com.amazonaws.services.kms.model.CreateCustomKeyStoreRequest Maven / Gradle / Ivy
Show all versions of aws-java-sdk-kms Show documentation
/*
* Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.kms.model;
import java.io.Serializable;
import javax.annotation.Generated;
import com.amazonaws.AmazonWebServiceRequest;
/**
*
* @see AWS API
* Documentation
*/
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class CreateCustomKeyStoreRequest extends com.amazonaws.AmazonWebServiceRequest implements Serializable, Cloneable {
/**
*
* Specifies a friendly name for the custom key store. The name must be unique in your Amazon Web Services account
* and Region. This parameter is required for all custom key stores.
*
*
*
* Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in
* CloudTrail logs and other output.
*
*
*/
private String customKeyStoreName;
/**
*
* Identifies the CloudHSM cluster for an CloudHSM key store. This parameter is required for custom key stores with
* CustomKeyStoreType of AWS_CLOUDHSM.
*
*
* Enter the cluster ID of any active CloudHSM cluster that is not already associated with a custom key store. To
* find the cluster ID, use the DescribeClusters
* operation.
*
*/
private String cloudHsmClusterId;
/**
*
* Specifies the certificate for an CloudHSM key store. This parameter is required for custom key stores with a
* CustomKeyStoreType of AWS_CLOUDHSM.
*
*
* Enter the content of the trust anchor certificate for the CloudHSM cluster. This is the content of the
* customerCA.crt file that you created when you initialized the cluster.
*
*/
private String trustAnchorCertificate;
/**
*
* Specifies the kmsuser password for an CloudHSM key store. This parameter is required for custom key
* stores with a CustomKeyStoreType of AWS_CLOUDHSM.
*
*
* Enter the password of the
* kmsuser crypto user (CU) account in the specified CloudHSM cluster. KMS logs into the cluster as
* this user to manage key material on your behalf.
*
*
* The password must be a string of 7 to 32 characters. Its value is case sensitive.
*
*
* This parameter tells KMS the kmsuser account password; it does not change the password in the
* CloudHSM cluster.
*
*/
private String keyStorePassword;
/**
*
* Specifies the type of custom key store. The default value is AWS_CLOUDHSM.
*
*
* For a custom key store backed by an CloudHSM cluster, omit the parameter or enter AWS_CLOUDHSM. For
* a custom key store backed by an external key manager outside of Amazon Web Services, enter
* EXTERNAL_KEY_STORE. You cannot change this property after the key store is created.
*
*/
private String customKeyStoreType;
/**
*
* Specifies the endpoint that KMS uses to send requests to the external key store proxy (XKS proxy). This parameter
* is required for custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
*
*
* The protocol must be HTTPS. KMS communicates on port 443. Do not specify the port in the
* XksProxyUriEndpoint value.
*
*
* For external key stores with XksProxyConnectivity value of VPC_ENDPOINT_SERVICE,
* specify https:// followed by the private DNS name of the VPC endpoint service.
*
*
* For external key stores with PUBLIC_ENDPOINT connectivity, this endpoint must be reachable before
* you create the custom key store. KMS connects to the external key store proxy while creating the custom key
* store. For external key stores with VPC_ENDPOINT_SERVICE connectivity, KMS connects when you call
* the ConnectCustomKeyStore operation.
*
*
* The value of this parameter must begin with https://. The remainder can contain upper and lower case
* letters (A-Z and a-z), numbers (0-9), dots (.), and hyphens (-). Additional slashes (
* / and \) are not permitted.
*
*
* Uniqueness requirements:
*
*
* -
*
* The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique in the
* Amazon Web Services account and Region.
*
*
* -
*
* An external key store with PUBLIC_ENDPOINT connectivity cannot use the same
* XksProxyUriEndpoint value as an external key store with VPC_ENDPOINT_SERVICE
* connectivity in this Amazon Web Services Region.
*
*
* -
*
* Each external key store with VPC_ENDPOINT_SERVICE connectivity must have its own private DNS name.
* The XksProxyUriEndpoint value for external key stores with VPC_ENDPOINT_SERVICE
* connectivity (private DNS name) must be unique in the Amazon Web Services account and Region.
*
*
*
*/
private String xksProxyUriEndpoint;
/**
*
* Specifies the base path to the proxy APIs for this external key store. To find this value, see the documentation
* for your external key store proxy. This parameter is required for all custom key stores with a
* CustomKeyStoreType of EXTERNAL_KEY_STORE.
*
*
* The value must start with / and must end with /kms/xks/v1 where v1
* represents the version of the KMS external key store proxy API. This path can include an optional prefix between
* the required elements such as /prefix/kms/xks/v1.
*
*
* Uniqueness requirements:
*
*
* -
*
* The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique in the
* Amazon Web Services account and Region.
*
*
*
*/
private String xksProxyUriPath;
/**
*
* Specifies the name of the Amazon VPC endpoint service for interface endpoints that is used to communicate with
* your external key store proxy (XKS proxy). This parameter is required when the value of
* CustomKeyStoreType is EXTERNAL_KEY_STORE and the value of
* XksProxyConnectivity is VPC_ENDPOINT_SERVICE.
*
*
* The Amazon VPC endpoint service must fulfill
* all requirements for use with an external key store.
*
*
* Uniqueness requirements:
*
*
* -
*
* External key stores with VPC_ENDPOINT_SERVICE connectivity can share an Amazon VPC, but each
* external key store must have its own VPC endpoint service and private DNS name.
*
*
*
*/
private String xksProxyVpcEndpointServiceName;
/**
*
* Specifies an authentication credential for the external key store proxy (XKS proxy). This parameter is required
* for all custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
*
*
* The XksProxyAuthenticationCredential has two required elements: RawSecretAccessKey, a
* secret key, and AccessKeyId, a unique identifier for the RawSecretAccessKey. For
* character requirements, see
* XksProxyAuthenticationCredentialType.
*
*
* KMS uses this authentication credential to sign requests to the external key store proxy on your behalf. This
* credential is unrelated to Identity and Access Management (IAM) and Amazon Web Services credentials.
*
*
* This parameter doesn't set or change the authentication credentials on the XKS proxy. It just tells KMS the
* credential that you established on your external key store proxy. If you rotate your proxy authentication
* credential, use the UpdateCustomKeyStore operation to provide the new credential to KMS.
*
*/
private XksProxyAuthenticationCredentialType xksProxyAuthenticationCredential;
/**
*
* Indicates how KMS communicates with the external key store proxy. This parameter is required for custom key
* stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
*
*
* If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT. If the external key
* store proxy uses a Amazon VPC endpoint service for communication with KMS, specify
* VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service Developer Guide.
*
*
* An Amazon VPC endpoint service keeps your communication with KMS in a private address space entirely within
* Amazon Web Services, but it requires more configuration, including establishing a Amazon VPC with multiple
* subnets, a VPC endpoint service, a network load balancer, and a verified private DNS name. A public endpoint is
* simpler to set up, but it might be slower and might not fulfill your security requirements. You might consider
* testing with a public endpoint, and then establishing a VPC endpoint service for production tasks. Note that this
* choice does not determine the location of the external key store proxy. Even if you choose a VPC endpoint
* service, the proxy can be hosted within the VPC or outside of Amazon Web Services such as in your corporate data
* center.
*
*/
private String xksProxyConnectivity;
/**
*
* Specifies a friendly name for the custom key store. The name must be unique in your Amazon Web Services account
* and Region. This parameter is required for all custom key stores.
*
*
*
* Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in
* CloudTrail logs and other output.
