a subsequent PutKeyPolicy
* request on the CMK. This reduces the risk that the CMK becomes unmanageable. For more information, refer
* to the scenario in the Default Key Policy section of the AWS Key Management Service Developer Guide .
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy
* must exist and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or
* role), you might need to enforce a delay before including the new principal in a key policy because the
* new principal might not be immediately visible to AWS KMS. For more information, see Changes that I make are not always immediately visible in the AWS Identity and Access Management
* User Guide.
*
*
*
*
* If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK. For more
* information, see Default
* Key Policy in the AWS Key Management Service Developer Guide.
*
*
* The key policy size limit is 32 kilobytes (32768 bytes).
*/
public String getPolicy() {
return this.policy;
}
/**
*
* The key policy to attach to the CMK.
*
*
* If you provide a key policy, it must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy must allow the principal
* that is making the CreateKey request to make a subsequent PutKeyPolicy request on the CMK.
* This reduces the risk that the CMK becomes unmanageable. For more information, refer to the scenario in the Default Key Policy section of the AWS Key Management Service Developer Guide .
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy must exist
* and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or role), you might need
* to enforce a delay before including the new principal in a key policy because the new principal might not be
* immediately visible to AWS KMS. For more information, see Changes that I make are not always immediately visible in the AWS Identity and Access Management User
* Guide.
*
*
*
*
* If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK. For more information, see
* Default Key
* Policy in the AWS Key Management Service Developer Guide.
*
*
* The key policy size limit is 32 kilobytes (32768 bytes).
*
*
* @param policy
* The key policy to attach to the CMK.
*
* If you provide a key policy, it must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy must allow the
* principal that is making the CreateKey request to make a subsequent PutKeyPolicy
* request on the CMK. This reduces the risk that the CMK becomes unmanageable. For more information, refer
* to the scenario in the Default Key Policy section of the AWS Key Management Service Developer Guide .
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy
* must exist and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or
* role), you might need to enforce a delay before including the new principal in a key policy because the
* new principal might not be immediately visible to AWS KMS. For more information, see Changes that I make are not always immediately visible in the AWS Identity and Access Management
* User Guide.
*
*
*
*
* If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK. For more
* information, see Default
* Key Policy in the AWS Key Management Service Developer Guide.
*
*
* The key policy size limit is 32 kilobytes (32768 bytes).
* @return Returns a reference to this object so that method calls can be chained together.
*/
public CreateKeyRequest withPolicy(String policy) {
setPolicy(policy);
return this;
}
/**
*
* A description of the CMK.
*
*
* Use a description that helps you decide whether the CMK is appropriate for a task.
*
*
* @param description
* A description of the CMK.
*
* Use a description that helps you decide whether the CMK is appropriate for a task.
*/
public void setDescription(String description) {
this.description = description;
}
/**
*
* A description of the CMK.
*
*
* Use a description that helps you decide whether the CMK is appropriate for a task.
*
*
* @return A description of the CMK.
*
* Use a description that helps you decide whether the CMK is appropriate for a task.
*/
public String getDescription() {
return this.description;
}
/**
*
* A description of the CMK.
*
*
* Use a description that helps you decide whether the CMK is appropriate for a task.
*
*
* @param description
* A description of the CMK.
*
* Use a description that helps you decide whether the CMK is appropriate for a task.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public CreateKeyRequest withDescription(String description) {
setDescription(description);
return this;
}
/**
*
* Determines the cryptographic operations for which you can use the CMK. The default value is
* ENCRYPT_DECRYPT. This parameter is required only for asymmetric CMKs. You can't change the
* KeyUsage value after the CMK is created.
*
*
* Select only one valid value.
*
*
* -
*
* For symmetric CMKs, omit the parameter or specify ENCRYPT_DECRYPT.
*
*
* -
*
* For asymmetric CMKs with RSA key material, specify ENCRYPT_DECRYPT or SIGN_VERIFY.
*
*
* -
*
* For asymmetric CMKs with ECC key material, specify SIGN_VERIFY.
*
*
*
*
* @param keyUsage
* Determines the cryptographic operations for which you can use the CMK. The default value is
* ENCRYPT_DECRYPT. This parameter is required only for asymmetric CMKs. You can't change the
* KeyUsage value after the CMK is created.
*
* Select only one valid value.
*
*
* -
*
* For symmetric CMKs, omit the parameter or specify ENCRYPT_DECRYPT.
*
*
* -
*
* For asymmetric CMKs with RSA key material, specify ENCRYPT_DECRYPT or
* SIGN_VERIFY.
*
*
* -
*
* For asymmetric CMKs with ECC key material, specify SIGN_VERIFY.
*
*
* @see KeyUsageType
*/
public void setKeyUsage(String keyUsage) {
this.keyUsage = keyUsage;
}
/**
*
* Determines the cryptographic operations for which you can use the CMK. The default value is
* ENCRYPT_DECRYPT. This parameter is required only for asymmetric CMKs. You can't change the
* KeyUsage value after the CMK is created.
*
*
* Select only one valid value.
*
*
* -
*
* For symmetric CMKs, omit the parameter or specify ENCRYPT_DECRYPT.
*
*
* -
*
* For asymmetric CMKs with RSA key material, specify ENCRYPT_DECRYPT or SIGN_VERIFY.
*
*
* -
*
* For asymmetric CMKs with ECC key material, specify SIGN_VERIFY.
*
*
*
*
* @return Determines the cryptographic operations for which you can use the CMK. The default value is
* ENCRYPT_DECRYPT. This parameter is required only for asymmetric CMKs. You can't change the
* KeyUsage value after the CMK is created.
*
* Select only one valid value.
*
*
* -
*
* For symmetric CMKs, omit the parameter or specify ENCRYPT_DECRYPT.
*
*
* -
*
* For asymmetric CMKs with RSA key material, specify ENCRYPT_DECRYPT or
* SIGN_VERIFY.
*
*
* -
*
* For asymmetric CMKs with ECC key material, specify SIGN_VERIFY.
*
*
* @see KeyUsageType
*/
public String getKeyUsage() {
return this.keyUsage;
}
/**
*
* Determines the cryptographic operations for which you can use the CMK. The default value is
* ENCRYPT_DECRYPT. This parameter is required only for asymmetric CMKs. You can't change the
* KeyUsage value after the CMK is created.
*
*
* Select only one valid value.
*
*
* -
*
* For symmetric CMKs, omit the parameter or specify ENCRYPT_DECRYPT.
*
*
* -
*
* For asymmetric CMKs with RSA key material, specify ENCRYPT_DECRYPT or SIGN_VERIFY.
*
*
* -
*
* For asymmetric CMKs with ECC key material, specify SIGN_VERIFY.
*
*
*
*
* @param keyUsage
* Determines the cryptographic operations for which you can use the CMK. The default value is
* ENCRYPT_DECRYPT. This parameter is required only for asymmetric CMKs. You can't change the
* KeyUsage value after the CMK is created.
*
* Select only one valid value.
*
*
* -
*
* For symmetric CMKs, omit the parameter or specify ENCRYPT_DECRYPT.
*
*
* -
*
* For asymmetric CMKs with RSA key material, specify ENCRYPT_DECRYPT or
* SIGN_VERIFY.
*
*
* -
*
* For asymmetric CMKs with ECC key material, specify SIGN_VERIFY.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see KeyUsageType
*/
public CreateKeyRequest withKeyUsage(String keyUsage) {
setKeyUsage(keyUsage);
return this;
}
/**
*
* Determines the cryptographic operations for which you can use the CMK. The default value is
* ENCRYPT_DECRYPT. This parameter is required only for asymmetric CMKs. You can't change the
* KeyUsage value after the CMK is created.
*
*
* Select only one valid value.
*
*
* -
*
* For symmetric CMKs, omit the parameter or specify ENCRYPT_DECRYPT.
*
*
* -
*
* For asymmetric CMKs with RSA key material, specify ENCRYPT_DECRYPT or SIGN_VERIFY.
*
*
* -
*
* For asymmetric CMKs with ECC key material, specify SIGN_VERIFY.
*
*
*
*
* @param keyUsage
* Determines the cryptographic operations for which you can use the CMK. The default value is
* ENCRYPT_DECRYPT. This parameter is required only for asymmetric CMKs. You can't change the
* KeyUsage value after the CMK is created.
*
* Select only one valid value.
*
*
* -
*
* For symmetric CMKs, omit the parameter or specify ENCRYPT_DECRYPT.
*
*
* -
*
* For asymmetric CMKs with RSA key material, specify ENCRYPT_DECRYPT or
* SIGN_VERIFY.
*
*
* -
*
* For asymmetric CMKs with ECC key material, specify SIGN_VERIFY.
*
*
* @see KeyUsageType
*/
public void setKeyUsage(KeyUsageType keyUsage) {
withKeyUsage(keyUsage);
}
/**
*
* Determines the cryptographic operations for which you can use the CMK. The default value is
* ENCRYPT_DECRYPT. This parameter is required only for asymmetric CMKs. You can't change the
* KeyUsage value after the CMK is created.
*
*
* Select only one valid value.
*
*
* -
*
* For symmetric CMKs, omit the parameter or specify ENCRYPT_DECRYPT.
*
*
* -
*
* For asymmetric CMKs with RSA key material, specify ENCRYPT_DECRYPT or SIGN_VERIFY.
*
*
* -
*
* For asymmetric CMKs with ECC key material, specify SIGN_VERIFY.
*
*
*
*
* @param keyUsage
* Determines the cryptographic operations for which you can use the CMK. The default value is
* ENCRYPT_DECRYPT. This parameter is required only for asymmetric CMKs. You can't change the
* KeyUsage value after the CMK is created.
*
* Select only one valid value.
*
*
* -
*
* For symmetric CMKs, omit the parameter or specify ENCRYPT_DECRYPT.
*
*
* -
*
* For asymmetric CMKs with RSA key material, specify ENCRYPT_DECRYPT or
* SIGN_VERIFY.
*
*
* -
*
* For asymmetric CMKs with ECC key material, specify SIGN_VERIFY.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see KeyUsageType
*/
public CreateKeyRequest withKeyUsage(KeyUsageType keyUsage) {
this.keyUsage = keyUsage.toString();
return this;
}
/**
*
* Specifies the type of CMK to create. The CustomerMasterKeySpec determines whether the CMK contains a
* symmetric key or an asymmetric key pair. It also determines the encryption algorithms or signing algorithms that
* the CMK supports. You can't change the CustomerMasterKeySpec after the CMK is created. To further
* restrict the algorithms that can be used with the CMK, use its key policy or IAM policy.
*
*
* For help with choosing a key spec for your CMK, see Selecting a
* Customer Master Key Spec in the AWS Key Management Service Developer Guide.
*
*
* The default value, SYMMETRIC_DEFAULT, creates a CMK with a 256-bit symmetric key.
*
*
* AWS KMS supports the following key specs for CMKs:
*
*
* -
*
* Symmetric key (default)
*
*
* -
*
* SYMMETRIC_DEFAULT (AES-256-GCM)
*
*
*
*
* -
*
* Asymmetric RSA key pairs
*
*
* -
*
* RSA_2048
*
*
* -
*
* RSA_3072
*
*
* -
*
* RSA_4096
*
*
*
*
* -
*
* Asymmetric NIST-recommended elliptic curve key pairs
*
*
* -
*
* ECC_NIST_P256 (secp256r1)
*
*
* -
*
* ECC_NIST_P384 (secp384r1)
*
*
* -
*
* ECC_NIST_P521 (secp521r1)
*
*
*
*
* -
*
* Other asymmetric elliptic curve key pairs
*
*
* -
*
* ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.
*
*
*
*
*
*
* @param customerMasterKeySpec
* Specifies the type of CMK to create. The CustomerMasterKeySpec determines whether the CMK
* contains a symmetric key or an asymmetric key pair. It also determines the encryption algorithms or
* signing algorithms that the CMK supports. You can't change the CustomerMasterKeySpec after
* the CMK is created. To further restrict the algorithms that can be used with the CMK, use its key policy
* or IAM policy.
*
* For help with choosing a key spec for your CMK, see Selecting a Customer Master Key Spec in the AWS Key Management Service Developer Guide.
*
*
* The default value, SYMMETRIC_DEFAULT, creates a CMK with a 256-bit symmetric key.