*
*
*
* @param customKeyStoreName
* Specifies a friendly name for the custom key store. The name must be unique in your Amazon Web Services
* account and Region. This parameter is required for all custom key stores.
*
* Do not include confidential or sensitive information in this field. This field may be displayed in
* plaintext in CloudTrail logs and other output.
*
*/
public void setCustomKeyStoreName(String customKeyStoreName) {
this.customKeyStoreName = customKeyStoreName;
}
/**
*
* Specifies a friendly name for the custom key store. The name must be unique in your Amazon Web Services account
* and Region. This parameter is required for all custom key stores.
*
*
*
* Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in
* CloudTrail logs and other output.
*
*
*
* @return Specifies a friendly name for the custom key store. The name must be unique in your Amazon Web Services
* account and Region. This parameter is required for all custom key stores.
*
* Do not include confidential or sensitive information in this field. This field may be displayed in
* plaintext in CloudTrail logs and other output.
*
*/
public String getCustomKeyStoreName() {
return this.customKeyStoreName;
}
/**
*
* Specifies a friendly name for the custom key store. The name must be unique in your Amazon Web Services account
* and Region. This parameter is required for all custom key stores.
*
*
*
* Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in
* CloudTrail logs and other output.
*
*
*
* @param customKeyStoreName
* Specifies a friendly name for the custom key store. The name must be unique in your Amazon Web Services
* account and Region. This parameter is required for all custom key stores.
*
* Do not include confidential or sensitive information in this field. This field may be displayed in
* plaintext in CloudTrail logs and other output.
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
public CreateCustomKeyStoreRequest withCustomKeyStoreName(String customKeyStoreName) {
setCustomKeyStoreName(customKeyStoreName);
return this;
}
/**
*
* Identifies the CloudHSM cluster for an CloudHSM key store. This parameter is required for custom key stores with
* CustomKeyStoreType of AWS_CLOUDHSM.
*
*
* Enter the cluster ID of any active CloudHSM cluster that is not already associated with a custom key store. To
* find the cluster ID, use the DescribeClusters
* operation.
*
*
* @param cloudHsmClusterId
* Identifies the CloudHSM cluster for an CloudHSM key store. This parameter is required for custom key
* stores with CustomKeyStoreType of AWS_CLOUDHSM.
*
* Enter the cluster ID of any active CloudHSM cluster that is not already associated with a custom key
* store. To find the cluster ID, use the DescribeClusters operation.
*/
public void setCloudHsmClusterId(String cloudHsmClusterId) {
this.cloudHsmClusterId = cloudHsmClusterId;
}
/**
*
* Identifies the CloudHSM cluster for an CloudHSM key store. This parameter is required for custom key stores with
* CustomKeyStoreType of AWS_CLOUDHSM.
*
*
* Enter the cluster ID of any active CloudHSM cluster that is not already associated with a custom key store. To
* find the cluster ID, use the DescribeClusters
* operation.
*
*
* @return Identifies the CloudHSM cluster for an CloudHSM key store. This parameter is required for custom key
* stores with CustomKeyStoreType of AWS_CLOUDHSM.
*
* Enter the cluster ID of any active CloudHSM cluster that is not already associated with a custom key
* store. To find the cluster ID, use the DescribeClusters operation.
*/
public String getCloudHsmClusterId() {
return this.cloudHsmClusterId;
}
/**
*
* Identifies the CloudHSM cluster for an CloudHSM key store. This parameter is required for custom key stores with
* CustomKeyStoreType of AWS_CLOUDHSM.
*
*
* Enter the cluster ID of any active CloudHSM cluster that is not already associated with a custom key store. To
* find the cluster ID, use the DescribeClusters
* operation.
*
*
* @param cloudHsmClusterId
* Identifies the CloudHSM cluster for an CloudHSM key store. This parameter is required for custom key
* stores with CustomKeyStoreType of AWS_CLOUDHSM.
*
* Enter the cluster ID of any active CloudHSM cluster that is not already associated with a custom key
* store. To find the cluster ID, use the DescribeClusters operation.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public CreateCustomKeyStoreRequest withCloudHsmClusterId(String cloudHsmClusterId) {
setCloudHsmClusterId(cloudHsmClusterId);
return this;
}
/**
*
* Specifies the certificate for an CloudHSM key store. This parameter is required for custom key stores with a
* CustomKeyStoreType of AWS_CLOUDHSM.
*
*
* Enter the content of the trust anchor certificate for the CloudHSM cluster. This is the content of the
* customerCA.crt file that you created when you initialized the cluster.
*
*
* @param trustAnchorCertificate
* Specifies the certificate for an CloudHSM key store. This parameter is required for custom key stores with
* a CustomKeyStoreType of AWS_CLOUDHSM.
*
* Enter the content of the trust anchor certificate for the CloudHSM cluster. This is the content of the
* customerCA.crt file that you created when you initialized the
* cluster.
*/
public void setTrustAnchorCertificate(String trustAnchorCertificate) {
this.trustAnchorCertificate = trustAnchorCertificate;
}
/**
*
* Specifies the certificate for an CloudHSM key store. This parameter is required for custom key stores with a
* CustomKeyStoreType of AWS_CLOUDHSM.
*
*
* Enter the content of the trust anchor certificate for the CloudHSM cluster. This is the content of the
* customerCA.crt file that you created when you initialized the cluster.
*
*
* @return Specifies the certificate for an CloudHSM key store. This parameter is required for custom key stores
* with a CustomKeyStoreType of AWS_CLOUDHSM.
*
* Enter the content of the trust anchor certificate for the CloudHSM cluster. This is the content of the
* customerCA.crt file that you created when you initialized the
* cluster.
*/
public String getTrustAnchorCertificate() {
return this.trustAnchorCertificate;
}
/**
*
* Specifies the certificate for an CloudHSM key store. This parameter is required for custom key stores with a
* CustomKeyStoreType of AWS_CLOUDHSM.
*
*
* Enter the content of the trust anchor certificate for the CloudHSM cluster. This is the content of the
* customerCA.crt file that you created when you initialized the cluster.
*
*
* @param trustAnchorCertificate
* Specifies the certificate for an CloudHSM key store. This parameter is required for custom key stores with
* a CustomKeyStoreType of AWS_CLOUDHSM.
*
* Enter the content of the trust anchor certificate for the CloudHSM cluster. This is the content of the
* customerCA.crt file that you created when you initialized the
* cluster.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public CreateCustomKeyStoreRequest withTrustAnchorCertificate(String trustAnchorCertificate) {
setTrustAnchorCertificate(trustAnchorCertificate);
return this;
}
/**
*
* Specifies the kmsuser password for an CloudHSM key store. This parameter is required for custom key
* stores with a CustomKeyStoreType of AWS_CLOUDHSM.
*
*
* Enter the password of the
* kmsuser crypto user (CU) account in the specified CloudHSM cluster. KMS logs into the cluster as
* this user to manage key material on your behalf.
*
*
* The password must be a string of 7 to 32 characters. Its value is case sensitive.
*
*
* This parameter tells KMS the kmsuser account password; it does not change the password in the
* CloudHSM cluster.
*
*
* @param keyStorePassword
* Specifies the kmsuser password for an CloudHSM key store. This parameter is required for
* custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM.
*
* Enter the password of the
* kmsuser crypto user (CU) account in the specified CloudHSM cluster. KMS logs into the
* cluster as this user to manage key material on your behalf.
*
*
* The password must be a string of 7 to 32 characters. Its value is case sensitive.