*
*
* AWS KMS supports the following key specs for CMKs:
*
*
* -
*
* Symmetric key (default)
*
*
* -
*
* SYMMETRIC_DEFAULT (AES-256-GCM)
*
*
*
*
* -
*
* Asymmetric RSA key pairs
*
*
* -
*
* RSA_2048
*
*
* -
*
* RSA_3072
*
*
* -
*
* RSA_4096
*
*
*
*
* -
*
* Asymmetric NIST-recommended elliptic curve key pairs
*
*
* -
*
* ECC_NIST_P256 (secp256r1)
*
*
* -
*
* ECC_NIST_P384 (secp384r1)
*
*
* -
*
* ECC_NIST_P521 (secp521r1)
*
*
*
*
* -
*
* Other asymmetric elliptic curve key pairs
*
*
* -
*
* ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.
*
*
*
*
* @see CustomerMasterKeySpec
*/
public void setCustomerMasterKeySpec(String customerMasterKeySpec) {
this.customerMasterKeySpec = customerMasterKeySpec;
}
/**
*
* Specifies the type of CMK to create. The CustomerMasterKeySpec determines whether the CMK contains a
* symmetric key or an asymmetric key pair. It also determines the encryption algorithms or signing algorithms that
* the CMK supports. You can't change the CustomerMasterKeySpec after the CMK is created. To further
* restrict the algorithms that can be used with the CMK, use its key policy or IAM policy.
*
*
* For help with choosing a key spec for your CMK, see Selecting a
* Customer Master Key Spec in the AWS Key Management Service Developer Guide.
*
*
* The default value, SYMMETRIC_DEFAULT, creates a CMK with a 256-bit symmetric key.
*
*
* AWS KMS supports the following key specs for CMKs:
*
*
* -
*
* Symmetric key (default)
*
*
* -
*
* SYMMETRIC_DEFAULT (AES-256-GCM)
*
*
*
*
* -
*
* Asymmetric RSA key pairs
*
*
* -
*
* RSA_2048
*
*
* -
*
* RSA_3072
*
*
* -
*
* RSA_4096
*
*
*
*
* -
*
* Asymmetric NIST-recommended elliptic curve key pairs
*
*
* -
*
* ECC_NIST_P256 (secp256r1)
*
*
* -
*
* ECC_NIST_P384 (secp384r1)
*
*
* -
*
* ECC_NIST_P521 (secp521r1)
*
*
*
*
* -
*
* Other asymmetric elliptic curve key pairs
*
*
* -
*
* ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.
*
*
*
*
*
*
* @return Specifies the type of CMK to create. The CustomerMasterKeySpec determines whether the CMK
* contains a symmetric key or an asymmetric key pair. It also determines the encryption algorithms or
* signing algorithms that the CMK supports. You can't change the CustomerMasterKeySpec after
* the CMK is created. To further restrict the algorithms that can be used with the CMK, use its key policy
* or IAM policy.
*
* For help with choosing a key spec for your CMK, see Selecting a Customer Master Key Spec in the AWS Key Management Service Developer Guide.
*
*
* The default value, SYMMETRIC_DEFAULT, creates a CMK with a 256-bit symmetric key.
*
*
* AWS KMS supports the following key specs for CMKs:
*
*
* -
*
* Symmetric key (default)
*
*
* -
*
* SYMMETRIC_DEFAULT (AES-256-GCM)
*
*
*
*
* -
*
* Asymmetric RSA key pairs
*
*
* -
*
* RSA_2048
*
*
* -
*
* RSA_3072
*
*
* -
*
* RSA_4096
*
*
*
*
* -
*
* Asymmetric NIST-recommended elliptic curve key pairs
*
*
* -
*
* ECC_NIST_P256 (secp256r1)
*
*
* -
*
* ECC_NIST_P384 (secp384r1)
*
*
* -
*
* ECC_NIST_P521 (secp521r1)
*
*
*
*
* -
*
* Other asymmetric elliptic curve key pairs
*
*
* -
*
* ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.
*
*
*
*
* @see CustomerMasterKeySpec
*/
public String getCustomerMasterKeySpec() {
return this.customerMasterKeySpec;
}
/**
*
* Specifies the type of CMK to create. The CustomerMasterKeySpec determines whether the CMK contains a
* symmetric key or an asymmetric key pair. It also determines the encryption algorithms or signing algorithms that
* the CMK supports. You can't change the CustomerMasterKeySpec after the CMK is created. To further
* restrict the algorithms that can be used with the CMK, use its key policy or IAM policy.
*
*
* For help with choosing a key spec for your CMK, see Selecting a
* Customer Master Key Spec in the AWS Key Management Service Developer Guide.
*
*
* The default value, SYMMETRIC_DEFAULT, creates a CMK with a 256-bit symmetric key.
*
*
* AWS KMS supports the following key specs for CMKs:
*
*
* -
*
* Symmetric key (default)
*
*
* -
*
* SYMMETRIC_DEFAULT (AES-256-GCM)
*
*
*
*
* -
*
* Asymmetric RSA key pairs
*
*
* -
*
* RSA_2048
*
*
* -
*
* RSA_3072
*
*
* -
*
* RSA_4096
*
*
*
*
* -
*
* Asymmetric NIST-recommended elliptic curve key pairs
*
*
* -
*
* ECC_NIST_P256 (secp256r1)
*
*
* -
*
* ECC_NIST_P384 (secp384r1)
*
*
* -
*
* ECC_NIST_P521 (secp521r1)
*
*
*
*
* -
*
* Other asymmetric elliptic curve key pairs
*
*
* -
*
* ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.
*
*
*
*
*
*
* @param customerMasterKeySpec
* Specifies the type of CMK to create. The CustomerMasterKeySpec determines whether the CMK
* contains a symmetric key or an asymmetric key pair. It also determines the encryption algorithms or
* signing algorithms that the CMK supports. You can't change the CustomerMasterKeySpec after
* the CMK is created. To further restrict the algorithms that can be used with the CMK, use its key policy
* or IAM policy.
*
* For help with choosing a key spec for your CMK, see Selecting a Customer Master Key Spec in the AWS Key Management Service Developer Guide.
*
*
* The default value, SYMMETRIC_DEFAULT, creates a CMK with a 256-bit symmetric key.
*
*
* AWS KMS supports the following key specs for CMKs:
*
*
* -
*
* Symmetric key (default)
*
*
* -
*
* SYMMETRIC_DEFAULT (AES-256-GCM)
*
*
*
*
* -
*
* Asymmetric RSA key pairs
*
*
* -
*
* RSA_2048
*
*
* -
*
* RSA_3072
*
*
* -
*
* RSA_4096
*
*
*
*
* -
*
* Asymmetric NIST-recommended elliptic curve key pairs
*
*
* -
*
* ECC_NIST_P256 (secp256r1)
*
*
* -
*
* ECC_NIST_P384 (secp384r1)
*
*
* -
*
* ECC_NIST_P521 (secp521r1)
*
*
*
*
* -
*
* Other asymmetric elliptic curve key pairs
*
*
* -
*
* ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.
*
*
*
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see CustomerMasterKeySpec
*/
public CreateKeyRequest withCustomerMasterKeySpec(String customerMasterKeySpec) {
setCustomerMasterKeySpec(customerMasterKeySpec);
return this;
}
/**
*
* Specifies the type of CMK to create. The CustomerMasterKeySpec determines whether the CMK contains a
* symmetric key or an asymmetric key pair. It also determines the encryption algorithms or signing algorithms that
* the CMK supports. You can't change the CustomerMasterKeySpec after the CMK is created. To further
* restrict the algorithms that can be used with the CMK, use its key policy or IAM policy.
*
*
* For help with choosing a key spec for your CMK, see Selecting a
* Customer Master Key Spec in the AWS Key Management Service Developer Guide.
*
*
* The default value, SYMMETRIC_DEFAULT, creates a CMK with a 256-bit symmetric key.
*
*
* AWS KMS supports the following key specs for CMKs:
*
*
* -
*
* Symmetric key (default)
*
*
* -
*
* SYMMETRIC_DEFAULT (AES-256-GCM)
*
*
*
*
* -
*
* Asymmetric RSA key pairs
*
*
* -
*
* RSA_2048
*
*
* -
*
* RSA_3072
*
*
* -
*
* RSA_4096
*
*
*
*
* -
*
* Asymmetric NIST-recommended elliptic curve key pairs
*
*
* -
*
* ECC_NIST_P256 (secp256r1)
*
*
* -
*
* ECC_NIST_P384 (secp384r1)
*
*
* -
*
* ECC_NIST_P521 (secp521r1)
*
*
*
*
* -
*
* Other asymmetric elliptic curve key pairs
*
*
* -
*
* ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.
*
*
*
*
*
*
* @param customerMasterKeySpec
* Specifies the type of CMK to create. The CustomerMasterKeySpec determines whether the CMK
* contains a symmetric key or an asymmetric key pair. It also determines the encryption algorithms or
* signing algorithms that the CMK supports. You can't change the CustomerMasterKeySpec after
* the CMK is created. To further restrict the algorithms that can be used with the CMK, use its key policy
* or IAM policy.
*
* For help with choosing a key spec for your CMK, see Selecting a Customer Master Key Spec in the AWS Key Management Service Developer Guide.
*
*
* The default value, SYMMETRIC_DEFAULT, creates a CMK with a 256-bit symmetric key.
*
*
* AWS KMS supports the following key specs for CMKs:
*
*
* -
*
* Symmetric key (default)
*
*
* -
*
* SYMMETRIC_DEFAULT (AES-256-GCM)
*
*
*
*
* -
*
* Asymmetric RSA key pairs
*
*
* -
*
* RSA_2048
*
*
* -
*
* RSA_3072
*
*
* -
*
* RSA_4096
*
*
*
*
* -
*
* Asymmetric NIST-recommended elliptic curve key pairs
*
*
* -
*
* ECC_NIST_P256 (secp256r1)
*
*
* -
*
* ECC_NIST_P384 (secp384r1)
*
*
* -
*
* ECC_NIST_P521 (secp521r1)
*
*
*
*
* -
*
* Other asymmetric elliptic curve key pairs
*
*
* -
*
* ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.
*
*
*
*
* @see CustomerMasterKeySpec
*/
public void setCustomerMasterKeySpec(CustomerMasterKeySpec customerMasterKeySpec) {
withCustomerMasterKeySpec(customerMasterKeySpec);
}
/**
*
* Specifies the type of CMK to create. The CustomerMasterKeySpec determines whether the CMK contains a
* symmetric key or an asymmetric key pair. It also determines the encryption algorithms or signing algorithms that
* the CMK supports. You can't change the CustomerMasterKeySpec after the CMK is created. To further
* restrict the algorithms that can be used with the CMK, use its key policy or IAM policy.
*
*
* For help with choosing a key spec for your CMK, see Selecting a
* Customer Master Key Spec in the AWS Key Management Service Developer Guide.
*
*
* The default value, SYMMETRIC_DEFAULT, creates a CMK with a 256-bit symmetric key.
*
*
* AWS KMS supports the following key specs for CMKs:
*
*
* -
*
* Symmetric key (default)
*
*
* -
*
* SYMMETRIC_DEFAULT (AES-256-GCM)
*
*
*
*
* -
*
* Asymmetric RSA key pairs
*
*
* -
*
* RSA_2048
*
*
* -
*
* RSA_3072
*
*
* -
*
* RSA_4096
*
*
*
*
* -
*
* Asymmetric NIST-recommended elliptic curve key pairs
*
*
* -
*
* ECC_NIST_P256 (secp256r1)
*
*
* -
*
* ECC_NIST_P384 (secp384r1)
*
*
* -
*
* ECC_NIST_P521 (secp521r1)
*
*
*
*
* -
*
* Other asymmetric elliptic curve key pairs
*
*
* -
*
* ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.
*
*
*
*
*
*
* @param customerMasterKeySpec
* Specifies the type of CMK to create. The CustomerMasterKeySpec determines whether the CMK
* contains a symmetric key or an asymmetric key pair. It also determines the encryption algorithms or
* signing algorithms that the CMK supports. You can't change the CustomerMasterKeySpec after
* the CMK is created. To further restrict the algorithms that can be used with the CMK, use its key policy
* or IAM policy.
*
* For help with choosing a key spec for your CMK, see Selecting a Customer Master Key Spec in the AWS Key Management Service Developer Guide.
*
*
* The default value, SYMMETRIC_DEFAULT, creates a CMK with a 256-bit symmetric key.