*
*
* This parameter tells KMS the kmsuser account password; it does not change the password in the
* CloudHSM cluster.
*/
public void setKeyStorePassword(String keyStorePassword) {
this.keyStorePassword = keyStorePassword;
}
/**
*
* Specifies the kmsuser password for an CloudHSM key store. This parameter is required for custom key
* stores with a CustomKeyStoreType of AWS_CLOUDHSM.
*
*
* Enter the password of the
* kmsuser crypto user (CU) account in the specified CloudHSM cluster. KMS logs into the cluster as
* this user to manage key material on your behalf.
*
*
* The password must be a string of 7 to 32 characters. Its value is case sensitive.
*
*
* This parameter tells KMS the kmsuser account password; it does not change the password in the
* CloudHSM cluster.
*
*
* @return Specifies the kmsuser password for an CloudHSM key store. This parameter is required for
* custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM.
*
* Enter the password of the
* kmsuser crypto user (CU) account in the specified CloudHSM cluster. KMS logs into the
* cluster as this user to manage key material on your behalf.
*
*
* The password must be a string of 7 to 32 characters. Its value is case sensitive.
*
*
* This parameter tells KMS the kmsuser account password; it does not change the password in
* the CloudHSM cluster.
*/
public String getKeyStorePassword() {
return this.keyStorePassword;
}
/**
*
* Specifies the kmsuser password for an CloudHSM key store. This parameter is required for custom key
* stores with a CustomKeyStoreType of AWS_CLOUDHSM.
*
*
* Enter the password of the
* kmsuser crypto user (CU) account in the specified CloudHSM cluster. KMS logs into the cluster as
* this user to manage key material on your behalf.
*
*
* The password must be a string of 7 to 32 characters. Its value is case sensitive.
*
*
* This parameter tells KMS the kmsuser account password; it does not change the password in the
* CloudHSM cluster.
*
*
* @param keyStorePassword
* Specifies the kmsuser password for an CloudHSM key store. This parameter is required for
* custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM.
*
* Enter the password of the
* kmsuser crypto user (CU) account in the specified CloudHSM cluster. KMS logs into the
* cluster as this user to manage key material on your behalf.
*
*
* The password must be a string of 7 to 32 characters. Its value is case sensitive.
*
*
* This parameter tells KMS the kmsuser account password; it does not change the password in the
* CloudHSM cluster.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public CreateCustomKeyStoreRequest withKeyStorePassword(String keyStorePassword) {
setKeyStorePassword(keyStorePassword);
return this;
}
/**
*
* Specifies the type of custom key store. The default value is AWS_CLOUDHSM.
*
*
* For a custom key store backed by an CloudHSM cluster, omit the parameter or enter AWS_CLOUDHSM. For
* a custom key store backed by an external key manager outside of Amazon Web Services, enter
* EXTERNAL_KEY_STORE. You cannot change this property after the key store is created.
*
*
* @param customKeyStoreType
* Specifies the type of custom key store. The default value is AWS_CLOUDHSM.
*
* For a custom key store backed by an CloudHSM cluster, omit the parameter or enter
* AWS_CLOUDHSM. For a custom key store backed by an external key manager outside of Amazon Web
* Services, enter EXTERNAL_KEY_STORE. You cannot change this property after the key store is
* created.
* @see CustomKeyStoreType
*/
public void setCustomKeyStoreType(String customKeyStoreType) {
this.customKeyStoreType = customKeyStoreType;
}
/**
*
* Specifies the type of custom key store. The default value is AWS_CLOUDHSM.
*
*
* For a custom key store backed by an CloudHSM cluster, omit the parameter or enter AWS_CLOUDHSM. For
* a custom key store backed by an external key manager outside of Amazon Web Services, enter
* EXTERNAL_KEY_STORE. You cannot change this property after the key store is created.
*
*
* @return Specifies the type of custom key store. The default value is AWS_CLOUDHSM.
*
* For a custom key store backed by an CloudHSM cluster, omit the parameter or enter
* AWS_CLOUDHSM. For a custom key store backed by an external key manager outside of Amazon Web
* Services, enter EXTERNAL_KEY_STORE. You cannot change this property after the key store is
* created.
* @see CustomKeyStoreType
*/
public String getCustomKeyStoreType() {
return this.customKeyStoreType;
}
/**
*
* Specifies the type of custom key store. The default value is AWS_CLOUDHSM.
*
*
* For a custom key store backed by an CloudHSM cluster, omit the parameter or enter AWS_CLOUDHSM. For
* a custom key store backed by an external key manager outside of Amazon Web Services, enter
* EXTERNAL_KEY_STORE. You cannot change this property after the key store is created.
*
*
* @param customKeyStoreType
* Specifies the type of custom key store. The default value is AWS_CLOUDHSM.
*
* For a custom key store backed by an CloudHSM cluster, omit the parameter or enter
* AWS_CLOUDHSM. For a custom key store backed by an external key manager outside of Amazon Web
* Services, enter EXTERNAL_KEY_STORE. You cannot change this property after the key store is
* created.
* @return Returns a reference to this object so that method calls can be chained together.
* @see CustomKeyStoreType
*/
public CreateCustomKeyStoreRequest withCustomKeyStoreType(String customKeyStoreType) {
setCustomKeyStoreType(customKeyStoreType);
return this;
}
/**
*
* Specifies the type of custom key store. The default value is AWS_CLOUDHSM.
*
*
* For a custom key store backed by an CloudHSM cluster, omit the parameter or enter AWS_CLOUDHSM. For
* a custom key store backed by an external key manager outside of Amazon Web Services, enter
* EXTERNAL_KEY_STORE. You cannot change this property after the key store is created.
*
*
* @param customKeyStoreType
* Specifies the type of custom key store. The default value is AWS_CLOUDHSM.
*
* For a custom key store backed by an CloudHSM cluster, omit the parameter or enter
* AWS_CLOUDHSM. For a custom key store backed by an external key manager outside of Amazon Web
* Services, enter EXTERNAL_KEY_STORE. You cannot change this property after the key store is
* created.
* @return Returns a reference to this object so that method calls can be chained together.
* @see CustomKeyStoreType
*/
public CreateCustomKeyStoreRequest withCustomKeyStoreType(CustomKeyStoreType customKeyStoreType) {
this.customKeyStoreType = customKeyStoreType.toString();
return this;
}
/**
*
* Specifies the endpoint that KMS uses to send requests to the external key store proxy (XKS proxy). This parameter
* is required for custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
*
*
* The protocol must be HTTPS. KMS communicates on port 443. Do not specify the port in the
* XksProxyUriEndpoint value.
*
*
* For external key stores with XksProxyConnectivity value of VPC_ENDPOINT_SERVICE,
* specify https:// followed by the private DNS name of the VPC endpoint service.
*
*
* For external key stores with PUBLIC_ENDPOINT connectivity, this endpoint must be reachable before
* you create the custom key store. KMS connects to the external key store proxy while creating the custom key
* store. For external key stores with VPC_ENDPOINT_SERVICE connectivity, KMS connects when you call
* the ConnectCustomKeyStore operation.
*
*
* The value of this parameter must begin with https://. The remainder can contain upper and lower case
* letters (A-Z and a-z), numbers (0-9), dots (.), and hyphens (-). Additional slashes (
* / and \) are not permitted.
*
*
* Uniqueness requirements:
*
*
* -
*
* The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique in the
* Amazon Web Services account and Region.
*
*
* -
*
* An external key store with PUBLIC_ENDPOINT connectivity cannot use the same
* XksProxyUriEndpoint value as an external key store with VPC_ENDPOINT_SERVICE
* connectivity in this Amazon Web Services Region.