*
*
* AWS KMS supports the following key specs for CMKs:
*
*
* -
*
* Symmetric key (default)
*
*
* -
*
* SYMMETRIC_DEFAULT (AES-256-GCM)
*
*
*
*
* -
*
* Asymmetric RSA key pairs
*
*
* -
*
* RSA_2048
*
*
* -
*
* RSA_3072
*
*
* -
*
* RSA_4096
*
*
*
*
* -
*
* Asymmetric NIST-recommended elliptic curve key pairs
*
*
* -
*
* ECC_NIST_P256 (secp256r1)
*
*
* -
*
* ECC_NIST_P384 (secp384r1)
*
*
* -
*
* ECC_NIST_P521 (secp521r1)
*
*
*
*
* -
*
* Other asymmetric elliptic curve key pairs
*
*
* -
*
* ECC_SECG_P256K1 (secp256k1), commonly used for cryptocurrencies.
*
*
*
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see CustomerMasterKeySpec
*/
public CreateKeyRequest withCustomerMasterKeySpec(CustomerMasterKeySpec customerMasterKeySpec) {
this.customerMasterKeySpec = customerMasterKeySpec.toString();
return this;
}
/**
*
* The source of the key material for the CMK. You cannot change the origin after you create the CMK. The default is
* AWS_KMS, which means AWS KMS creates the key material.
*
*
* When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material so that you can
* import key material from your existing key management infrastructure. For more information about importing key
* material into AWS KMS, see Importing Key Material in
* the AWS Key Management Service Developer Guide. This value is valid only for symmetric CMKs.
*
*
* When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS KMS custom key store
* and creates its key material in the associated AWS CloudHSM cluster. You must also use the
* CustomKeyStoreId parameter to identify the custom key store. This value is valid only for symmetric
* CMKs.
*
*
* @param origin
* The source of the key material for the CMK. You cannot change the origin after you create the CMK. The
* default is AWS_KMS, which means AWS KMS creates the key material.
*
* When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material so that you
* can import key material from your existing key management infrastructure. For more information about
* importing key material into AWS KMS, see Importing Key
* Material in the AWS Key Management Service Developer Guide. This value is valid only for
* symmetric CMKs.
*
*
* When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS KMS custom key
* store and creates its key material in the associated AWS CloudHSM cluster. You must also use the
* CustomKeyStoreId parameter to identify the custom key store. This value is valid only for
* symmetric CMKs.
* @see OriginType
*/
public void setOrigin(String origin) {
this.origin = origin;
}
/**
*
* The source of the key material for the CMK. You cannot change the origin after you create the CMK. The default is
* AWS_KMS, which means AWS KMS creates the key material.
*
*
* When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material so that you can
* import key material from your existing key management infrastructure. For more information about importing key
* material into AWS KMS, see Importing Key Material in
* the AWS Key Management Service Developer Guide. This value is valid only for symmetric CMKs.
*
*
* When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS KMS custom key store
* and creates its key material in the associated AWS CloudHSM cluster. You must also use the
* CustomKeyStoreId parameter to identify the custom key store. This value is valid only for symmetric
* CMKs.
*
*
* @return The source of the key material for the CMK. You cannot change the origin after you create the CMK. The
* default is AWS_KMS, which means AWS KMS creates the key material.
*
* When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material so that you
* can import key material from your existing key management infrastructure. For more information about
* importing key material into AWS KMS, see Importing Key
* Material in the AWS Key Management Service Developer Guide. This value is valid only for
* symmetric CMKs.
*
*
* When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS KMS custom key
* store and creates its key material in the associated AWS CloudHSM cluster. You must also use the
* CustomKeyStoreId parameter to identify the custom key store. This value is valid only for
* symmetric CMKs.
* @see OriginType
*/
public String getOrigin() {
return this.origin;
}
/**
*
* The source of the key material for the CMK. You cannot change the origin after you create the CMK. The default is
* AWS_KMS, which means AWS KMS creates the key material.
*
*
* When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material so that you can
* import key material from your existing key management infrastructure. For more information about importing key
* material into AWS KMS, see Importing Key Material in
* the AWS Key Management Service Developer Guide. This value is valid only for symmetric CMKs.
*
*
* When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS KMS custom key store
* and creates its key material in the associated AWS CloudHSM cluster. You must also use the
* CustomKeyStoreId parameter to identify the custom key store. This value is valid only for symmetric
* CMKs.
*
*
* @param origin
* The source of the key material for the CMK. You cannot change the origin after you create the CMK. The
* default is AWS_KMS, which means AWS KMS creates the key material.
*
* When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material so that you
* can import key material from your existing key management infrastructure. For more information about
* importing key material into AWS KMS, see Importing Key
* Material in the AWS Key Management Service Developer Guide. This value is valid only for
* symmetric CMKs.
*
*
* When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS KMS custom key
* store and creates its key material in the associated AWS CloudHSM cluster. You must also use the
* CustomKeyStoreId parameter to identify the custom key store. This value is valid only for
* symmetric CMKs.
* @return Returns a reference to this object so that method calls can be chained together.
* @see OriginType
*/
public CreateKeyRequest withOrigin(String origin) {
setOrigin(origin);
return this;
}
/**
*
* The source of the key material for the CMK. You cannot change the origin after you create the CMK. The default is
* AWS_KMS, which means AWS KMS creates the key material.
*
*
* When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material so that you can
* import key material from your existing key management infrastructure. For more information about importing key
* material into AWS KMS, see Importing Key Material in
* the AWS Key Management Service Developer Guide. This value is valid only for symmetric CMKs.
*
*
* When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS KMS custom key store
* and creates its key material in the associated AWS CloudHSM cluster. You must also use the
* CustomKeyStoreId parameter to identify the custom key store. This value is valid only for symmetric
* CMKs.
*
*
* @param origin
* The source of the key material for the CMK. You cannot change the origin after you create the CMK. The
* default is AWS_KMS, which means AWS KMS creates the key material.
*
* When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material so that you
* can import key material from your existing key management infrastructure. For more information about
* importing key material into AWS KMS, see Importing Key
* Material in the AWS Key Management Service Developer Guide. This value is valid only for
* symmetric CMKs.