*
*
* -
*
* Each external key store with VPC_ENDPOINT_SERVICE connectivity must have its own private DNS name.
* The XksProxyUriEndpoint value for external key stores with VPC_ENDPOINT_SERVICE
* connectivity (private DNS name) must be unique in the Amazon Web Services account and Region.
*
*
*
*
* @param xksProxyUriEndpoint
* Specifies the endpoint that KMS uses to send requests to the external key store proxy (XKS proxy). This
* parameter is required for custom key stores with a CustomKeyStoreType of
* EXTERNAL_KEY_STORE.
*
* The protocol must be HTTPS. KMS communicates on port 443. Do not specify the port in the
* XksProxyUriEndpoint value.
*
*
* For external key stores with XksProxyConnectivity value of VPC_ENDPOINT_SERVICE,
* specify https:// followed by the private DNS name of the VPC endpoint service.
*
*
* For external key stores with PUBLIC_ENDPOINT connectivity, this endpoint must be reachable
* before you create the custom key store. KMS connects to the external key store proxy while creating the
* custom key store. For external key stores with VPC_ENDPOINT_SERVICE connectivity, KMS
* connects when you call the ConnectCustomKeyStore operation.
*
*
* The value of this parameter must begin with https://. The remainder can contain upper and
* lower case letters (A-Z and a-z), numbers (0-9), dots (.), and hyphens (-).
* Additional slashes (/ and \) are not permitted.
*
*
* Uniqueness requirements:
*
*
* -
*
* The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique in
* the Amazon Web Services account and Region.
*
*
* -
*
* An external key store with PUBLIC_ENDPOINT connectivity cannot use the same
* XksProxyUriEndpoint value as an external key store with VPC_ENDPOINT_SERVICE
* connectivity in this Amazon Web Services Region.
*
*
* -
*
* Each external key store with VPC_ENDPOINT_SERVICE connectivity must have its own private DNS
* name. The XksProxyUriEndpoint value for external key stores with
* VPC_ENDPOINT_SERVICE connectivity (private DNS name) must be unique in the Amazon Web
* Services account and Region.
*
*
*/
public void setXksProxyUriEndpoint(String xksProxyUriEndpoint) {
this.xksProxyUriEndpoint = xksProxyUriEndpoint;
}
/**
*
* Specifies the endpoint that KMS uses to send requests to the external key store proxy (XKS proxy). This parameter
* is required for custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
*
*
* The protocol must be HTTPS. KMS communicates on port 443. Do not specify the port in the
* XksProxyUriEndpoint value.
*
*
* For external key stores with XksProxyConnectivity value of VPC_ENDPOINT_SERVICE,
* specify https:// followed by the private DNS name of the VPC endpoint service.
*
*
* For external key stores with PUBLIC_ENDPOINT connectivity, this endpoint must be reachable before
* you create the custom key store. KMS connects to the external key store proxy while creating the custom key
* store. For external key stores with VPC_ENDPOINT_SERVICE connectivity, KMS connects when you call
* the ConnectCustomKeyStore operation.
*
*
* The value of this parameter must begin with https://. The remainder can contain upper and lower case
* letters (A-Z and a-z), numbers (0-9), dots (.), and hyphens (-). Additional slashes (
* / and \) are not permitted.
*
*
* Uniqueness requirements:
*
*
* -
*
* The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique in the
* Amazon Web Services account and Region.
*
*
* -
*
* An external key store with PUBLIC_ENDPOINT connectivity cannot use the same
* XksProxyUriEndpoint value as an external key store with VPC_ENDPOINT_SERVICE
* connectivity in this Amazon Web Services Region.
*
*
* -
*
* Each external key store with VPC_ENDPOINT_SERVICE connectivity must have its own private DNS name.
* The XksProxyUriEndpoint value for external key stores with VPC_ENDPOINT_SERVICE
* connectivity (private DNS name) must be unique in the Amazon Web Services account and Region.
*
*
*
*
* @return Specifies the endpoint that KMS uses to send requests to the external key store proxy (XKS proxy). This
* parameter is required for custom key stores with a CustomKeyStoreType of
* EXTERNAL_KEY_STORE.
*
* The protocol must be HTTPS. KMS communicates on port 443. Do not specify the port in the
* XksProxyUriEndpoint value.
*
*
* For external key stores with XksProxyConnectivity value of VPC_ENDPOINT_SERVICE
* , specify https:// followed by the private DNS name of the VPC endpoint service.
*
*
* For external key stores with PUBLIC_ENDPOINT connectivity, this endpoint must be reachable
* before you create the custom key store. KMS connects to the external key store proxy while creating the
* custom key store. For external key stores with VPC_ENDPOINT_SERVICE connectivity, KMS
* connects when you call the ConnectCustomKeyStore operation.
*
*
* The value of this parameter must begin with https://. The remainder can contain upper and
* lower case letters (A-Z and a-z), numbers (0-9), dots (.), and hyphens (-).
* Additional slashes (/ and \) are not permitted.
*
*
* Uniqueness requirements:
*
*
* -
*
* The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique in
* the Amazon Web Services account and Region.
*
*
* -
*
* An external key store with PUBLIC_ENDPOINT connectivity cannot use the same
* XksProxyUriEndpoint value as an external key store with VPC_ENDPOINT_SERVICE
* connectivity in this Amazon Web Services Region.
*
*
* -
*
* Each external key store with VPC_ENDPOINT_SERVICE connectivity must have its own private DNS
* name. The XksProxyUriEndpoint value for external key stores with
* VPC_ENDPOINT_SERVICE connectivity (private DNS name) must be unique in the Amazon Web
* Services account and Region.
*
*
*/
public String getXksProxyUriEndpoint() {
return this.xksProxyUriEndpoint;
}
/**
*
* Specifies the endpoint that KMS uses to send requests to the external key store proxy (XKS proxy). This parameter
* is required for custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
*
*
* The protocol must be HTTPS. KMS communicates on port 443. Do not specify the port in the
* XksProxyUriEndpoint value.
*
*
* For external key stores with XksProxyConnectivity value of VPC_ENDPOINT_SERVICE,
* specify https:// followed by the private DNS name of the VPC endpoint service.
*
*
* For external key stores with PUBLIC_ENDPOINT connectivity, this endpoint must be reachable before
* you create the custom key store. KMS connects to the external key store proxy while creating the custom key
* store. For external key stores with VPC_ENDPOINT_SERVICE connectivity, KMS connects when you call
* the ConnectCustomKeyStore operation.
*
*
* The value of this parameter must begin with https://. The remainder can contain upper and lower case
* letters (A-Z and a-z), numbers (0-9), dots (.), and hyphens (-). Additional slashes (
* / and \) are not permitted.
*
*
* Uniqueness requirements:
*
*
* -
*
* The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique in the
* Amazon Web Services account and Region.
*
*
* -
*
* An external key store with PUBLIC_ENDPOINT connectivity cannot use the same
* XksProxyUriEndpoint value as an external key store with VPC_ENDPOINT_SERVICE
* connectivity in this Amazon Web Services Region.
*
*
* -
*
* Each external key store with VPC_ENDPOINT_SERVICE connectivity must have its own private DNS name.
* The XksProxyUriEndpoint value for external key stores with VPC_ENDPOINT_SERVICE
* connectivity (private DNS name) must be unique in the Amazon Web Services account and Region.