*
*
* When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS KMS custom key
* store and creates its key material in the associated AWS CloudHSM cluster. You must also use the
* CustomKeyStoreId parameter to identify the custom key store. This value is valid only for
* symmetric CMKs.
* @see OriginType
*/
public void setOrigin(OriginType origin) {
withOrigin(origin);
}
/**
*
* The source of the key material for the CMK. You cannot change the origin after you create the CMK. The default is
* AWS_KMS, which means AWS KMS creates the key material.
*
*
* When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material so that you can
* import key material from your existing key management infrastructure. For more information about importing key
* material into AWS KMS, see Importing Key Material in
* the AWS Key Management Service Developer Guide. This value is valid only for symmetric CMKs.
*
*
* When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS KMS custom key store
* and creates its key material in the associated AWS CloudHSM cluster. You must also use the
* CustomKeyStoreId parameter to identify the custom key store. This value is valid only for symmetric
* CMKs.
*
*
* @param origin
* The source of the key material for the CMK. You cannot change the origin after you create the CMK. The
* default is AWS_KMS, which means AWS KMS creates the key material.
*
* When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material so that you
* can import key material from your existing key management infrastructure. For more information about
* importing key material into AWS KMS, see Importing Key
* Material in the AWS Key Management Service Developer Guide. This value is valid only for
* symmetric CMKs.
*
*
* When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS KMS custom key
* store and creates its key material in the associated AWS CloudHSM cluster. You must also use the
* CustomKeyStoreId parameter to identify the custom key store. This value is valid only for
* symmetric CMKs.
* @return Returns a reference to this object so that method calls can be chained together.
* @see OriginType
*/
public CreateKeyRequest withOrigin(OriginType origin) {
this.origin = origin.toString();
return this;
}
/**
*
* Creates the CMK in the specified custom key store
* and the key material in its associated AWS CloudHSM cluster. To create a CMK in a custom key store, you must also
* specify the Origin parameter with a value of AWS_CLOUDHSM. The AWS CloudHSM cluster
* that is associated with the custom key store must have at least two active HSMs, each in a different Availability
* Zone in the Region.
*
*
* This parameter is valid only for symmetric CMKs. You cannot create an asymmetric CMK in a custom key store.
*
*
* To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
*
*
* The response includes the custom key store ID and the ID of the AWS CloudHSM cluster.
*
*
* This operation is part of the Custom Key Store
* feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the
* isolation and control of a single-tenant key store.
*
*
* @param customKeyStoreId
* Creates the CMK in the specified custom key
* store and the key material in its associated AWS CloudHSM cluster. To create a CMK in a custom key
* store, you must also specify the Origin parameter with a value of AWS_CLOUDHSM.
* The AWS CloudHSM cluster that is associated with the custom key store must have at least two active HSMs,
* each in a different Availability Zone in the Region.
*
* This parameter is valid only for symmetric CMKs. You cannot create an asymmetric CMK in a custom key
* store.
*
*
* To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
*
*
* The response includes the custom key store ID and the ID of the AWS CloudHSM cluster.
*
*
* This operation is part of the Custom Key
* Store feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS
* with the isolation and control of a single-tenant key store.
*/
public void setCustomKeyStoreId(String customKeyStoreId) {
this.customKeyStoreId = customKeyStoreId;
}
/**
*
* Creates the CMK in the specified custom key store
* and the key material in its associated AWS CloudHSM cluster. To create a CMK in a custom key store, you must also
* specify the Origin parameter with a value of AWS_CLOUDHSM. The AWS CloudHSM cluster
* that is associated with the custom key store must have at least two active HSMs, each in a different Availability
* Zone in the Region.
*
*
* This parameter is valid only for symmetric CMKs. You cannot create an asymmetric CMK in a custom key store.
*
*
* To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
*
*
* The response includes the custom key store ID and the ID of the AWS CloudHSM cluster.
*
*
* This operation is part of the Custom Key Store
* feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the
* isolation and control of a single-tenant key store.
*
*
* @return Creates the CMK in the specified custom key
* store and the key material in its associated AWS CloudHSM cluster. To create a CMK in a custom key
* store, you must also specify the Origin parameter with a value of AWS_CLOUDHSM.
* The AWS CloudHSM cluster that is associated with the custom key store must have at least two active HSMs,
* each in a different Availability Zone in the Region.
*
* This parameter is valid only for symmetric CMKs. You cannot create an asymmetric CMK in a custom key
* store.
*
*
* To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
*
*
* The response includes the custom key store ID and the ID of the AWS CloudHSM cluster.
*
*
* This operation is part of the Custom Key
* Store feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS
* with the isolation and control of a single-tenant key store.
*/
public String getCustomKeyStoreId() {
return this.customKeyStoreId;
}
/**
*
* Creates the CMK in the specified custom key store
* and the key material in its associated AWS CloudHSM cluster. To create a CMK in a custom key store, you must also
* specify the Origin parameter with a value of AWS_CLOUDHSM. The AWS CloudHSM cluster
* that is associated with the custom key store must have at least two active HSMs, each in a different Availability
* Zone in the Region.
*
*
* This parameter is valid only for symmetric CMKs. You cannot create an asymmetric CMK in a custom key store.
*
*
* To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
*
*
* The response includes the custom key store ID and the ID of the AWS CloudHSM cluster.
*
*
* This operation is part of the Custom Key Store
* feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the
* isolation and control of a single-tenant key store.
*
*
* @param customKeyStoreId
* Creates the CMK in the specified custom key
* store and the key material in its associated AWS CloudHSM cluster. To create a CMK in a custom key
* store, you must also specify the Origin parameter with a value of AWS_CLOUDHSM.
* The AWS CloudHSM cluster that is associated with the custom key store must have at least two active HSMs,
* each in a different Availability Zone in the Region.
*
* This parameter is valid only for symmetric CMKs. You cannot create an asymmetric CMK in a custom key
* store.
*
*
* To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
*
*
* The response includes the custom key store ID and the ID of the AWS CloudHSM cluster.
*
*
* This operation is part of the Custom Key
* Store feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS
* with the isolation and control of a single-tenant key store.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public CreateKeyRequest withCustomKeyStoreId(String customKeyStoreId) {
setCustomKeyStoreId(customKeyStoreId);
return this;
}
/**
*
* A flag to indicate whether to bypass the key policy lockout safety check.