*
*
*
*
* @param xksProxyUriEndpoint
* Specifies the endpoint that KMS uses to send requests to the external key store proxy (XKS proxy). This
* parameter is required for custom key stores with a CustomKeyStoreType of
* EXTERNAL_KEY_STORE.
*
* The protocol must be HTTPS. KMS communicates on port 443. Do not specify the port in the
* XksProxyUriEndpoint value.
*
*
* For external key stores with XksProxyConnectivity value of VPC_ENDPOINT_SERVICE,
* specify https:// followed by the private DNS name of the VPC endpoint service.
*
*
* For external key stores with PUBLIC_ENDPOINT connectivity, this endpoint must be reachable
* before you create the custom key store. KMS connects to the external key store proxy while creating the
* custom key store. For external key stores with VPC_ENDPOINT_SERVICE connectivity, KMS
* connects when you call the ConnectCustomKeyStore operation.
*
*
* The value of this parameter must begin with https://. The remainder can contain upper and
* lower case letters (A-Z and a-z), numbers (0-9), dots (.), and hyphens (-).
* Additional slashes (/ and \) are not permitted.
*
*
* Uniqueness requirements:
*
*
* -
*
* The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique in
* the Amazon Web Services account and Region.
*
*
* -
*
* An external key store with PUBLIC_ENDPOINT connectivity cannot use the same
* XksProxyUriEndpoint value as an external key store with VPC_ENDPOINT_SERVICE
* connectivity in this Amazon Web Services Region.
*
*
* -
*
* Each external key store with VPC_ENDPOINT_SERVICE connectivity must have its own private DNS
* name. The XksProxyUriEndpoint value for external key stores with
* VPC_ENDPOINT_SERVICE connectivity (private DNS name) must be unique in the Amazon Web
* Services account and Region.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
public CreateCustomKeyStoreRequest withXksProxyUriEndpoint(String xksProxyUriEndpoint) {
setXksProxyUriEndpoint(xksProxyUriEndpoint);
return this;
}
/**
*
* Specifies the base path to the proxy APIs for this external key store. To find this value, see the documentation
* for your external key store proxy. This parameter is required for all custom key stores with a
* CustomKeyStoreType of EXTERNAL_KEY_STORE.
*
*
* The value must start with / and must end with /kms/xks/v1 where v1
* represents the version of the KMS external key store proxy API. This path can include an optional prefix between
* the required elements such as /prefix/kms/xks/v1.
*
*
* Uniqueness requirements:
*
*
* -
*
* The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique in the
* Amazon Web Services account and Region.
*
*
*
*
* @param xksProxyUriPath
* Specifies the base path to the proxy APIs for this external key store. To find this value, see the
* documentation for your external key store proxy. This parameter is required for all custom key stores with
* a CustomKeyStoreType of EXTERNAL_KEY_STORE.
*
* The value must start with / and must end with /kms/xks/v1 where v1
* represents the version of the KMS external key store proxy API. This path can include an optional prefix
* between the required elements such as /prefix/kms/xks/v1.
*
*
* Uniqueness requirements:
*
*
* -
*
* The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique in
* the Amazon Web Services account and Region.
*
*
*/
public void setXksProxyUriPath(String xksProxyUriPath) {
this.xksProxyUriPath = xksProxyUriPath;
}
/**
*
* Specifies the base path to the proxy APIs for this external key store. To find this value, see the documentation
* for your external key store proxy. This parameter is required for all custom key stores with a
* CustomKeyStoreType of EXTERNAL_KEY_STORE.
*
*
* The value must start with / and must end with /kms/xks/v1 where v1
* represents the version of the KMS external key store proxy API. This path can include an optional prefix between
* the required elements such as /prefix/kms/xks/v1.
*
*
* Uniqueness requirements:
*
*
* -
*
* The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique in the
* Amazon Web Services account and Region.
*
*
*
*
* @return Specifies the base path to the proxy APIs for this external key store. To find this value, see the
* documentation for your external key store proxy. This parameter is required for all custom key stores
* with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
*
* The value must start with / and must end with /kms/xks/v1 where v1
* represents the version of the KMS external key store proxy API. This path can include an optional prefix
* between the required elements such as /prefix/kms/xks/v1.
*
*
* Uniqueness requirements:
*
*
* -
*
* The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique in
* the Amazon Web Services account and Region.
*
*
*/
public String getXksProxyUriPath() {
return this.xksProxyUriPath;
}
/**
*
* Specifies the base path to the proxy APIs for this external key store. To find this value, see the documentation
* for your external key store proxy. This parameter is required for all custom key stores with a
* CustomKeyStoreType of EXTERNAL_KEY_STORE.
*
*
* The value must start with / and must end with /kms/xks/v1 where v1
* represents the version of the KMS external key store proxy API. This path can include an optional prefix between
* the required elements such as /prefix/kms/xks/v1.
*
*
* Uniqueness requirements:
*
*
* -
*
* The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique in the
* Amazon Web Services account and Region.
*
*
*
*
* @param xksProxyUriPath
* Specifies the base path to the proxy APIs for this external key store. To find this value, see the
* documentation for your external key store proxy. This parameter is required for all custom key stores with
* a CustomKeyStoreType of EXTERNAL_KEY_STORE.
*
* The value must start with / and must end with /kms/xks/v1 where v1
* represents the version of the KMS external key store proxy API. This path can include an optional prefix
* between the required elements such as /prefix/kms/xks/v1.
*
*
* Uniqueness requirements:
*
*
* -
*
* The combined XksProxyUriEndpoint and XksProxyUriPath values must be unique in
* the Amazon Web Services account and Region.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
public CreateCustomKeyStoreRequest withXksProxyUriPath(String xksProxyUriPath) {
setXksProxyUriPath(xksProxyUriPath);
return this;
}
/**
*
* Specifies the name of the Amazon VPC endpoint service for interface endpoints that is used to communicate with
* your external key store proxy (XKS proxy). This parameter is required when the value of
* CustomKeyStoreType is EXTERNAL_KEY_STORE and the value of
* XksProxyConnectivity is VPC_ENDPOINT_SERVICE.
*
*
* The Amazon VPC endpoint service must fulfill
* all requirements for use with an external key store.
*
*
* Uniqueness requirements:
*
*
* -
*
* External key stores with VPC_ENDPOINT_SERVICE connectivity can share an Amazon VPC, but each
* external key store must have its own VPC endpoint service and private DNS name.
*
*
*
*
* @param xksProxyVpcEndpointServiceName
* Specifies the name of the Amazon VPC endpoint service for interface endpoints that is used to communicate
* with your external key store proxy (XKS proxy). This parameter is required when the value of
* CustomKeyStoreType is EXTERNAL_KEY_STORE and the value of
* XksProxyConnectivity is VPC_ENDPOINT_SERVICE.
*
* The Amazon VPC endpoint service must fulfill all requirements for use with an external key store.
*
*
* Uniqueness requirements:
*
*
* -
*
* External key stores with VPC_ENDPOINT_SERVICE connectivity can share an Amazon VPC, but each
* external key store must have its own VPC endpoint service and private DNS name.
*
*
*/
public void setXksProxyVpcEndpointServiceName(String xksProxyVpcEndpointServiceName) {
this.xksProxyVpcEndpointServiceName = xksProxyVpcEndpointServiceName;
}
/**
*
* Specifies the name of the Amazon VPC endpoint service for interface endpoints that is used to communicate with
* your external key store proxy (XKS proxy). This parameter is required when the value of
* CustomKeyStoreType is EXTERNAL_KEY_STORE and the value of
* XksProxyConnectivity is VPC_ENDPOINT_SERVICE.
*
*
* The Amazon VPC endpoint service must fulfill
* all requirements for use with an external key store.
*
*
* Uniqueness requirements:
*
*
* -
*
* External key stores with VPC_ENDPOINT_SERVICE connectivity can share an Amazon VPC, but each
* external key store must have its own VPC endpoint service and private DNS name.
*
*
*
*
* @return Specifies the name of the Amazon VPC endpoint service for interface endpoints that is used to communicate
* with your external key store proxy (XKS proxy). This parameter is required when the value of
* CustomKeyStoreType is EXTERNAL_KEY_STORE and the value of
* XksProxyConnectivity is VPC_ENDPOINT_SERVICE.
*
* The Amazon VPC endpoint service must fulfill all requirements for use with an external key store.
*
*
* Uniqueness requirements:
*
*
* -
*
* External key stores with VPC_ENDPOINT_SERVICE connectivity can share an Amazon VPC, but each
* external key store must have its own VPC endpoint service and private DNS name.
*
*
*/
public String getXksProxyVpcEndpointServiceName() {
return this.xksProxyVpcEndpointServiceName;
}
/**
*
* Specifies the name of the Amazon VPC endpoint service for interface endpoints that is used to communicate with
* your external key store proxy (XKS proxy). This parameter is required when the value of
* CustomKeyStoreType is EXTERNAL_KEY_STORE and the value of
* XksProxyConnectivity is VPC_ENDPOINT_SERVICE.
*
*
* The Amazon VPC endpoint service must fulfill
* all requirements for use with an external key store.
*
*
* Uniqueness requirements:
*
*
* -
*
* External key stores with VPC_ENDPOINT_SERVICE connectivity can share an Amazon VPC, but each
* external key store must have its own VPC endpoint service and private DNS name.
*
*
*
*
* @param xksProxyVpcEndpointServiceName
* Specifies the name of the Amazon VPC endpoint service for interface endpoints that is used to communicate
* with your external key store proxy (XKS proxy). This parameter is required when the value of
* CustomKeyStoreType is EXTERNAL_KEY_STORE and the value of
* XksProxyConnectivity is VPC_ENDPOINT_SERVICE.
*
* The Amazon VPC endpoint service must fulfill all requirements for use with an external key store.
*
*
* Uniqueness requirements:
*
*
* -
*
* External key stores with VPC_ENDPOINT_SERVICE connectivity can share an Amazon VPC, but each
* external key store must have its own VPC endpoint service and private DNS name.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
public CreateCustomKeyStoreRequest withXksProxyVpcEndpointServiceName(String xksProxyVpcEndpointServiceName) {
setXksProxyVpcEndpointServiceName(xksProxyVpcEndpointServiceName);
return this;
}
/**
*
* Specifies an authentication credential for the external key store proxy (XKS proxy). This parameter is required
* for all custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
*
*
* The XksProxyAuthenticationCredential has two required elements: RawSecretAccessKey, a
* secret key, and AccessKeyId, a unique identifier for the RawSecretAccessKey. For
* character requirements, see
* XksProxyAuthenticationCredentialType.
*
*
* KMS uses this authentication credential to sign requests to the external key store proxy on your behalf. This
* credential is unrelated to Identity and Access Management (IAM) and Amazon Web Services credentials.
*
*
* This parameter doesn't set or change the authentication credentials on the XKS proxy. It just tells KMS the
* credential that you established on your external key store proxy. If you rotate your proxy authentication
* credential, use the UpdateCustomKeyStore operation to provide the new credential to KMS.
*
*
* @param xksProxyAuthenticationCredential
* Specifies an authentication credential for the external key store proxy (XKS proxy). This parameter is
* required for all custom key stores with a CustomKeyStoreType of
* EXTERNAL_KEY_STORE.
*
* The XksProxyAuthenticationCredential has two required elements:
* RawSecretAccessKey, a secret key, and AccessKeyId, a unique identifier for the
* RawSecretAccessKey. For character requirements, see XksProxyAuthenticationCredentialType.
*
*
* KMS uses this authentication credential to sign requests to the external key store proxy on your behalf.
* This credential is unrelated to Identity and Access Management (IAM) and Amazon Web Services credentials.
*
*
* This parameter doesn't set or change the authentication credentials on the XKS proxy. It just tells KMS
* the credential that you established on your external key store proxy. If you rotate your proxy
* authentication credential, use the UpdateCustomKeyStore operation to provide the new credential to
* KMS.
*/
public void setXksProxyAuthenticationCredential(XksProxyAuthenticationCredentialType xksProxyAuthenticationCredential) {
this.xksProxyAuthenticationCredential = xksProxyAuthenticationCredential;
}
/**
*
* Specifies an authentication credential for the external key store proxy (XKS proxy). This parameter is required
* for all custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
*
*
* The XksProxyAuthenticationCredential has two required elements: RawSecretAccessKey, a
* secret key, and AccessKeyId, a unique identifier for the RawSecretAccessKey. For
* character requirements, see
* XksProxyAuthenticationCredentialType.
*
*
* KMS uses this authentication credential to sign requests to the external key store proxy on your behalf. This
* credential is unrelated to Identity and Access Management (IAM) and Amazon Web Services credentials.
*
*
* This parameter doesn't set or change the authentication credentials on the XKS proxy. It just tells KMS the
* credential that you established on your external key store proxy. If you rotate your proxy authentication
* credential, use the UpdateCustomKeyStore operation to provide the new credential to KMS.
*
*
* @return Specifies an authentication credential for the external key store proxy (XKS proxy). This parameter is
* required for all custom key stores with a CustomKeyStoreType of
* EXTERNAL_KEY_STORE.
*
* The XksProxyAuthenticationCredential has two required elements:
* RawSecretAccessKey, a secret key, and AccessKeyId, a unique identifier for the
* RawSecretAccessKey. For character requirements, see XksProxyAuthenticationCredentialType.
*
*
* KMS uses this authentication credential to sign requests to the external key store proxy on your behalf.
* This credential is unrelated to Identity and Access Management (IAM) and Amazon Web Services credentials.
*
*
* This parameter doesn't set or change the authentication credentials on the XKS proxy. It just tells KMS
* the credential that you established on your external key store proxy. If you rotate your proxy
* authentication credential, use the UpdateCustomKeyStore operation to provide the new credential to
* KMS.
*/
public XksProxyAuthenticationCredentialType getXksProxyAuthenticationCredential() {
return this.xksProxyAuthenticationCredential;
}
/**
*
* Specifies an authentication credential for the external key store proxy (XKS proxy). This parameter is required
* for all custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
*
*
* The XksProxyAuthenticationCredential has two required elements: RawSecretAccessKey, a
* secret key, and AccessKeyId, a unique identifier for the RawSecretAccessKey. For
* character requirements, see
* XksProxyAuthenticationCredentialType.
*
*
* KMS uses this authentication credential to sign requests to the external key store proxy on your behalf. This
* credential is unrelated to Identity and Access Management (IAM) and Amazon Web Services credentials.
*
*
* This parameter doesn't set or change the authentication credentials on the XKS proxy. It just tells KMS the
* credential that you established on your external key store proxy. If you rotate your proxy authentication
* credential, use the UpdateCustomKeyStore operation to provide the new credential to KMS.
*
*
* @param xksProxyAuthenticationCredential
* Specifies an authentication credential for the external key store proxy (XKS proxy). This parameter is
* required for all custom key stores with a CustomKeyStoreType of
* EXTERNAL_KEY_STORE.