*
*
*
* Setting this value to true increases the risk that the CMK becomes unmanageable. Do not set this value to true
* indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide .
*
*
*
* Use this parameter only when you include a policy in the request and you intend to prevent the principal that is
* making the request from making a subsequent PutKeyPolicy request on the CMK.
*
*
* The default value is false.
*
*
* @param bypassPolicyLockoutSafetyCheck
* A flag to indicate whether to bypass the key policy lockout safety check.
*
* Setting this value to true increases the risk that the CMK becomes unmanageable. Do not set this value to
* true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide .
*
*
*
* Use this parameter only when you include a policy in the request and you intend to prevent the principal
* that is making the request from making a subsequent PutKeyPolicy request on the CMK.
*
*
* The default value is false.
*/
public void setBypassPolicyLockoutSafetyCheck(Boolean bypassPolicyLockoutSafetyCheck) {
this.bypassPolicyLockoutSafetyCheck = bypassPolicyLockoutSafetyCheck;
}
/**
*
* A flag to indicate whether to bypass the key policy lockout safety check.
*
*
*
* Setting this value to true increases the risk that the CMK becomes unmanageable. Do not set this value to true
* indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide .
*
*
*
* Use this parameter only when you include a policy in the request and you intend to prevent the principal that is
* making the request from making a subsequent PutKeyPolicy request on the CMK.
*
*
* The default value is false.
*
*
* @return A flag to indicate whether to bypass the key policy lockout safety check.
*
* Setting this value to true increases the risk that the CMK becomes unmanageable. Do not set this value to
* true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide .
*
*
*
* Use this parameter only when you include a policy in the request and you intend to prevent the principal
* that is making the request from making a subsequent PutKeyPolicy request on the CMK.
*
*
* The default value is false.
*/
public Boolean getBypassPolicyLockoutSafetyCheck() {
return this.bypassPolicyLockoutSafetyCheck;
}
/**
*
* A flag to indicate whether to bypass the key policy lockout safety check.
*
*
*
* Setting this value to true increases the risk that the CMK becomes unmanageable. Do not set this value to true
* indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide .
*
*
*
* Use this parameter only when you include a policy in the request and you intend to prevent the principal that is
* making the request from making a subsequent PutKeyPolicy request on the CMK.
*
*
* The default value is false.
*
*
* @param bypassPolicyLockoutSafetyCheck
* A flag to indicate whether to bypass the key policy lockout safety check.
*
* Setting this value to true increases the risk that the CMK becomes unmanageable. Do not set this value to
* true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide .
*
*
*
* Use this parameter only when you include a policy in the request and you intend to prevent the principal
* that is making the request from making a subsequent PutKeyPolicy request on the CMK.
*
*
* The default value is false.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public CreateKeyRequest withBypassPolicyLockoutSafetyCheck(Boolean bypassPolicyLockoutSafetyCheck) {
setBypassPolicyLockoutSafetyCheck(bypassPolicyLockoutSafetyCheck);
return this;
}
/**
*
* A flag to indicate whether to bypass the key policy lockout safety check.
*
*
*
* Setting this value to true increases the risk that the CMK becomes unmanageable. Do not set this value to true
* indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide .
*
*
*
* Use this parameter only when you include a policy in the request and you intend to prevent the principal that is
* making the request from making a subsequent PutKeyPolicy request on the CMK.
*
*
* The default value is false.
*
*
* @return A flag to indicate whether to bypass the key policy lockout safety check.
*
* Setting this value to true increases the risk that the CMK becomes unmanageable. Do not set this value to
* true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide .
*
*
*
* Use this parameter only when you include a policy in the request and you intend to prevent the principal
* that is making the request from making a subsequent PutKeyPolicy request on the CMK.
*
*
* The default value is false.
*/
public Boolean isBypassPolicyLockoutSafetyCheck() {
return this.bypassPolicyLockoutSafetyCheck;
}
/**
*
* One or more tags. Each tag consists of a tag key and a tag value. Both the tag key and the tag value are
* required, but the tag value can be an empty (null) string.
*
*
* When you add tags to an AWS resource, AWS generates a cost allocation report with usage and costs aggregated by
* tags. For information about adding, changing, deleting and listing tags for CMKs, see Tagging Keys.
*
*
* Use this parameter to tag the CMK when it is created. To add tags to an existing CMK, use the TagResource
* operation.
*
*
* @return One or more tags. Each tag consists of a tag key and a tag value. Both the tag key and the tag value are
* required, but the tag value can be an empty (null) string.
*
* When you add tags to an AWS resource, AWS generates a cost allocation report with usage and costs
* aggregated by tags. For information about adding, changing, deleting and listing tags for CMKs, see Tagging Keys.
*
*
* Use this parameter to tag the CMK when it is created. To add tags to an existing CMK, use the
* TagResource operation.
*/
public java.util.List getTags() {
if (tags == null) {
tags = new com.amazonaws.internal.SdkInternalList();
}
return tags;
}
/**
*
* One or more tags. Each tag consists of a tag key and a tag value. Both the tag key and the tag value are
* required, but the tag value can be an empty (null) string.
*
*
* When you add tags to an AWS resource, AWS generates a cost allocation report with usage and costs aggregated by
* tags. For information about adding, changing, deleting and listing tags for CMKs, see Tagging Keys.
*
*
* Use this parameter to tag the CMK when it is created. To add tags to an existing CMK, use the TagResource
* operation.
*
*
* @param tags
* One or more tags. Each tag consists of a tag key and a tag value. Both the tag key and the tag value are
* required, but the tag value can be an empty (null) string.
*
* When you add tags to an AWS resource, AWS generates a cost allocation report with usage and costs
* aggregated by tags. For information about adding, changing, deleting and listing tags for CMKs, see Tagging Keys.
*
*
* Use this parameter to tag the CMK when it is created. To add tags to an existing CMK, use the
* TagResource operation.
*/
public void setTags(java.util.Collection tags) {
if (tags == null) {
this.tags = null;
return;
}
this.tags = new com.amazonaws.internal.SdkInternalList(tags);
}
/**
*
* One or more tags. Each tag consists of a tag key and a tag value. Both the tag key and the tag value are
* required, but the tag value can be an empty (null) string.