*
* The XksProxyAuthenticationCredential has two required elements:
* RawSecretAccessKey, a secret key, and AccessKeyId, a unique identifier for the
* RawSecretAccessKey. For character requirements, see XksProxyAuthenticationCredentialType.
*
*
* KMS uses this authentication credential to sign requests to the external key store proxy on your behalf.
* This credential is unrelated to Identity and Access Management (IAM) and Amazon Web Services credentials.
*
*
* This parameter doesn't set or change the authentication credentials on the XKS proxy. It just tells KMS
* the credential that you established on your external key store proxy. If you rotate your proxy
* authentication credential, use the UpdateCustomKeyStore operation to provide the new credential to
* KMS.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public CreateCustomKeyStoreRequest withXksProxyAuthenticationCredential(XksProxyAuthenticationCredentialType xksProxyAuthenticationCredential) {
setXksProxyAuthenticationCredential(xksProxyAuthenticationCredential);
return this;
}
/**
*
* Indicates how KMS communicates with the external key store proxy. This parameter is required for custom key
* stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
*
*
* If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT. If the external key
* store proxy uses a Amazon VPC endpoint service for communication with KMS, specify
* VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service Developer Guide.
*
*
* An Amazon VPC endpoint service keeps your communication with KMS in a private address space entirely within
* Amazon Web Services, but it requires more configuration, including establishing a Amazon VPC with multiple
* subnets, a VPC endpoint service, a network load balancer, and a verified private DNS name. A public endpoint is
* simpler to set up, but it might be slower and might not fulfill your security requirements. You might consider
* testing with a public endpoint, and then establishing a VPC endpoint service for production tasks. Note that this
* choice does not determine the location of the external key store proxy. Even if you choose a VPC endpoint
* service, the proxy can be hosted within the VPC or outside of Amazon Web Services such as in your corporate data
* center.
*
*
* @param xksProxyConnectivity
* Indicates how KMS communicates with the external key store proxy. This parameter is required for custom
* key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
*
* If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT. If the
* external key store proxy uses a Amazon VPC endpoint service for communication with KMS, specify
* VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service Developer Guide.
*
*
* An Amazon VPC endpoint service keeps your communication with KMS in a private address space entirely
* within Amazon Web Services, but it requires more configuration, including establishing a Amazon VPC with
* multiple subnets, a VPC endpoint service, a network load balancer, and a verified private DNS name. A
* public endpoint is simpler to set up, but it might be slower and might not fulfill your security
* requirements. You might consider testing with a public endpoint, and then establishing a VPC endpoint
* service for production tasks. Note that this choice does not determine the location of the external key
* store proxy. Even if you choose a VPC endpoint service, the proxy can be hosted within the VPC or outside
* of Amazon Web Services such as in your corporate data center.
* @see XksProxyConnectivityType
*/
public void setXksProxyConnectivity(String xksProxyConnectivity) {
this.xksProxyConnectivity = xksProxyConnectivity;
}
/**
*
* Indicates how KMS communicates with the external key store proxy. This parameter is required for custom key
* stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
*
*
* If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT. If the external key
* store proxy uses a Amazon VPC endpoint service for communication with KMS, specify
* VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service Developer Guide.
*
*
* An Amazon VPC endpoint service keeps your communication with KMS in a private address space entirely within
* Amazon Web Services, but it requires more configuration, including establishing a Amazon VPC with multiple
* subnets, a VPC endpoint service, a network load balancer, and a verified private DNS name. A public endpoint is
* simpler to set up, but it might be slower and might not fulfill your security requirements. You might consider
* testing with a public endpoint, and then establishing a VPC endpoint service for production tasks. Note that this
* choice does not determine the location of the external key store proxy. Even if you choose a VPC endpoint
* service, the proxy can be hosted within the VPC or outside of Amazon Web Services such as in your corporate data
* center.
*
*
* @return Indicates how KMS communicates with the external key store proxy. This parameter is required for custom
* key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
*
* If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT. If the
* external key store proxy uses a Amazon VPC endpoint service for communication with KMS, specify
* VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service Developer Guide.
*
*
* An Amazon VPC endpoint service keeps your communication with KMS in a private address space entirely
* within Amazon Web Services, but it requires more configuration, including establishing a Amazon VPC with
* multiple subnets, a VPC endpoint service, a network load balancer, and a verified private DNS name. A
* public endpoint is simpler to set up, but it might be slower and might not fulfill your security
* requirements. You might consider testing with a public endpoint, and then establishing a VPC endpoint
* service for production tasks. Note that this choice does not determine the location of the external key
* store proxy. Even if you choose a VPC endpoint service, the proxy can be hosted within the VPC or outside
* of Amazon Web Services such as in your corporate data center.
* @see XksProxyConnectivityType
*/
public String getXksProxyConnectivity() {
return this.xksProxyConnectivity;
}
/**
*
* Indicates how KMS communicates with the external key store proxy. This parameter is required for custom key
* stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
*
*
* If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT. If the external key
* store proxy uses a Amazon VPC endpoint service for communication with KMS, specify
* VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service Developer Guide.
*
*
* An Amazon VPC endpoint service keeps your communication with KMS in a private address space entirely within
* Amazon Web Services, but it requires more configuration, including establishing a Amazon VPC with multiple
* subnets, a VPC endpoint service, a network load balancer, and a verified private DNS name. A public endpoint is
* simpler to set up, but it might be slower and might not fulfill your security requirements. You might consider
* testing with a public endpoint, and then establishing a VPC endpoint service for production tasks. Note that this
* choice does not determine the location of the external key store proxy. Even if you choose a VPC endpoint
* service, the proxy can be hosted within the VPC or outside of Amazon Web Services such as in your corporate data
* center.
*
*
* @param xksProxyConnectivity
* Indicates how KMS communicates with the external key store proxy. This parameter is required for custom
* key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
*
* If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT. If the
* external key store proxy uses a Amazon VPC endpoint service for communication with KMS, specify
* VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service Developer Guide.
*
*
* An Amazon VPC endpoint service keeps your communication with KMS in a private address space entirely
* within Amazon Web Services, but it requires more configuration, including establishing a Amazon VPC with
* multiple subnets, a VPC endpoint service, a network load balancer, and a verified private DNS name. A
* public endpoint is simpler to set up, but it might be slower and might not fulfill your security
* requirements. You might consider testing with a public endpoint, and then establishing a VPC endpoint
* service for production tasks. Note that this choice does not determine the location of the external key
* store proxy. Even if you choose a VPC endpoint service, the proxy can be hosted within the VPC or outside
* of Amazon Web Services such as in your corporate data center.
* @return Returns a reference to this object so that method calls can be chained together.
* @see XksProxyConnectivityType
*/
public CreateCustomKeyStoreRequest withXksProxyConnectivity(String xksProxyConnectivity) {
setXksProxyConnectivity(xksProxyConnectivity);
return this;
}
/**
*
* Indicates how KMS communicates with the external key store proxy. This parameter is required for custom key
* stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
*
*
* If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT. If the external key
* store proxy uses a Amazon VPC endpoint service for communication with KMS, specify
* VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service Developer Guide.
*
*
* An Amazon VPC endpoint service keeps your communication with KMS in a private address space entirely within
* Amazon Web Services, but it requires more configuration, including establishing a Amazon VPC with multiple
* subnets, a VPC endpoint service, a network load balancer, and a verified private DNS name. A public endpoint is
* simpler to set up, but it might be slower and might not fulfill your security requirements. You might consider
* testing with a public endpoint, and then establishing a VPC endpoint service for production tasks. Note that this
* choice does not determine the location of the external key store proxy. Even if you choose a VPC endpoint
* service, the proxy can be hosted within the VPC or outside of Amazon Web Services such as in your corporate data
* center.
*
*
* @param xksProxyConnectivity
* Indicates how KMS communicates with the external key store proxy. This parameter is required for custom
* key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE.
*
* If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT. If the
* external key store proxy uses a Amazon VPC endpoint service for communication with KMS, specify
* VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing a connectivity option in the Key Management Service Developer Guide.
*
*
* An Amazon VPC endpoint service keeps your communication with KMS in a private address space entirely
* within Amazon Web Services, but it requires more configuration, including establishing a Amazon VPC with
* multiple subnets, a VPC endpoint service, a network load balancer, and a verified private DNS name. A
* public endpoint is simpler to set up, but it might be slower and might not fulfill your security
* requirements. You might consider testing with a public endpoint, and then establishing a VPC endpoint
* service for production tasks. Note that this choice does not determine the location of the external key
* store proxy. Even if you choose a VPC endpoint service, the proxy can be hosted within the VPC or outside
* of Amazon Web Services such as in your corporate data center.
* @return Returns a reference to this object so that method calls can be chained together.
* @see XksProxyConnectivityType
*/
public CreateCustomKeyStoreRequest withXksProxyConnectivity(XksProxyConnectivityType xksProxyConnectivity) {
this.xksProxyConnectivity = xksProxyConnectivity.toString();
return this;
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*
* @return A string representation of this object.
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("{");
if (getCustomKeyStoreName() != null)
sb.append("CustomKeyStoreName: ").append(getCustomKeyStoreName()).append(",");
if (getCloudHsmClusterId() != null)
sb.append("CloudHsmClusterId: ").append(getCloudHsmClusterId()).append(",");
if (getTrustAnchorCertificate() != null)
sb.append("TrustAnchorCertificate: ").append(getTrustAnchorCertificate()).append(",");
if (getKeyStorePassword() != null)
sb.append("KeyStorePassword: ").append("***Sensitive Data Redacted***").append(",");
if (getCustomKeyStoreType() != null)
sb.append("CustomKeyStoreType: ").append(getCustomKeyStoreType()).append(",");
if (getXksProxyUriEndpoint() != null)
sb.append("XksProxyUriEndpoint: ").append(getXksProxyUriEndpoint()).append(",");
if (getXksProxyUriPath() != null)
sb.append("XksProxyUriPath: ").append(getXksProxyUriPath()).append(",");
if (getXksProxyVpcEndpointServiceName() != null)
sb.append("XksProxyVpcEndpointServiceName: ").append(getXksProxyVpcEndpointServiceName()).append(",");
if (getXksProxyAuthenticationCredential() != null)
sb.append("XksProxyAuthenticationCredential: ").append(getXksProxyAuthenticationCredential()).append(",");
if (getXksProxyConnectivity() != null)
sb.append("XksProxyConnectivity: ").append(getXksProxyConnectivity());
sb.append("}");
return sb.toString();
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (obj instanceof CreateCustomKeyStoreRequest == false)
return false;
CreateCustomKeyStoreRequest other = (CreateCustomKeyStoreRequest) obj;
if (other.getCustomKeyStoreName() == null ^ this.getCustomKeyStoreName() == null)
return false;
if (other.getCustomKeyStoreName() != null && other.getCustomKeyStoreName().equals(this.getCustomKeyStoreName()) == false)
return false;
if (other.getCloudHsmClusterId() == null ^ this.getCloudHsmClusterId() == null)
return false;
if (other.getCloudHsmClusterId() != null && other.getCloudHsmClusterId().equals(this.getCloudHsmClusterId()) == false)
return false;
if (other.getTrustAnchorCertificate() == null ^ this.getTrustAnchorCertificate() == null)
return false;
if (other.getTrustAnchorCertificate() != null && other.getTrustAnchorCertificate().equals(this.getTrustAnchorCertificate()) == false)
return false;
if (other.getKeyStorePassword() == null ^ this.getKeyStorePassword() == null)
return false;
if (other.getKeyStorePassword() != null && other.getKeyStorePassword().equals(this.getKeyStorePassword()) == false)
return false;
if (other.getCustomKeyStoreType() == null ^ this.getCustomKeyStoreType() == null)
return false;
if (other.getCustomKeyStoreType() != null && other.getCustomKeyStoreType().equals(this.getCustomKeyStoreType()) == false)
return false;
if (other.getXksProxyUriEndpoint() == null ^ this.getXksProxyUriEndpoint() == null)
return false;
if (other.getXksProxyUriEndpoint() != null && other.getXksProxyUriEndpoint().equals(this.getXksProxyUriEndpoint()) == false)
return false;
if (other.getXksProxyUriPath() == null ^ this.getXksProxyUriPath() == null)
return false;
if (other.getXksProxyUriPath() != null && other.getXksProxyUriPath().equals(this.getXksProxyUriPath()) == false)
return false;
if (other.getXksProxyVpcEndpointServiceName() == null ^ this.getXksProxyVpcEndpointServiceName() == null)
return false;
if (other.getXksProxyVpcEndpointServiceName() != null
&& other.getXksProxyVpcEndpointServiceName().equals(this.getXksProxyVpcEndpointServiceName()) == false)
return false;
if (other.getXksProxyAuthenticationCredential() == null ^ this.getXksProxyAuthenticationCredential() == null)
return false;
if (other.getXksProxyAuthenticationCredential() != null
&& other.getXksProxyAuthenticationCredential().equals(this.getXksProxyAuthenticationCredential()) == false)
return false;
if (other.getXksProxyConnectivity() == null ^ this.getXksProxyConnectivity() == null)
return false;
if (other.getXksProxyConnectivity() != null && other.getXksProxyConnectivity().equals(this.getXksProxyConnectivity()) == false)
return false;
return true;
}
@Override
public int hashCode() {
final int prime = 31;
int hashCode = 1;
hashCode = prime * hashCode + ((getCustomKeyStoreName() == null) ? 0 : getCustomKeyStoreName().hashCode());
hashCode = prime * hashCode + ((getCloudHsmClusterId() == null) ? 0 : getCloudHsmClusterId().hashCode());
hashCode = prime * hashCode + ((getTrustAnchorCertificate() == null) ? 0 : getTrustAnchorCertificate().hashCode());
hashCode = prime * hashCode + ((getKeyStorePassword() == null) ? 0 : getKeyStorePassword().hashCode());
hashCode = prime * hashCode + ((getCustomKeyStoreType() == null) ? 0 : getCustomKeyStoreType().hashCode());
hashCode = prime * hashCode + ((getXksProxyUriEndpoint() == null) ? 0 : getXksProxyUriEndpoint().hashCode());
hashCode = prime * hashCode + ((getXksProxyUriPath() == null) ? 0 : getXksProxyUriPath().hashCode());
hashCode = prime * hashCode + ((getXksProxyVpcEndpointServiceName() == null) ? 0 : getXksProxyVpcEndpointServiceName().hashCode());
hashCode = prime * hashCode + ((getXksProxyAuthenticationCredential() == null) ? 0 : getXksProxyAuthenticationCredential().hashCode());
hashCode = prime * hashCode + ((getXksProxyConnectivity() == null) ? 0 : getXksProxyConnectivity().hashCode());
return hashCode;
}
@Override
public CreateCustomKeyStoreRequest clone() {
return (CreateCustomKeyStoreRequest) super.clone();
}
}