*
*
* When you add tags to an AWS resource, AWS generates a cost allocation report with usage and costs aggregated by
* tags. For information about adding, changing, deleting and listing tags for CMKs, see Tagging Keys.
*
*
* Use this parameter to tag the CMK when it is created. To add tags to an existing CMK, use the TagResource
* operation.
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setTags(java.util.Collection)} or {@link #withTags(java.util.Collection)} if you want to override the
* existing values.
*
*
* @param tags
* One or more tags. Each tag consists of a tag key and a tag value. Both the tag key and the tag value are
* required, but the tag value can be an empty (null) string.
*
* When you add tags to an AWS resource, AWS generates a cost allocation report with usage and costs
* aggregated by tags. For information about adding, changing, deleting and listing tags for CMKs, see Tagging Keys.
*
*
* Use this parameter to tag the CMK when it is created. To add tags to an existing CMK, use the
* TagResource operation.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public CreateKeyRequest withTags(Tag... tags) {
if (this.tags == null) {
setTags(new com.amazonaws.internal.SdkInternalList(tags.length));
}
for (Tag ele : tags) {
this.tags.add(ele);
}
return this;
}
/**
*
* One or more tags. Each tag consists of a tag key and a tag value. Both the tag key and the tag value are
* required, but the tag value can be an empty (null) string.
*
*
* When you add tags to an AWS resource, AWS generates a cost allocation report with usage and costs aggregated by
* tags. For information about adding, changing, deleting and listing tags for CMKs, see Tagging Keys.
*
*
* Use this parameter to tag the CMK when it is created. To add tags to an existing CMK, use the TagResource
* operation.
*
*
* @param tags
* One or more tags. Each tag consists of a tag key and a tag value. Both the tag key and the tag value are
* required, but the tag value can be an empty (null) string.
*
* When you add tags to an AWS resource, AWS generates a cost allocation report with usage and costs
* aggregated by tags. For information about adding, changing, deleting and listing tags for CMKs, see Tagging Keys.
*
*
* Use this parameter to tag the CMK when it is created. To add tags to an existing CMK, use the
* TagResource operation.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public CreateKeyRequest withTags(java.util.Collection tags) {
setTags(tags);
return this;
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*
* @return A string representation of this object.
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("{");
if (getPolicy() != null)
sb.append("Policy: ").append(getPolicy()).append(",");
if (getDescription() != null)
sb.append("Description: ").append(getDescription()).append(",");
if (getKeyUsage() != null)
sb.append("KeyUsage: ").append(getKeyUsage()).append(",");
if (getCustomerMasterKeySpec() != null)
sb.append("CustomerMasterKeySpec: ").append(getCustomerMasterKeySpec()).append(",");
if (getOrigin() != null)
sb.append("Origin: ").append(getOrigin()).append(",");
if (getCustomKeyStoreId() != null)
sb.append("CustomKeyStoreId: ").append(getCustomKeyStoreId()).append(",");
if (getBypassPolicyLockoutSafetyCheck() != null)
sb.append("BypassPolicyLockoutSafetyCheck: ").append(getBypassPolicyLockoutSafetyCheck()).append(",");
if (getTags() != null)
sb.append("Tags: ").append(getTags());
sb.append("}");
return sb.toString();
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (obj instanceof CreateKeyRequest == false)
return false;
CreateKeyRequest other = (CreateKeyRequest) obj;
if (other.getPolicy() == null ^ this.getPolicy() == null)
return false;
if (other.getPolicy() != null && other.getPolicy().equals(this.getPolicy()) == false)
return false;
if (other.getDescription() == null ^ this.getDescription() == null)
return false;
if (other.getDescription() != null && other.getDescription().equals(this.getDescription()) == false)
return false;
if (other.getKeyUsage() == null ^ this.getKeyUsage() == null)
return false;
if (other.getKeyUsage() != null && other.getKeyUsage().equals(this.getKeyUsage()) == false)
return false;
if (other.getCustomerMasterKeySpec() == null ^ this.getCustomerMasterKeySpec() == null)
return false;
if (other.getCustomerMasterKeySpec() != null && other.getCustomerMasterKeySpec().equals(this.getCustomerMasterKeySpec()) == false)
return false;
if (other.getOrigin() == null ^ this.getOrigin() == null)
return false;
if (other.getOrigin() != null && other.getOrigin().equals(this.getOrigin()) == false)
return false;
if (other.getCustomKeyStoreId() == null ^ this.getCustomKeyStoreId() == null)
return false;
if (other.getCustomKeyStoreId() != null && other.getCustomKeyStoreId().equals(this.getCustomKeyStoreId()) == false)
return false;
if (other.getBypassPolicyLockoutSafetyCheck() == null ^ this.getBypassPolicyLockoutSafetyCheck() == null)
return false;
if (other.getBypassPolicyLockoutSafetyCheck() != null
&& other.getBypassPolicyLockoutSafetyCheck().equals(this.getBypassPolicyLockoutSafetyCheck()) == false)
return false;
if (other.getTags() == null ^ this.getTags() == null)
return false;
if (other.getTags() != null && other.getTags().equals(this.getTags()) == false)
return false;
return true;
}
@Override
public int hashCode() {
final int prime = 31;
int hashCode = 1;
hashCode = prime * hashCode + ((getPolicy() == null) ? 0 : getPolicy().hashCode());
hashCode = prime * hashCode + ((getDescription() == null) ? 0 : getDescription().hashCode());
hashCode = prime * hashCode + ((getKeyUsage() == null) ? 0 : getKeyUsage().hashCode());
hashCode = prime * hashCode + ((getCustomerMasterKeySpec() == null) ? 0 : getCustomerMasterKeySpec().hashCode());
hashCode = prime * hashCode + ((getOrigin() == null) ? 0 : getOrigin().hashCode());
hashCode = prime * hashCode + ((getCustomKeyStoreId() == null) ? 0 : getCustomKeyStoreId().hashCode());
hashCode = prime * hashCode + ((getBypassPolicyLockoutSafetyCheck() == null) ? 0 : getBypassPolicyLockoutSafetyCheck().hashCode());
hashCode = prime * hashCode + ((getTags() == null) ? 0 : getTags().hashCode());
return hashCode;
}
@Override
public CreateKeyRequest clone() {
return (CreateKeyRequest) super.clone();
}
}